linux

Security

SSH

Make a public and private key pair and place them in the local ~/.ssh directory

1
2
3
mkdir ~/.ssh
chmod 700 ~/.ssh
ssh-keygen -t rsa

the public key is ~/.ssh/id_rsa.pub
Transfer this file using rsync to Hostgator. It should be in /home2/mbcladwell/.ssh/authorized_keys

1
rsync -av -e "ssh -p 2222" ~/.ssh/id_dsa.pub mbcladwell@123.123.123.123:.ssh/authorized_keys
1
2
3
4
5
6
7
ssh mbcladwell@123.123.123.123

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chown mbcladwell ~/.ssh/authorized_keys


GPG

to get a key:
gpg –keyserver subkeys.pgp.net –recv-keys 219EC810

to add to keyring:
gpg -a –export 55BE302B | apt-key add -

To find an expired key:
apt-key list | grep expired

root@dc7700s:/home/mbc# apt-key list | grep expired
pub 1024D/C4447CF3 2010-11-05 [expired: 2015-03-26]

then run: apt-key adv –recv-keys –keyserver keys.gnupg.net C4447CF3

$ gpg –export-secret-keys -a keyid > my_private_key.asc
$ gpg –export -a keyid > my_public_key.asc

gpg –import public.key
gpg –allow-secret-key-import –import private.key

!!!note the second import

To export secret key for transfer to another computer:

gpg –export-secret-keys –armor –output secret.asc

After fresh install copy ~/.gnupg directory to new machine via USB

Revoke a key

First import into keyring the revocation certificate (previously generated)
$ gpg –import ~/syncd/.gnupg/mystuff/verizonrevocation.txt

Then send the revoked key id to the keyserver
$ gpg –keyserver pgp.mit.edu –send-keys 16D9C90B47237FB3

Then go to the keyserver and query name - should see “revoked” in the first line.

For ~/syncd/.gnupg

in ~/.bashrc must have: export GNUPGHOME=/home/mbc/syncd/.gnupg
#chmod 700 /home/mbc/syncd/.gnupg

Tor

You need to add the following entry in /etc/apt/sources.list or a new file in /etc/apt/sources.list.d/:

deb http://deb.torproject.org/torproject.org wheezy main
deb-src http://deb.torproject.org/torproject.org wheezy main

Then add the gpg key used to sign the packages by running the following commands at your command prompt:

gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -

You can install it with the following commands:

$ apt-get update
$ apt-get install tor deb.torproject.org-keyring

tar -xvJf tor-browser-linux32-5.5.4_en-US.tar.xz
cd to tor director and run batch file.

Miscellaneous

Have I been pawned?

Ten minute email

mbcladwell+website.com@gmail.com attaches destination crumb so you can monitor who is handing out your email. Works only with gmail.

Linux privelage escalation

How to keep your isps nose out of your browser history with encrypted dns

Capture passwords sshing into your server

Share