|
Warning: this is an htmlized version!
The original is across this link, and the conversion rules are here. |
#######
#
# E-scripts on ssh, scp and friends.
#
# Note 1: use the eev command (defined in eev.el) and the
# ee alias (in my .zshrc) to execute parts of this file.
# Executing this file as a whole makes no sense.
#
# Note 2: be VERY careful and make sure you understand what
# you're doing.
#
# Note 3: If you use a shell other than zsh things like |&
# and the for loops may not work.
#
# Note 4: I always run as root.
#
# Note 5: some parts are too old and don't work anymore. Some
# never worked.
#
# Note 6: the definitions for the find-xxxfile commands are on my
# .emacs.
#
# Note 7: if you see a strange command check my .zshrc -- it may
# be defined there as a function or an alias.
#
# Note 8: the sections without dates are always older than the
# sections with dates.
#
# This file is at <http://angg.twu.net/e/ssh.e>
# or at <http://angg.twu.net/e/ssh.e.html>.
# See also <http://angg.twu.net/emacs.html>,
# <http://angg.twu.net/.emacs[.html]>,
# <http://angg.twu.net/.zshrc[.html]>,
# <http://angg.twu.net/escripts.html>,
# and <http://angg.twu.net/>.
#
#######
# «.without_password» (to "without_password")
# «.mat.puc-rio» (to "mat.puc-rio")
# «.ssh-agent_init.d» (to "ssh-agent_init.d")
# «.snailbook» (to "snailbook")
# «.sshaskpass» (to "sshaskpass")
# «.openssh-deb-src» (to "openssh-deb-src")
# «.ssh-copy-id» (to "ssh-copy-id")
# «.ssh-vulnkey» (to "ssh-vulnkey")
# «.known_hosts» (to "known_hosts")
# «.x11-forwarding» (to "x11-forwarding")
# «.expect-ssh-xterm» (to "expect-ssh-xterm")
# (find-status "ssh")
# (find-vldifile "ssh.list")
# (find-udfile "ssh/")
# (find-status "openssh-client")
# (find-vldifile "openssh-client.list")
# (find-udfile "openssh-client/")
# (find-man "1 scp")
# (find-man "1 ssh-agent")
# (find-man "1 ssh-keygen")
# (find-man "1 ssh-copy-id")
# (find-man "1 slogin")
# (find-man "1 ssh")
# (find-man "1 ssh-add")
# (find-man "1 make-ssh-known-hosts")
# (find-man "8 sshd")
# (find-man "1 ssh-add")
# (find-fline "~/.ssh/identity")
ssh-add -l
# (find-man "1 make-ssh-known-hosts")
# (find-fline "~/.ssh/known_hosts")
#*
echo hello > /tmp/hello
scp -v -B /tmp/hello edrx@angg.twu.net:/home2/edrx/tmp/hello
#*
# (find-fline "~edrx/.rhosts")
cat > ~edrx/.rhosts <<'---'
angg
angg root
angg.popolvuh
angg.popolvuh root
---
chown edrx.edrx ~edrx/.rhosts
chmod 600 ~edrx/.rhosts
# ssh -l edrxp angg
scp -v -B /tmp/hello edrxp@angg:hello
scp -v /tmp/hello edrxp@angg:hello
#*
# (find-fline
# (find-fline "/etc/ssh/")
# (find-fline "/etc/ssh/ssh_config")
# scp -v -B /tmp/hello edrx@angg.twu.net:/home2/edrx/tmp/hello
# Executing: host angg.twu.net, user edrx, command scp -v -t /home2/edrx/tmp/hello
# SSH Version OpenSSH-1.2.3, protocol version 1.5.
# Compiled with SSL.
# debug: Reading configuration data /etc/ssh/ssh_config
# debug: Applying options for *
# debug: ssh_connect: getuid 0 geteuid 0 anon 0
# debug: Connecting to angg.twu.net [63.97.42.127] port 22.
# debug: Allocated local port 721.
# debug: Connection established.
# debug: Remote protocol version 1.99, remote software version OpenSSH_2.1.1
# debug: Waiting for server public key.
# debug: Received server public key (768 bits) and host key (1024 bits).
# debug: Host 'angg.twu.net' is known and matches the host key.
# debug: Encryption type: 3des
# debug: Sent encrypted session key.
# debug: Installing crc compensation attack detector.
# debug: Received encrypted confirmation.
# debug: Trying RSA authentication with key 'root@angg'
# debug: Server refused our key.
# Permission denied.
# debug: Calling cleanup 0x8056840(0x0)
# lost connection
# (code-c-d "ssh" "/usr/src/openssh-1.2.2/")
# (find-sshfile "sshconnect.c" "Trying RSA authentication with key")
# (find-sshfile "readpass.c")
pdsc $SNUDEBIAN/dists/potato/non-US/main/source/openssh_1.2.2-1.4.dsc
cd /usr/src/openssh-1.2.2/
agrep -i 'pass(word|phrase)' $(find *)
groff -Tascii -t -ms RFC.nroff | l -S
#####
#
# ssh
# 99dec04
#
#####
# «ssh»
psnedebfrom $FNUDEBIAN <<'---'
31708 dists/slink/non-US/source/ssh_1.2.26-1.2.diff.gz
578 dists/slink/non-US/source/ssh_1.2.26-1.2.dsc
1005284 dists/slink/non-US/source/ssh_1.2.26.orig.tar.gz
---
pdsc $SNUDEBIAN/dists/slink/non-US/source/ssh_1.2.26-1.2.dsc
cd /usr/src/ssh-1.2.26/
debian/rules binary |& tee odrb
mv -v /usr/src/ssh*.deb /usr/src/.debs/
apt-update
apti ssh ssh-askpass
# (find-vldifile "ssh.list")
# (find-fline "/usr/doc/ssh/")
# (find-status "ssh-askpass")
# (find-vldifile "ssh-askpass.list")
# (find-udfile "ssh-askpass/")
# (find-sshfile "")
# (find-sshfile "odbp")
# (find-sshfile "debian/")
# (find-sshfile "README")
#####
#
# ssh-agent: logging without password
# 2001may23
#
#####
# «without_password» (to ".without_password")
# (find-man "ssh" "third authentication method")
# (find-man "ssh-agent")
# (find-man "ssh-add")
# (find-man "make-ssh-known-hosts")
#*
# Remove my keys and alephs's (I'm root and this is an offline box).
# (find-fline "~/.ssh/")
# (find-fline "~aleph/.ssh/")
laf ~/.ssh/
rm -v ~/.ssh/*
laf ~aleph/.ssh/
rm -v ~aleph/.ssh/*
# Weird, it seems that sshd remember some authorizations by itself...
# Restart it before running the demo below to get the pristine
# behaviour.
/etc/init.d/ssh restart
#*
# Initially logging as aleph requires aleph's password:
cat > $EEG <<'---'
aleph
exit
---
eeg ssh -l aleph angg
# But if I generate a private/public key pair for root,
# (find-man "1 ssh-keygen")
#
cat > $EEG <<'---'
FooBarFoo
FooBarFoo
---
eeg ssh-keygen
# (find-man "ssh" "can log in without giving the password.")
# And I copy my public key to aleph's .ssh/authorized_keys,
#
mkdir ~aleph/.ssh/
cat ~/.ssh/identity.pub >> ~aleph/.ssh/authorized_keys
chown -R aleph:aleph ~aleph/.ssh/
chmod 600 ~aleph/.ssh/authorized_keys
# Then trying to log as aleph will requires root's RSA passphrase.
# Let's start without a ssh-agent to understand how things work.
echo $(pidof ssh-agent)
kill $(pidof ssh-agent)
echo $(pidof ssh-agent)
#
cat > $EEG <<'---'
FooBarFoo
exit
---
eeg ssh -l aleph angg
# And nothing is saved if we just try to log again:
cat > $EEG <<'---'
FooBarFoo
exit
---
eeg ssh -l aleph angg
# If we start a ssh agent:
eval $(ssh-agent)
set | grep -a SSH
# and try to log again as aleph we will still need the passphrase:
cat > $EEG <<'---'
FooBarFoo
exit
---
eeg ssh -l aleph angg
# But maybe this is because the agent knows no keys... If we add
# root's key to it,
ssh-add -l
cat > $EEG <<'---'
FooBarFoo
---
eeg ssh-add
ssh-add -l
# and try again then we see that ssh and the local agent are able to
# convince aleph's sshd that we know the passphrase without we having
# to type it again:
cat > $EEG <<'---'
exit
---
eeg ssh -l aleph angg
# If the agent dies we'll have to type the key again, of course.
echo $(pidof ssh-agent)
kill $(pidof ssh-agent)
echo $(pidof ssh-agent)
#
cat > $EEG <<'---'
FooBarFoo
exit
---
eeg ssh -l aleph angg
# If root loses its ~/.ssh/identity* files then we get back to using
# passwords.
rm -v ~/.ssh/identity*
cat > $EEG <<'---'
aleph
exit
---
eeg ssh -l aleph angg
# And if we generate another pair of keys for root and update the
# agent to use this new key,
# (find-man "1 ssh-keygen")
#
cat > $EEG <<'---'
FooBarFoo
FooBarFoo
---
eeg ssh-keygen
echo $(pidof ssh-agent)
kill $(pidof ssh-agent)
echo $(pidof ssh-agent)
eval $(ssh-agent)
set | grep -a SSH
echo $(pidof ssh-agent)
ssh-add -l
cat > $EEG <<'---'
FooBarFoo
---
eeg ssh-add
ssh-add -l
# Then our keys won't match the ones for root@angg at aleph's place,
# and ssh will give up RSA authentication and fall back to the
# traditional password scheme.
cat > $EEG <<'---'
aleph
exit
---
eeg ssh -l aleph angg
# But of course we can update our public key in aleph's home; as aleph
# is in the local machine we will do that using root's powers, instead
# of logging there with aleph's password...
mkdir ~aleph/.ssh/
cat ~/.ssh/identity.pub >> ~aleph/.ssh/authorized_keys
chown -R aleph:aleph ~aleph/.ssh/
chmod 600 ~aleph/.ssh/authorized_keys
# Note that we have ADDED a second "root@angg" key to aleph's list of
# authorized keys, instead of just replacing the obsolete one... but
# ssh is smart and will check all the keys in the list and use the
# right one: we will be able to log without password or passphrase.
cat > $EEG <<'---'
exit
---
eeg ssh -l aleph angg
# (find-fline "~/.ssh/")
# (find-fline "~aleph/.ssh/")
#*
#####
#
# Allow logging from one mat.puc-rio machine into another without password
# 2001may29
#
#####
# «mat.puc-rio» (to ".mat.puc-rio")
# This trick works because my home dir is shared (NFS).
#*
cd ~/.ssh/
rm -v identity identity.pub
ssh-keygen -N '' -f ~/.ssh/identity
#*
echo $(pidof ssh-agent)
kill $(pidof ssh-agent)
echo $(pidof ssh-agent)
eval $(ssh-agent)
set | grep -a SSH
ssh-add
ssh-add -l
cd ~/.ssh/
(grep -v mat.puc-rio.br authorized_keys
cat identity.pub
) > authorized_keys.new
laf authorized_keys*
mv -v authorized_keys.new authorized_keys
laf
#*
cd ~/.ssh/
echo $(pidof ssh-agent)
kill $(pidof ssh-agent)
echo $(pidof ssh-agent)
rm -v identity*
#*
#####
#
# ssh-agent in init.d
# 2001jun28
#
#####
# «ssh-agent_init.d» (to ".ssh-agent_init.d")
#*
cat > /etc/init.d/ssh-agent <<'---'
#!/bin/sh
# (find-es "ssh" "ssh-agent_init.d")
case "$1" in
start|restart)
echo "$1ing ssh-agent:"
echo $(pidof ssh-agent)
kill $(pidof ssh-agent)
echo $(pidof ssh-agent)
ssh-agent > /tmp/.ssh-agent.out
;;
stop)
echo "$1ing ssh-agent:"
echo $(pidof ssh-agent)
kill $(pidof ssh-agent)
echo $(pidof ssh-agent)
;;
*)
printf "Usage: $0 {start|stop|restart}\n" >&2
exit 1
;;
esac
exit 0
---
chmod 755 /etc/init.d/ssh-agent
# (find-fline "/etc/inittab" "default runlevel")
ln -sf ../init.d/ssh-agent S90ssh-agent
/etc/init.d/ssh-agent restart
# (find-fline "~/.ssh/.ssh-agent.out")
#*
#####
#
# Snail Book
# 2006sep23
#
#####
# «snailbook» (to ".snailbook")
# (find-books "__comp/__comp.el" "ssh")
# http://www.flazx.com/
# http://gigapedia.com/items/4269/ssh--the-secure-shell---the-definitive-guide--2nd-edition--2005-01
# (find-status "chmlib-bin")
# (find-vldifile "chmlib-bin.list")
# (find-udfile "chmlib-bin/")
#*
cd /tmp/
extract_chmLib \
~/tmp/OReilly.SSH.The.Secure.Shell.The.Definitive.Guide.2nd.Edition.May.2005.eBook-DDU.chm \
/tmp/snail/
#*
# (find-fline "/tmp/")
# (find-fline "/tmp/snail/0596008953/")
# (code-c-d "snailbook" "/tmp/snail/0596008953/")
# (find-snailbookfile "")
# (find-snailbookw3m "index_P.html" "port forwarding")
#####
#
# sskaskpass
# 2007dec28
#
#####
# «sshaskpass» (to ".sshaskpass")
# http://www.dicas-l.com.br/dicas-l/20050804.php
# (find-fline "~/.ssh/")
# (find-caramelofile "")
# (find-caramelofile ".ssh/")
# (find-fline "~/.ssh/")
# (find-es "ssh")
* (eepitch-eshell)
* (eepitch-kill)
* (eepitch-eshell)
# ssh-keygen
cd (ee-caramelofile "")
mkdir .ssh/
cd .ssh/
cp ~/id_rsa.pub .
cp ~/id_rsa.pub authorized_keys
* (eepitch-eshell)
* (eepitch-kill)
* (eepitch-eshell)
# ssh-keygen
# (find-zumbifile "")
cd (ee-zumbifile "")
mkdir .ssh/
cd .ssh/
cp ~/.ssh/id_rsa.pub .
cp ~/.ssh/id_rsa.pub authorized_keys
#####
#
# openssh (from the debian sources)
# 2008jan30
#
#####
# «openssh-deb-src» (to ".openssh-deb-src")
# «ssh-copy-id» (to ".ssh-copy-id")
# http://ftp.debian.org/debian/pool/main/o/openssh/
# http://ftp.debian.org/debian/pool/main/o/openssh/openssh_4.7p1-2.dsc
# http://ftp.debian.org/debian/pool/main/o/openssh/openssh_4.7p1-2.diff.gz
# http://ftp.debian.org/debian/pool/main/o/openssh/openssh_4.7p1.orig.tar.gz
#*
rm -Rv ~/usrc/openssh/
mkdir ~/usrc/openssh/
cd $S/http/ftp.debian.org/debian/pool/main/o/openssh/
cp -v openssh_4.7p1* ~/usrc/openssh/
cd ~/usrc/openssh/
dpkg-source -sn -x openssh_4.7p1-2.dsc
cd ~/usrc/openssh/openssh-4.7p1/
# dpkg-buildpackage -us -uc -b -rfakeroot |& tee odb
#*
# (find-fline "~/usrc/openssh/")
* (eepitch-shell)
cd ~/usrc/openssh/
sudo dpkg -i *.deb
#*
# (code-c-d "openssh" "~/usrc/openssh/openssh-4.7p1/")
# (find-opensshfile "")
# (find-opensshgrep "grep -nH -e authorized_keys $(find *)")
# (find-man "1 ssh-copy-id")
# (find-man "ssh-add")
* (eepitch-shell)
* (eepitch-kill)
* (eepitch-shell)
cd ~/.ssh/
cd ~/.ssh/id_rsa.pub
ssh-copy-id edrx@dekooning
ssh-copy-id -i ~/.ssh/id_rsa.pub edrx@dekooning
cd ~/.ssh/
cd ~/.ssh/id_rsa.pub
# (find-fline "~/.ssh/id_rsa.pub")
* (eexterm-dekooning)
* (find-sh0 "xhost +dekooning")
* (find-sh0 "xhost +10.1.0.101")
R
export DISPLAY=10.1.0.101:0
xterm &
ae /etc/hosts
* (eepitch-dekooning)
* (eepitch-kill)
* (eepitch-dekooning)
* (eepitch-dekooning)
* (eepitch-kill)
* (eepitch-dekooning)
cd ~/.ssh/
cd ~/.ssh/id_rsa.pub
ssh-copy-id edrx@dekooning
ssh-copy-id -i ~/.ssh/id_rsa.pub edrx@dekooning
#####
#
# ssh-vulnkey
# 2009apr26
#
#####
# «ssh-vulnkey» (to ".ssh-vulnkey")
#####
#
# "The authenticity of host 'blah' can't be established"
# 2009oct21
#
#####
# «known_hosts» (to ".known_hosts")
# (find-man "5 ssh_config")
# (find-man "5 ssh_config" "UserKnownHostsFile")
# (find-man "5 ssh_config" "CheckHostIP")
# (find-man "5 ssh_config" "BatchMode")
# (find-man "5 ssh_config" "RSAAuthentication")
# (find-fline "/etc/ssh/ssh_config")
# (find-fline "/etc/ssh/ssh_config" "IdentityFile")
# (find-fline "~/.ssh/known_hosts")
# (find-man "1 ssh")
# (find-man "1 ssh" " -o option")
# (find-man "1 ssh" "known_hosts")
# (find-man "1 ssh" " -i identity_file")
# (find-man "1 ssh" "RSAAuthentication")
# (find-man "1 ssh" "HashKnownHosts")
# (find-angg "EXPECT/autopasswd")
# The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
# RSA key fingerprint is fe:91:96:a9:eb:9b:d5:5f:50:36:7d:9e:68:3a:26:cd.
# Are you sure you want to continue connecting (yes/no)? yes
* (eepitch-shell)
* (eepitch-kill)
* (eepitch-shell)
rm -v ~/.ssh/known_hosts
ssh -o 'CheckHostIP=no' edrx@127.0.0.1
ssh -o 'BatchMode=yes' edrx@127.0.0.1
ssh -o 'CheckHostIP=no' -o 'VisualHostKey=yes' edrx@127.0.0.1
ssh -o 'User=aleph' 127.0.0.1
# (find-adduser-links "aleph" "aleph")
* (eepitch-shell)
* (eepitch-kill)
* (eepitch-shell)
ssh aleph@127.0.0.1
# Does not work:
ssh aleph@127.0.0.1 sudo -u edrx zsh
#####
#
# X11 forwarding
# 2010jul01
#
#####
# «x11-forwarding» (to ".x11-forwarding")
# (find-man "1 ssh" "-X" "Enables X11 forwarding")
# (find-efunction 'find-adduser-links)
# (find-adduser-links "aleph" "aleph")
* (eexterm "A")
ssh -X aleph@localhost
aleph
xterm &
exit
* (eexterm "A")
ssh -X aleph@localhost xterm
aleph
xterm &
exit
* (eexterm "A" "ssh -X aleph@localhost")
aleph
ssh -X aleph@localhost xterm
ssh -X aleph@localhost
#####
#
# Expect tricks (unfinished)
# 2010jul01
#
#####
# «expect-ssh-xterm» (to ".expect-ssh-xterm")
# (find-efunction 'find-adduser-links)
# (find-adduser-links)
# (find-adduser-links "aleph" "aleph")
# (find-es "ssh" "x11-forwarding")
# (find-angg ".zshrc" "autopasswd")
#*
# (eev-bounded)
rm -Rv ~/.ssh/
expect -c '
eval spawn ssh -X aleph@localhost xterm
proc answer {str} { sleep 0.5; send $str\n }
interact {
-o "password: " { send_user "p4ssword: "; answer aleph }
"(yes/no)? " { send_user "(yes/n0)? "; answer yes }
}
'
#*
# (find-es "expect" "passwords")
# (find-expcommand "interact")
* (eexterm-dekooning)
* (find-sh0 "xhost +dekooning")
* (find-sh0 "xhost +10.1.0.101")
R
export DISPLAY=10.1.0.101:0
xterm &
ae /etc/hosts
# Local Variables:
# coding: raw-text-unix
# ee-delimiter-hash: "\n#*\n"
# ee-delimiter-percent: "\n%*\n"
# ee-anchor-format: "«%s»"
# End: