This commit is contained in:
Bandie 2018-03-29 00:58:36 +02:00
parent ae3043b1de
commit 600524809c
Signed by: Bandie
GPG Key ID: C1E133BC65A822DD
9 changed files with 39 additions and 40 deletions

View File

@ -1,28 +1,28 @@
#!/bin/bash
## Server private key
echo -n "Where to save your server's key file? ($PWD/ding_server.key): "
echo -n "Where to save your server's key file? ($PWD/dingd.key): "
read temp
if [ -n "$temp" ]
then
save=$temp
else
save="$PWD/ding_server.key"
save="$PWD/dingd.key"
fi
key=$save
openssl genrsa -out $save 4096
## CSR
echo -n "Where to save your Certificate Signing Request (CSR)? ($PWD/ding_server.csr): "
echo -n "Where to save your Certificate Signing Request (CSR)? ($PWD/dingd.csr): "
read temp
if [ -n "$temp" ]
then
save=$temp
else
save="$PWD/ding_server.csr"
save="$PWD/dingd.csr"
fi
csr=$save
echo -e "\033[01;33mPlease enter some information. THEY MUST BE DIFFERENT FROM THE CA's INFORMATION.\033[00m"
@ -50,14 +50,14 @@ else
loadCAkey="$PWD/CA.key"
fi
echo -n "Where to save your signed server certificate? ($PWD/ding_server.crt): "
echo -n "Where to save your signed server certificate? ($PWD/dingd.crt): "
read temp
if [ -n "$temp" ]
then
save=$temp
else
save="$PWD/ding_server.crt"
save="$PWD/dingd.crt"
fi
echo -n "How many days should the certificate be valid? (365): "

View File

@ -1,28 +1,28 @@
#!/bin/bash
## Server private key
echo -n "Where to save your client's key file? ($PWD/ding_client.key): "
echo -n "Where to save your client's key file? ($PWD/ding.key): "
read temp
if [ -n "$temp" ]
then
save=$temp
else
save="$PWD/ding_client.key"
save="$PWD/ding.key"
fi
key=$save
openssl genrsa -out $save 4096
## CSR
echo -n "Where to save your Certificate Signing Request (CSR)? ($PWD/ding_client.csr): "
echo -n "Where to save your Certificate Signing Request (CSR)? ($PWD/ding.csr): "
read temp
if [ -n "$temp" ]
then
save=$temp
else
save="$PWD/ding_client.csr"
save="$PWD/ding.csr"
fi
csr=$save
echo -e "\033[01;33mPlease enter some information. THEY MUST BE DIFFERENT FROM THE CA's AND SERVER's INFORMATION.\033[00m"
@ -50,14 +50,14 @@ else
loadCAkey="$PWD/CA.key"
fi
echo -n "Where to save your signed client certificate? ($PWD/ding_client.crt): "
echo -n "Where to save your signed client certificate? ($PWD/ding.crt): "
read temp
if [ -n "$temp" ]
then
save=$temp
else
save="$PWD/ding_client.crt"
save="$PWD/ding.crt"
fi
echo -n "How many days should the certificate be valid? (365): "

View File

@ -28,12 +28,12 @@ Step 1 to 3 can only be run on UNIX or GNU/Linux.
1. Run `./1_generateCA.sh` to generate a CA.
2. Run `./2_generateServCert.sh` to generate a signed Server Certificate.
3. Run `./3_generateClientCert.sh` to generate a signed Client Certificate.
4. Move `ding_client`, `ding_client.cfg`, `ding_client.crt`, `ding_client.key` and `CA.crt` to the computer which should be able to send commands to the server.
* UNIX or GNU/Linux: Also move `ding_client.cfg` to that computer.
* Windows: Also move `ding_client.win.cfg` to that computer.
5. Do some configuration on the server and client (`ding_server.cfg`, `ding_client.cfg` or `ding_server.win.cfg`, `ding_client.win.cfg` on Windows).
6. Start the server using `./ding_server` or `python .\ding_server` on Windows. (You may want to put this in a tmux session. [Ctrl+B, D] ;) ).
7. Try out the client using `./ding_client <command>` òr `python .\ding_client <command>` on Windows.
4. Move `ding`, `ding.cfg`, `ding.crt`, `ding.key` and `CA.crt` to the computer which should be able to send commands to the server.
* UNIX or GNU/Linux: Also move `ding.cfg` to that computer.
* Windows: Also move `ding.win.cfg` to that computer.
5. Do some configuration on the server and client (`dingd.cfg`, `ding.cfg` or `dingd.win.cfg`, `ding.win.cfg` on Windows).
6. Start the server using `./dingd` or `python .\dingd` on Windows. (You may want to put this in a tmux session. [Ctrl+B, D] ;) ).
7. Try out the client using `./ding <command>` òr `python .\ding <command>` on Windows.
## Optional: Cleartext password with timeout
@ -45,9 +45,9 @@ You might want to do something like `$ history -c` after sending the password vi
### How to enable the password
1. Open your `ding_server.cfg` or `ding_server.win.cfg`.
1. Open your `dingd.cfg` or `dingd.win.cfg`.
2. Set `pw_on=true`.
3. Set a password, like `password=abc def`.
4. Set a password timeout: `pwtimeout=10` for 10 seconds.
If you have a password with special characters as in spaces and the like, you may want to use quotation marks around your password. `./ding_client "abc def"` or `python .\ding_client "abc def"` on Windows.
If you have a password with special characters as in spaces and the like, you may want to use quotation marks around your password. `./ding "abc def"` or `python .\ding "abc def"` on Windows.

View File

@ -13,9 +13,9 @@ exitcode = 1
def readConfig():
if(os.name == 'nt'):
CONFIG = "ding_client.win.cfg"
CONFIG = "ding.win.cfg"
else:
CONFIG = "ding_client.cfg"
CONFIG = "ding.cfg"
cfg = configparser.SafeConfigParser()
try:
@ -30,7 +30,7 @@ def readConfig():
certfile = cfg.get("Client", "certfile")
keyfile = cfg.get("Client", "keyfile")
except configparser.NoSectionError:
print("No suitable config found. Expecting some config in", CONFIG)
print("No suitable config found. Expecting some config in", CONFIG, file=sys.stderr)
quit(3)
@ -47,10 +47,10 @@ def send(conn, cmd):
print("Error. Server said: The command isn't set on the server.", file=sys.stderr)
exitcode = 1
elif(buf == b"ERR CMD_ERR"):
print("Error. Server said: The command doesn't work because the file doesn't exist on the server.")
print("Error. Server said: The command doesn't work because the file doesn't exist on the server.", file=sys.stderr)
exitcode = 2
elif(buf == b"ERR PW"):
print("Error. Password required. The password was wrong.")
print("Error. Password required. The password was wrong.", file=sys.stderr)
exitcode = 4
elif(b"OK PW" in buf):
bufr=str(buf.decode('utf-8'))

View File

@ -5,6 +5,6 @@ port=13573
cafile=CA.crt
#Client Certificate/key signed by the CA above
certfile=ding_client.crt
keyfile=ding_client.key
certfile=ding.crt
keyfile=ding.key

View File

@ -5,6 +5,6 @@ port=13573
cafile=CA.crt
#Client Certificate/key signed by the CA above
certfile=ding_client.crt
keyfile=ding_client.key
certfile=ding.crt
keyfile=ding.key

View File

@ -3,7 +3,7 @@
# Author: Bandie Canis
# License: 2-Clause BSD license
import ssl, socket, subprocess, time, os
import ssl, socket, subprocess, time, os, sys
import configparser
@ -104,9 +104,9 @@ def init():
global CONFIG, host, port, cafile, certfile, keyfile, pw_on, password, pwtimeout, tmppw_on, context, bindsocket
if(os.name == 'nt'):
CONFIG = "ding_server.win.cfg"
CONFIG = "dingd.win.cfg"
else:
CONFIG = "ding_server.cfg"
CONFIG = "dingd.cfg"
cfg = configparser.SafeConfigParser()
cfg.read(CONFIG)
@ -125,11 +125,10 @@ def init():
else:
pw_on = False
tmppw_on=pw_on
except configparser.NoOptionError as e:
print("Error in configuration file:", e)
except configparser.NoSectionError as e:
print("Error in configuration file:", e, file=sys.stderr)
quit(1)
try:
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile=cafile)
context.load_cert_chain(certfile=certfile, keyfile=keyfile)
@ -156,7 +155,7 @@ def init():
print("Error: Can't bind for port number ", port, ". Permission denied.", sep="")
quit(1)
print("Running ding server on ", host, ":", port,
print("Running dingd on ", host, ":", port,
"\nConfig: ", CONFIG,
"\nCAFile: ", cafile,
"\nCertfile: ", certfile,

View File

@ -7,10 +7,10 @@ port=13573
cafile=CA.crt
# Server's certificate [signed by the CA above]
certfile=ding_server.crt
certfile=dingd.crt
# Server's private key
keyfile=ding_server.key
keyfile=dingd.key
## Optional cleartext password
# To unlock the commands you need to send the password before sending the command.

View File

@ -7,10 +7,10 @@ port=13573
cafile=CA.crt
# Server's certificate [signed by the CA above]
certfile=ding_server.crt
certfile=dingd.crt
# Server's private key
keyfile=ding_server.key
keyfile=dingd.key
## Optional cleartext password
# To unlock the commands you need to send the password before sending the command.