Blame
Date:
Sun Jan 29 05:00:28 2023 UTC
Message:
Daily backup
01
2023-01-22
jrmu
version=pmwiki-2.2.130 ordered=1 urlencoded=1
02
2023-01-22
jrmu
agent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:108.0) Gecko/20100101 Firefox/108.0
03
2023-01-22
jrmu
author=izzyb
04
2023-01-22
jrmu
charset=UTF-8
05
2023-01-22
jrmu
csum=added link to ircnow network ssh fingerprints as example.
06
2023-01-22
jrmu
ctime=1628527330
07
2023-01-22
jrmu
host=2001:56a:f8ee:bb00:a0bc:7e88:85b9:f89d
08
2023-01-22
jrmu
name=Ssh.Fingerprints
09
2023-01-22
jrmu
rev=6
10
2023-01-22
jrmu
targets=MITM.Intro,Ircnow.SSHFingerprints,Openssh.Intro,Dns.FQDN,Nsd.Zone
11
2023-01-22
jrmu
text=In order to prevent a [[MITM/intro|Man-In-The-Middle attack (MITM)]], SSH requires you to check the fingerprints of the server you connect to. Fingerprints for the IRCNOW network servers can be found [[Ircnow.SSHFingerprints | here]] for example.%0a%0a!! Your SSH Fingerprints%0a%0aWhen ssh server is installed, it stores its keys in /etc/ssh. You%0acan run this script to quickly get the ssh fingerprints for all your keys:%0a%0a[@%0assh-keygen -E md5 -lf /etc/ssh/ssh_host_dsa_key.pub%0assh-keygen -E md5 -lf /etc/ssh/ssh_host_ecdsa_key.pub%0assh-keygen -E md5 -lf /etc/ssh/ssh_host_ed25519_key.pub%0assh-keygen -E md5 -lf /etc/ssh/ssh_host_rsa_key.pub%0assh-keygen -lf /etc/ssh/ssh_host_dsa_key.pub%0assh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub%0assh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub%0assh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub%0a@]%0a%0aThe first four fingerprints use MD5 hashing, which is used by PuTTY. The last four uses SHA256 hashing, which is used by [[openssh/intro|OpenSSH]].%0a%0a!! Publish SSHFP%0a%0aA convenient place to publish ssh fingerprints is in DNS using SSHFP records:%0a%0a[@%0a$ ssh-keygen -r example.com.%0aexample.com IN SSHFP 1 1 7251d06cf5cf9312b502388edd93ff924c52a73a%0aexample.com IN SSHFP 1 2 a0f433e68e5ba29f23825b21a23660d94a5b8a814cd71827fb75cfb4e84e4c49%0aexample.com IN SSHFP 2 1 22ccda0cafee42f3e2cc53d5f695244677a1a88f%0aexample.com IN SSHFP 2 2 88fbc099391d1e37330409978e68bdeebc50fe9bc41c5e2fd4a2d29ecde20409%0aexample.com IN SSHFP 3 1 c9a19b42a7165596f0d0e5bfa947232978901dcb%0aexample.com IN SSHFP 3 2 6a9facbb8693644063b1eee91cfce24ada5536ff52df98210fae3d350fffaf34%0aexample.com IN SSHFP 4 1 4dc3d59ef28733c89f83e0e078b10a4a816e2a04%0aexample.com IN SSHFP 4 2 a1f1388dff27d02f942ea5a9e2cb6008ae3e0a61622e5ff2b1ce746b32049152%0a@]%0a%0aReplace @@example.com.@@ with your domain, making sure to include the final period for a [[dns/FQDN|fully qualified domain name (FQDN)]]. ssh will generate all of your SSHFP records for you, which can then be added to your [[nsd/zone|nameserver's zone]] files.%0a%0aSSHFP records follow this format:%0a%0a[@%0a%3cName> [%3cTTL>] [%3cClass>] SSHFP %3cAlgorithm> %3cType> %3cFingerprint>%0a@]%0a%0a|| border=1 width=100%25 class="simpletable"%0a||! Keyword ||! Meaning ||%0a|| TTL || Time to live (seconds) ||%0a|| Protocol || IN for Internet ||%0a|| Algorithm || 0: reserved; 1: RSA; 2: DSA, 3: ECDSA; 4: Ed25519 ||%0a|| Type || Hash -- 0: reserved; 1: SHA-1; 2: SHA-256) ||%0a|| Fingerprint || Hexadecimal of hash ||%0a
12
2023-01-22
jrmu
time=1673713890
13
2023-01-22
jrmu
author:1673713890=izzyb
14
2023-01-22
jrmu
csum:1673713890=added link to ircnow network ssh fingerprints as example.
15
2023-01-22
jrmu
diff:1673713890:1633819313:=1c1%0a%3c In order to prevent a [[MITM/intro|Man-In-The-Middle attack (MITM)]], SSH requires you to check the fingerprints of the server you connect to. Fingerprints for the IRCNOW network servers can be found [[Ircnow.SSHFingerprints | here]] for example.%0a---%0a> In order to prevent a [[MITM/intro|Man-In-The-Middle attack (MITM)]], SSH requires you to check the fingerprints of the server you connect to.%0a
16
2023-01-22
jrmu
host:1673713890=2001:56a:f8ee:bb00:a0bc:7e88:85b9:f89d
17
2023-01-22
jrmu
author:1633819313=xfnw
18
2023-01-22
jrmu
csum:1633819313=make the top row of the table the head
19
2023-01-22
jrmu
diff:1633819313:1633816945:minor=45,46c45,46%0a%3c || border=1 width=100%25 class="simpletable"%0a%3c ||! Keyword ||! Meaning ||%0a---%0a> || border=1 width=100%25 class="sortable simpletable"%0a> || Keyword || Meaning ||%0a
20
2023-01-22
jrmu
host:1633819313=71.246.231.249
21
2023-01-22
jrmu
author:1633816945=mkf
22
2023-01-22
jrmu
diff:1633816945:1628528550:=47c47%0a%3c || TTL || Time to live (seconds) ||%0a---%0a> || TTL || Time to live (seconds)%0a
23
2023-01-22
jrmu
host:1633816945=188.210.104.87
24
2023-01-22
jrmu
author:1628528550=jrmu
25
2023-01-22
jrmu
diff:1628528550:1628528035:=26c26%0a%3c $ ssh-keygen -r example.com.%0a---%0a> $ ssh-keygen -r example.com%0a37,40c37,40%0a%3c Replace @@example.com.@@ with your domain, making sure to include the final period for a [[dns/FQDN|fully qualified domain name (FQDN)]]. ssh will generate all of your SSHFP records for you, which can then be added to your [[nsd/zone|nameserver's zone]] files.%0a%3c %0a%3c SSHFP records follow this format:%0a%3c %0a---%0a> Replace @@example.com@@ with your domain. ssh will generate all of your SSHFP records for you, which can then be added to your nameserver's zone files.%0a> %0a> SSHFP records explained:%0a> %0a45,51c45,90%0a%3c || border=1 width=100%25 class="sortable simpletable"%0a%3c || Keyword || Meaning ||%0a%3c || TTL || Time to live (seconds)%0a%3c || Protocol || IN for Internet ||%0a%3c || Algorithm || 0: reserved; 1: RSA; 2: DSA, 3: ECDSA; 4: Ed25519 ||%0a%3c || Type || Hash -- 0: reserved; 1: SHA-1; 2: SHA-256) ||%0a%3c || Fingerprint || Hexadecimal of hash ||%0a---%0a> TTL: Time to live (seconds)%0a> Protocol: IN for Internet%0a> Algorithm: 0: reserved; 1: RSA; 2: DSA, 3: ECDSA; 4: Ed25519%0a> Type: Hash algorithm: 0: reserved; 1: SHA-1; 2: SHA-256)%0a> Fingerprint: Hexadecimal of hash%0a> %0a> !! Generating SSH Keys%0a> %0a> [@%0a> $ ssh-keygen -t ed25519%0a> Generating public/private ed25519 key pair.%0a> Enter file in which to save the key (/home/username/.ssh/id_ed25519): %0a> Enter passphrase (empty for no passphrase): %0a> Enter same passphrase again: %0a> Your identification has been saved in /home/username/ssh/id_ed25519%0a> Your public key has been saved in /home/username/ssh/id_ed25519.pub%0a> The key fingerprint is:%0a> ...%0a> @]%0a> %0a> Save the key fingerprint and image art, you will use it for verifying the key later.%0a> %0a> You can repeat this process with other types of keys:%0a> %0a> Now, read ~/.ssh/id_ed25519.pub:%0a> %0a> [@%0a> $ cat .ssh/id_ed25519.pub%0a> @]%0a> %0a> You will add this line to the bottom of ~/.ssh/authorized_keys on the server. So, we login then edit that file:%0a> %0a> [@%0a> $ ssh username@example.ircnow.org%0a> $ vi .ssh/authorized_keys%0a> @]%0a> %0a> !! Alternative SSH Keys%0a> %0a> On your desktop PC, you can generate other ssh key types:%0a> %0a> [@%0a> $ ssh-keygen -t ecdsa -a 100%0a> $ ssh-keygen -t rsa -b 4096 -o -a 100%0a> @]%0a> %0a
26
2023-01-22
jrmu
host:1628528550=38.87.162.8
27
2023-01-22
jrmu
author:1628528035=jrmu
28
2023-01-22
jrmu
diff:1628528035:1628527330:=3,7c3,6%0a%3c !! Your SSH Fingerprints%0a%3c %0a%3c When ssh server is installed, it stores its keys in /etc/ssh. You%0a%3c can run this script to quickly get the ssh fingerprints for all your keys:%0a%3c %0a---%0a> You can use this script to quickly get the ssh fingerprints for all ssh keys:%0a> %0a> !! SSH Fingerprints%0a> %0a19,24c18,21%0a%3c The first four fingerprints use MD5 hashing, which is used by PuTTY. The last four uses SHA256 hashing, which is used by [[openssh/intro|OpenSSH]].%0a%3c %0a%3c !! Publish SSHFP%0a%3c %0a%3c A convenient place to publish ssh fingerprints is in DNS using SSHFP records:%0a%3c %0a---%0a> The first five are MD5 hashes and are used by PuTTY. The last five will be used by Mac/Linux.%0a> %0a> !! Generating SSH Keys%0a> %0a26,34c23,31%0a%3c $ ssh-keygen -r example.com%0a%3c example.com IN SSHFP 1 1 7251d06cf5cf9312b502388edd93ff924c52a73a%0a%3c example.com IN SSHFP 1 2 a0f433e68e5ba29f23825b21a23660d94a5b8a814cd71827fb75cfb4e84e4c49%0a%3c example.com IN SSHFP 2 1 22ccda0cafee42f3e2cc53d5f695244677a1a88f%0a%3c example.com IN SSHFP 2 2 88fbc099391d1e37330409978e68bdeebc50fe9bc41c5e2fd4a2d29ecde20409%0a%3c example.com IN SSHFP 3 1 c9a19b42a7165596f0d0e5bfa947232978901dcb%0a%3c example.com IN SSHFP 3 2 6a9facbb8693644063b1eee91cfce24ada5536ff52df98210fae3d350fffaf34%0a%3c example.com IN SSHFP 4 1 4dc3d59ef28733c89f83e0e078b10a4a816e2a04%0a%3c example.com IN SSHFP 4 2 a1f1388dff27d02f942ea5a9e2cb6008ae3e0a61622e5ff2b1ce746b32049152%0a---%0a> $ ssh-keygen -t ed25519%0a> Generating public/private ed25519 key pair.%0a> Enter file in which to save the key (/home/username/.ssh/id_ed25519): %0a> Enter passphrase (empty for no passphrase): %0a> Enter same passphrase again: %0a> Your identification has been saved in /home/username/ssh/id_ed25519%0a> Your public key has been saved in /home/username/ssh/id_ed25519.pub%0a> The key fingerprint is:%0a> ...%0a37,40c34,39%0a%3c Replace @@example.com@@ with your domain. ssh will generate all of your SSHFP records for you, which can then be added to your nameserver's zone files.%0a%3c %0a%3c SSHFP records explained:%0a%3c %0a---%0a> Save the key fingerprint and image art, you will use it for verifying the key later.%0a> %0a> You can repeat this process with other types of keys:%0a> %0a> Now, read ~/.ssh/id_ed25519.pub:%0a> %0a42c41%0a%3c %3cName> [%3cTTL>] [%3cClass>] SSHFP %3cAlgorithm> %3cType> %3cFingerprint>%0a---%0a> $ cat .ssh/id_ed25519.pub%0a45,52c44,45%0a%3c TTL: Time to live (seconds)%0a%3c Protocol: IN for Internet%0a%3c Algorithm: 0: reserved; 1: RSA; 2: DSA, 3: ECDSA; 4: Ed25519%0a%3c Type: Hash algorithm: 0: reserved; 1: SHA-1; 2: SHA-256)%0a%3c Fingerprint: Hexadecimal of hash%0a%3c %0a%3c !! Generating SSH Keys%0a%3c %0a---%0a> You will add this line to the bottom of ~/.ssh/authorized_keys on the server. So, we login then edit that file:%0a> %0a54,62c47,48%0a%3c $ ssh-keygen -t ed25519%0a%3c Generating public/private ed25519 key pair.%0a%3c Enter file in which to save the key (/home/username/.ssh/id_ed25519): %0a%3c Enter passphrase (empty for no passphrase): %0a%3c Enter same passphrase again: %0a%3c Your identification has been saved in /home/username/ssh/id_ed25519%0a%3c Your public key has been saved in /home/username/ssh/id_ed25519.pub%0a%3c The key fingerprint is:%0a%3c ...%0a---%0a> $ ssh username@example.ircnow.org%0a> $ vi .ssh/authorized_keys%0a65,70c51,54%0a%3c Save the key fingerprint and image art, you will use it for verifying the key later.%0a%3c %0a%3c You can repeat this process with other types of keys:%0a%3c %0a%3c Now, read ~/.ssh/id_ed25519.pub:%0a%3c %0a---%0a> !! Alternative SSH Keys%0a> %0a> On your desktop PC, you can generate other ssh key types:%0a> %0a72c56,57%0a%3c $ cat .ssh/id_ed25519.pub%0a---%0a> $ ssh-keygen -t ecdsa -a 100%0a> $ ssh-keygen -t rsa -b 4096 -o -a 100%0a75,76c60,63%0a%3c You will add this line to the bottom of ~/.ssh/authorized_keys on the server. So, we login then edit that file:%0a%3c %0a---%0a> !! Publish SSHFP%0a> %0a> To publish ssh keys online, run:%0a> %0a78,79c65,73%0a%3c $ ssh username@example.ircnow.org%0a%3c $ vi .ssh/authorized_keys%0a---%0a> $ ssh-keygen -r ircnow.org %0a> ircnow.org IN SSHFP 1 1 7251d06cf5cf9312b502388edd93ff924c52a73a%0a> ircnow.org IN SSHFP 1 2 a0f433e68e5ba29f23825b21a23660d94a5b8a814cd71827fb75cfb4e84e4c49%0a> ircnow.org IN SSHFP 2 1 22ccda0cafee42f3e2cc53d5f695244677a1a88f%0a> ircnow.org IN SSHFP 2 2 88fbc099391d1e37330409978e68bdeebc50fe9bc41c5e2fd4a2d29ecde20409%0a> ircnow.org IN SSHFP 3 1 c9a19b42a7165596f0d0e5bfa947232978901dcb%0a> ircnow.org IN SSHFP 3 2 6a9facbb8693644063b1eee91cfce24ada5536ff52df98210fae3d350fffaf34%0a> ircnow.org IN SSHFP 4 1 4dc3d59ef28733c89f83e0e078b10a4a816e2a04%0a> ircnow.org IN SSHFP 4 2 a1f1388dff27d02f942ea5a9e2cb6008ae3e0a61622e5ff2b1ce746b32049152%0a82,90c76,86%0a%3c !! Alternative SSH Keys%0a%3c %0a%3c On your desktop PC, you can generate other ssh key types:%0a%3c %0a%3c [@%0a%3c $ ssh-keygen -t ecdsa -a 100%0a%3c $ ssh-keygen -t rsa -b 4096 -o -a 100%0a%3c @]%0a%3c %0a---%0a> Replace ircnow.org with your domain. Those records can then be added to your nameserver's zone files.%0a> %0a> Here is the DNS record%0a> %0a> %3cName> [%3cTTL>] [%3cClass>] SSHFP %3cAlgorithm> %3cType> %3cFingerprint>%0a> %0a> TTL: Time to live (seconds)%0a> Protocol: IN for Internet%0a> Algorithm: 0: reserved; 1: RSA; 2: DSA, 3: ECDSA; 4: Ed25519%0a> Type: Hash algorithm: 0: reserved; 1: SHA-1; 2: SHA-256)%0a> Fingerprint: Hexadecimal of hash%0a
29
2023-01-22
jrmu
host:1628528035=38.87.162.8
30
2023-01-22
jrmu
author:1628527330=jrmu
31
2023-01-22
jrmu
diff:1628527330:1628527330:=1,86d0%0a%3c In order to prevent a [[MITM/intro|Man-In-The-Middle attack (MITM)]], SSH requires you to check the fingerprints of the server you connect to.%0a%3c %0a%3c You can use this script to quickly get the ssh fingerprints for all ssh keys:%0a%3c %0a%3c !! SSH Fingerprints%0a%3c %0a%3c [@%0a%3c ssh-keygen -E md5 -lf /etc/ssh/ssh_host_dsa_key.pub%0a%3c ssh-keygen -E md5 -lf /etc/ssh/ssh_host_ecdsa_key.pub%0a%3c ssh-keygen -E md5 -lf /etc/ssh/ssh_host_ed25519_key.pub%0a%3c ssh-keygen -E md5 -lf /etc/ssh/ssh_host_rsa_key.pub%0a%3c ssh-keygen -lf /etc/ssh/ssh_host_dsa_key.pub%0a%3c ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub%0a%3c ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub%0a%3c ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub%0a%3c @]%0a%3c %0a%3c The first five are MD5 hashes and are used by PuTTY. The last five will be used by Mac/Linux.%0a%3c %0a%3c !! Generating SSH Keys%0a%3c %0a%3c [@%0a%3c $ ssh-keygen -t ed25519%0a%3c Generating public/private ed25519 key pair.%0a%3c Enter file in which to save the key (/home/username/.ssh/id_ed25519): %0a%3c Enter passphrase (empty for no passphrase): %0a%3c Enter same passphrase again: %0a%3c Your identification has been saved in /home/username/ssh/id_ed25519%0a%3c Your public key has been saved in /home/username/ssh/id_ed25519.pub%0a%3c The key fingerprint is:%0a%3c ...%0a%3c @]%0a%3c %0a%3c Save the key fingerprint and image art, you will use it for verifying the key later.%0a%3c %0a%3c You can repeat this process with other types of keys:%0a%3c %0a%3c Now, read ~/.ssh/id_ed25519.pub:%0a%3c %0a%3c [@%0a%3c $ cat .ssh/id_ed25519.pub%0a%3c @]%0a%3c %0a%3c You will add this line to the bottom of ~/.ssh/authorized_keys on the server. So, we login then edit that file:%0a%3c %0a%3c [@%0a%3c $ ssh username@example.ircnow.org%0a%3c $ vi .ssh/authorized_keys%0a%3c @]%0a%3c %0a%3c !! Alternative SSH Keys%0a%3c %0a%3c On your desktop PC, you can generate other ssh key types:%0a%3c %0a%3c [@%0a%3c $ ssh-keygen -t ecdsa -a 100%0a%3c $ ssh-keygen -t rsa -b 4096 -o -a 100%0a%3c @]%0a%3c %0a%3c !! Publish SSHFP%0a%3c %0a%3c To publish ssh keys online, run:%0a%3c %0a%3c [@%0a%3c $ ssh-keygen -r ircnow.org %0a%3c ircnow.org IN SSHFP 1 1 7251d06cf5cf9312b502388edd93ff924c52a73a%0a%3c ircnow.org IN SSHFP 1 2 a0f433e68e5ba29f23825b21a23660d94a5b8a814cd71827fb75cfb4e84e4c49%0a%3c ircnow.org IN SSHFP 2 1 22ccda0cafee42f3e2cc53d5f695244677a1a88f%0a%3c ircnow.org IN SSHFP 2 2 88fbc099391d1e37330409978e68bdeebc50fe9bc41c5e2fd4a2d29ecde20409%0a%3c ircnow.org IN SSHFP 3 1 c9a19b42a7165596f0d0e5bfa947232978901dcb%0a%3c ircnow.org IN SSHFP 3 2 6a9facbb8693644063b1eee91cfce24ada5536ff52df98210fae3d350fffaf34%0a%3c ircnow.org IN SSHFP 4 1 4dc3d59ef28733c89f83e0e078b10a4a816e2a04%0a%3c ircnow.org IN SSHFP 4 2 a1f1388dff27d02f942ea5a9e2cb6008ae3e0a61622e5ff2b1ce746b32049152%0a%3c @]%0a%3c %0a%3c Replace ircnow.org with your domain. Those records can then be added to your nameserver's zone files.%0a%3c %0a%3c Here is the DNS record%0a%3c %0a%3c %3cName> [%3cTTL>] [%3cClass>] SSHFP %3cAlgorithm> %3cType> %3cFingerprint>%0a%3c %0a%3c TTL: Time to live (seconds)%0a%3c Protocol: IN for Internet%0a%3c Algorithm: 0: reserved; 1: RSA; 2: DSA, 3: ECDSA; 4: Ed25519%0a%3c Type: Hash algorithm: 0: reserved; 1: SHA-1; 2: SHA-256)%0a%3c Fingerprint: Hexadecimal of hash%0a
32
2023-01-22
jrmu
host:1628527330=38.87.162.8
IRCNow