Posted by jpluimers on 2021/10/20
[Archive.is] Filippo Valsorda on Twitter: “whoami.filippo.io , the SSH server that knows who you are, got some newly refreshed intel! Try it out! $ ssh whoami.filippo.io “
The server itself has some HTML with information too whoami.filippo.io redirecting to [WayBack] ssh whoami.filippo.io (source code is at [WayBack] GitHub – FiloSottile/whoami.filippo.io: A ssh server that knows who you are. $ ssh whoami.filippo.io).
It’s a cool open source server written in Golang, that gets all your public ssh keys (ssh automatically transmits those) and tries to map them back to a GitHub account.
In addition it shows you some potential vulnerabilities of your ssh client.
Note that in October 2020, it was temporarily down, but it will be up again: [Archive.is] Filippo Valsorda 💉💉 on Twitter: “Yeah I’m planning to but I can’t give you an ETA I’m afraid. A few weeks, maybe?… “
Thread comments
Some interesting comments in the thread:
- [WayBack] Filippo Valsorda on Twitter: “The server will also warn you if you have agent forwarding or X11 forwarding globally enabled, allowing any server to use your SSH keys or catch your keystrokes. A dozen vulnerable connections already!… “
- [Archive.is] Filippo Valsorda on Twitter: “Yep, configuring keys per host. It is pretty inconvenient though, and I personally don’t mind, but your threat model might vary. … “
- [Archive.is] 不可爱的硅基生物 on Twitter: “GitLab (private instance or gitlab.com) will also expose your ssh public key,
https://GitLabWebsite/username.keys… “
- [Archive.is] Olivier Mengué on Twitter: “One good reason to use
github-keygen: it builds SSH config that protects against this attack by using your GitHub SSH key only when connecting to GitHub.… “
- [Archive.is] d2x2 on Twitter: “There is an interesting article from @rushter which made a POC to find target infrastructure using a github public key. … “
- [WayBack] Public SSH keys can leak your private infrastructure | Artem Golubin
- [Archive.is] Raullen Chai ~子非鱼,焉知鱼之乐~ on Twitter: “Publish a public key is not a concern at all; @github exposes the mapping between the user and his/her public key is a concern; should use pseudo names on @github per se.… “
- [WayBack] GitHub – lgandx/Responder: Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
- [Archive.is] HD Moore on Twitter: “We love this so much we made Flamingo (OSS) save the entire (re-usable) public key. Cross-reference vs public data sets or rescan to find out what machines accept that user’s key for auth: … Hurrah for easy Go SSH servers =D… “
- [Archive.is] Filippo Valsorda on Twitter: “To be clear I think
whoami.filippo.io is a neat trick, not a proof of concept of a vulnerability. However, all the folks who said “public keys are public duh” pass their cryptography 101 and fail their security 201 =)”
- [Archive.is] Samuel Berthe 🐘 on Twitter: “Sync SSH keys of your coworkers, from Github to ~/.authorized_keys with => … #cronjob #automation… “
- [Archive.is] Filippo Valsorda on Twitter: “Added a OpenSSH roaming vuln test to the whoami server
$ ssh whoami.filippo.io (code: …) “
Related: [WayBack] Auditing GitHub users’ SSH key quality
Stop presenting public keys
[WayBack] GitHub – FiloSottile/whoami.filippo.io: A ssh server that knows who you are. $ ssh whoami.filippo.io: How do I stop passing public keys
How do I stop it?
If this behavior is problematic for you, you can tell ssh not to present your public keys to the server by default.
Add these lines at the end of your ~/.ssh/config (after other “Host” directives)
Host *
PubkeyAuthentication no
IdentitiesOnly yes
And then specify what keys should be used for each host
Host example.com
PubkeyAuthentication yes
IdentityFile ~/.ssh/id_rsa
# IdentitiesOnly yes # Enable ssh-agent (PKCS11 etc.) keys
If you want you can use different keys so that they can’t be linked together
Host github.com
PubkeyAuthentication yes
IdentityFile ~/.ssh/github_id_rsa
–jeroen
Read the rest of this entry »
Posted in *nix, *nix-tools, Communications Development, Development, Go (golang), Internet protocol suite, Power User, Software Development, SSH, ssh/sshd, TCP | Leave a Comment »
Posted by jpluimers on 2021/10/13
[WayBack] Raspberry Pi Turn Tv On/Off CEC – Tim Leland (with some quote fixes) via [Archive.is] Brad Fitzpatrick on Twitter: “lol tear (from )… “:
Install cec-utils
Once everything is installed you should be able to control the tv using the command below:
- Turn tv on:
echo 'on 0' | cec-client -s -d 1
- Turn tv off:
echo 'standby 0' | cec-client -s -d 1
- Set active source:
echo 'as' | cec-client -s -d 1
- Tv status:
echo 'pow 0' | cec-client -s -d 1
Troubleshooting Tips:
- Make sure your tv supports cec and that it is enabled. Tv manufactures call CEC by different names so you may have to do some research depending on your brand.
- Make sure you are using a new hdmi cable that is at least HDMI 1.2a
Different names for HDMI CEC
- Samsung – Anynet+
- Sony – BRAVIA Link or BRAVIA Sync
- Sharp – Aquos Link
- Hitachi – HDMI-CEC
- AOC – E-link
- Pioneer – Kuro Link
- Toshiba – Regza Link or CE-Link
- Onkyo – RIHD (Remote Interactive over HDMI)
- LG – SimpLink
- Panasonic – VIERA Link or HDAVI Control or EZ-Sync
- Philips – EasyLink
- Mitsubishi – NetCommand for HDMI
- Runco International – RuncoLink
Credits: http://raspberrypi.stackexchange.com/questions/7054/cec-wake-up-command
Related:
–jeroen
Read the rest of this entry »
Posted in *nix, *nix-tools, Development, Hardware Development, Hardware Interfacing, HDMI, Power User, Raspberry Pi, Software Development | Leave a Comment »
Posted by jpluimers on 2021/10/13
On nx, I’m used to xargs which allows to convert from a pipe of output into arguments passed to a command. This is useful, as many commands only accept arguments as parameters.
In PowerShell, you can usually avoid an xargs equivalent because commandlet output is a stream of objects that you can post-process using . I for instance used that in PowerShell: recovering from corrupt empty *.nupkg files after a disk was accidentally full during update.
Here are some xargs equivalency examples:
Read the rest of this entry »
Posted in *nix, *nix-tools, bash, CommandLine, Development, Power User, PowerShell, PowerShell, Scripting, Software Development, xargs | Leave a Comment »
Posted by jpluimers on 2021/10/07
TL;DR: Empty files are indeed of size zero, but there is some disk space involved for their meta-data (like name, permission, timestamps)
Some links (via [WayBack] create zero sized file – Google Search):
- [WayBack] Zero-byte file – Wikipedia
- [WayBack] filesystems – How can a file size be zero? – Super User (thanks [WayBack] phuclv):
Filesystems store a lot of information about a file such as file name, file size, creation time, access time, modified time, created user, user and group permissions, fragments, pointer to clusters that store the file, hard/soft links, attributes… Those are called file metadata. Why do you count those metadata into file size when users do not (need to) care about them and don’t know about them? They only really care about the file content
Moreover each filesystem stores different types of metadata which take different amounts of space on disk. For example POSIX permissions are very different from NTFS permission, and there are also inode numbers in POSIX which do not exist on Windows. Even POSIX filesystems vary a lot, like ext3 with 32-bit block address, ext4 with 48-bit, Btrfs with 64-bit and ZFS with 128-bit address. So how will you count those metadata into file size?
Take another example with a 100-byte file whose metadata consumes 56 bytes on the current filesystem. We copy the file to another filesystem and now it takes 128 bytes of metadata. However the file contents are exactly the same, the number of bytes in the files are also the same. So displaying file size as 156 bytes on a system but 228 bytes on another is very confusing and counter-intuitive.
- [WayBack] What is the concept of creating a file with zero bytes in Linux? – Unix & Linux Stack Exchange:
touch will create an inode, and ls -i or stat will show info about the inode:
$ touch test
$ ls -i test
28971114 test
$ stat test
File: ‘test’
Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fc01h/64513d Inode: 28971114 Links: 1
Access: (0664/-rw-rw-r--) Uid: ( 1000/1000) Gid: ( 1000/1000)
Access: 2017-03-28 17:38:07.221131925 +0200
Modify: 2017-03-28 17:38:07.221131925 +0200
Change: 2017-03-28 17:38:07.221131925 +0200
Birth: -
Notice that test uses 0 blocks. To store the data displayed, the inode uses some bytes. Those bytes are stored in the inode table. Look at the ext2 page for an example of an inode structure [WayBack].
Oh and a nice NTFS thing (thanks [WayBack] Paweł Bulwan):
Related: my really old post command line – create empty text file from a batch file (via: Stack Overflow)
–jeroen
Posted in *nix, btrfs, Development, File-Systems, NTFS, Power User, Software Development, Windows | Leave a Comment »
Posted by jpluimers on 2021/09/27
appending : to the resolvable allows you to match different types in one command it seems.
zypper install java-1_6_0-openjdk-devel mercurial +pattern:devel_C_C++ +pattern:devel_java
The italic are packages; the bold are patterns.
Via: [WayBack] opensuse – How to install patterns and packages at the same time? – Unix & Linux Stack Exchange; thanks [WayBack] User llua – Unix & Linux Stack Exchange
–jeroen
Posted in *nix, *nix-tools, Linux, openSuSE, Power User, SuSE Linux, Tumbleweed | Leave a Comment »
Posted by jpluimers on 2021/09/21
Lots of interesting tidbits on unix and NTFS file systems.
If you want to blow up your tooling, try creating a recursive hardlink…, which is likely one of the reasons that nx file systems do not support them.
Covered and related topics:
Read the rest of this entry »
Posted in *nix, Development, File-Systems, History, NTFS, Power User, Software Development, Windows, Windows Development | Leave a Comment »
Posted by jpluimers on 2021/09/17
[WayBack] User Manual – Joe’s Own Editor: Command Line Options
These options can also be specified in the joerc file. Local options can be set depending on the file-name extension. Programs (.c, .h or .p extension) usually have autoindent enabled. Wordwrap is enabled on other files, but rc files have it disabled.
An option is enabled when it’s given like this:
-wordwrap
An option is disabled when it’s given like this:
--wordwrap
…
[WayBack] User Manual – Joe’s Own Editor: Word wrap and formatting
Read the rest of this entry »
Posted in *nix, *nix-tools, joe, Power User | Leave a Comment »
Posted by jpluimers on 2021/09/03
So I won’t forget: [WayBack] @nixcraft on Twitter: Instead of typing the following on your Ubuntu/Debian/Mint Linux desktop: sudo apt update sudo apt upgrade -y Do to save typing and time at the CLI (add to your shell startup): alias update=”sudo sh -c ‘apt update && apt upgrade -y'” See for more info:
[WayBack] How to run multiple commands in sudo under Linux or Unix – nixCraft:
sudo syntax to run multiple commands
The syntax is:
sudo sh -c 'command1 && command2'
sudo -- sh -c 'command1 && command2'
sudo -u userNameHere -- sh -c 'command1; command2'
sudo -- sh -c 'command1; command2'
sudo -- bash -c 'command1; command2'
sudo -i -- 'command1; command2; command3'
sudo -i -- sh -c 'command1 && command2 && command3'
…
UNDERSTANDING SUDO COMMAND OPTIONS
- -- : A — signals the end of options and disables further option processing for sudo command.
- sh -c : Run sh shell with given commands
- 'apt-get update && sudo apt-get -y upgrade' First update repo and apply upgrades if update was successful.
…
A note about using sudo command in a shell script
Here is a sample shell script that shows how to use or run multiple commands with sudo:
#!/bin/bash
echo "Running commands as a root user..."
sudo -- -sh -c <<EOF
apt-get update
apt-get -y upgrade
apt-get -y install nginx
apt-get -y remove nano
apt-get clean
echo "All done."
EOF
|
A note about using sudo with bash shell aliases
The syntax is as follows for shell aliases:
alias foo="sudo -- sh -c 'cmd1 && cmd2'"
alias bar='sudo -- sh -c "cmd1 && cmd2"'
|
–jeroen
Posted in *nix, *nix-tools, bash, Power User | Leave a Comment »
The Wiert Corner - irregular stream of stuff 