NetStumbler.org Forums - View Single Post

03-09-2002

Hi,
If your using RSA keys then that implies that your are using SSHv1. There are known weaknesses with this version of the protocol. e.g. It's possible to perform a MiM attack on an SSHv1 connection and then there's the CRC32 compensation attack (though this affects the SSH Daemon and not the user directly I suppose).

Most people (sane people that is) should have disabled support for v1 of the SSH protocol when configuring thier SSH daemons (most vendors have been affected by the CRC32 Compensation attack). Heh, ideal world situation I suppose.

Tron, if your hosting company allows SSHv1 connections then they may need to be shot in the head :-). (I'd bet they're running a vulnerable SSH Daemon as well if this is the case - most hosting companies are muppets).

You really want to use SSHv2 along with DSA keys. (ssh-keygen -t dsa)

>domain = ;
>remote_user = ;
>remote_host = ;
>#local_user = ;
>#local_host = ;
>
>tar -cpzf $domain.tar.gz *;
>scp $domain.tar.gz $remote_user@$remote_host:$domain.tar.gz;

Um, I take it this is supposed to be some sort of perl script? If your using the Bourne shell (Bash is derived from Bourne) you'd assign variables without using spaces.. e.g -

FOO=value

No need for the semi-colon either.

>ssh $remote_user@$remote_host;
>tar -zxf $domain.tar.gz;
>exit;
>#end script

Won't work, you'd SSH into the remote host and just idle, the next command in the script wouldn't execute until you disconnected and it would be executed on the localhost.

You'd want to do -

ssh -l $REMOTE_USER $REMOTE_HOST tar zxf $DOMAIN.tar.gz

Which would SSH into the remote host, execute the tar command on that host and then exit.

You'd also want to perform some sanity checking e.g. check the exit codes of the commands you execute, possibly mail out if it fails, remove the tarball after it's been transferred (or archive it somewhere perhaps).

So, a version of this script that might be useful.

-----

#!/bin/sh
# Assumes quite a bit, might work though.
DOMAIN="whatever"
REMOTE_USER="borgman"
REMOTE_HOST="foobarwibblemoo"

# Assumes the script is running in the correct directory
tar cpzf $DOMAIN.tar.gz *

# Assumes keys are setup correctly, without passphrases
scp $DOMAIN.tar.gz $REMOTE_USER@$REMOTE_HOST:

# Clean up the local tarball, if not needed...
rm -f $DOMAIN.tar.gz

# Untar/gunzip it on the remote host, assumes your home directory on the remote host is where you want the files...
ssh -l $REMOTE_USER $REMOTE_HOST tar zxf $DOMAIN.tar.gz

# Remove it from the remote host, if not needed...
ssh -l $REMOTE_USER $REMOTE_HOST rm -f $DOMAIN.tar.gz

# This is the end of the script!

---

I'd either write a better script based on the above, or use something like rsync to do the job.

--Bovine

03-09-2002	#7 (permalink)
Posts: n/a	... Hi, If your using RSA keys then that implies that your are using SSHv1. There are known weaknesses with this version of the protocol. e.g. It's possible to perform a MiM attack on an SSHv1 connection and then there's the CRC32 compensation attack (though this affects the SSH Daemon and not the user directly I suppose). Most people (sane people that is) should have disabled support for v1 of the SSH protocol when configuring thier SSH daemons (most vendors have been affected by the CRC32 Compensation attack). Heh, ideal world situation I suppose. Tron, if your hosting company allows SSHv1 connections then they may need to be shot in the head :-). (I'd bet they're running a vulnerable SSH Daemon as well if this is the case - most hosting companies are muppets). You really want to use SSHv2 along with DSA keys. (ssh-keygen -t dsa) >domain = ; >remote_user = ; >remote_host = ; >#local_user = ; >#local_host = ; > >tar -cpzf $domain.tar.gz ; >scp $domain.tar.gz $remote_user@$remote_host:$domain.tar.gz; Um, I take it this is supposed to be some sort of perl script? If your using the Bourne shell (Bash is derived from Bourne) you'd assign variables without using spaces.. e.g - FOO=value No need for the semi-colon either. >ssh $remote_user@$remote_host; >tar -zxf $domain.tar.gz; >exit; >#end script Won't work, you'd SSH into the remote host and just idle, the next command in the script wouldn't execute until you disconnected and it would be executed on the localhost. You'd want to do - ssh -l $REMOTE_USER $REMOTE_HOST tar zxf $DOMAIN.tar.gz Which would SSH into the remote host, execute the tar command on that host and then exit. You'd also want to perform some sanity checking e.g. check the exit codes of the commands you execute, possibly mail out if it fails, remove the tarball after it's been transferred (or archive it somewhere perhaps). So, a version of this script that might be useful. ----- #!/bin/sh # Assumes quite a bit, might work though. DOMAIN="whatever" REMOTE_USER="borgman" REMOTE_HOST="foobarwibblemoo" # Assumes the script is running in the correct directory tar cpzf $DOMAIN.tar.gz # Assumes keys are setup correctly, without passphrases scp $DOMAIN.tar.gz $REMOTE_USER@$REMOTE_HOST: # Clean up the local tarball, if not needed... rm -f $DOMAIN.tar.gz # Untar/gunzip it on the remote host, assumes your home directory on the remote host is where you want the files... ssh -l $REMOTE_USER $REMOTE_HOST tar zxf $DOMAIN.tar.gz # Remove it from the remote host, if not needed... ssh -l $REMOTE_USER $REMOTE_HOST rm -f $DOMAIN.tar.gz # This is the end of the script! --- I'd either write a better script based on the above, or use something like rsync to do the job. --Bovine