Category: SSH

Posted on

Digitalocean upgraded their Droplets hosting Offering

Good news for those looking for VPS hosting solution. Digitalocean has upgraded their droplet offering by increasing the diskpace and RAM at the same price point.

Here are the new Droplets package from Digitalocean:

The most interesting plan is Flexible droplets where you can resize the droplets at any time choosing between with RAM or vCPU at the same price point.

Benefit for existing customer:

Existing customer can enjoy the new price point by clicking “Resize” option to get the new offering from Digitalocean

Benefit for new customers:

New customer will enjoy USD10 giveaway when signing up with Digitalocean. Remember that Digitalocean charges by hour, so you can test drive their VPS in a few days and can decide whether you want to continue or not with their service without any penalty

Posted on

How to Change OpenSSH port or listen to multiple SSH ports

OpenSSH usually listens on TCP port 22. However, there are some people who wish to change OpenSSH port to avoid brute-force bot attacks or to avoid from being blocked by restrictive firewall.

To change OpenSSH port, one only need to edit “/etc/ssh/sshd_config” file and change the port at “Port 22” to something else, like “Port 8080” or “Port 443”

#/etc/ssh/sshd_config
# What ports, IPs and protocols we listen for
Port 8080

Save, and restart ssh server.

sudo service ssh restart

Additionally you can also configure OpenSSH to listen to multiple port (usually to avoid restrictive firewall rules)

#/etc/ssh/sshd_config
# What ports, IPs and protocols we listen for
Port 22
Port 8080
Port 443

The example above shows a configuration which lets OpenSSH to listen to port 22, 443 (TLS/SSL) and port 8080 (HTTP-PROXY), these are the ports that usually unblocked by corporate firewall.

Don’t forget to restart ssh service as soon as you’ve save the file!!

Posted on

How to Hide OpenSSH Ubuntu version from Nmap and other scanners

In Ubuntu or Debian, a default OpenSSH server will display OpenSSH version alongside with Ubuntu/Debian distribution banner:

$ telnet repeater.my 172.16.91.20 22 
Trying 172.16.91.20...
Connected to 172.16.91.20.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2

You can hide the identifying part of Ubuntu-2ubuntu2 from the server banner by editing /etc/ssh/sshd_config file, and adding “DebianBanner no” either at the end of the file, or just under “Port 22” configuration in “/etc/ssh/sshd_config

#/etc/ssh/sshd_config 
# What ports, IPs and protocols we listen for

Port 22
DebianBanner no

Save and restart OpenSSH server by typing

sudo service ssh restart

Now the response will just be:

Trying 172.16.91.20...
Connected to 172.16.91.20.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.6.1p1

Happy trying!

Further Reading: Ubuntu Server Administrator Reference

Posted on

How to change timezone in Ubuntu / Debian from command-line

This guide assumes that you use Ubuntu or Debian-based GNU/Linux distro. There are two ways to change timezone from bash command line.

sudo dpkg-reconfigure tzdata

or,

sudo ln -sf /usr/share/zoneinfo/Asia/Kuala_Lumpur /etc/localtime

You can also specify other timezone in the second method, for example:

sudo ln -sf /usr/share/zoneinfo/GMT /etc/localtime

or for Eastern Standard Time (US)

sudo ln -sf /usr/share/zoneinfo/EST /etc/localtime

This command is handy when administrating multiple servers across different continents.

Posted on

FastSSH.com – free SSH tunnelling account !

FastSSH.com is a provider for FreeSSH account, which can be use for secure tunneling account or to avoid from Firewall.

User has to select SSH account from a set of locations (refer to picture below), which has its own features and limited. (ie: some server offer protocol forwarding in UDP and TCP, while some impose limit on 500 connections/day).

fastssh-selection

Creating an account is as easy as filling the “Account Creation Form”, which does not require email. Account created through FastSSH is valid for SEVEN(7) days.

fastssh-selection-4

However, I personally do not use FastSSH as I’ve my own box, and relying on a 3rd party SSH provider for my tunneling needs would pose security concerns over sensitive data. You’ve been warned.

*FastSSH does not offer UNIX shell, instead it only offers SSH tunneling service. See Simple SSH Tunelling Tips and SSH port forwarding in Microsoft Windows for more information on SSH tunelling