Tag Archives: bash
Getting authy-ssh to work (or at least what worked for me)
This will be a relatively short post. It is my objective for this post to be useful for other individuals who are having issues setting up authy-ssh on their Secure Shell servers. First, if you’re not familiar with two-step verification, have a look at this:
https://en.wikipedia.org/wiki/Two-step_verification
I was inspired to install this on one of my SSH servers due to enabling this feature on my Gmail account:
http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html
I had heard about authy-ssh a while back through news.ycombinator but had never put the time into setting it up. To set it up you can follow these directions:
https://www.authy.com/products/ssh#installation
I ran into issues though. My SSH server did not possess ‘seq’ and I received error messages from the authy-ssh script that were not very clear. I then dug into the authy-ssh shell script and discovered that it heavily depended on ‘curl’ connecting to Authy’s web servers over https. ‘curl’ would give me SSL certificate errors and I’m highly confident this is an issue with ‘curl’ on my server and not Authy’s SSL certificates. To bypass this issue in the authy-ssh script at lines 398, 482, 497, 533, and 605 you will need to add on the ‘-k’ flag to ‘curl’ to ignore the SSL certificate errors. I will warn you that this is NOT very secure but if you need authy to work, this should work.
In addition to this, you may want to run this shell script as well:
http://zitstif.no-ip.org/authyfix.txt
The authy-ssh bash shell script does a check to see if bash exists or if seq exists. If you’re on an OSX system, the OSX equivalent of ‘seq’ is ‘jot’. The equivalent of ‘seq 10’ with ‘jot’ is ‘jot – 1 10’.
Kolmogorov Complexity, Natural Language Programming and the Bash shell
The following post superficially applies the concepts of Kolmogorov complexity of an object and natural language programming using the bash shell. Part of the inspiration for this post came from this video: http://www.youtube.com/watch?v=KyB13PD-UME
In this post we will be treating strings as objects in a similar sense of Kolmogorov complexity. Then we will apply an alias name or function name to the object which then the alias/function name can be perceived as a natural language sentence.
Take the following object:
sudo nmap -sP -n -T4 $(netstat -rn | awk ‘{print $2}’ | egrep ‘[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}’ | fgrep -v “0.0.0.0” | sed -e ‘s/\([0-9]\)\{1,3\}$/1-254/g’)
To individuals who are not familiar with the bash shell or bash shell programming, this object does not make a whole lot of sense. What does it do? What does it mean? Why is this one-liner algorithm useful to some individuals?
For those of who you aren’t sure, this one-liner algorithm is used for ping sweeping your local subnet based upon the gateway’s IP address. So if your gateway is 192.168.1.1 then when the bash shell expands and processes the sub-shell variable $(netstat -rn | awk ‘{print $2}’ | egrep ‘[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}’ | fgrep -v “0.0.0.0” | sed -e ‘s/\([0-9]\)\{1,3\}$/1-254/g’‘), it would result with 192.168.1.1-254. Lastly, the string would result with sudo nmap -sP -n -T4 192.168.1.1-254.
To take the time to type out this 196 character object each time you connect to a network that you’re exploring, would be extremely tedious and time consuming. Ergo to save an individual some time and keystrokes, this is where we will apply the ‘alias’ function that is built into the bash shell:
alias PingSweepLocalSubnet=”sudo nmap -sP -n -T4 $(netstat -rn | awk ‘{print $2}’ | egrep ‘[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}’ | fgrep -v “0.0.0.0” | sed -e ‘s/\([0-9]\)\{1,3\}$/1-254/g’)”
Here the 20 character alias PingSweepLocalSubnet saves the end user 176 characters to type and makes more sense depending on if the user is familiar with networking terminologies. Granted this may not be, “the shortest description of this object” and the proper simplifying algorithm according to Kolmogorov complexity method, but this is where the idea of natural language programming is applied. With this object, if we use the Kolmogorov complexity concept, is nearly incompressible. I wanted this alias to be time saving and to be almost a form of natural language programming.
We must also remember that we do not necessarily need to use the ‘alias’ function from the bash shell. We can also achieve the same result by using ‘function’ from bash shell:
function PingSweepLocalSubnet()
{
sudo nmap -sP -n -T4 $(netstat -rn | awk ‘{print $2}’ | egrep ‘[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}’ | fgrep -v “0.0.0.0” | sed -e ‘s/\([0-9]\)\{1,3\}$/1-254/g’);
}
In turn end users may want to use function assignments rather than aliases. Aliases are limited and are simply string substitutions. For further reading on using aliases or functions take a look at: http://linuxgazette.net/issue53/eyler.html Whether or not the end user decides to use ‘alias’ or ‘function’ is subjective to the user.
A Note on Updating Weaponized Nokia N900s
I wanted to make this post to save time and headaches for people who own ‘weaponized’ Nokia N900s.
If you regularly update your Nokia N900 by doing (as root):
apt-get update && apt-get upgrade -y
I have ran into some issues with some of the newer packages.
Firstly, the newest beta version of nmap (5.59BETA1_armel) appears to be buggy enough to the point where it’s almost unusable.
Running this:
nmap -sS -P0 -vv www.google.com -p 80
Yields:
Starting Nmap 5.59BETA1 (http://nmap.org) at 2011-12-17 21:14 EST
Warning Hostname www.google.com resolves to 6 IPs. Using 74.125.45.147
route_dst_netlink: can’t find interface “wlan0”
Secondly, subversion (svn) gets completely broken due to a library compatibility issue:
svn -h
Segmentation fault
There has been discussion on this: http://talk.maemo.org/showthread.php?p=970467
Having svn broken really stinks, because then I am not able to update Metasploit. Who in the hell wants to run an outdated version of Metasploit? (I imagine there are some people..)
To work around this for the time being I have crafted the following shell script:
#!/bin/bash if [ ${#} -lt 1 ] then echo "Usage: " echo "./update.sh normal #This just does a normal update"; echo "./update.sh modded #This will do a normal update and then downgrade libaprutil1, libapr1 and nmap so that they work"; exit 1; fi if echo ${1} | egrep "normal" > /dev/null; then apt-get update; apt-get upgrade -y; exit 0; elif echo ${1} | egrep "modded" > /dev/null; then apt-get update; apt-get upgrade -y; apt-get install nmap=5.50-2 libaprutil1=1.3.9-2 libapr1=1.4.2-1 --force-yes -y; apt-get clean && apt-get autoclean; exit 0; else echo "I don't know what you are trying to do.." #Thanks Arc exit 2; fi
http://zitstif.no-ip.org/update.txt
SHA1 (update.txt) = d83306d18a146a54a38ea236e3a236b4955bb81b
For the time being if you’re in a similar case like me, you’ll have to use this shell script (wget http://zitstif.no-ip.org/update.sh && chmod +x update.sh && ./update.sh modded).
Testing for existence of programs via bash
For those of you who are into shell scripting, and want to know what in my opinion is the best way to test for whether programs exist or not, pay close attention.
In my humble opinion, the best way to test for the existence of a program, is to test the exit code of the previous command in an if loop.
Firstly, if you run a command that doesn’t exist, the exit code will always be ‘127′. If you don’t want to see the output of the command while testing for it, then just simply redirect all the output to /dev/null .
idontexist &> /dev/null
echo $?
127
Now, a friend suggested using this method for testing for programs in bash:
idontexist &> /dev/null || echo "You don't have 'idontexist'"; exit 1;
There are a few qualms with this. Firstly, depending on the program, if the program does not exit with the exit code of ‘0’, your shell script will then state ‘You don’t have ‘idontexist’ and then exit. However, you might actually have the program! Some programs exit with non-zero exit codes if you pass no arguments to them or even if you pass a ‘-h’ for a help argument to it. Also, since the echo statement is being terminated via the semicolon, ‘exit’ will then be executed. Ergo, this method looks great for just being a one liner, but if I want to test for the existence of a program, and if it doesn’t exist, and then exit with an error message displayed to the user, I highly suggest my following method:
idontexist &> /dev/null;
if [[ "$?" == "127" ]];
then
echo "'idontexist' appears to not be installed, check your PATH variable"; exit 1;
fi
More to come…