howto

Transparent SSH host-jumping (Expert)

26 July 2016

A while ago in the Transparent SSH host-jumping (Advanced) post I described a technique on how one could jump quite effortlessly through a chain of intermediate hosts. However, there was a catch: the user names and ports across the whole chain should be the same and there was no easy way to change that.

Given that I recently paid quite a lot of attention to the ProxyCommand directive I decided to look into the implementation of the helper script that will allow one to tweak parameters for the hosts in the chain.

You can read the original post for the read time 3 min.

Offloaded on ssh

Raspberry Pi 3 toolchain on CentOS 7

22 May 2016

I heard a lot about Raspberry Pi boards but until now I had no need nor time to work with one.

However, recently I purchased a Dodge Journey R/T and found that although I love the car I am so disappointed with its software and hard-wired logic that I decided to experiment a bit and fix the most annoying things.

Since almost everything inside the car is talking over the CAN bus I needed some kind of a enclave inside the car where I could run my code and inject/intercept CAN messages.

I looked around and found that read time 5 min.

Offloaded on linux

Building a firewall? Simple and easy!

22 May 2016

I strive for simplicity since I am a strong believer that achieving a goal with the most simplest solution looks elegant, proves that you have deep knowledge on the subject, and overall is beautiful by itself. Additionally to this, a simple solution is easier to comprehend and to audit, hence it is much easier to ensure the security of such a solution.

Over the last decade I stumbled upon numerous complicated firewalls erected on the NAT boxes with tens (sometimes, hundreds!) of rules describing the traffic flows and punched holes for some edge cases. Every time I wondered what kind read time 7 min.

Offloaded on linux

Transparent SSH host-jumping (Advanced)

In this brief article I am going to describe how I resolved a nagging issue I had with setting up access to hosts which are not directly reachable, but where you need to forward your connection through an intermediate host.

Previously, I was using the local SSH port-forwarding technique (although I was configuring hosts I connect to in the ~/.ssh/config file instead of using the command-line options). However, this approach turned out to be quite inconvenient since every time I wanted to connect to a new host (and, possibly, through a new intermediate host) I had to edit my read time 6 min.