VDI-MFA from Proxmox

Today is the best day in this week so I will describe how to implement multi factor authentication to the Proxmox Virtual Server enviroment… I’m finally get it working… Multi-Factor authentication to remote server with spice client configuration.

First of all we need the computer/server with virtualization ability.

Next we must install Proxmox VE on this target machine.

To-Do List:

-> Login to the Proxmox VE with root privileges,

-> Create Virtual Machine using Create VM box with SPICE ( QXL ) display,

-> Install system on the target virtual machine using console view,

-> Create Role with only VM.Console privilege in the Proxmox -> Cluster -> Permissions,

-> Create User with VM.Console Role,

-> Next create TOTP via wizzard in the Proxmox -> Cluster -> Permissions -> Two Factor -> add TOTP, scan the qr code with Google Authenticator app because user will never login without code

-> Navigate to the VM machine that you created in second step,

-> Create user (created in fifth step) permission to access Virtual Machine ( VM -> Permissions -> add User Permission )

Now You have working VDI server with one virtual machine

Next thing is to connect to that virtual machine:

You can use this script to connect to virtual machine:

#!/bin/bash
set -e

# Set auth options
USERNAME='USERNAME_FOR_USER_CREATED_IN_5_STEP'
PASSWORD='PASSWORD_FOR_USER_CREATED_IN_5_STEP'
TOTP='$1'
# Set VM ID
VMID='VMID_OF_VIRTUAL_MACHINE_CREATED_IN_2_STEP'

# Set Node
# This must either be a DNS address or name of the node in the cluster
NODE='DNS_NAME_OF_THE_PROXMOX_SERVER_IN_THE_CLUSTER'

# Proxy equals node if node is a DNS address
# Otherwise, you need to set the IP address of the node here
PROXY="$NODE"

#The rest of the script from Proxmox
NODE="${NODE%%\.*}"
COOKIE="$(curl -f -s -S -k --data-urlencode "username=$USERNAME" --data-urlencode "password=$PASSWORD" "https://$PROXY:8006/api2/json/access/ticket"|jq -r '.data.ticket')"
DATA="$(curl -f -s -S -k --data-urlencode "username=$USERNAME" --data-urlencode "password=totp:$1" --data-urlencode "tfa-challenge=$COOKIE" "https://$PROXY:8006/api2/json/access/ticket")" 
echo "AUTH OK"

TICKET="${DATA//\"/}"
TICKET="${TICKET##*ticket:}"
TICKET="${TICKET%%,*}"
TICKET="${TICKET%%\}*}"

CSRF="${DATA//\"/}"
CSRF="${CSRF##*CSRFPreventionToken:}"
CSRF="${CSRF%%,*}"
CSRF="${CSRF%%\}*}"

curl -f -s -S -k -b "PVEAuthCookie=$TICKET" -H "CSRFPreventionToken: $CSRF" "https://$PROXY:8006/api2/spiceconfig/nodes/$NODE/qemu/$VMID/spiceproxy" -d "proxy=$PROXY" > spiceproxy

#Launch remote-viewer with spiceproxy file, in kiosk mode, quit on disconnect
#The run loop will get a new ticket and launch us again if we disconnect
exec remote-viewer spiceproxy

TO use this script you must modify USERAME,PASSWORD,VMID and NODE variables.

Next will be give execution permission to the created connection script:

chmod +x NAME_OF_SCRIPT

to connect to the VDI use following scheme:

./NAME_OF_SCRIPT CODE_FROM_GOOGLE_AUTHENTICATOR

Thats all… have a nice day.

antispam apache2 callout cd commands database Debian debian 9 debian 10 domain domain-hosting exim fpm hosting how to https imap imaps ksh lenovo linux logging mail man MySQL nginx php poland pop pop3 pop3s price prize server snoopy sr635 system think thinksystem update upgrade users VDI web www

Yocto Mickledore apt-get repository

If you want to use my repository You can configure apt-get in Yocto system to use my repo.

Repo was created for arm64 architecture for use with Variscite Hardware var-som-mx8q.

To do:

add gpg key to apt-get

apt-get update

apt-cache search PACKAGE

apt-get install PACKAGE

First of all we must add gpg key to apt-get:

curl -fsSL https://apt.it-core.eu/it-core.gpg.key | sudo apt-key add -

next we must add repo to the apt-get

echo "deb https://apt.it-core.eu/debian mickledore main" > /etc/apt/sources.list.d/apt-it-core-eu.list

Yes I know that isn’t Debian 😀 but have no time to change it 😀

Now you can use your Yocto like Debian to install software.

antispam apache2 callout cd commands database Debian debian 9 debian 10 domain domain-hosting exim fpm hosting how to https imap imaps ksh lenovo linux logging mail man MySQL nginx php poland pop pop3 pop3s price prize server snoopy sr635 system think thinksystem update upgrade users VDI web www

How about env variables

I was wondering about env variables in Linux system. Many users using them to setup applications. But did you know about env variables are visible to other ?

Long time ago, there was one system per server and everything was correct. But now systems, especially in cloud environments are used by many users.

Let’s see what exist in file /proc/1/environ

As you can see there is some system variables set in those file.

But many sites are using env variables to pass application specyfic setting like users and passwords… Now you know.

antispam apache2 callout cd commands database Debian debian 9 debian 10 domain domain-hosting exim fpm hosting how to https imap imaps ksh lenovo linux logging mail man MySQL nginx php poland pop pop3 pop3s price prize server snoopy sr635 system think thinksystem update upgrade users VDI web www

How to encrypt data using openssl

openssl enc -e -aes256 -k '<passphrase>' -in <decrypted_file.txt> -out <encrypted_file.txt>

antispam apache2 callout cd commands database Debian debian 9 debian 10 domain domain-hosting exim fpm hosting how to https imap imaps ksh lenovo linux logging mail man MySQL nginx php poland pop pop3 pop3s price prize server snoopy sr635 system think thinksystem update upgrade users VDI web www

How to wipe disk using linux on a pendrive?

-> https://www.debian.org/CD/faq/#write-usb

After a booting Debian from usb please check what You have on Your computer:

blkid

Next you can use linux to wipe data from hard disk:

dd if=/dev/urandom of=/dev/sdX bs=1M; sync
where X is drive in linux system ie /dev/sda

antispam apache2 callout cd commands database Debian debian 9 debian 10 domain domain-hosting exim fpm hosting how to https imap imaps ksh lenovo linux logging mail man MySQL nginx php poland pop pop3 pop3s price prize server snoopy sr635 system think thinksystem update upgrade users VDI web www

How to upgrade from Debian 10 to Debian 11

Whats new in Debian 11?

-> https://www.debian.org/releases/bullseye/amd64/release-notes/ch-whats-new.en.html

For the security reasons please backup before procedding with upgrade.

Make sure You have upgraded your debian distribution to the latest old-stable release. Run following commands from the console:

sudo apt-get update

sudo apt-get upgrade

If you are up-to-date with Debian 10 distribution you can proced to the next chapter:

Upgrade to Debian 11:

First edit with your favorite editor the /etc/apt/sources.list file. You can change the file also with sed command:

sed -i 's/buster\/updates/bullseye-security/g;s/buster/bullseye/g' /etc/apt/sources.list

After that you are able to upgrade to the Debian 11 system by running following commands:

apt-get update

apt-get upgrade

apt-get dist-upgrade

Next we must reboot into new system 🙂

antispam apache2 callout cd commands database Debian debian 9 debian 10 domain domain-hosting exim fpm hosting how to https imap imaps ksh lenovo linux logging mail man MySQL nginx php poland pop pop3 pop3s price prize server snoopy sr635 system think thinksystem update upgrade users VDI web www

Few Linux commands

Linux system offers in command line mode a full set of commands for users and also for administrators.

I will present some of this in this post.

man command_name

Where command name is any Linux command we are interested in using.

The man command displays a manual that lists the syntax and an overview of all the options for the command given as an argument. In the case of administration commands or system services, it also gives any file names that contain definitions of the default behavior of these commands.

The work with the manual is finished after pressing the q key.

example:

man cd

cd command is used for changing the current directory.

The paths in a Linux system can be specified in relative or absolute terms.

example:

cd ../

In a bash shell, you can use the tab key to complete a directory name.

antispam apache2 callout cd commands database Debian debian 9 debian 10 domain domain-hosting exim fpm hosting how to https imap imaps ksh lenovo linux logging mail man MySQL nginx php poland pop pop3 pop3s price prize server snoopy sr635 system think thinksystem update upgrade users VDI web www

How to audit user commands in Linux Debian

I was wondering how to audit user or root commands in bash/sh and founded that simple script written in bash is very basic. For example when type sh command the looging in bash stopped working.

I founded the simply and very good application called snoopy

To install snoopy in Debian Linux type following command:

sudo apt-get install snoopy

Of course chose yes

Tak in Polish means yes, Nie in Polish means no.

Now logout and login back to server the logs of command line should be in the following location:

sudo tail -f /var/log/auth.log

antispam apache2 callout cd commands database Debian debian 9 debian 10 domain domain-hosting exim fpm hosting how to https imap imaps ksh lenovo linux logging mail man MySQL nginx php poland pop pop3 pop3s price prize server snoopy sr635 system think thinksystem update upgrade users VDI web www