Track2Agenda: crypto-exercises.html

File crypto-exercises.html, 7.7 KB (added by trac, 6 years ago)
Line 
1<html><head>
2<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"><title>Cryptography
3 Exercises: Track 2 Workshop: PacNOG 7: American Samoa</title></head><body>
4<a name="top"></a>
5<div align="center">
6<h2>Cryptography Exercises: Track 2 Workshop</h2>
7<h3>PacNOG 7: American Samoa</h3>
8June 30, 2010
9</div>
10<h2>Exercises</h2>
11<ol>
12<b>Using SSH public/private Keys for Authentication</b>
13<p>
14</p><li><a href="#hash">Munging a Document and Comparing Message Digests</a></li>
15<li><a href="#gen">Generate a public/private Key Pair for SSH</a></li>
16<li><a href="#copy">Copy Your Public Key to Your Neighbor's admin
17Account</a></li>
18</ol>
19
20
21<h3>Notes</h3>
22<ol>
23<li>The "#" and "$" characters before commands represents your system
24prompt and is not part of the command itself. "#" indicates a command
25issued as root while "$" indicates a command issued as a normal user.</li>
26</ol>
27
28
29<!------- *********************** ------>
30
31<p>
32
33<a name="hash"></a>
34<b><font size="+1">1.) Munging a Document and Comparing Message Digests</font></b>
35 [<a href="#top">Top</a>]
36</p><p>
37To do this exercise you will need to be root.
38</p><p>
39On your machine type:
40</p><blockquote>
41<code>
42# cat /etc/motd
43</code>
44</blockquote>
45Look at your neighbour's machine. Is their file exactly the same as
46yours? Can you be sure?
47<p>
48Now run the file through the sha1 one-way hashing function:
49</p><blockquote>
50<code>
51# sha1sum /etc/motd
52</code>
53</blockquote>
54Let's do this again and save the results to a file:
55<blockquote>
56<code>
57# sha1sum /etc/motd &gt; /tmp/motd-hash
58</code>
59</blockquote>
60Now change ONE (1) character in your /etc/motd file and repeat the sha1
61test. You may want to do this using two terminals. One to have your sha1
62 output displayed and the other for editing the /etc/motd file.
63<p>
64Example:
65</p><blockquote>
66<code>
67# vi /etc/motd
68</code>
69</blockquote>
70One character change. Save the file and exit. Now we'll run sha1
71again, save the results to the same <code>motd-hash</code> file and
72compare the hashes.
73<blockquote>
74<code>
75# sha1sum /etc/motd &gt;&gt; /tmp/motd-hash
76</code>
77</blockquote>
78<p>
79Compare the results with your neighbor, or with your previous sha1
80message digest. They should be very different.
81</p><p>
82As discused the sha1 hashing algorithm is no longer considered
83reliable. You can do this same exercises using <code>sha256sum</code> 
84or even <code>sha512sum</code> instead.
85</p><p>
86<b>Note:</b> In UNIX the equivalent hashing functions are named
87<code>sha1</code> and <code>sha256</code>, etc.
88
89
90
91<!------- *********************** ------>
92
93</p><p><br>
94
95<a name="gen"></a>
96<font size="+1"><b>2.) Generate Public/Private Key Pair for SSH</b></font>
97 [<a href="#top">Top</a>]
98</p>
99<p>
100<b>Note:</b> <i>Please</i> be sure that you are logged in and using your
101 <i>pacnog</i> account for this exercise - not root.
102</p><p>
103<b>NOTE:</b> If you are using a laptop and you are not running Linux on your
104laptop, then you should do this exercise with someone who is sitting at a
105desktop machine.
106</p><p>
107We will now generate a single RSA SSH protocol 2 key of 2048 bits. To do
108 this, issue the following commands:
109</p><blockquote>
110<code>
111$ cd
112</code>
113<br>
114<code>
115$ ssh-keygen -t rsa -b 2048
116</code>
117</blockquote>
118You will be prompted for a file location for the key as well as for a
119passphrase to encrypt the key file. <b>Do not change the default
120filename or location for the key</b>.
121<p>
122This command output should look like:
123</p><blockquote>
124<pre>Generating public/private rsa key pair.
125Enter file in which to save the key (/home/pacnog/.ssh/id_rsa):   [PRESS ENTER]
126Created directory '/home/pacnog/.ssh'.
127Enter passphrase (empty for no passphrase):     [TYPE IN PASSPHRASE]
128Enter the same passphrase again:                [TYPE IN SAME PASSPHRASE]
129...
130</pre>
131</blockquote>
132Be sure to enter a passphrase. Private key files without passphrases are
133 a security hole. Your passphrase can be pretty much anything you want
134and as long as you want - including spaces.
135<p>
136You will see something like this:
137</p>
138<blockquote>
139<pre>Your identification has been saved in /home/pacnog/.ssh/id_rsa.
140Your public key has been saved in /home/pacnog/.ssh/id_rsa.pub.
141The key fingerprint is:
142d9:99:7c:ad:80:90:df:8c:1b:7e:79:a4:bb:c3:89:a1 pacnog@pc10.pacnog.bluesky.as
143The key's randomart image is:
144+--[ RSA 2048]----+
145|      E.         |
146|       ..        |
147|         .       |
148|        +        |
149|     o oSo .     |
150|      = o.o .    |
151|     . o *.o.    |
152|        = *o.    |
153|         =**     |
154+-----------------+
155</pre>
156</blockquote>
157Your private key should now be protected by a passphrase. This means to
158use your public/private key combination you will need to type in your
159passphrase (not your afnog account's password) when prompted.
160
161
162
163<!------- *********************** ------>
164
165<p><br>
166
167<a name="copy"></a>
168<font size="+1"><b>3.) Copy Your Public Key to an account we have created for
169on the NOC box</b></font> [<a href="#top">Top</a>]
170</p><p>
171We have created the accounts pc1, pc2, pc3, pc4 through pc15 on the classroom
172noc server. For users on the desktop machines you should do this exercise using
173the corresponding account on the noc box. For users on laptops please ask the
174instructor to determine which account you should use. The password for these accounts
175is the same as the password for the <i>pacnog</i> user on your desktop machines
176</p><p>
177The first thing you will do is to copy your public key file over to the home directory
178of your account on the noc box.
179</p><p>
180Please remember - you must do this exercise as the <i>pacnog</i> user on your local
181machine.
182<blockquote>
183<code>
184$ cd
185<br />
186$ cd .ssh
187<br />
188$ scp id_rsa.pub pcX@noc:.
189</code>
190</blockquote>
191It is critical that you pay close attention to the command above. Be sure you include
192the ":" and the "." at the end of the command.
193<p>
194You should see something like this on your screen:
195<blockquote>
196<pre>
197The authenticity of host 'noc (67.218.55.67)' can't be established.
198RSA key fingerprint is ca:0b:74:d5:65:9a:bc:cf:1d:e3:c2:39:5f:7d:f9:07.
199Are you sure you want to continue connecting (yes/no)?
200</pre>
201</blockquote>
202Response with "yes" to accept this public key from noc.
203<p>
204This is the initial exchange of the noc's ssh public key's fingerprint to your machine so
205that the next time you log in ssh on your machine can compare this information to what
206it has seen before.
207</p><p>
208Afer you say yes, type in the password for the pcX account on the noc box, then you will have copied your public ssh key to your corresponding pcX account on our classroom
209noc machine. Now log in to your account on the noc box to execute a few more commands:
210</p>
211<blockquote>
212<code>
213$ ssh pcX@noc
214</code>
215</blockquote>
216You will no be logged in to the noc machine as the user pcX.
217</p><p>
218Now do the following:
219<blockquote>
220<code>
221$ cd
222<br />
223$ mkdir .ssh
224<br />
225$ cat id_rsa.pub &gt;&gt; .ssh/authorized_keys
226<br />
227$ rm id_rsa.pub
228</code>
229</blockquote>
230Note: You could have done this all remotely, but I wanted you to see what logging in to the
231noc box looks like using a password.
232<p>
233Now log off from the noc box:
234<blockquote>
235<code>
236$ exit
237</code>
238</blockquote>
239Now try logging back in to the noc box:
240<blockquote>
241<code>
242$ ssh pcX@noc
243</code>
244</blockquote>
245What just happened? If everything worked you should have been asked for the passphrase of the
246private key of your ssh key on your local machine. This is pretty cool!
247<p>
248You can exit from the noc machine by type:
249<blockquote>
250<code>
251$ exit
252</code>
253</blockquote>
254
255<p>
256</p><div align="center">
257[<a href="#top">Return to Top</a>]
258</div>
259<p>
260<font size="1">
261Hervey Allen
262</font>
263</p><p>
264</p><hr align="left" width="224" size="3">
265<font size="1">
266<!-- Created: Sun Jun 12 00:54:08 CLT 2005 -->
267<!-- hhmts start -->Last modified: Wed Jun 30 12:29:45 SST 2010 <!-- hhmts end -->
268</font>
269</body></html>