Дата публикации: 2018-08-05
Linux for paranoid
Hello! Do you think so that someone are keeping tabs on you?
I'll try to help you with this little inconvenience.
Yep, there are encryption support in vim out of the box, you don't have to
install any side plugins.
There are three available encryption algorithms: zip (default), blowfish and blowfish2.
You can select which one you gonna use with
You can encrypt file with :x command: vim will ask you for a password.
You should enter it when opening protected file later.
Now let's lurk more about more interesting paranoid lifehack.
Usually vim creates .xxx.swp file to store changes you've made;
it's clearly not the desired behaviour when you're trying to not disclose your text
in any possible way without encryption.
That means your work session with vim should look like this:
:noswapfile edit <filename>
Note that if you want to encrypt a existing file, you should save it's content as a new file.
There are easy to use AES-support at gpg.
$gpg -o nonsense.gpg --cipher-algo AES -a -c nonsense.txt
$gpg -o nonsense2.txt -d nonsense.gpg
if you want to encrypt an archive or image you should run:
$tar -cvzf - /home/eax | \
gpg --symmetric --cipher-algo AES256 --digest-algo SHA256 \
--compression-algo Uncompressed > backup.tgz.gpg
$gpg --decrypt backuo.tgz.gpg | tar -xzvf -
Don't worry about someone getting your password just scrolling terminal
window, gpg uses it's own X-window for typing password.
2.Making an secure connection
Simple chat using nc:
$nc -l -p 1300
$nc server_ip 1300
WARNING! It's not an encrypted chat, but you can transfer crypted files
$cat Vault9.gpg | nc server 1300
Making a protected SSH-proxy.
First of all we need to create a SSH keypair:
This command will ask you for the passphrase; it's optional password that will be
used for the key encryption so that key cannot be used even if somebody
steals it from you.
SSH supports several algorithms:rsa, dsa, ecdsa, ed.
Preferred algorithm can be selected using option -i; key size can be set with -b argument.
By default keys will go to ~/.ssh directory: id_<type> is private and id_<type>.pub is public key.
You should upload your public key onto a server.
Then you can login to a server right now, but its not our way.
$ssh -i <key> lol@server
Now check that your user have sudo priveleges (do not work as root)!
Now we can setup the ssh-tunnel:
$ssh -D 8183 -f -c -q -N lol@server
-f fork to background
-c compress traffic
-q use quiet mode
-N tells ssh that no command will be send
Verify that the tunnel is up:
$ps aux | grep ssh
CHECK THAT SSH IS RUNNING!
Now we should configure your browser or router to use it.
Example configuration for Firefox:
Preferences -> Advanced -> Network -> Settings ->
Manual proxy configuration -> SOCKS Host-> port -> OK
Now Firefox will connect to network via this tunnel. It should not be vulnerable to most MITM or