
Show HN: The Cyber Plumber's Handbook – SSH Tunnel Like a Boss - opsdisk
Looking to get some feedback from the Hacker News community.<p>I wrote the book with a focus on penetration testers and red teamers, but there are great examples for network admins, developers, and blue team defenders as well.<p>You can pick up a copy for free here through May 19, 2019: <a href="https:&#x2F;&#x2F;gumroad.com&#x2F;l&#x2F;the_cyber_plumbers_handbook&#x2F;hackernews20190518" rel="nofollow">https:&#x2F;&#x2F;gumroad.com&#x2F;l&#x2F;the_cyber_plumbers_handbook&#x2F;hackernews...</a><p>Please note, because it&#x27;s hosted on Gumroad, it does require an email. If you don&#x27;t want to give out your actual email, check out an anonymous email service.  I give it away to students for free, so if you know of one that might like it, send them here to get instructions: <a href="https:&#x2F;&#x2F;cph.opsdisk.com" rel="nofollow">https:&#x2F;&#x2F;cph.opsdisk.com</a><p>About The Cyber Plumber&#x27;s Handbook...<p>This book is packed with practical and real world examples of SSH tunneling and port redirection in multiple realistic scenarios. It walks you through the basics of SSH tunneling (both local and remote port forwards), SOCKS proxies, port redirection, and how to utilize them with other tools like proxychains, nmap, Metasploit, and web browsers.<p>Advanced topics included SSHing through 4 jump boxes, throwing exploits through SSH tunnels, scanning assets using proxychains and Metasploit&#x27;s Meterpreter, browsing the Internet through a SOCKS proxy, utilizing proxychains and nmap to scan targets, and leveraging Metasploit&#x27;s Meterpreter portfwd command.<p>Let me know if you have any questions!  Looking forward to your comments&#x2F;feedback.
======
xoa
Thanks for sharing and the effort put in so far. After a quick glance over I
think you should consider giving at least a glancing mention in your intro
section to the importance of hardening SSH itself vs the typical default
install. It doesn't need to be much since it's somewhat out of scope of your
specific focus here, but it'd be worth a few sentences mentioning the value of
keys over passwords (and disabling passwords entirely), that keys can be kept
on tokens as well (YubiKeys/NitroKeys for example), value of disabling ancient
ciphers, that sort of thing. You say the book assumes "some experience with
SSH", but given your stated audience includes admins/devs/blue team as well
(and in another comment I see someone talking about using it with students)
and I've seen a ton of really bad SSH setups used there, I think even a
sentence or two about assuming hardening as well to get people into search
engines (if you don't feel like more) would be valuable in the context of
intrusion response.

~~~
opsdisk
Thanks for the detailed feedback. That is a good idea I'll incorporate in the
next version. Even some of the basic SSH server hardening goes a long way. I'd
love to offer an actual lab for folks so they don't need to spin up their own,
but just haven't had the demand (and time) to set that up.

------
inflatableDodo
This looks great. Though I must admit, 'SSH Tunnel Like a Boss' did make me
intially doubtful. I wondered if it might be advice on how to find someone
else to set up an ssh tunnel for you, while staring angrily at a command
prompt and shouting.

------
anigbrowl
Really nice to see the 'plumbing' mindset catching on. When the parallels to
real-world utility work were first pointed out a lot of people were resistant
to it because they felt insulted to have their high technology work compared
to dirty low technology.

~~~
dlphn___xyz
only business types make make this analogy

~~~
madhadron
Contrariwise, those who dismiss this analogy probably only deal with domestic
plumbing while being exposed to industrial networking. Comparing it to
industrial plumbing, long distance pipelines, and the like makes it a lot more
plausible.

------
mrzool
Looks great, thanks for sharing. Any plan to make an epub available? I’d love
to read it on an e-ink display.

~~~
opsdisk
Haven't had too many requests for that yet. Do you have any recommendations
for creating an epub file? The book was written in LaTeX with VS Code. I worry
that a lot of the command line stuff and images wouldn't look good on a
reader.

~~~
mrzool
There are definitely several options, but I would recommend Pandoc to compile
an epub from LaTeX source — off the top of my head.

Images are not problematic at all on an e-reader. Here’s an example of how an
illustration looks like on my old Kindle:

[https://i.imgur.com/zfqbnOO.jpg](https://i.imgur.com/zfqbnOO.jpg)

Tables and such are also usually just raster images embedded in the epub’s
XML:

[https://i.imgur.com/SHYUrNL.jpg](https://i.imgur.com/SHYUrNL.jpg)

[https://i.imgur.com/u0tZ2TO.jpg](https://i.imgur.com/u0tZ2TO.jpg)

…and so are code blocks, usually displayed in a monospaced but condensed font
and converted to raster image as well to avoid wrapping:

[https://i.imgur.com/d7ly8GH.jpg](https://i.imgur.com/d7ly8GH.jpg)

[https://i.imgur.com/g0lIPpj.jpg](https://i.imgur.com/g0lIPpj.jpg)

Long story short: Images are not an issue, and there’s a way to ensure code
blocks will look good by converting them to images. That would indeed require
some work, but maybe there's a tool to automate that?

Edit: All examples are from _UNIX and Linux System Administration Handbook_ by
Garth Snyder et al., Addison-Wesley Professional; 5th edition (2017)

~~~
opsdisk
Cool, thanks for the recommendation.

------
Bucephalus355
I am somewhat in tears now seeing this. I spent weeks at work trying to
backwards analyze GCP IAP, which apparently uses this in the background
(invoked via the gcloud CLI).

Almost like a lost art, it was impossible to find serious tutorials other than
Michael W. Lucas’s book of a couple of years ago or the O’Reilly book from
2006.

Very much appreciated. Thank you for documentation on these very important
systems that many of us sysadmins who came into the field later in life missed
(other than when we connect to our cloud servers). Soon, even the cloud part I
mentioned will be gone mostly to because of ‘kubectl’, as Kelsey Hightower has
said.

~~~
indigodaddy
Exactly, and hopefully fundamental sysadmin/nix/networking/DNS/basic
troubleshooting (that we take for granted) skills won't get lost by the
wayside. But I do feel that at some point this will happen, and those of us
with those skills that remain in say 10-15 years will be as
outdated/deprecated as say an AIX admin is today.

~~~
convolvatron
you would think so. but reading the foundational RFCs and learning the BSD
system api 30 years ago has paid out pretty well.

I always assumed we would lurch onto a new model that had a stronger notion of
distributed identity, or was more data centric than machine centric, or ..
something.

but we keep throwing more new plywood on top of the old rotten floor and keep
going about our business. the 10th layer down isn't providing any structural
value any more..but does that matter?

------
leetbulb
This is great, thank you. I'm a big fan of socat for plumbing in pentesting
environments, it's an amazing tool. Never had much luck with meterpreter's
port forwarding as it seems to always eventually bug out.

~~~
opsdisk
Yeah, there was a major bug with portfwd last Fall. Last time I checked a few
months ago, it was working in Metasploit 5.

------
171243
Good topic and looks like some good examples. The formatting is nice, easy on
the eyes but there is excessive whitespace in the book. Having large
screenshots means when they don't fit on the page they get bumped to the next
and a huge gapping whitespace appears. I can tell this is stretching out the
length of the book. I'd peg it at really only about 50 pages of content
instead of the 76. For an example just look at page 75/76 and how the content
is distributed.

------
emptysongglass
I'd really appreciate an epub. I read anything across a variable range of
display sizes and PDFs just don't cut it anymore.

------
miccah
Wow, this looks great, thanks for sharing!

You mention this book as targetting pentesters. Do you have any advice on
tools or skills to know for a software engineer to transition to a pentesting
role?

I ask because there are many resources for pentesting, but not any that I have
found to reflect what happens in industry.

Thank you again!

~~~
opsdisk
In my experience, if you're going into security, it's good to have a solid
foundation in either networking (routers, firewalls, switches), system
administration, or software development. In your case, being a software
engineer allows you to tweak, improve, or write your own tools. For example,
some security tools have a hard coded HTTP User-Agent string that is flagged
by security devices as a "hacker" tool. If you know how to go in and change
it, it makes you harder to detect (assuming you're doing an ethical pen test /
red team engagement).

Check out Hack The Box (hackthebox.eu) which are a bunch of vulnerable virtual
machines that can be hacked. It's totally free. The Offensive Security
Certified Professional ([https://www.offensive-security.com/information-
security-cert...](https://www.offensive-security.com/information-security-
certifications/oscp-offensive-security-certified-professional/)) is the gold
standard in terms of getting a cert. You get 24 hours to exploit 5 boxes and
elevate to admin/root.

------
rvalue
I looked at the table of contents and I am guessing it has many handy tricks
and command line examples of already public tools. Doesn't look like its
should be as costly as 19$. Would you like to bring it down to one-digit costs
?

~~~
opsdisk
If you want it today, it's $0 if you go here:
[https://gumroad.com/l/the_cyber_plumbers_handbook/hackernews...](https://gumroad.com/l/the_cyber_plumbers_handbook/hackernews20190518)

I'm still trying to find a fair price for it, not ready to bring it down to
single digits just yet.

~~~
hawkweed
I tried to download it, but it looks like your promo code expired.

~~~
opsdisk
As stated in the original post, it was only valid for 2 days through May 19.
If you're a student, you can still get it for free. Just checkout the website
for details [https://cph.opsdisk.com](https://cph.opsdisk.com)

------
CoryG89
This is great. I have just recently purchased access to a VPN service and also
a proxy service and have been learning about SSH tunneling. Can't wait to dig
into this.

------
wdroz
Small typo at page 36, you are using local port forward instead of a remote
port forward in the command.

~~~
opsdisk
Nice catch, thank you wdroz!

~~~
wdroz
Thank you for the free copy to HN crew.

------
canphaz
Hi! Sounds great! However i get he message that the discount code is not valid
anymore and it is $19.99 again. Am i doing something wrong?

~~~
opsdisk
Just tried this link and it still looks like it's discounted:
[https://gumroad.com/l/the_cyber_plumbers_handbook/hackernews...](https://gumroad.com/l/the_cyber_plumbers_handbook/hackernews20190518)

Let me know if it's still not working.

~~~
beastea
it says that promotion code expired

~~~
opsdisk
As stated in the original post, it was only valid for 2 days through May 19.
If you're a student, you can still get it for free. Just checkout the website
for details [https://cph.opsdisk.com](https://cph.opsdisk.com)

------
cjcampbell
I am pumped to see this right now, as it will be a great resource for my intro
networking students (at the perfect moment in the quarter).

~~~
opsdisk
Great to hear...hope it helps!

------
devinjflick
Dang it I found this post on Monday after the free give away ended. Any way of
still getting a free copy?

------
deleterious
On this side of the world it's 5.18.19 and yet $19 bucks for the book. Also
did not ask for an email, so in essence, I have no words.

~~~
pests
It's 5.18.19 on the side I'm on too.... did something happen recently that
reduced the price of knowledge?

~~~
opsdisk
Was it not showing $0 for you pests? Just want to make sure I'm not hitting
some threshold with Gumroad...coming up on 2000 copies requested!

~~~
pests
Oh no it worked fine! I think people having issues are finding the link other
ways or accidently removing your discount in the URL.

My comment was unfortunately a snarky response to what I thought was a
complaint about the full price that I felt was unwarrented at the time.

I've started reading and had already intended to email you my thoughts. Thank
you for your work!

------
jmakov
Cool writeup. Thanks for sharing!

