SAT - Compensation Exercise

###### tags: `fh` `SAT` # SAT - Compensation Exercise Doiber Sebastian ## Secure Backup All the tasks have to be performed while being logged in to its.fh-campuswien.ac.at using your SSH credentials from the Scapy or nmap lab-exercise, respectively. For all the assignments, give the necessary command-line, a short explanation of the command-line switches/parameters and the resulting output, as well as additional comments to this output, if applicable. Your task is to create a script that securely backups a directory (for which the user calling the script has access rights) from the its.fh-campuswien.ac.at server to 172.16.51.104. To do so, perform the following steps: 1. On which port is the SSH server on 172.16.51.104 running? How did you determine this? ( 1P) 2. Audit its SSH configuration and give recommendations, if applicable. (.5P) 3. Enable login to this server using public key (your credentials to this server are the same as for the its.fh-campuswien.ac.at one). (.5P) 4. Use rsync on its.fh-campuswien.ac.at to copy a directory to 172.51.16.104, using SSH. Configure it in a way that only the changes to the last backup are transferred. ( 2P) 5. Write a bash script that allows the user to provide a directory to backup and a remote backup target (./myscript.sh <my_directory> <my_server>). If the server allows for public key login, use this, else ask the user to input his/her password. Use rsync to perform the actual backup ( 3P) 6. Run this script every hour. ( 1P) ## #1 To find out which port is open on the specified client i used nmap. Since the default ports were all closed i had to look through all possible options. So i used the * -sV (scans for Version ) * -p- (specifies to scan from port 1 to 65535)modifiers. This prompted me with the solution: Port: 37485 was open with "ssh" as service and "OpenSSH 8.0p1 Ubuntu 6build1" as Version ``` nmap -sV -p- 172.16.51.104 ``` ![](https://i.imgur.com/lynaBr5.jpg) ## #2 As for auditing ssh i was not sure so i googled the version of OpenSSH for possible exploits and didnt find any and i also googled "auditing ssh" which gave me a few hits like [this one](https://linux-audit.com/audit-ssh-configurations-hashknownhosts-option/). So i could hash the localy stored hostname. But again i am uncertain if that is what this question/task was about. Turns out there is a program for it "ssh-audit" which i could not install on the its server since i dont have root permissions. Googling and reading some more about "ssh-audit" made me realize i can use it from my local machine to audit a remote host which i did: From my local machine to its.fh-campuswien.ac.at ``` ssh-audit its.fh-campuswien.ac.at ``` ![](https://i.imgur.com/3cRQ9Qu.jpg) ![](https://i.imgur.com/29AQr4w.jpg) ### actual solution After i finally wrote you an email, you informed me that ssh-audit is already installed on the server and i just had to execute it via phyton3: From its.fh-campuswien.ac.at to 172.16.51.104 with port 37485 ``` python3 /etc/ssh-audit.py -p 37485 172.16.51.104 ``` ![](https://i.imgur.com/Opd6mJy.jpg) ![](https://i.imgur.com/Be3sjsT.jpg) All available algorithms from the remote host for every process is listed. Every listed algorithm is color coded to easily see if they are safe to use or outdated. Many also have additional informations to them such as since which OpenSSH version they are available. ## #3 First to generate the keypair: ``` ssh-keygen ``` Then utilizing the "scp" command the public part of the key is to be copied to 172.16.51.104 After a bit of trail and error: ![](https://i.imgur.com/RAVXT2K.jpg) i figured out that i used a lower case p instad of the upper case P. Shortly after it worked and i could log into the client without any trouble. The final command that worked as the next screeshot shows was: ``` scp -P 37485 /home/1810475024/.ssh/id_rsa.pub 1810475024@172.16.51.104:/home/1810475024/.ssh/authorized_keys ``` ![](https://i.imgur.com/EKRrdGU.jpg) ![](https://i.imgur.com/oILnRKc.jpg) ## #4 i got a little confused by the wording of the second part of the exercise: "Configure it in a way that only the changes to the last backup are transferred." I hope i interpreted it correctly when thinking that this means that existing files should not be transfered (= --ignore-existing modifier) So what should work is: ``` rsync --ignore-existing --port=37485 -ra ./backup 1810475024@172.16.51.104:/home/ ``` but appearently this does not change the port even tho it should. The other method with specyfing the port after the ip also didnt work: ``` rsync --ignore-existing -ra ./backup 1810475024@172.16.51.104:37485:/home/ ``` also didnt work: ``` rsync --ignore-existing -e'ssh 37485' -ra ./backup 1810475024@172.16.51.104:/home/ ``` At last i managed to solve the probelm by adding a "-p" to the sepcified port that i wanted to explicitly state. I also learned that i didnt have the proper authorizations to create something in /home on the target client so i just put it where i could, as seen in the screenshot below ``` rsync --ignore-existing -e'ssh -p 37485' -ra ./backup 1810475024@172.16.51.104: ``` ![](https://i.imgur.com/syx1Z2R.jpg)