TotP-SSH-Fluxer : Take Security By Obscurity To The Next Level

Totp-Ssh-Fluxer will take Security By Obscurity To The Next Level. Some people change their SSH port on their servers so that it is slightly harder to find for bots or other nasties, and while that is generally viewed as an action of security through obscurity it does work very well at killing a lot of the automated logins you always see in /var/log/auth.log

However what if we could go take this to a ridiculous level? What if we could use TOTP codes that are normally used as 2nd factor codes to login to websites to actually know what port the sshd server is listening on?

For this, I present totp-ssh-flux, a way to make sure your sshd port changes every 30 seconds, and possibly causing your adversaries a small period of frustration.

Demo:

What you can see here is my phone (using a generic TOTP client) generating codes, that I can then use as the port to SSH into on a server.

The software behind it is fairly simple, It runs in a loop that does the following

  • Generates a TOTP token
  • Takes the last digit, if the result is above 65536, do that again
  • Adds a iptables PREROUTING rule to redirect that number generated above
  • Waits 30 seconds, removes that rule, repeat.

The neat thing is, because this is done in PREROUTING, even if the code expires, established connections stay connected.

Installation

You will most likely find more up to date instructions on the totp-ssh-flux project readme

Beware, currently I would not really recommend running this software, it was only written as a joke.

At the time of writing the project is just a single file, You will need to install golang and then go get and go build

Run the program as root ( it needs to, sorry, it’s editing iptables )

Upon first run, the program will generate a token for the host in /etc/ssh-flux-key ( you can use the -keypath option to change that ) and you can input that into your phone or other clients.

You can confirm it works by running watch iptables -vL -t nat and waiting for the iptables rules to be inserted and removed.

Download

R K

Share
Published by
R K
Tags: ObscuritysecurityTotp-Ssh-Fluxer
4 years ago

Recent Posts

garak, LLM Vulnerability Scanner : The Comprehensive Tool For Assessing Language Model Security

garak checks if an LLM can be made to fail in a way we don't…

1 day ago

Vermilion : Mastering Linux Post-Exploitation For Red Team Success

Vermilion is a simple and lightweight CLI tool designed for rapid collection, and optional exfiltration…

1 day ago

AD-CS-Forest-Exploiter : Mastering Security Through PowerShell For AD CS Misconfiguration

ADCFFS is a PowerShell script that can be used to exploit the AD CS container…

1 day ago

Usage Of Tartufo – A Comprehensive Guide To Securing Your Git Repositories

Tartufo will, by default, scan the entire history of a git repository for any text…

1 day ago

Loco : A Rails-Inspired Framework For Rust Developers

Loco is strongly inspired by Rails. If you know Rails and Rust, you'll feel at…

2 days ago

Monolith : The Ultimate Tool For Storing Entire Web Pages As Single HTML Files

A data hoarder’s dream come true: bundle any web page into a single HTML file.…

2 days ago