myoffice
/
linux_tasks
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
v2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f870e2cdce'
${ noResults }
linux_tasks/05_hash_ciphers_ssh_certs/solutions.md

228 lines
12 KiB
Markdown
Raw Blame History Unescape Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# Решения
### 1.
Скачайте дистрибутив debian debian-11.4.0-amd64-netinst.iso c http://mirror.corbina.net/debian-cd/current/amd64/iso-cd/.
Рассчитайте хэш sha256 командой sha256sum для дистрибутива debian и проверьте целостность данных, сравнив значение
с значением в файле SHA256SUMS.
```
$ sha256sum debian-11.4.0-amd64-netinst.iso
d490a35d36030592839f24e468a5b818c919943967012037d6ab3d65d030ef7f debian-11.4.0-amd64-netinst.iso
$ head -n1 SHA256SUMS
d490a35d36030592839f24e468a5b818c919943967012037d6ab3d65d030ef7f debian-11.4.0-amd64-netinst.iso
```
### 2.
Зашифруйте и расшифруйте данные с помощью openssl enc. Используйте команды:
```
$ cat helloworld.txt
Hello world!
$ openssl enc -in helloworld.txt -out encrypted.data -e -aes256 -k password
$ cat encrypted.data
Salted__I<EFBFBD><EFBFBD><EFBFBD>f<EFBFBD><EFBFBD><EFBFBD>0<EFBFBD>Z558<EFBFBD>+<2B>߮
3<EFBFBD>5<EFBFBD><EFBFBD><EFBFBD>Urq<EFBFBD><EFBFBD>T<EFBFBD>
$ openssl enc -d -aes-256-cbc -in encrypted.data -out un_encrypted.data
$ cat un_encrypted.data
Hello world!
2022
```
### 3.
Зашифруйте и расшифруйте данные с помощью gpg. Используйте команды:
```
$ cat helloworld.txt
Hello world!
$ gpg --output encrypted.data --symmetric --cipher-algo AES256 un_encrypted.data
$ cat encrypted_with_gpg.data
<EFBFBD> <20><>Ȥ<EFBFBD><C8A4>P<EFBFBD><50>
P.W<>{<7B>Vu]x|M<>C<EFBFBD><43><EFBFBD><EFBFBD>l<EFBFBD>@<40>s<EFBFBD>k<EFBFBD><6B>c<EFBFBD>N<EFBFBD>}<7D><>|<7C>Yn<59><6E><EFBFBD><EFBFBD><EFBFBD>a}<7D><><EFBFBD>d!I<><49>_E<5F><45><EFBFBD><EFBFBD><EFBFBD>x<EFBFBD><78>I<EFBFBD><49><EFBFBD><EFBFBD>
$ gpg --output un_encrypted_with_gpg.data --decrypt encrypted_with_gpg.data
$ $ cat un_encrypted_with_gpg.data
Hello world!
2022
```
### 4.
Сгенерируйте ed25519 пару ключей `ssh-keygen -o -a 100 -t ed25519`. Перейдите в `~/.ssh/` и проверьте, появилась ли пара SSH-ключей. Настройте возможность беспарольного входа в систему по ssh, добавить содержимое публичного ключа (.pub) в `authorized_keys` в той же директории (создайте файл, если его не существует).
```
$ ssh-keygen -o -a 100 -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/stud/.ssh/id_ed25519): /home/stud/.ssh/4task_id_ed25519
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/stud/.ssh/4task_id_ed25519
Your public key has been saved in /home/stud/.ssh/4task_id_ed25519.pub
The key fingerprint is:
SHA256:qzxgVYtYie5em9GC7q8mMX26LNEwEfEgsalIY0v8dEA stud@stud15
The key's randomart image is:
+--[ED25519 256]--+
|o.=E . . |
|.+.oo o . |
|o* +.+ o . |
|* B + o . |
|o. B o .S |
| + B = .. |
| B = =. |
| o.=.+. |
| ==++. |
+----[SHA256]-----+
$ ls
4task_id_ed25519 4task_id_ed25519.pub authorized_keys id_rsa id_rsa.pub known_hosts
$ cat 4task_id_ed25519.pub >> authorized_keys
$ tail -n 1 authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2O9POMD+URq+UkWUNgU475wvxmhTVPRkjAHq8DDLye stud@stud15
$ ssh localhost -i /home/stud/.ssh/4task_id_ed25519
Linux stud15 5.10.0-16-amd64 #1 SMP Debian 5.10.127-1 (2022-06-30) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Sep 7 20:02:39 2022 from 87.229.245.190
```
### 5.
Используйте `ssh-copy-id имя-удаленной-машины`, чтобы скопировать ваш ssh-ключ на сервер. Перед установкой попробуйте команду
в тестовом режиме с ключём `-n`.
```
$ ssh-copy-id -i 4task_id_ed25519 stud@193.32.63.185
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "4task_id_ed25519.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'stud@193.32.63.185'"
and check to make sure that only the key(s) you wanted were added.
```
### 6.
Отредактируйте `.ssh/config` на локальной машине, чтобы запись выглядела следующим образом
```
$ cat config
Host remote
User stud
HostName 193.32.63.185
IdentityFile ~/.ssh/4task_id_ed25519
$ ssh remote
Linux stud15 5.10.0-16-amd64 #1 SMP Debian 5.10.127-1 (2022-06-30) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Sep 7 20:17:07 2022 from ::1
```
### 7.
Отредактируйте конфигурацию вашего SSH-сервера, выполнив `sudo vi /etc/ssh/sshd_config`. Отключите проверку по паролю, отредактировав значение `PasswordAuthentication`. Отключите вход с правами суперпользователя, отредактировав значение `PermitRootLogin`. Перезапустите службу ssh с помощью `sudo systemctl restart sshd`.
Попробуйте подключиться ещё раз. Попробуйте подключиться ещё раз по паролю (добавьте флаг -o PubkeyAuthentication=no к ssh команде).
```
$ cat /etc/ssh/sshd_config | grep -e '^\(PasswordAuthentication\|PermitRootLogin\)'
PermitRootLogin prohibit-password
PasswordAuthentication no
$ sudo systemctl restart sshd
$ ssh remote -o PubkeyAuthentication=no
stud@193.32.63.185: Permission denied (publickey).
```
### 8.
Сгенерируйте сертификат x.509 и ключ с помощью openssl. Посмотрите содержимое сертификата командой `openssl x509`.
```
$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -nodes -days 365 -subj '/C=RU/ST=SamaraRegion/L=Samara/O=MyOffice/OU=SamaraDep/CN=myoffice.ru/'
$ openssl x509 -in cert.pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2a:f2:3c:06:38:97:cf:62:ac:62:7b:c6:c3:81:2a:47:9f:42:35:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = RU, ST = SamaraRegion, L = Samara, O = MyOffice, OU = SamaraDep, CN = myoffice.ru
Validity
Not Before: Sep 7 14:45:39 2022 GMT
Not After : Sep 7 14:45:39 2023 GMT
Subject: C = RU, ST = SamaraRegion, L = Samara, O = MyOffice, OU = SamaraDep, CN = myoffice.ru
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:bf:d8:c2:27:aa:29:70:69:33:c5:59:82:a7:b8:
b2:a3:48:03:04:e2:c8:f9:f3:16:97:cf:9d:f8:12:
a4:81:3f:a4:52:60:e4:ab:5e:4c:c9:85:18:1d:fa:
a7:be:82:f7:db:b4:9e:6b:b2:ab:87:89:44:1f:5e:
01:b5:6a:4a:37:e3:b2:da:5f:a4:63:80:92:49:36:
f2:dc:f9:75:75:65:56:6c:5d:10:86:32:0b:ee:a0:
b3:83:17:ef:c6:59:19:95:11:47:67:3b:65:96:ee:
31:52:c3:b3:6e:cf:ee:dc:05:3e:c0:6c:34:e9:3c:
f6:58:95:3c:38:3e:8c:3a:e2:d1:a8:41:a4:e8:85:
72:29:76:bb:32:1c:b7:3c:0c:f7:4d:e6:ed:31:16:
9e:61:d1:60:69:1d:2f:f5:cb:f1:a3:f2:ac:b0:91:
a1:6b:16:33:26:cc:83:70:bb:9b:82:43:f8:f9:38:
81:06:94:8f:ca:2b:b3:5b:77:78:72:f6:d0:c7:3c:
45:b1:4e:74:bf:b9:68:09:02:f7:4f:d0:4a:3f:39:
92:40:66:cf:b2:05:24:66:12:ae:ae:9d:1a:91:3c:
ad:78:cd:a8:6b:6e:9f:72:1f:0a:ca:7d:6a:21:09:
43:2b:48:93:dc:d2:02:d4:2d:e0:8e:47:22:64:47:
21:af:7c:e4:2b:ec:ed:93:59:c5:38:26:5e:0d:4e:
5c:4f:58:c1:7f:26:5b:b5:c2:e7:1c:84:c3:15:a7:
46:28:62:98:65:27:f2:4a:85:61:f0:c7:94:7b:6c:
f1:b6:35:65:9f:7c:d0:bb:8c:26:53:2a:55:01:cd:
62:7d:bf:39:ac:4d:6b:16:46:59:e4:e1:bb:b1:6e:
5e:ee:15:07:a1:97:c6:99:99:55:de:7d:6a:5d:f3:
56:d3:db:41:e5:27:ea:ac:4e:fe:ce:4e:07:76:71:
31:bd:d7:fe:e7:f1:2d:25:85:d8:ef:29:d6:6b:89:
43:64:8a:da:38:ac:cb:75:8d:f1:0d:cd:d3:dd:eb:
2f:f8:39:8b:a0:f0:6d:37:35:cf:96:fb:21:37:ff:
ef:3a:2b:69:d5:00:f4:e0:78:c9:59:01:a9:0b:c2:
7d:b9:80:ef:59:33:b5:c9:d9:0a:e8:ce:ef:20:61:
dc:a0:f2:ec:ef:23:a0:6b:fe:ae:30:c9:d6:03:cd:
28:f1:7a:b4:28:40:06:ce:0e:90:83:5b:21:c9:ec:
51:1f:d3:1a:ef:ab:81:20:de:3d:c6:bc:0c:58:68:
01:2e:90:6d:47:90:a4:ff:5b:e1:20:02:ba:dc:bf:
5f:97:db:85:df:d7:03:10:6a:2b:f2:f2:2f:7d:ef:
25:f2:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:BD:FB:B0:4E:09:4F:99:67:C4:8A:D3:A2:1B:14:78:51:B8:B1:5B
X509v3 Authority Key Identifier:
keyid:D2:BD:FB:B0:4E:09:4F:99:67:C4:8A:D3:A2:1B:14:78:51:B8:B1:5B
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
44:b0:16:b3:4b:82:1a:5a:35:a1:a9:bd:51:96:2d:b5:24:41:
ec:66:c6:4c:fb:60:c0:f1:8c:8f:e0:c2:82:30:8b:b3:ff:c1:
47:01:f9:94:a0:ed:05:9e:b3:21:3c:b4:6c:8c:ae:91:c8:d5:
f5:2c:7f:66:74:2d:67:e1:09:05:52:d2:bf:92:b5:b2:17:ec:
5c:c6:de:4d:36:76:73:38:ad:0a:4d:b7:37:b0:2a:0e:81:cd:
55:dd:46:d2:44:1d:e0:26:b3:44:bc:c0:15:b7:55:77:b2:16:
0e:00:db:c4:67:24:aa:ce:c8:10:e3:8a:9c:8c:1a:a1:8d:17:
0e:df:53:84:bb:88:fe:b6:17:f5:a7:b4:48:f3:71:f9:d0:e9:
e9:fc:0b:88:d2:a8:7b:ac:2b:d1:f6:38:e5:ce:95:54:30:c9:
25:7b:35:a1:2d:12:f9:97:d1:0e:33:d8:21:19:3e:40:40:ed:
58:e2:b5:4b:25:f1:f4:d2:26:76:e9:69:c0:9f:28:72:b9:84:
04:9a:2f:38:b1:89:28:96:f5:03:a1:d3:e7:80:12:87:4b:86:
ac:83:91:47:8b:f7:af:66:92:9b:6d:5d:c4:53:55:5a:f8:04:
0f:a6:8a:8a:e1:99:8c:8f:6a:ec:c2:48:6e:9b:6a:91:2b:af:
34:3e:91:3e:ae:7d:94:d5:9a:53:51:2f:ef:d2:45:b9:01:f3:
13:e3:4e:83:36:2e:a6:15:5b:52:1d:03:5a:f8:cf:27:58:8f:
a4:37:1d:98:d8:4f:20:f0:ac:3b:57:3f:60:a8:35:fc:46:b4:
e1:41:57:47:0f:f7:f3:cb:a9:52:c9:fb:32:c5:39:fb:0c:bf:
92:1c:71:d5:29:d6:11:e3:97:59:d2:61:72:c4:27:cb:c3:0b:
df:f9:70:10:b2:18:01:76:85:a9:78:df:ad:83:72:64:08:a5:
71:1f:75:6e:95:6a:39:14:2d:4f:96:1d:ae:55:d0:7f:70:be:
74:68:e8:9b:0e:0f:76:9d:d5:a5:e8:02:22:ee:7d:19:23:03:
87:c7:ad:18:60:d4:4d:b8:64:84:ae:51:12:bc:4e:af:81:18:
74:6f:1d:47:f6:59:52:ab:74:f9:20:be:fc:5e:0c:e9:bd:25:
e7:21:af:a4:69:6a:1e:e3:e4:1e:8c:80:b0:e4:0c:c3:0f:86:
f2:a0:b1:d9:66:3d:30:36:26:31:77:81:c9:e2:ca:2c:ae:f5:
07:56:d5:00:e4:09:37:5c:7d:a0:fc:79:f7:ea:fe:67:72:2e:
29:6d:d5:11:e9:bc:8a:63:20:1d:96:af:f9:85:1c:43:22:5e:
01:02:37:28:b1:dd:01:93
```
Reference in New Issue View Git Blame Copy Permalink