CISS.debian.live.builder/docs/DL_PUB_ISO.md

Table of Contents

• 1. CISS.debian.live.builder
• 2. Download the latest PUBLIC CISS.debian.live.ISO
• 2.1. Autobuild Information
• 2.2. URL
• 2.3. Root Passwd
• 2.4. Root SSH Keys
• 2.4.1. SSH Public Key
• 2.4.2. SSH Private Key OPENSSH
• 2.4.3. SSH Private Key
• 2.4.4. SSH Private Key Encryption Key (KEK)
• 3. Login
• 3.1. SSH
• 3.2. Console

1. CISS.debian.live.builder

Centurion Intelligence Consulting Agency Information Security Standard
Debian Live Build Generator for hardened live environment and CISS Debian Installer
Master Version: 8.03
Build: V8.03.384.2025.06.03

2. Download the latest PUBLIC CISS.debian.live.ISO

2.1. Autobuild Information

The latest information about the public CISS.debian.live.ISO is available at ./LIVE_ISO.public.

2.2. URL

Download the latest Auto-Generated CISS.debian.live.ISO_PUBLIC.

2.3. Root Passwd

Use the following Root Passwd:

Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH

2.4. Root SSH Keys

Use the following Root SSH Key Material:

2.4.1. SSH Public Key

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2025_ciss.debian.live.ISO_PUBLIC_ONLY"
AAAAC3NzaC1lZDI1NTE5AAAAINAYZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS
8uSY
---- END SSH2 PUBLIC KEY ----

2.4.2. SSH Private Key OPENSSH

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB0
MkzTOHVgNHQSoGBPlJ49AAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAINAY
ZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS8uSYAAAAsAO6qB+tMUOkUm1n3EG5
X6RyDOYYzY2yuwXHwLD2uAkG7cv/IoO1Dgol+Ugm6ryh5BnFWeyXCxwUmgc54kaV
bHkYWrHVqC8kANbMzt9V2WicNrgktjlV6OoYm0nD5M0+dYYxnMUoY1ghjmvF05Jf
xdsw83HOA1m0ZbDxX8/4GrL/HNSj6/1hm/x8KNvy9NN7jFfAcP3rNlNO+B6ckq66
Clw5PIdM7+BObTSD0g99dLFI
-----END OPENSSH PRIVATE KEY-----

2.4.3. SSH Private Key

PuTTY-User-Key-File-3: ssh-ed25519
Encryption: aes256-cbc
Comment: 2025_ciss.debian.live.ISO_PUBLIC_ONLY
Public-Lines: 2
AAAAC3NzaC1lZDI1NTE5AAAAINAYZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS
8uSY
Key-Derivation: Argon2id
Argon2-Memory: 8192
Argon2-Passes: 13
Argon2-Parallelism: 1
Argon2-Salt: e93b747ffd3d55f3865502c848b07ec7
Private-Lines: 1
onOztqghDo2kzYMa7VosVQ+TMr1AHLknwGPMIpuDEb0GyfdVB6LqV3rAKEJRRXJg
Private-MAC: 3c87f88ee5306c56e7b2240d7bddda3ce4369d6d296b9101d8a8c5834fdf5e25

2.4.4. SSH Private Key Encryption Key (KEK)

Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH

3. Login

3.1. SSH

Connect to <IP>:42137. Please note that if you select a different port by mistake, your client IP address will be blocked instantly — literally in a few microseconds — for 86,400 seconds (i.e., one full day) due to the

• ufw
• fail2ban
• /etc/hosts.deny

ultimate hardening rules:

### SSH Handling: Foreign IP (not in /etc/hosts.allow): refused to connect: immediate ban [sshd-refused]
###               Jump host mistyped 1–3 times: no ban, only after four attempts          [sshd]
(...)
# ufw aggressive approach:
# Any valid client communicating with our server should be going directly to the service ports opened in ufw (ssh, 80, 443, ...).
# Any client touching other ports is treated as malicious and therefore should be blocked access to ALL ports after one attempt.

3.2. Console

Login as root and present the following credentials:

Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH

---

no tracking | no logging | no advertising | no profiling | no bullshit