From 3a3f5bcd02a5e0f721f390b8205ed4eaf086db45 Mon Sep 17 00:00:00 2001 From: Mike Phares Date: Wed, 2 Apr 2025 16:13:03 -0700 Subject: [PATCH] Update SSL Certificate Request VSCode SSH - Allows using VSCode to build code as if you were on remote machine. - Remote machine will still need dotnet SDK Added AppSetting Markdown --- .NET/app-settings.md | 116 +++++++++++++++++++++++++++++++++++ .NET/vscode-ssh.md | 138 ++++++++++++++++++++++++++++++++++++++++++ DevOps/dns-and-ssl.md | 29 ++++++--- 3 files changed, 274 insertions(+), 9 deletions(-) create mode 100644 .NET/app-settings.md create mode 100644 .NET/vscode-ssh.md diff --git a/.NET/app-settings.md b/.NET/app-settings.md new file mode 100644 index 0000000..37ffc2d --- /dev/null +++ b/.NET/app-settings.md @@ -0,0 +1,116 @@ +# AppSettings + +## User Secrets Initialization + +- [app-secrets](https://learn.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-9.0&tabs=windows) + +```bash 1733926424710 = 638695232247100000 = Wed Dec 11 2024 07:13:44 GMT-0700 (Mountain Standard Time) +dotnet user-secrets -p File-Folder-Helper.csproj init +``` + +- [app-secrets](https://learn.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-9.0&tabs=windows) + +## User Secrets Add Entry + +```bash 1733926491404 = 638695232914040000 = Wed Dec 11 2024 07:14:50 GMT-0700 (Mountain Standard Time) +dotnet user-secrets -p File-Folder-Helper.csproj set Name Value +``` + +## Optional Symbolic Link in Windows + +- Similar to Linux command ```ln -s``` + +```bash 1733926521307 = 638695233213070000 = Wed Dec 11 2024 07:15:20 GMT-0700 (Mountain Standard Time) +mklink /J "L:\DevOps\Mesa_FI\File-Folder-Helper\.vscode\.UserSecrets" "C:\Users\phares\AppData\Roaming\Microsoft\UserSecrets\8da397d4-13ec-4576-9722-3c79cad25563" +``` + +## .NET Package Reference + +```xml 1733926548840 = 638695233488400000 = Wed Dec 11 2024 07:15:48 GMT-0700 (Mountain Standard Time) + +``` + +## Example Record (Class) + +- ToString is optional for recursive debug and isn't used in code +- Verify method helps debug where project is looking for configuration entries +- ```configurationRoot.Get();``` is builtin method to deserialize +- JsonSerializerContext is optional for using AOT builds + +```csharp 1733926601507 = 638695234015070000 = Wed Dec 11 2024 07:16:41 GMT-0700 (Mountain Standard Time) +using Microsoft.Extensions.Configuration; +using System.Text.Json; +using System.Text.Json.Serialization; + +namespace File_Folder_Helper.Models; + +public record AppSettings(string Company, + string DefaultNoteType, + string[] ExcludeDirectoryNames, + string[] ExcludeSchemes, + string PersonBirthdayFormat, + string[] ValidImageFormatExtensions, + string WorkingDirectoryName) +{ + + public override string ToString() + { + string result = JsonSerializer.Serialize(this, AppSettingsSourceGenerationContext.Default.AppSettings); + return result; + } + + private static void Verify(IConfigurationRoot configurationRoot, AppSettings? appSettings) + { + if (appSettings?.Company is null || string.IsNullOrEmpty(appSettings.Company)) + { + List paths = []; + foreach (IConfigurationProvider configurationProvider in configurationRoot.Providers) + { + if (configurationProvider is not Microsoft.Extensions.Configuration.Json.JsonConfigurationProvider jsonConfigurationProvider) + continue; + if (jsonConfigurationProvider.Source.FileProvider is not Microsoft.Extensions.FileProviders.PhysicalFileProvider physicalFileProvider) + continue; + paths.Add(physicalFileProvider.Root); + } + throw new NotSupportedException($"Not found!{Environment.NewLine}{string.Join(Environment.NewLine, paths.Distinct())}"); + } + } + + public static AppSettings Get(IConfigurationRoot configurationRoot) + { + AppSettings? result; +#pragma warning disable IL3050, IL2026 + result = configurationRoot.Get(); +#pragma warning restore IL3050, IL2026 + Verify(configurationRoot, result); + if (result is null) + throw new Exception("Not set!"); + return result; + } + +} + +[JsonSourceGenerationOptions(WriteIndented = true)] +[JsonSerializable(typeof(AppSettings))] +internal partial class AppSettingsSourceGenerationContext : JsonSerializerContext +{ +} +``` + +## AddUserSecrets to Program.cs + +```csharp 1733926619366 = 638695234193660000 = Wed Dec 11 2024 07:16:58 GMT-0700 (Mountain Standard Time) +builder.Configuration.AddUserSecrets(); +``` + +## Get Instance of Record to Program.cs + +```csharp 1733926659168 = 638695234591680000 = Wed Dec 11 2024 07:17:38 GMT-0700 (Mountain Standard Time) +AppSettings appSettings = AppSettings.Get(builder.Configuration); +``` + +## Add Instance to be Used as Dependency Injected Object + +```csharp 1733926695948 = 638695234959480000 = Wed Dec 11 2024 07:18:15 GMT-0700 (Mountain Standard Time) +builder.Services.AddSingleton(appSettings); +``` diff --git a/.NET/vscode-ssh.md b/.NET/vscode-ssh.md new file mode 100644 index 0000000..449a6a9 --- /dev/null +++ b/.NET/vscode-ssh.md @@ -0,0 +1,138 @@ +# VSCode SSH + +- Allows using VSCode to build code as if you were on remote machine. +- Remote machine will still need dotnet SDK + +## Offline Installer + +- Download and copy to servers that can't reach github.com + +- [openssh-portable](https://github.com/PowerShell/openssh-portable) + +## PowerShell Installer + +- PowerShell Administrator + +```PowerShell Administrator 1736187016914 = 638717838169140000 = Mon Jan 06 2025 11:10:16 GMT-0700 (Mountain Standard Time) +Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*' +# Install the OpenSSH Client +Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 +# Install the OpenSSH Server +Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 +``` + +## Key Generation + +- Run with any user + +```PowerShell 1736187033768 = 638717838337680000 = Mon Jan 06 2025 11:10:33 GMT-0700 (Mountain Standard Time) +ssh-keygen -t ed25519 +``` + +## Authentication via Public Key + +- PowerShell Administrator + +```PowerShell Administrator 1736187105777 = 638717839057770000 = Mon Jan 06 2025 11:11:45 GMT-0700 (Mountain Standard Time) +copy $env:USERPROFILE\.ssh\id_ed25519.pub C:\ProgramData\ssh\authorized_keys +copy $env:USERPROFILE\.ssh\id_ed25519.pub C:\ProgramData\ssh\administrators_authorized_keys +icacls.exe "C:\ProgramData\ssh\authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F" +icacls.exe "C:\ProgramData\ssh\administrators_authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F" +``` + +- Configuration allows for public key authentication +- Removes higher risk password authentication + +```conf 1736187108739 = 638717839087390000 = Mon Jan 06 2025 11:11:48 GMT-0700 (Mountain Standard Time) +... +PubkeyAuthentication yes +... +PasswordAuthentication no +... +``` + +## Firewall + +- Open Windows Firewall with Advanced Security GUI +- Add new Inbound Rule for port 22 +- Change Profiles to only enable domain +- Change scope to remote ip for your machine + +```bash 1736187743528 = 638717845435280000 = Mon Jan 06 2025 11:22:23 GMT-0700 (Mountain Standard Time) +wf.msc +``` + +- Exported list for the two inbound rules + +```tsv 1736187853968 = 638717846539680000 = Mon Jan 06 2025 11:24:13 GMT-0700 (Mountain Standard Time) +Name Group Profile Enabled Action Override Program Local Address Remote Address Protocol Local Port Remote Port Authorized Users Authorized Computers Authorized Local Principals Local User Owner Application Package +OpenSSH SSH Server Preview (sshd) Private Yes Allow No C:\Program Files\OpenSSH\sshd.exe Any Any TCP 22 Any Any Any Any Any Any +SSH Domain Yes Allow No Any Any 10.64.233.125 TCP 22 Any Any Any Any Any Any +``` + +- Command line add inbound rule SSH + +```bash 1736188562695 = 638717853626950000 = Mon Jan 06 2025 11:36:02 GMT-0700 (Mountain Standard Time) +netsh advfirewall firewall add rule name="SSH" dir=in action=allow enable=yes profile=domain remoteip=10.64.233.125 localport=22 protocol=TCP +``` + +- Command line to add remote IP + +```bash 1736188289189 = 638717850891890000 = Mon Jan 06 2025 11:31:28 GMT-0700 (Mountain Standard Time) +netsh advfirewall firewall set rule name="SSH" new remoteip=10.64.233.125 +``` + +- Command line to enable rule + +```bash 1736188447588 = 638717852475880000 = Mon Jan 06 2025 11:34:07 GMT-0700 (Mountain Standard Time) +netsh advfirewall firewall set rule name="SSH" new enable=yes +``` + +## Local Key Generation + +- Replace user +- Run on local machine +- Add output to remote machine + +```PowerShell 1736190383218 = 638717871832180000 = Mon Jan 06 2025 12:06:22 GMT-0700 (Mountain Standard Time) +ssh-keygen -t ed25519 +more "C:/Users/user/.ssh/id_ed25519.pub" +echo "C:\ProgramData\ssh\authorized_keys" +echo "C:\ProgramData\ssh\administrators_authorized_keys" +``` + +## Test Connection + +- Replace user and machine + +```bash 1736187372778 = 638717841727780000 = Mon Jan 06 2025 11:16:12 GMT-0700 (Mountain Standard Time) +ssh user@machine.infineon.com -i C:/Users/user/.ssh/id_ed25519 +``` + +## VSCode + +- Install VSCode extension ms-vscode-remote.remote-ssh +- Add machine to VSCode Remote Explorer +- Example after adding machine to Remote Explorer "C:\Users\phares\.ssh\config" + +```conf 1736189363973 = 638717861639730000 = Mon Jan 06 2025 11:49:23 GMT-0700 (Mountain Standard Time) +Host mestsa003.infineon.com + HostName mestsa003.infineon.com + User mesphares + IdentityFile C:/Users/phares/.ssh/id_ed25519 + +Host mestsa05ec.infineon.com + HostName mestsa05ec.infineon.com + User mesphares + IdentityFile C:/Users/phares/.ssh/id_ed25519 + +Host mestsa07ec.infineon.com + HostName mestsa07ec.infineon.com + User mesphares + IdentityFile C:/Users/phares/.ssh/id_ed25519 + +Host messa010ec.infineon.com + HostName messa010ec.infineon.com + User mesphares + IdentityFile C:/Users/phares/.ssh/id_ed25519 +``` diff --git a/DevOps/dns-and-ssl.md b/DevOps/dns-and-ssl.md index 2a4ae53..5b1811b 100644 --- a/DevOps/dns-and-ssl.md +++ b/DevOps/dns-and-ssl.md @@ -8,27 +8,38 @@ updated: 2023-07-08T03:32:53.694Z ## DNS Order -https://smptools.infineon.com/smptinyurl/orderable/?name=SSO-New%20DNS%20Entry%20%281%29 - +- [dns-entry](https://smptools.infineon.com/smptinyurl/orderable/?name=SSO-New%20DNS%20Entry%20%281%29) ![DNS Entries](Images/image-2023-4-26_12-24-36.png) -## Server Certificate (SSL/TLS) Order - -https://smptools.infineon.com/smptinyurl/orderable/?name=SSO-Certificate%20Request +## Self-signed Certificate ```bash cd "C:\Program Files\Git\usr\bin" openssl -req -x509 -nodes -days 365 -newkey rsa:2048 -keyout L:\Git\NGINX-Conf\conf\includes\localhost.key -out L:\Git\NGINX-Conf\conf\includes\localhost.crt -config L:\Git\NGINX-Conf\conf\includes\localhost.conf -req -newkey rsa:2048 -keyout L:\Git\NGINX-Conf\conf\includes\localhost.key -out L:\Git\NGINX-Conf\conf\includes\certificate-signing-request.csr -config L:\Git\NGINX-Conf\conf\includes\localhost.conf +req -x509 -nodes -days 365 -newkey rsa:2048 -keyout "L:\Git\NGINX-Conf\conf\includes\localhost.key" -out "L:\Git\NGINX-Conf\conf\includes\localhost.crt" -config "L:\Git\NGINX-Conf\conf\includes\localhost.conf" ``` +```conf +ssl_certificate "includes/localhost.crt"; +ssl_certificate_key "includes/localhost.key"; +``` + +## Server Certificate (SSL/TLS) Order + +- [certificate-request](https://smptools.infineon.com/smptinyurl/orderable/?name=SSO-Certificate%20Request) + ![Certificate Request](Images/image-2023-4-26_12-25-33.png) +### Example for eaf-dev-reporting.mes.infineon.com + ```bash -# ssl_certificate "includes/localhost.crt"; -# ssl_certificate_key "includes/localhost.key"; +cd "C:\Program Files\Git\usr\bin" +openssl +req -newkey rsa:2048 -keyout "L:\Git\NGINX-Conf\conf\includes\eaf-dev-reporting.mes.infineon.com.key" -out "L:\Git\NGINX-Conf\conf\includes\certificate-signing-request.csr" -config "L:\Git\NGINX-Conf\conf\includes\eaf-dev-reporting.mes.infineon.com.conf" +``` + +```conf ssl_certificate "includes/eaf-dev-reporting.mes.infineon.com.cer"; ssl_password_file "includes/eaf-dev-reporting.mes.infineon.com.pass"; ssl_certificate_key "includes/eaf-dev-reporting.mes.infineon.com.key";