Project owner: | Overdrive |
Interested: | Filuta, Rado808,Cyberian, MiM |
Related: | GitHub - Labka Repo : Secretary scripts – GitHub : Over's IRSSI config - comment-less – Par zakladu Linuxovych commandu - vyhodit SSH heslo a nastavit klice, SCP, tar.gz a podobne – zajimave vychytavky pro terminal |
Linkz: | |
Training materials - README | us/pw: student:student1 |
https://www.xquartz.org/ | w11 pro mac |
http://www.geo.mtu.edu/geoschem/docs/putty_install.html | X11 forward s PUTTY a XMING |
https://mobaxterm.mobatek.net/ | nahrada PUTTY s vlastnim X serverem, MUSH, telnetem a hromadou vychytavek |
License: | Uveďte původ-Zachovejte licenci CC BY-SA |
IRC DCC send and accept file:
/dcc send Secretary /home/over/ToDo.txt
/dcc get Over23 ToDo.txt
/dcc close get nick file“
* Takhle nejak je spravne generovani klicu
na serveru kam se chceme dostat
mkdir ~/.ssh chmod 700 ~/.ssh touch ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys
na lokalni masine, ze ktere na ten server lezem
over@SemTex ~> ssh-keygen -t dsa -C "over@labka.cz"
Generating public/private dsa key pair. Enter file in which to save the key (/Users/over/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/over/.ssh/id_dsa. Your public key has been saved in /Users/over/.ssh/id_dsa.pub. The key fingerprint is: SHA256:7+ZxyiHPi5n5cUCDbqe/5D8Vd2Uc7mM2fWAoBN7rVxA over@labka.cz The key's randomart image is: +---[DSA 1024]----+ | ... E o.| | . + o. +| | o = o oo.| | . . + oo.+| | S + .O+| | . = . .+ +| | o B +. | | #.O. | | =+&+.. | +----[SHA256]-----+
porad na lokalni masine, ze ktere na ten server lezem
over@SemTex ~> ssh-copy-id -i /Users/over/.ssh/id_dsa.pub over@labka /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/over/.ssh/id_dsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'over@labka'" and check to make sure that only the key(s) you wanted were added.
na lokalni masine, ze ktere na ten server lezem [jmenuje se jinak nez darkstar] * spravne jsi si vygeneroval klic
ssh-keygen -t rsa -C "filuta.cz@gmail.com"
* ale poslal jsi mi jej blbe…. ecfds-sha3-mistp256 ma byt na stejnem radku jako zbtek retezce jen oddeleny mezerou; to vzniklo asi nejakym pitomim copy pastem, do priste najdem nejake mozne nastaveni jak spravne copy-pastovat nebo zkusime jina okynka
ecdsa-sha3-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJKjKbRMNEIvBbjx/6PLq90X35uWAvWW2z36+E8SHB64eQ2EBqi6OISyxc9QXFsHlQx059ntwIE+CCdO6cPf7HM= filuta.cz@gmail.com
ecdsa-sha3-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJKjKbRMNEIvBbjx/6PLq90X35uWAvWW2z36+E8SHB64eQ2EBqi6OISyxc9QXFsHlQx059ntwIE+CCdO6cPf7HM= filuta.cz@gmail.com
na serveru kam lezem [jmenuje se darkstar]
[root@darkstar filuta]# pwd /home/filuta [root@darkstar filuta]# ls -la total 28 drwx------ 4 filuta filuta 136 Jul 14 04:23 . drwxr-xr-x. 19 root root 4096 Jul 13 19:35 .. -rw------- 1 filuta filuta 13 Jul 14 04:23 .bash_history -rw-r--r-- 1 filuta filuta 18 Oct 30 2018 .bash_logout -rw-r--r-- 1 filuta filuta 193 Oct 30 2018 .bash_profile -rw-r--r-- 1 filuta filuta 231 Oct 30 2018 .bashrc -rw-r--r-- 1 filuta filuta 334 Oct 30 2018 .emacs drwxr-xr-x 4 filuta filuta 37 Mar 28 2017 .mozilla drwx------ 2 root root 28 Jul 14 04:32 .ssh -rw------- 1 filuta filuta 66 Jul 14 04:18 .Xauthority <code> * logickym resenim bylo tedy opravit vlastnika souboru, aby pouze vlastnik mel pravo 'rwx' a nikdo dalsi, ale aby vlastnikem byl 'filuta' * to udelame pomoci pripazu chown = change owner; a chgrp = change group [jeste nakonci ukazu, jak se muzes optat, kdyz nevis, jake commandy se k necemu pouzivaji, k tomu se taky dostanem] * nejdriv si opravim ownera, coz se dela commandem 'chown', pouziji jej s parametrem '-R', coz znamena rekurzi, tedy i vsechny soubory v adresari, ktery opravuji budou patrit filutovi; vsimni si, ze to musim delat jako root, protoze nikdo jiny nema prava se souborem manipulovat; zatim <code> [root@darkstar filuta]# chown -R filuta /home/filuta/.ssh/ [root@darkstar filuta]# ls -la | grep ssh drwx------ 2 filuta root 28 Jul 14 04:32 .ssh
[root@darkstar filuta]# touch .SsH
[root@darkstar filuta]# ls -la | grep ssh drwx------ 2 filuta root 28 Jul 14 04:32 .ssh
[root@darkstar filuta]# ls -la | grep -i ssh drwx------ 2 filuta root 28 Jul 14 04:32 .ssh -rw-r--r-- 1 root root 0 Jul 14 05:05 .SsH
* tak si teda promaznem .SsH, pac je k nicemu, pouzil jsem '-v' tedy ukecanou verzi prikazu, a '-R' coz je zase rekurze, tedy smazal by i adresar a vsechno co se v nem nachazi... na tyhle prikazy HODNE bacha, jednou neco smazes jako root, tak je to smazany
[root@darkstar filuta]# rm -Rv .SsH rm: remove regular empty file ‘.SsH’? y removed ‘.SsH’ [root@darkstar filuta]# ls -la |grep -i ssh drwx------ 2 filuta root 28 Jul 14 04:32 .ssh
* tak jo, tak jsme si jeste zmenili '-R' tedy rekurzivne pomoci 'chgrp' = tedy change group groupu souboru z root na filuta a otestovali jsme si ze ted vidime jen .ssh, ne zadny jiny patvara, a ten ma prava drvw------ tedy user a nikdo jiny s nim muze manipulovat [a je to d = directory]; a tim majitelem je schodou okolnosti filuta...
[root@darkstar filuta]# chgrp -R filuta /home/filuta/.ssh/ [root@darkstar filuta]# ls -la |grep -i ssh drwx------ 2 filuta filuta 28 Jul 14 04:32 .ssh
* na serveru odkud se na darkstar chcem pripojit je jeste dobry mit bookmarky na servery, kdo si ma ty stovky IP furt pamatovat
over@SemTex ~> touch ~/.ssh/config
* zmenim mu prava tak, aby nemel execute [jak se meni prava je dobre si nacit, budem se to ucit], kazdopadne tady mu davam jen prava pro cteni a pro psani
over@SemTex ~> chmod 600 ~/.ssh/config
over@SemTex ~/.ssh> ls -la | grep -i config -rw------- 1 over staff 724 May 3 2018 config
* pomoci editoru nano nebo vim zkopiruj do souboru '~/.ssh/config' plus minus tohlencto
# jak se bude bookmark jmenovat Host labka # misto [SOME USER PICO] napises v tvem pripade 'filuta' user [SOME USER PICO] # kam te tenhle bookmark bude pripojovat.... darkstar ma ip 193.84.207.21 hostname 193.84.207.21 # tady rikas, ze by se Ti docela hodilo, kdyz by na darkstaru nahodou bezely okynka, aby sis je mohl zobrazovat u sebe, v linuxu na to nepotrebujes nic navic na macu: https://www.xquartz.org/ nebo na widlich: https://sourceforge.net/projects/xming/ ForwardX11 yes # tohle je spis pro cyberiana, kterej porad touzil mit nekde jinde a nejak jinak pojmenovanej soukromej klic [tedy druhou pulku k tomu id_dsa.pub, tedy id_dsa # IdentityFile /home/over/ssh_tmp/id_rsa_na_jine_misto # taky zatim pryc, ale ssh daemon normalne posloucha na portu 22, kdyz by posouchal na nejakym jinym, takhle se to rekne # Port 2222
ssh filuta@193.84.207.21 -p 2222 -i /home/over/ssh_tmp/id_rsa_na_jine_misto -X
ssh labka
adelajka@Punch:~$ ssh labka Last login: Sun Jul 14 04:18:57 2019 from 88.88.88.90 [filuta@darkstar ~]$
* no a dik tomu, ze se pripojujes s linuxu, nebo mas uz na jinejch operakach ootahany ty quartzi a mingy, tak kdyz spustis 'xeyes', coz je jen command, ktery nakresly oci, ktery koukaj kde je kurzor mysi… co je na tom ale zajimavy, jak je videt z uvodu commandu [tak zvaneho promptu] [filuta@darkstar]$ = takze ty oci prece bezi na darkstaru, ale zobrazuji se mi na me plose, jak je to mozne? magic. budem to taky probirat. kazdopadne na rozdil od Wondows, neni tedy treba [i kdyz nekdo to ma rad a pak se pouzivaji VMC tooly] se pripojovat k celejm oknum, ktery muzou mit tisice pootviranejchapek a vsechno, proste si jenom pustim appku, kterou chci, a necham si ji zobrazit na masine, z ktere jsem se pripojil [rika se tomu architectura client - server]
[filuta@darkstar ~]$ xeyes
aptitude search neco-co-hledam aptitude install neco-co-chci-installit
THEORY :: Hack password ON rpi we do have SD card but we do not know user and pwd * Power down and pull the SD card out from your Pi and put it into your computer. * Open the file 'cmdline.txt' and add 'init=/bin/sh' to the end. This will cause the machine to boot to single user mode. * Put the SD card back in the Pi and boot. * When the prompt comes up, type 'su' to log in as root (no password needed). * Type “passwd pi” and then follow the prompts to enter a new password. * Shut the machine down, then pull the card again and put the cmdline.txt file back the way it was by removing the 'init=/bin/sh' bit.
REAL LIFE:
systemd.unit=emergency.target
mount -o remount, rw /
sudo passwd root Used password: **dexGauner**
* erased 'init=bin/sh' and 'systemd.unit=emergency.target' from cmdline.txt. * Applied to all four RPI
note: * instead : https://raspberrypi.stackexchange.com/questions/85146/resseting-password-using-init-bin-sh-keyboard-doesnt-work
systemd.unit=emergency.target
mkdir ~/.ssh chmod 700 ~/.ssh touch ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys
over@darkstar>mkdir ~/ssh_tmp ssh-keygen -t rsa -C "tpetru@gmail.com" -f ~/ssh_tmp/id_rsa_na_jine_misto Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/over/ssh_tmp/id_rsa_na_jine_misto Your public key has been saved in /home/over/ssh_tmp/id_rsa_na_jine_misto.pub. The key fingerprint is: SHA256:hriECJShFg+8AKVHVkoqYtBknvhf/sGW+KQr4wqtEUE tpetru@gmail.com The key's randomart image is: +---[RSA 2048]----+ |=EX.. | |*%=o | |@o*. | |** . . . | |o o o o S | | o o + + . | |o . o o * | | + o * . | |. .o.oo.o | +----[SHA256]-----+
touch ~/.ssh/config chmod 600 ~/.ssh/config
* add there this block of code; user needs to be correctly set up:
Host labka user [SOME USER PICO] # here your server user must be configured hostname 193.84.207.21 # ip of LABLA Darkstar in this case ForwardX11 yes #forward windows from Linux server to local machine IdentityFile /home/over/ssh_tmp/id_rsa_na_jine_misto # because strange generatated in previous steps
* next time, you can connect to server by
ssh labka
instead of
ssh [some_user]@193.84.207.21
NSH basics for BSA automation:
nexec -i -e su