Tag: OpenBSD

Use network analyzer to learn SSH session establishment

The establishment of SSH session consists of 2 parts: build up the encryption channel and authenticate user. To understand the whole flow better, I usetcpdump/Wireshark to capture and analyze the packets. Server is OpenBSD 6.1 and client is ArchLinux. The tcpdump command is like this:

sudo tcpdump -A -s 0 'net 192.168.38.176' -i enp7s0f0 -w capture.pcap

(1) Connect server first time:

1

The captured packets:

C1

We can see the client/server negotiated SSH version firstĀ (In fact, client and server sentĀ SSH version simultaneously, so please don’t misunderstand client sent first, then server responded. Use “nc 192.168.38.176 22” command to check.)

, then exchanged public key to generate secret key. The server issued “New Keys” message, and waited for client to answer.

(2) Accept server’s public key but not input password:

2

The captured packets:

C2

The first packet should be client acknowledged server’s “New Keys” message, then there are some interactions. Now the encryption channel is set up.

(3) Enter password and authenticate user:

3

The captured packets:

C3

These packets are all encrypted data. If user’s password is correct, the whole SSH session will be ready, and you can administrator server now.

Reference:
Understanding the SSH Encryption and Connection Process.

Use clang to build OpenBSD on amd64/i386

I install the newest OpenBSD 6.1, and try to build -curr kernel. But unfortunately the make reports following errors:

# make
cat /usr/src/sys/arch/amd64/amd64/genassym.cf /usr/src/sys/arch/amd64/amd64/genassym.cf |  sh /usr/src/sys/kern/genassym.sh cc -no-integrated-as -g -Werror -Wall -Wimplicit-function-declaration  -Wno-uninitialized -Wno-pointer-sign  -Wno-address-of-packed-member -Wno-constant-conversion  -Wframe-larger-than=2047 -mcmodel=kernel -mno-red-zone -mno-sse2 -mno-sse -mno-3dnow  -mno-mmx -msoft-float -fno-omit-frame-pointer -ffreestanding -fno-pie -O2 -pipe -nostdinc -I/usr/src/sys -I/usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -I/usr/src/sys/arch -DDDB -DDIAGNOSTIC -DKTRACE -DACCOUNTING -DKMEMSTATS -DPTRACE -DPOOL_DEBUG -DCRYPTO -DSYSVMSG -DSYSVSEM -DSYSVSHM -DUVM_SWAP_ENCRYPT -DFFS -DFFS2 -DFFS_SOFTUPDATES -DUFS_DIRHASH -DQUOTA -DEXT2FS -DMFS -DNFSCLIENT -DNFSSERVER -DCD9660 -DUDF -DMSDOSFS -DFIFO -DFUSE -DSOCKET_SPLICE -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE -DINET6 -DIPSEC -DPPP_BSDCOMP -DPPP_DEFLATE -DPIPEX -DMROUTING -DMPLS -DBOOT_CONFIG -DUSER_PCICONF -DAPERTURE -DMTRR -DNTFS -DHIBERNATE -DPCIVERBOSE -DUSBVERBOSE -DWSDISPLAY_COMPAT_USL -DWSDISPLAY_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS="6" -DX86EMU -DONEWIREVERBOSE -DMULTIPROCESSOR -DMAXUSERS=80 -D_KERNEL -MD -MP -MF assym.P > assym.h.tmp
cc: unrecognized option '-no-integrated-as'
cc1: error: unrecognized command line option "-Wno-address-of-packed-member"
cc1: error: unrecognized command line option "-Wno-constant-conversion"
*** Error 1 in /usr/src/sys/arch/amd64/compile/GENERIC.MP (Makefile:938 'assym.h')

From this mail, I learn that clang has been the default compiler on amd64/i386 platforms for OpenBSD, so I switch to use clang to build kernel:

# CC=clang make
.....

Now it can compile!

Configure Thunderbird to send patch friendly

Recently, I have tried outlook and web gmail to send patches to OpenBSD, but neither of them is an ideal choice. For example, the original patch is:

Index: dmesg.c
===================================================================
RCS file: /cvs/src/sbin/dmesg/dmesg.c,v
retrieving revision 1.29
diff -u -p -r1.29 dmesg.c
--- dmesg.c     1 Sep 2017 07:31:45 -0000       1.29
+++ dmesg.c     4 Sep 2017 08:55:50 -0000
@@ -65,12 +65,12 @@ main(int argc, char *argv[])
        int ch, newl, skip, i;
        char *p;
        struct msgbuf cur;
-       char *memf, *nlistf, *bufdata = NULL;
+       char *memf = NULL, *nlistf = NULL, *bufdata = NULL;
        char *allocated = NULL;
        int startupmsgs = 0;
        char buf[5];

-       memf = nlistf = NULL;
+       memset(&cur, 0, sizeof(cur));
        while ((ch = getopt(argc, argv, "sM:N:")) != -1)
                switch(ch) {
                case 's':

The actual effect of sending patch using above tools:

Index: dmesg.c
===================================================================
RCS file: /cvs/src/sbin/dmesg/dmesg.c,v
retrieving revision 1.29
diff -u -p -r1.29 dmesg.c
--- dmesg.c 1 Sep 2017 07:31:45 -0000   1.29
+++ dmesg.c 4 Sep 2017 08:55:50 -0000
@@ -65,12 +65,12 @@ main(int argc, char *argv[])
    int ch, newl, skip, i;
    char *p;
    struct msgbuf cur;
-   char *memf, *nlistf, *bufdata = NULL;
+   char *memf = NULL, *nlistf = NULL, *bufdata = NULL;
    char *allocated = NULL;
    int startupmsgs = 0;
    char buf[5];

-   memf = nlistf = NULL;
+   memset(&cur, 0, sizeof(cur));
    while ((ch = getopt(argc, argv, "sM:N:")) != -1)
    switch(ch) {
    case 's':

We can see the spaces in the left part of code are lost. After referring Completely plain email and Thunderbird (GUI), I decide to useThunderbird as the email client, but need further customization:

(1) All sent mails are plain text: “Account Settings” -> “Composition & Addressing“, untick “Compose message in HTML format“:

1

Or before sending mail: “Options” -> “Delivery Format” -> “Plain Text Only“.

(2) “Tools” -> “Options” -> “Advanced” -> “Config Editor...“:

2

Set mailnews.send_plaintext_flowed to false:

3

Now the patch format is correct.

Create a symbol link for python after installing it on OpenBSD

After installing Python on FreeBSD:

# pkg_add python
quirks-2.304 signed on 2017-04-02T15:01:33Z
Ambiguous: choose package for python
a       0: <None>
        1: python-2.7.13p0
        2: python-3.4.5p2
        3: python-3.5.2p2
        4: python-3.6.0p0
Your choice: 4

It won’t create a symbol link by default:

# python
ksh: python: not found

So for using it handily, you can create a symbol link yourself:

# cd /usr/local/bin
# ln -s python3.6 python

Customize ksh display for OpenBSD

The default shell for OpenBSD is ksh, and it looks a little monotonous:

1

To make its user-experience more friendly, I need to do some customizations:

(1) Modify the “Prompt String” to display the user name and current directory:

PS1='$USER:$PWD# '

(2) Install colorls package:

# pkg_add colorls

Use it to replace the shipped ls command:

alias ls='colorls -G'

(3) Change LSCOLORS environmental variable to make your favorite color. For example, I don’t want the directory is displayed in default blue, change it to magenta:

LSCOLORS=fxexcxdxbxegedabagacad

For detailed explanation of LSCOLORS, please refer manual of colorls:

# man colorls
......
LSCOLORS        The value of this variable describes what color to use
                     for which attribute when colors are enabled with
                     CLICOLOR.  This string is a concatenation of pairs of the
                     format fb, where f is the foreground color and b is the
                     background color.

                     The color designators are as follows:

                           a     black
                           b     red
......

This is my final modification of .profile:

......
PS1='$USER:$PWD# '
export PS1
LSCOLORS=fxexcxdxbxegedabagacad
export LSCOLORS
alias ls='colorls -G'
......

And this is the final effect:

Capture
References:
Add Color to Your Terminal;
Why doesn’t alias work in AIX (Korn shell, .profile)?;
ksh.kshrc.