SSH Configuration in IOS
Last post we got TACACS+ running on your Cisco device. Now let's get security really going good by putting SSH on the box.
Make sure that you have the IPSEC feature set available, otherwise you're hosed from the start. And again, because you're a GOOD Cisco Admin, you know that SSH uses port 22, right?
The server must have a host name AND domain name. In configuration mode type:
hostname your-hostname
ip domain-name your.domain
The RSA keys must then be generated. In the configuration mode type:
crypto key generate rsa usage-keys
Enter 1024, Then type:
ip ssh time-out 60
ip ssh authentication-retries 2
line vty 0 4
transport input telnet ssh (leave telnet out once ssh works)
login local (or tacacs)
Now you've set up SSH. Enjoy your new security!!!
If you want to know how to do anything with your Cisco devices, shoot an email to Greg@GregLedet.net and I'll do my best to get something up here ASAP on how to do it.
The Quick and Dirty, Cut and Paste TACACS+ install
Let's assume you have a Cisco Secure ACS server up and running. Now you need to put the TACACS+ config into your devices, but you've never done it before. I'm also going to assume that you know what TACACS+ is (think RADIUS, but better) and you have that part configured correctly. Here's a cut and paste TACACS+ config that you can use.
username yourusername secret yoursecretpassword
enable secret yourenablesecretaaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login console none
aaa authentication ppp default group tacacs+ local
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization exec console none
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+tacacs-server host your.tacacs.server.ip
tacacs-server timeout 100
tacacs-server directed-request
tacacs-server key your-tacacs-server-key
The reason I have you setting up a username first is in case something bombs, you have a way into the box. You want to make sure that you set up a local account on the device. If the TACACS+ server fails, you guarantee you have a way in.
For your "tacacs-server host" command, use the IP of the server, not a DNS name; but because you're a good Cisco Admin, you knew that already.
Also, make sure that the key you use in the config matches the key you use when you set up the device in the TACACS+ server. If not, you'll get a key mis-match and you won't be able to login.
That's it! You just set up TACACS+ on your Cisco device!
Creating a Transparent Signature stamp in Acrobat
This doesn't have anything to do with networking, but if you're like me you do a lot of paperwork. A lot of paperwork that requires your signature. Also, if you're like me, you can't stand having to print something to sign it, only to scan it back it as a PDF and email it off. That's why I've put this up here. This will save you a TON of time, paper, and toner.
Portions of this came from an Adobe Blog about a year ago, and the rest I figured out on my own. Thanks to Rick Borstein for the original post.
Creating a Transparent Signature Stamp
Tons of people have discovered that they can scan their scan their signature and easily turn it into an Acrobat stamp.
The resulting stamp, however, has a white background.
When stamped on top of documents, the results are not visually pleasing:
To create a transparent stamp, you must “feed” Acrobat a file with transparency capabilities such as a GIF or Photoshop PDF.
Read on to learn how . . .
Transparent Formats and Transparency
Only certain graphic file formats offer transparency as an option. One example is the GIF format.
Although some scanning software can produce a GIF, none that I know of automatically remove the white background to produce transparency.
In other words, just because you have a GIF file doesn’t mean it has transparency.
You’ll need to use a tool to remove the background to produce the transparent effect.
Using an Image Editor to Delete the Background
Most image editors—including Adobe Photoshop—offer tools to remove backgrounds. In Photoshop, the Magic Wand tool may be used to remove backgrounds. After removing the background, choose Save As and save the file as a Photoshop PDF which preserves transparency.
If you use a different image editor, use the appropriate tool and save your file as a GIF.
If you have Photoshop, you can get very good results with this method. You can add all sorts of tweaks and flourishes to your signature like a little heart above the lowercase “I”. That will make your court filings really special. Just kidding!
If you want the best possible results with a color signature, I recommend using an image editor which allows the finest possible adjustments.
An Easier Way: Good for most Customers
Not many people are Photoshop users, but almost everyone has Microsoft Word.
Using Word, you can get decent results and a transparent background with black and white scans.
Here’s how:
- Write your signature at the size needed on thick white paper. Use a market-type pen such as a Sharpie Ultra Fine Point.
- Scan in the signature at 300 dpi, black and white. Save the file as a TIFF file.
- Start Microsoft Word and create a new document.
- Choose Insert—>Picture—>From File…
- Find the TIFF image you scanned earlier.
This will place the image on the page.- Select the image by clicking on it once.
- Right-click and choose Show Picture Toolbar
- Click the Set Transparent Color tool
- Click once anywhere in the white area of the signature picture.
- Save the Word document.
- Choose File—>Print and print your file to the AdobePDF print driver. Give the file a name when prompted.
Adding the Stamp to Acrobat
Below are abbreviated instructions.
- Launch Acrobat and choose View—>Toolbars—>Commenting
- On the Commenting palette, click on the arrow next to the Stamp button.
- Choose Create Custom Stamp and click the browse button to find the PDF stamp you created.
- Create a new category for the stamp (or use an existing one) and give it a name. Click the OK button.
Another way of doing things:
If you have Acrobat Professional, you can paste the transparent GIF into a page. Simply go to "Tools -> Advanced Editing -> Touch-up Object Tool". Then you can right-click where you want your signature and "Place Image". Shrink to fit an voila! You have a signature!
If you find this post helpful, do me a favor and leave a comment or check out some of my sponsors.
Problems with your D-Link DP-300U?
If you're like me, you have a ton of computer crap laying around your house. Today I found an old D-Link DP-300U print server laying around and thought that I could put it to good use. The bad thing about these things is the fact that they do not have a hardware reset button on them, so if you forget the IP or the Password, you're pretty much hosed... or so I thought. After doing some google searches for how to find a lost IP, I came back empty. The PS Admin program that D-Link publishes for use with this thing couldn't find it on my network either. After some thinking, I came up with an idea.
If you know anything about networking and how networks work, you should have thought about this too. Get a Wireshark capture running. Unplug the power from the print server and then replug it. It's going to send out an ARP on the network looking for it's gateway which should be picked up by Wireshark. It should look like this:
In my case, it came back as 192.168.1.253. After changing the IP on my laptop to fit that subnet, I was able to log into it via it's web interface (there was no password on it thank God!) and put it back to factory settings. Voila! What once was a brick is now a working print server!
-Greg