You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12 KiB
12 KiB
Решения
1.
Скачайте дистрибутив debian debian-11.4.0-amd64-netinst.iso c http://mirror.corbina.net/debian-cd/current/amd64/iso-cd/. Рассчитайте хэш sha256 командой sha256sum для дистрибутива debian и проверьте целостность данных, сравнив значение с значением в файле SHA256SUMS.
$ sha256sum debian-11.4.0-amd64-netinst.iso
d490a35d36030592839f24e468a5b818c919943967012037d6ab3d65d030ef7f debian-11.4.0-amd64-netinst.iso
$ head -n1 SHA256SUMS
d490a35d36030592839f24e468a5b818c919943967012037d6ab3d65d030ef7f debian-11.4.0-amd64-netinst.iso
2.
Зашифруйте и расшифруйте данные с помощью openssl enc. Используйте команды:
$ cat helloworld.txt
Hello world!
$ openssl enc -in helloworld.txt -out encrypted.data -e -aes256 -k password
$ cat encrypted.data
Salted__I<5F><49><EFBFBD>f<EFBFBD><66><EFBFBD>0<EFBFBD>Z558<35>+<2B>߮
3<>5<EFBFBD><35><EFBFBD>Urq<72><71>T<EFBFBD>
$ openssl enc -d -aes-256-cbc -in encrypted.data -out un_encrypted.data
$ cat un_encrypted.data
Hello world!
2022
3.
Зашифруйте и расшифруйте данные с помощью gpg. Используйте команды:
$ cat helloworld.txt
Hello world!
$ gpg --output encrypted.data --symmetric --cipher-algo AES256 un_encrypted.data
$ cat encrypted_with_gpg.data
<0A> <20><>Ȥ<EFBFBD><C8A4>P<EFBFBD><50>
P.W<>{<7B>Vu]x|M<>C<EFBFBD><43><EFBFBD><EFBFBD>l<EFBFBD>@<40>s<EFBFBD>k<EFBFBD><6B>c<EFBFBD>N<EFBFBD>}<7D><>|<7C>Yn<59><6E><EFBFBD><EFBFBD><EFBFBD>a}<7D><><EFBFBD>d!I<><49>_E<5F><45><EFBFBD><EFBFBD><EFBFBD>x<EFBFBD><78>I<EFBFBD><49><EFBFBD><EFBFBD>
$ gpg --output un_encrypted_with_gpg.data --decrypt encrypted_with_gpg.data
$ $ cat un_encrypted_with_gpg.data
Hello world!
2022
4.
Сгенерируйте ed25519 пару ключей ssh-keygen -o -a 100 -t ed25519. Перейдите в ~/.ssh/ и проверьте, появилась ли пара SSH-ключей. Настройте возможность беспарольного входа в систему по ssh, добавить содержимое публичного ключа (.pub) в authorized_keys в той же директории (создайте файл, если его не существует).
$ ssh-keygen -o -a 100 -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/stud/.ssh/id_ed25519): /home/stud/.ssh/4task_id_ed25519
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/stud/.ssh/4task_id_ed25519
Your public key has been saved in /home/stud/.ssh/4task_id_ed25519.pub
The key fingerprint is:
SHA256:qzxgVYtYie5em9GC7q8mMX26LNEwEfEgsalIY0v8dEA stud@stud15
The key's randomart image is:
+--[ED25519 256]--+
|o.=E . . |
|.+.oo o . |
|o* +.+ o . |
|* B + o . |
|o. B o .S |
| + B = .. |
| B = =. |
| o.=.+. |
| ==++. |
+----[SHA256]-----+
$ ls
4task_id_ed25519 4task_id_ed25519.pub authorized_keys id_rsa id_rsa.pub known_hosts
$ cat 4task_id_ed25519.pub >> authorized_keys
$ tail -n 1 authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2O9POMD+URq+UkWUNgU475wvxmhTVPRkjAHq8DDLye stud@stud15
$ ssh localhost -i /home/stud/.ssh/4task_id_ed25519
Linux stud15 5.10.0-16-amd64 #1 SMP Debian 5.10.127-1 (2022-06-30) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Sep 7 20:02:39 2022 from 87.229.245.190
5.
Используйте ssh-copy-id имя-удаленной-машины, чтобы скопировать ваш ssh-ключ на сервер. Перед установкой попробуйте команду
в тестовом режиме с ключём -n.
$ ssh-copy-id -i 4task_id_ed25519 stud@193.32.63.185
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "4task_id_ed25519.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'stud@193.32.63.185'"
and check to make sure that only the key(s) you wanted were added.
6.
Отредактируйте .ssh/config на локальной машине, чтобы запись выглядела следующим образом
$ cat config
Host remote
User stud
HostName 193.32.63.185
IdentityFile ~/.ssh/4task_id_ed25519
$ ssh remote
Linux stud15 5.10.0-16-amd64 #1 SMP Debian 5.10.127-1 (2022-06-30) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Sep 7 20:17:07 2022 from ::1
7.
Отредактируйте конфигурацию вашего SSH-сервера, выполнив sudo vi /etc/ssh/sshd_config. Отключите проверку по паролю, отредактировав значение PasswordAuthentication. Отключите вход с правами суперпользователя, отредактировав значение PermitRootLogin. Перезапустите службу ssh с помощью sudo systemctl restart sshd.
Попробуйте подключиться ещё раз. Попробуйте подключиться ещё раз по паролю (добавьте флаг -o PubkeyAuthentication=no к ssh команде).
$ cat /etc/ssh/sshd_config | grep -e '^\(PasswordAuthentication\|PermitRootLogin\)'
PermitRootLogin prohibit-password
PasswordAuthentication no
$ sudo systemctl restart sshd
$ ssh remote -o PubkeyAuthentication=no
stud@193.32.63.185: Permission denied (publickey).
8.
Сгенерируйте сертификат x.509 и ключ с помощью openssl. Посмотрите содержимое сертификата командой openssl x509.
$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -nodes -days 365 -subj '/C=RU/ST=SamaraRegion/L=Samara/O=MyOffice/OU=SamaraDep/CN=myoffice.ru/'
$ openssl x509 -in cert.pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2a:f2:3c:06:38:97:cf:62:ac:62:7b:c6:c3:81:2a:47:9f:42:35:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = RU, ST = SamaraRegion, L = Samara, O = MyOffice, OU = SamaraDep, CN = myoffice.ru
Validity
Not Before: Sep 7 14:45:39 2022 GMT
Not After : Sep 7 14:45:39 2023 GMT
Subject: C = RU, ST = SamaraRegion, L = Samara, O = MyOffice, OU = SamaraDep, CN = myoffice.ru
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:bf:d8:c2:27:aa:29:70:69:33:c5:59:82:a7:b8:
b2:a3:48:03:04:e2:c8:f9:f3:16:97:cf:9d:f8:12:
a4:81:3f:a4:52:60:e4:ab:5e:4c:c9:85:18:1d:fa:
a7:be:82:f7:db:b4:9e:6b:b2:ab:87:89:44:1f:5e:
01:b5:6a:4a:37:e3:b2:da:5f:a4:63:80:92:49:36:
f2:dc:f9:75:75:65:56:6c:5d:10:86:32:0b:ee:a0:
b3:83:17:ef:c6:59:19:95:11:47:67:3b:65:96:ee:
31:52:c3:b3:6e:cf:ee:dc:05:3e:c0:6c:34:e9:3c:
f6:58:95:3c:38:3e:8c:3a:e2:d1:a8:41:a4:e8:85:
72:29:76:bb:32:1c:b7:3c:0c:f7:4d:e6:ed:31:16:
9e:61:d1:60:69:1d:2f:f5:cb:f1:a3:f2:ac:b0:91:
a1:6b:16:33:26:cc:83:70:bb:9b:82:43:f8:f9:38:
81:06:94:8f:ca:2b:b3:5b:77:78:72:f6:d0:c7:3c:
45:b1:4e:74:bf:b9:68:09:02:f7:4f:d0:4a:3f:39:
92:40:66:cf:b2:05:24:66:12:ae:ae:9d:1a:91:3c:
ad:78:cd:a8:6b:6e:9f:72:1f:0a:ca:7d:6a:21:09:
43:2b:48:93:dc:d2:02:d4:2d:e0:8e:47:22:64:47:
21:af:7c:e4:2b:ec:ed:93:59:c5:38:26:5e:0d:4e:
5c:4f:58:c1:7f:26:5b:b5:c2:e7:1c:84:c3:15:a7:
46:28:62:98:65:27:f2:4a:85:61:f0:c7:94:7b:6c:
f1:b6:35:65:9f:7c:d0:bb:8c:26:53:2a:55:01:cd:
62:7d:bf:39:ac:4d:6b:16:46:59:e4:e1:bb:b1:6e:
5e:ee:15:07:a1:97:c6:99:99:55:de:7d:6a:5d:f3:
56:d3:db:41:e5:27:ea:ac:4e:fe:ce:4e:07:76:71:
31:bd:d7:fe:e7:f1:2d:25:85:d8:ef:29:d6:6b:89:
43:64:8a:da:38:ac:cb:75:8d:f1:0d:cd:d3:dd:eb:
2f:f8:39:8b:a0:f0:6d:37:35:cf:96:fb:21:37:ff:
ef:3a:2b:69:d5:00:f4:e0:78:c9:59:01:a9:0b:c2:
7d:b9:80:ef:59:33:b5:c9:d9:0a:e8:ce:ef:20:61:
dc:a0:f2:ec:ef:23:a0:6b:fe:ae:30:c9:d6:03:cd:
28:f1:7a:b4:28:40:06:ce:0e:90:83:5b:21:c9:ec:
51:1f:d3:1a:ef:ab:81:20:de:3d:c6:bc:0c:58:68:
01:2e:90:6d:47:90:a4:ff:5b:e1:20:02:ba:dc:bf:
5f:97:db:85:df:d7:03:10:6a:2b:f2:f2:2f:7d:ef:
25:f2:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:BD:FB:B0:4E:09:4F:99:67:C4:8A:D3:A2:1B:14:78:51:B8:B1:5B
X509v3 Authority Key Identifier:
keyid:D2:BD:FB:B0:4E:09:4F:99:67:C4:8A:D3:A2:1B:14:78:51:B8:B1:5B
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
44:b0:16:b3:4b:82:1a:5a:35:a1:a9:bd:51:96:2d:b5:24:41:
ec:66:c6:4c:fb:60:c0:f1:8c:8f:e0:c2:82:30:8b:b3:ff:c1:
47:01:f9:94:a0:ed:05:9e:b3:21:3c:b4:6c:8c:ae:91:c8:d5:
f5:2c:7f:66:74:2d:67:e1:09:05:52:d2:bf:92:b5:b2:17:ec:
5c:c6:de:4d:36:76:73:38:ad:0a:4d:b7:37:b0:2a:0e:81:cd:
55:dd:46:d2:44:1d:e0:26:b3:44:bc:c0:15:b7:55:77:b2:16:
0e:00:db:c4:67:24:aa:ce:c8:10:e3:8a:9c:8c:1a:a1:8d:17:
0e:df:53:84:bb:88:fe:b6:17:f5:a7:b4:48:f3:71:f9:d0:e9:
e9:fc:0b:88:d2:a8:7b:ac:2b:d1:f6:38:e5:ce:95:54:30:c9:
25:7b:35:a1:2d:12:f9:97:d1:0e:33:d8:21:19:3e:40:40:ed:
58:e2:b5:4b:25:f1:f4:d2:26:76:e9:69:c0:9f:28:72:b9:84:
04:9a:2f:38:b1:89:28:96:f5:03:a1:d3:e7:80:12:87:4b:86:
ac:83:91:47:8b:f7:af:66:92:9b:6d:5d:c4:53:55:5a:f8:04:
0f:a6:8a:8a:e1:99:8c:8f:6a:ec:c2:48:6e:9b:6a:91:2b:af:
34:3e:91:3e:ae:7d:94:d5:9a:53:51:2f:ef:d2:45:b9:01:f3:
13:e3:4e:83:36:2e:a6:15:5b:52:1d:03:5a:f8:cf:27:58:8f:
a4:37:1d:98:d8:4f:20:f0:ac:3b:57:3f:60:a8:35:fc:46:b4:
e1:41:57:47:0f:f7:f3:cb:a9:52:c9:fb:32:c5:39:fb:0c:bf:
92:1c:71:d5:29:d6:11:e3:97:59:d2:61:72:c4:27:cb:c3:0b:
df:f9:70:10:b2:18:01:76:85:a9:78:df:ad:83:72:64:08:a5:
71:1f:75:6e:95:6a:39:14:2d:4f:96:1d:ae:55:d0:7f:70:be:
74:68:e8:9b:0e:0f:76:9d:d5:a5:e8:02:22:ee:7d:19:23:03:
87:c7:ad:18:60:d4:4d:b8:64:84:ae:51:12:bc:4e:af:81:18:
74:6f:1d:47:f6:59:52:ab:74:f9:20:be:fc:5e:0c:e9:bd:25:
e7:21:af:a4:69:6a:1e:e3:e4:1e:8c:80:b0:e4:0c:c3:0f:86:
f2:a0:b1:d9:66:3d:30:36:26:31:77:81:c9:e2:ca:2c:ae:f5:
07:56:d5:00:e4:09:37:5c:7d:a0:fc:79:f7:ea:fe:67:72:2e:
29:6d:d5:11:e9:bc:8a:63:20:1d:96:af:f9:85:1c:43:22:5e:
01:02:37:28:b1:dd:01:93
9.
9.1 certbot
Установка certbot
apt install certbot
Получение сертификата
certbot certonly --standalone --email stud@gmail.com --agree-tos --no-eff-email --rsa-key-size 4096 --domain stud12.myoffice.ru --config-dir /var/www/html/certs/
9.2 acme.sh
Установка acme.sh (выполняется под root)
git clone https://github.com/acmesh-official/acme.sh.git
cd ./acme.sh
./acme.sh --install -m my@example.com
Получение сертификата
acme.sh --issue -d stud12.myoffice.ru -w /var/www/html/certs/