Tips'n'tricks

SSH - Signing Files

OpenBSD

Signing Files with SSH 8.0

unsigned file

$ cat hosts
127.0.0.1 localhost
::1   localhost

1.2.3.4         egal

sign

$ ssh-keygen -Y sign -f id_rsa -n file hosts
Signing file hosts
Write signature to hosts.sig

signed file

$ cat hosts.sig
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBALJB+O4WCOM7V56H1xigpd
uJem52Izwltl2cG9GQOO94HClebcr7C5aD24iI4wDcT9Ajv5/fu9cDVEXku83I/U0blUZe
oMd8qCIH+4O+RVYyCvKFyEkcZ6n+RRH1G5EgcP0UXtmo4J3p8Hyo/6jtPA/r28+idi84A6
7yW1cmC5GpIw24Vr5aqA3e3rCJdFBZThzsTrwu/DHzIueQstEQdldycUit4X9UPBaCVnov
+nhyijO9b8adzkTMxjcJAl65fdLUmwuJ5h3z0owdKOmrcNlbWxqTIuGU0in25ZDQVxLssc
WI8oW7vR5F7+cXSV7fYliTG/XPsCkD1KpWc/xSOr35bALRQpxD1+T48mrbKToZuzu4hage
cUSOvRI3R0hKIvcXYyf2SQoBfLNlpvl5CRcatlw2fMhFQPrVz0Bh543chEFsF4nxKQw8yq
riJbqkvhW8tzKCnMA7vyTRxey6uSDJrw0YchXIJdprNUlgM1t+z9J3AwC4ugpvhgVd6H0v
9QAAAAxob3N0cy5zaWduZWQAAAAAAAAABnNoYTUxMgAAAZQAAAAMcnNhLXNoYTItNTEyAA
ABgAB9zAZStPsSvPIBh66lAgGLE/JWPk0voZjTUz9pO5wl81aM6Kn1clY9n4jysEkiQ0xy
yy/tWgFzKi10mVfh/SJ34L2Mdo8t+vBnha1KNlkFwXZl+GXiCLlVl+ei6xpRfp9knheoIh
LyEHoxgkuI6lO0c8pi4ymNnrlfvkg9SvvZfSdXWUMfTWHDlHvFIGqMg3BWQu7ylTEgQVDF
obpqDInU3hkisfsywQRQh6KVVe8eSUc0qVH/FSSLoG8X/IX9Vh3g4tT/2FJPrE4k464yie
GdnLkp5edcnnE+jjoSQroMs52QWy2a3XXZC5KTaDL6w4mcry1RpavhXb5aJQ7o0852Pkc9
wDkwX/11JZhMmxNZbDlg+tHsWy12KUubKAxAjJ1HUFXMjTFI6HMu8WyU989e3dOTt/bL3W
l7sDo5P8SGv3/6+tJxugz9shz8WaN9Xz6Oh2AfCM6+IROXaeUgWMXtDmGS5bUZxUOSxHa1
ww7wzYR0NKXuOk3IeJMSQ2f97g==
-----END SSH SIGNATURE-----

verify file

allowed signers

$ cat /etc/allowed_signers
[email protected] ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyQfjuFgjjO1eeh9cYoKXbiXpudiM8JbZdnBvRkDjveBwpXm3K+wuWg9uIiOMA3E/QI7+f37vXA1RF5LvNyP1NG5VGXqDHfKgiB/uDvkVWMgryhchJHGep/kUR9RuRIHD9FF7ZqOCd6fB8qP+o7TwP69vPonYvOAOu8ltXJguRqSMNuFa+WqgN3t6wiXRQWU4c7E68Lvwx8yLnkLLREHZXcnFIreF/VDwWglZ6L/p4coozvW/Gnc5EzMY3CQJeuX3S1JsLieYd89KMHSjpq3DZW1sakyLhlNIp9uWQ0FcS7LHFiPKFu70eRe/nF0le32JYkxv1z7ApA9SqVnP8Ujq9+WwC0UKcQ9fk+PJq2yk6Gbs7uIWoHnFEjr0SN0dISiL3F2Mn9kkKAXyzZab5eQkXGrZcNnzIRUD61c9AYeeN3IRBbBeJ8SkMPMqq4iW6pL4VvLcygpzAO78k0cXsurkgya8NGHIVyCXaazVJYDNbfs/SdwMAuLoKb4YFXeh9L/U=

verify

Git Clear your History

Linux

Clear History

have you ever checked in some binarys, confidential stuff or something else by mistake ? Git will keep all your history, that’s their design and purpose.

how ever, if you need to cleanup once, here is a short tutorial.

Kill Git Config

cd myrepo
cat .git/config -> note down the url
url=$(git config --get remote.origin.url)
rm -rf .git

Create New Repo

git init
git add .
git commit -m "Removed history, ..."

Push Remote

git remote add origin git@host/yourrepo  <- URL you noted down above
git remote add origin $url
git push -u --force origin master

All in One

_url=$(git remote -v |awk '/fetch/ { print $2 }')
rm -rf .git
git init
git add .
git commit -m "Removed history ..."
git remote add origin ${_url}
git push -u --force origin main
unset _url

and you’re done :)

Git

OpenBSD, System

Some Git Commands

Customizing Git

Switch from “Master” to Main globally

git config --global init.defaultBranch main

Merge two Repos “merge unrelated histories”

git pull origin master --allow-unrelated-histories
git push
git pull

add local Folder and Push to Upstream

echo "# test" >> README.md
git init
git config init.defaultBranch main
git add README.md
git commit -m "first commit"
git branch -M main
git remote add origin [email protected]:stoege/test.git
git push -u origin main

Find deleted file, sort uniq

git log --all --pretty=format: --name-only --diff-filter=D | sort -u
bla
bla.yml
doit.sh
files.conf.j2
...

Find deleted File

git log --diff-filter=D --summary

commit abcecadce91af3814662fa6a04d0f12e361f0574
Date:   Sun May 31 23:19:59 2020 +0200

    update

 delete mode 100644 master/sed.tcpdump

commit 81ae58d70c27d02eb2f65beed4fe0b571073f087
Date:   Fri May 29 16:06:14 2020 +0200

    update

Restore deleted File

git checkout 81ae58d70c27d02eb2f65beed4fe0b571073f087 sed.tcpdump

Remove Sensitive Data

git filter-branch --force --index-filter \
'git rm --cached --ignore-unmatch .geheimesfile' \
--prune-empty --tag-name-filter cat -- --all

git push origin --force --all

git push origin --force --tags

Remove last Commit

will remove the last Commit from your current branch

Puffy Spezial

OpenBSD

Tips, Trick, Notes and Snippets around OpenBSD

Get Interfaces

ifconfig | awk '/^[^\t]/{iface=$1} /inet6? / {print iface, $2}' 

lo0: ::1
lo0: fe80::1%lo0
lo0: 127.0.0.1
vio0: fe80::9400:2ff:fe16:5a70%vio0
vio0: 2a01:4f8:c0c:fff7::2
vio0: 159.69.214.12

Adding Static Default GW

man route

route add -inet  default 192.168.1.1
route add -inet6 default 2001:db8:efef::1

Use Puffy as Jumphost

Redirect incomming Traffic from a certain Source and also NAT the Outgoing Traffic so we remain in the “Line” ;)

# Apply SNAT for outgoing Traffic
match out log       on em0    inet            from !(egress)        to IP_OF_TARGET_HOST  nat-to (egress)

# Forward Port 22 to another (hidden) Host via DNAT
pass  in  log quick on egress inet  proto tcp from SRC_IP_OF_HOST   to egress port 22    rdr-to IP_OF_TARGET_HOST   port 22
pass  in  log quick on egress inet  proto tcp from SRC_NET/MASK     to egress port 22    rdr-to IP_OF_TARGET_HOST   port 22

Debug OpenSMTPD

doas rcctl stop smtpd
doas smtpd -dv -Tall

tty0 to fb0 on ARM

you may need to redirect tty0 on arm64 boxes