Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "windows ssh"
So I got the job. Here's a story, never let anyone stop you from accomplishing your dreams!
It all started in 2010. Windows just crashed unrecoverably for the 3rd time in two years. Back then I wasn't good with computers yet so we got our tech guy to look at it and he said: "either pay for a windows license again (we nearly spend 1K on licenses already) or try another operating system which is free: Ubuntu. If you don't like it anyways, we can always switch back to Windows!"
Oh well, fair enough, not much to lose, right! So we went with Ubuntu. Within about 2 hours I could find everything. From the software installer to OpenOffice, browsers, email things and so on. Also I already got the basics of the Linux terminal (bash in this case) like ls, cd, mkdir and a few more.
My parents found it very easy to work with as well so we decided to stick with it.
I already started to experiment with some html/css code because the thought of being able to write my own websites was awesome! Within about a week or so I figured out a simple html site.
Then I started to experiment more and more.
After about a year of trial and error (repeat about 1000+ times) I finally got my first Apache server setup on a VirtualBox running Ubuntu server. Damn, it felt awesome to see my own shit working!
From that moment on I continued to try everything I could with Linux because I found the principle that I basically could do everything I wanted (possible with software solutions) without any limitations (like with Windows/Mac) very fucking awesome. I owned the fucking system.
Then, after some years, I got my first shared hosting plan! It was awesome to see my own (with subdomain) website online, functioning very well!
I started to learn stuff like FTP, SSH and so on.
Went on with trial and error for a while and then the thought occured to me: what if I'd have a little server ONLINE which I could use myself to experiment around?
First rented VPS was there! Couldn't get enough of it and kept experimenting with server thingies, linux in general aaand so on.
Started learning about rsa key based login, firewalls (iptables), brute force prevention (fail2ban), vhosts (apache2 still), SSL (damn this was an interesting one, how the fuck do you do this yourself?!), PHP and many other things.
Then, after a while, the thought came to mind: what if I'd have a dedicated server!?!?!?!
I ordered my first fucking dedicated server. Damn, this was awesome! Already knew some stuff about defending myself from brute force bots and so on so it went pretty well.
Finally made the jump to NginX and CentOS!
Made multiple VPS's for shitloads of purposes and just to learn. Started working with reverse proxies (nginx), proxy servers, SSL for everything (because fuck basic http WITHOUT SSL), vhosts and so on.
Started with simple, one screen linux setup with ubuntu 10.04.
Running a five monitor setup now with many distro's, running about 20 servers with proxies/nginx/apache2/multiple db engines, as much security as I can integrate and this fucking passion just got me my first Linux job!
It's not just an operating system for me, it's a way of life. And with that I don't just mean the operating system, but also the idea behind it :).20
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜
Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.
First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.
Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.
Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.
Dealing with attacks and getting hacked.
Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.
linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)
How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!
One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)
Dealing with different kinds of attacks:
Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.
So yah, hereby :P38
To people who don't know how to use Linux: Just because I use nano instead of gedit or any other GUI text editor does not mean I'm showing off. Why can't you understand that ssh-ing into a server and opening a file in the terminal itself to edit three lines of configuration is much easier than opening FileZilla, connecting, downloading the file, making the changes and uploading it again. It's fine if you want to do it that way. But please don't judge me for doing it my way.
To people who are good with Linux: Can you please stop suggesting me to use vim instead, EVERY FUCKING TIME? I know it's more powerful, but I haven't been using Linux enough to have surpassed it's learning curve. Plus I google up how to use it and do use it when I have the need. Please let me be?
To people who tell me to use Windows for everything: Go suck a fat dick, you uncultured morons.10
Windows 10 Native SSH client inside CMD is crazy nice, no more putty... given its a windows feature and all!
(Hidden in additional features if any one is interested, will need a reboot to work)17
Worst WTF dev experience? The login process from hell to a well-fortified dev environment at a client's site.
I assume a noob admin found a list of security tips and just went like "all of the above!".
You boot a Linux VM, necessary to connect to their VPN. Why necessary? Because 1) their VPN is so restrictive it has no internet access 2) the VPN connection prevents *your local PC* from accessing the internet as well. Coworkers have been seen bringing in their private laptops just to be able to google stuff.
So you connect via Cisco AnyConnect proprietary bullshit. A standard VPN client won't work. Their system sends you a one-time key via SMS as your password.
Once on their VPN, you start a remote desktop session to their internal "hopping server", which is a Windows server. After logging in with your Windows user credentials, you start a Windows Remote Desktop session *on that hopping server* to *another* Windows server, where you login with yet another set of Windows user credentials. For all these logins you have 30 seconds, otherwise back to step 1.
On that server you open a browser to access their JIRA, GitLab, etc or SSH into the actual dev machines - which AGAIN need yet another set of credentials.
So in total: VM -> VPN + RDP inside VM -> RDP #2 -> Browser/SSH/... -> Final system to work on
Input lag of one to multiple seconds. It was fucking unusable.
Now, the servers were very disconnect-happy to prevent anything "fishy" going on. Sitting at my desk at my company, connected to my company's wifi, was apparently fishy enough to kick me out every 5 to 20 minutes. And that meant starting from step 1 inside the VM again. So, never forget to plugin your network cable.
There's a special place in hell for this admin. And if there isn't, I'll PERSONALLY make the devil create one. Even now that I'm not even working on this any more.9
*tries to SSH into my laptop to see how that third kernel compilation attempt went*
… From my Windows box.
Windows: aah nope.
"Oh God maybe the bloody HP thing overheated again"
*takes laptop from beneath the desk indent*
… Logs in perfectly. What the hell... Maybe it's SSH service went down?
$ systemctl status sshd
> active (running)
Well.. okay. Can I log in from my phone?
*fires up Termux*
*logs in just fine*
What the fuck... Literally just now I added the laptop's ECDSA key into the WSL known_hosts by trying to log into it, so it can't be blocked by that shitty firewall (come to think of it, did I disable that featureful piece of junk yet? A NAT router * takes care of that shit just fine Redmond certified mofos).. so what is it again.. yet another one of those fucking WanBLowS features?!!
condor@desktop $ nc -vz 192.168.10.30 22
Connection to 192.168.10.30 22 port [tcp/ssh] succeeded!
ARE YOU FUCKING FOR REAL?!
Fucking Heisen-feature-infested piece of garbage!!! Good for gaming and that's fucking it!
Edit: (*) this assumes that your internal network doesn't have any untrusted hosts. Public networks or home networks from regular users that don't audit their hosts all the time might very well need a firewall to be present on the host itself as well.17
Win10 shell has ssh? Oh boi, let's try that out.
> help ssh
This command is not supported by the help utility. Try "ssh/?".
> ssh /?
ssh: Could not resolve hostname /?: Name or service not known.
Today I needed to check something in a remote server: this was the easiest way:
1: teamviewer to my home pc from university
2: started a vm on that machine with vpn connection to my work office
3: rdp to a windows server vm
4: ssh to a vm on our hosting cluster
5: from there, ssh to the server that I needed access to7
cw: I need a server to put my node backend
me: sure, I'll run a docker container for you
cw: nice, I've never worked with docker but I learn quickly, I'm already reading the Docker file docs
me: no wait, you don't need to learn anything, you'll be inside the container, so you only need an ssh connection and that's it
cw: this Dockerfile stuff is really complicated, it'll take me a while, but it's ok you don't have to worry, I like learning new things
me: you won't need that, just imagine it's a cloud server with Ubuntu installed, you only have to use it, I'll put node, git and ssh there for you
cw: ok got it, I'll have to learn the commands to run the docker, I'm on windows but I can use PowerShell and stuff I'll figure it out
cw: ssh is a linux command right? does it have a push or publish option? how do you upload files there
me: ...you can use a ftp client but you'll need ssh to run the node server
cw: ok, I'm almost done with the Dockerfile, I only need to add git and nodejs, I'm starting to understand this thing...
me thinking: yeah keep doing that, you're such a crack, such a quick learner...
This son of a bitch is either a retard or is doing it on purpose and laughing at me the whole time, making my life so miserable, but I'm about to go insane with this dude, I'm proud of how I've been able to control myself, BUT ONE OF THESE DAYS I'LL LOSE MY COOL AND FORCE THIS MOTHERFUCKER TO DRINK A BIG POT OF BOILING, SALTY AND STINKING VOMIT WITH A SIDE OF STEAMING DIARRHEAL GREEN DOG SHIT WITH WHITE CHOCOLATE CHIPS WHILE I PUT MY OLD CRT MONITOR TO GOOD USE BY BEATING HIS FUCKING HEAD WITH IT!!!3
So my previous alma mater's IT servers are really hacked easily. They run mostly in Microsoft Windows Server and Active Directory and only the gateway runs in Linux. When I checked the stationed IT's computer he was having problems which I think was another intrusion.
I asked the guy if I can get root access on the Gateway server. He was hesitant at first but I told him I worked with a local Linux server before. He jested, sent me to the server room with his supervision. He gave me the credentials and told me "10 minutes".
What I did?
I just installed fail2ban, iptables, and basically blocked those IP ranges used by the attacker. The attack quickly subsided.
Later we found out it was a local attack and the attacker was brute forcing the SSH port. We triaged it to one kid in the lobby who was doing the brute forcing connected in the lobby WiFi. Turns out he was a script kiddie and has no knowledge I was tracking his attacks via fail2ban logs.
Moral of lesson: make sure your IT secures everything in place.1
My school just tried to hinder my revision for finals now. They've denied me access just today of SSHing into my home computer. Vim & a filesystem is soo much better than pen and paper.
So I went up to the sysadmin about this. His response: "We're not allowing it any more". That's it - no reason. Now let's just hope that the sysadmin was dumb enough to only block port 22, not my IP address, so I can just pick another port to expose at home. To be honest, I was surprised that he even knew what SSH was. I mean, sure, they're hired as sysadmins, so they should probably know that stuff, but the sysadmins in my school are fucking brain dead.
For one, they used to block Google, and every other HTTPS site on their WiFi network because of an invalid certificate. Now it's even more difficult to access google as you need to know the proxy settings.
They switched over to forcing me to remote desktop to access my files at home, instead of the old, faster, better shared web folder (Windows server 2012 please help).
But the worst of it includes apparently having no password on their SQL server, STORING FUCKING PASSWORDS IN PLAIN TEXT allowing someone to hijack my session, and just leaving a file unprotected with a shit load of people's names, parents, and home addresses. That's some super sketchy illegal shit.
So if you sysadmins happen to be reading this on devRant, INSTEAD OF WASTING YOUR FUCKING TIME BLOCKING MORE WEBSITES THAN THEIR ARE LIVING HUMANS, HOW ABOUT TRY UPPING YOUR SECURITY, PASSWORDS LIKE "", "", and "gryph0n" ARE SHIT - MAKE IT BETTER SO US STUDENTS CAN ACTUALLY BROWSE MORE FREELY - I THINK I WANT TO PASS, NOT HAVE EVERY OTHER THING BLOCKED.
Thankfully I'm leaving this school in 3 weeks after my last exam. Sure, I could stay on with this "highly reputable" school, but I don't want to be fucking lied to about computer studies, I don't want to have to workaround your shitty methods of blocking. As far as I can tell, half of the reputation is from cheating. The students and sysadmins shouldn't have to have an arms race between circumventing restrictions and blocking those circumventions. Just make your shit work for once.
**On second thought, actually keep it like that. Most of the people I see in the school are c***s anyway - they deserve to have half of everything they try to do censored. I won't be around to care soon.**2
One of those things that put a smile on my face happened today.
I (like many devs) am fond of Linux. So I use Linux on everything.
I'm currently doing an internship abroad in Finland(Linus Torvald's country!) for my college.
So there is this Finnish student who uses Linux. And after a while he asked what I was using so I told him that I'm running linux(arch+i3 like all the cool kids).
So one day he was like; But can you game on Linux?
I was like, yeah sure, might not work as well as Windows but some games run native and some can be emulated through wine. He was like; Hmm maybe I'll try it out.
So he installed Linux mint on his laptop and came to work. I was rather proud (even though he installed the bastard child of Debian and Ubuntu).
So far I've helped him set up streaming games from his pc to Linux and port forwarding.
But then came the big boy. Since I always try to teach him some stuff since they don't teach him a lot at his school.
He asked me if I could help him set up a plex streaming server on Linux.
So we took an old computer and installed Ubuntu Server(Lot's of information for it).
Installed and configured plex server, qtbittorrent-knox and all kind of goodies.
I started showing him how to use ssh, how the rights system works, etc.
It broke my heart a little that he want to be able to teamviewer in it.(since it's running openSSH daemon)
So he installed Ubuntu's desktop ontop of it as well as teamviewer.
It ran slow as hell because the PC has an old crummy core2duo and ddr2 2gb of ram. It chokes when multitasking.
So seeing that as well as telling him everything that can be done with a GUI can be done in CLI.
I saw the lightbulb lighting up. He gets it now. He understand the power of Linux.
That just made me smile all the way home.1
So... We have a "network admin" who manages our network and the servers (windows) and I manage the Linux servers... He is having a real hard time to understand that the servers have no password but use ssh-keys to login and keep asking me for the credential to have them somewhere in case "something happens" like I quit or die...2
Who says Windows is useless....
Running a python script to swap wifi networks, auto connect to VPN servers, run SSH commands and SFTP files to servers, downloading numerous files, sifting through outlook for emails, running excel macros for data cleansing, cell merging and formulas all at the click of a button 😱
Oh yea.. this is all 1 task that I never have to do again😂
Windows is useless for development you say? 🤔3
I finally fucking made it!
Or well, I had a thorough kick in my behind and things kinda fell into place in the end :-D
I dropped out of my non-tech education way too late and almost a decade ago. While I was busy nagging myself about shit, a friend of mine got me an interview for a tech support position and I nailed it, I've been messing with computers since '95 so it comes easy.
For a while I just went with it, started feeling better about myself, moved up from part time to semi to full time, started getting responsibilities. During my time I have had responsibility for every piece of hardware or software we had to deal with. I brushed up documentation, streamlined processes, handled big projects and then passed it on to 'juniors' - people pass through support departments fast I guess.
Anyway, I picked up rexx, PowerShell and brushed up on bash and windows shell scripting so when it felt like there wasn't much left I wanted to optimize that I could easily do with scripting I asked my boss for a programming course and free hands to use it to optimize workflows.
So after talking to programmer friends, you guys and doing some research I settled on C# for it's broad application spectrum and ease of entry.
Some years have passed since. A colleague and I built an application to act as portal for optimizations and went on to automate AD management, varius ssh/ftp jobs and backend jobs with high manual failure rate, hell, towards the end I turned in a hobby project that earned myself in 10 times in saved hours across the organization. I felt pretty good about my skills and decided I'd start looking for something with some more challenge.
A year passed with not much action, in part because I got comfy and didn't send out many applications. Then budget cuts happened half a year ago and our Branch's IT got cut bad - myself included.
I got an outplacement thing with some consultant firm as part of the goodbye package and that was just hold - got control of my CV, hit LinkedIn and got absolutely swarmed by recruiters and companies looking for developers!
So here I am today, working on an AspX webapp with C# backend, living the hell of a codebase left behind by someone with no wish to document or follow any kind of coding standards and you know what? I absolutely fucking love it!
So if you're out there and in doubt, do some competence mapping, find a nice CV template, update your LinkedIn - lots of sources for that available and go search, the truth is out there!
Internship Company employee: Hey, we need 600 images uploaded to a wordpress site, you'll have to do that for me.
Me: Alrightyy, can you give me some FTP or SSH access or something?
Employee: Nope, not allowed to.
Me: Uhm, I could write a shell script and run it?
Employee: The server is windows....
Me: Mother of god, I'll have to do it manually then?
Employee: You could ask John (my technical guider, not his real name) if you can borrow some fellow interns!
Me: *walks to John* Hey man, can I borrow some interns?
John: What for?
Me: Manually uploading 600 images to posts :).
Interns: *looking at me with a deadly view*
The fact that windows doesn't come bundled with a fucking SSH CLI client really pisses me off and I don't know why... Just let me be angry20
I once had to deal with GoDaddy customer support telling me their servers only support putty for SSH.
Well, fuck you! I use Linux and I SSH with a single command in terminal, no doubt putty is great but get your senses straight that putty is not the only way to SSH when you are being customer support for a tech company, don't just fucking recite a phrase list. Besides, they should understand Windows with putty is not the only way to SSH into servers, juicessh via Android, openssh via Linux, etc...
*btw, before you all rant about me buying from GoDaddy, I was lead dev for a startup few years back and they had already bought it from GoDaddy. Ofcourse they also provide free offers along with an order, which often includes email addresses, annoying support, gut-wrenching quality of service access...1
I am a Windows user and have been using Mac for last 3 years. I knew SSH for a while, but used it just to connect servers when no other options were available.
Today I just found that I can connect to my Mac from my Android phone using SSH and can run any command I want. I am now running builds and deploying code from my phone since then.
I don't know why I am feeling this happy 😁1
Microsoft owns github
Microsoft owns windows
Microsoft owns powershell
Why then, why exactly, is it so fucking hard to get ssh private keys for github, up and running on windows powershell.
I tried to change permissions on files but then it broke the git-bash implementation 😭.
Fuck it !! 😭😭9
I’m fairly new to maintaining my own webservers. For the past week the servers (two of them) kept crashing constantly.
After some investigation I figured it was due to someone running a script trying to get ssh access.
I learned about fail2ban, DOS and DDOS attacks and had quite a fight configuring it all since I had 20 seconds on average between the server shutdowns and had to use those 20 second windows to configure fail2ban bit by bit.
Finally after a few hours it was up and running on both servers and recognized 380 individual IPs spamming random e-mail / password combos.
I fet relieved seeing that it all stopped right after fail2ban installation and thought I was safe now and went to sleep.
I wake up this morning to another e-mail stating that pinging my server failed once again.
I go back to the logs, worried that the attack became more sophisticated or whatever only to see that the 06:25 cronjob is causing another fucking crash. I can’t figure out why.
Fuck this shit. I’m setting another cronjob to restart this son of a bitch at 06:30.
I am so mad, I have no words for how fucking much I hate ever having to work or pass work to other incompetent developers or teams, what a fucking waste of time and resources.
After handing off the frontend - for the client to find some team, that would do it in the short time and budget he needs (multiple developers, more fast, much good), he found a team that seemed to be alright for the job and seemed alright to me too, now maybe a month or two later, the client contacts me, that they fucked something up and if I could talk to them.
The email I then received from them seriously made me speechles, mad and sad, all at same time, I spent multiple upon multiple hours, getting a very good readable documentation up (markdown with TOC, properly rendered headers, bulletpoints, all that shit), with all files, all services used, all credentials, even converted all ssh keys into putty ppk format, in case the developers are using windows and are too dumb to do it themselves, nginx configs, it had seriously everything, even too much to list.
They somehow managed to fuck up the entire server, while attempting to "add ssh keys themselves", EVEN FUCKING THOUGH I have included all the keys they need, all the hosting credentials, everything, yet they decided to fuck with shit themselves and completely annihilate the server in the process (HOW?!), so not even the webserver works anymore.
I am fucking speechless, I made it so fucking easy to gather all info and files they need, all properly put into well named folders, along the documentation in an archive and they somehow managed to nuke the fucking server, while attempting to add ssh keys?!
If you don't know how to config a server, then don't fucking touch it and just use everything, that got served to you on a fucking silver platter.
I'll just instantly answer the most annoying comment, that somebody could come up with: "why didn't you do it yourself?"
Because in a perfect world, a fully managed team, can do much more than a single developer can, especially in the same timeframe and from what I heard of said client, atleast they did something in terms of developing the system. (which surprises me, considering it's the same people that nuked a server, while trying to add ssh keys)5
My friend who constantly keeps messaging me to switch to windows:
WINDOWS GRAPHICS IS BETTER THAN UR LOONIX HEHEHE FUCC UR OPINION LMAO
le me: can ssh to my linux machine from anywhere and it can handle over 1000 users simultaneously and if one Xorg client on the main machine dies, we can just close it and open another. while their windows' whole graphics crashes if there's too much load on their graphics. We even played minecraft on the main machine lol, while other devs were connected to it.12
I used to be a sysadmin, which meant I was in charge of quarterly server patching. My team managed about 2500 servers, running various flavors of linux and legacy unix. The vast majority(95% or more) ran Linux(SLES). Our maintenance window was always in the overnight-- 10pm to 6am --so the stroke of 10pm would be a massive cascade of patching commands sent to hundreds of servers.
Before I was brought into the process, it made use of the automation product we were tasked by mgmt to use: Bigfix. It's a real piece of shit. Though we had 2500 or so servers, this environment was dominated by windows. All our vcenter servers ran it, and more importantly, our bigfix nodes were all windows machines. That meant that while we're trying to patch, the bigfix servers would get patched by the windows team. This would cause lots of failed and timed out patching, because the windows admins never quite understood that taking down the automation infrastructure would cause problems.
As such, I got tired of depending on a bunch of button-pushing checkbox-clickers who didn't know shit about shit, so I started writing an ssh-wrapped patching system. By the time I left for my current job, patching had been reduced to a single command to initiate each group's patching and reboots, and an easy check to see when servers come back up. So usually, the way it worked out was that I would send patching orders to 750 machines or so, and within about 5 minutes, they would all be done patching, and within another 20 minutes all the ones that required rebooting but about 5 would be done rebooting.
The "all-nighter" which happened every time was waiting for oracle servers to run timed fscks against a dozen or so large filesystems per server, because they were all on ext3/4, which eats complete shit. Then, several hours later, as they finished, I would have to call the DBAs to tell them to validate their shitty servers.3
I used to be in an infrastructure maintenance team, and I worked with an old guy. We had a jump box we all used. This guy would work weekend maintenance windows and still be trying to get changes done at 7am, three hours after the end of the window. He was glacially slow. I remember watching him login to a prod weblogic server. He would open the Windows start menu, move his fucking mouse through two or three submenus, and finally click putty. Then, he would type out the FQDN of the jump server, and move his mouse to the connect/ok button. Then it would prompt him for his username and password, both of which took him about 90 seconds to single-finger type. Then, once loved into the jump box, he would then type ssh email@example.com, rather than copying and pasting the server name.
It took him fully five minutes to get logged into the weblogic server. I could not take it. It would have taken me about ten seconds.
Today, in the course of my job, I said...
FFS. I HATE WINDOWS.
It has begun.
Took me five minutes to ssh into the Linux EC2 and get the Jenkins agent installed, configured, and running. Half a fucking hour for Windows Server 2012.
1) Can't ssh to it, so I connect via AWS console... Which means I have to install MS Remote Desktop. WHATEVER. FINE. It's not like ssh is quick and easy or anything.
2) Can't just use the command line, run the .jar &, cntl-z, and bg then log off. Noooo. I have to install the unpacked binaries as a fucking SERVICE. FINE. WHATEVER.
I'm so glad we have a Windows guy that does most of this shit. I can't stand it.1
Am I the only developer in existence who's ever dealt with Git on Windows? What a colossal train wreck.
1. Authentication. Since there is no ssh key/git url support on Windows, you have to retype your git credentials Every Stinking Time you push. I thought Git Credential Manager was supposed to save your credentials? And this was impossible over SSH (see below). The previous developer had used an http git URL with his username and password baked in for authentication. I thought that was a horrific idea so I eventually figured out how to use a Bitbucket App password.
2. Permissions errors
In order to commit and push updates, I have to run Git for Windows as Administrator.
3. No SSH for easy git access
Here's where I confess that this is a Windows Server machine running as some form of production. Please don't slaughter me! I am not the server admin.
So, I convinced the server guy to find and install some sort of ssh service for Windows just for the off times we have to make a hot fix in production. (Don't ask, but more common than it should be.)
Sadly, this ssh access is totally useless as the git colors are all messed up, the line wrap length and window size are just weird (seems about 60 characters wide by 25 lines tall) and worse of all I can't commit/push in git via ssh because Permissions. Extremely aggravating.
4. Git on Windows hangs open and locks the index file
Finally, we manage to have Git for Windows hang quite frequently and lock the git index file, meaning that we can't do anything in git (commit, push, pull) without manually quitting these processes from task manager, then browsing to the directory and deleting the .git/index.lock file.
Putting this all together, here's the process for a pull on this production server:
Launch a VNC session to the server. Close multiple popups from different services. Ask Windows to please not "restart to install updates". Launch git for Windows. Run a git pull. If the commits to be pulled involve deleting files, the pull will fail with a permissions error. Realize you forgot to launch as Administrator. Depending on how many files were deleted in the last update, you may need to quit the application and force close the process rather than answer "n" for every "would you like to try again?" file. Relaunch Git as Administrator. Run Git pull. Finally everything works.
At this point, I'd be grateful for any tips, appreciate any sympathy, and understand any hatred. Windows Server is bad. Git on Windows is bad.10
Here at the client site everyone uses Windows 7, since this is not an IT firm. They make jewellery. So I don't blame them.
The problem is their in house dev team are also forced to use Windows.
Today someone from their dev team was with me for a new project. Their senior guy sent us a mail mentioning that the project code is on AWS EC2 instance and we will have to SSH to see it.
I checked the code on my MacBook with SSH and copied it to local using SCP. The dev guy was seeing it in amazement. I asked, what's it?
He just asked, "You don't have to use PUTTY" 😮
I smirked 😏3
FINALLY, all my dreams have come true, now I can totally say I don't really miss Linux all that much (although I work with Linux all the time, as all my VMs are on Ubuntu).
Obviously, Microsoft has a port of the ssh client and server on windows.28
F**king hate Windows for its insanely confusing proxy setup required for software development...
> Setup proxy in Windows network settings
> Then, setup HTTP_PROXY & HTTPS_PROXY environment variable at the system/user level.
> Followed by separate proxy settings for java, maven, docker, git, npm, bower, jspm, eclipse, VS Code, every damn IDE/Editor which downloads plugins...
> On top of everything, find out the domains which does not need to go through proxy and add them to NO_PROXY.. at each level..
> It does not end here. Sometimes, I need to setup proxy for SSH connections... like, if I have to use git with SSH and not HTTP/S... Uhhh....
More than half of the problems me and my dev team face is related to setting the right proxy. Why can't it be like, set in one place and everything picks up from there, like in any linux machine or for God's sake, a Mac ?
Worst of all is, my org uses a configuration script, which resolves into a list of proxy servers, from which one of them will be used. So, I need to download that script, find out which is the right proxy server and then, use it in all the aforesaid places... WTH ?????
Is this a common workplace problem for all developers ??? Will this be solved by Windows Subsystem for Linux ???9
Warning long rambling story cause sleep deprivation
I never really bothered with ssh outside of using putty to remote into my servers and rpi's from my desktop to run updates, install something, or whatever else.
But today I was on a call with my cousin bored cause she was just rambling, so I opened vscode to clean my install of unnecessary extensions I installed and haven't used more than once or twice.
I saw Remote - SSH and as I was bored listening to a teenager complain about high school just like I used to (lol) and responding when she asked me something. I scrolled through the page, then the documentation just casually skimming the text
I setup an ssh key on an rpi I threw manjaro arm following the instructions on their tips and tricks page
I then moved the key to my desktop using winscp (cause lazy)
leading to having a minor hicup of rsa not being an accepted keytype (thanks 'your favorite search engine' for the help)
Finally, I was able to connect using the private key
at this point my cousin went to bed cause she has school tomorrow. But I was still doing stuff with ssh, I created a new ssh connection in VSCode, but had to go to the documentation to figure out how to make it use my fancy new key file, not hard took 30 seconds of looking to get it working.
Now that I was in, I moved to my development folder, created a folder for PiHole, created a compose yml, created a pihole-data folder.
I opened the yml and pasted in a compose from dockerhub.
at this point I thought 'i can't just run this from terminal can I'. and Obviously it worked cause there's literally no reason it wouldn't I'm just stupid to think it might not.
So I created folders and files on a remote system, launched a docker container, checked for package updates after on a linux machine. All from VS-Code on a windows machine.
I know this is simple for some people, i know some people are like 'where's the interesting part'. but ehhh I thought it was cool to get it setup, I now really regret not getting into ssh sooner, and I'm definitely going to uninstall vscode on all my smaller graphical VM's in favor of doing this. and this will definitely help with my headless vm's.
I also will have to thank my cousin, might not have done this if I wasn't stuck at my computer on messenger call with her lol
I'm gonna go to bed now, But I feel accomplished for the first time in a while even if it's for something so simple as setting up anssh key for the first time3
Tried the "Ubuntu Bash on Windows" feature today. After restarting the computer for about 300 times (needed to install the whole anniversary update too) i could finally use the bash, resulting in crashing after the 3rd command being entered.
Simply creating a symlink (Windows ssh folder to the home folder) brought it down to it's knees, resulting in being unable to restart the whole thing at all.
Gladly I was able to restart the computer again for about 300 times (it's a windows feature, reinstalling is again a restart parade).
As it worked by then I noticed, that the mounted windows ssh folder contains files with 777 permissions, which you can't change and are thus unusable by the ssh command.
So long story short, today I was able to look at my computer being restart ~600 times for one hour with the result that I'm still sticking to Babun (and sometimes Putty)7
There was this time I had to help a friend of a friend. He was like "Hey, can you help me with some server stuff."
(*Proceeds to give me a remote desktop connection to a windows server with a Ubuntu VM*)
Looks like my new years resolution is to be more controversial.
I realize that all the OSes can easily have 10s with the correct setup, however that wouldn't be much fun.
Bit of background:
After I almost threw a Windows pc against the wall for not being able to ssh from the cmd after I had already spent ages trying to install something, which was one command on the Linux and Mac terminal, I thought about the differences between the 3. Then, when a friend of mine (who has used Linux for many years) spent many hours trying to connect a pair of headphones to his Linux computer, I decided to make this graph to spark a debate and hear your opinions.8
I decided to format party my desktop since I'm working at home every day (got a 1TB ssd to replace 150gb OS drive).
First fresh Windows install in 4 years. I had forgotten how much fuckery windows puts you through to do some basic things. I can imagine being a newbie hobbiest programmer and having to go through this stuff?
So I just embarrassingly spent 15 minutes reading and troubleshooting why you can't run a python script inside of powershell. PS just blips for a moment leaving you wondering if the script executed. So I created a test script to use a logging file handler to see if it actually ran. No.
Turns out you have to register the .py extension by appending it to your PATHEXT environment variable. Before that I was going to add it to the PS profile, but realized it takes more than a quick moment to find out which scope of PS profile is appropriate to create, and on top of that, you have to enable script execution in PS (which I recall is easy, but didn't do yet).
Tangentially, I solved an ssh issue days ago. I would tell you what it was, but I seem to have mentally blocked it due to trauma.
For real Microsoft. Yes powershell has some great advancements--my friends say so.
But this needlessly nuanced bullshit needs a little attention from you guys to save the world a shitload of time. I can only imagine what it's like for non-tech savvy people trying to learn to program and having to face this stuff.
I still haven't solved the color scheme stupidity of powershell. This is 2020 ffs. Yet seems there's no clean or intuitive way to do it.
Other issues omitted for 'brevity'26
Well well well.
Since we are working from home for the past 4 months, I finally decided to install a Microsoft SQL server on my home server. (Mostly was using Azure)
My server is running Windows Server 2012 R2.
Tried installing SQL 2019 : fail, 2016 : Fail, 2012 : Fail. Some obscure message about some DLLs not being at right version. (And a warning that it is no recommended to install SQL server on domain controller, but I know, it is my home setup, not roduction)
“Ok fine, I’ll install it on my PC instead”. Windows 10 PC. NOPE. “Cannot install on a compressed drive”. Welp, wtf ? (Of course you cannot select destination install folder, I could’ve put it on another drive).
So here I am. Working 100% on Windows, installed Ubuntu server 20 LTS in Hyper-V, Installed Microsoft SQL server on it (BTW, install is very easy compared to windows). And that shit is working. And new “Terminal” app does support SSH out of box, no need to add Putty !
So as a Windows user, I needed Linux to make Microsoft SQL techno work.
Nothing will ever surprise me anymore. (BTW it’s fucking fast. I like SQL server on Linux)2
Pretty excited today! A buddy of mine wants to try getting into linux, he's mostly done Windows IT Helpdesk and some light Windows SysAdmin work but the company he works for is garbage and he wants/needs a change of pace. He's grabbing himself a raspberry pi 4 model B to use as his learning test bed. I'm grabbing one today or tomorrow so I can help him however I can to try and help get him comfortable with Linux so he can try to escape the hellhole that is his workplace. (I used to work there too, so you can trust me when I say it's fucking shite!)
Gonna start slow and easy and have him get comfortable with the terminal and ssh-ing in using keypairs.
Fuck yeah!!! I'm so excited for him.
He's wanted to get into linux for the last year or so but something at work would always happen to make him comfortable with his job again, like fuckface mcgee would finally get fired. And my dude would be like, "Okay, it's not all bad here, I'll stick it out a bit longer." Then they would just teplace fuckface mcgee with dipshit cockmouth and he'd fall back into a depression about working there. They finally put the final nail in the coffin recently and I think he's really motivated to do whatever he can to GTFO of there this time.
When I thought things couldn't get crazier that my vmware to win chrome mess.....
Doing an upgrade today when I have to VPN in from my mac to access a Web based secret server to get onto another VPN so I can RDP onto a Windows bastion host to then RDP to client windows servers within the RDP and from those hosts need to use putty to ssh into Linux servers to do the admin activities......
Now I'm obviously all for security but seriously VPN to RDP to RDP to ssh is just a bit mental......
But all of the SSL certs between each env is self signed anyhow......2
Switching from Linux to Windows on my personal production server... because sometimes logging into RDP is so much easier than SSH.3
Why is my the fingerprint for my public ssh-key seen not as a sha256-fingerprint?
Does anyone else here use PuTTY to SSH into a linux server and then create a tunnel into a Windows PC on that local network for remote desktop to pass through.6
I've created instructions for myself the next time I encounter cpanel.
rallen@rallen ~ $ cheat cpanel
#SSH'ing into the fucking cpanel
#Figure out combination of 5 usernames and passwords given by client to log in.
#Pray that WHM isn't involved.
#Ignore several ssl warnings and cancel several .htaccess password prompts.
#Call in to enable that shit.
#Wait no less than 15 minutes on hold.
#Create public private key pair.
#Notice the ppk conversion for windows 'devs'. Sigh.
#Copy key pair to ~/.ssh/
#chmod that shit to 600.
#Note for the user name it's not anything the clients given you or what you've named the key. Look in the cpanel for the /home/<user> directory.
ssh -i ~/.ssh/key <user>@<dedicatedip>
After doubting Deepin OS for 4 days and slangs to Windows, it turns out, ISP is blocking the port 22, which is why I was not able to communicate to my instance through SSH.
One of the major Cellular company and Fastest 4G in the whole country, 'Idea', is blocking the vital port 22. The same company promoted it's Internet service through chain of adv. calling it's Cellular Internet network, "Idea Internet Network (IIN)". Only to make it sound like IIT, IIMs ( elite indian colleges). Check on YouTube, IIN, if available3
Linux is great
Linux can be customized
Welp, not so much. Simple things are not possible to do.
After 1H research I can't have timestamp near each line over SSH.
I'm not talking "history", i'm talking live.
basiclly I want to see timestamp on every single output line.
Basiclly this :
But running automaticly for each command ever.
To be fair, same problem exists in PowerShell on windows
And no, I don;'t want to switch to some random halfbaked teminal.32
I use qemu/KVM on Linux. I love being able to do basically all VM operations with commands. So when I need to use my Windows VM(ie: connect to a WebEx), I pop it on with an integration I wrote for my keyboard launcher(mutate), or just execute an alias over SSH, and connect via VNC. When I'm done, I just shit it down. At this point, Windows has been reduced to just a windowed program that I run.8
It seems like now I can ssh into a Windows machine and use the glorious cmd!
- no (gnu/)linux user1
Recent VM/Emulation Adventures:
The goal was to get TCP/IP and SSH running on whatever weird VM/emulated machine, and connect to the chatroom at chat.tcp.direct successfully.
Longhorn, somewhere late pre-reset: Crashes right after installer begins "Starting Windows", 0x7b from sum-match ISO. Fail.
TempleOS (well, Shrine, but y'know): Dear god. No. No, I am not writing SSH in HolyC myself *fuck that,* fail.
Slackware: oh ffs i gotta use fdisk to partition this damn thing? and it's not even the good fdisk? Oh, wait... it hangs. Fail.
WinME: shockingly, was *fairly* stable... until it hung up WASAPI and the hypervisor two frames into desktop rendering. Fail.
Mac OS 7: First-boot after install, immediate unknown trap. Just works, eh? Fail.
Amiga: After about 85 resets and 7 hours of constant fighting with WinUAE, I finally got TCP/IP working. (Required 10MB of total RAM and an FPU to connect.) Success!
Win98FE: just... PuTTY and done. Easy. (This was the warmup.) Success...
Other people's achievements so far:
- Minecraft using the new QEMU interface mod thing.
- Hacked smart fridge.
- iPhone, from custom initramfs.6
The new windows subsystem for Linux might severely slow compilation time for me.
Microsoft is releasing a preview of WSL 2 which works fundamentally different to WSL 1, which I currently use.
For those who don't know, WSL (or Windows Subsystem for Linux) used to be a compatibility layer, which "translated" Linux syscalls to Windows syscalls. This enables the execution of Linux applications on Windows. The new WSL (WSL 2) doesn't do any of that, instead, it is a highly optimised Virtual Machine.
So don't get me wrong from a performance point of view there is no Issue, RAM and CPU usage is truly astonishingly small and performance of Linux applications is much improved over WSL 1.
BUT, apparently, accessing files stored on Windows through Linux is now piss slow.
Great, truly outstanding.
Why is this a problem? Well, I use WSL to develop c++ Linux applications using CLion, the way this works is that you set up an ssh server in WSL, which CLion uses to do compilations.
One _needs_ to have the project files stored on Windows as otherwise CLion on Windows can't access them.
If I wanted a Linux VM I would have installed one.
The only way I can edit Puppet config files is by git. And the only way I can git pull/push/commit/etc is generating a ssh key with a private key and give my public key to my supervisor to the git server (wherever that may be).
Because I'm on Windows 10 and screwed up my installers, I completely forgot to backup my ssh keys before resetting it. FML2
Making a hard switch to ubuntu on my desktop at home. Getting just a teeny tiny, tad, bit: absolutely fucking livid....
Trying to learn ansible, vagrant, and docker more in depth for both work and my personal projects. All that I’ve been doing is just spinning my wheels trying to figure out the stupid fuck-mothering quirks with running this shit on Windows. Yes you absolutely can use all of these tools on a Windows box. There’s plenty of ports, patches, and workarounds. But I have spent all day trying to build a few vagrant boxes and use ansible to set them up. Simple LAMP stack boxes on CentOS7. Nothing major... unfortunately I spent like 90-110 minutes trying to figure out why virtualbox wouldn’t run properly. Dumbass me forgot that I installed Hyper-V ages ago.
O...K.... whelp... hyperv provider it is...
Luckily it only took about 15 minutes to determine that Hyperv’s networking can’t be setup from vagrant because vagrant doesn’t know how to interact with the hyperv - vswitch. So networking config is ignored and all VMs run on default switch (NAT) which is annoying but workable.
Ran into other issues trying to stay SSH’ed into the VM. PowerShell core (6) ssh’es into the box perfectly fine, but every time I opened vi to edit configs my terminal color scheme and fonts got fucked harder than a 2 dollar hooker on nickel night.
I’m a bright-green text on black background kinda guy. However the terminal kept changing to bright-red text on white background! It was like getting skull-fucked by a minotaur.
After a while I said fuck it, let’s try putty. Vagrant was using it’s own ssh keypair for the boxes, at work on my mac. Works like a dream. Putty failed me hard and shit the bed, kept getting all kinds of keypair errors. At this point I was finished spent too long trying to make shit work correctly on this jankbox. With enough time and patience I probably could’ve figured all of these problems out. I’m certain that at least 70% of them were caused by user error. I’m known by many as the walking ID-10t.
But alas, I have no time left in the day to fuck around with shit that doesn’t work immediately for morons like myself. My only hang up for the longest time with a complete switch to Linux was gaming. But with Proton and WINE I’m comfortable with giving it the ol’ college try. (Shhhh, don’t remind me I dropped out of college...
The gamble here is that I’ll give more than 2 halves of a fuck about trying to get my games working. A Study environment and materials for certs and general training won’t be getting anywhere near my full attention.
So, at long last, I hope this attempt at a full *nix switch finally sticks!!!
Can someone, anyone, explain to me, how can Microsoft get away with *charging extra* for additional concurrent RDP sessions on a self-hosted instance of Windows Server?
And not only that, but apparently also charges extra once the box gets over a certain amount of system users, too.
As a Linux admin that's used to working in teams over SSH, it just completely baffles me.
It would be terrible if such a practice was in free software... But a system, that one already *pays* for to run?
Or did I understand something wrong from a colleague that claims that this is the reason why I can't get an account on one of our Windows Servers?6
So I'm building this environmental monitoring system for one of the Labs to monitor Temperature and Humidity. the "software" that comes as part of the package with these sensors is really just a website you host yourself if you don't choose the cloud option. No big deal really, (see my previous rant about getting windows server through SSC) I setup IIS and get the "software" registered get a couple sensors running looks good. However I don't like the error messages that popup because it's unsecured. do some reading and I find out that most browsers will give you a warning if your not using HTTPS even if it's for internal use only. OK we'll how hard can it be in implement encryption, turns out it's not that hard and you can do it for free how with letsencrypt and other places. I like free, now i have to use SSH to get into the server and run an ACME client. Hey open SSH is part of windows now cool, download an ACME client SSH into the server and nope doesn't work. Oh right I'm behind a corporate firewall and a bunch of other shit I can't control. Why is so damn arduous to setup this god dam internal website and the problems aren't even the site. Now I'm playing with AWS spinning up an instance to be able to try and get an SSL certificate just so i don't have to tell people it's OK to trust this site ignore the big angry warning.
Best part is other similar internal sites don;t use SSL and all have big messages about someone stealing your soul if you go there and these are commercial systems that run all the HVAC for all the campuses across Canada.
I need more Tylenol.
What's your favorite terminal emulator?
On Linux I prefer xterm, because of its bottomless config options all through a really nice xrdb -merge command.
On a Mac I prefer iterm2, again for its galaxy of config options and features.
On Windows, I just use putty or mobaxterm to ssh to a real operating system. :)
How about you?7
Holy fucking shit, I hate ubuntu SO much.
So what it happened..
I was tryin to set up an Ubuntu server on my machine using virtual box, and I know what you are thinking, "VirtualBox?" yeah its the only machine I had lying around and it had windows and I didn't wanna re-format its hard drive.
So Here how it goes...
Install went fine.. But when I was trying to manage multiple network interfaces, it was Terrible & pain in the ASS 😡...
So initially I needed 2 network interfaces, one for NAT adapter and another Host-only interface for SSH and stuff.. so I made changes in virtualbox settings and rebooted the VM. and it stuck on "a start job is running for wait for network to be configured" I was like okayy and removed host-only adapter and rebooted, it booted fine :/ then I tried combo of bridged adapter with my Ethernet and a host-only adapter, and what? it booted finally! but this wasn't an optimal solution because it had and IP address within subnet of other devices with my router and half the bandwidth (like 50mbps or something).. I reverted back to NAT network & I checked with ifconfig and it STILL didn't had an IP address assigned to it for Host-only adapter!! FFS I deleted the VM and reinstalled the whole thing again but this time both interfaces attached..
after installing it stuck on same shit again :'(
"a start job is running for wait for network to be configured"... FUCK!
after about an hour of troubleshooting and trying different configurations, I still couldn't get it to work.. I never had such problems with centOS.
Fuck you ubuntu.. fuck you in the ass7
The no of times you type exit when you're inside a tmux inside ssh inside bash inside command prompt inside windows is too damn high.
Hey there! I was hoping you guys could tell me some cool and free ssh clients for windows :)
I am currently using putty.
What are your favourite ssh clients? :)9
Spend half an hour with the "git remote add ..." yada yada after setting up an git repo on a vps where I failed to create the home directory with the user and had to do it manually.
As I was against making a trash commit to win against the Schrödinger repo I begun torture myself with the PowerShell SSH compatibility.
I gave up at the end and made an commit with some libs I am going to use. After a last SSH port fight with git got everything up and running.
Lastly installed the new magical windows git credential manager and I am hoping to see some fairy dust in the next days.
throw new EverythingWrongException("Git gud");
So I a using the ssh installed with git on Windows.
I am trying to forward a port on my internal network server which is also my ssh server. I have exposed my network server on a forwarded port on my router. When I try to forward using this command I get a connection reset on my web service on my server.
ssh -nNT -p <port on router> -L 8000:192.168.0.22:8000 <sshuser@router>
I can log into ssh normally. So I am really confused. the 192.x.x.x address is the internal ip of the server. On a browser I try to connect to the 127.0.0.1:8000. It says the connection is reset. I assume it is being refused. So it tries to connect to something, but it fails.
I can connect to the web server from within the internal network via 192.168.0.22:8000. Really confused as to what is failing here.7
Is it my crappy connection or the git bash for windows is just shite? It's taking forever to clone onto a repo using ssh.8