Tag Archives: shell script

Getting authy-ssh to work (or at least what worked for me)

This will be a relatively short post. It is my objective for this post to be useful for other individuals who are having issues setting up authy-ssh on their Secure Shell servers. First, if you’re not familiar with two-step verification, have a look at this:

https://en.wikipedia.org/wiki/Two-step_verification

I was inspired to install this on one of my SSH servers due to enabling this feature on my Gmail account:

http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html

I had heard about authy-ssh a while back through news.ycombinator but had never put the time into setting it up. To set it up you can follow these directions:

https://www.authy.com/products/ssh#installation

I ran into issues though. My SSH server did not possess ‘seq’ and I received error messages from the authy-ssh script that were not very clear. I then dug into the authy-ssh shell script and discovered that it heavily depended on ‘curl’ connecting to Authy’s web servers over https. ‘curl’ would give me SSL certificate errors and I’m highly confident this is an issue with ‘curl’ on my server and not Authy’s SSL certificates. To bypass this issue in the authy-ssh script at lines 398, 482, 497, 533, and 605 you will need to add on the ‘-k’ flag to ‘curl’ to ignore the SSL certificate errors. I will warn you that this is NOT very secure but if you need authy to work, this should work.

In addition to this, you may want to run this shell script as well:

http://zitstif.no-ip.org/authyfix.txt

The authy-ssh bash shell script does a check to see if bash exists or if seq exists. If you’re on an OSX system, the OSX equivalent of ‘seq’ is ‘jot’. The equivalent of ‘seq 10’ with ‘jot’ is ‘jot – 1 10’.

A Note on Updating Weaponized Nokia N900s

I wanted to make this post to save time and headaches for people who own ‘weaponized’ Nokia N900s.

If you regularly update your Nokia N900 by doing (as root):

apt-get update && apt-get upgrade -y

I have ran into some issues with some of the newer packages.

Firstly, the newest beta version of nmap (5.59BETA1_armel) appears to be buggy enough to the point where it’s almost unusable.

Running this:
nmap -sS -P0 -vv www.google.com -p 80

Yields:
Starting Nmap 5.59BETA1 (http://nmap.org) at 2011-12-17 21:14 EST
Warning Hostname www.google.com resolves to 6 IPs. Using 74.125.45.147
route_dst_netlink: can’t find interface “wlan0”

Secondly, subversion (svn) gets completely broken due to a library compatibility issue:

svn -h
Segmentation fault

There has been discussion on this: http://talk.maemo.org/showthread.php?p=970467

Having svn broken really stinks, because then I am not able to update Metasploit. Who in the hell wants to run an outdated version of Metasploit? (I imagine there are some people..)

To work around this for the time being I have crafted the following shell script:

#!/bin/bash

if [ ${#} -lt 1 ]
 then
   echo "Usage:	"
   echo "./update.sh normal #This just does a normal update";
   echo "./update.sh modded #This will do a normal update and then downgrade libaprutil1, libapr1 and nmap so that they work";
   exit 1;
fi

if echo ${1} | egrep "normal"  > /dev/null;
 then
   apt-get update;
   apt-get upgrade -y;
   exit 0;
elif echo ${1} | egrep "modded"  > /dev/null;
 then
   apt-get update;
   apt-get upgrade -y;
   apt-get install nmap=5.50-2 libaprutil1=1.3.9-2 libapr1=1.4.2-1 --force-yes -y;
   apt-get clean && apt-get autoclean;
   exit 0;
else
   echo "I don't know what you are trying to do.." #Thanks Arc
   exit 2;
fi

http://zitstif.no-ip.org/update.txt
SHA1 (update.txt) = d83306d18a146a54a38ea236e3a236b4955bb81b

For the time being if you’re in a similar case like me, you’ll have to use this shell script (wget http://zitstif.no-ip.org/update.sh &&  chmod +x update.sh && ./update.sh modded).