how to read softhsm keys - pkcs#11

I am using softhsm2 to generate keys/tokens, and I don't know how I can read my keys value. I am using this command to get the hsm content but it doesn't give a lot of details :
pkcs11-tool --module /usr/lib64/pkcs11/libsofthsm2.so -l -t
is there any other tools to manage sofhsm ?
Thank you!

I hope you have not installed the pkcs11-tool in your machine and probably your HSM is hosted in a remote machine. If this the case plesae check Expose SoftHSM library to the code running in host machine or https://github.com/rbroggi/softhsm-daemon

Related

Obtain ssh version externally using nmap

I would like to know if I can obtain ssh version using nmap of my external vps.
nmap -p 22 sV <domainname>
result:
22/tcp filtered ssh
Is there another nmap syntax so I can obtain ssh service version?
Just want to obtain the ssh service version of my external vps.
I tried alot of nmap commands but probably there's a struggle in-between like a firewall, which causes a filtered state. My own network is behind a DrayTek Device. Maybe a possible cause?
Thanks in advance!
The nmap option --badsum is able to provide insight about the existence of a firewall. A non firewall device that runs a full network stack will silently drop a bad checksum. In the case that your scan reaches an end device, you would expect to see the same result as your -sV scan. A firewall may offer a different reply to the --badsum.
The answer to your question regarding version, is that -sV is ideal, however -A may run some scripts that return useful information. You can also run --script=sshv1 or another specific script that is ssh related. More script options are here nmap scripts.

sshd#QNX: Could not load host key / Missing privileges separation

I followed the manual provided by QNX for SDP 6.6.0 on how to set up the OpenSSH SSH daemon except I tried to get it running on an existing Neutrino OS. To no avail so far. I encountered several pit falls which I could not find to be solved in any guide I found on the web.
It works quite easily and out of the box for QNX 6.5.0. E.g.
'How do you install an ssh server on qnx' which only states to generated keys and start the daemon. But that doesn't seem to be the case anymore.
This is how I've tried to tackle this so far:
created folder /etc/ssh and DSA and RSA keys
tried starting sshd => error: /etc/ssh/sshd_config
created empty file /etc/ssh/sshd_config
tried starting sshd => error:
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Missing privileges separation directory: /var/chroot/sshd`
created folder /var/chroot/sshd and file /etc/ssh/ssh_host_ecdsa_key with proper privileges using chmod 700
P.S.: Why is it that there are only very very few sources actually talking about SSH and QNX. Even QNX only refers to NetBSD by linking their plain man pages. In the BSP guides they handle the topic like "Yeah we've got SSH - you can use it." If not SSH what's then the proper way of remote access?!
OK, gonna answer my question rightaway (since after not posting it, I found the answer some days later):
Long story short. The ssh version on QNX 6.6.0 needs also the ssh_host_ecdsa_key key file generated using ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key. The file was present at my system but somehow corrupted and I just had to generate it again. (I did not know that back then and the manuals I was following don't even mention this key)
I would not recommend following the QNX manual (since it's outdated and especially) if you simply just want to start/configure the sshd daemon (ssh server) on an existing system. Follow 'How do you install an ssh server on qnx' instead.

Giving matlab code sudo permissions? Unconnectable-connected ftp port

I'm trying to use this code to pull a bunch of data from the ModelNet data base located at vision.cs.princeton.edu I'm using the already written matlab code from the website itself; however, I'm encountering permissions errors whenever I run the code because wget (which the code uses) is located in a restricted directory in the server. Normally I would just use sudo; however, I can't seem to run sudo matlab as a command. My question is does anybody know a way to remotely run matlab code from a server and somehow give it permissions that sudo normally would give? Also, could someone try ftping to vision.cs.princeton.edu at port 80? For some reason I'm able to connect to that port, but the connection seems to be closed and I can't ping that address either I get 100% package loss.
Thanks
Use urlread instead of wget, this should fix your issues.

Resolve hostnames with arch linux on a RaspberryPi

I have a Pi that runs hostapd and dhcpd on arch linux to create it's own land with the Pi's (routers) IP being 10.0.0.1. This uses the wlan0 interface and it only serves as a standalone router running a web server.
Once I connect to the Pi, I use 10.0.0.1 to display the web pages, but I want to use a hostname such as firepi. I have tried using dnsmasq, but I haven't been successful. Any help would be greatly appreciated especially if you can give me some detailed examples as I am a novice.
The purpose of this system is that I have created a web app that you can use to ignite fireworks over WiFi at a safe distance. I would just like the convenience of using a hostname instead of the IP address.
I must add that I will more than likely be using an iPhone to connect to the server, should this affect anything.
Not too sure how or why but this is what I did and it is successfully working now, so this is just for future users who may need a similar setup to mine.
First I installed hostapd and dhcpd and made sure they were working. Next I changed '/etc/hostname' to firepi and the '/etc/hosts' and added '10.0.0.1 firepi'. Then I installed dnsmasq, and set the interface to wlan0, and finally added '10.0.0.1 firepi' to '/etc/resolv.conf'.
After a full reboot, I joined the network on my iPhone, navigated to firepi and sure enough, it worked!
Thanks to the other users for their advice and tips.
You can use avahi on Arch as well to resolve your hostname:
sudo pacman -S avahi nss-mdns
Start the avahi daemon:
sudo systemctl enable avahi-daemon.service
sudo systemctl start avahi-daemon.service
Edit /etc/nsswitch.conf
sudo vim /etc/nsswitch.conf
Change the line:
hosts: files myhostname dns
to
hosts: files myhostname mdns_minimal [NOTFOUND=return] dns
Reboot
Note: don't forget to add .local to your hostname.
See also:
http://blog.pixxis.be/post/77285636682/resolve-hostname-with-arch-linux-on-a-raspberry-pi
If you just want to be able to use "firepi" as hostname to connect to it, you can simply add it to your /etc/hosts file using the syntax "IP host".
To make it as easy as possible, run this command as root:
echo "10.0.0.1 firepi" >> /etc/hosts
That'll do the trick.
Can you try avahi ?
sudo apt-get install avahi-daemon and
sudo apt-get install avahi-browse
I've successfully used that on Raspian. Unless you change the hostname using
sudo raspi-config you will access via raspberrypi.local
Note that if you plan to access the RPi from Windows you will need to install Bonjour Service first(if you have iTunes intalled, you might have those, run services.msc and check if the Bonjour Service is started)
Another note: On a friend's iphone I've installed a generic vnc client and had x11vnc running on the RPi and succesfully managed to connect to the RPi (since avahi-daemon was installed)

Problems using teamcity command line to perform ssh remote login

I was wondering if anyone has tried using teamcity's command line builder to perform ssh remote login.
Right now, I would like to automate some testing on a QNX neutrino OS which is currently unsupported by teamcity. As a work around, I setup a ssh server on the target qnx machine so i could ssh and sftp the executables in.
Firstly, the source are compiled on Windows XP using qnx's compiler (based on g++). Followed by sftp-ing the executables into qnx neutrino.
Next, using ssh, script the login to remotely start the test apps and send the results back to the remote agent for publishing.
The batch script I created works well standalone, however, after hooking it up on the remote agent, it fails to login ssh and hangs indefinitely at the following command:
ssh -l "./.sh"
Notes:
I have added the remote agent's RSA public key in the QNX .ssh/authorized keys file, automatic login is working.
Is there a need to add the teamcity server's RSA public key in too?
Anyone has any idea on this problem?
I had a few weird problems with key-based SSH logins on QNX related to file permissions for the keys in .ssh. and permissions of parent folders (/home/username and /root).
Add
LogLevel DEBUG3
to /etc/openssh/sshd_config, make sure syslog is configured and is logging sshd output, restart sshd and try again - it will most likely complain about something.
Also, ssh -l "./.sh" makes no sense - -l is used to specify the user name, something is off there.