OpenSSH Lifehacks

Erik Falor (15.Jul.2017 at 13:00, 2 hr 50 min)
Workshop at OpenWest Conference 2017 (English - US)

Rating: 3 of 5

What if I told you that there was one software package that will protect your communications from snooping governments, let you past annoying firewalls, securely transfer files over the internet, and let your clients test a webapp running on your laptop?

ssh(1) was one of the first Unix programs you learned, but you haven't seen all that it is capable of.

After this workshop you'll be able to say that you can:

* Build an .ssh/config file that protects your privacy AND saves typing
* Run programs remotely and securely
* Dig a tunnel through a firewall for fun & profit
* Set up a SOCKS proxy for private browsing
* Create a SSH public/private key pair for more secure and easier logins...
* ..and safely protect the all-valuable private key!

Discover all of the SSH awesomeness you've been missing all along! [142]

Who are you?

Claim talk

Talk claims have been moved to the new Joind.in site.

Please login to the new site to claim your talk

 
Comments closed.

Comments

Rating: 3 of 5

15.Jul.2017 at 17:14 by John Anderson (7 comments) via Web2 LIVE

Notes/feedback that I was capturing into a text file during the tutorial:

* Sending out the setup instructions in advance would be helpful

* …but the setup instructions on the viking1 server were actually pretty useful and well written!

* it would be better to use the screen during the instruction time to display a set of steps for folks to carry out, to get them to viking1

* Given that MacOs and Linux both come with SSH, it might be easier to skip the VMs and just tell the Windows folks to install the Linux subsystem (in advance)

* Would be nice to set up `/etc/hosts` with the IPs for `alpine0` and `alpine1` in advance (assuming the `192.168.56.*` network)

* Don't say "guys". Approximately 1/3 of the audience was women.

* Don't OS shame ("I won't hold running Windows against you.")

* Maybe go a *little* bit less minimal on the alpine install - `man` wasn't installed

* Having printed-out instructions, or slides, or something, would help people trying to follow along. You could also include the diagram stuff you did on the white board then.

* I would move the SOCKS proxy bit to the end, after the regular tunneling, or even later, into an "advanced topics" section or something. You almost didn't get to `ssh-agent` and that's a pretty important thing, IMO.

* It's probably also worthwhile to set up the firewalls on the VMs to actually block the traffic instead of asking people to imagine

* I think you probably assumed more networking knowledge than a lot of the attendees had. Thinking about ways to reduce the amount of assumed knowledge would probably be a good idea.

* Including a shell script in the VM image for the netcat "server" would be a good idea. Or find a very minimal HTTP server and include that along with a really basic webpage, or something.

* You did a really great job when asking if people knew something, explaining that it wasn't their fault if they didn't know it. Really liked hearing that.

* You've got some good stuff in your tutorial. I think the next time you do it -- and you _should_ look for additional places to do this! -- it'll go more smoothly.

Thanks!

Speaker comment:

15.Jul.2017 at 19:44 by Erik Falor (4 comments) via Web2 LIVE

@John Anderson: Thank you for your attendance and for taking the time to write up so many thoughtful suggestions. You are very encouraging and your advice will help me do better next time.

Speaker comment:

15.Jul.2017 at 20:25 by Erik Falor (4 comments) via Web2 LIVE

Resources from the workshop are available at http://unnovative.net. Most importantly are the links to the excellent OpenSSH WikiBook and stribika's guide to hardening OpenSSH.

I would be very grateful for any comments or suggestions you could share with me.
Thank you for attending.

© Joind.in 2018