Sunday, February 15, 2015

ssh-copy-id.




Replace traditional command to install ssh-keys

cat ~/.ssh/id_rsa.pub | ssh usr@host’cat >> .ssh/authorized_keys’

With a single command:
ssh-copy-id -i ~/.ssh/id_rsa.pub user@host

SSH-COPY-ID(1) BSD General Commands Manual SSH-COPY-ID(1)

NAME
ssh-copy-id — use locally available keys to authorise logins on a remote
machine

SYNOPSIS

ssh-copy-id [-n] [-i [identity_file]] [-p port] [-o ssh_option]
[user@]hostname
ssh-copy-id -h | -?

DESCRIPTION

ssh-copy-id is a script that uses ssh(1) to log into a remote machine
(presumably using a login password, so password authentication should be
enabled, unless you’ve done some clever use of multiple identities). It
assembles a list of one or more fingerprints (as described below) and
tries to log in with each key, to see if any of them are already installed
(of course, if you are not using ssh-agent(1) this may result in you being
repeatedly prompted for pass-phrases). It then assembles a list of those
that failed to log in, and using ssh, enables logins with those keys on
the remote server. By default it adds the keys by appending them to the
remote user’s ~/.ssh/authorized_keys (creating the file, and directory, if
necessary). It is also capable of detecting if the remote system is a
NetScreen, and using its ‘set ssh pka-dsa key …’ command instead.

The options are as follows:

-i identity_file

Use only the key(s) contained in identity_file (rather than looking for identities via ssh-add(1) or in the default_ID_file). If the filename does not end in .pub this is added. If the filename is omitted, the default_ID_file is used. Note that this can be used to ensure that the keys copied have the comment one prefers and/or extra options applied, by ensuring that the key file has these set as preferred before the copy is
attempted.

-n do a dry-run. Instead of installing keys on the remote system
simply prints the key(s) that would have been installed.

-h, -? Print Usage summary

-p port, -o ssh_option

These two options are simply passed through untouched, along with
their argument, to allow one to set the port or other ssh(1)
options, respectively. Rather than specifying these as command line options, it is often better to use (per-host) settings in ssh(1)’s configuration file:
ssh_config(5).

Default behaviour without -i, is to check if ‘ssh-add -L’ provides any
output, and if so those keys are used. Note that this results in the com‐
ment on the key being the filename that was given to ssh-add(1) when the
key was loaded into your ssh-agent(1) rather than the comment contained in
that file, which is a bit of a shame. Otherwise, if ssh-add(1) provides
no keys contents of the default_ID_file will be used.
The default_ID_file is the most recent file that matches: ~/.ssh/id*.pub,
(excluding those that match ~/.ssh/*-cert.pub) so if you create a key that
is not the one you want ssh-copy-id to use, just use touch(1) on your pre‐
ferred key’s .pub file to reinstate it as the most recent.

EXAMPLES

If you have already installed keys from one system on a lot of remote
hosts, and you then create a new key, on a new client machine, say, it can
be difficult to keep track of which systems on which you’ve installed the
new key. One way of dealing with this is to load both the new key and old
key(s) into your ssh-agent(1). Load the new key first, without the -c
option, then load one or more old keys into the agent, possibly by ssh-ing
to the client machine that has that old key, using the -A option to allow
agent forwarding:

user@newclient$ ssh-add

user@newclient$ ssh -A old.client

user@oldl$ ssh-add -c

… prompt for pass-phrase …

user@old$ logoff

user@newclient$ ssh someserver

now, if the new key is installed on the server, you’ll be allowed in
unprompted, whereas if you only have the old key(s) enabled, you’ll be
asked for confirmation, which is your cue to log back out and run
user@newclient$ ssh-copy-id -i someserver
The reason you might want to specify the -i option in this case is to
ensure that the comment on the installed key is the one from the .pub
file, rather than just the filename that was loaded into you agent. It
also ensures that only the id you intended is installed, rather than all
the keys that you have in your ssh-agent(1). Of course, you can specify
another id, or use the contents of the ssh-agent(1) as you prefer.
Having mentioned ssh-add(1)’s -c option, you might consider using this
whenever using agent forwarding to avoid your key being hijacked, but it
is much better to instead use ssh(1)’s ProxyCommand and -W option, to
bounce through remote servers while always doing direct end-to-end authen‐
tication. This way the middle hop(s) don’t get access to your
ssh-agent(1). A web search for ‘ssh proxycommand nc’ should prove
enlightening (N.B. the modern approach is to use the -W option, rather
than nc(1)).

SEE ALSO ssh(1), ssh-agent(1), sshd(8)

BSD February 15, 2015 BSD

Thursday, February 12, 2015

What's on the network?




Our goal here to see what is live on the network and how possibly vulnerable those machines are. Might be interesting to use with a wifi network.

First lets get the live systems at the moment. You will need to change your code depending on your network,

alive.sh
[code]
 #!/bin/bash
rm goodips
is_alive_ping()
{
  ping -c 1 $1 > /dev/null
  [ $? -eq 0 ] && echo $i >> goodips
}

for i in 192.168.1.{1..255}
do
is_alive_ping $i & disown
done
[/code]

Generated goodips file:
192.168.1.1
192.168.1.32
192.168.1.99
192.168.1.126

Then we can run a sort of network scanner.

scannet.sh
[code]
datafile="goodips"
a=1
m="not done"
while read line
do fdata[$a]=$line
echo $line
        let a=a+1
       for p in {1..1023};
       do
       (echo >/dev/tcp/$line/$p) >/dev/null 2>&1 && echo "$p open"
       done
done < $datafile
[/code]

Then we can run the bash file to see what is open. (You could also save it to a file.)

192.168.1.1
23 open
53 open
80 open

192.168.1.32
22 open
80 open
110 open
111 open
143 open
443 open
993 open
995 open

192.168.1.99
21 open
80 open
139 open
515 open

192.168.1.126
22 open
25 open
80 open
139 open
445 open




Saturday, February 7, 2015

More Whiptail.

Here are some more examples on using whiptail expanding on what we did in the last article.

A message box shows any arbitrary text message with a confirmation button to continue. whiptail --title "<message box title>" --msgbox "<text to show>" <height> <width>


Example: #!/bin/bash whiptail --title "Test Message Box" --msgbox "Create a message box with whiptail. Choose Ok to continue." 10 60

Example:

#!/bin/bash
 whiptail --title "Message Box" --msgbox "Create a message box with whiptail.
Choose Ok to continue." 10 60

Screenshot from 2015-02-07 12:22:20


Create a Yes/No Box

One common user input is Yes or No. This is when a Yes/No dialog box can be used. whiptail --title "<dialog box title>" --yesno "<text to show>" <height> <width>

#!/bin/bash
if (whiptail --title "Yes/No Box" --yesno "Do you like computers (yes/no)?" 10 60)
then echo "Yes, you like computers. Exit status was $?."
else echo "No, you do not like computers. Exit status was $?."
fi



Optionally, you can customize the text for Yes and No buttons with "--yes-button" and "--no-button" options.

Example:

 #!/bin/bash

if (whiptail --title "Test Yes/No Box" --yes-button "Free software" --no-button "Closed software" --yesno "Which do you like better?" 10 60)

then echo "You chose free software Exit status was $?."

else echo "You chose closed software. Exit status was $?."

fi





You saw the freeform and the password boxes in the previous sections.


Create a Menu Box
When you want to ask a user to choose one among any arbitrary number of choices, you can use a menu box. whiptail –title “<menu title>” –menu “<text to show>” <height> <width> <menu height> [ <tag> <item> ] . . .

Example:

#!/bin/bash
OPTION=$(whiptail –title “Menu Dialog” –menu “Choose your option” 15 60 4 \ “1” “Grilled ham” \ “2” “Swiss Cheese” \ “3” “Charcoal cooked Chicken thighs” \ “4” “Baked potatos” 3>&1 1>&2 2>&3)
exitstatus=$?
if [ $exitstatus = 0 ];
then echo “Your chosen option:” $OPTION
else echo “You chose Cancel.”
fi

Screenshot from 2015-02-07 12:13:57






Create a Radiolist Dialog
A radiolist box is similar to a menu box in the sense that you can choose only option among a list of available options. Unlike a menu box, however, you can indicate which option is selected by default by specifying its status. whiptail –title “<radiolist title>” –radiolist “<text to show>” <height> <width> <list height> [ <tag> <item> <status> ] . . .

Example:

#!/bin/bash
DISTROS=$(whiptail –title “Test Checklist Dialog” –radiolist \ “What is the Linux distro of your choice?” 15 60 4 \ “Debian” “Stable Debian” ON \ “Ubuntu” “Copycat Debian” OFF \ “Centos” “Copycate Redhat” OFF \ “Mint” “Copycat Ubuntu/Debian” OFF 3>&1 1>&2 2>&3)
exitstatus=$?
if [ $exitstatus = 0 ];
then echo “The chosen distro is:” $DISTROS
else echo “You chose Cancel.”
fi

Screenshot from 2015-02-07 12:04:52

Create a Checklist Dialog

A checklist dialog is useful when you want to ask a user to choose more than one option among a list of options, which is in contrast to a radiolist box which allows only one selection. whiptail --title "<checklist title>" --checklist "<text to show>" <height> <width> <list height> [ <tag> <item> <status> ] . . .


Example:
#!/bin/bash

DISTROS=$(whiptail --title "Test Checklist Dialog" --checklist \ "Choose preferred Linux distros" 15 60 4 \ "Debian" "Stable Debian" ON \ "Ubuntu" "Debian copycat" OFF \ "Centos" "Redhat copycat" ON \ "Mint" "Copycat Ubuntu/Debian" OFF 3>&1 1>&2 2>&3)

exitstatus=$?

if [ $exitstatus = 0 ];

then echo "Your favorite distros are:" $DISTROS

else echo "You chose Cancel."

fi



Create a Progress Bar
Another user-friendly dialog box is a progress bar. whiptail reads from standard input a percentage number (0 to 100) and displays a meter inside a gauge box accordingly. whiptail --gauge "<test to show>" <height> <width> <inital percent>
#!/bin/bash
PCT=0
(
while test $PCT != 100;
do
PCT=`expr $PCT + 10`;
echo $PCT;
sleep 1;
done; ) | whiptail --title "GAUGE" --gauge "Hi, this is a gauge widget" 20 70 0
Screenshot from 2015-02-07 11:40:30
By now, you must see how easy it is to create useful dialog boxes in an interactive shell script. Next time you need to write a shell script for someone, why don't you try whiptail

Experimental mysql database setup scripts.

Some experimental mysql database setup scripts. (USE AT YOUR OWN RISK!)

Original script:

#!/bin/bash EXPECTED_ARGS=3 E_BADARGS=65 MYSQL=`which mysql`
#Danger do not use GRANT ALL ON *.*
Q1="CREATE DATABASE IF NOT EXISTS $1;" Q2="GRANT ALL ON *.* TO '$2'@'localhost' IDENTIFIED BY '$3';" Q3="FLUSH PRIVILEGES;" SQL="${Q1}${Q2}${Q3}" if [ $# -ne $EXPECTED_ARGS ] then echo "Usage: $0 dbname dbuser dbpass" exit $E_BADARGS fi $MYSQL -uroot -p -e "$SQL"


To use it, just run:
./createdb testdb testuser secretpass

Someone's modified script:

#!/bin/bash
BTICK=’`’
EXPECTED_ARGS=3
E_BADARGS=65
MYSQL=`which mysql`
Q1=”CREATE DATABASE IF NOT EXISTS ${BTICK}$1${BTICK};”
Q2=”GRANT ALL ON ${BTICK}$1${BTICK}.* TO ‘$2’@’localhost’ IDENTIFIED BY ‘$3′;”
Q3=”FLUSH PRIVILEGES;”
SQL=”${Q1}${Q2}${Q3}”
if [ $# -ne $EXPECTED_ARGS ]
then
echo “Usage: $0 dbname dbuser dbpass”
exit $E_BADARGS
fi
$MYSQL -uroot -p -e “$SQL”

Using a little whiptail:






#!/bin/bash

USERNAME=$(whiptail --title "Mysql username" --inputbox "What is your Mysql username?" 10 60 $USER 3>&1 1>&2 2>&3)

exitstatus=$?
if [ $exitstatus = 0 ]; then
    echo "Your pet name is:" $USERNAME
else
    echo "You chose Cancel." ; exit
fi

PASSWORD=$(whiptail --title "Mysql password" --passwordbox "Enter your password and choose Ok to continue." 10 60 3>&1 1>&2 2>&3)

exitstatus=$?
if [ $exitstatus = 0 ]; then
    echo "Your password is: XXXXXXXX"
else
    echo "You chose Cancel." ; exit
fi

DBNAME=$(whiptail --title "Database name" --inputbox "What is database name?" 10 60 DBNAME 3>&1 1>&2 2>&3)

exitstatus=$?
if [ $exitstatus = 0 ]; then
    echo "Your pet name is:" $DBNAME
else
    echo "You chose Cancel." ; exit
fi
DBUSERNAME=$(whiptail --title "Database username" --inputbox "What is your database user name?" 10 60 DATABASEUSERNAME 3>&1 1>&2 2>&3)

exitstatus=$?
if [ $exitstatus = 0 ]; then
    echo "Your pet name is:" $DBUSERNAME
else
    echo "You chose Cancel." ; exit
fi
DBHOST=$(whiptail --title "Database host name" --inputbox "What is your database host name?" 10 60 DBHOST 3>&1 1>&2 2>&3)

exitstatus=$?
if [ $exitstatus = 0 ]; then
    echo "Your pet name is:" $DBHOST
else
    echo "You chose Cancel." ; exit
fi

DBPASSWORD=$(whiptail --title "Database password" --passwordbox "What is your database password?" 10 60 DBPASSWORD 3>&1 1>&2 2>&3)

exitstatus=$?
if [ $exitstatus = 0 ]; then
    echo "Your password is : XXXXXXXX"
else
    echo "You chose Cancel." ; exit
fi

MYSQL=`which mysql`

Q1="CREATE DATABASE IF NOT EXISTS $DBNAME;"
Q2="GRANT ALL ON $DBNAME.* TO '$DBUSERNAME'@'$DBHOST' IDENTIFIED BY '$DBPASSWORD';"
Q3="FLUSH PRIVILEGES;"
SQL="${Q1}${Q2}${Q3}"

$MYSQL -u $USER -p $PASSWORD -e "$SQL"

Thursday, February 5, 2015

Chmod review.


With more and more people using the command line, changing permissions is a must. Chmod (chmod) is used to change permissions of a file. Do not use it that much except when setting permissions on the .ssh folder or on a web server application directories


i.e.
$ sudo chmod -R 755 appdirectory

or

$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/*

Explanation examples:


PermissionsCommand
UserGroup World
rwx rwx rwx chmod 777 filename
rwxrwxr-x chmod 775 filename
rwxr-x r-x chmod 755 filename
rw-rw-r-- chmod 664 filename
rw-r--r-- chmod 644 filename

r = readable  w = writable x = executable  - = no permission


Here is another way of looking at it:


ugw---function
400r--read by owner
040-r-read by group
004--rread by anybody (other)
200w--write by owner
020-w-write by group
002--wwrite by anybody
100x--execute by owner
010-x-execute by group
001--xexecute by anybody

To get a combination, just add them up. For example, to get read, write, execute by owner, read, execute, by group, and execute by anybody, you would add 400+200+100+040+010+001 to give 751.

There is also a nice web based calculator you can use on a web page of your own making: http://wsabstract.com/script/script2/chmodcal.shtml





Note: Some people like to use:

chmod ugo=rwx myfile

Where the nerds use:

chmod 777 myfile

Wednesday, February 4, 2015

Source code allows software to be immortal.

You can take software from years even decades ago and still reuse it. For example, found some accounting source code originally written as early as the 1970's that can be compiled and used on present day systems. Albeit that the software needs some polish to be presentable by today's standards, it still works just as well.

Account setup:


Then you can enter some data:


Lastly, you can view the results of your entries say in a simple t-account format:


The datafile:

$ cat bizness
02052015               XX X X X X X XXXXXXXXassets             XXXXXXXXXXXXXXXliabilities        XXXXXXXXXXXXXXXcapital            XXXXXXXXXXXXXXXincome             XXXXXXXXXXXXXXXexpenses           XXXXXXXXXXXXXXXunused             XXXXXXXXXXXXXXXunused             XXXXXXXXXXXXXXXincome/expense sum.XXXXXXXXXXXXXXXCash               d�D c Cd@�D czCc�c D
cHCXXXXXXXXSupplies           d C    c�BXXXXXXXXXXXXXEquipment          dzDXXXXXXXXXXXXXXAccounts payable   czd DXXXXXXXXXXXXXNotes Payable      XXXXXXXXXXXXXXXCapital - owner    c�DXXXXXXXXXXXXXXDrawing - owner   
dHCXXXXXXXXXXXXXXFee income         c@�DXXXXXXXXXXXXXXRent               dzCXXXXXXXXXXXXXXSupplies expense       d�BXXXXXXXXXXXXXXTelephone Expense  d�BXXXXXXXXXXXXXX

What software can you put back to work?

Tuesday, February 3, 2015

Arch linux on the rpi



Set up an sd card with arch linux. You should be logged in as root.

Decided to make a sd card with arch linux using these instructions:
SD Card Creation
Replace sdX in the following instructions with the device name for the SD card as it appears on your computer.
  1. Start fdisk to partition the SD card:
    fdisk /dev/sdX
  2. At the fdisk prompt, delete old partitions and create a new one:
    1. Type o. This will clear out any partitions on the drive.
    2. Type p to list partitions. There should be no partitions left.
    3. Type n, then p for primary, 1 for the first partition on the drive, press ENTER to accept the default first sector, then type +100M for the last sector.
    4. Type t, then c to set the first partition to type W95 FAT32 (LBA).
    5. Type n, then p for primary, 2 for the second partition on the drive, and then press ENTER twice to accept the default first and last sector.
    6. Write the partition table and exit by typing w.
  3. Create and mount the FAT filesystem:
    mkfs.vfat /dev/sdX1 mkdir boot mount /dev/sdX1 boot
  4. Create and mount the ext4 filesystem:
    mkfs.ext4 /dev/sdX2 mkdir root mount /dev/sdX2 root
  5. Download and extract the root filesystem (as root, not via sudo):
    wget http://archlinuxarm.org/os/ArchLinuxARM-rpi-latest.tar.gz
  6.  sudo apt-get install bsdtar
  7. bsdtar -xpf ArchLinuxARM-rpi-latest.tar.gz -C root sync
  8. Move boot files to the first partition:
    mv root/boot/* boot
  9. Unmount the two partitions:
    umount boot root
  10. Insert the SD card into the Raspberry Pi, connect ethernet, and apply 5V power.
  11. Use the serial console or SSH to the IP address given to the board by your router. The default root password is ‘root’.
  12. Once you log in be sure to update the  system with pacman -Syu


Monday, February 2, 2015

Experimental AM transmitter.

Try at your own risk. Your system could be damaged.






Plug goes into a sound card output. Of course, you will need an AM capable radio to receive the transmissions. Dial needs to be set at or near 100x10khz. There was several strong competing stations where we tested this project.