V8.03.256.2025.06.02
Some checks failed
Generating a PUBLIC Live ISO. / Generating a PUBLIC Live ISO. (push) Has been cancelled
Some checks failed
Generating a PUBLIC Live ISO. / Generating a PUBLIC Live ISO. (push) Has been cancelled
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -12,22 +12,26 @@ include_toc: true
|
||||
|
||||
# 2. Download the latest PUBLIC CISS.debian.live.ISO
|
||||
|
||||
## 2.1. URL
|
||||
## 2.1. Autobuild Information
|
||||
|
||||
The latest information about the public CISS.debian.live.ISO is available at `./LIVE_ISO.public`.
|
||||
|
||||
## 2.2. URL
|
||||
|
||||
Download the latest Auto-Generated [CISS.debian.live.ISO_PUBLIC](https://cloud.e2ee.li/s/E7FoctLroB4oF7P).
|
||||
|
||||
## 2.2. Root Passwd
|
||||
## 2.3. Root Passwd
|
||||
|
||||
Use the following Root Passwd:
|
||||
````text
|
||||
Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH
|
||||
````
|
||||
|
||||
## 2.3. Root SSH Keys
|
||||
## 2.4. Root SSH Keys
|
||||
|
||||
Use the following Root SSH Key Material:
|
||||
|
||||
### 2.3.1. SSH Public Key
|
||||
### 2.4.1. SSH Public Key
|
||||
````text
|
||||
---- BEGIN SSH2 PUBLIC KEY ----
|
||||
Comment: "2025_ciss.debian.live.ISO_PUBLIC_ONLY"
|
||||
@@ -36,7 +40,7 @@ AAAAC3NzaC1lZDI1NTE5AAAAINAYZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS
|
||||
---- END SSH2 PUBLIC KEY ----
|
||||
````
|
||||
|
||||
### 2.3.2. SSH Private Key OPENSSH
|
||||
### 2.4.2. SSH Private Key OPENSSH
|
||||
````text
|
||||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB0
|
||||
@@ -49,7 +53,7 @@ Clw5PIdM7+BObTSD0g99dLFI
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
````
|
||||
|
||||
### 2.3.3. SSH Private Key
|
||||
### 2.4.3. SSH Private Key
|
||||
````text
|
||||
PuTTY-User-Key-File-3: ssh-ed25519
|
||||
Encryption: aes256-cbc
|
||||
@@ -67,7 +71,36 @@ onOztqghDo2kzYMa7VosVQ+TMr1AHLknwGPMIpuDEb0GyfdVB6LqV3rAKEJRRXJg
|
||||
Private-MAC: 3c87f88ee5306c56e7b2240d7bddda3ce4369d6d296b9101d8a8c5834fdf5e25
|
||||
````
|
||||
|
||||
### 2.3.4. SSH Private Key Encryption Key (KEK)
|
||||
### 2.4.4. SSH Private Key Encryption Key (KEK)
|
||||
````text
|
||||
Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH
|
||||
````
|
||||
|
||||
# 3. Login
|
||||
|
||||
## 3.1. SSH
|
||||
|
||||
Connect to `<IP>:42137`. Please note that if you select a different port by mistake, your client IP address will be blocked
|
||||
instantly — literally in a few microseconds — for 86,400 seconds (i.e., one full day) due to the
|
||||
|
||||
* `ufw`
|
||||
* `fail2ban`
|
||||
* `/etc/hosts.deny`
|
||||
|
||||
ultimate hardening rules:
|
||||
|
||||
````text
|
||||
### SSH Handling: Foreign IP (not in /etc/hosts.allow): refused to connect: immediate ban [sshd-refused]
|
||||
### Jump host mistyped 1–3 times: no ban, only after four attempts [sshd]
|
||||
(...)
|
||||
# ufw aggressive approach:
|
||||
# Any valid client communicating with our server should be going directly to the service ports opened in ufw (ssh, 80, 443, ...).
|
||||
# Any client touching other ports is treated as malicious and therefore should be blocked access to ALL ports after one attempt.
|
||||
````
|
||||
|
||||
## 3.2. Console
|
||||
|
||||
Login as root and present the following credentials:
|
||||
````text
|
||||
Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH
|
||||
````
|
||||
|
||||
Reference in New Issue
Block a user