OpenBSD RDomains

Intro Let’s assume you have a Mikrotik Router which got a Mgmt Interface with IP: ‘192.168.88.1/24’ and DHCP Server enabled. You wann Access the Router via HTTP/HTTPS while offering Internet Services for the Mikrotik Router. You have an APU and OpenBSD running. What do you do ? Setup 2 NIC’s em0: dhcp client, default route, rdomain 0 em3: dhcp client, rdomain 3 Interfaces Interface em0 cat << 'EOF' > /etc/hostname.em0 # Public Internet inet autoconf inet6 autoconf EOF Interface em3

Mikrotik

Some Commands for Mikrotik NewBees Helpful Links Quick Guide - CCR2004-1G-12S+2XS CCR2004-1G-12S+2XS - User Manual MikroTik wired interface compatibility Copper SFP (not able todo Auto Negotiation) /interface/ethernet/set sfp-sfpplus1 auto-negotiation=no Update Packages /system package update check-for-updates /system package update install reboot Upgrade Firmware /system routerboard print /system routerboard upgrade /system reboot; Reset Config /system/reset-configuration MMM MMM KKK TTTTTTTTTTT KKK MMMM MMMM KKK TTTTTTTTTTT KKK MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK MikroTik RouterOS 7.

.vimrc

use vim ? i’m happy with the following settings … .vimrc cat << 'EOF' > ~/.vimrc " Use 2 spaces for tabs set shiftwidth=2 set tabstop=2 set expandtab set softtabstop=0 set ruler set mouse=r " Disable backup and swap files because they cause more problems than they solve set nobackup set noswapfile " Color syntax on " colorscheme delek " Display line numbers "set number EOF Any Comments ? sha256: 809ddad49fd2f2b3cae0a89099e148c4c8ed6ae56940ac04e1b0f1fe32afc0a1

Cisco - SSH Key Auth

Intro do you wanna login into your cisco switches with ssh & public key. you can build your config easily and copy/paste it to your switch(es). Set & Check Variables pubkey: read from ~/.ssh/id_rsa.pub username: root password: will be generated. or set it by hand # get & convert public key pubkey=$(cat ~/.ssh/id_rsa.pub |cut -d' ' -f 2 |fold -b -w 72) # Username Switch username=root # Password for User password=$(openssl rand -hex 12) # Full Line echo "username $username privilege 15 password $password" SSH Pubkey Auth Config Snippet # Build Config cat << EOF ############################################ # Copy/Paste to your Cisco Devices - START # ############################################ conf t # Set Version ip ssh version 2 no aaa new-model # Set User username $username privilege 15 password $password # Set Key ip ssh pubkey-chain username $username key-string $pubkey exit exit exit # vty Stuff line vty 0 15 login local transport input ssh end write exit ############################################ # Copy/Paste to your Cisco Devices - END # ############################################ EOF you should test it in a lab environment before running on productiv switches ;)

RSA - Weak Keys

Intro Did you ever try to generate a small RSA Key ? Today, you should go with 3072 oder 4096 Bits, or use ECC. With current Versions of OpenSSL, you can’t generate Key Smaller than 512 Bit. 128 Bit Key import rsa pubkey,privkey = rsa.newkeys(128) print(pubkey.save_pkcs1('PEM').decode('UTF-8')) print(privkey.save_pkcs1('PEM').decode('UTF-8')) 32 Bit Key import rsa pubkey,privkey = rsa.newkeys(32) print(pubkey.save_pkcs1('PEM').decode('UTF-8')) print(privkey.save_pkcs1('PEM').decode('UTF-8')) 16 Bit Key import rsa pubkey,privkey = rsa.newkeys(16) print(pubkey.save_pkcs1('PEM').decode('UTF-8')) print(privkey.save_pkcs1('PEM').decode('UTF-8')) sample with 16Bit RSA Key

Git - Mass Updater

Intro Let’s assume you have a bunch of GIT Repos in a Folder like this: /project1/ /repo1/ /repo2/ /repoN/ and you would like to update all of them ? here a little helper. Loop over all Folders check if ‘.git’ exists if so, do a git pull –all Script Copy/Paste it to your Terminal and you get a executable Script called ‘git_update_all.sh’. cat << 'EOF' > git_update_all.sh #!/usr/bin/env bash # Get the current script directory script_dir=$(dirname "$(readlink -f "$0")") # Change into each directory in the script folder for dir in "$script_dir"/*; do if [ -d "$dir" ]; then cd "$dir" || exit 1 if [ -d ".

OpenBSD - gpg

gpg stuff generate key gpg --generate-key change Passphrase gpg --change-passphrase user-id import key gpg --import 92FFBB90C18B59AEF311F9C5D2E39FFEAC507F67.pub.gpg list key gpg -k sample root@host # gpg -k [keyboxd] --------- pub ed25519 2024-01-02 [SC] [expires: 2027-01-01] F7118E072D426449DD9E4DE29674836DB8FECEDA uid [ultimate] root <root@host> sub cv25519 2024-01-02 [E] [expires: 2027-01-01] encrypt -r recipient -e encrypt date > date gpg -r F7118E072D426449DD9E4DE29674836DB8FECEDA -e date sample root@host # gpg -r F7118E072D426449DD9E4DE29674836DB8FECEDA -e date root@host# ll date* -rw-r--r-- 1 root wheel 29 Jan 2 15:14 date -rw-r--r-- 1 root wheel 200 Jan 2 15:15 date.

OpenBSD - USB

dmesg show disks dmesg |grep ^sd. sd0 at scsibus1 targ 0 lun 0: <ATA, KingFast, T031> t10.ATA_KingFast_04xxxxxxxxxxxx sd0: 114473MB, 512 bytes/sector, 234441648 sectors, thin sd1 at scsibus4 targ 1 lun 0: <JetFlash, Transcend 8GB, 1100> removable serial.85xxxxxxxxxxxxxxxxxx sd1: 7450MB, 512 bytes/sector, 15257600 sectors Show DiskLabel sysctl hw.disknames hw.disknames=sd0:9axxxxxxxxxxxxxx,sd1:60xxxxxxxxxxxxxx Show Disklabel sd1 disklabel sd1 disklabel sd1 # /dev/rsd1c: type: SCSI disk: SCSI disk label: Transcend 8GB duid: 60xxxxxxxxxxxxxx flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 949 total sectors: 15257600 boundstart: 64 boundend: 15257600 16 partitions: # size offset fstype [fsize bsize cpg] c: 15257600 0 unused Fdisk kill everything

Hetzner - Arm64 OpenBSD

OpenBSD on ARM64 at Hetzner DC Price/Performance is unbeatable at Hetzner for arm64 virtual machines. A Server (CAX21) with 4 CPU, 8 GB RAM, 80 GB Disk, 20 TB Traffic/month cost around 7 Euros/Month. Let’s build a Template for OpenBSD. Here is how todo it: Get Server with CAX21 (4 CPU, 8 GB RAM, 80 GB Disk), with Debian or Ubuntu Menu “ISO-Images”, mount Image “OpenBSD 7.4-current 2023-11-03 (arm64)” Reboot the VM Install OpenBSD as usual Disk: sd0 Use (W)hole disk (E)dit auto layout Delete all Partitions execpt Partition “i” (MSDOS) Build Disk Layout as you like.

APU - Firmware Upgrade

intro as we all know, the apu’s from pcengines are eol. but it’s worth to bring the existing ones to the latest firmware. if you have openbsd running on your boxes, you can upgrade it with like this: add packages doas pkg_add -i flashrom pciutils set hostname based on apu version and mac of em0 type=$(dmesg |grep ^bios0: |tail -1 |sed 's/.*gines //') mac=$(ifconfig em0 |awk '/lladdr/ {print $2}' |awk -F':' '{printf "%s-%s-%s\n",$4, $5, $6}') echo "${type}-${mac}" |tee /etc/myname; hostname $(cat /etc/myname) sample