HackTheBox – Traverxec - Bits and Pieces

What you didn't talk about what is the difference between the RSA, DSA, and ECDSA keys – Enkouyami Jan 28 '18 at. Paste your private key, such as the one in the following image, into the file. Auto-tune 7 ilok crack.exe adobe.

  • Openssh - Error `could not load host key` when trying to
  • Chapter 12. OpenSSH Red Hat Enterprise Linux 7
  • What did I miss when building openssh? cannot generate
  • Ssh-audit: Docs, Tutorials, Reviews
  • Mailing List Archive: Problem SSHing to HP ILO SSH-2.0
  • Chris's Wiki: : blog/sysadmin/SSHKeyTypes
  • Sshd(8) - OpenBSD manual pages
  • Understanding the exchange between SFTP Client and SFTP
  • SSH returns: no matching host key type found. Their offer
  • A comparatively stronger & safer & secured sshd_config for

Hubbard on Networking: July 2020

OpenSSH 7.2p2 Ubuntu 4ubuntu1 (Ubuntu. Technically, DSA keys can still be. Sep 2020 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to linphysserv01 [] port 22.

X.509-SSH - HLRS Platforms

Remo xp idm crack. Unknown OpenSSH private key algorithm Unknown OpenSSH. The marker is optional, but if it is present.


Download openssl print ecdsa public key

And the per-user file is maintained auto- matically: whenever the user connects from an unknown host, its key is added to the per-user file. We recently applied a vendor-supplied patch for OpenSSH.

  • OpenSSH key management for Windows
  • [VulnHub] Tommy Boy: 1
  • Access denied to SSH server running in raspberry pi
  • Key generation - SSH key-type, rsa, dsa, ecdsa, are there
  • Community.crypto.openssh_keypair – Generate OpenSSH
  • Can't setup RSYNC via SSH (bug) ecdsa unknown

Upgrade your SSH keys

Vce latest crack 1.03. Even though DSA keys can. SMP whereas server2 is 5.10 Generic_150400-40 sun4v sparc sun4v I have checked port 22 to be open and keys to be correct.

Where is the SSH Server Fingerprint generated/stored

The units were programmed for urban pacification, but OCP also negotiated contracts with the military for use in war. Openssh unknown key type ecdsa. Specifies the type of key to create.


Key generator 1026430 – OpenSSH can no longer connect to Cisco routers

Openstack public key authentication. About Tracker Navigator Open-Source Reports Services Contacts. SSH keys can serve as a means of identifying yourself to an SSH server using public-key cryptography and challenge-response [HOST] major advantage of key-based authentication is that in contrast to password authentication it is not prone to brute-force attacks and you do not expose valid credentials, if the server has been compromised.


SSH Error: unknown key type '-----BEGIN' - Server Fault

SSHv1 keys are not supported. The type of key to be generated is specified with the -t option. It is highly recommended to use the -o option as the new OpenSSH format has an increased resistance to brute-force password cracking.

'Re: openssh ecdsa issue'

Viveza 2 serial number manager. RSA, Ed, or ECDSA keys for authenticating. Xilisoft software total keygen sony.


Confusing error message when trying to verify unknown host

Created attachment 956814 Patch to handle Cisco issue We observed this behavior and tracked it down to two issues - Some Cisco ssh daemons only allow DH key sizes that are powers of two - Some Cisco ssh daemons only allow DH key sizes that are 4096 bits or less We observed both behaviors on various IOS versions. Nitro pro 9 keygen cnet more help. ECDSA is computationally lighter, but you'll need a really small client or server (say 50 MHz embedded ARM processor) to notice the difference.

Free encryption - Which host key algorithm is best to use for

If the remote host key is unknown to your SSH client, you would be asked to accept it by typing "yes" or "no". Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. That's a key type similar to RSA, but limited to 1024 bits size and therefore recommended against for a long time.


Ecdsa Private Key Java

If your version of OpenSSH lies between version 6.5 to version 7.8 (inclusive), run ssh-keygen with the -o option to save your private SSH keys in the more secure OpenSSH format. Backspace key not working in putty https://sneakers-top.ru/forum/?download=5887. Type: wq to write the file and return to the command line.

How to anonymously host the continued development of youtube-dl offshore

Original sources of this guide (might be more up to date in case you're viewing a mirror of it):
In this guide I will go through how to anonymously host the continued development of youtube-dl offshore using companies that have a track record of being very resilient to DMCA takedowns. As a general disclaimer, youtube-dl is not illegal, no matter how much the RIAA wants it to be. Hosting it is not illegal, but the RIAA doesn't care about what's legal, so we'll have to act accordingly and not rely on companies that will bend over backwards for them. This post is basically my way of flipping the bird to the RIAA.
DMCA ignored hosting providers
RIAA report including DMCA ignored hosting providers
United States Trade Representative report including DMCA ignored hosting providers
ESA report including DMCA ignored hosting providers
MPAA report including DMCA ignored hosting providers
Europol report including DMCA ignored hosting providers
Former bulletproof hosting reseller reviews offshore hosting providers
Former bulletproof hosting reseller on what the most warez friendly hosting providers are
(Novogara aka Ecatel recently got busted for tax evasion and are shady as hell in general, allowing anything to be hosted on their servers, so its best to stay away from them.)
Take into account what data center the hosting provider uses. If they don't run their their own data center the company running the data center can shut down the server if the data center isn't DMCA ignored. That isn't to say that resellers can't be resilient, but it depends on how resilient the data center they use is.
Some countries like Ukraine, Kazakhstan, and Korea force hosting providers to use government SSL certificates, meaning that they can MITM the connection.
If anyone here is serious about hosting the continuation of the youtube-dl project, PM me (F_the_RIAA_2 on Reddit, FuckTheRIAA on Raddle) and I'll give you a more specific recommendation. Keeping the hosting provider secret makes it a lot harder to take down.
CDNs and proxies to hide the real hosting provider
DDoS-Guard - Highly recommended. Based in Russia. Doesn't care about DMCA at all. Currently provides protection for Nyaa (the world's largest public torrent tracker for anime and manga) and Sci-Hub (the world's largest piracy website for academic papers which is under constant legal pressure from big US publishers). Has a free plan and accepts Bitcoin for paid plans. DDoS-Guard might be inaccessible outside of Europe for a few hours/month, meaning that sites using it would be unreachable outside of Europe during that time. This is probably peering related, but I'm not sure. Just tell site visitors to use ProtonVPN's free plan and connect to one of their VPN servers in the Netherlands if that happens.
While I recommend DDoS-Guard, I'll list some other alternatives in case something happens:
CloudFlare - Might be a honeypot, especially since I'm not sure how they'd be able to get away with this otherwise, but CloudFlare works for now. Just don't expect privacy from them. They're a US based company so they'll probably be reigned in eventually, but for now they're having their Wild West days. CloudFlare has a free plan. If CloudFlare is not configured properly when set up the real hosting provider will be leaked. More info about that here: 1, 2, 3, 4, 5, 6, 7
It's a myth that Cloudflare does not forward DMCA complaints, they forward everything. However, Cloudflare does not store any "sensitive data", which means forwarding "useless" information is similar like ignoring the DMCA request. A general advice is that whenever you use Cloudflare you should use a bulletproof backend server as well to avoid DMCA takedown request in the first place, so less or nothing gets forwarded (less "leakage risk").
Source: CHEF-KOCH / Warez / Bulletproof Hosting.md
OVPN's public IPv4 proxy (the Switzerland proxy) - Swedish company that provided a proxy for The Pirate Bay for a while, went to court because of it, and won. The two advantages with their Switzerland proxy in particular is that it's hosted by Interxion - the same Netherlands based company that is hosting Feral Hosting's DMCA ignored seedboxes - and that Switzerland is a pretty good jurisdiction. OVPN also scores well on That One Privacy Site. Accepts Bitcoin.
Before we go into registering a domain, I think it's worth considering if it's really worth keeping the name youtube-dl or if it could be spun off into a more accurate and less trademark infringing name like media-dl, for example. It downloads video and audio from a lot more sites than just YouTube, after all.
Resilient TLDs (there are more options than just these)
.is - As of a few years ago ISNIC had only ever suspended one domain and it was connected to ISIS.
When we asked whether ISNIC would follow Greenland’s lead and move for a proactive suspension, we got a clear answer.
“The short answer is no. Such an action would require a formal order from an Icelandic court. ISNIC is not responsible for a registrant’s usage of their domains,” ISNIC’s Marius Olafsson told TorrentFreak.
“This policy applies equally to any .is domain,” Olafsson says, adding that it’s the domain owner’s responsibility to abide by the law, not theirs.
Source: https://torrentfreak.com/pirate-bay-finds-safe-haven-in-iceland-switches-to-is-domain-130425/
“Domains can hardly be considered illegal any more than a street address. A street address is not illegal even if there is illegal activity in one apartment at the address,” ISNIC says.
Source: https://torrentfreak.com/torrent-domain-suspensions-damage-credibility-registrar-says-140617/
.to - Used by a lot of torrent and other filesharing websites. I have never seen one get suspended.
.ru / .su - Good for anything that doesn't affect Russia or go against Russian interests.
.cr is a resilient TLD according to the International Intellectual Property Alliance's (IIAP) report:
thepiratebay.cr domain is still online despite actions against it from the Internet Corporation for Assigned Names and Numbers (ICANN) and the U.S. Embassy in Costa Rica. Other notorious infringing sites are following the trend of using .cr domains as a safe haven (e.g., kickasstorrents.cr). Costa Rica’s failure to deal effectively with its obligations regarding online infringement, more than eight years after they came into force under DR-CAFTA, is a serious concern.
In case you want cheaper options that are available on Njalla, .ch and .ws are said to be pretty good.
.ec is also looking pretty solid as Library Genesis (the world's largest book piracy website, which is under constant legal pressure from big US publishers) have been using it for some time without getting suspended.
Vulnerable TLDs
.com, .net, .cc, .tv, and .name are operated by VeriSign, a Washington DC based company that is controlled by the US government.
.org, .info, .asia, .aero, .ag, .bz, .gi, .hgn, .in, .lc, .me, .mobi, .mn, .sc and .vc are operated by Afilias, a company that blocked one of WikiLeaks' domains.
.site, .website, .tech, .online, .uno, .fun, .space, .store, and .press are operated by Radix, a company that has an anti-piracy partnership with the MPAA.
All TLDs operated by Donuts, a company that has an anti-piracy partnership with the MPAA.
Resilient domain registrars/resellers
Njalla - As anonymous as you can get when buying a domain. Njalla is a Nevis registered company that buys the more common domains from Canada based Tucows, which is pretty abuse friendly and some TLDs like .is they buy from the registry directly. They then lease it to you while legally speaking they own the domain. This means that you don't have to give them any personal information to register it and they take Monero. Njalla has a Tor Hidden Service, PGP key, and has support for registration via XMPP with OTR. Njalla is run by one of the Pirate Bay founders and they kept the Pirate Bay sense of humor alive when dealing with DMCA.
NiceVPS - As anonymous as you can get when buying a domain. NiceVPS is a domain reseller based in the Dominican Republic that buys the domain from easyDNS and then leases it to you, meaning that you don't have to provide any personal information since they own the domain on paper. Accepts Monero. Has a Tor Hidden Service, PGP key, and warrant canary. I've seen NiceVPS recommended on some websites, but I'm not sure how solid it is. Doesn't seem to offer all of the TLDs that Njalla, Openprovider, and easyDNS offer, including a lot of the more resilient ones.
Openprovider aka Hosting Concepts B.V. - Netherlands based registrar that is one of the most abused registrars by rogue pharma sites. Doesn't suspend domains without a WIPO decision or court order. Has a full section dedicated to it in the United States Trade Representative's 2019 report and a brief mention in the 2020 report.
easyDNS - Canada based registrar that has a big focus on due process. The current registrar of The Pirate Bay's .org domain, which it defended against the RIAA. Wouldn't suspend a domain for a video downloader like youtube-dl unless ordered by ICANN, CIRA, or a court according to their takedown policy. Accepts Bitcoin.
There are a few resellers of bulletproof Russian and Chinese registrars that accept cryptocurrency, but because those are pretty much only used by cyber criminals they would not be a good look for this project. And there's also the risk that they'll just be gone one day without a word and no way to transfer domain and not much recourse. Because of those reasons I'm omitting them from this list. I think the above mentioned registrars and resellers will be good enough, the project is legal after all.
Worth considering:
In order to anonymously directly register a domain at any of the other mentioned services than Njalla and NiceVPS you'd have to fake the WHOIS information, which violates ICANN's rules and registrars usually suspend domains because of that. I could especially imagine easyDNS doing this. Not sure how the other registrars would react to that, but ICANN does have the power to withdraw their accreditation - meaning that the registrars would lose the ability to issue domains - if they don't follow ICANN's rules. In the cases of Njalla and NiceVPS they aren't a registrar, they just fill in their own details and buy the domain for you from a registry/registrar when you register a domain using them.
If you use Njalla or NiceVPS you're handing over control of the domain to somebody else and have to take their word for it that you'll always have access to the domain. It's easier to trust Njalla than NiceVPS in this case since it's known who owns Njalla and they have more of a track record than NiceVPS, which is fairly unknown.
Let's Encrypt - Free, uses open source software, backed by EFF, Mozilla, and others. Easy to set up and easy to maintain with an auto-renewal script.
If you're using CloudFlare, you'll have to use their phony SSL certificate.
Keeping your server secure and other technical advice
Check your server, and how reliable it is in terms of security and privacy, online services like https://centminmod.com can test your server and it's configuration to ensure nothing is "leaking".
Check if someone can see your hidden backend server IP via https://dnsdumpster.com. In general you should block every IP connection to your backend server, only allow your own connection, VPN's or reverse proxies. You quickly can check if someone has an "open" backend IP service via services like https://censys.io.
Source: CHEF-KOCH / Warez / Bulletproof Hosting.md
If you use CloudFlare, also check that your backend isn't leaking using CrimeFlare.
If you have set up email with your domain, use SMPT and a custom mail server so it doesn't leak your origin server IP. Email is the easiest way to leak origin server IP addresses.
Use SSH instead of VNC. With VNC the login information is sent unencrypted via plaintext, meaning that a rogue exit node in the Tor network and any server the login information is sent over on the clearnet could record your login information if they wanted to.
Use a password generator for all accounts and have it set to the max number of characters. Don't put the login information into a proprietary password manager or an online password manager. Make sure to back up the login information to multiple hard drives/SSDs/USBs/etc.
Try and make the site portable so that all software and all configurations can be saved to an ISO that can be spun up at any hosting provider at a moment's notice in case the site has to move at some point.
If you get a VPS, make sure it's KVM. KVM is much more secure than OpenVZ since OpenVZ doesn't have much separation between different customers on the same server. OpenVZ is also easy to oversell. Xen is also secure, but has worse performance than KVM.
Use nginx, it has a lot better performance than Apache.
Use MariaDB. It's a more up to date fork of MySQL developed by MySQL's original developer after he sold MySQL to Oracle. Contains bug fixes that sometimes have not gotten into MySQL yet. It is of course fully compatible with MySQL databases.
Basic security hardening (I'd probably use OSSEC + Shorewall instead of fail2ban and ufw, but I'm not an expert at this ¯\_(ツ)_/¯ )
nginx SSL/TLS hardening
Let's Encrypt auto-renewal script
If you need FTP server software, Pure-FTPd is the most secure option. Use SFTP instead of FTPS for better security and less of a headache.
Disable password access for administration, require login using SSH key, and limit the number of login attempts.
Change default ports, like SSH. If anyone tries to access the default SSH port, have the firewall block them for a few hours.
Disable root login.
More security tips for SSH are available here. Don't implement port knocking though.
Disable nginx logging once everything is set up to protect user privacy and improve performance.
Keep the software up to date to decrease the risk of your serveVPS being hacked.
Don't use analytics. If you have to, self-host Matomo (formerly known as Piwik). It's open source.
Keep up to date backups of the site on multiple hard drives/SSDs/etc.
Anonymous payments
Bitcoin is fully traceable nowadays and tumbling/mixing your Bitcoin won't make any difference.
Tumblers are useless
Against my better judgement, I’m going with this click bait heading, but the premise is correct. Due to the software running real time analysis on the ledger, simply avoiding taint and breaking up coins is now entirely ineffective, as it matches the full bitcoin amount to be received over a period of time, as the software is built around a neural net of sorts (talking out of school here, I’m not a programmer) it appears to self-correct in real time as a more "likely" or "accurate" owner conclusion is reached.
Source: Blockchain Analysis and Anti-Money Laundering (X-post from /DarknetmarketsOz)
Meanwhile Monero was the only cryptocurrency that that the US government couldn't track when they took down one of one of the biggest darknet drug markets and seized the site operator's cryptocurrencies. This is because Monero is the only major cryptocurrency properly designed to be private.
There has apparently been some recent developments when it comes to tracing Monero. You can read more about it in my comment on Reddit or Raddle. I wouldn't worry too much about it at this stage though.
Use I2P or Tor when transacting with cryptocurrency. I2P has some privacy benefits in its design over Tor:
Unidirectional tunnels instead of bidirectional circuits, doubling the number of nodes a peer has to compromise to get the same information. Protection against detecting client activity, even when an attacker is participating in the tunnel, as tunnels are used for more than simply passing end to end messages (e.g. netDb, tunnel management, tunnel testing) Tunnels in I2P are short lived, decreasing the number of samples that an attacker can use to mount an active attack with, unlike circuits in Tor, which are typically long lived. I2P APIs are designed specifically for anonymity and security, while SOCKS is designed for functionality.
However, I2P doesn't have as much funding and reseach or as big of a developer community behind it. I2P's userbase is also a lot smaller than Tor's. A full comparison about that can be found here. Monero chose I2P over Tor.
More information about Monero + I2P/Tor is available here.
Either get cryptocurrency donations or use a peer-to-peer exchange that doesn't enforce KYC (Know Your Customer) to buy Monero or Bitcoin. Unlike centralized exchanges, private sellers on decentralized exchanges won't automatically submit all their data to the government. Even if you get all of the cryptocurrency via donations and it therefore has no connection to your real identity at all you should still anonymize it via Monero so that it can't be traced from the donation wallet to the hosting provider which you want to keep hidden.
Some private sellers on peer-to-peer exchanges won't require IDs, while some might require it. If nothing is mentioned, it's worth asking the seller before you send them any money. A few even accept cash meetups and cash by mail (watch out for being scammed or mugged though). LocalCoinSwap, LocalCryptos, and LocalMonero even has sellers that accept gift cards (which you could buy with cash in a physical store). However, most gift cards are only redeemable in the country they were bought in, making this an option that won't work outside of the countries the sellers are based in. The one exception to this that I know of are Steam Wallet gift cards, which work internationally.
From what I've read there are some centralized exchanges that don't require KYC, but at least some of them freeze funds if they think it seems suspicious (which I would imagine a Tor IP would fall under) and they refuse to release the funds until they have been provided with an ID.
If you decide to buy cryptocurrency using a normal payment method, a wire transfer would be the option that involves the least amount of companies getting the transaction info, though I don't think you'd have much recourse with getting your money back if you got scammed and paid via wire transfer.
Bitcoin ATMs may require ID and usually have surveillance cameras around them, but this may vary depending on where you live.
If you bought Bitcoin, use XMR.to to exchange it to Monero. If the service provider only accepts Bitcoin and not Monero, exchange the Monero back to Bitcoin so that the Bitcoin has been anonymized. Don't pay in Bitcoin without exchanging it to Monero and back first.
Prepaid cards usually require SMS verification and are sometimes limited to purchases within the country they were sold in, so be sure to read up on whatever card you're considering using. Vanilla Visa gift cards used to be the go to for VPN buyers back in the day since they only required putting a zip code into a website, but things change, so read up about activation requirements and international purchases for the card in your country before buying anything and if you get information from an unofficial source, try and make sure that it's at least somewhat recent. If SMS activation is required there are two options. One option is buying a push-button burner phone and a prepaid SIM card at a physical store using cash, activate it at a major public place and then once the prepaid card is activated shut off the phone and take out the SIM card and the battery. Another option is buying access to a dedicated number in the same country that you bought the card in at an online SMS inbox site using cryptocurrency (the free SMS inboxes that have shared phone number might be used up already). The catch 22 there is that you wouldn't have any cryptocurrency yet at this stage, so it's not really an option unless you figure something out that I wasn't able to think of. If the prepaid card can't do international purchases you could withdraw the money into an anonymously created PayPal account (requires SMS verification). Expect the prepaid card and PayPal account to almost certainly get frozen if you try to pay with it over Tor. The risk is lower when paying via a VPN IP, but it's still a notable risk, especially if it's a VPN server with lots of users and you can never verify that the VPN provider isn't logging you. An anonymously paid for self-hosted VPN on a dedicated IP address in the same country that you bought the prepaid card would be less likely to cause the card to get frozen. Just don't connect to that self-hosted VPN directly using your real IP address since your ISP would see that and since you would be the only user of that self-hosted VPN it would be directly identifying. You could use the prepaid card on public WiFi, but that will give out your general location and will give the WiFi network your IP address. It will also give the WiFi network your MAC address, so be sure to set the MAC address to be random (just search something like "[operating system] random mac address on wifi" on DuckDuckGo). Then there's the issue that most browsers other than Tor Browser, SecBrowser, and Bromite are bad combating browser fingerprinting. Sure you could also customize Firefox with arkenfox user.js (formerly known as ghacks-user.js) and a bunch of add-ons to combat all the different kinds of tracking, but you'll just make your browser more unique the more you modify it.
Anonymous Internet browsing
Use Tor when doing anything in connection with the site, including when using PuTTY and FileZilla. Verify the integrity of the Tor Browser installer using PGP before running it so that you know that it hasn't been tampered with. Use a bridge if you don't want your ISP/government to see that you're using Tor. Running Tor over a VPN may seem like a good idea, but even if the VPN provider really doesn't keep logs (which is impossible to verify) using Tor over VPN can make you easier to track since that makes the VPN service a permanent entry node [1][2][3][4] and there's also VPN fingerprinting. If Deep Packet Inspection (DPI) is a concern you can use Pluggable Transports [1][2] to disguise the Tor traffic. Keep Tor Browser up to date. Never run Tor Browser in full screen. That makes you more easily trackable as websites can detect the real resolution of your screen. Don't install any add-ons or plugins, that makes you a lot easier to track. If you have logged in and then logged out of a site it can link you to other accounts you have on the same site using session cookies if you login to those accounts without hitting the "New Identity" button to relaunch Tor Browser with a clean slate. Block JavaScript when the website doesn't require it, that's the closest thing you'll come to an ad blocker. Use the Hidden Service version of sites when available, that way your Internet traffic never goes onto the clearnet and it also adds three more proxies between you and the site's server for a total of six proxies.
Since you shouldn't use an ad blocker with Tor Browser it's important that you keep your operating system up to date to minimize the risk of getting infected in case you come across some malicious JavaScript via for example malvertising when you have JavaScript activated.
If you use Windows and don't want to switch to Linux (even though you can set up dual boot or just boot it from a USB without even having to install it on your computer), use a non-admin user account and have an admin account that you only use to authorize trusted software to run, that will mitigate 94% of critical Windows vulnerabilities. You can use a tool like W10Privacy to decrease the amount of tracking in Windows 10, just be sure that the tool you use is updated to match the latest version of Windows 10 or you might brick your OS.
Use an end-to-end encrypted no logs email provider located outside of Five Eyes, Germany, Enemies of the Internet, and countries under surveillance - preferably ProtonMail - when signing up for all of those services. Use a different email address for anything not related to the administration of the website. ProtonMail has a Tor Hidden Service, but signing up for ProtonMail is only possible on the clearnet address, so you'd have to go into Tor Browser's privacy settings and change "Prioritize .onion sites when known" from "Always" to "Ask every time" when you register the ProtonMail account. Change it back to "always" once the registration is complete. And yes, it is possible to sign up for ProtonMail via Tor. It's not easy finding an exit node that hasn't gotten blocked yet, and you will most likely need a secondary anonymous email account on another email provider to send a verification code to, but it is possible. Don't try using a disposable email service, ProtonMail blocks pretty much all of them so you'll just waste time and will probably get your account frozen. Once you have made an account, go into Settings > Security and then wipe and disable the authentication logs. Once that's done - before you sign up for anything - log out and wait a while then log back in, just to see if their anti-fraud system decides to freeze your account or not.
If you go for a email provider other than ProtonMail, keep in mind that it has to be there for the long haul in order to be usable. If it suddenly shuts down without notice, you're pretty much shit out of luck. So try and go for one that has been around for a while and seems like it will continue to stick around.
Comparison of alternatives:
Use a new username that you haven't used before.
Use end-to-end encryption for all private communications. ProtonMail has built-in end-to-end encryption between ProtonMail accounts. If you want to encrypt email with PGP when communicating with non-ProtonMail users follow this guide. That will allow you to import it into ProtonMail. Just remember that the subject line will not be encrypted by PGP. PGP/MIME gives out less metadata than PGP inline and is just better in general, so use PGP/MIME. For file transfers you can also use OnionShare if the receipient also uses Tor Browser or put the file(s) into a password protected .7z file using 7-Zip with the "Encrypt file names" option enabled + a password generator set to the max number of characters that you then upload to Disroot Upload. Be aware that the lufi software that Disroot Upload runs on keeps the filename visible after the file has been deleted. If you need an end-to-end encrypted pastebin, self-host PrivateBin or use Disroot's PrivateBin. Disroot uses a privacy respecting hosting provider and claim that they don't keep logs for services that don't require an account, such as Disroot Upload and Disroot's PrivateBin.
Use DuckDuckGo instead of Google. At least when doing work related to the site. It has a Tor Hidden Service that you can easily find by searching "duckduckgo onion" or "duckduckgo hidden service" on DuckDuckGo.
Rely on open source software and privacy respecting services when it comes to processing and storing data related to the site. PrivacyTools.io, awesome-privacy, AlternativeTo, and GitHub makes it easy to find privacy respecting alternatives.
Keep software on your devices up to date to decrease the risk of it being compromised by an exploit.
And yeah, I probably went pretty deep on some of the less relevant sections, but I thought it was best to include everything.
submitted by Fuck_the_RIAA to youtubedl


Having issues setting up Ansible Please save me

I am having issues setting up Ansible in a test enviroment.
OS Ubunthu 14.04
Vmware PRO
1 x Command server
2 x Slave servers
In Ansible's Hostfile i have writtent the following everything else is commented out.

i am failing to establish a connection when i run "ansible -m ping"
(I have no issue establishing a connection when i run "ssh [email protected]")

and i get the following logs:
[email protected]:/etc/ansible# ansible -m ping -vvvv <> ESTABLISH CONNECTION FOR USER: root <> REMOTE_MODULE ping <> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/root/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'ConnectTimeout=10', '', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1597909517.88-211530530878249 && echo $HOME/.ansible/tmp/ansible-tmp-1597909517.88-211530530878249'"] | FAILED => SSH encountered an unknown error. The output was: OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: auto-mux: Trying existing master debug1: Control socket "/root/.ansible/cp/ansible-ssh-" does not exist debug2: ssh_connect: needpriv 0 debug1: Connecting to [] port 22. debug2: fd 3 setting O_NONBLOCK debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug3: timeout: 10000 ms remain after connect debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13 debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13 pat OpenSSH_6.6.1* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug3: load_hostkeys: loading entries for host "" from file "/root/.ssh/known_hosts" debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: [email protected],zlib,none debug2: kex_parse_kexinit: [email protected],zlib,none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: setup [email protected] debug1: kex: server->client aes128-ctr [email protected] [email protected] debug2: mac_setup: setup [email protected] debug1: kex: client->server aes128-ctr [email protected] [email protected] debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA 33:92:13:4c:72:5d:c2:30:a2:cf:0e:fe:e0:61:de:06 debug3: load_hostkeys: loading entries for host "" from file "/root/.ssh/known_hosts" debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys debug1: Host '' is known and matches the ECDSA host key. debug1: Found key in /root/.ssh/known_hosts:1 debug1: ssh_ecdsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /root/.ssh/id_rsa ((nil)), debug2: key: /root/.ssh/id_dsa ((nil)), debug2: key: /root/.ssh/id_ecdsa ((nil)), debug2: key: /root/.ssh/id_ed25519 ((nil)), debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred gssapi-with-mic,gssapi-keyex,hostbased,publickey debug3: authmethod_lookup publickey debug3: remaining preferred: ,gssapi-keyex,hostbased,publickey debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/id_rsa debug3: no such identity: /root/.ssh/id_rsa: No such file or directory debug1: Trying private key: /root/.ssh/id_dsa debug3: no such identity: /root/.ssh/id_dsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ecdsa debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ed25519 debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey,password). 
someone please save me.

submitted by subatomic_rabbithole to ansible