https://wiki.koeln.ccc.de/api.php?action=feedcontributions&user=Tomyum&feedformat=atomC4 Wiki - User contributions [en]2024-03-29T15:13:22ZUser contributionsMediaWiki 1.30.1https://wiki.koeln.ccc.de/index.php?title=User:Tomyum&diff=15682User:Tomyum2017-09-06T15:19:12Z<p>Tomyum: https</p>
<hr />
<div>https://hacktheplanet.de/al/</div>Tomyumhttps://wiki.koeln.ccc.de/index.php?title=User:Tomyum&diff=15444User:Tomyum2014-01-29T08:56:33Z<p>Tomyum: </p>
<hr />
<div>http://hacktheplanet.de/al/</div>Tomyumhttps://wiki.koeln.ccc.de/index.php?title=SSH_Agent&diff=13781SSH Agent2007-06-14T11:43:35Z<p>Tomyum: dead link deleted</p>
<hr />
<div>=SSH Agent=<br />
== Doobees Methode und Skript ==<br />
Mit dem ssh-agent kann man seinen RSA Key im Speicher halten und spart sich somit das staendige Eintippen der Passphrase. Das ist natuerlich ein Sicherheitsrisiko, aber kein groesseres, als wenn man SSH nicht benutzt, weil es zu unkomfortabel ist.<br />
<br />
# ssh-agent starten<br />
$ eval `ssh-agent`<br />
# key in den agent laden<br />
$ ssh-add<br />
Need passphrase for /Users?/drt/.ssh/identity<br />
Enter passphrase for drt@malcolm: <br />
Identity added: /Users?/drt/.ssh/identity (drt@malcolm)<br />
# munter ssh nutzen<br />
$ ssh user@host.org<br />
<br />
Ein kleines Script, das dafuer sorgt, dass der ssh-agent quer durch alle Fenster und Konsolen funktioniert.<br />
<br />
#!/bin/sh<br />
# This script is intended to reside in your ~/.ssh directory (don't<br />
# forget to 'chmod 700'), and be included in your shell init script.<br />
# It works by checking for a working ssh agent, otherwise it starts one<br />
# and requests the passphrase.<br />
#<br />
# For bash and ksh users:<br />
# include the following in your ~/.bashrc or ~/.kshrc or ~/.profile<br />
# . $HOME/.ssh/setup<br />
<br />
# Enable this if using you have GNOME and the following program.<br />
#SSH_ASKPASS=/usr/libexec/ssh/gnome-ssh-askpass<br />
#export SSH_ASKPASS<br />
<br />
SSH_ENV=$HOME/.ssh/environment.`hostname`<br />
<br />
function start_agent {<br />
echo "Initialising new Secure Shell agent..."<br />
ssh-agent -s | head -2 > ${SSH_ENV}<br />
chmod 600 ${SSH_ENV}<br />
. ${SSH_ENV} > /dev/null<br />
#ssh-add < /dev/null<br />
}<br />
<br />
# Source SSH settings, if applicable<br />
if [ -f "${SSH_ENV}" ]; then<br />
. ${SSH_ENV} > /dev/null<br />
kill -0 ${SSH_AGENT_PID} 2>/dev/null || {<br />
start_agent;<br />
}<br />
else<br />
start_agent; <br />
fi<br />
<br />
----<br />
Richtig bequem ist es, wenn man den ssh-agent und ssh-add in seinem .xsession bzw. .xinitrc startet. Dann haben alle Prozesse in der X-Session Zugriff auf den Agenten. Bei einigen Systemen muß man OpenSSH?-askpass gesondert installieren. --HaNs<br />
----<br />
Ja, aber wenn man das vergessen hat und X nicht beenden will, oder kein X sondern Quarz oder Consolen oder sonstwas einsetzt, kann man obiges Skript in seine .profile einbauen und man hat den gleichen Effekt. Einmal ssh-add eingeben und das wirkt sich auf alle Shells aus. BTW: HaNs hat mich vor geraumer Zeit in die Kunst der ssh-agent Nutzung eingeführt) --DoobeeRTzeck<br />
----<br />
Man kann sich dann noch Gedanken machen, ob man ssh-add nicht (zb mit -t 3600) einfach dazu ueberredet die Keys nur eine bestimmte Zeit lang im Speicher zu behalten. So kann man sich sicher sein, dass niemand der einen Tag nachdem man Keys benutzt hat die Workstation unter die Finger bekommt und munter lustig drauflos sich irgendwo einloggen kann...<br />
--[[User:Fd0|Fd0]] 12:13, 17 Mar 2005 (CET)<br />
<br />
== Die keychain Methode ==<br />
Einfach keychain installieren und in die .profile oder .bash_profile folgendes eintragen:<br />
<br />
keychain ~/.ssh/key1 ~/.ssh/key2<br />
. ~/.keychain/${HOSTNAME}-sh<br />
<br />
--[[User:Mario Manno|MM]] 01:07, 14 Oct 2004 (CEST)<br />
<br />
Wobei man sich dabei sehr bewusst sein muss, das keychain ein enormes (~1500 Zeilen) sh Script ist, das bei 'jedem' start einer shell ausgefuehrt wird...<br />
<br />
--[[User:Fd0|Fd0]] 12:10, 17 Mar 2005 (CET)<br />
<br />
==Links==<br />
<br />
* [http://www.employees.org/~satch/ssh/faq/ssh-faq.html SSH FAQ]<br />
* [http://www.openssh.org/ Open SSH]<br />
<br />
[[Category:Hacks]] [[Category:Tools]]</div>Tomyumhttps://wiki.koeln.ccc.de/index.php?title=Wunschliste&diff=13414Wunschliste2007-04-18T10:04:37Z<p>Tomyum: Logic-Analyzer wurde angeschafft</p>
<hr />
<div>Der C4 e.V. kann Spendenquittungen ausstellen!<br />
<br />
== Was wir gebrauchen können ==<br />
* Netzwerkfähiger Laserdrucker<br />
* TFT-Monitore<br />
* Fernseher (groß, stereo)<br />
* PCI-Sound, -Netzwerk, -SCSI-Karten<br />
* AGP-Grafikkarten<br />
* Festplatten ab 10GB<br />
* interessante Hardware<br />
* Oszilloskop (am besten digital...)<br />
* Tastaturen und Mäuse (PS/2 und USB, am liebsten optisch)<br />
* Waffeleisen, Sandwichtoaster oder Kombi-Gerät<br />
<br />
== Was wir nicht haben wollen! ==<br />
* Röhrenmonitore (über 9" und unter 19")<br />
* x86-Hardware < Pentium II<br />
* ISA-Karten<br />
* Festplatten unter 10GB</div>Tomyumhttps://wiki.koeln.ccc.de/index.php?title=User:Tomyum&diff=13305User:Tomyum2006-11-04T15:19:01Z<p>Tomyum: </p>
<hr />
<div>http://hacktheplanet.de/about.php</div>Tomyumhttps://wiki.koeln.ccc.de/index.php?title=Heiligenhoven2006&diff=10660Heiligenhoven20062006-01-04T14:56:20Z<p>Tomyum: Datum hinzugefuegt</p>
<hr />
<div>Unser alljaehrliches Geekend in Heiligenhoven findet vom 17.03. bis zum 19.03. statt.<br />
<br />
<br />
Und hier ist das schwarze Brett fuer moegliche Vortraege:<br />
<br />
{| border=1<br />
|Thema<br />
|Anbieter?<br />
|Wann?<br />
|Interessenten<br />
|-<br />
|Esperanto <br />
|[[Pallas]]<br />
|Egal<br />
|<br />
|-<br />
|}<br />
<br />
[[Kategorie:Heiligenhoven2006]]</div>Tomyumhttps://wiki.koeln.ccc.de/index.php?title=User:Tomyum&diff=12168User:Tomyum2005-10-20T00:17:53Z<p>Tomyum: </p>
<hr />
<div>"Tom yum is perhaps the most famous of all Thai dishes, a hot and sour soup flavored with fish sauce, onion, lemongrass, kaffir lime, galangal and chillies."<br />
<br />
= Alessandro Lenzen aka al aka tomyum =<br />
<br />
== asynchrone Kommunikationsmoeglichkeiten ==<br />
* E-Mail: al@koeln.ccc.de (verschluesselung mit der KeyId [http://hacktheplanet.de/al/pub.asc 117B7C8A] erwuenscht)<br />
<br />
== synchrone Kommunikationsmoeglichkeiten ==<br />
* JabberId: al@jabber.ccc.de (gerne auch mit obigen Key verschluesselt)<br />
* irc: tomyum im ircnet und freenode</div>Tomyumhttps://wiki.koeln.ccc.de/index.php?title=Ethernet-Tools&diff=3059Ethernet-Tools2004-12-18T18:23:24Z<p>Tomyum: /* http://www.tcpdump.org/ */</p>
<hr />
<div>== http://www.ethereal.com/ ==<br />
<br />
"Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements. It runs on all popular computing platforms, including Unix, Linux, and Windows."<br />
<br />
see also:<br />
<br />
http://www.onlamp.com/lpt/a/323 "Using Ethereal"<br><br />
http://www.onlamp.com/lpt/a/4834 "Top Ten Ethereal Tips and Tricks"<br />
<br />
== http://etherape.sourceforge.net/ ==<br />
<br />
"EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, ip and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display. It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network."<br />
<br />
== http://www.tcpdump.org/ ==<br />
<br />
"tcpdump - dump traffic on a network"<br />
<br />
see also:<br />
<br />
http://www.onlamp.com/lpt/a/702 "Capturing TCP Packets"<br />
<br />
== http://naughty.monkey.org/~dugsong/dsniff/ ==<br />
<br />
"dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI."<br />
<br />
== http://ettercap.sourceforge.net/ ==<br />
<br />
"Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.<br />
It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis."</div>Tomyumhttps://wiki.koeln.ccc.de/index.php?title=Ethernet-Tools&diff=3058Ethernet-Tools2004-12-18T18:21:00Z<p>Tomyum: </p>
<hr />
<div>== http://www.ethereal.com/ ==<br />
<br />
"Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements. It runs on all popular computing platforms, including Unix, Linux, and Windows."<br />
<br />
see also:<br />
<br />
http://www.onlamp.com/lpt/a/323 "Using Ethereal"<br><br />
http://www.onlamp.com/lpt/a/4834 "Top Ten Ethereal Tips and Tricks"<br />
<br />
== http://etherape.sourceforge.net/ ==<br />
<br />
"EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, ip and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display. It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network."<br />
<br />
== http://www.tcpdump.org/ ==<br />
<br />
"tcpdump - dump traffic on a network"<br />
<br />
== http://naughty.monkey.org/~dugsong/dsniff/ ==<br />
<br />
"dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI."<br />
<br />
== http://ettercap.sourceforge.net/ ==<br />
<br />
"Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.<br />
It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis."</div>Tomyum