lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3b692a8c2f54822884da86b7f78eaa8b03a478fa
hpr-knowledge-base/hpr_transcripts/hpr0497.txt

408 lines
17 KiB
Plaintext
Raw Normal View History

Initial commit: HPR Knowledge Base MCP Server - MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00
Episode: 497
Title: HPR0497: Kris Findlay discusses Secure Socket Handler
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0497/hpr0497.mp3
Transcribed: 2025-10-07 21:46:43
---
.
.
Welcome to my talk on SSH, give us a guide to secure socket
Anders. My name is Chris Finley.
I'm a webmaster for the Linux site and you can easily
site. Help us to take communication with
everybody in the community and hope it all goes well.
.
So what we're going to talk about today,
hopefully I want to learn what SSH is.
What some of the basic commands are, how easy it is
going to be able to use it in both day-to-day life
and possibly some of the jobs.
The logic transfer files, most securely,
in a manner that's going to help you do what you
will need to do.
And how to, the notes that Wi-Fi hotspots and
plus of that aren't actually really secure.
And SSH can help you to make that secure.
So, say why do you want to know this?
Say Wi-Fi hotspots. When you connect to Wi-Fi hotspot,
you're connecting to everybody there,
you can see where you're going, what sites you're going to
stuff like that, by stuffing your connection and stuff like that.
Whereas if you use SSH, you can connect to another
machine through an encrypted tunnel and secure
your connection that way.
Make it less easier for people to see what you're doing.
You know, you want people to steal in your bank account
details or something.
I mean, if you're transferring files like, for example,
you can make.com, try sending files across the internet
to other customer details and bank details and
really, and plain text files.
Anybody could just stop along, read the files,
no problem with that.
And it'll be quite hammered for that.
Whereas the SSH, the whole connection will be
encrypted and you wouldn't built it.
See the values and stuff.
But also, actually, to connect to your computer
from anywhere remotely, you can get an internet connection,
which can be very handy between files,
control your computer, download your TV series,
or everyone.
So, let's say, start off with what SSH is,
a little bit when ports were opened,
what's used for, what it replaced,
and some basic uses and commands.
So, basically, what is SSH?
It's a secure socket handler.
It's not a protocol, so it's not one application.
It's a set of applications.
And it uses a cryptography, a public key per.
So, you have to provide a public key
and have the private key yourself,
so that you can connect to servers and things,
securely.
It can be used to transfer files using an SEP,
a secure copy.
All that I say, all that's done to a secure socket,
on usually port 22,
which is different than your emails, like usually SMTPs,
like port 25, HTTPs, like port 18, things like that.
Although, it is recommended that you change that port
in the configuration file to something less obscure.
So, you won't win by when ports were open.
SSH was initially developed in 1985,
by a guy at Helsinki University.
They were having problems with people still in passwords
and breaking into their system and things like that.
The tools they were using,
just worked up to the grade,
if they were going to try and secure these tools
and make them most secure,
they basically have to rewrite them all entirely.
And that's just not helpful.
It's not tight enough to take consumers and it costs a lot of money.
So, this guy,
Helsinki University,
rewrote SSH using a lot of open source tools
that were already available,
released under the GNU and the GPL license.
Later on, a few years beyond that,
they started revising the code and moving on.
But the guy started his own company,
making improvements in stuff to SSH
and made it proprietary.
So, you couldn't get the code,
you couldn't get the source code,
you couldn't end with it.
Of course, a lot of people were like,
that's not good enough,
we want an open source version,
we don't have an open source code.
So, they went back to the 98,
3BSD went back and said,
right, where's the original code that's open source?
Because under the GNU license,
which means they can't take it back and say,
no, this is proprietary,
they've got to have that code and it's got to be available.
So, they took that code and proved on it,
revised it a bit more,
and released it as open SSH,
which is now probably most commonly used,
former of SSH.
There are more other proprietary versions,
versions for Microsoft Mac,
which I think Mac uses open SSH as well.
I think there's one SSH for Windows,
I think.
Yeah, how does SSH port as well?
Is there a way to support as well?
Is that under side G1?
Yeah, it's on.
All right, cool.
And of course, that version was ported
from 3BSD to different operating systems,
like Linux,
which is predominantly used in Linux,
and Unix systems.
And that's for low.
Basically, there's a log in here,
a system with SSH.
It's coming down to the command line
or you can use a GUI tool,
or something like that,
to do some applications.
So, I'll just say we've probably
what we've used for before on it.
So, I mean, there's lots of different things
you can use the SSH toolset
and protocols for,
including logging in the model list,
as we talked about,
which was placed in programs called,
we used before, we're called townet,
and our logon.
But I'd say these didn't have the security required.
But you can also,
securely execute one command.
So, you've got a program that's running on another machine,
and you just want to restart that program
or do it without actually doing anything else.
You can just send that single command to restart it,
and not bother by whether it's done or not,
and leave it to it.
SCP is quite a good one.
Very good one.
I mean, for copying files and directories around,
you're copying it to a remote host,
and then SCP connection.
You've got to have more constant connection,
because it's less likely to drop.
It's encrypted.
So, I'm always going to monitor what you're sending across these.
That was actually said before.
There is an alternative to that, which is S-F-D-P,
which is a protocol that came out after that.
It's still part of the S-S-H suite at all.
But not of F-D-P servers support it.
So, but it will fall back to using S-C-P if it's not supported.
So, it's got the redundancy there as well.
You can use it in combination with lots of other programs,
like R-Sync is a program that synchronizes files to the systems.
It checks the files match the dates, times the same files
and copies them across.
And you can say it's only copy files that have changed.
So, it's great for backing stuff up.
So, you can just use S-C-P connection, connect to the server,
and transfer those files back to your backup files and systems up.
One of the things that I tend to use a lot of most of myself
is what we'll put forward in them, or tunneling.
Basically, this is what we use to protect you from a Wi-Fi hotspot.
You create a tunnel to your computer, or a computer you've got access to,
on port 80 out to your internet.
And then you can access any page or any website or anything that you can access
from your home computer.
Downloads those data to your computer, and then sends that data back to you through the tunnel.
No one can monitor that tunnel, so they don't know what pages you're going to,
they don't know what, you know, sister servers you're going to, and so on.
For example, in the university, you try to go to one of the game sites,
a game spot or something, and you try to get there, and the university says,
no, that's a game site, you're not getting there, block.
But if you tunnel out to your own machine, you can go to that page as much as you want.
You don't even know you're there.
And I think it's mainly one of the Unix systems and Linux systems,
is the ability to forward X1M1 system, X1M1, which is your Windows system.
So you can say, right, I want to run Firefox.
But I like the version that I've got on my desktop on my bootmarks.
I've not copied the bootmarks to my laptop.
You can use the tunnel, SH to the machine you're in,
the special option next forward.
And to run Firefox, and it'll run it from your machine on your desktop,
in your laptop you send it.
So the whole application just loads up as if you were sitting in your desktop.
It might be slightly slower, but it's there, it's got your bootmarks.
And when you try to access files and stuff,
it'll access files on your own server, not the files on your local system.
Of course, you can use it with the software protocols and stuff,
as a proxy, and forward all your web access and everything through that,
through your tunnel and security connection.
One of my favourite uses for it is the Pro SSHFS,
which takes the remote file system on a remote computer.
And it's a hard drive in your own machine.
You just give it a location.
This is where you want to mount it.
This side, and it mounts it as if you were sitting there locally.
You can copy stuff, copy stuff to it, modify files,
and as if you were that machine there on your local system.
And of course, it's still all encrypted.
Of course, you can monitor systems with it as well,
by logging into the system, running the monitor scripts.
And that is that way.
So as I said earlier on, we replaced some programs
that was the whole point in the protocol.
The things that are logging was usually used to log into remote systems
that you'd access something like that.
But it was just sending the plain text password across the network
to log into the system, which isn't any use.
Telling it is still used today.
But mainly is it back up to something like SSH or SAP,
or something like that.
If something like a router or something like that,
those goes down, and you can't get to the web page interface,
you can usually tell it into it and use it that way.
And you get a terminal just as you do with SSH or something like that.
But it tends to be only using small doses these days.
And Archer, so I haven't seen you in a long time,
whether people still use it on Unix systems, I don't know.
But it's very much the same as our long-term.
I don't know if they're very much pretty the same thing.
So let's say we're going to discuss some of the basic commands.
Most of these are run from the command line.
There are GUI apps that allow you to use these as well.
The basic commands, SSH, a space, the IP address
or the host name of the server you want to connect to.
DashL, a new username, that on the system you're connecting to.
If it's the same username, then you don't need to provide that.
You can just try that.
And that'll give you a basic shell window where you can
own the other system and you can access it
and don't think you can in that shell for that machine.
You want to specify a port.
So you've changed the port from 22, which was a default.
It's just another dashp on the end of the line.
And specify the port number that you've changed to.
We talked about X forwarding.
We've run the program from your own machine.
And to do that, it's just to simply add in the dash cap at X
to the front of the command.
And that'll forward any application you've tried to run on the other system.
We'll run any GUI application.
We'll run on your system.
And as if you were there.
And of course, the single row command is just pretty much as easy as a default.
It's the same command.
You've got your SSH.
You're in what IP, if you're in what address.
You log in your username or your dashp report.
And the command you want to run.
And it'll just run that command and then come back to your own command line again.
So this is another program within that suite of protocol.
From within that protocol.
SAP is a secure copy to copy your files across from one system to another
through this encrypted connection.
The main reason people tend to use it is to be honest,
FTPs, clunky, it's a little slow, but like HDDP,
it's not quite what you want to be doing.
It can quite often, FTP quite often drops a lot.
More SAP tends to seem a bit more stable.
But it's just a very simple command again.
The SAP space, the file you'll actually want to transfer.
The more servers IP address.
A colon with two dots above each other.
And the directory or you want to place it in the file.
And of course your dash or username or dashp for your ports or whatever.
And so that'll just copy that file over the other system.
And it'll be a result of times like that.
And you can also perform it the other direction by swapping the two values around.
So instead of collecting the remote server in the protocol location,
you use the other way around.
Oh, sorry?
Yeah.
Yeah, you just pull it instead of pushing it for the other way.
All I said, these tools are majoring at the time a lot of people using the command line
and just for quickness of ease.
But there are graphical applications for that.
For people that don't have, they don't really want to use the command line.
One of those is GFDP.
Swamp source.
It's available everywhere.
And it's just a great little program.
It does have to be a lot of different protocols.
One of the protocols that we'll do is SSH.
And it just log in like you would in any other FTP program.
But then you need to use your host name.
You put in your IP address or your host for your connection you were going to make.
You put in the port, your username and password.
And click the drop-down box and change the SSH.
And then click connect.
And it'll come up as if you would do in any other FTP program.
And list all your files.
And you just cut me across.
And you want quick, easy.
And we'll do it.
Let's say someone will have asked us about SSHFS and things.
The commands are still pretty simple.
You SSFS, your remote server,
it's location,
and location you want to store it at.
And so you've got things up there.
One, two, one, six.
This is SSFS.
One, two, you want to say one for storage.
And it's mounted in my folder in the local system,
media storage.
So you just got that folder and act as if it was the same drive
on the desktop or whatever it was.
And it's sitting right there in front of me.
Dead easy news.
Just tunnels kind of look a bit more complicated.
You've got the, you know,
SSH, when we used earlier to connect the system,
and get a log in and log cleanly.
This time we specify the ports we want.
So you type SSH, the port you want to forward to.
Forward from.
The local host, which is the machine you were actually on.
And then the port you want to forward to.
This can be different.
They don't have to be the same.
Unless the remote server you want to connect to.
For example, one, one, two, one, six, eight,
one point, two or something.
And you can add your dash-elf or username or dash-p for your port,
if you want.
And this creates a sort of a peer and it'll disappear.
And what it's created is a create the connection.
And now you do as you point your browser to the proxy,
Fox 5 proxy, and point it to that port on your local machine.
And it'll fire the connection right through to the remote machine.
And you can see your web pages and put your data back in there.
Which is what we would use to secure Wi-Fi on the Wi-Fi network.
So that's basically SSH.
There's more that you can do and there's more tools to help you do that.
And if you want more information, please don't feel,
don't hesitate to contact me.
Does anybody have any questions?
No, a question is sort of, you can use X-forward in cross-platform
so you could forward a line into path,
but some people ask that one of you server,
and you can put forward it to Windows,
but you have to have...
Yeah, but you need the next server on the Windows desktop,
something like the, of course it's called again.
X-Ming, yeah, that's one.
There's two or three open source variations.
X-Ming is one of them.
You can also use Sci-G-Win and install X onto that.
Sci-G-Wins, like...
Basically, we've taken a lot of Windows 2,
a lot of Linux 2s and stuff,
put them all together into...
You've got to turn on SSH and stuff like that.
And you can install, you can install X,
you can install Kiri, no, whatever you want, on a Windows system.
And one more of the things you can do,
you can forward to the X system from that as well.
There are proprietary versions out there,
but we're not going to talk about that.
If you've mounted a father's over at his age,
did you use a standard old man command to...
Don't man it, what do you mean?
No, he needs to use a...
Especially when he needs to use a fuser mind command.
This fuser mind dashed you slash media storage,
as you would have it.
Yeah, man.
But I mean, one of the great things,
I don't know if anyone's discussed this one,
one of the great things I always thought about Linux and the gel.
If you've got a command you're going to use,
and you can't remember what the switch is,
what the bottom is,
or what the command name is for something.
If you type man space in the name of the command,
you'll get a small docking man page,
and the man that's just lists the basic usage,
basic commands in the short script.
It's not something we tend to talk about a lot,
but we really should.
Anyone have any questions?
Go.
Well, thank you all.
Thank you for listening to HACRA Public Radio.
HPR is sponsored by Carol.net,
so head on over to C-A-R-O dot N-E-C for all of her TV.
Thank you.
Reference in New Issue Copy Permalink