secure – Knightwise.com

December 28, 2014

Connect your Chromebook to your home network over SSH.

This week i’m testing out my new Acer A730 to see just what it can do and how far we can take it. One of the frustrations I bumped in earlier this week was that there were limited options when it came to “Phoning home”. Setting up encrypted tunnels to your home network over the internet using VPN or Proxy connections is something we should consider when using public Wifi hotspots.

With the Chromebook relying completely on some wifi connection on a (perhaps foreign) network I was disappointed to find that the only protocols that were supported were L2TP and OpenVpn. Not a bad set to choose from but not something that I had setup on my home network.

Previously I used an SSH server and the SSHuttle app to tunnel my internet, dns and even network traffic over a Socks5 proxy to my home network. I wondered if this would be possible with the Chromebook. Turns out it is ! Let’s start cooking.

To get this little piece of magic working you need 3 things. A : One SSH server (A linux machine) on your home network that has at least one port open to the internet. B : The Secure Shell app from the Chrome store. C : The Switchy-Sharp extension.

Setting it up is quite easy. Lets say we opened up port 8800 of our SSH server to the internet. Setup Secure Shell to connect to the your home SSH server with the additional option to create a port forwarding tunnel on lets say port 8800 with the option -D 8800

Next we setup Switchy Sharp as to use the SSH connection (and port 8800) as a socks 5 proxy.

All you need to do next is Connect to your home SSH server and use the Switchy Sharp extention in your browser to use the connection. The Chromebook will tunnel all http and https requests AND the DNS queries through the tunnel. That way 95% of your Chromebooks traffic (we aren”t a 100 percent sure about what protocols any other apps you have might use) are piped through a secure tunnel. You don’t only get to connect to your home network (to open up any web-interface to any device or server you have) but also you get to do it all ‘in private’

Links.

March 18, 2014March 15, 2014

Server week : The essential SSH Server.

This week in “Server week” we are going to set up a variety of servers that allow you to do a variety of things. One of the most basic and versatile server you can set up must be the SSH Server. Long time fans probably know that the SSH server is the base ingredient for a lot of fun stuff you can do. For example.

Transfer files over the internet.
Work with command line applications from a remote computer.
Tunnel your browser traffic through your own server to stop nosy network admins.
Connect to your home network with a VPN connection.

These are just a couple of things you can do, but before you can do that, you will need the basic ingredient : Let’s set up an SSH Server.

Required ingredients.

Debian based Linux distribution : ( you can do it with a redhat based one too, but we use a debian based one for the tutorial)
Static ip for your Linux distribution.
Connection to the internet.
If you don’t have a static IP : A dynamic DNS service like opendns or Dyndns.
An open port on your router forwarded to your linux machine.

Let’s get cooking.

Open up a terminal on your linux machine and type : sudo apt-get install openssh-server
After the server is installed, connect to it from a remote machine using a terminal application like Putty (for Windows) Secure Shell (for the Chromebooks) or from the terminal on other Mac and Linux machines.
Connect to your Linux server with the command : ssh yourusername@theipofyourserver

And starting out that is ALL you need to do. If you want to do this from the internet you need to forward the correct port (The standard port is Port 22) from your router to your linux machine so you can make it accessible from the internet.

Lets make it pretty.

Want to have a unique login screen when you connect ? create a cool ASCII banner using THIS tutorial.

Lets make it secure.

SSH servers run standard on port 22, so a lot of scriptkiddies will go around the internet and “knock” on your port 22 to see if there is a server there. We are going to “obscure” the location of your SSH server a little by changing the default portnumber (Remember you also need to adjust this on your server) Follow THIS tutorial to get you started.
Next time you connect remember to connect with ssh -p portnumberyouchose yourusername@theipofyourserver
If you want to get rid of entering your password when you connect you can log in using secure SSH keys. Its a little bit on the advanced geeky side but it DOES keep your machine extremely secure : Only a machine with a unique digital fingerprint can connect using this method : Here is a good tutorial.

Lets start using it.

The SSH server offers you a variety of functionalities we talked about in previous blogposts. We will line up the best uses for SSH here.

Make a VPN connection to your home network using SSHUTTLE.
Turn your server into a proxy server and tunnel all browser traffic though your home server. (here is the pdf howto)
Keep an eye on what your server is doing.
Run a remote supergeeky wordprocessor.
Run remote graphical applications.
Have a blast controlling your server from the command line.
Run command line apps.

These are just a couple of examples of what you can do over this very powerful little SSH connection. Remember always to use strong passwords and keep your server up to date. Have fun !

January 22, 2014January 19, 2014

Setting up your own SSH proxy on Windows.

Free wifi is great. It’s like finding an oasis in the middle of the desert that gives you the ability to quench your digital thirst before you wade into the offline sahara once again. But “Open and Free” wifi comes at a price. Being a shared network medium, it means that all traffic on the wireless network is visible to all users on that network , should they care to take a peak.

With networking tools like “Wireshark” it is fairly easy sniff traffic on an open wifi network and intercept all kinds of unencrypted traffic. That traffic can consist of what URL’s you surf to to what passwords you use (if you have an unsecured connection) .. They are all there for anyone to sniff, download and analyse.

To keep your browser traffic private all you need to do is encrypt it. One of the ways to do this is of course use https connections where you can, but if that is not possible there are alternatives. You can set up your own SSH proxy server. This means you will be creating an encrypted tunnel from your laptop, TROUGH the internet, to your home server. Once there (behind the security of your own firewall) your traffic heads for the internet. Its like surfing at home, but you are in fact ‘away from home’.

The only thing you need are :

– Access over SSH to a linux server. ( Check our our tutorial on how to set this up)

– A copy of Firefox.

– A copy of Putty.

Setting it up is quite easy , and we will probably do a screencast on the issue in season 8 of our podcast, but instead of boring you with a lot of text , we are going to point you to the excellent podcast episode Kurtis Adkins did for Hacker Public Radio on the topic. Take 20 minutes and listen carefully. When you are done (and have the ingredients above) you will be able to secure your webtraffic from anyone who wants to snoop around. (Hackers, scriptkiddies or nosy sysadmins)

Link : Curtis Adkins on : Setting up and using SSH and SOCKS (Hacker public Radio ep 1422)

December 4, 2013December 3, 2013

Keep track of all your passwords on your Android phone with Keepass2android.

Keeping track of all your logins and passwords for the hundreds of sites and services you are registered with is something that is a terrible hassle. For convenience sake we use the same logins (and even passwords) on different services and constantly need to request ‘resets’ and ‘reminders’ when we forget the password to our “One Direction” fanpage. So instead of getting Rainman as a permanent sidekick to help us remember all our passwords and logins , why not use an app for that ?

There are plenty of password management applications out there, but because you are a “slider” and go from operating system to operating system, having your password management software available “everywhere” is a MUST. Our favorite app that lives both on Windows, Linux and the Mac is KeepassX. A free application that lets you organise and keep track of all the logins and passwords you have AND can generate supercool “random” passwords that are very very hard to crack.

The password database that KeepassX uses is “locked” with a master password (for example abc123 ?) so nobody can open up your “black book” without your knowledge or permission. When you store the database on a network share (or in the cloud via Dropbox or Bittorrent Sync) you can access it from different machines on different locations… So how about from your mobile ?

Enter Keepass2android : A keepassX client for your android mobile phone. The interface is “mobile friendly” and in combination with Dropbox or another cloud service like Skydrive or whatever. Store the database somewhere where you can reach it, open it up with the keepass2android client and you will never have to write down a password on the inside of your shoe .. ever again.

But beware : The ‘master password’ of your database file is your achilles heel. If you lose your phone and have an offline copy of that database on your phone … all that stands between the “evil one” and ALL your passwords is that one master password. So make it a pass-phrase. We have some examples for you :

“0MG1soLOVEjusTinBieBerRightNow!!!” “W3@llL1v31nAY3ll0w_SubM@r1n3” “supercalligragulasslyexpealidocious1049!!!_X” … And so on …

Keepass2android is free and is available in the Google Play store.

August 20, 2006

The Knightcast Episode 35 : Remote Domination.

Remote
The Knightcast Episode 35 : Remote Domination.

Direct link to the show :

http://www.knightwise.com/podcasts/kc_2082006.mp3

Summary.

Don't even leave your seat for episode 35 of the Knightcast : Remote domination. We talk about the tools of the trade how to remote control every PC that you own. With tips, howto's and cool programs we turn your computerroom obsolete and let you control everything from your couch. With music from Noplasticinside its another Info- Loaded Knightcast.

Promo : Miketechshow .

Download the Shownotes in PDF.

{mos_sb_discuss:5}

May 31, 2006

The Knightcast Episode 31 : Tips for the mobile Geek.

The Knightcast episode 31 : Tips for the mobile geek.

Direct link to the show : http://www.knightwise.com/podcasts/kc290506.mp3

Summary.

An episode jam packs with tips for the mobile geek. How to carry and organize your tech equiptment as easy, light, convinient and efficient as possible. What to take with you, where and how to store all your geeky goods. Furthermore we talk about the Ubuntu-Granny incident and let you hear ' The Knightcast Signal".

Shownotes.

Intro
News and events.
MUSIC The Knightcast signal as preformed by Noplasticinside .
The Knightwise.com website gets 11000 hits over the weekend.
The Ubuntu story on Digg .

MUSIC The road less traveled by Sweet Crystal.

Part 1 : Tips for the mobile geek.
Why this podcast.
Groundrules.
Dividing everything into zones.

Zone 1 : your body.
MUSIC : Move it by Life has teeth .

Zone 2 : The "Bag"
Groundrules.- What to put in your bag.

Zone 3 : The car.- Groundrules.
What to store inside your car.
Signoff.

For more information or to send feedback , please visit our main website www.knightwise.com

Tag: secure

Connect your Chromebook to your home network over SSH.

Related Posts

Setting up your own SSH proxy on Windows.

Related Posts

The Knightcast Episode 35 : Remote Domination.

Related Posts

The Knightcast Episode 31 : Tips for the mobile Geek.

Related Posts