GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → benjojo → Totp Ssh Fluxer

benjojo / Totp Ssh Fluxer

Take security by obscurity to the next level (this is a bad idea, don't really use this please)

Programming Languages

go
31211 projects - #10 most used programming language

Labels

sshtotpiptables

Projects that are alternatives of or similar to Totp Ssh Fluxer

tosh
Imagine your SSH server only listens on an IPv6 address, and where the last 6 digits are changing every 30 seconds as a TOTP code...
Stars: ✭ 406 (-49.94%)
Mutual labels:  ssh, totp
Secure Wireguard Implementation
A guide on implementing a secure Wireguard server on OVH (or any other Debian VPS) with DNSCrypt, Port Knocking & an SSH-Honeypot
Stars: ✭ 200 (-75.34%)
Mutual labels:  iptables, ssh
Cli
🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
Stars: ✭ 2,151 (+165.23%)
Mutual labels:  ssh, totp
Asuswrt Merlin Transparent Proxy
transparent proxy base on ss, v2ray, ipset, iptables, chinadns on asuswrt merlin.
Stars: ✭ 367 (-54.75%)
Mutual labels:  iptables, ssh
Ansible Ssh Hardening
This Ansible role provides numerous security-related ssh configurations, providing all-round base protection.
Stars: ✭ 746 (-8.01%)
Mutual labels:  ssh
Emagnet
Automated hacking tool that will find leaked databases with 97.1% accurate to grab mail + password together from recent uploads from https://pastebin.com. Bruteforce support for spotify accounts, instagram accounts, ssh servers, microsoft rdp clients and gmail accounts
Stars: ✭ 688 (-15.17%)
Mutual labels:  ssh
Mintotp
Minimal TOTP generator in 20 lines of Python
Stars: ✭ 678 (-16.4%)
Mutual labels:  totp
Yubikey Guide
Guide to using YubiKey for GPG and SSH
Stars: ✭ 6,709 (+727.25%)
Mutual labels:  ssh
Winscp
WinSCP is a popular free SFTP and FTP client for Windows, a powerful file manager that will improve your productivity. It supports also Amazon S3, FTPS, SCP and WebDAV protocols. Power users can automate WinSCP using .NET assembly.
Stars: ✭ 794 (-2.1%)
Mutual labels:  ssh
Opscloud
运维管理平台(阿里云),自动同步阿里云配置信息,堡垒机(容器),批量运维,Kubernetes,Zabbix管理等功能
Stars: ✭ 788 (-2.84%)
Mutual labels:  ssh
Goph
🤘 The native golang ssh client to execute your commands over ssh connection. 🚀🚀
Stars: ✭ 734 (-9.49%)
Mutual labels:  ssh
Python Proxy
HTTP/HTTP2/HTTP3/Socks4/Socks5/Shadowsocks/ShadowsocksR/SSH/Redirect/Pf TCP/UDP asynchronous tunnel proxy implemented in Python 3 asyncio.
Stars: ✭ 692 (-14.67%)
Mutual labels:  ssh
Sshttp
SSH/HTTP(S) multiplexer. Run a webserver and a sshd on the same port w/o changes.
Stars: ✭ 766 (-5.55%)
Mutual labels:  ssh
Shellhub
💻 ShellHub enables teams to easily access any Linux device behind firewall and NAT.
Stars: ✭ 686 (-15.41%)
Mutual labels:  ssh
Kitty
💻 KiTTY, a free telnet/ssh client for Windows
Stars: ✭ 791 (-2.47%)
Mutual labels:  ssh
Vps setup
linux vim bash 脚本学习笔记 by 蘭雅sRGB https://262235.xyz/
Stars: ✭ 678 (-16.4%)
Mutual labels:  iptables
Twofactorauth
PHP library for Two Factor Authentication (TFA / 2FA)
Stars: ✭ 722 (-10.97%)
Mutual labels:  totp
Parallec
Fast Parallel Async HTTP/SSH/TCP/UDP/Ping Client Java Library. Aggregate 100,000 APIs & send anywhere in 20 lines of code. Ping/HTTP Calls 8000 servers in 12 seconds. (Akka) www.parallec.io
Stars: ✭ 777 (-4.19%)
Mutual labels:  ssh
Teleport
Teleport是一款简单易用的堡垒机系统。
Stars: ✭ 718 (-11.47%)
Mutual labels:  ssh
Action Tmate
Debug your GitHub Actions via SSH by using tmate to get access to the runner system itself.
Stars: ✭ 713 (-12.08%)
Mutual labels:  ssh
View All Similar Projects ➔

TOTP SSH port fluxing

Some people change their SSH port on their servers so that it is slightly harder to find for bots or other nasties, and while that is generally viewed as an action of security through obscurity it does work very well at killing a lot of the automated logins you always see in /var/log/auth.log

However what if we could go take this to a ridiculous level? What if we could use TOTP codes that are normally used as 2nd factor codes to login to websites to actually know what port the sshd server is listening on?

For this, I present totp-ssh-flux, a way to make sure your sshd port changes every 30 seconds, and possibly causing your adversaries a small period of frustration.

Demo:

gif

What you can see here is my phone (using a generic TOTP client) generating codes, that I can then use as the port to SSH into on a server.

The software behind it is fairly simple, It runs in a loop that does the following

  • Generates a TOTP token
  • Takes the last digit, if the result is above 65536, do that again
  • Adds a iptables PREROUTING rule to redirect that number generated above
  • Waits 30 seconds, removes that rule, repeat.

The neat thing is, because this is done in PREROUTING, even if the code expires, established connections stay connected.

Installation

You will most likely find more up to date instructions on the totp-ssh-flux project readme

Beware, currently I would not really recommend running this software, it was only written as a joke.

At the time of writing the project is just a single file, You will need to install golang and then go get and go build

Run the program as root ( it needs to, sorry, it's editing iptables )

Upon first run, the program will generate a token for the host in /etc/ssh-flux-key ( you can use the -keypath option to change that ) and you can input that into your phone or other clients.

You can confirm it works by running watch iptables -vL -t nat and waiting for the iptables rules to be inserted and removed.

Want to see more insanity like this? Follow me on twitter @benjojo12

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].