#######
#
# E-scripts on ssh, scp and friends.
#
# Note 1: use the eev command (defined in eev.el) and the
# ee alias (in my .zshrc) to execute parts of this file.
# Executing this file as a whole makes no sense.
#
# Note 2: be VERY careful and make sure you understand what
# you're doing.
#
# Note 3: If you use a shell other than zsh things like |&
# and the for loops may not work.
#
# Note 4: I always run as root.
#
# Note 5: some parts are too old and don't work anymore. Some
# never worked.
#
# Note 6: the definitions for the find-xxxfile commands are on my
# .emacs.
#
# Note 7: if you see a strange command check my .zshrc -- it may
# be defined there as a function or an alias.
#
# Note 8: the sections without dates are always older than the
# sections with dates.
#
# This file is at <http://angg.twu.net/e/ssh.e>
#           or at <http://angg.twu.net/e/ssh.e.html>.
#        See also <http://angg.twu.net/emacs.html>,
#                 <http://angg.twu.net/.emacs[.html]>,
#                 <http://angg.twu.net/.zshrc[.html]>,
#                 <http://angg.twu.net/escripts.html>,
#             and <http://angg.twu.net/>.
#
#######


# Ť.without_passwordť	(to "without_password")
# Ť.mat.puc-rioť	(to "mat.puc-rio")
# Ť.ssh-agent_init.dť	(to "ssh-agent_init.d")
# Ť.snailbookť		(to "snailbook")
# Ť.sshaskpassť		(to "sshaskpass")
# Ť.openssh-deb-srcť	(to "openssh-deb-src")
# Ť.ssh-copy-idť	(to "ssh-copy-id")
# Ť.ssh-vulnkeyť	(to "ssh-vulnkey")
# Ť.known_hostsť	(to "known_hosts")
# Ť.x11-forwardingť	(to "x11-forwarding")
# Ť.expect-ssh-xtermť	(to "expect-ssh-xterm")


# (find-status   "ssh")
# (find-vldifile "ssh.list")
# (find-udfile   "ssh/")
# (find-status   "openssh-client")
# (find-vldifile "openssh-client.list")
# (find-udfile   "openssh-client/")

# (find-man "1 scp")
# (find-man "1 ssh-agent")
# (find-man "1 ssh-keygen")
# (find-man "1 ssh-copy-id")
# (find-man "1 slogin")
# (find-man "1 ssh")
# (find-man "1 ssh-add")
# (find-man "1 make-ssh-known-hosts")
# (find-man "8 sshd")

# (find-man "1 ssh-add")
# (find-fline "~/.ssh/identity")
ssh-add -l

# (find-man "1 make-ssh-known-hosts")
# (find-fline "~/.ssh/known_hosts")

#
echo hello > /tmp/hello
scp -v -B /tmp/hello edrx@angg.twu.net:/home2/edrx/tmp/hello
#

# (find-fline "~edrx/.rhosts")
cat > ~edrx/.rhosts <<'---'
angg
angg root
angg.popolvuh
angg.popolvuh root
---
chown edrx.edrx ~edrx/.rhosts
chmod 600 ~edrx/.rhosts

# ssh -l edrxp angg
scp -v -B /tmp/hello edrxp@angg:hello
scp -v    /tmp/hello edrxp@angg:hello

#

# (find-fline 

# (find-fline "/etc/ssh/")
# (find-fline "/etc/ssh/ssh_config")

# scp -v -B /tmp/hello edrx@angg.twu.net:/home2/edrx/tmp/hello
# Executing: host angg.twu.net, user edrx, command scp -v -t /home2/edrx/tmp/hello
# SSH Version OpenSSH-1.2.3, protocol version 1.5.
# Compiled with SSL.
# debug: Reading configuration data /etc/ssh/ssh_config
# debug: Applying options for *
# debug: ssh_connect: getuid 0 geteuid 0 anon 0
# debug: Connecting to angg.twu.net [63.97.42.127] port 22.
# debug: Allocated local port 721.
# debug: Connection established.
# debug: Remote protocol version 1.99, remote software version OpenSSH_2.1.1
# debug: Waiting for server public key.
# debug: Received server public key (768 bits) and host key (1024 bits).
# debug: Host 'angg.twu.net' is known and matches the host key.
# debug: Encryption type: 3des
# debug: Sent encrypted session key.
# debug: Installing crc compensation attack detector.
# debug: Received encrypted confirmation.
# debug: Trying RSA authentication with key 'root@angg'
# debug: Server refused our key.
# Permission denied.
# debug: Calling cleanup 0x8056840(0x0)
# lost connection


# (code-c-d "ssh" "/usr/src/openssh-1.2.2/")
# (find-sshfile "sshconnect.c" "Trying RSA authentication with key")
# (find-sshfile "readpass.c")

pdsc $SNUDEBIAN/dists/potato/non-US/main/source/openssh_1.2.2-1.4.dsc
cd /usr/src/openssh-1.2.2/
agrep -i 'pass(word|phrase)' $(find *)

groff -Tascii -t -ms RFC.nroff | l -S


#####
#
# ssh
# 99dec04
#
#####

# Ťsshť

psnedebfrom $FNUDEBIAN <<'---'
   31708 dists/slink/non-US/source/ssh_1.2.26-1.2.diff.gz
     578 dists/slink/non-US/source/ssh_1.2.26-1.2.dsc
 1005284 dists/slink/non-US/source/ssh_1.2.26.orig.tar.gz
---

pdsc $SNUDEBIAN/dists/slink/non-US/source/ssh_1.2.26-1.2.dsc
cd /usr/src/ssh-1.2.26/
debian/rules binary	|& tee odrb

mv -v /usr/src/ssh*.deb /usr/src/.debs/
apt-update
apti ssh ssh-askpass

# (find-vldifile "ssh.list")
# (find-fline "/usr/doc/ssh/")

# (find-status   "ssh-askpass")
# (find-vldifile "ssh-askpass.list")
# (find-udfile   "ssh-askpass/")

# (find-sshfile "")
# (find-sshfile "odbp")
# (find-sshfile "debian/")
# (find-sshfile "README")


#####
#
# ssh-agent: logging without password
# 2001may23
#
#####

# Ťwithout_passwordť  (to ".without_password")
# (find-man "ssh" "third authentication method")
# (find-man "ssh-agent")
# (find-man "ssh-add")
# (find-man "make-ssh-known-hosts")

#
# Remove my keys and alephs's (I'm root and this is an offline box).
# (find-fline "~/.ssh/")
# (find-fline "~aleph/.ssh/")
laf ~/.ssh/
rm -v ~/.ssh/*

laf ~aleph/.ssh/
rm -v ~aleph/.ssh/*

# Weird, it seems that sshd remember some authorizations by itself...
# Restart it before running the demo below to get the pristine
# behaviour.
/etc/init.d/ssh restart

#
# Initially logging as aleph requires aleph's password:
cat > $EEG <<'---'
aleph
exit
---
eeg ssh -l aleph angg

# But if I generate a private/public key pair for root,
# (find-man "1 ssh-keygen")
#
cat > $EEG <<'---'

FooBarFoo
FooBarFoo
---
eeg ssh-keygen

# (find-man "ssh" "can log in without giving the password.")
# And I copy my public key to aleph's .ssh/authorized_keys,
#
mkdir ~aleph/.ssh/
cat ~/.ssh/identity.pub >> ~aleph/.ssh/authorized_keys
chown -R aleph:aleph ~aleph/.ssh/
chmod 600 ~aleph/.ssh/authorized_keys

# Then trying to log as aleph will requires root's RSA passphrase.
# Let's start without a ssh-agent to understand how things work.
echo $(pidof ssh-agent)
kill $(pidof ssh-agent)
echo $(pidof ssh-agent)
#
cat > $EEG <<'---'
FooBarFoo
exit
---
eeg ssh -l aleph angg

# And nothing is saved if we just try to log again:
cat > $EEG <<'---'
FooBarFoo
exit
---
eeg ssh -l aleph angg

# If we start a ssh agent:
eval $(ssh-agent)
set | grep -a SSH

# and try to log again as aleph we will still need the passphrase:
cat > $EEG <<'---'
FooBarFoo
exit
---
eeg ssh -l aleph angg

# But maybe this is because the agent knows no keys... If we add
# root's key to it,
ssh-add -l
cat > $EEG <<'---'
FooBarFoo
---
eeg ssh-add
ssh-add -l

# and try again then we see that ssh and the local agent are able to
# convince aleph's sshd that we know the passphrase without we having
# to type it again:
cat > $EEG <<'---'
exit
---
eeg ssh -l aleph angg

# If the agent dies we'll have to type the key again, of course.
echo $(pidof ssh-agent)
kill $(pidof ssh-agent)
echo $(pidof ssh-agent)
#
cat > $EEG <<'---'
FooBarFoo
exit
---
eeg ssh -l aleph angg

# If root loses its ~/.ssh/identity* files then we get back to using
# passwords.
rm -v ~/.ssh/identity*
cat > $EEG <<'---'
aleph
exit
---
eeg ssh -l aleph angg

# And if we generate another pair of keys for root and update the
# agent to use this new key,
# (find-man "1 ssh-keygen")
#
cat > $EEG <<'---'

FooBarFoo
FooBarFoo
---
eeg ssh-keygen
echo $(pidof ssh-agent)
kill $(pidof ssh-agent)
echo $(pidof ssh-agent)
eval $(ssh-agent)
set | grep -a SSH
echo $(pidof ssh-agent)
ssh-add -l
cat > $EEG <<'---'
FooBarFoo
---
eeg ssh-add
ssh-add -l

# Then our keys won't match the ones for root@angg at aleph's place,
# and ssh will give up RSA authentication and fall back to the
# traditional password scheme.
cat > $EEG <<'---'
aleph
exit
---
eeg ssh -l aleph angg

# But of course we can update our public key in aleph's home; as aleph
# is in the local machine we will do that using root's powers, instead
# of logging there with aleph's password...
mkdir ~aleph/.ssh/
cat ~/.ssh/identity.pub >> ~aleph/.ssh/authorized_keys
chown -R aleph:aleph ~aleph/.ssh/
chmod 600 ~aleph/.ssh/authorized_keys

# Note that we have ADDED a second "root@angg" key to aleph's list of
# authorized keys, instead of just replacing the obsolete one... but
# ssh is smart and will check all the keys in the list and use the
# right one: we will be able to log without password or passphrase.
cat > $EEG <<'---'
exit
---
eeg ssh -l aleph angg

# (find-fline "~/.ssh/")
# (find-fline "~aleph/.ssh/")
#


#####
#
# Allow logging from one mat.puc-rio machine into another without password 
# 2001may29
#
#####

# Ťmat.puc-rioť  (to ".mat.puc-rio")
# This trick works because my home dir is shared (NFS).
#
cd ~/.ssh/
rm -v identity identity.pub
ssh-keygen -N '' -f ~/.ssh/identity

#
echo $(pidof ssh-agent)
kill $(pidof ssh-agent)
echo $(pidof ssh-agent)
eval $(ssh-agent)
set | grep -a SSH
ssh-add
ssh-add -l
cd ~/.ssh/
(grep -v mat.puc-rio.br authorized_keys
 cat identity.pub
) > authorized_keys.new
laf authorized_keys*
mv -v authorized_keys.new authorized_keys
laf

#
cd ~/.ssh/
echo $(pidof ssh-agent)
kill $(pidof ssh-agent)
echo $(pidof ssh-agent)
rm -v identity*

#


#####
#
# ssh-agent in init.d
# 2001jun28
#
#####

# Ťssh-agent_init.dť  (to ".ssh-agent_init.d")
#
cat > /etc/init.d/ssh-agent <<'---'
#!/bin/sh
# (find-es "ssh" "ssh-agent_init.d")
case "$1" in
start|restart)
	echo "$1ing ssh-agent:"
	echo $(pidof ssh-agent)
	kill $(pidof ssh-agent)
	echo $(pidof ssh-agent)
	ssh-agent > /tmp/.ssh-agent.out
	;;
stop)
	echo "$1ing ssh-agent:"
	echo $(pidof ssh-agent)
	kill $(pidof ssh-agent)
	echo $(pidof ssh-agent)
	;;
*)
	printf "Usage: $0 {start|stop|restart}\n" >&2
	exit 1
	;;
esac
exit 0
---
chmod 755 /etc/init.d/ssh-agent
# (find-fline "/etc/inittab" "default runlevel")
ln -sf ../init.d/ssh-agent S90ssh-agent

/etc/init.d/ssh-agent restart
# (find-fline "~/.ssh/.ssh-agent.out")
#


#####
#
# Snail Book
# 2006sep23
#
#####

# Ťsnailbookť  (to ".snailbook")
# (find-books "__comp/__comp.el" "ssh")
# http://www.flazx.com/
# http://gigapedia.com/items/4269/ssh--the-secure-shell---the-definitive-guide--2nd-edition--2005-01
# (find-status   "chmlib-bin")
# (find-vldifile "chmlib-bin.list")
# (find-udfile   "chmlib-bin/")
#
cd /tmp/
extract_chmLib \
  ~/tmp/OReilly.SSH.The.Secure.Shell.The.Definitive.Guide.2nd.Edition.May.2005.eBook-DDU.chm \
  /tmp/snail/

#
# (find-fline "/tmp/")
# (find-fline "/tmp/snail/0596008953/")
# (code-c-d "snailbook" "/tmp/snail/0596008953/")
# (find-snailbookfile "")
# (find-snailbookw3m "index_P.html" "port forwarding")


#####
#
# sskaskpass
# 2007dec28
#
#####

# Ťsshaskpassť  (to ".sshaskpass")
# http://www.dicas-l.com.br/dicas-l/20050804.php
# (find-fline "~/.ssh/")
# (find-caramelofile "")
# (find-caramelofile ".ssh/")
# (find-fline "~/.ssh/")
# (find-es "ssh")

 (eepitch-eshell)
 (eepitch-kill)
 (eepitch-eshell)
# ssh-keygen

cd (ee-caramelofile "")
mkdir .ssh/
cd .ssh/
cp ~/id_rsa.pub .
cp ~/id_rsa.pub authorized_keys


 (eepitch-eshell)
 (eepitch-kill)
 (eepitch-eshell)
# ssh-keygen

# (find-zumbifile "")
cd  (ee-zumbifile "")
mkdir .ssh/
cd .ssh/
cp ~/.ssh/id_rsa.pub .
cp ~/.ssh/id_rsa.pub authorized_keys


#####
#
# openssh (from the debian sources)
# 2008jan30
#
#####

# Ťopenssh-deb-srcť  (to ".openssh-deb-src")
# Ťssh-copy-idť  (to ".ssh-copy-id")
# http://ftp.debian.org/debian/pool/main/o/openssh/
# http://ftp.debian.org/debian/pool/main/o/openssh/openssh_4.7p1-2.dsc
# http://ftp.debian.org/debian/pool/main/o/openssh/openssh_4.7p1-2.diff.gz
# http://ftp.debian.org/debian/pool/main/o/openssh/openssh_4.7p1.orig.tar.gz
#
rm -Rv ~/usrc/openssh/
mkdir  ~/usrc/openssh/
cd $S/http/ftp.debian.org/debian/pool/main/o/openssh/
cp -v openssh_4.7p1* ~/usrc/openssh/
cd     ~/usrc/openssh/
dpkg-source -sn -x openssh_4.7p1-2.dsc
cd     ~/usrc/openssh/openssh-4.7p1/
# dpkg-buildpackage -us -uc -b -rfakeroot     |& tee odb

#
# (find-fline "~/usrc/openssh/")
 (eepitch-shell)
cd ~/usrc/openssh/
sudo dpkg -i *.deb

#
# (code-c-d "openssh" "~/usrc/openssh/openssh-4.7p1/")
# (find-opensshfile "")
# (find-opensshgrep "grep -nH -e authorized_keys $(find *)")
# (find-man "1 ssh-copy-id")

# (find-man "ssh-add")

 (eepitch-shell)
 (eepitch-kill)
 (eepitch-shell)
cd ~/.ssh/
cd ~/.ssh/id_rsa.pub
ssh-copy-id edrx@dekooning
ssh-copy-id -i ~/.ssh/id_rsa.pub edrx@dekooning

cd ~/.ssh/
cd ~/.ssh/id_rsa.pub
# (find-fline "~/.ssh/id_rsa.pub")

 (eexterm-dekooning)
 (find-sh0 "xhost +dekooning")
 (find-sh0 "xhost +10.1.0.101")
R
export DISPLAY=10.1.0.101:0
xterm &
ae /etc/hosts


 (eepitch-dekooning)
 (eepitch-kill)
 (eepitch-dekooning)

 (eepitch-dekooning)
 (eepitch-kill)
 (eepitch-dekooning)


cd ~/.ssh/
cd ~/.ssh/id_rsa.pub
ssh-copy-id edrx@dekooning
ssh-copy-id -i ~/.ssh/id_rsa.pub edrx@dekooning


#####
#
# ssh-vulnkey
# 2009apr26
#
#####

# Ťssh-vulnkeyť  (to ".ssh-vulnkey")


#####
#
# "The authenticity of host 'blah' can't be established"
# 2009oct21
#
#####

# Ťknown_hostsť  (to ".known_hosts")
# (find-man "5 ssh_config")
# (find-man "5 ssh_config" "UserKnownHostsFile")
# (find-man "5 ssh_config" "CheckHostIP")
# (find-man "5 ssh_config" "BatchMode")
# (find-man "5 ssh_config" "RSAAuthentication")
# (find-fline "/etc/ssh/ssh_config")
# (find-fline "/etc/ssh/ssh_config" "IdentityFile")
# (find-fline "~/.ssh/known_hosts")

# (find-man "1 ssh")
# (find-man "1 ssh" "    -o option")
# (find-man "1 ssh" "known_hosts")
# (find-man "1 ssh" "    -i identity_file")
# (find-man "1 ssh" "RSAAuthentication")
# (find-man "1 ssh" "HashKnownHosts")
# (find-angg "EXPECT/autopasswd")
# The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
# RSA key fingerprint is fe:91:96:a9:eb:9b:d5:5f:50:36:7d:9e:68:3a:26:cd.
# Are you sure you want to continue connecting (yes/no)? yes

 (eepitch-shell)
 (eepitch-kill)
 (eepitch-shell)
rm -v ~/.ssh/known_hosts
ssh -o 'CheckHostIP=no' edrx@127.0.0.1
ssh -o 'BatchMode=yes' edrx@127.0.0.1
ssh -o 'CheckHostIP=no' -o 'VisualHostKey=yes' edrx@127.0.0.1
ssh -o 'User=aleph' 127.0.0.1


# (find-adduser-links "aleph" "aleph")

 (eepitch-shell)
 (eepitch-kill)
 (eepitch-shell)
ssh aleph@127.0.0.1
# Does not work:
ssh aleph@127.0.0.1 sudo -u edrx zsh


#####
#
# X11 forwarding
# 2010jul01
#
#####

# Ťx11-forwardingť  (to ".x11-forwarding")
# (find-man "1 ssh" "-X" "Enables X11 forwarding")
# (find-efunction 'find-adduser-links)
# (find-adduser-links "aleph" "aleph")

 (eexterm "A")
ssh -X aleph@localhost
aleph
xterm &
exit

 (eexterm "A")
ssh -X aleph@localhost xterm
aleph
xterm &
exit

 (eexterm "A" "ssh -X aleph@localhost")
aleph
ssh -X aleph@localhost xterm


ssh -X aleph@localhost


#####
#
# Expect tricks (unfinished)
# 2010jul01
#
#####

# Ťexpect-ssh-xtermť  (to ".expect-ssh-xterm")
# (find-efunction 'find-adduser-links)
# (find-adduser-links)
# (find-adduser-links "aleph" "aleph")
# (find-es "ssh" "x11-forwarding")
# (find-angg ".zshrc" "autopasswd")
#
# (eev-bounded)

rm -Rv ~/.ssh/
expect -c '
  eval spawn ssh -X aleph@localhost xterm
  proc answer {str} { sleep 0.5; send $str\n }
  interact {
    -o "password: " { send_user "p4ssword: "; answer aleph }
       "(yes/no)? " { send_user "(yes/n0)? "; answer yes }
  }
'

#
# (find-es "expect" "passwords")
# (find-expcommand "interact")

 (eexterm-dekooning)
 (find-sh0 "xhost +dekooning")
 (find-sh0 "xhost +10.1.0.101")
R
export DISPLAY=10.1.0.101:0
xterm &
ae /etc/hosts


#  Local Variables:
#  coding:               raw-text-unix
#  ee-delimiter-hash:    "\n#\n"
#  ee-delimiter-percent: "\n%\n"
#  ee-anchor-format:     "Ť%sť"
#  End: