Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

RHEL > Security / Crypto > Flashcards

Security / Crypto Flashcards

1
Q

OpenSSL: Generating a private RSA key, size 2048

A

Generating a private RSA key

openssl genrsa -out key.pem 2048

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

OpenSSL: Generating a private EC key

A

openssl ecparam -name prime256v1 -genkey -noout -out key.pem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

my file encryption

A

openssl aes-256-cbc -pbkdf2 -salt -a -e -in .zshrc -out zshrc_encrypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

my file decryption

A

openssl aes-256-cbc -pbkdf2 -salt -a -d -in zshrc_encrypted -out zshrc_1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

copy file to remote via ssh

A

rsync -aPv -e “ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/gitlab_brainloop” ~/Documents/tmp.csv gludwig@10.254.40.16:/home/gludwig/tmp1.csv

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ssh: Preferred Authentications

A

~/.ssh/config -> PreferredAuthentications=publickey

ssh -o “PreferredAuthentications=password” username@example.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ssh: detect “Failed SSH login Attempts”

using ‘secure log’ files

A

egrep “Failed|Failure” /var/log/secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

ssh: Disable DNS Lookup On Remote Machine

A

/etc/ssh/sshd_config

UseDNS=no

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

ssh: how to handle “Too many authentication failures” on cli

A

ssh -i home_fedora -o IdentitiesOnly=yes gludwig@192.168.188.30

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

add new user - secured it with ssh key - disable password

A

adduser -c ‘comment’ -d /home/username -G wheel –no-user-group –shell /bin/bash username

ssh-keygen -b 4096 -t ed25519 -f keyname
ssh-keygen -l keyname

cat .ssh/id_rsa.pub | ssh sheena@192.168.0.11 ‘cat&raquo_space; .ssh/authorized_keys’
or
ssh sheena@192.168.0.11 “chmod 700 .ssh; chmod 640 .ssh/authorized_keys”
cat gcp-centos8.pub | ssh -i gcp-centos8 h19900401_gmail_com@34.76.188.251 “sudo mkdir /home/gludwig/.ssh && sudo touch /home/gludwig/.ssh/authorized_keys && sudo chmod -R go= /home/gludwig/.ssh && sudo cat&raquo_space; /home/gludwig/.ssh/authorized_keys && sudo chown gludwig:users /home/gludwig/.ssh/authorized_keys”
or
ssh-copy-id -i ~/.ssh/mykey user@host

sudo vi /etc/ssh/sshd_config
...
PasswordAuthentication no
...
sudo systemctl restart sshd
vi /etc/ssh/sshd_config
PermitRootLogin no
OR
PermitRootLogin without-password
...
systemctl restart sshd
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

check IP and DNS

A

https://ipleak.net/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

OpenSSL: Extract the public key from the key pair, which can be used in a certificate

A

openssl rsa -in key.pem -outform PEM -pubout -out public.pem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

OpenSSL: get length of rsa key

A

openssl rsa -in aws-secret.priv -text -noout | grep Private

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

OpenSSL: extract the public key from private EC key

A

openssl ec -in key.pem -pubout -out public.pem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

ssh: detect “Failed SSH login Attempts”

using ‘auth log’ file

A

grep “Failed password” /var/log/auth.log | awk ‘{print $11}’ | uniq -c | sort -nr

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

ssh: detect “Failed SSH login Attempts”

using system journal

A

journalctl _SYSTEMD_UNIT=sshd.service | egrep “Failed|Failure”

17
Q

openssl:

generate random string to be used e.g. as key

A

openssl rand -base64 20

18
Q

openssl:

create a certificate signing request

A

openssl req -new -key admin.key -subj “/CN=admin/O=system:masters” -out admin.csr

19
Q

openssl:

Self sign a csr using its own private key (e.g. creating a CA cert) that is valid for 1000 days

A

openssl x509 -req -in ca.csr -signkey ca.key -CAcreateserial -out ca.crt -days 1000

20
Q

openssl:

Sign certificate for admin user using CA servers private key that is valid for 1000 days

A

openssl x509 -req -in admin.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out admin.crt -days 1000

21
Q

openssl:

create a certificate for “gludwig.pem” from “my.key” in one go that is valid for 1000 days

A

openssl req -new -key my.key -out gludwig.pem -x509 -days 1000

22
Q 
openssl:
create a private key and a certificate in one statement:
- RSA 4096
- certificate with SHA 256
- no password
- 356 days valid
A

openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out MyCertificate.crt -keyout MyKey.key

RHEL (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions