no open ports on router REMOTE SSH AS A SERVICE

WHAT

  • This service provides a reverse ssh (a shell) from web terminal to any Linux behind a router
  • The service starts a reverse ssl tunell on demnad from your account web page.
  • The ssh reverse tunell is alive as long you keep open the web 'access' page.
  • How secure it is?
    • Much more secured than your web bank account and your desktop protected by the user/password
    • You need: mylinuz credentials, session number and login credential on Linux.



  • TERMS

    THIS SERVICE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
    "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
    LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 
    PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL rssh.mine.nu or mylinuz.com DEVELOPMENT GROUP, 
    mylinuz.com or rssh.mine.nu, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
    INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 
    BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
    LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 
    AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 
    OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
    ARISING IN ANY WAY OUT OF THE USE OF THIS SERVICE, EVEN IF ADVISED OF 
    THE POSSIBILITY OF SUCH DAMAGE. THE OWNERS OF mylinuz.com or rssh.mine.nu WONT USE, 
    BROWSE, SHARE, ACCESS, TRACE OR LOG ANY DATA THAT IS BEING PASED TROUGH THE
    SERVER WITHOUT YOUR CONSENT. 
    
    DATA IS STORED ON A SYSTEM SECURED WITH 1 RSA ENCRYPTION ACCOUNT AND IS NOT 
    SHARED WITH ANY OTHER ENTITIES.  THE SERVER IS PROTECTED WITH SSH/RSA
    PUB-PRIV KEYS AND NO PASSWORD. WEB DATABASE PASSWORDS AND EMAILS ARE HASHED ACORDINGLY  
    USING XTEA KEYS AND/OR MD5 HASHING. ALL WEB DATA IS TRANSMITED OVER HTTPS ACCORDING TO W3C.
    DATABASE ACCESS IS RESTRICTED TO LOCALHOST ONLY.
    
    

    HOWTO

  • Download appropriate platform archive from the INSTALL page. See the video on youtube
  • Make sure the device has internet access.
  • Run the installer. Choose a strong login username and password durring installation.
    • These are not Linux box credentials.
  • Use the username and password to log on to mylinuz.com service
  • Login to mylinuz.com using the credetnials you had configured during installation.
  • Any issues: issues
  • Devices innactive for more than 2 weeks are deleted
  • If you register more than one device you should use the same username and password as your first registerred device
  • Once you log in you will see all of your devices
    github
    youtube video

    HOW DOES IT WORK

  • The 'meiotrev' is installed as service on your Linux
  • When starts up it needs internet access to resolve the mylinuz.com domain name to the domain IP. Check the logs if does not start.
  • The client performs a first time registration over https+xtea+salt+peper obtaining the server login info.
  • The service sends each minute a https request. The log file is in /var/log/meiotrev.log
  • When the server sends back a start, the client opens a ssh session to this server,
    • 'ssh -i mylinuz_rsa_key -f -N -R XXXX:localhost:22'
    • The key is sent at registration time over https and is ober-encrypted with an XTEA cypher as well.
  • A reverse shell session really opens only when the user clicks 'ACCESS SHELL TERMINAL, see min 3:47 @ 'video'
  • The session closes when ssh exits, see min 4:48 or when any of the web pages are closed
  • If a session is left open it closes itself in 2 minutes of no typing.
  • Any ssh session time is limited to 10 minutes max.

    TERMS AND CONDITIONS

  • THIS SERVER HAS PASSWORD AUTHENTICATION LOGIN DISABLED. IT USES RSA KEYS TO LOGN.
  • THIS SERVER HAS ONLY 2 ADMINISTRATORS THAT CAN LOGIN IN TO THE SYSTEM.
  • THE REVERSE SSH ACCOUNT ON THE SERVER IS JALED TO A RESTRICTED CHROOT WITH NO LINUX BASIC SHELL BUT ANYWAY
    • ANY
      • SSH EXPLICIT LOGIN ATTEMPT TO mylinuz.com USING SPOFFED KEYS OR RANDOM ACCOUNTS,
      • PORTS SCANNER.
      • URL SPOFFING OUT OF NORMAL PAGING NAVIGATION
      • SSH LOGIN ATTEMPTS OR USE OF PENETRATION TOOLS
    • IP WILL BE BANNED FOR 100 HOURS | FOREVER
    • Anti hack script has blocked 1611 IP's since May 12 2020

    YOUR OWN SERVER

  • We can setup a private server at your needs servicing thousand of devices
    • On Amazon, Google, Azure or any Linux VM cloud services with
    • Client and Server side SSL Certificates restriction.
    • Our team also provides consulting:
      • PCB & Hardware Design (STM, ATMEL, BRFG, ARM, and any other shipsets)
      • Firmware (RTOS, STCUBEMx) for large variety of ARM embedded devices
      • Customising Embeded Linux for various ARM targets (iMX, Beaglebone, AllWiner)
      • Software development. Check our open source projects to find out our expertise.
      • Business Development & Project Management

    ABOUT

    Our Smartworking Team
  • We are located in Richmond Hill, Ontario
  • This site software development is a sole effort I developped in my spare time. Please support it with any donation. Thank you.

    SUPPORT

    Please make donation to expand and keep this service open.
    Target for 2021 is 240$ (certificates, domain name and VM instance).
    Donations so far: 0$