ssh keys

ssh keys can be configured to enhance security, with password-less logins. no password is typed or transmitted.

the basic steps are:
- generate your keys at local end
- secure your private key
- gather your public key
- add public key to remote end

we will look at my two preferred tools:
(1) putty
(2) dropbear

i don't seem to prefer openssh, the seemingly defacto standard, as i consider it bloatware. too big does obscure/obfuscate vulnerabilities. look at my preferred alternatives - so tiny, so beautiful :-)


putty-tools are rather quirky to get right the first time. but once you have them setup right, and understand what you are doing, you'll love 'em. i like them also because they are much smaller and efficient than openssh-client, the supposedly defacto standard. putty, though, is very much the defacto choice on windows.

generate your rsa key file on the ssh client
$ puttygen -t rsa -b 4096 -o puttygen_rsa

do not modify puttygen_rsa. copy the Public-Lines from the key file to another file, say puttygen_rsa.pub.

ensure all puttygen_rsa.pub is one word on one line, i.e. join all lines together, with no spaces in between.

now insert "ssh-rsa" and a space in front. you may optionally add your id at the end, ie a space and "ssh-user@ssh-client". there should be a space in between each of these three items. and this file still contains everything on one line only - your public key.

send your puttygen_rsa.pub to ssh servers
$ pscp -v ~/.ssh/puttygen_rsa.pub ssh-user@ssh-server:/home/ssh-user/.ssh/

at the ssh-server
$ cd .ssh
$ cat puttygen_rsa.pub >> authorized_keys


ssh config is now complete, and we can test it from the client.
$ plink -v -i .ssh/puttygen_rsa ssh-user@ssh-server
$ plink -v -X -i .ssh/puttygen_rsa ssh-user@ssh-server
$ pscp -v -i .ssh/puttygen_rsa source-files ssh-user@ssh-server:/destination-directory



dbclient is much simpler, generate your rsa key file on the ssh client
$ cd ~/.ssh
$ dropbearkey -t rsa -s 4096 -f dropbearkey_rsa


copy/paste the generated Public key portion to dropbearkey_rsa.pub and send it to the remote end.
$ scp -S dbclient dropbearkey_rsa.pub ssh-user@ssh-server:/home/ssh-user/.ssh/

at the remote end, add your public key to ~/.ssh/authorized_keys.
$ cd ~/.ssh
$ cat dropbearkey_rsa.pub >> authorized_keys


now you can ssh from your client
$ dbclient -i ~/.ssh/dropbearkey_rsa ssh-user@ssh-server
$ scp -S dbclient -i ~/.ssh/dropbearkey_rsa source-file ssh-user@ssh-server:/directory

ssh clients

my last post was about my preferred ssh-server. and this post is about my preferred ssh-clients.

ssh-client configuration has to be done at both endpoints - (i) ssh-client computer, and (ii) ssh-server.

dbclient is included within dropbear.

$ dbclient ssh-user@ssh-server
$ scp -S dbclient source-file ssh-user@ssh-server:/directory


though dbclient is very efficient, you might find it lacking sometimes. i couldn't figure out how to forward X.
also, if you do not have dropbear installed, you might not want to install the dropbear server, just to get dbclient.

i much prefer putty, and specifically the cmdline putty-tools. they are a bit quirky to get right the first time. but once setup correctly, you'll love 'em. i like them also because they are much smaller and efficient than openssh-client, the supposedly defacto standard.
putty, though, is very much the defacto choice on windows. there aren't many alternatives.

$ pscp source-file ssh-user@ssh-server:/destination-directory
$ plink ssh-user@ssh-server


enable X!! forwarding
$ plink -X ssh-user@ssh-server
$ xeyes


enjoy! :-)

dropbear ssh server

i prefer dropbear, because it is much smaller and more efficient than openssh.

install dropbear in debian, with
# apt-get install dropbear

this package contains an ssh server called dropbear and an ssh client called dbclient.

ssh keys

(re)generate your keys

# dropbearkey -t dss -s 1024 -f /etc/dropbear/dropbear_dss_host_key
# dropbearkey -t rsa -s 4096 -f /etc/dropbear/dropbear_rsa_host_key
# /etc/init.d/dropbear restart


remember to save both the private keys and the public keys.

dropbear can be configured in /etc/default/dropbear.

nook pin lock

you might want to secure your nook, if you have personal data on it. you can set a screen lock with a 4-digit pin. enter the following command in terminal or adb.

$ am start -n com.android.settings/.ChooseLockPin

you can change your pin the same way.

but removing the pin is a bit tricky, and needs a bit more hardcore hacking. this pin is stored in /data/data/com.android.providers.settings/databases/settings.db. use sqlite3 to remove the entry.

$ sqlite3 settings.db
delete from system where name like 'lock%';
.q

NetworkManager

i don't prefer/recommend gnome, as it tries to be everything and do everything. bloatwares usually become #TBTF :( and NetworkManager (pulling in gnome libs) seems to be in that bandwagon..

for now, i'm keeping NetworkManager in #!. wireless auto-connect seems intermittent (more often than not). nm does remember all the settings though. and i can manually connect, when tired of waiting.

nm also has some cmdline tools. i used nmcli in openbox/autostart to force connect wireless. if you use another window manager or log in to console, you could use it in your relevant startup/login scripts.

sleep 1m && \
while [ "$(nmcli -t -f WIFI,STATE nm)" = 'enabled:disconnected' ]
do
nmcli con up id {wireless-ssid}
sleep 5
done &


ref: http://blog.nixpanic.net/2011/01/connect-automatically-and-immediately.html

[Addendum] this laptop has an atheros wireless card, with working drivers in kernel. i also found a driver listed in the debian repository. after installing firmware-atheros, auto-connect issues have become very rare. i have no idea why!

nook backup with noogie

nobody needs to be reminded of the significance of backups. usually never needed, but when they are, you're in a do or die situation!

my backup strategy is to backup every new device, soon as i get my hands on it. and then, before every significant change. sometimes, i might just take two backups and compare them.

nook community has made the backup process rather straightforward.

download noogie.img from either:
http://code.google.com/p/nst-recovery/downloads/detail?name=noogie.img.gz (recommended)
http://code.google.com/p/nst-mod/downloads/detail?name=noogie.img

extract .img, if you downloaded the .gz
$ gunzip noogie.img.gz

write .img to a spare sdcard. note: sdcard contents will be erased.
# dd if=noogie.img of=/dev/sd? bs=1M

usual process is
1. power-off nook
2. insert noogie sdcard
3. power-on nook
4. usb connect to computer
5. backup/restore disk/partition

depending on your os/preferences, step #5 might be different. restore process is the same.

i use debian, and find the standard nix utils to be the best, most efficient, and universal.

to backup
# dd if=/dev/sdb of=backup.img bs=1M

to restore
# dd if=backup.img if=/dev/sdb bs=1M

gzip this .img to ensure integrity and save diskspace
$ gzip -9 backup.img

nook simple touch

this device has been makes waves among the developer community, since barnes & noble reduced the list price to £29. since, i'm not an early adopter, i waited a while, till the first lot did some testing for me and produced relatively positive feedback.

i went in to my local curry's, and found that company probably not particularly keen on long-term survival. good assistants, probably useless senior management. so i hopped across to the argos next-door, and ordered one for home-delivery in two days. argos waived the delivery charges, as it was not in-stock. excellent all-round service, and i went back to them for accessories.

my motivations for buying this device:
1. mature developer community / open-source / android
2. e-ink screen -- good for my eyes :-)
3. battery life -- 2mths !?
4. cheap enough -- £29

android wifi priority

does your android device always connect to some non-preferred wifi network, when your preferred wireless network is still available? then read on…

favicon

ever looked at a website, and thought you like it's favicon enough to want to save it? it is easy enough.

every website stores its favicon, as favicon.ico on it's root.

at the brower address bar, enter website url followed by /favicon.ico and save the image!

for example, google's favicon can be found at http://google.com/favicon.ico.

static front page for blogger

you might have noticed that your blogspot home page defaults to the recent posts. blogs look different from standard websites, as their front page continuosly changes displaying the latest blog posts.

i had a requirement for a static front page, for my blog to mimic a website. this is not too difficult. but not too obvious either.

my android apps

i continously seek smaller app/vers, and switchover. in doing so, i have about 250 apps installed on my small phone. you may notice that i have no qualmns using very old versions, if they are small enough. most official apps start out efficient, and end up bloatware. i also purge most of the pre-installed crapware apps (google play, google maps, gmail, google talk, email, clock), replacing them with smaller/efficient apps.

popular posts