@@Eeroke Teach me master

"congratulations, you played yourself."

Hoisted by their own petard.

If they can't see it, they have plausible deniability. Bet their lawyers were happier with that

I used to use SSH at work to bypass the internet filter by setting up a tunnel through my home internet connection.

I still remember when I discovered that I with scp could from machine A copy a file from machine B to C. Also that it could copy between two accounts on the same machine. 😜

Anyway, you should try emacs. Open the file "/ssh:user@machine:file" or "/scp:user@machine:'. Called Tramp mode. 😜

@@AndersJackson As someone who is new to the linux game, that second sentence is quite an eye-opener. So much to learn.

@@FractalZero Emacs is great, both in Linux, MacOSX, and MS Windows. You might want to look Up and use My configuration on GitLab to start from. There you have both OrgMode and Magit setup for use in Emacs. Firar is easy way to generator, PDF, HTML and other formats from same source. You can also mix in code, and extract it to files or executing and show result in documents.

The biggest thing for me was when setting up control connections along with that. I was in an environment which had 2FA on the bastion hosts to get into the environment, but regular keys / passwords to the hosts behind. We'd have a session to the bastion host with top running (to keep the session open) then we could use chaining / multihops to go through the existing session on the bastion host to the hosts deeper in the network on subsequent connections during the day

Been there, in 1989 there was no SSH, just telnet, and we was happy to have that. In 1982 there was not even connections outside the university. I still remember the first Macintosh (yes, THE one, after Lisa).

Anders Jackson The internet wasn't (as) full of people actively trying to ruin your day 30 years ago. It's sadly a different place now.

@@lunasophia9002 Its so sad what the internet has become ... so many years yet still we don't have any secure authentication method thats 100% reliable

@@feschber we will never have 100% security, as security faults is either buggs in software, hardware or in specifikation. For instance, there are some interesting bugs in the SMS protocol compression. 😜

Can't imagine life without PURE WATER

who cares

@@eadweard. Probably the guy who wanted to prevent others from seeing it. Or maybe he's baiting people to attack the address. Ironically you cared enough about people caring about it to comment so you must be really invested in this xd.

@@lollllloro who cares

@@naturesinterface6663 I'm starting to think it might be your IP or something and now the script kiddies are pouring in. :( I'm sorry, man. I never wanted anyone attacking you, or anyone else. I merely suggested it might be an intentional choice. It's probably for the best if everyone just stops paying attention to this if it is, in fact, hurting somebody. Again, my apologies if I made your situation worse, that was never my intent.

@@lollllloro who cares Sorry I didn't wanna break the chain

Yeah!! I miss that stuff!

It's both. Padding is necessary because of block size, but instead of being just null bytes, it's random bytes which scramble the final hash even more, so it also reinforces security

That’s what he said (but it’s not true for all elgorithms and Mac’s. Gcm ciphers don’t encrypt the length

A VPN is not actually L2 by the way, some people call it L2.5.

It's L2. MPLS is more like Layer 2.5 -.- don't miss lead @@BattousaiHBr

@@dietalkaa a VPN runs on top of L3, so how can it possibly be L2? the VPN interface is for all intents and purposes a L2 interface, but it runs on top of the L3 stack rather than on top of L1 or even other L2. this is why VPN is often called L2.5, among other encapsulation or tunneling protocols. when talking about MPLS VPNs, it's technically possible to get L2 transmission if you run it through something like ATM, but i think the standard method is on top of the IP layer.

@@BattousaiHBr yes I know. What's your point??? Wtf

@@dietalkaa ? you called VPN a L2 connection when it isn't.

Yes, they do, as you can see in the video it states "offering public key".

@@ZintomV1 oh yeah thank you, I didn't see that on first watch :)

@@kade9527 try it self with a couple of "-v" switches and you learn a lot. ;-)

They also do some MIM protection. That is they use certificates on both directions, so you can create a certificate to use when you login in.

Depends on the implementation. I’ve used connections where the sysadmin has to manually add your public key into the target machines config so only people who possess a specific set of private keys can possibly access it. The only way to possibly get in is access to one of the machines involved since no other auth protocol is part of the process.

+ port knocking.

Lawrence D’Oliveiro what kind of length values might cause mischievous behaviour? Are you thinking what if the receiver is susceptible to a buffer overflow, or something?

@@rlamacraft No I think he means if the packet length is altered, the receiver will not know how far to read into the payload and might miss some packet data.

ググレかす

Which encryption to use, and how to exchange keys, is something both machines "negotiate" based on what they each support. Basically, it's going to be some version of Diffie Hellman (there are Computerphile videos on that). Over time, less secure options can be phased out, and replaced with new ones, more-or-less like a "plugin", without needing to scrap the basic SSH system.

The encryption works in a very similar fashion to a modern SSL connection. A session key is generated with a Diffie Hellman or ECDH (DH ensures that only you and your suitor know this key), The server has a public/private keypair to prove it's identity which your client confirms is the same as the last time you connected. Dr Steve authenticated to the server using a public/private keypair on the client (which was encrypted on his disk using a password) for which the server has the public key in it's authorized_keys file. All the data is encrypted, usually with AES (but it can be chacha20-poly1305 or others) and the MAC is normally SHA256 based (or the one built into chacha20-poly1305). The public keys can also be several algorithms; RSA, ED25519,etc or even keys linked to certificates.

so if i intercept the negotiation phase or even decrypt the packets with all known encryption on ssh i can get the data ??? is the negotiation itself encrypted ?? and how do they send the keys at first ??? and are the keys secured ??

@@fouzaialaa7962 There's a negotiation about which *method* to use for exchanging keys etc, but the exchange itself is secure. Look up Diffie Hellman for info on how keys can be established securely over an unsecured connection

+1

rsync is so cool. You know Andrew Tridgell developed it for his PhD thesis?

rsync is literally a swiss army knife for copying/moving files around locally and between machines.

I've used rdist for 30 years; but have heard rsync is better. Will need to try it out.

Telnet is port 23?

Please tell so we can see if it worth investigate.

There is no story. Port 22 was free. Developer wrote an email requesting it be reserved for ssh. Request was granted.

@@damnmab as it should be then. Nothing that to look into.

Is "abit" like "rabbit", only a bit shorter?

once a connection is established between a server and a client, "handshaking" is done to ensure that the connection has been made with the right computer. An asymmetric encryption is done between the computers to generate and transport keys for symmetric encryption. The symmetric keys are hence used to encrypt and decrypt data. Now what happens is, computer A generates two keys for asymmetric encryption : public and private. A public key is sent over to computer B which encrypts the symmetric key using the public key it recieved. Here, the public key can only encrypt and the private key can only decrypt data. The encrypted symmetric key is sent back to computer A, which decrypts it using its private key and generates the symmetric encryption key. This way, both computers have a symmetric key which can be used to encrypt/ decrypt the data sent and received over the connection. The 3rd party cannot sniff the encryption "rules" (or the symmetric key) because it has been encrypted by a public key before transmission, and can only be decrypted with a private key, which hasn't been sent over the network.

Cause it works!!!!lololololol

SHA256 is a non-reversible hash algorithm not an encryption. Blowfish-cbc, aes256-cbc, and aes256-ctr are encryptions.

@@mytech6779 @MyTech SHA256 was designed for message digests, it's what's used as a layer for information security in applications and if you knew how SSH worked you would know that SHA256 is a cryptographic hash function, but it can also be misused in computation referring to what you mentioned a "hashing algoritihm" used for password cracking. Hashing algorithms serve the purpose of computation among inputs for a desired outcome and that's not applied in SSH, it's based on authentication.

​@@mytech6779 SHA256 role in SSH as a one way function is that SSH will ask you for a finger print, when that is mentioned SHA256 will hash your characters as your "ID" which is a long cryptographic hash string in an SSH file for communication for two computers. You can then do authentication for your remote computer for file sharing between the two computers. We are hashing characters to protect the integrity of the data not to perform a brute force attack. These are the only ways SHA256 or SHA512 is applied.

Because they haven't use them for printing in ages so the stockpile never gets used up?

@@Neumah Nah... My theory is frivolous use of time machine.

@@mistercohaagen ...or that.

Tractor feed is very robust for industrial applications. Common office printers are flimsy junk with unreliable pickup and feed leading to jams and lost prints when removed from the nice clean, low vibration, and air conditioned environment. In short, tractor feed paper is still produced and sold.

It's still used a lot.

You can use ssh in windows from the cmd just as easy as in Linux, they patched that in a year or so ago.

Weird, the ssh connection that I have from my local windows machine to my university must be a dream then.

Weird that you think I'm talking about SSH clients.

@@sergheiadrian try again next time

@@RahlRichard92 yes, and how many years did that take?

@The Zak Take a look into public/private key cryptography. You can publish your public key for all in the world to see (and indeed, you are doing so right now), and it is used to encrypt data being sent to you. But it can only be decrypted by your private key, which (hopefully) no one else has. There's some really really cool maths that goes into it.

It's a style choice for these videos, as for the reason the dept has it... if it ain't broke?

They use it to trigger people in youtube comments.

Steve Richter i assume you found answer by now but.. permissions. TempDisable root make unprivileged user and add user to sudoers group, is the way i did it.

I was thinking the same thing!

Check other videos for public private key cryptography. It's about symmetric keys. It can be used both for encryption and verification of identity.

because it sends encrypted data... it can be decrypted, yes, but better than plain text..

Finnish guys have always built relevant software. :)

But why am I not surprised

It's more for the purpose of obfuscation, allowing the SSH packet length to be some fixed number, and thus not allowing an attacker to deduce anything useful about what the payload might be. *_EDIT:_* It does also act as a salt, since we can have equivalent payloads which, even if encrypted using a simple block cipher, result in different ciphertexts due to having different randomly generated padding.

It is planned but it hasn't been shot yet! >Sean

Computerphile yay, thanks for the response! I shall wait patiently and keep my eye out for the video.

No, no one is wondering that

Only 90s kids will get this r/gatekeeping

The obvious answer for them is when you get your copy, you can waste time ripping the hole strips off. Like popping bubble wrap, but more official.

yeah! (should be pushed off the edge into the bin.)

Hello! I like your font. What is it? Elvish? Enochian? Thai?

ssh uses port 22. The older unecrypted telnet protocol uses port 23.

@@chocolate_squiggle you are correct. Only thing i can think of is i made a typo on my cell phone 2 years ago.

Not really. Sometimes it can be used as such, but normally padding is forced simply because encryption algorithms encrypt data in blocks of bytes (often 16 bytes). Nevertheless, if you've got to put bytes in there random is probably better than just zeros.

Not at all

The people in most of Brady's videos are professors. They are used to teaching on whiteboard, blackboard, or overhead projector. That said, I often have a notebook handy when coding to draw out a UML diagram, flow chart or data structure so that I can think about edge cases. Maybe I need to ask my boss for a Wacom tablet.... lol.

Nothing beats pen and paper when you sit next to a student and try to explain something to him. Whiteboard comes next

...yeah...