Convert OpenSSH RSA or DSA key to PEM format

RSA to PEM

First create an RSA key using OpenSSH tools:

$ ssh-keygen -t rsa

Then converted it to PEM format:

$ openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem

DSA to PEM

First create an DSA key using OpenSSH tools:

$ ssh-keygen -t dsa

Then converted it to PEM format:

$ openssl dsa -in ~/.ssh/id_dsa -outform pem > id_dsa.pem

Update Gentoo Profile

There are 2 ways to upgrading Gentoo’s profile, which is whether by using the program eselect, or by manual linking.

Firstly the portage tree need to be updated to get the latest profile list by running he following command;

# emerge --sync
The following example is to update using eselect;

# eselect profile list
# eselect profile set <number>
where number is the number of favored profile from the list.

To manually update the profile, simply delete the softlink and create a new link to the intended profile as the following (be sure not to add / at the end of /etc/make.profile)

# rm /etc/make.profile
# ln -s /usr/portage/profiles/<profile of choice> /etc/make.profile
Optionally, in the end you might want to upgrade the system using the new profile;

# emerge --sync
# emerge --update --newuse --deep world

Jabber - an open source instant messaging

Jabber is an open instant messaging technology that anyone can use.

Jabber Server Setup on CentOS 5

Configuring and Installing jabber server

Install rpmforge repo

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

Install necessary packages

yum -y install gcc-c++ vim-enhanced mysql-server mysql gcc mysql-devel libidn-devel make automake libtool tcpdump rsync crontabs vixie-cron php-mysql cyrus-sasl-devel expat-devel udns-devel

Install gsasl

cd /usr/src/
wget ftp://alpha.gnu.org/pub/gnu/gsasl/libgsasl-0.2.29.tar.gz
tar xvfz libgsasl-0.2.26.tar.gz
./configure
make
sudo make install

Add gsasl library ‘/usr/local/lib’ to ld.so.conf

echo "/usr/local/lib" >> /etc/ld.so.conf.d/usr-local-lib.conf
ldconfig

Create Jabber User and Group

su
useradd jabber
passwd jabber

Getting Jabber Server

wget http://ftp.xiaoka.com/jabberd2/releases/jabberd-2.2.0.tar.bz2

Uncompress sources

tar xvfj jabberd-2.2.0.tar.bz2

Configure

cd jabberd-2.2.0
./configure --prefix=/opt/jabber --enable-mysql --enable-ssl --enable-ldap --with-sasl=gsasl --enable-debug
make
sudo make install

mysql -u root -p < tools/db-setup.mysql
mysql -u root -p
GRANT select,insert,delete,update ON jabberd2.* to jabberd2 at localhost IDENTIFIED by 'jtest';

Add Jabberd2 library to ld.so.conf

echo "/opt/jabber/lib/jabberd" >> /etc/ld.so.conf.d/jabberd2.conf
ldconfig


Customizing the jabberd server install

To customize the server, we first need to change to the jabberd directory by running the following command: cd /opt/jabber/etc/. Then we want to edit the sm.xml file so we follow the following steps as root:

• Open sm.xml in your favorite text editor
• Change the ID on the network from localhost to jabber.chatur.test (Make sure that jabber.chatur.test resolves)
• Change the MYSQL database passwaed from<pass>secret</pass> to <pass>jtest</pass>
• Scroll down to the User Options and uncomment the <auto-create/> tag. This allows users that are not registered on the server to register themselves.
• If you want to have a predefined userlist to populate all new users, scroll to the the end of the file and uncomment <roster>/opt/jabber/etc/templates/roster.xml</roster>. We will cover the contents of the roster.xml in a few minutes.

Once we are done editing, save sm.xml and exit the editor. Now we need to customize c2s.xml, so follow these steps as root:

• Open c2s.xml in your favorite text editor
• Scroll to the 'Local network configuration' section and change the <id> from localhost to jabber.chatur.test
• In order to able to login though Mac OS X iChat client, change the authentication mechanism under ‘sasl’ first comment out ‘digest-md5’ from <digest-md5 /> to <-- <digest-md5 /> --> and add ‘cram-md5’ instead <cram-md5 />
• Change the MYSQL database passwaed from<pass>secret</pass> to <pass>jtest</pass>
• Save and exit

This completes the configuration of the jabberd server. This gives us a basic jabber server that allows users to register themselves and chat with each other. However, if we want to have the ability to create chat rooms, we need to install some additional software called mu-conference. We will cover the installation of mu-conference momentarily.

Creating a default buddy list for new users

jabberd gives us the ability to create a template buddy list so that each new user has a default buddy list. This is very useful in environments where the administrator wants to make sure each user has all the important people in their buddy list without spending a lot of time adding each user manually.

The template file is located in the templates subdirectory and is called roster.xml. The file has the following format:

<query xmlns=’jabber:iq:roster’>
<!--
<item name=’Buddy Name’ jid=’JID@Host.domain’ subscription=’both’>
<group>BuddyGroup</group>
</item>
-->
</query>

To add new users we need to uncomment the <item name> tag and add a new line for each user. For example if you wanted to add me to the default roster and my JID (Jabber ID) was chatur@jabber.chatur.test the entry for my name would look like this:

<item name='chatur' jid='chatur@jabber.chatur.test' subscription='both'>
<group>Support</group>
</item>

The group field tells the client the group under which the entry is supposed to be stored. In this case chatur is being stored under the Support group. All entries need to be enclosed within the <query> </query> tag, so the complete file with one user would look something like:

<query xmlns=’jabber:iq:roster’>
<item name=’chatur’ jid=’chatur@jabber.chatur.test’ subscription=’both’>
<group>Support</group>
</item>
</query>

Generating a Self-Signed SSL Certificate

Important: Key Is Self-Signed The key generated by the instructions below is self-signed. Such a key is not part of a trust hierarchy. When used to secure communications with Jabber clients, a self-signed key will usually cause warnings to appear because its authenticity cannot be verified against a trusted key.

Generate Key Pair

From a working directory, enter the command below to begin an interactive key generation process:

openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out server.pem

You will be prompted for a passphrase for the private key. After entering and confirming your passphrase, you will be prompted for public information about your key.

Note: Common Name Note that you should enter your domain name as the Common Name for your certificate.

Note: Key Lifetime Note that the command above creates a key with a 3650 day (10 year lifetime). To change the key lifetime, use a different number of days for the -days parameter.

Remove Passphrase

Enter this command to remove the passphrase from your private key:

openssl rsa -in privkey.pem -out privkey.pem

Combine the Private and Public Key

Enter this command to combine the private and public keys into a single file:

cat privkey.pem >> server.pem

Delete Private Key

You should now delete your private key:

rm privkey.pem

Move Key and Set Permissions

You can now move your key to its permanent location. For example, to move the key to the default Jabberd pemfile location, you would enter this command (as superuser):

mv server.pem /opt/jabber/etc/server.pem

Then, you should set permissions on this file so that it is owned by superuser and is readonly (as superuser):

chown root:jabber /opt/jabber/etc/server.pem
chmod 640 /opt/jabber/etc/server.pem

Your certificate is now ready for use by Jabberd. You should make a backup (such as to a floppy) of your certificate.

Ethernet Bridge on FreeBSD

The basic operation of a bridge is to join two or more network segments together. There are many reasons to use a host based bridge over plain networking equipment such as cabling constraints, firewalling or connecting pseudo networks such as a Virtual Machine interface. A bridge can also connect a wireless interface to a wired network and act as an access point.

Requirements:
Two Physical (Real) Network Card (NIC) (minimum)

Enabling the Bridge:
The bridge is created using interface cloning.

To create a bridge use ifconfig

# ifconfig bridge create
bridge0

# ifconfig bridge0
bridge0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 96:3d:4b:f1:79:7a
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
        root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0

Add the member network interfaces to the bridge.

# ifconfig bridge0 addm re0 addm re1 up
# ifconfig re0 up
# ifconfig re1 up

To remove a BRIDGE interface, enter:
# ifconfig bridge0 destroy

To make configuration persistence, open /etc/rc.conf, Append / modify as follows:
# vi /etc/rc.conf
cloned_interfaces="bridge0"
ifconfig_bridge0="addm re0 addm re1 up"
ifconfig_re0="up"
ifconfig_re1="up"

bridge interface can be configured to take part in network.
# ifconfig bridge0 inet 192.168.200.1/24

Linux Ethernet Bridge

The Linux ethernet bridge can be used for connecting multiple ethernet devices together. The connection is fully transparent: hosts connected to one ethernet device see hosts connected to the other ethernet devices directly.

Requirements:

1. Two Physical (Real) Network Card (NIC) (minimum)
2. bridge-utils - This package contains utilities for configuring the Linux ethernet bridge.

Steps:
1. Zero IP the interfaces.
        # ifconfig eth0 0.0.0.0
        # ifconfig eth1 0.0.0.0

                OR

        # ifconfig eth0 up promisc
        # ifconfig eth1 up promisc


2. Create the bridge interface.
        # brctl addbr br0

3. Add interfaces to the bridge.
        # brctl addif br0 eth0
        # brctl addif br0 eth1

        OR

        # brctl addif br0 eth0 eth1

4. Put up the bridge.
        # ifconfig mybridge up

5. The virtual interface br0 can also be configured to take part in network. It behaves like real interface (like a normal network card).
        # ifconfig br0 192.168.200.100 netmask 255.255.255.0

kill process based on username and logout users

To kill all process of logged in user and logout

pkill -KILL -u username

Ethernet Loopback connector

Occasionally I need for a network card to operate as a live network connection, without it actually being connected to a network. Typically for testing purposes, I need a quick and easy way to make a loopback connector. Small enough to keep in my Pocket. The following is a quick "how to" for making an Ethernet loopback connector.

To create a loopback plug, cross pin 1 (TX+) and pin 3 (RX+) together, and cross pin 2 (TX-) and pin 6 (RX-) together. You need the following equipment to create the loopback:

• A 6-inch long CAT5 cable
• An RJ-45 connector
• A crimping tool

When you create and then test a physical loopback, you are testing the RJ-45 interface of the NIC.