###### tags: `fh` # Secure Admin Tools LAB 3 [TOC] ## 0) Setup Ich setzte 2 Virtuelle Maschinen auf. Einen Client und einen Server. Beide Ubuntu. Auch wenns bad practice ich machte ich mich permanent zum sudo um nicht jedes mal -s dazuschreiben zu müssen ``` $sudo -s ``` Insgesamt gibt es nun 3 Ubuntu-Hosts: * 10.0.0.1 > Ubuntu-Server * 10.0.0.2 > Ubuntu-Client (stellt SSH verbindung zu 10.0.0.1 her) * 10.0.0.3 > Ubuntu-Client (soll dann später sniffen/Man in the Middel ausführen) ## 1) SSH Login ### a) Add at least one additional account on each of yours VMs (adduser) `$ sudo adduser ``` ### b) Install an OpenSSH server on at least one of your VMs Da bereits beim Setup die Option gegeben war OpenSSH zu installieren war das nicht mehr notwendig. Es würde aber mit folgendem Befehl funktionieren: ``` #apt install openssh-server ``` ### c) How can you get a shell on the server by using the client? I can use `$ ssh <ip> ` or `$ ssh <user>@<ip>`. ### d) How can the client execute a single command on the server without opening a shell first? `ssh <user>@<ip> <command>` For example `cat` or `date` ### e) Add a Man-in-the-Middle and determine what traffic he or she can still sniff.   Was man noch sehen kann sind: * Protokolle * OS-von Server & Client * IP-Adressen * MAX-Adressen * Algorithmen ## 2) SSH Keys Reference: > https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-ubuntu-1804 ### a) Create an SSH key on the client `ssh-keygen`  ### b) Manually install it on the server and verify that a password-less login is working `scp /home/joi/.ssh/id_rsa.pub joi@10.0.0.1:/home/joi/.ssh/authorized_keys` `scp /home/it-security/.ssh/id_rsa.pub it-security@10.0.0.1:/home/it-security/.ssh/authorized_keys`   ### c) Automatically (i.e. using appropriate client commands) install the client key on the server and again verify the configuration. Mit Hilfe vom folgenden Komando konnte man den zuvor erstellten Public-Key auf den Server spielen und den pfad extra anzugeben: `$ssh-copy-id <user>@<ip>`  Im Unteren Bild sieht man dass die ID auf dem Server und bei mir local die gleiche ist.  ## 3) Copy Files ### a) Use scp to copy a single file and an entire directory to the server from the client. Not knowing about scp we already used it in 2b). Here is the example: `scp /home/joi/.ssh/id_rsa.pub joi@10.0.0.1:/home/joi/.ssh/authorized_keys` `scp /home/it-security/.ssh/id_rsa.pub it-security@10.0.0.1:/home/it-security/.ssh/authorized_keys` `scp /home/it-security/Testfolder/testfile.txt it-security@10.0.0.1:/home/it-security/` `scp -r /home/it-security/Testfolder/ it-security@10.0.0.1:/home/it-security/` Transferring a folder requiers the use of the `-r` modifier in the `scp` command.   ### b) Perform the same task using rsync `scp /home/joi/.ssh/ 1810475041@its.fh-campuswien.ac.at:/var/tmp/` `rsync -r /home/it-security/Testfolder2 it-security@10.0.0.1:/home/it-security/` `rsync -a /home/it-security/Testfolder2/testfile2.txt it-security@10.0.0.1:/home/it-security/`   ### c) Use rsync to synchronize the client-directory /home/<username>/ to the server-directory /backup/client/, once every hour. Using the command: `$ crontab -e` allowes to schedule commands like this one: `03 * * * * rsync -a /home/joi/ 1810475041@its.fh-campuswien.ac.at:/home/1810475041/backup/client/` After the time i set the folders were synchronized.  ## 4) Configuration ### a) Audit your default SSH server configuration using ssh-audit Mit dem folgenden Komando wird der Audit durchgeführt: ` ssh-audit localhost > ssh-audit ` Before the fix it looked like this:  anschließend kann man das file "ssh-audit" einsehen um festzustelln was "falsch" ist. ### b) Try to fix all detected problems, or document why you haven’t fixed them. I fixed the problems by reducing the number of available algorithms. I just edited the ` /etc/ssh/sshd_config` file and added the allowed algorithms; ``` KexAlgorithms diffie-hellman-group18-sha512 #diffie-hellman-group18-sha256 HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-ed25519 ```  After the fix it looked like this  ### c) Audit the configuration of its.fh-campuswien.ac.at ` ssh-audit its.fh-campuswien.ac.at > fhcampus `