Stuff I'm Up To

Technical Ramblings

Public Key from Private Key — January 3, 2019

Public Key from Private Key

I fall over this every so often. I have the private key file but would either have to trawl servers for authorized_keys files to get the public password or remember how to obtain the public key from the private key.

Time to document it here so I don’t have to hunt for it with Google again.

For an RSA PEM format public key

$ openssl rsa -in private.key -pubout

-----BEGIN PUBLIC KEY-----
MIIBIDA ...
-----END PUBLIC KEY-----

For an SSH putty friendly version

$ ssh-keygen -y -f private.key

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQE ...
Advertisements
SRX SSH Ciphers, Algorithms & Key Exchange — July 31, 2017

SRX SSH Ciphers, Algorithms & Key Exchange

When doing a Nessus scan for the first time on the new SRX320 cluster it highlighted some weaknesses in the SSH protocol. This was due to arcfour, cbc and hmac being enabled by default.

So to remedy this we need to set the acceptable levels of ciphers etc.

Using the CLI a simple change to the config for the SSH service is required, under system services ssh.

# edit system services ssh
# set ciphers [ aes256-ctr "aes256-gcm@openssh.com" "chacha20-poly1305@openssh.com" ];
# set macs [ hmac-sha2-256 "hmac-sha2-256-etm@openssh.com" hmac-sha2-512 "hmac-sha2-512-etm@openssh.com" ];
# set key-exchange [ curve25519-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 group-exchange-sha2 ]

Commit the changes and rescan and all is good.

Continue reading

SSH Logon with Private Key — March 1, 2017
SSH Weak MAC Algorithms Enabled — February 15, 2017
SSH Tunnelling — September 27, 2016
Debian Installation — September 20, 2016

Debian Installation

When I setup a Debian server there’s a few basic things I do to get it online.

First steps boot from the netinst CD and follow the installer.

First logon using SSH as your regular user account as root can’t access the system remotely. So you’ll have to logon unprivileged and then su to root.

$ su

Sudo

Then before doing anything else install sudo and give your user account access by making them a member of the sudo group.

# apt-get install sudo
# usermod -a -G sudo [user]

You’ll have to logout and back in to pick-up the sudo group change.

Continue reading