RelayDrive ist eine leistungsfähige macOS-Anwendung, die das Mounten und Verwalten von SSHFS-Freigaben deutlich vereinfacht. Mit einer intuitiven Benutzeroberfläche und flexiblen Einstellungen bietet RelayDrive eine ideale Lösung für Entwickler, Systemadministratoren und Power-User, die Netzlaufwerke sicher und performant in ihr Dateisystem integrieren möchten. RelayDrive läuft hauptsächlich in der Menüleiste.
Secretive is an app for storing and managing SSH keys in the Secure Enclave. It is inspired by the sekey project, but rewritten in Swift with no external dependencies and with a handy native management app.
As far as I know, sshuttle is the only program that solves the following common case:
Your client machine (or router) is Linux, FreeBSD, or MacOS.
You have access to a remote network via ssh.
You don't necessarily have admin access on the remote network.
The remote network has no VPN, or only stupid/complex VPN protocols (IPsec, PPTP, etc). Or maybe you are the admin and you just got frustrated with the awful state of VPN tools.
You don't want to create an ssh port forward for every single host/port on the remote network.
You hate openssh's port forwarding because it's randomly slow and/or stupid.
You can't use openssh's PermitTunnel feature because it's disabled by default on openssh servers; plus it does TCP-over-TCP, which has terrible performance.SeKey is a SSH Agent that allow users to authenticate to UNIX/Linux SSH servers using the Secure Enclave
sslh accepts connections on specified ports, and forwards them further based on tests performed on the first data packet sent by the remote client.
Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are implemented, and any other protocol that can be tested using a regular expression, can be recognised. A typical use case is to allow serving several services on port 443 (e.g. to connect to SSH from inside a corporate firewall, which almost never block port 443) while still serving HTTPS on that port.
Hence sslh acts as a protocol demultiplexer, or a switchboard. Its name comes from its original function to serve SSH and HTTPS on the same port.
This free SSH testing tool checks the configuration of given server accessible over internet. We don't ask you for any login or password, this service only returns information available during SSH handshake - notably supported encryption and MAC algorithms, and an overview of offered server public keys.
mRemoteNG is a fork of mRemote: an open source, tabbed, multi-protocol, remote connections manager. mRemoteNG adds bug fixes and new features to mRemote.
Generate the hash:
(make sure you have only one line/type, so either delete all others in key.pub or run ssh-keyscan -t rsa example.org > key.pub)
- ssh-keygen -l -f key.pub (default hash, depending on OpenSSH version)
- ssh-keygen -l -f key.pub -E md5 (md5 on current OpenSSH)
- awk '{print $2}' ssh_host_rsa_key.pub | base64 -d | sha256sum -b | awk '{print $1}' | xxd -r -p | base64 (sha256 on old OpenSSH)
(You might need to start the line with awk '{print $3}' for newer versions of ssh-keyscan because the format changed)
Good combo (2017-10-12):
Ciphers
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
LogLevel VERBOSE logs user's key fingerprint on login. Needed to have a clear audit track of which key was using to log in.
LogLevel VERBOSE
Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l info
Use kernel sandbox mechanisms where possible in unprivileged processes
Systrace on OpenBSD, Seccomp on Linux, seatbelt on MacOSX/Darwin, rlimit elsewhere.
UsePrivilegeSeparation sandbox
AllowUsers pi
SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
SOCKS servers are a form of proxy that are commonly used in firewalled LAN environments to allow access between networks, and often to the Internet. The problem is that most applications don't know how to gain access through SOCKS servers. This means that network based applications that don't understand SOCKS are very limited in networks they can reach. An example of this is simple 'telnet'. If you're on a network firewalled from the internet with a SOCKS server for outside access, telnet can't use this server and thus can't telnet out to the Internet.
This penetration testing tool allows an auditor to intercept SSH connections. A patch applied to the OpenSSH v7.5p1 source code causes it to act as a proxy between the victim and their intended SSH server; all plaintext passwords and sessions are logged to disk.
Of course, the victim's SSH client will complain that the server's key has changed. But because 99.99999% of the time this is caused by a legitimate action (OS re-install, configuration change, etc), many/most users will disregard the warning and continue on.
BLINK SHELL
THE PRO TERMINAL FOR iOS
mosh & ssh support
lightning fast emulator
fully configurable▌