• About

blog.alam.rocks

blog.alam.rocks

Tag Archives: SSH

cloud-init: Automatically import your public SSH keys into LXD Instances

10 Friday Jan 2020

Posted by Fakrul Alam in Education, My Work, Tutorial

≈ Leave a comment

Tags

automation, cloud-init, lxc, lxc profile, lxd, SSH, ssh-key, ubuntu, YAML

While provisioning LXD instance; we can define post deployment task using cloud-init. This will help us to import your public SSH keys, add new user, update packages and install new packages if required. To do that we use lxc profile.

First check what lxc profile you have. There should be one default profile.

# lxc profile list

Copy default profile and create new one

# lxc profile copy default production

Edit newly created profile

# lxc profile edit production

Use the following configuration. This is YAML file and for better formatting please download it from here

Continue reading →

recover corrupt /etc/sudoers file over SSH

10 Friday Jan 2020

Posted by Fakrul Alam in Education, My Work

≈ Leave a comment

Tags

SSH, sudo su, ubuntu

Recently I have faced issue where I mistakenly edit the file under /etc/sudoers.d/. When ever I am trying to sudo; I am getting following error:

fakrul@fakrul-server01:~/.config$ sudo su
>>> /etc/sudoers.d/fakrul_sudo: syntax error near line 1 <<<
sudo: parse error in /etc/sudoers.d/fakrul_sudo near line 1
sudo: no valid sudoers sources found, quitting
sudo: unable to initialise policy plugin

Unfortunately I don’t have any other sudo user. I have googled and got a solution.

Steps:

1. Open two ssh sessions to the target server.

2. In the first session, get the PID of bash by running:
fakrul@fakrul-server01:~/.config$ echo $$
5886

3. In the second session, start the authentication agent with:

pkttyagent --process (pid from step 2)

4. Back in the first session, run:

fakrul@fakrul-server01:~/.config$ pkexec rm /etc/sudoers.d/fakrul_sudo

5. In the second session, you will get the password prompt. “fakrul_sudo” file will be removed in the first session. In same way you can add new file.

Screen Shot 2020-01-10 at 1.49.10 pm.png

 

Mikrotik ssh key authentication

07 Tuesday Jan 2020

Posted by Fakrul Alam in My Work

≈ 1 Comment

Tags

mikrotik, SSH, ssh authentication

We can use SSH key to authenticate Mikrotik box.

Step 1: Check you SSH key pairs. We will copy the public key (id_rsa.pub)

bash-3.2$ ls
config id_rsa id_rsa.pub known_hosts

Step 2: Copy public key (id_rsa.pub) to the MT. In this case MT IP is 192.168.99.1 and username is admin
bash-3.2$ scp id_rsa.pub admin@192.168.99.1:/

Step 3: Login to MT and check whether the public key has been copied successfully
[admin@mt] > file print
# NAME TYPE SIZE CREATION-TIME
0 flash disk jan/01/1970 11:00:07
1 id_rsa file 1896 dec/18/2019 10:19:45
2 flash/skins directory jan/01/1970 11:00:08
3 flash/mt-20191217-0031.backup backup 18.3KiB dec/17/2019 00:31:20

Step 4: Now enable ssh-key login for user admin. Run the following command from MT
[admin@mt] > user ssh-keys import user=admin public-key-file=id_rsa.pub

Step 5: Verify it. Run the following command from MT
[admin@mt] > user ssh-keys print
Flags: R - RSA, D - DSA
# USER BITS KEY-OWNER
0 R admin 2048 fakrul@au-mohammad-macbook.local

Step 6: Try to ssh to you MT box. It will ask for passphrase
bash-3.2$ ssh admin@192.168.99.1
Enter passphrase for key '/Users/fakrul/.ssh/id_rsa'

Secure Your Linux Desktop and SSH Login Using Two Factor Google Authenticator

02 Thursday Oct 2014

Posted by Fakrul Alam in My Work

≈ Leave a comment

Tags

SSH, Two Factor Authetication

We will enable two factor authentication in out ubuntu server. To implement that we are going to use multifactor authentication with Google Authenticator.

Step 1: Install Google Authenticator from following link in your Android device/iPhone/iPad/BlackBerry/Firefox devices

https://support.google.com/accounts/answer/1066447?hl=en

Step 2: Install Google Authenticator in your Ubuntu

fakrul@fakrul-ubuntu ~> sudo apt-get install libpam-google-authenticator

Step 3: Create an Authentication Key

Log in as the user you’ll be logging in with remotely and run the google-authenticator command to create a secret key for that user.

fakrul@fakrul-ubuntu ~> google-authenticator

You will be prompted for some configurations. Scan the QRcode that appears with the Google Authenticator app or you can add the secret key Google Authenticator app.

google_auth

Save the backup codes listed somewhere safe. They will allow you to regain access if you lose your phone with the Authenticator app.

Next it will ask several question; unless you have a good reason to, the defaults presented are sane. Just enter “y” for them.

Step 4: Activate Google Authenticator

Enable Google Authenticator for SSH logins.

fakrul@fakrul-ubuntu ~> sudo vi /etc/pam.d/sshd
auth required pam_google_authenticator.so

Next, open the /etc/ssh/sshd_config file, locate the ChallengeResponseAuthentication line, and change it to read as follows.

fakrul@fakrul-ubuntu ~> vi /etc/ssh/sshd_config
ChallengeResponseAuthentication yes

Step 5: Restart ssh to activate the feature

fakrul@fakrul-ubuntu ~> sudo service ssh restart

Please note that it wont’s work if you have public key based authentication is enabled.

Social

  • View rapappu’s profile on Twitter
  • View fakrulalam’s profile on LinkedIn
  • View fakrul’s profile on GitHub
  • View FakrulAlamPappu’s profile on Google+
  • View fakrulalam’s profile on Flickr

Twitter Updates

  • #sydeny #summer https://t.co/4FhMTbgG1g 1 week ago
  • RT @protocoljournal: The August 2022 issue of IPJ is ready. Head over to protocoljournal.org for your copy! https://t.co/c0dfwBQAuu 3 weeks ago
  • RT @teamcymru: Take The first step toward clarity, visibility, and reducing external asset related risks With our free Attack Surface Asses… 3 weeks ago
  • RT @akanygren: Have you been working with tech for years and want an overview of #IPv6? I've been working on an open source "Inessential I… 1 month ago
  • blog.lastpass.com/2022/11/notice… 2 months ago
  • #bdnog15 CfP is now open bdnog.org/bdnog15/cfp.php #bdnog #bangladesh #nog #networkoperatorsgroup 2 months ago
  • RT @Cloudflare: Today we’re introducing Cloudflare Radar’s route leak data and API so that anyone can get information about route leaks acr… 2 months ago
  • Battling Zimbabwe fall short as Bangladesh win in chaotic final-over finish espncricinfo.com/series/icc-men… #t20 #worldcup #bangladeh 3 months ago
  • RT @vince2_: With the team @Free_1337, we have developed a Netflow/IPFIX collector and visualizer. It is available at https://t.co/6XtpOtm9… 6 months ago
  • RT @openbsdnow: Effective Shell effective-shell.com 7 months ago
  • RT @nocontextfooty: https://t.co/PU0JeRSrbD 7 months ago
  • smallstep.com/blog/if-openss… 7 months ago
  • github.com/tldr-pages/tldr 9 months ago
  • How to properly interpret a traceroute or MTR | APNIC Blog blog.apnic.net/2022/03/28/how… 9 months ago
  • #dayandnight #Newcastle #beachlife https://t.co/LaKATcEsFY 10 months ago
Follow @rapappu

Tags

antismap antivirus automation Azure bangladesh BASH BASH Script BDCERT bgp bind ccsp centos CentOS mirror CERT CISA cisco Cyber Security ddos dhaka dhakacom DNS DNSSEC GSM intrusion detectoin system Intrusion prevention system ips IPv6 ISACA junos linux Looking Glass lxc lxc profile lxd mailqueue mailscanner Mail Server mailwatch Meraki mikrotik monitor mpls MPLS L3 VPN mysql My Work network network management nginx NSD observium OpenVPN perl PHP ping postfix Proxy PTA python RANCID Reading RPKI Shell Script sms sms server SNMP SSH Tutorial ubuntu Ubuntu Mirror Server Virtual Box vispan vmware websvn Youtube hack খামাখা

Blog at WordPress.com.

  • Follow Following
    • blog.alam.rocks
    • Join 27 other followers
    • Already have a WordPress.com account? Log in now.
    • blog.alam.rocks
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar
 

Loading Comments...