ssh keys

OpenSSH format

ssh-keygen -t rsa -f filename

PEM format

ssh-keygen -m pem -t rsa -f filename

this creates two files by the names

filename
filename.pub

Private key created is OpenSSH format by default, it starts and ends with

-----BEGIN OPENSSH PRIVATE KEY-----
...
...
-----END OPENSSH PRIVATE KEY-----

to convert this to PEM format

ssh-keygen -p -N "" -m pem -f filename

PEM format starts and ends with

-----BEGIN RSA PRIVATE KEY-----
...
...
-----END RSA PRIVATE KEY-----

SSH Protocol Handling

To open URLs like: ssh://user@hostname.com
Check to see if ssh protocol handler is already set:
xdg-mime query default x-scheme-handler/ssh
Create desktop entry (.desktop file) for ssh handler:
cat << EOF > ~/.local/share/applications/ssh-handler.desktop
[Desktop Entry]
Name=SSH Handler
GenericName=SSH Handler
Comment=Open ssh URLs - ssh://user@hostname
Version=1.0
Exec=bash -c '(URL="%U" HOST="\${URL:6}"; ssh \$HOST); bash'
Terminal=true
Type=Application
Icon=utilities-terminal
MimeType=x-scheme-handler/ssh;
Keywords=ssh;protocol
EOF
Set default ssh handler:
 xdg-mime default ssh-handler.desktop x-scheme-handler/ssh
Now open URL from browser. Done!

awk (1) cryptsetup (1) dd (2) device (1) drive (1) encryption (2) ext (1) filesystem (1) firefox (1) grep (1) loop-back (1) losetup (1) mkfs (1) mount (1) protocol-handler (1) security (2) sed (1) ssh (3) stat (1) truncate (1) urandom (1)

grep – Useful expressions

Grep file-size from du -sh
Format (10K , 10.1M , 1000.21G)
grep -oE "^[[:digit:]]+(\.[[:digit:]]+)?[KMG]"
Or
grep -oE "^[[:digit:]]+(\.[[:digit:]]+)?[KMG]|^[[:digit:]]+[[:blank:]]"
Grep IP address
grep -E ‘(^|[[:blank:]])[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}([[:blank:]]|$)’ | sed -e ‘s/[[:blank:]]//g’
# grep sed awk
grep -E ‘(^|[[:blank:]])[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}([[:blank:]]|$)’ | sed -e ‘s/[[:blank:]]//g’ | awk -F"." ‘{ if ($1 <= 255 && $2 <= 255 && $3 <= 255 && $4 <= 255) print $1"."$2"."$3"."$4}’
Grep upper or lower character
# grep any upper character and lower ‘a’
grep -E ‘[[:upper:]a]’
# grep upper of lower single alphabet (defined by variable)
(alpha=a;Alpha=`echo ${alpha} | tr [a-z] [A-Z]` ; echo aABab | grep -E ‘[${alpha}${Alpha}]’)

awk (1) cryptsetup (1) dd (2) device (1) drive (1) encryption (2) ext (1) filesystem (1) firefox (1) grep (1) loop-back (1) losetup (1) mkfs (1) mount (1) protocol-handler (1) security (2) sed (1) ssh (3) stat (1) truncate (1) urandom (1)

Loop back device

Filesystem in a file

Create a file
dd if=/dev/zero of=virt_fs.img bs=1024 count=10240

bytes=1024 (1KB)
count=10240
total = 1024*10240 = 10485760 Bytes (10MB)

# or

dd if=/dev/zero of=virt_fs.img bs=1M count=10

# or

truncate -s 10M virt_fs.img

Setup loop-back device

Find first available loop-back device
sudo losetup -f
Create loop back device (using first available loop-back device and file)
sudo losetup /dev/loop0 virt_fs.img
Check status of loop-back devices
sudo losetup -a

Format

Partitioning is optional. Format to ext3 filesystem
mkfs.ext3 -L virtFileSystem /dev/loop0

Mount

Make a mount point
mkdir virtFS
Mount loop-back device
sudo mount -t ext3 /dev/loop0 virtFS

Log

testUser@testBench:~$ dd if=/dev/zero of=virt.fs.img bs=1M count=10
10+0 records in
10+0 records out
10485760 bytes (10 MB) copied, 0.0197492 s, 531 MB/s
testUser@testBench:~$ sudo losetup -f
[sudo] password for testUser:
/dev/loop0
testUser@testBench:~$ sudo losetup /dev/loop0 virt.fs.img
testUser@testBench:~$ sudo losetup -a
/dev/loop0: [0806]:1608731 (/home/testUser/virt.fs.img)
testUser@testBench:~$ mkdir Virt.FS
testUser@testBench:~$ sudo mkfs.ext3 -L VirtFS /dev/loop0
mke2fs 1.42.9 (4-Feb-2014)
Discarding device blocks: done
Filesystem label=VirtFS
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
Stride=0 blocks, Stripe width=0 blocks
2560 inodes, 10240 blocks
512 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=10485760
2 block groups
8192 blocks per group, 8192 fragments per group
1280 inodes per group
Superblock backups stored on blocks:
8193
Allocating group tables: 0/2 done
Writing inode tables: 0/2 done
Creating journal (1024 blocks): done
Writing superblocks and filesystem accounting information: 0/2 done
testUser@testBench:~$ sudo mount -t ext3 /dev/loop0 Virt.FS
testUser@testBench:~$ df -h /home/testUser/Virt.FS
Filesystem Size Used Avail Use% Mounted on
/dev/loop0 8.7M 97K 8.1M 2% /home/testUser/Virt.FS

awk (1) cryptsetup (1) dd (2) device (1) drive (1) encryption (2) ext (1) filesystem (1) firefox (1) grep (1) loop-back (1) losetup (1) mkfs (1) mount (1) protocol-handler (1) security (2) sed (1) ssh (3) stat (1) truncate (1) urandom (1)

Password less (key based) ssh authentication

Password-less authentication using public/private key pair
 Create public/private key pair
 Default is RSA key pair for use with SSH v2
 It is created in .ssh/ in home directory
 Files created are id_rsa (private key file) and id_rsa.pub (public key file)
ssh-keygen -t rsa
Copy public key to remote server .ssh/authorized_keys file
 .ssh/ is in the home directory of remote server user (in this case xyz)
cat .ssh/id_rsa.pub | ssh xyz@192.168.1.100 ‘ \
[ ! -d .ssh ] && mkdir -p -m 700 .ssh ; \
[ ! -f .ssh/authorized_keys ] && touch .ssh/authorized_keys ; \
[ “$(stat -c %a .ssh/authorized_keys)” != 600 ] && chmod 600 .ssh/authorized_keys \
cat – >> .ssh/authorized_keys ; ‘

# Or

cat .ssh/id_rsa.pub | ssh xyz@192.168.1.100 ‘ \
(umask 0077; [ ! -d .ssh ] && mkdir -p .ssh; \
[ ! -f .ssh/authorized_keys ] && touch .ssh/authorized_keys ; \
cat – >> .ssh/authorized_keys ; )’

# Or

ssh-copy-id xyz@192.168.1.100

awk (1) cryptsetup (1) dd (2) device (1) drive (1) encryption (2) ext (1) filesystem (1) firefox (1) grep (1) loop-back (1) losetup (1) mkfs (1) mount (1) protocol-handler (1) security (2) sed (1) ssh (3) stat (1) truncate (1) urandom (1)

cryptsetup

Create a LUKS (Linux Unified Key Setup) formatted, encrypted device:
cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb1
Display encrypted device info:
cryptsetup luksDump /dev/sdb1
Open (unlock) encrypted device
cryptsetup open --type luks /dev/sdb1 crypt
Close (lock) encrypted device
cryptsetup close --type luks crypt
Add pass-phrase from key_file, total of eight are allowed
cryptsetup luksAddKey /dev/sdb1 /home/xyz/key_file
Remove pass-phrase previously added from key_file, undo the above AddKey step
cryptsetup luksRemoveKey /dev/sdb1 /home/xyz/key_file
Open encrypted drive using key file
cryptsetup open --type luks --key-file /home/xyz/key_file /dev/sdb1 crypt

awk (1) cryptsetup (1) dd (2) device (1) drive (1) encryption (2) ext (1) filesystem (1) firefox (1) grep (1) loop-back (1) losetup (1) mkfs (1) mount (1) protocol-handler (1) security (2) sed (1) ssh (3) stat (1) truncate (1) urandom (1)

dd

Fill a device with zeros
dd if=/dev/zero of=/dev/sdb
Fill a device with 1024*10240 bytes of zeros
dd if=/dev/zero of=/dev/sdb count=10240 bs=1024
Create a random key file:
dd if=/dev/urandom of=key_file bs=1024 count=4 iflag=fullblock

awk (1) cryptsetup (1) dd (2) device (1) drive (1) encryption (2) ext (1) filesystem (1) firefox (1) grep (1) loop-back (1) losetup (1) mkfs (1) mount (1) protocol-handler (1) security (2) sed (1) ssh (3) stat (1) truncate (1) urandom (1)