Compilation of OpenSSH 8.1 on AIX

In this post I will explain how to to compile OpenSSH 8.1 on AIX 7.1. The system has a 64 bits PowerPC architecture.

The compilation will be made on a custom directory `/soft/openssh-8.1` and the following software will be included
zlib 1.2.11 for compression support
OpenSSL 1.1.1d
PKIX-SSH 12.3, a fork from OpenSSH with support for X.509 v3 certificates

Compilation on AIX is not a trivial task, and for a guy coming from a Linux world, some steps not so evident, has been needed.

Protecting my public Linux host from brute force SSH attacks

Someone with an automatic tool is trying different combinations of users and passwords to gain SSH access to my public server available in Internet.

auth.log, being updated continually as the attacker is trying to guess the user and password
auth.log, being updated continually as the attacker is trying to guess the user and password

To protect my VPS, I am going to implement some of the recommendations of this post from RimuHosting.

  • Run OpenSSH on a non-standard port
  • Create a user with a strange name to connect to this server and configure OpenSSH to only allow this user to connect
  • Don’t allow passwords to be used. We will use SSH keys to login in our server.

Deploying a DevOps playground at home with Debian Linux and VirtualBox

This is the first of a serie of posts describing how to deploy a playground for DevOps learning and experimenting. This home lab will be deployed in my home computer, a modest HP Pro 3300 micro tower 🙂

As host machine we will use a computer with a Debian 10 Linux system. VirtualBox will be used to create a local private network and 4 virtual servers: a “Control Server” and three nodes, “Node #1”,
“Node #2” and “Node #3”

My home laboratory
Network diagram of my home lab

OpenSSH with X509 certificates HOW TO

In this post I will explain how to test a connection with OpenSSH using PKIXSSH fork from Roumen Petrov.

The full process followed to test a SSH connection between a client and a server machine using X509 certificates will be detailed. To make the test we will use a third machine, that we will call control machine, machine that will act as a “Certification Authority”, which is the entity that will validate the authenticity of the certificates presented by the user who wants to make a connection and by the destination server.