ssh

Native OpenSSH on Windows 10

Just found accidentally, OpenSSH server as well as client are available in Windows 10 Professional 1709 (Fall Creators Update).

You can enable it under Settings -> Apps & features -> Manage optional features -> Add a feature -> OpenSSH Client (Beta) and OpenSSH Server (Beta).

win10-openssh-install

Remember to turn off Windows firewall for ssh (port 22) to access your machine remotely using ssh and/or putty.

win10-openssh

Advertisements

noob iptables cheat sheet

Notes:

  1. All rules are processed from top to down.  Once a rule is matched (with jump), the rest will be ignored.
  2. Never run iptables -F if the default rules are DROP or your system will be inaccessible.  If possible, set the default rule to ACCEPT and add iptables -A INPUT -j DROP at the end.

List all rules

iptables -L -n -v –line-numbers

Flush all chains (-F) and delete all user-defined chains chains (-X)

Note: Please ensure the default policy is ACCEPT or leave a ssh terminal before issuing

iptables -F

iptables -X

Set default policy (use with care)

iptables -P INPUT DROP

iptables -P FORWARD DROP

iptables -P OUTPUT DROP

Block incoming ip address

iptables -A INPUT -s aa.bb.cc.dd -j DROP

Block outgoing sites

iptables -A OUTPUT -p tcp -d  www.microsoft.co.uk -j DROP

Allow ping from specific ip’s only

iptables -A INPUT -s 1.2.3.0/24   -p icmpicmp-type echo-request -j ACCEPT

iptables -A INPUT -p icmpicmp-type echo-request -j DROP

Allow ssh from specific ip’s only

iptables -A INPUT -s 1.2.3.0/24   -p tcp —dport 22 -m state –state NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp —dport 22 -m state –state NEW,ESTABLISHED -j DROP

Block incoming web access

iptables -A input -p tcp —dport 80 -j DROP

Port forward

Forward incoming connection to another internal host (aa.bb.cc.dd:22)

iptables -t nat -A PREROUTING -I eth0 -p tcp —dport 1022 -j DNAT –to aa.bb.cc.dd:22

iptables -A FORWARD -p tcp -d aa.bb.cc.dd dport 22 -m state –state NEW,ESTABLISH -j ACCEPT

Delete a rule

iptables -L -n -v –line-numbers

iptables -D input {line-number}

 Download PDF

iptables-cheat-sheet

Installation of ssh server for debian-in-android (gnuroot)

Update (2014-11-20): After rebooting the phone, the the sshd (openssh-server) failed to start again (some error message like “chroot /var/run/sshd” failed). So the reliable way is still using dropbear.

Update (2014-11-06): I can install openssh-server successfully under gunroot.  No special tricks (don’t why it failed in my first trial) except changing the port to > 1024 (/etc/ssh/sshd_config) and chmod og-rwx /etc/ssh/*.  After the modification, issue /etc/init.d/ssh start

Unlike traditional debian machine, you cannot install/run openssh-server inside a debain-in-android (gnuroot).  However, dropbear can be used instead.

Steps:

– Install android app GNURoot.

– Install android app, GNURoot Wheezy.

– Inside Debian terminal, install dropbear (apt-get intall dropbear).

– Modify /etc/default/dropbear and change the DROPBEAR_PORT to anything > 1024.

– (Update on 2014-07-04) Start the dropbear: /etc/init.d/dropbear start