SSH to Raspberry Pi with same IP but interchangeable OS? - security

I have a Raspberry Pi which I run with two different Operating Systems by booting up with different SD cards. This RPi has a static internal IP address (and the same iface mac address), as both Operating Systems have a public IP whenever they are running, allowing me to SSH from work.
The problem is that I can only SSH into one Operating System given that my known_hosts only recognises one key per host, so I would have to delete each time the known_hosts entry whenever the Operating System/SD card changes.
I've created two different RSA keys for each system, and on my local machine under ~.ssh/config given each Host an alias and corresponding IdentifyFile key, but I still come across the same issue. I've also created one key for both system and still come across the same issue.
Is there any way/method to SSH into my RPi regardless of the OS without having to delete the key each time from known_hosts?

Related

Linux: talk to different devices with same mac on different interfaces

I have multiple devices with the same hardware mac address (in factory reset mode) that all call a tftp server in order to get a proper mac.
On the same nic, there would obviously be no way to differentiate the devices, however, i have one device per nic. I evaluated these options to use that fact:
SO_BINDTODEVICE
Binding the tftp server on each nic separately would probably still not give me a way to respond with a package to the sender, since linux' arp table would be confused about which nic to send that package out from.
net namespaces
Linux does not allow bringing physical interfaces into a net namespace. only veths, which again would need to be bridged on the 'host' side, which will probably not work with the same mac appearing on multiple physical nics.
Am i missing an option here?

How to generate a host unique ID?

I have several applications which works together and need to communicate.
These applications can be installed on different host, which can be in different local networks, but all are connected together via a global network.
The host can be Linux (CenOS, Debian, Ubuntu) or Windows (7/10).
Now, I need to identify which host is running an application.
The requirements are :
- every application running on the same host have the same "host ID"
- every "host ID" is unique among all hosts
Since the host can be physical machines, virtual machines or even docker instances, I don't think I can use the hostname as a "global unique ID".
Since the host can be in different local networks, I don't think I can use local IP address as a "global unique ID".
So, which data can I use ? Maybe the Network adapter MAC address ? Is it
guaranteed to be unique, even between multiple instances of the same docker ?
Thanks.
On modern / recent Linux distro, linux generates for you a unique id in the /etc/machine-id file when the system is created the first time. Some distributed services such as etcd rely on this file to identify machines in a cluster.
Nothing prevents you from creating and persisting on disk something like a uuid. You can use uuidgen command on Linux for that.
You can say the MAC address is unique. However, if you are concerned about security, do not use the MAC address. The MAC address can be spoofed easily.
To generate a unique ID for the machine, you can use a combination of many items such as MAC Address, IP Address, hostname etc., throw in a random salt and take a sha256 hash of them. Since the host can run on many operating system, I would suggest against using any OS-specific parameters.
Without going into too much detail, the chances of finding a collision in sha256 is improbable to say the least.
You can see the SHA256 of different text here.
http://www.xorbin.com/tools/sha256-hash-calculator
Almost every programming language, these days, has a function/API for creating a SHA256 hash.
Looks like /var/lib/dbus/machine-id contains what you need.
read more here: http://man7.org/linux/man-pages/man5/machine-id.5.html
On linux I solved my problem just by changing the contents of the /var/lib/dbus/machine-id file

How to generate an unique ID for a given linux machine?

My python application running as a daemon in a variety of linux distributions are trying to register to my server using the machine's IP Address and FQDN Hostname(given by "hostname -f" command) as a primary key.
Now I am facing a problem when two machines are having same hostname and IP Address. Eg in case of two VM's running on two seperate machines, the hostname is "localhost.localdomain" and Ip Address is "192.168.0.2" for both of them.
Is there any unique way to differentitate any two machines. (Maybe some other third parameter which will guarantee uniqueness across any linux machine )
the MAC address should be unique per network interface.
maybe you can try a combination of IP, MAC and host name?
another option is to create a UUID and save it on the machine.

Virtual box based development for Embedded Linux

I am new to embedded linux development.I have inherited a particular way of Embedded linux development from the previous developer.
I was just wondering if there is a more industry standard way of working.
This is how he was working,
There is an ARM embedded linux board which is not on the corporate network and has a fixed IP address of 192.168.0.52.I have a virtualbox based linux host which is connected directly to this linux board via an Ethernet cable.This host has an NFS shared with the target for running the cross compiled binaries.I have to set a fixed IP address for the host of 192.168.0.50.Then I can telnet with the target to run the compiled binaries on the NFS folder. Also as the VM host is not connected to the corporate network.I cannot use the company issued SVN for version control.So what I do is have a shared folder via virtual box between Windows and Linux host and I manually keep transferring the files which I have to commit/test.
What I would I ideally like, is both networks connected to the corporate network,so that I can update the OS,use version control.Is there way by which the VM on Windows access the corporate network and also be connected to the target.IT is not willing to give a static IP to the target.If we connect the target via DHCP what is the best way to discover it on the network.Also IT is concerned about the traffic it will generate.Can I use a switch to create a subnetwork,so that the target can have a fixed address?
Another question is they are open to a linux based host as well.Is a VM based linux any worse off than a Linux PC.The only problem I have been having are networking based issues,not really Virtualbox issues.But I am curious to know if there are any limitations at all.
In order to have the VM connected to the corporate network, you can setup the VM network adapter in bridge mode.
In order to discover the embedded device, you can use the arp command (for instance: arm -i eth0 -a).
If you have got two network interfaces you could also connect the remote device directly through this interface and setup a dhcp server in your VM.
Personally, I think that with the VM you can do everything that you need (cross-compiling the Kernel and bootloader and creating the remote File System). I have been using a VM for embedded linux development on a AT91SAM board without problems at all.

Hostname discovery for all machines on a network

Problem: I am developing a graphical front end for a distributed CPU/GPU simulator. As this simulator utilizes MPI, it requires a hostfile detailing the hostnames for all computers being used on the network so that it knows what machines to distribute across. As the end users for my application are not computer scientists (and may not even be very computer literate), I can't expect them to know/find the hostnames of every computer on their network/cluster. I would like to programmatically perform this hostname discovery so that, upon application start-up, the user can see the available machines, and from those, pick the hosts they want to run on. If possible, I would like this solution to be cross platform but as the simulator currently contains some linux dependencies I can deal with a Linux only solution.
What I have tried so far: I tried utilizing the nmap package to discover hosts on a network with commands like nmap -sP <ip address range> using the ip address range for that local network. However, it only dumps the IP addresses for the hosts (not the host names) and I'm not sure how to translate these IP addresses into ssh hostnames (as MPI uses ssh for host discovery). Additionally, I used a similar approach with ping supplying the broadcast address and it returned nearly identical results.
I apologize for the broad nature of this question and the lack of code shown but I am not very experienced with network probing / programming and I am really not even sure where to start. I tried googling this but I was unable to find a suitable option (possibly because my lack of experience caused me to use improper terminology triggering improper results) My background is primarily in graphics and user interface programming, so this is a little beyond my comfort zone.
SSH doesn't care if it is given hostnames or IP addresses to connect to (not sure if this applies when there are host-specific configurations). Most MPI implementations don't care too, e.g. in Open MPI connection URIs addresses are all numeric, so a hostfile with IPs would be fine. HTTP servers on the other hand care because of the virtual hosting thing where many different sites resolve to the same IP address but the server is supplied the actual hostname via the Host HTTP header.
Unsolicited advice: finding hosts by ping is fine, but it doesn't guarantee that you have found machines, where SSH is running. You would better scan for systems with port 22 open that accept TCP connections:
$ nmap -oX -sT -p22 <ip range>
-oX produces XML output that can be easily parsed. -oG is also a nice format for automated parsing of the scan results. Also having SSH running doesn't necessarily mean that the user would be able to log into the system - for example it could be a network router or another remotely manageable device. One also has to take care of only showing machines where the user can log on without having to supply a password, e.g. with RSA/DSA public keys, otherwise starting an MPI job would be a really tedious task. You can test each host found with something like:
$ ssh -2 -o "PreferredAuthentications=gssapi-with-mic,hostbased,publickey" \
<host> hostname
This command basically excludes all interactive authentication methods. If connection succeeds, it will output the hostname of the remote machine. Otherwise you'd get a permission denied error and a non-zero exit code from the SSH client.

Resources