Thank you very much for your support, definitely, Docker security is a subject that interests me and I have been working on and learning containerization technology for a while now.
I know I’m late to it but I really appreciate these videos. They answer some questions I had for years and could never find a good explanation of how to perform the task or the information is aimed at configuring for a niche need.
hey Alexis another great video, your teaching skills are simply out of this world I've learned more in your tutorials then my college and uni combined, if I have a power I would gladly give you The George Cross award
About best practices: Never share private key with the team, because you will never be able to determine who was logged, every user should have personal account with username and private key. In every ssh hardening video or tutorial the only focus is on sshd_config file, but very rarely anyone talks about weak cryptographic ciphers, weak keys... For strongest hardening crypto policy should be changed (weak ciphers should be removed): /etc/crypto-policies/back-ends/openssh.config
Timestamps: 0:00 Introduction to the series 2:14 Video starts You can register for part 2 of this series here: event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&partnerref=website&eventid=2649692&sessionid=1&key=FDD7D40926383C11B3392509222D8368®Tag=1558905&sourcepage=register
There's something wrong in the explanation on public-private key authentication around the 20:10 mark. In actuality the SERVER generates and sends a hashed random string encrypted using the client's PUBLIC key. If then the client is able to decrypt such hashed data it necessarily proves possession of the corresponding private key, thus authenticating itself (because we assume that the private key has been kept private) AFTER the server receives the decrypted hash from the client and compares it with the original data it generated during the start of the process. At this point, if there is a match between the information the server sent to the client and the response received from it, the server is safe to assume that whatever party is requesting this connection is the one in possession of the private key that's mathematically related to the public key it holds as one of those listed in its authorized_keys file. That's, by the way, the reason why the public key has to be sent to the server PRIOR to a key-based authentication can take place (for it must have knowledge of the public key itself if it is to issue the challenge to the connecting party). The explanation given in the video was misleading, as far as I know.
@@skolarii No - anyone with the public key can check if the signature is correct. The traffic is encrypted with another key, which is changed each session and during longer sessions. That's a symmetric key exchanged via a key exchange mechanism (like diffie hellmann). That part is the same for password logins. The public/private key pair is just used for authentication.
It is a great course with great super deep explanations for understanding your great cyber mentor. I have a question, if I have 8Gb memory RAM in my pc how many machines can I create in my Virtualbox machine or I can only create one machine in it e.g like only kali Linux and maybe what if I want an ubuntu machine too.
Hello there, you presented us with a great explanatory video, but I believe you made a mistake. In SSH the public key is the one that encrypts not the private.
Great catch! Digital signatures are run backwards though - the sender's private key is used to sign (by encrypting a hash of the original message), and his public key is used both to verify that the sender is exactly as advertised and that the message has not been altered after it was sent.
@@DHIRAL2908 Thanks!! :D I found this when looking for an answer. www.tutorialspoint.com/difference-between-private-key-and-public-key As you said, both can encrypt and decrypt.
How can you recommend RSA based cryptography over ECC, specifically over ed25519? This is certainly not how I would recommend securing SSH for enterprise.
I really enjoyed the video. Thanks. How would I get Putty to work with the key now? Do I have to give the private key to the windows user? whre does the user store the key? Strange you said we have to share the private key. I though the private key should be kept in the server and only the public key should be shared.
You can. PuTTy likes their format, but you can use puttygen to import the pem and convert to ppk. Or you can just use puttygen to generate the key pair. Puttygen has less options when generating keys, but you can do rsa 4k and other options.
But if you are on outside somewhere else and you need to login quick in the server on a different pc then you can’t.. can you bring a USB with the private key on it and then have access?
I'm a little confused here, I don't think you uncommented PubKeyAuthentication and set it to "yes". Wouldnt this be required as well as a restart of the ssh service to be put into effect? Just feels like you missed a step unless you did it and I just didnt notice.
The lines that are commented out by default indicate the default value. So even though he did not uncomment PubKeyAuthentication it is still enabled (and has been from the beginning) because its default value is yes.
After running "ssh-copy-id" from my linux box I still had to enter my password and hoping it was something on my end i locked myself out... what did I do wrong? :/
Im not sure i completely understand you question. If you are referring to the pw used to encrypt you priv key, that has no bearing on the ssh server config. That just encrypts your priv key locally so its not plain text. You basically decrypt the priv and store a plain text version in memory on the client, so your ssh client is still using it decrypted, while its encrypted on disk.
Bro when I am installing a script it's asking GitHub user name and password bro and I am entering that it's showing no repository found can u help me this bro
it appended multiple identities from his host system into the ssh server's authorized keys file because he likely had more than one identity file on his host machine. To ensure ssh-copy-id only copies over the desired identity, I think you want to use the "-i identity_file" option.
Hi I love your videos. I am wondering how to prevent open ssh from reporting so much information. Example curl ip:22 SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2 curl: (56) Recv failure: Connection was reset Its exposing my operating system, and ssh versions. thank you
serverfault.com/questions/216801/prevent-ssh-from-advertising-its-version-number/767445 ... you can probably remove the distro OS information using some values in the /etc/ssh/sshd_config file, but the SSH version info is likely compiled into the sshd binary itself.
Damn, making big moves. Good stuff man.
Happy you're still teaching and doing good. Respect.
Thank you for the support mate, I hope you are keeping well.
How People Get Infected With Malicious Word Document[]:
ua-cam.com/video/E-Xc_bQyG2c/v-deo.html
Top tip, skip the first 8.5 minutes, the content starts to get started at 8:30
Linux Security series is going to be amazing! Thanks for your hard work. Hope there will be video about securing the docker daemon and containers
Thank you very much for your support, definitely, Docker security is a subject that interests me and I have been working on and learning containerization technology for a while now.
@@HackerSploit you Kenyan?
@@morningstar3437 Yes
I stumbled upon the video, simple and straight forward. It helped me connect dots on SSH security using cryptographic keys. Keep them coming
I know I’m late to it but I really appreciate these videos. They answer some questions I had for years and could never find a good explanation of how to perform the task or the information is aimed at configuring for a niche need.
Your videos are aswome... so useful for my career. Thanks for making these videos. LOVE FROM INDIA
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
Appreciation in words will not make justice for this work ! ❤️ Thank you HackerSploit and Linode!
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
hey Alexis another great video, your teaching skills are simply out of this world I've learned more in your tutorials then my college and uni combined, if I have a power I would gladly give you The George Cross award
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
thank you very much. I was finding this kind of sysadmin stuff and then I got your video. Keep making these kinds of awesome videos...:)
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
You are a genius!! Am just a beginner and all these is pretty much overwhelming to understand (The cyber world as a whole).
About best practices:
Never share private key with the team, because you will never be able to determine who was logged, every user should have personal account with username and private key.
In every ssh hardening video or tutorial the only focus is on sshd_config file, but very rarely anyone talks about weak cryptographic ciphers, weak keys... For strongest hardening crypto policy should be changed (weak ciphers should be removed): /etc/crypto-policies/back-ends/openssh.config
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
Finely We found a great teacher on youtube
Thank you for making these kinds of videos
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
So glad I found this channel
I am too
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
Hey man just want to say thank you so much for the content that you are providing :)
My pleasure!
Timestamps:
0:00 Introduction to the series
2:14 Video starts
You can register for part 2 of this series here: event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&partnerref=website&eventid=2649692&sessionid=1&key=FDD7D40926383C11B3392509222D8368®Tag=1558905&sourcepage=register
this guy is underrated
Amazing series altough i have a lot of overlap there are still many small tips n tricks in these videos i'll definetly use!
Happy teacher's day you're my teacher 💓
I'm the corn you replied in your discord 💓
Thanks for doing this. Excellent!
Glad you enjoyed it!
Great teacher.
Excellent series. Thank you
Very informative 👍
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
thank you for your help, i register on linode
i love leaning from your channel , good work keep it up
New subcriber here. Nice videos you do, you explain everything and that make us a very simple view, thank you.
Love you from India 😘😘
one of the best videos it was so helpful thanks mate
Fantastic!
Nice.👍
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
OP voice...You can replace martin Taylor or alan smith
Best Explanation && it helps a lot to improve linux knowledge
great stuff....first time here
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
i love you man.
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
This is great stuff. Keep up the work 👍👍👍
Very good channel. And nice voice. Greetings from germany
Hackersploit at it again!
your tutorial is simply awsome man. can I set up a free account for learning
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
Outstanding video.
Another note is put a password on the key so a random that has access to the system. use the key to get in to the server
@HackerSploit Thank you very much for your excellent videos. Why are there two SSH keys at 18:58? Was one left over from an earlier dry run?
Your video really awesome and Helpful
There's something wrong in the explanation on public-private key authentication around the 20:10 mark. In actuality the SERVER generates and sends a hashed random string encrypted using the client's PUBLIC key. If then the client is able to decrypt such hashed data it necessarily proves possession of the corresponding private key, thus authenticating itself (because we assume that the private key has been kept private) AFTER the server receives the decrypted hash from the client and compares it with the original data it generated during the start of the process. At this point, if there is a match between the information the server sent to the client and the response received from it, the server is safe to assume that whatever party is requesting this connection is the one in possession of the private key that's mathematically related to the public key it holds as one of those listed in its authorized_keys file. That's, by the way, the reason why the public key has to be sent to the server PRIOR to a key-based authentication can take place (for it must have knowledge of the public key itself if it is to issue the challenge to the connecting party). The explanation given in the video was misleading, as far as I know.
Thank you for pointing this out, I will be making the corrections as soon as possible.
Amazing Work!!!!!!!
At 21:08 you mention you "encrypt with private key and decrypt with public key".. Isn't it the other way around?
It's that way. The encryption is just called "signing", because encrypting stuff with the private key is what signing is
@@devnullification so anyone with the public key can decrypt the traffic?
@@skolarii No - anyone with the public key can check if the signature is correct. The traffic is encrypted with another key, which is changed each session and during longer sessions. That's a symmetric key exchanged via a key exchange mechanism (like diffie hellmann). That part is the same for password logins. The public/private key pair is just used for authentication.
@@devnullification i understand now.. thank you!
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
It is a great course with great super deep explanations for understanding your great cyber mentor. I have a question, if I have 8Gb memory RAM in my pc how many machines can I create in my Virtualbox machine or I can only create one machine in it e.g like only kali Linux and maybe what if I want an ubuntu machine too.
Muy buen video, gracias!!!
Great tutorial, thank you!
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
Hello there, you presented us with a great explanatory video, but I believe you made a mistake. In SSH the public key is the one that encrypts not the private.
Thank you for pointing this out, i will make the necessary correction.
Great catch! Digital signatures are run backwards though - the sender's private key is used to sign (by encrypting a hash of the original message), and his public key is used both to verify that the sender is exactly as advertised and that the message has not been altered after it was sent.
Sorry, am confused.
Isnt the public key used to encrypt and the private used to decrypt??
20:38
Public key can decrypt something encrypted by it's paired private key!
@@DHIRAL2908 Yeah, but that is actually not called encryption, but that's what digital signatures are.
@@DHIRAL2908 Thanks!! :D I found this when looking for an answer. www.tutorialspoint.com/difference-between-private-key-and-public-key
As you said, both can encrypt and decrypt.
Windows 10 has the openSSH client by default since last year
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
How can you recommend RSA based cryptography over ECC, specifically over ed25519? This is certainly not how I would recommend securing SSH for enterprise.
Thank you
Great way of explaining things!!!
Now how will you share the rsa key securely to the dev team?
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
I really enjoyed the video. Thanks. How would I get Putty to work with the key now? Do I have to give the private key to the windows user? whre does the user store the key? Strange you said we have to share the private key. I though the private key should be kept in the server and only the public key should be shared.
Now only I am seeing the man behind the voice
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
Is there a way to use ssh keys gen on linux and use them on windows(with putty)?
You can. PuTTy likes their format, but you can use puttygen to import the pem and convert to ppk. Or you can just use puttygen to generate the key pair. Puttygen has less options when generating keys, but you can do rsa 4k and other options.
But if you are on outside somewhere else and you need to login quick in the server on a different pc then you can’t.. can you bring a USB with the private key on it and then have access?
Of course you can. Just specify the private key with option -i or copy it to ~/.ssh/ (dont use the second option on a public pc of course XD)
Thank U bro
This is Good stuff
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
Thanks !!!!!!
Dumb question but wouldn't you add the new dev user to sudoers anyway? how else can you give them access and permissions
Hi
Please i want to ask a question
Is there any way that i could know about how many devices are present near me or selected area
Bro Please can you make just short video onVishing and Smishing
❤🇮🇳🇮🇳 from Indian
how to know other person information through hotspot connection
It's possible or not
man, u really hit hard : )
nice
Is this a ssh tutorial or an advertisement for linode?
Good
Hi, where can watch part 2 of this tutorial? cheers
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
I'm a little confused here, I don't think you uncommented PubKeyAuthentication and set it to "yes". Wouldnt this be required as well as a restart of the ssh service to be put into effect? Just feels like you missed a step unless you did it and I just didnt notice.
The lines that are commented out by default indicate the default value. So even though he did not uncomment PubKeyAuthentication it is still enabled (and has been from the beginning) because its default value is yes.
After running "ssh-copy-id" from my linux box I still had to enter my password and hoping it was something on my end i locked myself out... what did I do wrong? :/
What If we lost our private key then how can I recover, because we already denied root access?
You can (and should) use multiple keypairs. You want one for each dev team member and you likely want a securely stored away one for escrow.
How do I watch part 2 of this video, link is expired, please help
when you use ssh-copy-id does it store your keys in the server's dev account .ssh folder?
no its in your local machine
It copies the public key you specify and adds it to .ssh/authorized_keys for the user on the server you are copying to
hello sir, how to login by putty using public key
Hello I try to configure the openssh server, to connect from a Windows using Plink.exe but I can't.
Any recommendation?
It's on HTB's Buff machine
Disabling password authentication does permit public key logins + password configured when we generate public keys? Thanks
Im not sure i completely understand you question. If you are referring to the pw used to encrypt you priv key, that has no bearing on the ssh server config. That just encrypts your priv key locally so its not plain text. You basically decrypt the priv and store a plain text version in memory on the client, so your ssh client is still using it decrypted, while its encrypted on disk.
Bro when I am installing a script it's asking GitHub user name and password bro and I am entering that it's showing no repository found can u help me this bro
Bro please do hackerone or bugcrowd bugs hunting videos
though SUSE YAST SUPPORTS GUI for configurations, one should still know the config files maniputations in texts, I suppose!!! hahaha!!!
❤️😊
Does private key is specific to a computer means if i have the private key of a computer, can i login to that account from another computer?
yes u can , if u have the private key
should update your virtualbox vm to gorilla instead of fossa
Sim card scan tuturoial pls
so when you ran the ssh-copy......i only got 1 key why did you get two?
if you have time to answer.
it appended multiple identities from his host system into the ssh server's authorized keys file because he likely had more than one identity file on his host machine. To ensure ssh-copy-id only copies over the desired identity, I think you want to use the "-i identity_file" option.
Sir, are you also getting strikes like all other infosec youtuber getting ???? I'm a bit worried what if this channel terminated
hello sir , pls add english subtitles in ALL your videos .
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
Tap cc in the top right corner bruh...
This guy is as eloquent as f*** so...
Alexis 🥺🥺
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
Hi I love your videos. I am wondering how to prevent open ssh from reporting so much information.
Example
curl ip:22
SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
curl: (56) Recv failure: Connection was reset
Its exposing my operating system, and ssh versions.
thank you
serverfault.com/questions/216801/prevent-ssh-from-advertising-its-version-number/767445 ... you can probably remove the distro OS information using some values in the /etc/ssh/sshd_config file, but the SSH version info is likely compiled into the sshd binary itself.
Bro please can u reply
The URL is broken
BR
whonix?
ua-cam.com/video/CpPYbCkNm4g/v-deo.html
Sir please made vedio of android hacking please please
Bro I have one tought
Darnn, 9 whole minutes of promotion
Give me an alternative solution thnx