I'd like to authorize user in CLI using web API in similar way the SSH does it (uploading public key on server, and then using private key to authorize). Is it possible?
I don't mean to generate public / private key par, but rather re-use existing id_rsa and id_rsa.pub.
Do you know any software packages that make it easier (preferably Ruby on Rails gems?)
#edit:
Specifically, I want to log in on website, upload and connect my public key with online account, and then be able to use website's API (authentication) through CLI interface.
You can use the openssl library. As far as a more complete solution for what you want, I don't think it's available. Should not be too much work to implement with the library though.
http://ruby-doc.org/stdlib-1.9.2/libdoc/openssl/rdoc/OpenSSL/PKey/RSA.html
Basically do something like:
# private_key_str can be in PEM or DER format
OpenSSL::PKey::RSA.new(private_key_str, 'passphrase').public_key
And compare it to the public key. You can get a string representation of the key with #to_pem or #to_der depending on the format you use (play around with it a little). You can alternatively use the rsa library also.
I think you can use
ssh-keygen -e -f id_rsa.pub > pemkey.pub
To convert from the default format of ssh-keygen to PEM. You can run this command on the server to make the conversion, if necessary - you'll have to try and see to match the formats properly, since I'm not sure if OpenSSL::PKey::RSA accepts the default format of ssh-keygen. You can also make ssh-keygen read from STDIN and write to STDOUT so you don't need to use files to do the conversion.
Related
I am looking for a way to make a simple ftps server that will serve a single folder containing 2 files using a dedicated username:password pair.
The issue is that for security reasons I have two requirements:
The server will not give access (even read) to anything outside the specified folder (server has world readable files that should be only accessible by users having accounts on that server)
I don't want to tie the ftp server with existing users system (the entire ftp application and its config must be independent of the server configuration)
So far every tutorial I found is using pam to configure both vsftpd and proftpd,
while I want a simple config file having username:password:folder triplet eg:
backups:s3cr#t:/backups/origin
backups2:secret:/backups/anonymized
documents:secret:/var/www/data/documents
How can I do it with either vsftpd or proftpd?
I am looking for a dart package in order to implement key exchange protocol (Elliptic-curve Diffie–Hellman) in a Flutter application. So the flow will be like this:
app generates a key pair during login and sends the public key to
server (so a new key pair is generated for every login)
server sends back its public key that it just generated
app generates a secret key from its private key and server's public
key
app includes the hmac of all subsequent messages sent to the server
I tried using the ed25519_dart package for the key generation, but it doesn't work. My app doesn't even start due to integer literal can't be represented in 64 bits error, which is also pointed out by the dart analyzer.
I also took a look at pointycastle, but it doesn't seem to support Diffie–Hellman.
The Diffie–Hellman package also doesn't work for me. Provided example throws this exception in the first line:
FormatException: Invalid radix-16 number
FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B1...
Any idea how I could achieve what I want to do in a Flutter application?
The error I am assuming is connected to BigNum and Dart 2. Pointy Castle has a branch on GitHub where they are switching to Dart 2.0.
Here are some ways you could get a keypair:
Use a native SDK (Java, Kotlin, or C++) and use a platform channel
Use the pointy castle Dart 2.0 branch
Try flutter_sodium package. It works with Dart 2 but is a work in progress.
Hopefully, this helps. I am trying to figure out the best way as well!
I want to change the homepage in the Edge browser via Registry but it's encrypted and I see (Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy) in Registry. Please help me to edit homepage in Registry or find where it's a violation of Windows policy to modify. See aka.ms/browserpolicy
ProtectedHomepages value is not really encrypted, instead it is an obfuscated buffer which contains homepages strings and the cryptographic hash for these strings. Buffer is obfuscated using the random generated seed which is also stored as a part of the buffer. I have done some reverse engineering research and published the results here.
So, basically, reading and decrypting this value is easier than modifying due to the required crypto-hash. However, reading capability is the only required for anti-malware software. I don't know what reasons you have to modify this value, hopefully you are not writing a piece of malware...
If it is only the homepage in Edge you want to set then change the URL below to your preference and then save this as a .reg file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main]
"HomeButtonEnabled"=dword:00000001
"HomeButtonPage"="https://www.google.com/"
Currently it is not possible to change the startpage of Microsoft Edge writing string or binary value into the registry. The entry to change is "Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" -> Value "ProtectedHomepages". The value is a encrypted binary value, in which the current homepage is not readable.
When you have to set a specific homepage more than one time and you want to do it with C# here a Workaround:
Set the startpage you want via UI of the Microsoft Edge browser. After Change of it restart the browser and export the registrykey named above. Open the exported file and copy the binary data into a string constant or resource in your C# Solution. In the function to write this Setting you can copy the string into a byte-Array and than writing as binary value into the registry. This entry has effect after restart of Microsoft Edge.
The same way you should use also when you want to Change the Default Search Provider. But in this case in addition to the value "ProtectedSearchScopes" one more registrykey is to use -> "OpenSearch". This key does/should exists by third Party search Providers only. This key should be deleted or does not exist if the search Provider is Bing.
Disable your computer's network interface
Launch MS Edge. The recovery page will error out
Open a new MS Edge tab
Close the MS Edge tab containing the error message
Close MS Edge
Enable your computer's network interface
Launch MS Edge
Also...
Some malware will change the Edge homepage. You can see the malicious URL in address bar, record it.
Kill Edge with Task Manager or reboot.
Edit your hosts file in c:\windows\system32\drivers\etc, from an Administrative command prompt go to that directory and type notepad hosts and hit Enter.
Add a host entry like this
127.0.0.1 bad.url (substitute the URL you recorded above for bad.url)
Save the hosts file then open Edge. This method is helpful when you are remoted in and cannot disconnect the network connection.
No need to do it in registry. You can now change the homepage via the settings in Microsoft Edge
I am currently trying to use the bluemix container service (in beta)
When I want to create a new container, I follow the steps, and just choose the name and the ports to open. I paste a SSH, and at the end I get the error :
"Unable to create container. Error message returned is: Bad Request".
Whereas if I do not paste my key, there is no problem.
I have tried with another key, created with puttygen, and I still get the same error.
I don't know what is wrong, as I basically chose the default options.
I have tried with the browsers firefox & opera on windows.
How can I solve this?
Use a public key of the form "ssh-rsa", space, 200+ characters ending in ==, space, username#hostname. I generated mine using ssh-keygen -t rsa. I pasted the entire contents of the generated .pub file.
I've got some large problems with my ruby on rails deployment on EY. Support has said I need to SSH in to clear the errors... but I get the following:
###########################################################
# WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! #
###########################################################
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
80:4c:5f:dd:98:bb:cb:01:6c:a9:11:41:29:56:66:86.
Please contact your system administrator.
Add correct host key in /Users/jameshughes/.ssh/known_hosts to get rid of this message.
Offending key in /Users/jameshughes/.ssh/known_hosts:1
RSA host key for ec2-184-73-167-153.compute-1.amazonaws.com has changed and you have requested strict checking.
Host key verification failed.
[Process completed]
How do I add the correct key to the Known_hosts file?
Open up known_hosts in your favorite text editor, find the entry for "ec2-184-73-167-153.compute-1.amazonaws.com" and delete the entire line. The next time you ssh in, it will add the correct key to the known_hosts file.
Note that this error is for security purposes, so I'm assuming that you know that there is not a "man-in-the-middle" attack going on and that the server key has actually changed. If it has not, there might be something else going on.
To fix your "Permission denied (public key)" problem, you'll need to add your public key to engineyard via the Tools menu, then apply your changes to your environment (by clicking apply).
Hope that helps.
Update
Please see #womble's comment below and my reply. As #womble notes, if you use StrictHostKeyChecking no you will be open to man in the middle attacks. I've talked with EngineYard about this (last time I checked, StrictHostKeyChecking no was what they were recommending in their help documentation). I believe using StrictHostKeyChecking=ask is a better alternative. Does anyone else know if there is a better solution than using StrictHostKeyChecking=ask?
I ran into the same issue and this seemed to work for me. You just need to add "StrictHostKeyChecking no" to after "'~/.ssh/config'':"
Engine yard has a pretty good article on it. The Man in the middle issue is near the bottom.
http://docs.engineyard.com/ssh-keys-and-configuration.html
Now when I SSH I still get the warning, but am able to access the server. I started getting the warning after I stopped and restarted my instance.