Wirehark Fix Generate SSH KEy in SPISERVER as geouser and transfer id_rssa.pub to probe as ge ouser in authorized_keys2 http://tekwiki.tek.

com/display/nmappeng/Wireshark+configuration * SSH Configuration Steps for Wireshark Server Installation 1. Login spIserver with geouser, execute "ssh -V" to check the SSH is insta lled and its version: eg: #geouser@cn-spi02 /home/geouser 1 >ssh -version Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f Generally ssh is installed, otherwise need download the ssh package; 2. Test out SSH by establishing a session to the user's machine. #ssh <unix-id>@<hostname> A question will appear asking to add the host to a key file. Type "yes ". 3. Login with the user's account password. If a session prompt appears, th en a successful login has been established. If an error occurs, then please ver ify proper login ID and password. 4. Exit out of the ssh session. Change directory to the geouser home direc tory. 5. Enter into $HOME/.ssh, ($HOME is /home/geouser for geouser account); 6. Execute 'ssh-keygen -t rsa' to generate public/private RSA key pair; 7. Check if 'config' exists in $HOME/.ssh, if no create this file with the following contents: ForwardX11 yes StrictHostKeyChecking no BatchMode yes PasswordAuthentication no 8. To allow all other users to run Wireshark (assuming that the geouser has already been configured to run ssh), you need to execute the following steps: chmod 755 ~geouser/.ssh cp ~geouser/.ssh/id_rsa ~geouser/.ssh/id_rsa.ethereal chmod 644 ~geouser/.ssh/id_rsa.ethereal Also, if you are not geouser and you want to run Wireshark, you need t o make sure that you have set the path to /opt/local/bin. If not, you need to ad d the following line to your .cshrc file and source the .cshrc file before you o pen the spiMain: set path = ($path /opt/local/bin) 9. If you are not login as geouser and you don't want to run Wireshark as g eouser (i.e., you want to run Wireshark as yourself), you need to set the follow ing environment variable in SpiSite.csh to disable the "always run as geouser" f eature before you open the spiMain: setenv ALWAYS_RUN_ETHEREAL_AS_GEOUSER "no" * 1. Others In probe Change the account as geouser; Check if .ssh folder exists in /inet/home/geouser; If no, create

1. 2. this folder:

#mkdir .ssh 3. Copy $HOME/.ssh/id_rsa.pub in spIserver to probe at $HOME/.ssh/ authorized_keys; Remember to chmod it as 644: #chmod 644 $HOME/.ssh/authorized_keys

2.

In spIserver

1. Make a ssh connection to the 2U probe and select yes to accept a uthentication. ssh <2u probe> 2. Check Wireshark license is enable with dbSysDefaults, if no enab le it; 3. From the spIstation geouser account execute the following comman d: #ssh <2u probe> sudo /inet/sniffer/bin/wireshark.startup - u 1000 & You should be able to launch the Wireshark application on the probe from the server as root without entering in a password 4. If above command (wireshark.startup) is successful,

drwxr-xr-x 2 geouser geo 512 Jan 27 drwx------ 2 geouser geo 512 Jan 28 drwxr-xr-x 2 geouser geo 512 Jan 28 -rw------- 1 geouser geo 348 Jan 28 drwxr-xr-x 2 geouser geo 512 Jan 28 drwxr-xr-x 18 geouser geo 1024 Jan 28 geouser@VFMOB-spIserver2 /home/geouser

13:23 00:17 00:17 12:40 12:40 13:05 9 >

.ssh/ .adobe/ .acrobat/ .Xauthority tmp/ ./ 14 > ls -ltra id_rsa id_rsa.pub config ./ id_rsa.pub_new known_hosts ../ 15 >

geouser@VFMOB-spIserver2 /home/geouser/.ssh total 11 -rw------- 1 geouser geo 1675 Jan 27 13:10 -rw-r--r-- 1 geouser geo 406 Jan 27 13:10 -rw-r--r-- 1 geouser geo 104 Jan 27 13:14 drwxr-xr-x 2 geouser geo 512 Jan 27 13:23 -rw-r--r-- 1 geouser geo 406 Jan 27 13:23 -rw-r--r-- 1 geouser geo 3539 Jan 28 00:01 drwxr-xr-x 18 geouser geo 1024 Jan 28 13:06 geouser@VFMOB-spIserver2 /home/geouser/.ssh

================================================================== geouser@Guj_Ahmd_VFhouse_RNC-barwick-1-1:~> ls -ltra total 84 -rw-r--r-- 1 geouser geo 0 Jan 1 2005 .vimrc -rw-r--r-- 1 geouser geo 137 Mar 25 2005 .ref-.bashrc -rw-r--r-- 1 geouser geo 193 Mar 25 2005 .ref-.bash_profile -rw-r--r-- 1 geouser geo 137 Mar 25 2005 .bashrc -rw-r--r-- 1 geouser geo 193 Mar 25 2005 .bash_profile drwxr-xr-x 4 root root 4096 Aug 13 2010 ../ -rw-r--r-- 1 geouser geo 405 Jan 18 15:22 authorized_keys2 -rw------- 1 geouser geo 613 Jan 19 16:46 .viminfo -rw-r--r-- 1 geouser geo 30390 Jan 19 17:25 .fonts.cache-1 drwxr-xr-x 2 geouser geo 4096 Jan 19 17:37 .wireshark/ drwxr-xr-x 2 geouser geo 4096 Jan 28 13:02 .ssh/ drwxrwxrwx 2 geouser geo 4096 Jan 28 13:05 tmp/ -rw------- 1 geouser geo 769 Jan 28 13:06 .bash_history -rw------- 1 geouser geo 156 Jan 28 13:07 .Xauthority drwxr-xr-x 5 geouser geo 4096 Jan 28 13:07 ./ geouser@Guj_Ahmd_VFhouse_RNC-barwick-1-1:~>

geouser@Guj_Ahmd_VFhouse_RNC-barwick-1-1:~> cd .ssh geouser@Guj_Ahmd_VFhouse_RNC-barwick-1-1:~/.ssh> ls -ltra total 16 -rw-r--r-- 1 geouser geo 2751 Jan 18 16:02 known_hosts -rw-r--r-- 1 geouser geo 406 Jan 28 13:02 authorized_keys2 drwxr-xr-x 2 geouser geo 4096 Jan 28 13:02 ./ drwxr-xr-x 5 geouser geo 4096 Jan 28 13:07 ../ geouser@Guj_Ahmd_VFhouse_RNC-barwick-1-1:~/.ssh>