ubuntu


Compiling the latest version of YubiKey Personalization Tool on Ubuntu 18.04 LTS

Recently, we were got our hands on some YubiKeys, and we decided to use them to create a Two Factor Authentication System (2FA) for the fun of it! We had at our disposal an updated Ubuntu 18.04 LTS so we installed the personalization tools from the official repositories in order to modify the behavior and configure the YubiKeys.

To our disappointment, when we used ykpersonalize and yubikey-personalization-gui we would get an error that the firmware of the YubiKey was unknown…
At the time, the installation packages from the official Ubuntu repositories had version 3.1.24 for the application version and 1.18.0 for the library version.

We noticed that on the YubiKey Personalization Tools page there were newer versions of both the application and the library. Specifically at the time the Application version was 3.1.26 and the Library Version was 1.19.0. Since both were newer than the versions in the repositories we decided to build them and see if they work right with our YubiKeys.

The instructions in the respective installers, were not 100% complete and the installations failed by blindly following them. To actually make the installations work, we installed the following dependencies and tools before compiling:

sudo apt update -y;
sudo apt upgrade -y;
sudo apt install build-essential -y;
sudo apt-get install pkg-config git autoconf libtool asciidoc-base -y;

After installing the above packages the rest of the installation went smoothly.

Installing the command line tools and the library

cd ~; # or any other folder of your choice
sudo apt-get install libykpers-1-dev libyubikey-dev libusb-1.0-0-dev libjson-c-dev -y;
git clone https://github.com/Yubico/yubikey-personalization.git;
cd yubikey-personalization;
autoreconf --install;
./configure;
sudo make check install;

Installing the Qt based Cross-Platform YubiKey Personalization Tool

cd ~; # or any other folder of your choice
sudo apt-get install qt4-qmake libqt4-dev -y;
git clone https://github.com/Yubico/yubikey-personalization-gui.git;
cd yubikey-personalization-gui;
qmake && make;

Advertisements

Install Gnome Boxes on Kali Linux

Our solution in getting Gnome Boxes to work on Kali Linux (which is a Debian-derived Linux distribution just like Ubuntu) is the following:

First install Gnome Boxes along with all needed virtualization software:

sudo apt-get install -y gnome-boxes qemu-kvm libvirt0 virt-manager bridge-utils;

Then, edit the file /etc/libvirt/qemu.conf to uncomment the following line:

#user = "root"

Finally, restart the host machine and your Gnome Boxes will be ready to use.

Long story

Recently, we were setting up a Kali Linux machine and one of the requirements was to add virtualization support so that the user could execute virtual machines doing.. other stuff. We started by installing gnome-boxes only (hoping that would be enough)

sudo apt-get install -y gnome-boxes;

.. but we got an error:

Boxes cannot access the virtualization backend

Apparently, installing gnome-boxes only, the dependency system did not automatically assume we would need to install an engine to handle the virtual machines, so we had to install the following as well:

sudo apt-get install -y qemu-kvm libvirt0 virt-manager bridge-utils;

After the installation, we tried  to create a new virtual machine but it would fail when we tried to start it. After looking into the logs we found the following useful information:

State: GVIR_DOMAIN_STATE_SHUTOFF

It seems that our user (even if it was root) could not start the QEMU process. To fix this issue we had to modify the file /etc/libvirt/qemu.conf and uncomment the following line:

#user = "root"

from this section

# The user for QEMU processes run by the system instance. It can be
# specified as a user name or as a user id. The qemu driver will try to
# parse this value first as a name and then, if the name doesn't exist,
# as a user id.
#
# Since a sequence of digits is a valid user name, a leading plus sign
# can be used to ensure that a user id will not be interpreted as a user
# name.
#
# Some examples of valid values are:
#
# user = "qemu" # A user named "qemu"
# user = "+0" # Super user (uid=0)
# user = "100" # A user named "100" or a user with uid=100
#
#user = "root"

# The group for QEMU processes run by the system instance. It can be
# specified in a similar way to user.
#group = "root"

After doing this change and restarting the host machine we were able to start and use any virtual machine in Gnome Boxes.

Extra information

In this case, we were using Kali Linux, where people usually operate it using the root account only.
On other installations, like on an Ubuntu installation you would need to handle differently the last step that requires you to edit the /etc/libvirt/qemu.conf file.

Specifically, the best way to handle this issue on a multi-user environment (like Ubuntu) would be to replace the following line:

#group = "root"

with this

group = "kvm"

and then add yourself to the kvm group before restarting the host machine

sudo usermod -a -G kvm $USER;

Doing so, it allows you to enable access to the virtualization services to multiple users of you choice instead of limiting it to one account.


Using TeamViewer tar package on Ubuntu

Recently, we needed to start TeamViewer on an Ubuntu GNU/Linux machine where we did not want to install it.
To do so, we used the 64bit tar package from the TeamViewer Linux download page.

After downloading the package and extracting its content, we realised that we could not start TeamViewer (./teamviewer) as is.
In order to troubleshoot, we used a terminal and executed the check libraries functionality (./tv-setup checklibs;) from the archive folder that gave us some missing dependencies:

./tv-setup checklibs

    -=-   TeamViewer tar.xz check   -=-     

  In order to use the tar.xz version of TeamViewer,
  you have to make sure that the necessary libraries are installed.

    Writing raw output to /home/xeirwn/Downloads/teamviewer_13.1.3026_amd64/teamviewer/logfiles/DependencyCheck.log

 Analyzing dependencies ...           
    libQt5Core.so.5 => not found
    libQt5DBus.so.5 => not found
    libQt5Gui.so.5 => not found
    libQt5Network.so.5 => not found
    libQt5Qml.so.5 => not found
    libQt5Quick.so.5 => not found
    libQt5WebKit.so.5 => not found
    libQt5WebKitWidgets.so.5 => not found
    libQt5Widgets.so.5 => not found
    libQt5X11Extras.so.5 => not found

    The libraries listed above seem to be missing.
    Please find and install the corresponding packages.
    Then, run this command again.

    QtQuickControls seems to be missing

    The following command may be helpful:
      apt-get install libdbus-1-3 libqt5gui5 libqt5widgets5 libqt5qml5 libqt5quick5 libqt5webkit5 libqt5x11extras5 qml-module-qtquick2 qml-module-qtquick-controls qml-module-qtquick-dialogs qml-module-qtquick-window2 qml-module-qtquick-layouts;

Solution: Following the instructions we executed the following:

sudo apt-get install libdbus-1-3 libqt5gui5 libqt5widgets5 libqt5qml5 libqt5quick5 libqt5webkit5 libqt5x11extras5 qml-module-qtquick2 qml-module-qtquick-controls qml-module-qtquick-dialogs qml-module-qtquick-window2 qml-module-qtquick-layouts;

After the installation of the libraries, we executed once more the check libraries functionality (./tv-setup checklibs;)  where we got the message that everything seem to be OK.

 ./tv-setup checklibs

    -=-   TeamViewer tar.xz check   -=-     

  In order to use the tar.xz version of TeamViewer,
  you have to make sure that the necessary libraries are installed.

    Writing raw output to /home/xeirwn/Downloads/teamviewer_13.1.3026_amd64/teamviewer/logfiles/DependencyCheck.log

 Analyzing dependencies ...           

    All library dependencies (*.so) seem to be satisfied!

    QtQuickControls seems to be installed

Trying to start the (./teamviewer)  application did not gave an error but it would not start again.
It appeared that there was a service running which would not allow the GUI to show up.
To avoid too much fuss, we restarted the machine and tried (./teamviewer)  once more, this time with success.
So after installing the libraries and restarting the machine, we were able to start TeamViewer on our Ubuntu machine without installing it.


Ubuntu: install / start/stop enable/disable ssh server 1

OpenSSH is a freely available version of the Secure Shell (SSH) protocol family of tools for remotely controlling, or transferring files between, computers.

Install SSH server

To install the openssh-server on an Ubuntu, you need execute the following command as root or using sudo:

apt-get install openssh-server -y;

Disable SSH server

To disable the ssh service, execute the following command as root or using sudo:

systemctl disable ssh;

Enable SSH server

To enable the ssh service, execute the following command as root or using sudo:

systemctl enable ssh;

Stop SSH server

To stop (or deactivate) the ssh service, execute the following command as root or using sudo:

systemctl stop ssh;

Start SSH server

To start (or activate) the ssh service, execute the following command as root or using sudo:

systemctl start ssh;

Status of SSH server

To check the status of the ssh service, execute the following command as root or using sudo:

systemctl status ssh;

CONCEPTS

In a nutshell:

  • enabled is a service that is configured to start when the system boots
  • disabled is a service that is configured to not start when the system boots
  • active is a service that is currently running
  • inactive is a service that is currently stopped and may be disabled, but it can be started and become active

In much more detail:

systemd provides a dependency system between various entities called “units” of 12 different types. Units encapsulate various objects that are relevant for system boot-up and maintenance. The majority of units are configured in unit configuration files, whose syntax and basic set of options is described in systemd.unit(5), however some are created automatically from other configuration, dynamically from system state or programmatically at runtime. Units may be “active” (meaning started, bound, plugged in, …, depending on the unit type, see below), or “inactive” (meaning stopped, unbound, unplugged, …), as well as in the process of being activated or deactivated, i.e. between the two states (these states are called “activating”, “deactivating”). A special “failed” state is available as well, which is very similar to “inactive” and is entered when the service failed in some way (process returned error code on exit, or crashed, or an operation timed out). If this state is entered, the cause will be logged, for later reference. Note that the various unit types may have a number of additional substates, which are mapped to the five generalized unit states described here.
— From man systemd

 


Ubuntu SSHD listen to multiple ports

Recently, we’ve setup an Ubuntu server behind CloudFlare that needed to listen for SSH connections.
Unfortunately, CloudFlare does not allow connections to the default SSH port which is 22.
So, to achieve what it was needed we either had to change the port that the SSH service was listening to or add an additional port.
We decided to go with the option of listening to multiple ports for SSH connections, this way users that were also behind the CloudFlare CDN could still continue to use their SSH clients without being forced to define the connection port manually.

The port listening setting is available in /etc/ssh/sshd_config, using sudo we edited the file with a text editor and searched for the following lines:

# What ports, IPs and protocols we listen for
Port 22

Right after the line that contains Port 22, we added another line for the new port (to see the list of all available open ports on CloudFlare, check this post)

And the file became as follows:

# What ports, IPs and protocols we listen for
Port 22
Port 2053

Afterwards, we restarted the SSHD service to apply the changes by executing the following command by using sudo:

systemctl restart ssh;