nakkayadotcom

Passwordless Logins with SSH

20 May 2009

SSH allows you to login remote hosts without entering your password every time, using Public key authentication.

First you need to generate key,

$ ssh-keygen -t rsa

Save the key in the default file (~/.ssh/id_rsa) and do not use a passphrase. This will create a file ~/.ssh/id_rsa.pub.

You need to copy your public key to all machines that you need to login with this scheme.

$ scp .ssh/id_rsa.pub user@host:.

Finally append your public key to the available keys,

$ cat id_dsa.pub >> .ssh/authorized_keys

Mac OS X Hidden Files in Finder

15 May 2009

Once in a while i need to see hidden files in Finder, unfortunately finder does not provide an option to show/hide hidden files. But you can use the following command to make it show/hide hidden files. Fire up a terminal and type,

To Show

defaults write com.apple.finder AppleShowAllFiles TRUE
killall Finder

To Hide

defaults write com.apple.finder AppleShowAllFiles FALSE
killall Finder

Nmap Host Discovery - Is There Anybody Out There?

11 May 2009

Using nmap we can get a list of machines around us,

sudo nmap -sP -PS21,22,23,25,80,135,139,445,1025,3389 \
-PU53,67,68,69,111,161,445,514 -PE -PP -PM 192.168.1.1-254

For XML output append,

-oX hosts.xml

In order to get a list of IP's, you can filter the output with grep,

grep -oE '([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}'

Sort Objects Your Way

09 May 2009

Just a future reference for myself, if i ever need to sort objects my way.

import java.util.Comparator;

public class IpComparator implements Comparator {

  public int compare(Object host, Object anotherHost) {

      String hostIp = (String)host.toUpperCase();
      String anotherHostIp = (String)anotherHost.toUpperCase();

      return hostIp.compareTo(anotherHostIp);
  }
}

Collections.sort(arpTable, new IpComparator());

Speeding Up Your Net Browsing with PDNSD Domain Name Caching on Mac OS X

07 May 2009

DNS is the Domain Name System. DNS converts machine names to the IP addresses that all machines on the net have. Every time you type google.com your computer has to ask for an IP address from a DNS server. (Looking for... Step in your browser when connecting to a site.) We can cache the return value for the request to speed up subsequent request.

pdnsd is a proxy dns server with permanent caching, unlike other DNS servers pdnsd writes the cache to hard disk on exit.

If you don't have MacPorts installed, install it first. MacPorts has a port of pdnsd. You can use,

sudo port install pdnsd

to get it to install pdnsd.

Create a file named, pdnsd.conf under /opt/local/etc/pdnsd/ with the following content.

global {
        perm_cache=2048;
        cache_dir="/var/pdnsd";
        max_ttl=604800;
        run_as="pdnsd";
        paranoid=on;
        server_port=53;
        server_ip="127.0.0.1";
        run_as = nobody;
}

server {
        label=OpenDNS;
        ip=208.67.222.222;
        ip=208.67.220.220;
        timeout=30;
        interval=30;
        uptest=ping;
        ping_timeout=50;
        purge_cache=off;
}

Change the owner of the file to root,

sudo chown root /opt/local/etc/pdnsd/pdnsd.conf

Make directory called /var/pdnsd/ and set the owner as nobody,

sudo mkdir /var/pdnsd/
sudo chown nobody /var/pdnsd/

Next, we need to create a start up item for OS X,

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>pdnsd</string>
  <key>OnDemand</key>
  <false/>
  <key>Program</key>
  <string>/opt/local/sbin/pdnsd</string>
  <key>ServiceDescription</key>
  <string>pdnsd - a proxy DNS server with permanent caching</string>
 </dict>
</plist>

Save it as, pdnsd.plist under the folder,

/Library/LaunchDaemons/

We need to set the owner as root and give it a permission of 644,

sudo chown root /Library/LaunchDaemons/pdnsd.plist 
chmod 644 /Library/LaunchDaemons/pdnsd.plist

In order to launch it you can use,

sudo launchctl load /Library/LaunchDaemons/pdnsd.plist

To test, issue

dig @127.0.0.1 google.com

If you a get a response back everything is working, if you don't get a response back check,

/var/log/messages

for errors. Make sure all the files are owned by root and has correct permissions.

Installing Debian on EeePc

05 May 2009

Following documents the experience i had while installing Debian on my EeePC 701. This page servers as a reference to myself cause i rarely re format my linux or mac boxes. Installation was smooth. All hardware on my eee was supported out of the box. debian.org has a great wiki with more instructions tips and tricks also model specific data.

On Mac

• Plug in your USB drive.
• Open disk utility right click on the USB drive and select info. Note your disk identifier.
• Unmount the drive.( Not Eject )

• Switch to terminal and type

  sudo dd if=/debian-eeepc.img of=/dev/

Double check you disk identifier. Don't erease you main drive or external drive.

Booting

From bios change your boot priority to USB boot. Now you are ready to boot from the USB drive you prepared.

Installation

Just follow the on screen instructions, and install a basic system. You can add additional applications later.

Disk Arrangement

I have a 2 GB internal card and a 8 GB card on the reader.

• / 2 GB (internal)
• /home 2 GB (external)
• /usr 5 GB (external)
• /var 1 GB (external)

Post Installation

X Window

apt-get install xserver-xorg-core

Gnome

apt-get install gnome-core
gconftool-2 -t bool -s /apps/metacity/general/reduced_resources true

Networking

apt-get install network-manager-gnome

Then open /etc/network/interfaces with your favorite editor and comment out your wireless interface. That will let gnome network manager to manage your network settings. If you emit this step network manager will only show your wired network.

Ip Over Dns

02 May 2009

Ip over DNS will encapsulate all IP traffic inside DNS requests, allowing access to the internet behind captive portals( cafes, airports and such ). Captive portals usually block all traffic but they allow DNS requests to flow through as long as you can lookup host names, you can create your self a channel.

For this to work you need a couple of things,

• A registered domain name ( suc as example.com )
• DNS server (or a registerer that provides DNS service)
• A machine on the outside that can run a fake DNS server.

Registerer Setup

Choose a subdomain for you domain, you need to create two DNS records. One NS and one A.

NS (Name Servers)

tunnel <---> ns-dtun.example.com

A (Host)

ns-dtun.example.com  <--->  67.222.1.241

The idea here is that all requests to a certain subdomain will be delegated to another nameserver which is running our fake DNS server. For this you need to be able to become root the server in order to run a fake DNS service.

Perl Setup

You need Perl in order to use ozymandns and a couple of extra modules.

Enter the CPAN shell:

perl -MCPAN -e shell

To re-configure the environment:

conf init

Upgrade CPAN:

perl -MCPAN -e 'install Bundle::CPAN'

Install modules:

perl -MCPAN -e 'install MIME::Base32'
perl -MCPAN -e 'install Net::DNS'
perl -MCPAN -e 'install Digest::CRC'

Server Setup

• Download ozymandnssrc0.1.tgz

• Start the server:

  sudo ./nomde.pl -i 0.0.0.0 tunnel.example.com

Make sure your firewall allows port 53 in bound for TCP and UDP. Perl script crashes frequently so wrap it in a script that will re-run it in case of a crash.

Loop on Crash

#!/bin/sh

while [ 1 ]; do
 ps -ef | grep -v grep | grep nomde
 if [ \$? -eq 1 ]
  then
   ./nomde.pl -i 0.0.0.0 dtun.example.org
 else
  echo .eq 0 - daemon found - do nothing.
fi 
done

Save this file as start.sh and run it inside gnu screen so that the script will keep running after you log out from your machine.

Client Setup

On the client side, install same Perl modules as the server in addition to Perl you also need SSH. Using SSH's ProxyCommand, all comunication will be sent using droute.pl through our DNS channel to our server.

ssh -o ProxyCommand="./droute.pl sshdns.tunnel.example.com" -N -D 9999 -C user@localhost -v

This command will create a SOCKS proxy between our client and the server in order to use it you need software that is capable of comunicating through SOCKS.(such as Firefox) You can use a plugin such as FoxyProxy to switch proxy on the fly.

The connection is slow, but good enough for checking your email or surfing.

Legal Notice

Circumventing AP's access control's is probably considered to a crime depending on where you live. So behave don't be a jerk.

Further Reading

• Dan Kaminsky - Black Ops of DNS
• http://dnstunnel.de/