r00t2/SSHSecure
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

updating refs, finished key gen buffer

Browse Source
This commit is contained in:
brent s.
2020-09-21 01:43:22 -04:00
parent 382aaffa39
commit b80b823c02
15 changed files with 567 additions and 550 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
README.md
View File

@@ -48,6 +48,9 @@ with much stronger implementations from typical/upstream defaults.
It takes the recommendations from _[Secure Secure Shell](https://stribika.github.io/2015/01/04/secure-secure-shell.html)_ (and perhaps other sources) and automatically applies
them.
Additionally, it anonymizes your key. It uses a comment string by default that provides
no identifying information other than the fact that you are using SSHSecure.
It will create backups of any file(s) it replaces and automatically rolls back `sshd`
configuration changes if it does not pass the syntax check (`sshd -t`) to avoid
accidentally locking you out.
@@ -63,7 +66,21 @@ running already).
## FAQ
### Why a binary?
I originally wrote this as a python script. However, some machines don't have the python interpreter installed and due to the lack of low-level access, I ended up making a lot
of calls to the shell anyways.
I originally wrote this as a python script. However, some machines don't have the python
interpreter installed and due to the lack of low-level access, I ended up making a lot
of calls to the shell anyways.
I wrote it in Golang so the source would be easily read for audit purposes.
I wrote it in Golang so the source would be easily read for auditing purposes.
### How can I contact you?
You can either [file a bug](https://bugs.square-r00t.net/index.php?do=newtask&project=15)
or email me at `bts [at] square-r00t (dot) net`.
### Is there anything from the _Secure Secure Shell_ document that you don't implement?
Yep. No TOR hidden service ("Traffic analysis resistance"). The system should be
sufficiently hardened to prevent you from scans yielding anything useful except noisy
logs, and there's much better options for handling those than running SSH over TOR. It
[isn't the silver bullet you may think it is](https://restoreprivacy.com/tor/). You are,
of course, welcome to turn it up yourself but it is advisable to not run SSHSecure in an
automated fashion in this case as it may revert the changes your `sshd_config`. It'll
try not to, but it may.