News archive March 2007 - Koos van den Hout

Archive by year: 1999 | 2000 | 2001 | 2002 | 2003 | 2004 | 2005 | 2006 | 2007 | 2008 | 2009 | 2010 | 2011 | 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | 2018 | 2019 | 2020

2007-03-29 Configuring ssh on a Netgear GSM7224/GSM7248 switch 13 years ago
We got a new Netgear GSM7224 managed switch at work, and the procedure to learn it to use SSH is both complicated and not very well documented with Netgear, and it is not something you do every week, so I decided to take notes and document the whole procedure.

The switch I was setting up is named ics-04 so you will see a prompt

(ics-04) >
or in privileged exec mode (usual)
(ics-04) #
First, on another machine, generate ssh server keys, in a directory that can be read by the tftp server, and make sure the tftp server can read them all.
root@athena:/tftpboot/netgear# ssh-keygen -f netgear-ics-04-dsa.key -t dsa -N '' -C ics-04
Generating public/private dsa key pair.
Your identification has been saved in netgear-ics-04-dsa.key.
Your public key has been saved in netgear-ics-04-dsa.key.pub.
The key fingerprint is:
72:79:43:31:3c:42:cd:3a:29:e4:54:96:50:02:af:4b ics-04

root@athena:/tftpboot/netgear# ssh-keygen -f netgear-ics-04-rsa.key -t rsa -N '' -C ics-04
Generating public/private rsa key pair.
Your identification has been saved in netgear-ics-04-rsa.key.
Your public key has been saved in netgear-ics-04-rsa.key.pub.
The key fingerprint is:
b4:e9:fa:24:40:86:57:24:8d:6a:fe:ee:0c:46:20:33 ics-04

root@athena:/tftpboot/netgear# ssh-keygen -f netgear-ics-04-rsa1.key -t rsa1 -N '' -C ics-04
Generating public/private rsa1 key pair.
Your identification has been saved in netgear-ics-04-rsa1.key.
Your public key has been saved in netgear-ics-04-rsa1.key.pub.
The key fingerprint is:
8e:25:9e:84:cf:5d:d3:38:2a:a7:05:89:82:e9:0f:c0 ics-04

root@athena:/tftpboot/netgear# chmod a+r netgear-ics-04-*
Now log in to the switch (serial console or telnet) and install the keys:
(ics-04) #copy tftp://131.211.80.9/netgear/netgear-ics-04-dsa.key nvram:sshkey-dsa

Mode........................................... TFTP
Set TFTP Server IP............................. 131.211.80.9
TFTP Path......................................
TFTP Filename.................................. netgear-ics-04-dsa.key
Data Type...................................... SSH DSA key

Management access will be blocked for the duration of the transfer
Are you sure you want to start? (y/n) y

TFTP SSH key receive complete... updating key file...


Key file transfer operation completed succesfully

(ics-04) #copy tftp://131.211.80.9/netgear/netgear-ics-04-rsa1.key nvram:sshkey-rsa1

Mode........................................... TFTP
Set TFTP Server IP............................. 131.211.80.9
TFTP Path......................................
TFTP Filename.................................. netgear-ics-04-rsa1.key
Data Type...................................... SSH RSA1 key

Management access will be blocked for the duration of the transfer
Are you sure you want to start? (y/n) y

TFTP SSH key receive complete... updating key file...


Key file transfer operation completed succesfully

(ics-04) #copy tftp://131.211.80.9/netgear/netgear-ics-04-rsa.key nvram:sshkey-rsa2

Mode........................................... TFTP
Set TFTP Server IP............................. 131.211.80.9
TFTP Path......................................
TFTP Filename.................................. netgear-ics-04-rsa.key
Data Type...................................... SSH RSA2 key

Management access will be blocked for the duration of the transfer
Are you sure you want to start? (y/n) y

TFTP SSH key receive complete... updating key file...


Key file transfer operation completed succesfully
Now, enable ssh:
(ics-04) #ip ssh

Optional, only allow SSH 2 protocol
(ics-04) #ip ssh protocol 2

Optional, set the ssh login session timeout
(ics-04) #sshcon timeout 120

Review the config
(ics-04) #show ip ssh

SSH Configuration

Administrative Mode: .......................... Enabled
Protocol Levels: .............................. Version 2
SSH Sessions Currently Active: ................ 0
Max SSH Sessions Allowed: ..................... 5
SSH Timeout: .................................. 120

Test the new ssh config:
$ ssh admin@ics-04
Warning: Permanently added 'ics-04,xxx.xxx.xxxx' (RSA) to the list of known hosts.
admin@ics-04's password:

(ics-04) >
Finally, disabling telnet after testing ssh connectivity:
(ics-04) #configure

(ics-04) (Config)#lineconfig

(ics-04) (Line)#session-limit 0

(ics-04) (Line)#no transport input telnet

(ics-04) (Line)#exit

(ics-04) (Config)#exit

Saving your hard work:
(ics-04) #copy system:running-config nvram:startup-config

This operation may take a few minutes.
Management interfaces will not be available during this time.

Are you sure you want to save? (y/n) y

Configuration Saved!

And now the switch uses secure logins via ssh. Yes, logins start slow, especially on the GSM7224, there is not a lot of cpu capacity available. That is why you have to generate the keys on a different machine.

Tags: , , ,
2007-03-27 (#) 13 years ago
Wardriving results 16 - 27 March: 566 new networks with GPS locations. My WiGLE rank is back at position 29 where I will probably stay for a while. No serious wardriving-tours, just a few detours through areas I visited before, where I score quite a number of new networks.

Tags: ,
2007-03-20 (#) 13 years ago
Nice newsbit: Aussies fuming over 'frozen' LG digitals TVs.. digital content making the software in certain digital receivers from LG freeze up. When a digital bitstream (data) can make the decoding software freeze, it means (to me) the decoding software has not enough separation of data and code. Things like table-lookups running out of space can make this happen.

Tags: ,
2007-03-19 (#) 13 years ago
I rescued a dds-3 tapedrive from a server at work that was being thrown out, and added it to the home server gosper. I did a bit of reading first whether amanda would support two tape drives as a virtual changer and indeed it does. Configured it after reading the docs, and did a test run. It just works, and I really like this in open source software. This will save me on runs to the attic where the server lives. I updated the Building - and maintaining - a new home server with this bit and did a general cleanup of the timeline (for as far as I could remember stuff... I still have no idea when I did the memory upgrades).

Tags: ,
2007-03-15 (#) 13 years ago
Wardriving results 10 - 15 March: 1522 new networks with GPS locations according to WiGLE. Although I am sure I located networks previously seen at wigle but where I was the first one to find the location since my Total New Discovered Networks with GPS counter went up more than this count of 1522. My rank in the WiGLE stats shot up to position 28. I cycled through Houten today which got me a nice score of new networks.

Tags: ,
2007-03-15 (#) 13 years ago
I passed the 50000 new networks with gps mark at WiGLE this morning. A personal milestone! I knew I was close, so I took a detour through the area around the Catharijnesignel in Utrecht to get those extra networks.

Tags: ,
2007-03-12 (#) 13 years ago
War-flying .. yet another way of wardriving. Fun stuff. I'd like to do a war-flying sweep of the city of Utrecht one day.. but haven't met someone with an airplane yet who I dare ask about this crazy idea. Found via the wigle forums: warflying with kismet. The warning about not transmitting is because the big antenna was indeed quite close to the head of the person operating the laptop (hobby airplanes are small inside). I haven't had much time for wardriving, and I am back at 30th place in the wigle ranks because someone else uploaded a load of new points.

Tags: ,
2007-03-09 (#) 13 years ago
This morning the gps unit functioned better, it was still running when I arrived at work without weird control scripts. I had to take the most direct route to work because of an early meeting, so no detours. According to WiGLE 11 new networks with GPS locations and 1 without GPS location, although I see no missing location data in the logfile. I am back at 29th rank in wigle...

Tags: ,
2007-03-08 (#) 13 years ago
The gps usb cable started going more and more flaky, which resulted in more networks found without location data.. which does not improve my score. Today I stopped twice on my way home to restart kismet so it synchronized with the gps again. Still, I scored 99 new networks today without gps locations, and 51 new networks with gps locations. I decided to modify an old usb cable together with an old keyboard extension cable to power the gps (power from the usb connector, data to serial) so I could revert to getting data in via the good old serial port. I considered soldering the keyboard cable to the mainboard but the service manual for this laptop makes this look like a very complicated thing to do.

Tags: , ,
2007-03-07 (#) 13 years ago
I am quite sure I found the source of the interesting network I wrote about yesterday. I mapped the found networks and suddenly connected these to the local big grocery shop: Albert Heijn which uses a wifi-based (although the name 'radiolan' is on all the devices) checkout system. One google search later gives an article confirming this theory: A system designed to dramatically accelerate the check-out process and improve the customer shopping experience has been co-developed by Albert Heijn, Europe's largest grocery market chain, and TNO Product Center, a leading Dutch engineering design firm and Symbol Technologies.. Time to look whether the mac addresses on the devices look like the symbol technologies addresses I saw.

Tags: ,
2007-03-07 (#) 13 years ago
Sometimes you run into a very oooh, shiny! subject when looking for something else. I visited David Taylor's pages looking for his writeup of FreeBSD NTP server with an external GPS mainly to 'compare notes' with my own FreeBSD ntpd PPS setup (PPS slave) writeup. No surprises there, but one click led to the other, when I found out that David Taylor is also interested in receiving weather information and dove into that. He has a nice overview of his experiments in weather satellite receiving and decoding and I found out about EUMETCast data where you can receive weather satellite images via a satellite dish. Which uses a 'data' PID on a transponder, which is implemented as multicast data streams. Several personal interests for me and work-related stuff comes together in this. It's good to know this exists, but I won't be running out to buy a satellite weather map receiver now.

Tags: , , ,
2007-03-06 (#) 13 years ago
I am seeing an interesting thing on my simple wardrive trips in the city of Utrecht: tens of access-points all having ssid 8BEA7F84. Maybe a mesh network or some other project. Google searches showed nothing yet. I did find out (using the mac addresses) that all the access-points are made by 'Symbol Technologies', who indeed offer mesh networks. Any idea? Please let me know.

Tags: ,
2007-03-04 (#) 13 years ago
Wardriving results 27 February - 3 March : 429 new networks with GPS locations. Back at position 30 again in the WiGLE stats.

Tags: ,


, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: morenews.cgi,v 1.46 2019/10/20 15:42:02 koos Exp $ in 0.023908 seconds.