about summary refs log tree commit diff stats
path: root/js/magic-bird/imgs/extracted-1688-map/MapParts/mountains/25.png
blob: 00d31eb4d8c260c3a73321c7fd207974f81b4ec7 (plain)
ofshex dumpascii
0000 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 62 00 00 00 19 08 06 00 00 00 ca 40 fb .PNG........IHDR...b..........@.
0020 0c 00 00 04 c3 49 44 41 54 78 da ed 98 61 68 53 67 14 86 63 ad 98 34 32 6b 49 14 1b b4 d4 62 a5 .....IDATx...ahSg..c..42kI....b.
0040 15 87 1b 11 83 16 4b a5 25 a5 45 69 68 08 06 4b 8b c5 52 2a 19 8a 74 44 4a 45 70 94 96 8a 08 8a ......K.%.Eih..K..R*..tDJEp.....
0060 28 15 65 6c 38 14 45 14 45 b1 50 14 c4 31 d1 3f 6e 6c 08 6e 3f 04 d9 8f fd 11 d4 6d 38 ad ec fd (.el8.E.E.P..1.?nl.n?......m8...
0080 b6 27 f0 b1 a5 36 49 63 d7 e9 3d f0 d0 7b 93 9b db dc 73 be f3 9e f7 8b cb 35 33 a3 00 9c f8 0f .'...6Ic..=..{....s......53.....
00a0 a3 4a f4 88 04 c7 4e 4c 63 7c 22 4e 89 21 d1 28 96 8b 52 b1 52 9c 10 17 c4 6e 27 4d 6f 27 16 91 .J....NLc|"N.!.(..R.R....n'Mo'..
00c0 f4 7a 91 14 bd 9c 7b ad 6b 66 8b 43 e2 a1 f8 49 f4 89 79 4e ea f2 a7 ff 2b c4 b0 b8 26 fa 85 ef .z....{.kf.C...I..yN....+...&...
00e0 0d d7 9b e2 5c 16 4f 60 8f 08 38 69 cc 3c 66 89 72 b1 4e 6c 44 7e 2e 89 a7 e2 37 b1 5f 14 4f 72 ....\.O`..8i.<f.r.NlD~....7._.Or
0100 8f 42 31 26 be 17 e7 c4 31 f1 40 3c 13 df 39 03 fd cd 51 cc 90 2d 13 15 ac fe 32 74 3f 24 36 23 .B1&....1.@<..9...Q..-....2t?$6#
0120 47 9e 0c ee 55 29 3e 13 67 c4 59 71 52 9c 17 5f 23 57 5f 52 e0 26 27 ed 2e 57 89 a8 15 41 51 47 G...U)>.g.YqR.._#W_R.&'..W...AQG
0140 92 83 bc 5e 30 c5 fb 0e 50 88 11 92 be 97 d7 cc 00 bf 2e ee 8a 8b e2 00 c3 dc 14 79 e1 fb 58 84 ...^0...P..................y..X.
0160 55 e2 73 f1 2d 49 e8 41 d3 f3 11 a6 b8 e3 c8 d2 35 86 f6 6a 06 f6 17 e2 b0 d8 2a b6 89 e3 e2 57 U.s.-I.A........5..j......*....W
0180 f1 07 85 a9 fa 3f af ea 6c a2 5a dc 20 09 95 cc 03 13 7e d1 20 62 c8 d2 ec 1c bf 8f 0f 27 35 46 .....?..l.Z.......~..b.......'5F
01a0 17 1c c1 c2 26 91 a1 26 86 f6 a8 18 e4 7f ae 67 16 99 8e f9 51 7c 23 6e 21 69 db b1 c2 33 41 b6 ....&..&.......g....Q|#n!i...3A.
01c0 17 08 77 ba 37 cd 40 5d 9c c5 cd 3e 16 5b 44 7b 9a 61 6b 0a d2 29 6e 8a 38 45 f2 e4 f0 85 e7 a0 ..w.7.@]...>.[D{.ak..)n.8E......
01e0 fd 26 a1 a7 d9 5f f4 61 71 4d 91 5b 79 df 48 d6 3e be 8b 61 93 e8 16 47 29 da 5e 0a 35 4c 17 99 .&..._.aqM.[y.H.>..a...G).^.5L..
0200 e3 0e ae 69 11 11 b1 93 42 4d d4 45 6e 9e 39 94 e6 bd b9 e4 ce e4 70 d9 24 cf ba c1 ea e0 7d dc ...i....BM.En.9.......p.$.....}.
0220 f3 5f ce 24 1b b9 48 e0 84 26 0a f3 a0 b7 45 94 2f e8 ce 71 f5 98 15 7e 4f dc 41 96 a2 24 3b 01 ._.$..H..&....E./..q...~O.A..$;.
0240 e6 b8 0d fb 3b 42 a2 07 ac 6e f4 92 98 32 ae 1d 45 e6 ee 22 75 a9 39 33 0e 63 2c a2 06 92 1a 20 ....;B...n...2..E.."u.93.c,.....
0260 59 66 46 fd 20 1e 89 2e d4 a0 14 99 1c 60 a1 5c c0 50 0c 5a f7 08 f1 f9 d5 b0 93 2e ee c7 70 98 YfF..........`.\.P.Z..........p.
0280 85 5a 94 6d 52 1a 59 5d e5 d3 64 7b ed 95 d5 c9 a0 3e cd 0c 8a f2 a0 35 9c 1b 5b 7b 95 d7 a2 10 .Z.mR.Y]..d{.....>.....5..[{....
02a0 e1 81 a3 24 ce 8f 24 14 d1 6d 6e 9e c5 14 f4 67 f1 4a bc a6 20 af 98 35 2f f8 fb dc 7a ff 77 f1 ...$..$..mn....g.J.....5/...z.w.
02c0 92 f3 54 01 5f 5b 8c 5b f7 78 89 cd 7e 84 cb 8b 53 98 0a 4c 4c 80 2e 9c 54 8d fc 7c 68 11 17 67 ..T._[.[.x..~...S..LL...T..|h..g
02e0 3a 47 f2 e1 ed e3 0c e3 7e 8e 9b 31 03 66 45 ee 40 96 12 74 5f 2b 0b a5 86 6b e3 9c 6f 46 82 7a :G......~..1.fE.@..t_+...k..oF.z
0300 f9 9b da c5 6f a0 d0 1e 92 b1 8e 2e ea 65 9f 62 e6 ca 57 74 cc 59 ba fb 0a 86 60 00 99 4b 22 cf ....o........e.b..Wt.Y....`..K".
0320 11 68 41 16 9b 99 5f 61 cb 3d 56 b0 08 32 0e 0f 1f 32 55 5b 2b 3e e2 3c 1b 5d 2f c9 d3 4f 10 c6 .hA..._a.=V..2...2U[+>.<.]/..O..
0340 8e 3e 46 4e 12 3c 58 03 c7 5d 24 a1 89 07 af e7 fd 4e 0a 13 e1 b5 66 f4 78 17 b2 10 e7 9a 2e 16 .>FN.<X..]$......N....f.x.......
0360 57 00 bc 7c 67 3f 33 2d 4c 17 95 23 29 71 64 d2 4f 47 f9 a6 20 b7 19 e9 f1 30 2d 64 76 ac 9f 8a W..|g?3-L..#)qd.OG.......0-dv...
0380 0f b2 f8 fc 3c 12 10 ca 45 f7 d2 c4 30 1b b6 41 3a e3 20 3b f1 24 2b 2f f5 13 47 90 44 1f c3 59 ....<...E...0..A:..;.$+/..G.D..Y
03a0 b5 51 84 26 9e 21 c2 82 32 36 7b 0d c5 89 31 03 ea 91 2e d3 49 4b 59 48 33 ea 77 a0 5c a2 30 cf .Q.&.!..26{...1.....IKYH3.w.\.0.
03c0 df a3 96 fd c0 7d 7e 16 19 62 1e 74 53 8c 76 ec 68 88 bf 01 da ff 43 2c 6c 2b 45 dc c5 71 98 bf .....}~..b.tS.v.h.....C,l+E..q..
03e0 b5 0c da 94 1b 0a b0 e3 37 9b c0 f9 d6 0c 29 74 39 f1 57 74 33 80 fb d0 df 24 ae 68 37 83 fb 1c ........7.....)t9.Wt3....$.h7...
0400 c5 d9 83 4c 05 b1 d2 c5 24 b5 8c 55 5f 09 cb 99 05 d5 24 7c 2e 78 39 77 62 82 18 c2 e2 ad 45 93 ...L....$..U_.....$|.x9wb.....E.
0420 db 39 ef c1 aa 5e a2 18 67 b8 76 3b 72 b4 92 15 5f 6c 75 b8 c7 d2 f6 54 11 7c 48 af b3 f2 27 88 .9...^..g.v;r..._lu....T.|H...'.
0440 22 34 7b 0b ee 28 35 13 6a 28 ca 2a e4 67 0d 2e e8 30 5d b2 0d 67 33 ca ac 68 47 96 1a 31 1c be "4{..(5.j(.*.g...0]..g3..hG..1..
0460 b7 e4 ee de d9 08 23 41 23 ec 5b 3a d0 f5 18 89 6d c1 bd d8 bb d5 6a b4 3e 46 f1 3a b8 4f 14 d7 ......#A#.[:....m.....j.>F.:.O..
0480 e3 76 d2 fa b7 36 db bf f1 cc 27 41 9b 70 33 41 e4 66 2b 3e fe 04 85 18 c2 66 d6 d1 09 31 e4 a7 .v...6....'A.p3A.f+>.....f...1..
04a0 34 cd 5e 67 ce 3f 2c b8 d7 92 a3 f7 3a 42 96 b5 34 9b a0 cb d6 0e b2 0d 27 f4 18 ab 3c c6 ce f6 4.^g.?,.....:B..4.......'...<...
04c0 17 5e bb 8d 6f 0f 53 80 80 b5 b7 a9 70 e4 65 6a b1 22 cd 50 2c c0 6e a6 92 bc 84 d5 bd 90 2e aa .^..o.S.....p.ej.".P,.n.........
04e0 c3 ed 38 e1 c4 f4 c6 9f f5 c5 fb e1 7b 6f 73 33 00 00 00 00 49 45 4e 44 ae 42 60 82 ..8.........{os3....IEND.B`.
1'>301 302 303 304 305 306 307 308 309 310 311 312
<!DOCTYPE html>
<html dir="ltr" lang="en">
    <head>
        <meta charset='utf-8'>
        <title>OpenSSH</title>
    </head>
    <body>
        <a href="index.html">Tools Index</a>
        <h1>OpenSSH</h1>

        <p>OpenBSD Secure Shell, is a suite of security-related
        network-level utilities based on the SSH protocol,
        which help to secure network communications via the
        encryption of network traffic over multiple authentication
        methods and by providing secure tunneling capabilities.</p>

        <h2 id="sshd">1. Server</h2>

        <p>Crux openssh port install this files to etc;</p>

        <pre>
        $ pkginfo -l openssh
        etc/rc.d/sshd
        etc/ssh/moduli
        etc/ssh/ssh_config
        etc/ssh/sshd_config
        </pre>

        <p>User commands;</p>

        <pre>
        usr/bin/scp
        usr/bin/sftp
        usr/bin/slogin
        usr/bin/ssh
        usr/bin/ssh-add
        usr/bin/ssh-agent
        usr/bin/ssh-keygen
        usr/bin/ssh-keyscan
        </pre>

        <p>More information about sshd in man;</p>

        <pre>
        $ man sshd
        </pre>

        <h3 id="sshdconf">1.1. Configure Server</h3>

        <p>Read OpenSSH server
        <a href="http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html">Best Security Practices</a>,
        This example uses 2222 port to avoid
        "default" port,  edit /etc/ssh/sshd_config;</p>

        <pre>
        #Port 22
        Port 2222
        </pre>

        <p>By default ssh will listen on all local addresses, to restrict
        to a specific ip edit;</p>

        <pre>
        #AddressFamily any
        AddressFamily inet
        #ListenAddress 0.0.0.0
        #ListenAddress 192.168.1.254
        #ListenAddress ::
        </pre>

        <pre>
        # The default requires explicit activation of protocol 1
        Protocol 2
        </pre>

        <pre>
        # Ciphers and keying
        #RekeyLimit default none
        Ciphers aes256-ctr,aes192-ctr,aes128-ctr
        </pre>

        <p>Authentication settings;</p>

        <pre>
        # Authentication:

        #LoginGraceTime 2m
        LoginGraceTime 1m
        #PermitRootLogin prohibit-password
        PermitRootLogin no
        #StrictModes yes
        #MaxAuthTries 6
        MaxAuthTries 3
        #MaxSessions 10
        </pre>

        <p>Restrict AllowUsers, AllowGroups that can login;</p>

        <pre>
        #RSAAuthentication yes
        #PubkeyAuthentication yes

        AllowGroups admin users gitolite
        </pre>

        <p>Disable interactive-keyboard and password login;</p>

        <pre>
        # To disable tunneled clear text passwords, change to no here!
        #PasswordAuthentication yes
        PasswordAuthentication no
        #PermitEmptyPasswords no

        # Change to no to disable s/key passwords
        #ChallengeResponseAuthentication yes
        ChallengeResponseAuthentication no
        </pre>

        <p>Make sure PAM is disable or above settings can be
        overridden. Set banner;</p>

        <pre>
        # no default banner path
        #Banner none
        Banner /etc/issue
        </pre>

        <h3 id="iptables">1.2. Configure iptables</h3>
        <p>Iptables;</p>

        <p>Example of <a href="../core/scripts/iptables.sh">iptables.sh</a></p>

        <pre>
        $IPT -A INPUT  -i ${PUB_IF} -p tcp --dport 2222 --sport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
        $IPT -A INPUT  -i ${PUB_IF} -p tcp --dport 2222 --sport 1024:65535 -m state --state NEW -m limit --limit 3/min --limit-burst 3 -j ACCEPT
        $IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
        </pre>

        <h3 id="syslogng">1.3. Configure Syslog-ng</h3>

        <p>Change SyslogFacility in accordance with <a href="syslog-ng.html#syslog-conf">syslog-ng configuration;</a></p>

        <pre>
        # Logging
        # obsoletes QuietMode and FascistLogging
        #SyslogFacility AUTH
        SyslogFacility LOCAL1
        #LogLevel INFO
        LogLevel VERBOSE
        </pre>

        <p>Example rule for syslog-ng;</p>

        <pre>
        destination d_sshd { file("/var/log/sshd"); };
        filter f_sshd { facility(local1); };
        log { source(s_log); filter(f_sshd); destination(d_sshd); };
        </pre>

        <p>Deny login for root, limit max sessions to 3 if you have limited
        resources and only allow 3 failed logins;</p>


        <p>Start sshd server;</p>

        <pre>
        # sh /etc/rc.d/sshd start
        # ss -f inet -l -p | grep ssh
        </pre>

        <h2 id="ssh">2. Client</h2>

        <p>To create new key;</p>

        <pre>
        $ ssh-keygen -t rsa
        </pre>

        <p>By default this creates two files;</p>

        <pre>
        ~/.ssh/id_rsa       : identification (private) key
        ~/.ssh/id_rsa.pub   : public key
        </pre>

        <p>Default uses id_rsa and id_rsa.pub as output files in
        this example we will create keys for gitolite admin so we
        name output as  gitolte;</p>

        <pre>
        $ ssh-keygen -t rsa -f ~/.ssh/gitolite
        </pre>

        <p>Set correct permissions;</p>

        <pre>
        $ chmod 700  ~/.ssh
        $ touch ~/.ssh/authorized_keys
        $ chmod 600 ~/.ssh/authorized_keys
        $ chmod 600 ~/.ssh/gitolite
        </pre>

        <h3 id="sshpubkey">2.1. Install Public Keys</h3>

        <p>Example how to give ssh access to bob user to admin account
        using public key authentication. Is necessary to make user public
        key available in the server, this can be done by several ways, in
        this example the public key will be copied using scp;</p>

        <pre>
        $ scp /home/bob/.ssh/id_rsa.pub admin@machine.example.org:/home/admin/.ssh/
        bob@machine.example.org's password:
        id_rsa.pub                              100%  390     0.4KB/s   00:00
        </pre>

        <p>Login on remote as admin and add bob public key to authorized keys;</p>

        <pre>
        $ cat ~/.ssh/bob_rsa.pub &gt;&gt; ~/.ssh/authorized_keys
        </pre>

        <p>Now bob can login as admin on remote server using publik key
        athentication;</p>

        <pre>
        $ ssh -P 2222 admin@remote.org
        </pre>

        <h3 id="sshid">2.2. Configure Identities</h3>

        <p>When you have multiple accounts/identities you
        can configure ssh client so you dont need to give
        -i flag. Create or edit ~/.ssh/config</p>

        <pre>
        Host core
            Hostname machine.example.org
            IdentityFile ~/.ssh/id_rsa
            Port 2222
            User admin

        Host git
            Hostname machine.example.org
            IdentityFile ~/.ssh/id_rsa
            Port 2222
            User gitolite

        Host git-admin
            Hostname machine.example.org
            IdentityFile ~/.ssh/gitolite
            Port 2222
            User gitolite
        </pre>

        <p>Now you can just type ssh core to connect machine.example.org on
        port 2222 with ~/.ssh/id_rsa as identity, or to connect to git server as
        gitolite admin;</p>

        <pre>
        $ ssh git-admin
        </pre>

        <p>To take advantage of tmux first login on remote and start
        <a href"../systools/tmux.html">tmux</a>, detach from the session
        with ctrl + b d. Change ~/.bashrc and add follow alias;</p>

        <pre>
        alias core-server="ssh core -t tmux a"
        </pre>

        <p>Source it and attach to remote;</p>

        <pre>
        $ source ~/.profile
        $ core-server
        </pre>

        <p>To logout just detach from tmux session with ctrl + b d </p>

        <h2 id="reverse">3. Reverse connection</h2>

        <p>This information is inspired by
        <a href="http://www.vdomck.org/2005/11/reversing-ssh-connection.html">Reverse SSH connections</a>
        and implement the update from <a href="http://www.vdomck.org/2009/11/ssh-all-time.html">SSH all the time</a>,

        <p>Simple way, run this command on the machine you want to
        access (server);</p>

        <pre>
        $ ssh -f -N -R 2222:localhost:22 user@laptop
        </pre>

        <p>This creates a connection from server to client, client will listen
        on 2222 port and forward requests to the server as they are on localhost
        on port 22.</p>

        <pre>
        wget http://github.com/mikeymckay/reverse_ssh_tunnel/raw/master/setup_reverse_tunnel.sh
        chmod +x ./setup_reverse_tunnel.sh
        sudo ./setup_reverse_tunnel.sh
        </pre>

        <a href="index.html">Tools Index</a>
        <p>This is part of the Hive System Documentation.
        Copyright (C) 2018
        Hive Team.
        See the file <a href="fdl-1.3-standalone.html">Gnu Free Documentation License</a>
        for copying conditions.</p>


    </body>
</html>