0

Windows SSH client with TPM

I managed to get an SSH client working using an SSH pubkey protected by a TPM.

This is another post in my series in playing with TPM chips:

• TPM-backed SSL
• TPM chip protecting SSH keys - properly

Optional: Take ownership of the TPM chip

This is not needed, since TPM operations only need well known SRK PIN, not owner PIN, to do useful stuff. I only document it here in case you want to do it. Microsoft recommends against it.

1. Set OSManagedAuthLevel to 4

   HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TPM\OSManagedAuthLevel 2 -> 4

   Reboot.

2. Clear TPM

   Run tpm.msc and choose “Clear TPM”. The machine will reboot and ask you to press F12 or something for physical proof of presence to clear it.

3. Set owner password from within tpm.msc

Set up TPM for SSH

1. Create key

   C:\> tpmvscmgr.exe create /name “myhostnamehere VSC” /pin prompt /adminkey random /generate

   PIN must be at least 8 characters.

2. Create CSR

   Create a new text file req.inf:

   [NewRequest]
   Subject = “CN=myhostnamehere”
   Keylength = 2048
   Exportable = FALSE
   UserProtected = TRUE
   MachineKeySet = FALSE
   ProviderName = “Microsoft Base Smart Card Crypto Provider”
   ProviderType = 1
   RequestType = PKCS10
   KeyUsage = 0x80
   

   C:\> certreq -new -f req.inf  Continue reading

0

HSBC is not a real bank

From a customer’s perspective it’s hard to tell if HSBC UK is some sort of performance art as opposed to a real bank.

I will add more things to this blog post as they occur to me, since this is the first time I’m writing these down in one place some of the many many absurdities are bound to slip my mind.

How are they absurd? Let me count the ways.

You can only view about one month of transaction history in your account, and you see it in the logical reverse chronological order.

For anything older, you have to check your “statements”, which have overlapping data and are in chronological order. They have the data. They just refuse to show it to me in a useful form.

So if you want to inventory one month of expenses you now have to synchronize your recent transactions (reverse chronological) with one or two overlapping chronological ones. Oh, and multiply this by two to look at debit and credit card expenses.

If you thought the main banking website was bad (and it’s terrible. If you don’t think it’s absolutely awful then you’ve never seen e.g. SEB to compare), then you should Continue reading

0

Ubiquity gear replacing BT HomeHub router

These are my notes from setting up Ubiquity wifi access point and router to replace the horrible BT HomeHub 5.

What’s wrong with BT HomeHub?

• It can’t hand out non-BT DNS servers (and BT’s DNS servers MITM your queries and spoof NXDOMAIN if the reply has rfc1918 addresses in them. This is known and they “can’t” turn this off)
  • This means that I had to turn off the DHCP server and run my own on a raspberry pi. So I’m actually replacing two devices. It was already not a all-in-one-box solution.
• The port forwarding database is not using unique key constraints, so you have to try and re-try adding port forwardings until you’re lucky and don’t hit a key collision.
• Only one wifi network. I want untrusted things (IoT) to be firewalled from the rest.
• I want to deny Internet access to some IoT things. I don’t need them to be able to connect anywhere. HomeHub doesn’t support that.
• Wifi range is not great. Not terrible, but bad enough that it doesn’t cover my home.
• I don’t know if it’s to blame, but I did not have a good experience trying to set up a second AP to automatically roam Continue reading

0

Yubikey 4 for SSH with physical presence proof

This is another post in the series of how to protect SSH keys with hardware, making them impossible to steal.

This means that you know that your piece of hardware (e.g. Yubikey or TPM inside your laptop) was actively involved in the transaction, and not, say, turned off and disconnected from the Internet at the time (like in a safe or on an airplane).

What’s new this time is that we can now have a physical presence test on every use of the key. That means that even if someone hacks your workstation completely and installs a keylogger to get your PIN, unless they also break into your home they can’t use the key even while the machine is on and connected. Evil hackers in another country are out of luck.

Intro

Most of this is a repeat of official docs (see references).

If it looks like a command is hanging, check to see if the Yubikey is flashing. If it is, then touch it.

The touch feature is optional. If you don’t want a key to require it, you can chose to generate a key that doesn’t.

Install yubico-c, ykpersonalization, and yubico-piv-tool

sudo apt-get install help2man gengetopt libtool  Continue reading

0

How I made my custom keyboard layout on Linux and Windows

This post explains how to set up a keyboard layout the way I like it. It may not fit you at all, but it may give you ideas that would work for you.

In short: I remap Caps Lock to add some extra keys.

First a description of what my preferred keyboard layout is: I type Dvorak, but also want to occasionally use Swedish letters. There are a couple of Dvorak versions for Swedish, but since most of my typing is in English or programming I think they compromise too much on the accessibility of other keys to add these three Swedish characters.

So for decade or so I’ve been remapping Caps Lock to AltGr and holding down AltGr to add new keys. Typing “ö” quickly became fluent and easy, since it involves holding down one key with my left hand and pressing a key with another.

I used this method even before I switched to Dvorak, because if you’ve ever coded on a Swedish keyboard you should know how terrible it is. I know several Swedish programmers who use US keyboard layout all the time because of this, and simply live without being able to type proper Swedish.

Continue reading

0

Building pov-ray on raspberry pi

This is just notes in case I need to do this again. It’s for my QPov project.

sudo apt-get install autoconf libboost-all-dev libjpeg-dev libtiff-dev libpng-dev
git clone https://github.com/POV-Ray/povray.git
cd povray
git checkout --track -b 3.7-stable origin/3.7-stable
cd unix
./prebuild.sh
cd ..
./configure --prefix=$HOME/opt/povray COMPILED_BY="My_Name on RPi"
make
make install

0

Scraping data from a BT home hub 5

If you have BT broadband and want to graph the synced speed and actual use of your broadband connection, and you use the BT provided router (Home Hub), then you can’t use SNMP to get these counters. But you can get the data over HTTP without too much trouble. Here’s some ugly one-liners for doing that.

Current byte counters on the Internet interface (down/up)

curl -s 192.168.42.1/nonAuth/wan_conn.xml 
    | sed -r '/wan_conn_volume_list/{N;s/.*[.//;s/[^0-9]],$//;s/%3B/ /g;s/^[0-9]+ ([0-9]+) ([0-9]+)$/1 2/g;p};d'

Current synced up speeds in bps (down / up)

curl -s 192.168.42.1/nonAuth/wan_conn.xml 
    | sed -r '/status_rate/{N;s/.*[.//;s/[^0-9]],$//;s/%3B/ /g;s/^([0-9]+) ([0-9]+) [0-9]+ [0-9]+/2 1/g;p};d'

Misc note

First I tried this. And it appeared to work. But only if someone had logged in to the web UI recently.

curl -s 192.168.42.1/cgi/cgi_ad_B_Internet.js | sed -r '/wan_conn_volume_list/{N;s/.*[.//;s/[^0-9]],$//;s/%3B/ /g;s/.* ([0-9]+) ([0-9]+)$/1 2/g;p};d'

But then I try it on a different machine and… Oh… oh no. Oh say it ain’t so. Don’t tell me the BT home hub security is based on IP address? Oh… oh it is.

In conclusion

Yet another reason these routers are completely retarded. Other examples:

• Internal databases Continue reading

0

How to boot an encrypted system safely

These are my notes on how to set up a system securely, in a way that would prevent attackers from being capable of performing an “evil maid attack”.

The threat model

You have a Linux server that you want to protect against data theft and other backdoors. The attacker can get physical access to your hardware, for example by having access to the server room that houses your rack.

Your attacker is funded, but not super well funded. This will not protect you against intelligence agencies.

The attacker can buy a new server that looks just like the one you have. You will not be able to tell the difference from physical inspection.

You want to know that it’s safe to log in to your server after a suspicious power outage or reboot.

This solution assumes that once the system is booted and you log in, you have access to the secret data. In other words, this is not a protection for gaming consoles or kiosks.

Overview of the solution

First of all, full disk encryption using dm-crypt. Obviously. (other FDE also acceptable, of course)

Walking up to the server and typing the passphrase every reboot is not only tedious Continue reading

0

Raytracing Quake demos

I decided to combine these two problems into one solution:

• Modern CPUs are idle way too much of the time. Why have all this computational power if we don’t use it?
• I have these funny old Quake demos that there’s no good way to convert to something playable.

My solution is to convert Quake .dem files to .pov files and render them with POV-Ray.

Quake scene rendered in POV-Ray. Two more here and here.

Quake is closing in on 20 years old now, and it’s starting to get annoying to make it even work. Yes, it’s opensource, and there are a couple of forks. But they’ve also always been annoying to get working. Hell, even GLQuake in Steam won’t start for me. (yes, I know this is a bad reason, but I’m doing this for fun)

Many of the tools and resources are hard to find. I couldn’t find ReMaic, and only found lmpc thanks to FreeBSD having made it a package. Converting demos to an ASCII format using lmpc helped in confirming that my file parsing was correct.

The steps needed to render a demo:

1. Extract .mdl files to .pov and .png (skin) files.
2. Extract .bsp files to .pov Continue reading

0

My mechanical keyboard

You spend all your waking time at a keyboard. This blog post is about keyboards, and can be summarized as: Buy quality, cry once.

I spend a lot of time typing on a keyboard, yet I have never looked into what keyboard would be best for me. There are natural keyboards and kinesis keyboards that people speak well of, but I spend a lot of time typing on laptops and don’t want a completely different setup for laptop and desktop.

I had the same concern before switching to Dvorak back when I was a consultant (thus often using other peoples managed machines), but happily switched after verifying that even on a locked down Windows machine as a non-admin user I could select Dvorak. Also there are adapters from Dvorak to Qwerty that I could use in extremely locked down environments such as the CCIE lab (they required a doctors note though, long story).

So it would have to be a keyboard that looks like a normal one. Preferably with Dvorak on the keycaps. It seems that mechanical keyboards are all the rage, so I thought I’d give that a go.

I ended up buying a 88 key Cherry MX brown-based Continue reading

0

Secure browser-to-proxy communication – again

I've previously blogged about a secure connection between browser and proxy. Unfortunately that doesn't work on Android yet, since except if you use Google for Work (an enterprise offering) you can't set Proxy Auto-Config.

This post shows you how to get that working for Android. Also it skips the stunnel hop since it doesn't add value and only makes Squid not know your real address. I'm here also using username and password to authenticate to the proxy instead of client certificates, to make it easier to set up.

Hopefully this feature will be added to Chrome for Android soon (bug here) but until then you'll have to use the Android app Drony.

First, why you would want to do this

• You have machines behind NAT, and a proxy that can see the inside while still accessible form the outside

  This way you can port forward one port from the NAT box to the proxy, and not have to use different ports everywhere. I'll call this proxy corp-proxy.example.com.

• You have servers that don't implement their own authentication, and you want the proxy to do it for you

  If you set up so that the only way to Continue reading

0

Colour calibration in Linux

This is just a quick note on how to create .icc colour profiles in Linux. You need a colour calibrator (piece of hardware) for this to be useful to you.

#!/bin/sh
NAME=$1
COLOR=$2
DESC="Some random machine"
QUALITY=h   # or l for low, m for medium
set -e

dispcal -m -H -q $QUALITY -y l -F -t $COLOR -g 2.2 $NAME
targen -v -d 3 -G -e 4 -s 5 -g 17 -f 64 $NAME
dispread -v -H -N -y l -F -k $NAME.cal $NAME
colprof -v -D $DESC -q m -a G -Z p -n c $NAME
dispwin -I $NAME.icc

0

Another way to protect your SSH keys

Let's say you don't have a TPM chip, or you hate them, or for some other reason don't want to use it to protect your SSH keys. There's still hope! Here's a way to make it possible to use a key without having access to it. Meaning if you get hacked the key can't be stolen.

No TPM, but key can't be stolen anyway? Surely this is an elaborate ruse? Well yes, it is. My idea is that you essentially bounce off of a Raspberry Pi.

But doing that straightforward is too easy. I've instead made an SSH proxy, and will show you how to automatically bounce off of it. You could do the same by setting up a second SSH server (or the same one), and hack around with PAM and a restricted shell. But this solution can be run as any user, with just the binary and the set of keyfiles. Very simple.

The goal here is to log in to shell.foo.com from your workstation via a Raspberry Pi. The workstation SSH client presents its SSH client key to the SSH Proxy on the Raspberry Pi, and if allowed will connect on and present the SSH Continue reading

0

Don’t forget to restart all your OpenSSL binaries

The wonder of UNIX is that you can delete running binaries and loaded shared libraries. The drawback is that you get no warning that you're still actually running old versions. E.g. old heartbleed-vulnerable OpenSSL.

Server binaries are often not forgotten by upgrade scripts, but client binaries almost certainly are. Did you restart your irssi? PostgreSQL client? OpenVPN client?

Find processes running with deleted OpenSSL libraries:

$ sudo lsof | grep DEL.*libssl
apache   17179      root  DEL       REG        8,1               24756 /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0

Or if you're extra paranoid, and want to make sure everything is using the right OpenSSL version:

!/bin/sh
set -e
LIB="/usr/lib/x86_64-linux-gnu/libssl.so.1.0.0"
if [ ! "$1" = "" ]; then
   LIB="$1"
fi
INODE="$(ls -i "$LIB" | awk '{print $1}')"
lsof | grep libssl.so | grep -v "$INODE"

A few points:

• Run this as root in case lsof otherwise wouldn't be able to get at the data (e.g. if you run grsec)
• This assumes all libssl is on one filesystem, since it only checks inode number
• The easiest solution is of course to restart the whole machine, but there's really no reason to if you don't want to

0

How TPM-protected SSH keys work

In my last blog post I described how to set up SSH with TPM-protected keys. This time I'll try to explain how it works.

SRK

The SRK is a public key pair that is the main secret inside the TPM chip. It is always generated by the chip, and the private key cannot be read or migrated.

In order to use the SRK key with any operation, the SRK password must be supplied. The SRK password is just an access password. It's not related to the key itself. The SRK password is usually set to the Well Known Secret (20 null characters), or sometimes the empty string, or something silly like "12345678".

There is not much point in having a good SRK password, since you probably have to store it on disk somewhere anyway, to allow TPM operations by daemons.

If you want a password then you probably want to set that per key, not chip-wide like the SRK password is.

Key generation

The stpm-keygen binary asks the TPM to generate a key, and the TPM hands back the public portion of the key, and a "blob" that has no meaning to anyone except the TPM. The blob is encrypted Continue reading

0

How TPM-protected SSH keys work

In my last blog post I described how to set up SSH with TPM-protected keys. This time I'll try to explain how it works.

SRK

The SRK is a public key pair that is the main secret inside the TPM chip. It is always generated by the chip, and the private key cannot be read or migrated.

In order to use the SRK key with any operation, the SRK password must be supplied. The SRK password is just an access password. It's not related to the key itself. The SRK password is usually set to the Well Known Secret (20 null characters), or sometimes the empty string, or something silly like "12345678".

There is not much point in having a good SRK password, since you probably have to store it on disk somewhere anyway, to allow TPM operations by daemons.

If you want a password then you probably want to set that per key, not chip-wide like the SRK password is.

Key generation

The stpm-keygen binary asks the TPM to generate a key, and the TPM hands back the public portion of the key, and a "blob" that has no meaning to anyone except the TPM. The blob is encrypted Continue reading

0

TPM chip protecting SSH keys – properly

Not long after getting my TPM chip to protect SSH keys in a recent blog post, it started to become obvious that OpenCryptoKi was not the best solution. It's large, complicated, and, frankly, insecure. I dug in to see if I could fix it, but there was too much I wanted to fix, and too many features I didn't need.

So I wrote my own. It's smaller, simpler, and more secure. This post is about this new solution.

Why not Opencryptoki?

• It generates at least some keys in software. As I've explained earlier, I want to generate the keys in hardware.
• It generates migratable keys. This is hardcoded, and some people obviously want migratable keys (for backup purposes). So a fix would have to involve supporting both.
• Opencryptoki has no way to send such parameters from the command line key generator to the PKCS11 library. So not only would I have to implement the setting, but the whole settings subsystem.
• The code is big, because it supports a lot of features. Features I don't need or want. They get in the way of me as a user, and of me fixing the other issues.
• The code is of Continue reading

0

Should I generate my keys in software or hardware?

A Hardware Security Module (HSM) is any hardware that you can use for crypto operations without revealing the crypto keys. Specifically I'm referring to the Yubikey NEO and TPM chips, but it should apply to other kinds of special hardware that does crypto operations. I'll refer to this hardware as the "device" as the general term, below.

Some background

When describing the Yubikey NEO I'm specifically referring to its public key crypto features that I've previously blogged about, that enable using Yubikey NEO for GPG and SSH, not its OTP generating features.

To generate keys for these devices you have two options. Either you tell the device to generate a key using a built in random number generator, or generate the key yourself and "import" it to the device. In either case you end up with some handle to the key, so that you command the device to do a crypto operation using the key with a given handle.

This "handle" is often the key itself, but encrypted with a key that has never existed outside the device, and never will. For TPMs they are encrypted (wrapped) with the SRK key. The SRK is always generated inside Continue reading

0

TPM chip protecting SSH keys

STOP! There is a better way. this post explains a simpler and more secure way.

Update 2: I have something I think will be better up my sleeve for using the TPM chip with SSH. Stay tuned. In the mean time, the below works.

Finally, I found out how to use a TPM chip to protect SSH keys. Thanks to Perry Lorier. I'm just going to note down those same steps, but with my notes.

I've written about hardware protecting crypto keys and increasing SSH security before:

• GPG and SSH with Yubikey NEO
• Benchmarking TPM backed SSL
• TPM backed SSL
• SSH certificates

but this is what I've always been after. With this solution the SSH key cannot be stolen. If someone uses this SSH key that means that the machine with the TPM chip is involved right now. Right now it's not turned off, or disconnected from the network.

Update: you need to delete /var/lib/opencryptoki/tpm/your-username/*.pem, because otherwise your keys will be migratable. I'm looking into how to either never generating these files, or making them unusable by having the TPM chip reject them. Update to come.

When I run this again on a completely blank system I'll add Continue reading

0

Fixing high CPU use on Cisco 7600/6500

Recently some time ago (this blog post has also been lying in draft for a while) someone came to me with a problem they had with a Cisco 7600. It felt sluggish and "show proc cpu" showed that the weak CPU was very loaded.

This is how I fixed it.

"show proc cpu history" showed that the CPU use had been high for quite a while, and too far back to check against any config changes. The CPU use of the router was not being logged outside of what this command can show.

"show proc cpu sorted" showed that almost all the CPU time was spent in interrupt mode. This is shown after the slash in the first row of the output. 15% in this example:

  Router# show proc cpu sorted
  CPU utilization for five seconds: 18%/15%; one minute: 31%; five minutes: 42%
  PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY Process 
  198   124625752 909637916        137  0.87%  0.94%  0.94%   0 IP Input         
  [...]
  

Interrupt mode CPU time is (a bit simplified and restricted to the topic at hand) used when the router has to react to some user traffic. Now why would the 7600 use the Continue reading