---
gitea: none
include_toc: true
---

# 1. CISS.debian.live.builder

**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.768.2025.06.19<br>

# 2. Download the latest PUBLIC CISS.debian.live.ISO

## 2.1. Autobuild Information

The latest information about the public **``CISS.debian.live.ISO``** is available at **`/LIVE_ISO.public`**.

## 2.2. URL

Download the latest Auto-Generated [CISS.debian.live.ISO_PUBLIC](https://cloud.e2ee.li/s/E7FoctLroB4oF7P).

## 2.3. Root Passwd

Use the following ``Root`` Password:
````text
Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH
````

## 2.4. Root SSH Keys

Use the following ``Root`` SSH Key Material:

### 2.4.1. SSH Public Key
````text
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2025_ciss.debian.live.ISO_PUBLIC_ONLY"
AAAAC3NzaC1lZDI1NTE5AAAAINAYZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS
8uSY
---- END SSH2 PUBLIC KEY ----
````

### 2.4.2. SSH Private Key OPENSSH
````text
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB0
MkzTOHVgNHQSoGBPlJ49AAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAINAY
ZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS8uSYAAAAsAO6qB+tMUOkUm1n3EG5
X6RyDOYYzY2yuwXHwLD2uAkG7cv/IoO1Dgol+Ugm6ryh5BnFWeyXCxwUmgc54kaV
bHkYWrHVqC8kANbMzt9V2WicNrgktjlV6OoYm0nD5M0+dYYxnMUoY1ghjmvF05Jf
xdsw83HOA1m0ZbDxX8/4GrL/HNSj6/1hm/x8KNvy9NN7jFfAcP3rNlNO+B6ckq66
Clw5PIdM7+BObTSD0g99dLFI
-----END OPENSSH PRIVATE KEY-----
````

### 2.4.3. SSH Private Key
````text
PuTTY-User-Key-File-3: ssh-ed25519
Encryption: aes256-cbc
Comment: 2025_ciss.debian.live.ISO_PUBLIC_ONLY
Public-Lines: 2
AAAAC3NzaC1lZDI1NTE5AAAAINAYZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS
8uSY
Key-Derivation: Argon2id
Argon2-Memory: 8192
Argon2-Passes: 13
Argon2-Parallelism: 1
Argon2-Salt: e93b747ffd3d55f3865502c848b07ec7
Private-Lines: 1
onOztqghDo2kzYMa7VosVQ+TMr1AHLknwGPMIpuDEb0GyfdVB6LqV3rAKEJRRXJg
Private-MAC: 3c87f88ee5306c56e7b2240d7bddda3ce4369d6d296b9101d8a8c5834fdf5e25
````

### 2.4.4. SSH Private Key Encryption Key (KEK)
````text
^QbHsh#WPdaVwyWbkb5fpejDawhaKP9hx74dnCzD#W
````

# 3. Login

## 3.1. SSH

Connect to `<IP>:42137`. Please note that if you select a different port by mistake, your client IP address will be blocked 
instantly — literally in a few microseconds — for 86,400 seconds (i.e., one full day) due to the 

* `ufw`
* `fail2ban` 
* `/etc/hosts.deny` 

ultimate hardening rules:

````text
### SSH Handling: Foreign IP (not in /etc/hosts.allow): refused to connect: immediate ban [sshd-refused]
###               Jump host mistyped 1-3 times: no ban, only after four attempts          [sshd]
(...)
# ufw aggressive approach:
# Any valid client communicating with our server should be going directly to the service ports opened in ufw (ssh, 80, 443, ...).
# Any client touching other ports is treated as malicious and therefore should be blocked access to ALL ports after one attempt.
````

## 3.2. Console

Login as root and present the following credentials:
````text
Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH
````

---
**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
<!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->