Thank you very much for your support, definitely, Docker security is a subject that interests me and I have been working on and learning containerization technology for a while now.
I know I’m late to it but I really appreciate these videos. They answer some questions I had for years and could never find a good explanation of how to perform the task or the information is aimed at configuring for a niche need.
hey Alexis another great video, your teaching skills are simply out of this world I've learned more in your tutorials then my college and uni combined, if I have a power I would gladly give you The George Cross award
About best practices: Never share private key with the team, because you will never be able to determine who was logged, every user should have personal account with username and private key. In every ssh hardening video or tutorial the only focus is on sshd_config file, but very rarely anyone talks about weak cryptographic ciphers, weak keys... For strongest hardening crypto policy should be changed (weak ciphers should be removed): /etc/crypto-policies/back-ends/openssh.config
Timestamps: 0:00 Introduction to the series 2:14 Video starts You can register for part 2 of this series here: event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&partnerref=website&eventid=2649692&sessionid=1&key=FDD7D40926383C11B3392509222D8368®Tag=1558905&sourcepage=register
@@DHIRAL2908 Thanks!! :D I found this when looking for an answer. www.tutorialspoint.com/difference-between-private-key-and-public-key As you said, both can encrypt and decrypt.
There's something wrong in the explanation on public-private key authentication around the 20:10 mark. In actuality the SERVER generates and sends a hashed random string encrypted using the client's PUBLIC key. If then the client is able to decrypt such hashed data it necessarily proves possession of the corresponding private key, thus authenticating itself (because we assume that the private key has been kept private) AFTER the server receives the decrypted hash from the client and compares it with the original data it generated during the start of the process. At this point, if there is a match between the information the server sent to the client and the response received from it, the server is safe to assume that whatever party is requesting this connection is the one in possession of the private key that's mathematically related to the public key it holds as one of those listed in its authorized_keys file. That's, by the way, the reason why the public key has to be sent to the server PRIOR to a key-based authentication can take place (for it must have knowledge of the public key itself if it is to issue the challenge to the connecting party). The explanation given in the video was misleading, as far as I know.
@@skolarii No - anyone with the public key can check if the signature is correct. The traffic is encrypted with another key, which is changed each session and during longer sessions. That's a symmetric key exchanged via a key exchange mechanism (like diffie hellmann). That part is the same for password logins. The public/private key pair is just used for authentication.
You can. PuTTy likes their format, but you can use puttygen to import the pem and convert to ppk. Or you can just use puttygen to generate the key pair. Puttygen has less options when generating keys, but you can do rsa 4k and other options.
How can you recommend RSA based cryptography over ECC, specifically over ed25519? This is certainly not how I would recommend securing SSH for enterprise.
But if you are on outside somewhere else and you need to login quick in the server on a different pc then you can’t.. can you bring a USB with the private key on it and then have access?
I really enjoyed the video. Thanks. How would I get Putty to work with the key now? Do I have to give the private key to the windows user? whre does the user store the key? Strange you said we have to share the private key. I though the private key should be kept in the server and only the public key should be shared.
Im not sure i completely understand you question. If you are referring to the pw used to encrypt you priv key, that has no bearing on the ssh server config. That just encrypts your priv key locally so its not plain text. You basically decrypt the priv and store a plain text version in memory on the client, so your ssh client is still using it decrypted, while its encrypted on disk.
After running "ssh-copy-id" from my linux box I still had to enter my password and hoping it was something on my end i locked myself out... what did I do wrong? :/
I'm a little confused here, I don't think you uncommented PubKeyAuthentication and set it to "yes". Wouldnt this be required as well as a restart of the ssh service to be put into effect? Just feels like you missed a step unless you did it and I just didnt notice.
The lines that are commented out by default indicate the default value. So even though he did not uncomment PubKeyAuthentication it is still enabled (and has been from the beginning) because its default value is yes.
It is a great course with great super deep explanations for understanding your great cyber mentor. I have a question, if I have 8Gb memory RAM in my pc how many machines can I create in my Virtualbox machine or I can only create one machine in it e.g like only kali Linux and maybe what if I want an ubuntu machine too.
it appended multiple identities from his host system into the ssh server's authorized keys file because he likely had more than one identity file on his host machine. To ensure ssh-copy-id only copies over the desired identity, I think you want to use the "-i identity_file" option.
Bro when I am installing a script it's asking GitHub user name and password bro and I am entering that it's showing no repository found can u help me this bro
Hello there, you presented us with a great explanatory video, but I believe you made a mistake. In SSH the public key is the one that encrypts not the private.
Great catch! Digital signatures are run backwards though - the sender's private key is used to sign (by encrypting a hash of the original message), and his public key is used both to verify that the sender is exactly as advertised and that the message has not been altered after it was sent.
Hi I love your videos. I am wondering how to prevent open ssh from reporting so much information. Example curl ip:22 SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2 curl: (56) Recv failure: Connection was reset Its exposing my operating system, and ssh versions. thank you
serverfault.com/questions/216801/prevent-ssh-from-advertising-its-version-number/767445 ... you can probably remove the distro OS information using some values in the /etc/ssh/sshd_config file, but the SSH version info is likely compiled into the sshd binary itself.
Hello hackersploit, I would like to know why when I set up the port to the default I have a lot of people trying to brutforce me. I have setup fail2ban but when I setup the port to an other they stop brute forcing me. I would like to know if every ip are continually being scanned or something because if someone don't look to the log and have setup default port they may have trouble Thanks for replying, you are the best in my heart
Damn, making big moves. Good stuff man.
Happy you're still teaching and doing good. Respect.
Thank you for the support mate, I hope you are keeping well.
How People Get Infected With Malicious Word Document[]:
ruclips.net/video/E-Xc_bQyG2c/видео.html
Top tip, skip the first 8.5 minutes, the content starts to get started at 8:30
I stumbled upon the video, simple and straight forward. It helped me connect dots on SSH security using cryptographic keys. Keep them coming
Linux Security series is going to be amazing! Thanks for your hard work. Hope there will be video about securing the docker daemon and containers
Thank you very much for your support, definitely, Docker security is a subject that interests me and I have been working on and learning containerization technology for a while now.
@@HackerSploit you Kenyan?
@@morningstar3437 Yes
I know I’m late to it but I really appreciate these videos. They answer some questions I had for years and could never find a good explanation of how to perform the task or the information is aimed at configuring for a niche need.
Your videos are aswome... so useful for my career. Thanks for making these videos. LOVE FROM INDIA
ruclips.net/video/CpPYbCkNm4g/видео.html
thank you very much. I was finding this kind of sysadmin stuff and then I got your video. Keep making these kinds of awesome videos...:)
ruclips.net/video/CpPYbCkNm4g/видео.html
Appreciation in words will not make justice for this work ! ❤️ Thank you HackerSploit and Linode!
ruclips.net/video/CpPYbCkNm4g/видео.html
hey Alexis another great video, your teaching skills are simply out of this world I've learned more in your tutorials then my college and uni combined, if I have a power I would gladly give you The George Cross award
ruclips.net/video/CpPYbCkNm4g/видео.html
Hey man just want to say thank you so much for the content that you are providing :)
My pleasure!
Thank you for making these kinds of videos
ruclips.net/video/CpPYbCkNm4g/видео.html
You are a genius!! Am just a beginner and all these is pretty much overwhelming to understand (The cyber world as a whole).
Excellent series. Thank you
So glad I found this channel
I am too
ruclips.net/video/CpPYbCkNm4g/видео.html
About best practices:
Never share private key with the team, because you will never be able to determine who was logged, every user should have personal account with username and private key.
In every ssh hardening video or tutorial the only focus is on sshd_config file, but very rarely anyone talks about weak cryptographic ciphers, weak keys... For strongest hardening crypto policy should be changed (weak ciphers should be removed): /etc/crypto-policies/back-ends/openssh.config
ruclips.net/video/CpPYbCkNm4g/видео.html
i love leaning from your channel , good work keep it up
Finely We found a great teacher on youtube
one of the best videos it was so helpful thanks mate
Timestamps:
0:00 Introduction to the series
2:14 Video starts
You can register for part 2 of this series here: event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&partnerref=website&eventid=2649692&sessionid=1&key=FDD7D40926383C11B3392509222D8368®Tag=1558905&sourcepage=register
Thanks for doing this. Excellent!
Glad you enjoyed it!
Amazing series altough i have a lot of overlap there are still many small tips n tricks in these videos i'll definetly use!
Very informative 👍
ruclips.net/video/CpPYbCkNm4g/видео.html
Happy teacher's day you're my teacher 💓
I'm the corn you replied in your discord 💓
Sorry, am confused.
Isnt the public key used to encrypt and the private used to decrypt??
20:38
Public key can decrypt something encrypted by it's paired private key!
@@DHIRAL2908 Yeah, but that is actually not called encryption, but that's what digital signatures are.
@@DHIRAL2908 Thanks!! :D I found this when looking for an answer. www.tutorialspoint.com/difference-between-private-key-and-public-key
As you said, both can encrypt and decrypt.
This is great stuff. Keep up the work 👍👍👍
thank you for your help, i register on linode
There's something wrong in the explanation on public-private key authentication around the 20:10 mark. In actuality the SERVER generates and sends a hashed random string encrypted using the client's PUBLIC key. If then the client is able to decrypt such hashed data it necessarily proves possession of the corresponding private key, thus authenticating itself (because we assume that the private key has been kept private) AFTER the server receives the decrypted hash from the client and compares it with the original data it generated during the start of the process. At this point, if there is a match between the information the server sent to the client and the response received from it, the server is safe to assume that whatever party is requesting this connection is the one in possession of the private key that's mathematically related to the public key it holds as one of those listed in its authorized_keys file. That's, by the way, the reason why the public key has to be sent to the server PRIOR to a key-based authentication can take place (for it must have knowledge of the public key itself if it is to issue the challenge to the connecting party). The explanation given in the video was misleading, as far as I know.
Thank you for pointing this out, I will be making the corrections as soon as possible.
great stuff....first time here
ruclips.net/video/CpPYbCkNm4g/видео.html
Great teacher.
Outstanding video.
this guy is underrated
At 21:08 you mention you "encrypt with private key and decrypt with public key".. Isn't it the other way around?
It's that way. The encryption is just called "signing", because encrypting stuff with the private key is what signing is
@@devnullification so anyone with the public key can decrypt the traffic?
@@skolarii No - anyone with the public key can check if the signature is correct. The traffic is encrypted with another key, which is changed each session and during longer sessions. That's a symmetric key exchanged via a key exchange mechanism (like diffie hellmann). That part is the same for password logins. The public/private key pair is just used for authentication.
@@devnullification i understand now.. thank you!
ruclips.net/video/CpPYbCkNm4g/видео.html
Love you from India 😘😘
Your video really awesome and Helpful
Best Explanation && it helps a lot to improve linux knowledge
New subcriber here. Nice videos you do, you explain everything and that make us a very simple view, thank you.
Hackersploit at it again!
@HackerSploit Thank you very much for your excellent videos. Why are there two SSH keys at 18:58? Was one left over from an earlier dry run?
Is there a way to use ssh keys gen on linux and use them on windows(with putty)?
You can. PuTTy likes their format, but you can use puttygen to import the pem and convert to ppk. Or you can just use puttygen to generate the key pair. Puttygen has less options when generating keys, but you can do rsa 4k and other options.
How can you recommend RSA based cryptography over ECC, specifically over ed25519? This is certainly not how I would recommend securing SSH for enterprise.
Nice.👍
ruclips.net/video/CpPYbCkNm4g/видео.html
Very good channel. And nice voice. Greetings from germany
Fantastic!
But if you are on outside somewhere else and you need to login quick in the server on a different pc then you can’t.. can you bring a USB with the private key on it and then have access?
Of course you can. Just specify the private key with option -i or copy it to ~/.ssh/ (dont use the second option on a public pc of course XD)
Amazing Work!!!!!!!
1st half of the video is a linode ad 2nd half (9:37) is ssh basics
Hi
Please i want to ask a question
Is there any way that i could know about how many devices are present near me or selected area
Dumb question but wouldn't you add the new dev user to sudoers anyway? how else can you give them access and permissions
I really enjoyed the video. Thanks. How would I get Putty to work with the key now? Do I have to give the private key to the windows user? whre does the user store the key? Strange you said we have to share the private key. I though the private key should be kept in the server and only the public key should be shared.
i love you man.
ruclips.net/video/CpPYbCkNm4g/видео.html
How do I watch part 2 of this video, link is expired, please help
Muy buen video, gracias!!!
when you use ssh-copy-id does it store your keys in the server's dev account .ssh folder?
no its in your local machine
It copies the public key you specify and adds it to .ssh/authorized_keys for the user on the server you are copying to
Great tutorial, thank you!
ruclips.net/video/CpPYbCkNm4g/видео.html
Hi, where can watch part 2 of this tutorial? cheers
ruclips.net/video/CpPYbCkNm4g/видео.html
how to know other person information through hotspot connection
It's possible or not
Disabling password authentication does permit public key logins + password configured when we generate public keys? Thanks
Im not sure i completely understand you question. If you are referring to the pw used to encrypt you priv key, that has no bearing on the ssh server config. That just encrypts your priv key locally so its not plain text. You basically decrypt the priv and store a plain text version in memory on the client, so your ssh client is still using it decrypted, while its encrypted on disk.
What If we lost our private key then how can I recover, because we already denied root access?
You can (and should) use multiple keypairs. You want one for each dev team member and you likely want a securely stored away one for escrow.
After running "ssh-copy-id" from my linux box I still had to enter my password and hoping it was something on my end i locked myself out... what did I do wrong? :/
I'm a little confused here, I don't think you uncommented PubKeyAuthentication and set it to "yes". Wouldnt this be required as well as a restart of the ssh service to be put into effect? Just feels like you missed a step unless you did it and I just didnt notice.
The lines that are commented out by default indicate the default value. So even though he did not uncomment PubKeyAuthentication it is still enabled (and has been from the beginning) because its default value is yes.
Does private key is specific to a computer means if i have the private key of a computer, can i login to that account from another computer?
yes u can , if u have the private key
Hello I try to configure the openssh server, to connect from a Windows using Plink.exe but I can't.
Any recommendation?
It's on HTB's Buff machine
It is a great course with great super deep explanations for understanding your great cyber mentor. I have a question, if I have 8Gb memory RAM in my pc how many machines can I create in my Virtualbox machine or I can only create one machine in it e.g like only kali Linux and maybe what if I want an ubuntu machine too.
so when you ran the ssh-copy......i only got 1 key why did you get two?
if you have time to answer.
it appended multiple identities from his host system into the ssh server's authorized keys file because he likely had more than one identity file on his host machine. To ensure ssh-copy-id only copies over the desired identity, I think you want to use the "-i identity_file" option.
The URL is broken
OP voice...You can replace martin Taylor or alan smith
Bro when I am installing a script it's asking GitHub user name and password bro and I am entering that it's showing no repository found can u help me this bro
man, u really hit hard : )
Great way of explaining things!!!
Now how will you share the rsa key securely to the dev team?
ruclips.net/video/CpPYbCkNm4g/видео.html
your tutorial is simply awsome man. can I set up a free account for learning
ruclips.net/video/CpPYbCkNm4g/видео.html
Another note is put a password on the key so a random that has access to the system. use the key to get in to the server
Thank you
This is Good stuff
ruclips.net/video/CpPYbCkNm4g/видео.html
Is this a ssh tutorial or an advertisement for linode?
Hello there, you presented us with a great explanatory video, but I believe you made a mistake. In SSH the public key is the one that encrypts not the private.
Thank you for pointing this out, i will make the necessary correction.
Great catch! Digital signatures are run backwards though - the sender's private key is used to sign (by encrypting a hash of the original message), and his public key is used both to verify that the sender is exactly as advertised and that the message has not been altered after it was sent.
Sir, are you also getting strikes like all other infosec youtuber getting ???? I'm a bit worried what if this channel terminated
Thank U bro
Thanks !!!!!!
Bro Please can you make just short video onVishing and Smishing
Windows 10 has the openSSH client by default since last year
ruclips.net/video/CpPYbCkNm4g/видео.html
Sim card scan tuturoial pls
nice
Bro please do hackerone or bugcrowd bugs hunting videos
Hi I love your videos. I am wondering how to prevent open ssh from reporting so much information.
Example
curl ip:22
SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
curl: (56) Recv failure: Connection was reset
Its exposing my operating system, and ssh versions.
thank you
serverfault.com/questions/216801/prevent-ssh-from-advertising-its-version-number/767445 ... you can probably remove the distro OS information using some values in the /etc/ssh/sshd_config file, but the SSH version info is likely compiled into the sshd binary itself.
❤️😊
Good
❤🇮🇳🇮🇳 from Indian
Now only I am seeing the man behind the voice
ruclips.net/video/CpPYbCkNm4g/видео.html
Hello hackersploit, I would like to know why when I set up the port to the default I have a lot of people trying to brutforce me. I have setup fail2ban but when I setup the port to an other they stop brute forcing me. I would like to know if every ip are continually being scanned or something because if someone don't look to the log and have setup default port they may have trouble
Thanks for replying, you are the best in my heart
Give me an alternative solution thnx
Bro please can u reply
How to create browser Extension?
Bro I have one tought
Bro do u have an insta or facebook id?......i want to talk to u there
hackers don't use crap social media, bro
@@gosukiehl that is a retarded logic
@@rezzar3328 It's true, though
@@deus5215 did you watch some mr robot and come up with this bs? RUclips is considered social media so he already has one of them.
@@rezzar3328 If you dig deeply into youtube you will realize it's the dark web :)
whonix?
ruclips.net/video/CpPYbCkNm4g/видео.html
Alexis 🥺🥺
ruclips.net/video/CpPYbCkNm4g/видео.html
Not to be rude but most of the time i try to watch your tutorials i have to skip at least 8 minutes of intro. otherwise thanks for your tutorials :)
though SUSE YAST SUPPORTS GUI for configurations, one should still know the config files maniputations in texts, I suppose!!! hahaha!!!
hello sir , pls add english subtitles in ALL your videos .
ruclips.net/video/CpPYbCkNm4g/видео.html
Tap cc in the top right corner bruh...
This guy is as eloquent as f*** so...