Skip to content

Rage Against the Shell

Linux tips and other things…

  • Home
  • Contact
  • Privacy Policy

Day: September 5, 2015

Generate SSH key

Posted on September 5, 2015 - April 24, 2016 by Mr. Reboot

To generate the pair public/private keys type on the shell:

~ $ ssh-keygen -t rsa -b 2048

It ask you for a pass-phrase, it’s important choose a stronge pass-phrase, letters, numbers, symbols etc. If you accept the default path and name for the key it will create two files, the private key, id_rsa, and the public key, id_rsa.pub, in .ssh folder at your HOME:

~/.ssh/id_rsa
~/.ssh/id_rsa.pub

Check permissions, 600 for files and 700 for the .ssh directory.

Now just copy the content of id_rsa.pub and add it to the user home know_hosts file, on the server you want to connect you:

~ $ cat id_rsa.pub >> /root/.ssh/know_hosts

Finally add the private key identity to the authentication agent:

~ $ ssh-add

It will ask you for the pass-phrase, type it. By this way the identity will be stored and now when you try to connect to the server with the public key, you will enter safely without password:

~ $ ssh root@server
Posted in SSH

Clone disks

Posted on September 5, 2015 - May 31, 2016 by Mr. Reboot

To clone a entire disk you can use the dd command:

~ $ dd if=/dev/sda of=/dev/sdb bs=10240k conv=noerror,sync

Or dd_rescue, more reliable than dd:

~ $ dd_rescue -v /dev/sda /dev/sdb

Also you can use pv to watch the progress:

~ $ dd if=/dev/sda bs=10240k conv=noerror,sync | pv -c -b -r -t > /dev/sdb

About a partition table you can copy it from a disk to another:

~ $ sfdisk -d /dev/sda | sfdisk /dev/sdb

Or save to a file:

~ $ sfdisk -d /dev/sda > partition-table.output 

And restore then:

~ $ sfdisk /dev/sda < partition-table.output 
Posted in File systems

Extract info from a SSL cert

Posted on September 5, 2015 - August 8, 2017 by Mr. Reboot

All info from a CSR file:

~ $ openssl req -noout -text -in www.mydomainssl.com.csr

All info from a CRT file:

~ $ openssl x509 -noout -text -in www.mydomainssl.com.crt

Expiration date:

~ $ openssl x509 -noout -dates -in www.mydomainssl.com.csr

Verify the CSR file:

~ $ openssl req -verify -in www.mydomainssl.com.csr

Verify the KEY:

~ $ openssl rsa -check -in www.mydomainssl.com.key

Compare the md5 KEY, CSR and CRT to check if they match:

~ $ openssl rsa -noout -modulus -in www.mydomainssl.com.key | openssl md5
~ $ openssl req -noout -modulus -in www.mydomainssl.com.csr | openssl md5
~ $ openssl x509 -noout -modulus -in www.mydomainssl.com.crt | openssl md5

Extract secure HTTP info remotely:

~ $ openssl s_client -showcerts -connect www.mydomainssl.com:443

Extract secure SMTP info remotely:

~ $ openssl s_client -showcerts -connect www.mydomainssl.com:465
Posted in SSL

Search

Calendar

September 2015
M T W T F S S
 123456
78910111213
14151617181920
21222324252627
282930  
« Aug   Oct »

Categories

  • Apache
  • Cisco
  • Command line
  • Distros
  • Dovecot
  • File systems
  • Gadgets
  • GlusterFS
  • MySQL
  • Nginx
  • NTP
  • Opendkim
  • Pacemaker + Corosync
  • Postfix
  • Raspberrypi
  • SSH
  • SSL
  • Varnish

RSS RSS

  • Using qrencode January 16, 2022
  • Compile varnish module vmod_vsthrottle April 22, 2020
  • SSH vpn with sshuttle April 9, 2020
  • Disable swap in systemd December 16, 2019
  • Getting the parent process pid October 12, 2018
Proudly powered by WordPress | Theme: micro, developed by DevriX.