All posts by Don Matteo

lebt in der Schweiz, ist System Engineer MCP bei A-Enterprise GmbH. Mitglied des UNBLOG Knowledge Network. Author und Blogger zu den Themen, Tutorials für Linux und Open Source.
Howto Tutorials (EN)

Generating a new ssh key use for Github

Home
Leave a comment

Howto deploy SSH Key authentication for Github with using VS Code Editor

After looking for an adequate solution in the word wide web, I came to the following workaround, which I describe here. I developing in VS Code on Windows 10 and don’t want to run commit and push in the Git Bash terminal again and again, especially because VS Code comes out of the box with all of the Git skills include.

Let’s get started, if you not allready have Git for Windows on your Windows 10, you have to download here.

First open Git Bash and go to directory ~/.ssh, if it’s not exist you can create in windows explorer under the users home path, or type mkdir .ssh in Git bash.

cd ~/.ssh
ssh-keygen -t rsa -b 4096 -C "your.email@domain.com"
clip < id_rsa.pub

A key pair as privat and public key are generated, a passphrase you can leave but keep the key on a safe place, the command clip copies the public key to the clipboard, which will be saved to Github account in the next step.

Go to Github and sign in with your account, open profile in the upper right corner, navigate to Settings and click SSH and GPG keys, click New SSH key, paste the public key into the key field, for title you can enter your.email@domain.com.

Now ready to go back to Git bash and enter the following commands, with option -T the host is entered in known_hosts, here you have to confirm with yes, the command git push authorized on Github by use the key in ~/.ssh/id_rsa.

cd ~/my_project
ssh -T git@github.com
git remote set-url origin git@github.com:account/my_project.git
git add -A
git commit -am "commit update"
git push

place instead of account your github account, and for my_project the name of your project you deploying.

Now open directory out from Git bash with VS Code.

$ code my_project

VS Code Editor offers git commands via the main toolbar and the icon menu.

vs code

Advanced configuration

By default ssh looks for the key in a file named id_rsa, if you want to authenticate to multiple hosts, the following directive applies in the file ~/.ssh/config

Host github.com
	HostName github.com
	User git
	IdentityFile ~/.ssh/id_rsa_github

Deploy Git on Linux Shell

If you use Linux “should be preferred” then the following command lines create a Git project directory and add README.md, further Commit and Push them.

git init
git config --global user.name "my_project"
git config --global user.email "your.email@domain.com"
touch README.md
git add .
git add README.md
git commit -m "add README"
git commit -m "Initial commit"
git push -u origin master
Howto Tutorials (EN)

FortiOS CVE-2018-13379 Advisory FG-IR-18-384

Home
Leave a comment

Allegedly, many admins did not update their FortiGate VPNs, so that attackers attack systems. The reason is the exploit code for the vulnerability (CVE-2018-13379) from 2019 that has now emerged.

Successful attacks on the SSL-VPN configured FortiOS should be made possible by sending prepared HTTP requests. Attackers could access system files and thus gain access to unencrypted access data, for example. They could then log into vulnerable VPN firewalls and compromise them.

FortiOS, which is used on FortiGate firewalls, has a total of six security holes in several versions of the Security Network operating system that affect the SSL-VPN web portal. Fortinet has published the FortiGuard Security Advisories with update notes.

FortiGuard PSIRT Advisory

Der original Textauszug:

FortiOS system file leak through SSL VPN via specially crafted HTTP resource requests

Summary

A path traversal vulnerability in the FortiOS SSL VPN web portal may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.
Impact

Information Disclosure
Affected Products
FortiOS 6.0 – 6.0.0 to 6.0.4
FortiOS 5.6 – 5.6.3 to 5.6.7
FortiOS 5.4 – 5.4.6 to 5.4.12
(other branches and versions than above are not impacted)
ONLY if the SSL VPN service (web-mode or tunnel-mode) is enabled.
Solutions

Upgrade to FortiOS 5.4.13, 5.6.8, 6.0.5 or 6.2.0 and above.

Workarounds:

As a temporary solution, the only workaround is to totally disable the SSL-VPN service (both web-mode and tunnel-mode) by applying the following CLI commands:

config vpn ssl settings
unset source-interface
end

Note that firewall policies tied to SSL VPN will need to be unset first for the above sequence to execute successfully.

As an example, when source-interface is “port1” and SSL VPN interface is “ssl.root”, the following CLI commands would be needed to ensure “unset source-interface” executes successfully:

config vpn ssl settings
config authentication-rule
purge (purge all authentication-rules)
end
end

config firewall policy
delete [policy-id] (SSL VPN policy ID(s) that srcintf is “ssl.root” and dstintf is “port1”)
end

Note that code to exploit this vulnerability in order to obtain the credentials of logged in SSL VPN users was disclosed. In absence of upgrading to the versions listed above, mitigating the impact of this exploit can be done by enabling two-factor authentication for SSL VPN users. An attacker would then not be able to use stolen credentials to impersonate SSL VPN users.