Send a Telegram message on SSH login

Its been awhile since I posted but I found a neat little trick to send a Telegram alert when a user logs in via SSH to one of my VPS’s.

Its pretty simple so it doesn’t take too long to setup.

Step 1: Create the Telegram Bot

You will need to message @BotFather to get started.  This guide isn’t really about setting up Telegram bots.  I may do a guide in the future but for now I am assuming you have that part setup. 

If you need more information about setting it up you can refer to the documentation Telegram Documentation or another guide on the internet.

All you will need for now is your USERID which looks like: -123456789 and the KEY which is in the format of: 123456789:AAAAAAAAAAAAAAA

Step 2: Script to Send the Message

Scripts in /etc/profile.d will execute when a SSH user logs in.

Create a new script:

sudo nano /etc/profile.d/telegram-login-alert.sh

Script: 

#!/usr/bin/env bash

# Import credentials form config file
. /etc/ssh-login-alert-telegram/credentials.conf

URL="https://api.telegram.org/bot${KEY}/sendMessage"
DATE="$(date "+%d %b %Y %H:%M")"

if [ -n "$SSH_CLIENT" ]; then
CLIENT_IP=$(echo $SSH_CLIENT | awk '{print $1}')

SRV_HOSTNAME=$(hostname -f)
SRV_IP=`curl -s "https://scott.stevensononthe.net/whatismyip.php"`

IPINFO="https://www.infobyip.com/ip-${CLIENT_IP}.html"

TEXT="Connection from *${CLIENT_IP}* as ${USER} on *${SRV_HOSTNAME}* (*${SRV_IP}*)%0A%0ADate: ${DATE}%0A%0AIP information: [${IPINFO}](${IPINFO})"

curl -s -d "chat_id=$i&text=${TEXT}&disable_web_page_preview=true&parse_mode=markdown" $URL > /dev/null
fi

The script will read another file with the credentials of the channel and user.  We will make that next.

The URL that the message needs to be sent to include our KEY.

URL="https://api.telegram.org/bot${KEY}/sendMessage"

The majority of the code is just generating data for the message. It can be stripped down to the sending of the message:

curl -s -d "chat_id=$i&text=${TEXT}&disable_web_page_preview=true&parse_mode=markdown" $URL > /dev/null

Ensure the script is executable:

sudo chmod +x /etc/profile.d/telegram-login-alert.sh (more…)

Microsoft says mandatory password changing is “ancient and obsolete”

Microsoft is finally catching on to a maxim that security experts have almost universally accepted for years: periodic password changes are likely to do more harm than good.

In a post published late last month, Microsoft said it was removing periodic password changes from the security baseline settings it recommends for customers and auditors. After decades of Microsoft recommending passwords be changed regularly, Microsoft employee Aaron Margosis said the requirement is an “ancient and obsolete mitigation of very low value.”

The change of heart is largely the result of research that shows passwords are most prone to cracking when they’re easy for end users to remember, such as when they use a name or phrase from a favorite movie or book. Over the past decade, hackers have mined real-world password breaches to assemble dictionaries of millions of words. Combined with super-fast graphics cards, the hackers can make huge numbers of guesses in off-line attacks, which occur when they steal the cryptographically scrambled hashes that represent the plaintext user passwords.

Even when users attempt to obfuscate their easy-to-remember passwords—say by adding letters or symbols to the words, or by substituting 0’s for the o’s or 1’s for l’s—hackers can use programming rules that modify the dictionary entries. As a result, those measures provide little protection against modern cracking techniques.

(more…)

Transferring A Domain To The New Cloudflare Registrar

I just received an email from Cloudflare indicating that my wave is now open to transfer my domains.  I am quite happy with the service of my current domain registrar (internet.bs) however I wanted to see how the price compared.  

I thought that internet.bs was really competitive on price but after seeing $9.95 on Cloudflare vs $17.59 on internet.bs I decided to test out the new Cloudflare service.

The process is really simple but I have laid it out below for anyone interested in giving it a try.

*Note that once you start the transfer process you will be billed for a year extention on the expiry of the domain.

Step 1

To start the transfer process you have to have the domain already in your Cloudflare account.  Simply, select the domain you want to transfer and confirm the domain(s).
Cloudflare Select Domain To Transfer

(more…)

Nith River Kayak – Trip Report

This past Friday I went out on the Nith River. This is a smaller secluded river that meets up with the Grand River in Paris, Ontario. Paddling this river is only possible at certain times of the year, most notable the spring as the water level needs to be high enough to make passage possible. Most of the river is a relaxing 4 ft/mile elevation drop but near Paris it increases to 20 ft/mile drops with a few rapid sections.

Entry

There isn’t really a great public launch site for this river that I know of. There is a good entry point (coords: 43.223920, -80.476170) but it is marked as private. I entered here anyway since I had already made my plans and travel arrangements but I wouldn’t go again knowing it’s private.

Entry is Private Property

Entry is Private Property

(more…)

Reverse Engineering the iHome iSP5 SmartPlug Communications

I got a couple of the iHome iSP5 Smart Plugs and wanted to integrate them into OpenHAB. This is just some rough digging I have done so far in the communications between the phone app and their server. Part 2, if I get to it will look at the communications between the server and the plug. This will be much harder as I will need to find a way to become a MITM for the SSL communications.

Maybe this will help someone create an openHAB binding as I have never really worked with OpenHAB.

The following is all done using CURL.

Get Your Authorization ID

To start off you need to send a request to their server with your login information to get the authorization ID to communicate with the device server.

curl -H "Content-Type: application/x-www-form-urlencoded" -H "Accept: application/json" -X POST https://www.ihomeaudio.com/api/v3/login/ -d 'password=yourPassword&email=email%40domain.com'

The response to this will contain 2 important fields:

  • evrythng_user_id
  • evrythng_api_key

The evrythng_user_id isnt really useful but its nice to know. The evrythng_api_key is really where the magic happens.

Get Your Device ID(s)

Using the evrythng_api_key you can then send a packet to query all the things you have in your account. Replace evrythng_api_key with your actual value in the Authorization field.

curl -H "Content-Type: application/x-www-form-urlencoded" -H "Accept: application/json" -H "Authorization: evrythng_api_key" https://api.evrythng.com/thngs?perPage=100&sortOrder=ASCENDING

This then returns a large JSON response with all your devices.

Most of these fields can then be queried later but a few are really the most important:

  • id (Unique device ID)
  • currentpowerstate1 (1=On, 0=Off)
  • outletinuse1 (1=yes, 0=no)
  • ~connected (true=Connected, false=Disconnected)

These fields are pretty self-explanatory. currentpowerstate1 is if the switch is on/off, outletinuse1 is if there is something actually plugged into it and, ~connected is if the device is connected to the internet/accessible.

Get Device Properties

To query the device for a specific property use a GET as follows and remember to replace id in the URL with the id you found in the last command:

curl -H "Content-Type: application/json" -H "Accept: application/json" -H "Authorization: evrythng_api_key" https://api.evrythng.com/thngs/id/properties/~connected?perPage=100&sortOrder=ASCENDING

Replace the last part of the URL with the property you want to query.

This query actually returns a few values so you may want to limit it to 1 instead of 100 to get the last result. I did also notice that the sortOrder didn’t appear to do anything but that may need to be experimented with a bit more.

Another example to get powerstate1

curl -H "Content-Type: application/json" -H "Accept: application/json" -H "Authorization: evrythng_api_key" https://api.evrythng.com/thngs/id/properties/currentpowerstate1?perPage=1&sortOrder=ASCENDING

Setting A Property

To actually set a property value it’s basically the same except sending a PUT instead of a GET.

The following will turn the switch off:
curl -H "Authorization: evrythng_api_key" -H "Content-Type: application/json" -H "Accept: application/json" -H "Content-Length: 15" -X PUT https://api.evrythng.com/thngs/id/properties/targetpowerstate1 -d '[{"value":"0"}]'

Ya, so that’s really all there is to it. I’m sure a binding would be pretty simple for someone.

Edit: So the communications between the server and the device are SSL encrypted so I dont have a way to see what its doing. I ran TCPdump on my router and I can see packets but nothing I can work with. Not sure if anyone has any ideas.