Moving Day Is Here!

April 26, 2010

Well, the day is here! I am officially moving my blog off of wordpress.com hosting onto duststorm’s VPS. You will still be able to access it at spareclockcycles.wordpress.com, but the main site will be spareclockcycles.org, so update your bookmarks accordingly. There will be a lot of messing around with DNS and the like going on over the next few hours, so I apologize for any downtime. I will put up a post when the move is complete.

Socksify Anything

April 15, 2010

As a follow-up to one of my posts awhile back, I figured I’d share a small tip with those who don’t use SOCKS proxies quite as often as I do. In my previous post, I showed how to set up an SOCKS proxy that tunnelled your (now encrypted) traffic through a remote SSH server, as well as how to configure Firefox to use that tunnel. But what if your application doesn’t support SOCKS proxies? And what if you want to tunnel through multiple hosts (I’m sure you could think of a situation :P)?

Well, you’re in luck: proxychains can handle all of that. When used to execute an application, proxychains acts a middleware layer, intercepting all TCP connections, wrapping them in the SOCKS protocol, and routing them through the proxies of your choice. If you’re on Ubuntu, it’s, as usual, brilliantly easy to install. One “sudo apt-get install proxychains” and you’re good to go. Now how do we go about using it?

The first thing you need to do to use proxychains is to set up a configuration file. On Ubuntu (and I’m assuming, any other install), there is a default file in /etc/proxychains.conf that you can look at for guidance, but I have included mine for reference just in case. Now, there are three places proxychains will look for a config file when it is executed: in the local directory, at ~/.proxychains/proxychains.conf , and in /etc/proxychains.conf (and they are prioritized in that order). Chose yours according to what works best for you. I’d assume that either your home folder or etc folder would be the best, as it will work without a fuss no matter what your $PWD is. Now, the proxychains config has a good number of options, so you’ll need to know what’s best for you. For most, the dynamic chain is best: it functions as long as one of the proxies in it’s configuration page is online. I’d also recommend enabling proxy_dns if it’s not on, to prevent DNS leakage. The rest of the default options should be fine. After that, all you need to do is add your proxy in the form of “proxy_type host port”, which, if you’re using an SSH proxy like in my previous post, will be something like “socks4 127.0.0.1 6789” .

Now save the file, and you’re ready to go. If you, say, want to update your system, all you need to do is “sudo proxychains apt-get update”, and away it goes. If you want to chain your traffic through multiple hosts, simply add more to your config file, and run “proxychains ./myapp”. Enjoy!

Update 04/16/2010: As mentioned in a previous post, tsocks is also a good application for socksifying connections, and worth trying if proxychains doesn’t work for you. However, you can’t (as far as I know) use it to chain multiple proxies together, so keep that in mind.

Reblog this post [with Zemanta]

Once again, I find myself singing the praises of SSH. Seriously, is there much of a reason to have any other ports open anymore? The latest trick I have added to my list of things SSH can do is presenting a remote filesystem, securely.  Now, I’m sure most of us are aware that you can transfer files over SSH using a protocol called SFTP. What you may or may not be aware is that you can mount this remote filesystem locally using a nifty little tool called SSHFS. This is incredibly useful in a number of situations, allowing you to access remote files in a way that is easy for the user (as easy as local filesystems), easier to set up than solutions such as NFS, and as secure as SSH itself.

All you have to do on the remote machine you wish to access is have OpenSSH listening somewhere. For the client machine, you need to make sure you have SSHFS installed. To do this on Ubuntu, simply run:

sudo apt-get install sshfs

Now, to mount the filesystem locally, we first need to create a mount point for the filesystem:

mkdir /path/to/mountpoint
chown user /path/to/mountpoint

Where user is your username and sshfs is the location of the mountpoint. Now, to go ahead and mount the remote filesystem, simply execute this command with your own information inserted:

sshfs remote-username@address.of.server:/remote/folder/to/mount /path/to/mountpoint

Enter your password, and that’s it! Your remote filesystem should now be mounted.

Well that’s pretty cool in itself, but what if we want to go farther and have it mount at startup without any interaction from us? No problem, thanks to another cool feature of SSH called public key authentication. This feature allows us to log in to a system without providing the password of the user we are authenticating as, and instead authenticating users based on their RSA keys. If you trust me that this is secure, you can skip the next paragraph, but if you don’t, or you are curious how this works, read on.

The initial key exchange that SSH does is encrypted using an asymmetric encryption algorithm called RSA. In this key exchange, the goal is to exchange a symmetric key (AES, DES, whatever  you want) over RSA, which is unfortunately too slow to handle the large amount of data that needs to be encrypted to secure all of the SSH traffic. It is ideal, however, for assuring that a key exchange stays secure. The way it works is that each participant, both client and server, have a public key and a private key, and you give out the public key to anyone you want to be able to send you data. Once encrypted with the public key, the only way you can decrypt the data is with the private key, which only the local computer has. This technique has the useful property of providing both confidentiality and, as long as the private key is kept secret, authenticity. This means that as long as the private key is kept secret, you can authenticate to a system based solely on the public key, because no one but the authorized machine should be able to decrypt the proper symmetric key if it does not have the private key. If you would like more explanation than the incredibly brief overview I just gave, go check out the Wikipedia articles on RSA and on SSH, it should give you all the information you want.

Now that you don’t feel like you’re doing something incredibly dangerous (or maybe you still do, and you just like danger…:P ), follow these steps provided by OpenSSH on how to set up public key authentication between two hosts.  Once done, all that’s left to do is add the sshfs command that we used earlier to mount the remote filesystem to a startup script somewhere. To do this in Ubuntu/GNOME, you can simply go to System->Preferences->Startup Applications and add a new entry that uses our command from earlier as the command to be executed at login. If you are not on Ubuntu or using GNOME, you should be able to find documentation somewhere on how to make something run on startup.

That’s all there is too it, hope someone finds it useful. Just a short note, if you need to unmount the share, simply execute sudo umount /path/to/mountpoint and you’ll be fine. Enjoy!

Reblog this post [with Zemanta]

Hey all, long time no post yet again. Exams can do that to you…but if you are much more fortunate than I and have some time to kill, I would highly suggest taking the pre-alpha of Chromium (the open source base of Google Chrome) for a spin. For a long while now I’ve been looking for a decent browser replacement for Firefox on my netbook, which is almost unbearably slow. Thankfully for my mobile browsing experience, Chromium seems to be shaping up to be that browser. Still has tons of bugs and crashes occasionaly, but for pre-alpha it’s still really polished and *really* fast. I will be writing a more thorough review once I get the time, but until then you all can just see for yourself.

A big fat warning before we begin: EXPECT THINGS TO BREAK. This isn’t even in alpha yet, so there are no guarantees as to your experience. That said, I’ve had a pretty good experience with it so far.

All you really need to do to get Chromium installed is to add the nightly PPA repository that the developers were kind enough to set up for all of us Ubuntu users and install the chromium-browser package. To do this, simply do the following:

Open up a terminal (or use Alt+F2) and execute the following command:

sudo gedit /etc/apt/sources.list

Now go to the PPA site to get the correct lines to add into the file.  To do this, simply select your version of Ubuntu and it will tell you what lines you need. It should look something like this (the lines for Intrepid):

deb http://ppa.launchpad.net/chromium-daily/ppa/ubuntu intrepid main
deb-src http://ppa.launchpad.net/chromium-daily/ppa/ubuntu intrepid main

Add these to the end of the file, save, then exit.

Now you need to add the repository key. Simply execute this command:

sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com fbef0d696de1c72ba5a835fe5a9bf3bb4e5e17b5

Great! The repository is now installed and verified. Now, simply update the repositories and install the package by running the following commands:

sudo apt-get update
sudo apt-get install chromium-browser

That’s it! Chromium should now be installed on your system, ready for you play around with. Enjoy.