sudo vim /etc/pam.d/gdmpassword
19 @include common-password
20 auth required pam_google_authenticator.so nullok
—
Source: google-authenticator-libpam
nullok
Allow users to log in without OTP, if they haven’t set up OTP yet.
—
Ein Blog aus der Unix-Welt
sudo vim /etc/pam.d/gdmpassword
19 @include common-password
20 auth required pam_google_authenticator.so nullok
—
Source: google-authenticator-libpam
nullok
Allow users to log in without OTP, if they haven’t set up OTP yet.
—
1/3 2FA with Google Authenticator
sudo vim /etc/pam.d/sshd
2 auth required pam_google_authenticator.so
...
5 # @include common-auth
sudo vim /etc/ssh/sshd_config
37 PubkeyAuthentication yes
...
56 PasswordAuthentication no
...
61 ChallengeResponseAuthentication yes
...
84 UsePAM yes
...
123 Match User USERNAME
124 AuthenticationMethods publickey,keyboard-interactive
sudo systemctl restart sshd.service
$ ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/USERNAME/.ssh/id_ed25519):
enter a passphrase
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/USERNAME/.ssh/id_ed25519_test.
Your public key has been saved in /home/USERNAME/.ssh/id_ed25519_test.pub.
The key fingerprint is:
SHA256:SHA256-HASH USERNAME@HOSTNAME
The key's randomart image is:
+--[ED25519 256]--+
|.................|
|.................|
|.................|
|.................|
|.................|
|.................|
|.................|
|.................|
|.................|
+----[SHA256]-----+
ssh-copy-id username@remotehost
or manually copy .ssh/id.ed25519.pub into .ssh/authorized_key on your remotehost
sudo apt-get install libpam-google-authenticator
USERNAME@HOSTNAME:~$ google-authenticator
Do you want authentication tokens to be time-based (y/n) y
Warning: pasting the following URL into your browser exposes the OTP secret to Google:
https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/USERNAME@HOSTNAME%3Fsecret%GENERATED-SECRET%26issuer%3HOSTNAME
Your new secret key is: YOUR-SECRET-KEY
Your verification code is VERIFICATION-CODE
Your emergency scratch codes are:
EMERGENCY-SCRATCH-CODE-1
EMERGENCY-SCRATCH-CODE-2
EMERGENCY-SCRATCH-CODE-3
EMERGENCY-SCRATCH-CODE-4
EMERGENCY-SCRATCH-CODE-5
Do you want me to update your "/home/USERNAME/.google_authenticator" file? (y/n) y
Do you want to disallow multiple uses of the same authentication
token? This restricts you to one login about every 30s, but it increases
your chances to notice or even prevent man-in-the-middle attacks (y/n) y
By default, a new token is generated every 30 seconds by the mobile app.
In order to compensate for possible time-skew between the client and the server,
we allow an extra token before and after the current time. This allows for a
time skew of up to 30 seconds between authentication server and client. If you
experience problems with poor time synchronization, you can increase the window
from its default size of 3 permitted codes (one previous code, the current
code, the next code) to 17 permitted codes (the 8 previous codes, the current
code, and the 8 next codes). This will permit for a time skew of up to 4 minutes
between client and server.
Do you want to do so? (y/n) y
If the computer that you are logging into isn't hardened against brute-force
login attempts, you can enable rate-limiting for the authentication module.
By default, this limits attackers to no more than 3 login attempts every 30s.
Do you want to enable rate-limiting? (y/n) y
# fdisk /dev/sda
Welcome to fdisk (util-linux 2.27.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Command (m for help): p
Disk /dev/sda: 40 GiB, 42949672960 bytes, 83886080 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xa8cb592
Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 999423 997376 487M 83 Linux
/dev/sda2 999424 41940991 40941568 19.5G 8e Linux LVM
Remember the partition start: 999424
Command (m for help): d
Partition number (1,2, default 2): 2
Partition 2 has been deleted.
The new partition must start at the same sector where the old started. In this case at 999424
Command (m for help): n
Partition type
p primary (1 primary, 0 extended, 3 free)
e extended (container for logical partitions)
Select (default p): p
Partition number (2-4, default 2): 2
First sector (999424-83886079, default 999424):
Last sector, +sectors or +size{K,M,G,T,P} (999424-83886079, default 83886079):
Created a new partition 2 of type 'Linux' and of size 39.5 GiB.
Command (m for help): t
Partition number (1,2, default 2):
Partition type (type L to list all types): 8e
Changed type of partition 'Linux' to 'Linux LVM'.
Command (m for help): p
Disk /dev/sda: 40 GiB, 42949672960 bytes, 83886080 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xa8cb592e
Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 999423 997376 487M 83 Linux
/dev/sda2 999424 83886079 82886656 39.5G 8e Linux LVM
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Re-reading the partition table failed.: Device or resource busy
The kernel still uses the old table. The new table will be used at the next reboot or after you run partprobe(8) or kpartx(8).
# partprobe
# pvresize /dev/sda2
Physical volume "/dev/sda2" changed
1 physical volume(s) resized / 0 physical volume(s) not resized
# vgdisplay
--- Volume group ---
VG Name sysvg
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 10
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 5
Open LV 5
Max PV 0
Cur PV 1
Act PV 1
VG Size 39.52 GiB
PE Size 4.00 MiB
Total PE 10117
Alloc PE / Size 4755 / 18.57 GiB
Free PE / Size 5362 / 20.95 GiB
VG UUID 6LlZ7P-M6by-7ISL-C9CP-iNFH-fo16-gBsclg
Project Home: https://github.com/sshuttle/sshuttle
Install sshuttle:
sudo apt-get install sshuttle
Send all traffic through the ssh connection:
sudo sshuttle ‐r User@Server:Port 0/0
Send all traffic through the ssh connection including DNS and a reachable local network:
sudo sshuttle ‐r ‐‐dns User@Server 0/0 ‐x 192.168.1.0/24
Für den Factory Reset gibt es grundsätzlich zwei unterschiedliche Methoden. Die erste ist den Reset über das Serielle-Kabel auszuführen und die zweite direkt am Switch.
Methode 1:
1. Einloggen auf der Console über das Serielle-Kabel
2. erase startup-config
Methode 2:
1. Gleichzeitig den “Reset” und den “Clear” Button gedrückt halten.
2. “Clear” Button gedrückt halten und “Reset” loslassen.
3. Wenn die Test-LED zu blinken anfängt “Clear” loslassen.
Nun startet der Switch nach einem Selbsttest mit den Werkseinstellungen.
Wenn eine Datei in umgekehrter Reihenfolge dargestellt werden soll, kann dies mit tac angezeigt werden.
Alternativ können diese auch in Vim umgedreht werden. Dies erfolgt mit dem Befehl:
:g/^/m0
@echo off
start /w regedit /e %TEMP%.\Tmp HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
find "DisplayName" %TEMP%.\Tmp | sort > software.txt
del inst.reg
exit