1.) Munging a Document and Comparing Message Digests [Top]
To do this exercise you will need to be root.
On your machine type:
# cat /etc/motd
Look at your neighbour's machine. Is their file exactly the same as yours? Can you be sure?
Now run the file through the sha1 one-way hashing function:
# sha1 /etc/motd
Let's do this again and save the results to a file:
# sha1 /etc/motd > /tmp/motd-hash
Now change ONE (1) character in your /etc/motd file and repeat the sha1 test. You may want to do this using two terminals. One to have your sha1 output displayed and the other for editing the /etc/motd file.
Example:
# vi /etc/motd
One character change. Save the file and exit. Now we'll run sha1
again, save the results to the same motd-hash
file and
compare the hashes.
# sha1 /etc/motd >> /tmp/motd-hash
Compare the results with your neighbor, or with your previous sha1 message digest. They should be very different.
As discused the sha1 hashing algorithm is no longer considered
reliable. You can do this same exercises using sha256
instead.
Note: In Linux the equivalent hashing functions are named
sha1sum
and sha256sum
.
2.) Generate Public/Private Key Pair for SSH [Top]
Note: Please be sure that you are logged in and using your inst account for this exercise - not root.
We will now generate a single RSA SSH protocol 2 key of 2048 bits. To do this, issue the following commands.
You will be prompted for a file location for the key as well as for a passphrase to encrypt the key file. Do not change the default filename or location for the key.$ cd
$ ssh-keygen -t rsa -b 2048
This command output should look like:
Be sure to enter a passphrase. Private key files without passphrases are a security hole. Your passphrase can be pretty much anything you want and as long as you want - including spaces.Generating public/private rsa key pair. Enter file in which to save the key (/home/admin/.ssh/id_rsa): [PRESS ENTER] Created directory '/home/inst/.ssh'. Enter passphrase (empty for no passphrase): [TYPE IN PASSPHRASE] Enter the same passphrase again: [TYPE IN SAME PASSPHRASE] ...
You will see something like this:
Your private key should now be protected by a passphrase. This means to use your public/private key combination you will need to type in your passphrase (not your inst account's password) when prompted.Your identification has been saved in /home/inst/.ssh/id_rsa. Your public key has been saved in /home/inst/.ssh/id_rsa.pub. The key fingerprint is: d9:99:7c:ad:80:90:df:8c:1b:7e:79:a4:bb:c3:89:a1 inst@pc10.sae.mtg.afnog.org The key's randomart image is: +--[ RSA 2048]----+ | E. | | .. | | . | | + | | o oSo . | | = o.o . | | . o *.o. | | = *o. | | =** | +-----------------+
3.) Copy Your Public Key to Your Neighbor's inst Account [Top]
To avoid problems please use this neighbor list for this exercise:
Note: "pcX" refers to your neighbor's machine. If your neighbor is pc10, then pcX would be pc10, etc.
This exercise can be confusing. To make thing easier open two terminal
windows on your desktop. In one window make sure you are the
inst
user on your machine. We will call this your
local window.
In another window type:
$ ssh inst@pcX
This will be your remote window.
You have already generated your public/private ssh key pair. In your local window do the following:
$ cd ~/.ssh
$ scp id_rsa.pub inst@pcX:/tmp/.
In your remote window do:
$ cd ~/.ssh
$ cat /tmp/id_rsa.pub >> authorized_keys
$ rm /tmp/id_rsa.pub
You now have your public key for the inst
user in the
authorized_keys
file for the inst
on your
neighbor's machine.
In your local window connect to your neighbor's machine as inst
using ssh:
$ ssh inst@pcX
You should have been prompted for the passphrase of your
private key instead of the password for inst on your neighbor's
machine. If this is what happened, then you are done. Your
public/private key pair is now in use between your machine and your
neighbor's machine.
If you remember our discussion in the presentation this is cool.
Remember to log out of your neighbor's machine in both your local window and your remote window by doing:
# exit
Hervey Allen