SL:Identive NFC und Diskussion:Shell/Fingerprints: Unterschied zwischen den Seiten
(Unterschied zwischen Seiten)
Zur Navigation springen
Zur Suche springen
imported>Arne.bochem (Add information about MIFARE cards.) |
imported>Matthias.neumann (Neuer Abschnitt →shell server fingerprints) |
||
| Zeile 1: | Zeile 1: | ||
| + | When trying to connect to<br /> |
||
| − | The Sensorlab has an [http://www.identivenfc.com/en/nfc-software-development-kit-sdk/nfc-solutions-development-kit-sdk.htm Identive NFC SDK], which includes three NFC readers. Drivers can be found on the [http://www.identive-group.com/products-and-solutions/identification-products/mobility-solutions/mobile-readers/scl3711-contactless-usb-smart-card-reader Identive] website. This page contains some information about using the hardware. |
||
| + | <code>shell.stud.informatik.uni-goettingen.de</code><br/> |
||
| + | via ssh, it tells me that the fingerprint is<br /> |
||
| + | <code>SHA256:L+FCMj2bm8x/BfR8AdaaLnqTmFD35D0EYNlFG7a2dt8</code>,<br/> |
||
| + | which is documented here to be the old fingerprint, so it should only have been in use till april 2017. |
||
| + | So, is the documentation incorrect or is the shell server still using the older fingerprint (at least sometimes)? |
||
| + | --[[Benutzer:Matthias.neumann|Matthias.neumann]] 17:29, 27. Sep. 2017 (CEST) |
||
| + | == shell server fingerprints == |
||
| − | To use it on Linux, it is required to install some additional software. Debian packages can be found in the sensorlab AFS directory: documents/Hardware/IdentiveNFC/ |
||
| + | Also, the fingerprints for <tt>ssh-ed25519</tt> is the same on <tt>shell.informatik.uni-goettingen.de</tt> and <tt>shell.stud.informatik.uni-goettingen.de</tt>, but does not match any of the fingerprints documented. |
||
| − | To install them, as root: |
||
| + | I get the following fingerprint: <tt>SHA256:H4FLNG2aNYRZ3jxepIx5E0s0a2ZvtZbbmVLt56b+nK0</tt>. |
||
| − | |||
| + | What is the correct fingerprint? |
||
| − | dpkg -i libusb_0.1.12-1_i386.deb |
||
| + | If the documentation is correct, it looks like I'm getting the old fingerprints while the server should be using the new ones... |
||
| − | dpkg -i pcsc-lite_1.8.11-1_i386.deb |
||
| − | |||
| − | Once installed, the proprietary driver has to be installed: |
||
| − | |||
| − | tar -xvzf scx371x_2.11_linux_32bit.tar.gz |
||
| − | cd scx37* |
||
| − | sh ./install.sh |
||
| − | |||
| − | The usbdetach program found in the USBDetach folder will also be necessary. Either recompile it or copy it as is: |
||
| − | |||
| − | cp USBDetach/usbdetach /usr/bin |
||
| − | chown root.root /usr/bin/usbdetach |
||
| − | chmod 755 /usr/bin/usbdetach |
||
| − | |||
| − | After everything is set up, attach the NFC reader. After attaching it, first we have to detach it from the kernel's default driver, because the proprietary driver doesn't do this for us, which is unfortunate and leads to odd error messages. To do this, first run "lsusb", look for "SCM Microsystems, Inc." and copy the device ID (format: ????:????). Then run "usbdetach -d YOURDEVICEID -i 0 -f", e.g.: |
||
| − | |||
| − | lsusb |
||
| − | usbdetach -d 04e6:5591 -i 0 -f |
||
| − | |||
| − | Now, pcscd can be started to make use of the NFC reader: |
||
| − | |||
| − | LD_LIBRARY_PATH=/usr/local/lib LIBCCID_ifdLogLevel=0x000F /usr/local/sbin/pcscd --foreground --debug |
||
| − | |||
| − | If you bring an NFC tag (one of the included tags or a student ID for example) close to the reader, you should get output similar to this: |
||
| − | |||
| − | 27319699 eventhandler.c:407:EHStatusHandlerThread() powerState: POWER_STATE_POWERED |
||
| − | 00000019 eventhandler.c:422:EHStatusHandlerThread() Card inserted into SCL3711 Reader and NFC Device 00 00 |
||
| − | 00000017 Card ATR: 3B 8F 80 01 80 4F 0C A0 00 00 03 06 03 00 01 00 00 00 00 6A |
||
| − | 00400075 eventhandler.c:481:EHStatusHandlerThread() powerState: POWER_STATE_UNPOWERED |
||
| − | |||
| − | Using the included "ISO14443A - TOPAZ 512" tags will lead to a segfault. (It might be nice if we wrote our own driver that doesn't.) |
||
| − | |||
| − | For MIFARE cards, data can be retrieved using nfc-mfclassif from the [http://nfc-tools.org/index.php?title=Libnfc:nfc-mfclassic nfc-tools] package: |
||
| − | |||
| − | nfc-mfclassic r a nfc-card.a nfc-keys f |
||
| − | nfc-mfclassic r b nfc-card.b nfc-keys f |
||
| − | |||
| − | This will write the contents to nfc-card.a and nfc-card.b while using the keys provided in nfc-keys. Keys for an existing MIFARE card can be easily extracted using the mfoc tool. |
||
Version vom 27. September 2017, 20:20 Uhr
When trying to connect to
shell.stud.informatik.uni-goettingen.de
via ssh, it tells me that the fingerprint is
SHA256:L+FCMj2bm8x/BfR8AdaaLnqTmFD35D0EYNlFG7a2dt8,
which is documented here to be the old fingerprint, so it should only have been in use till april 2017.
So, is the documentation incorrect or is the shell server still using the older fingerprint (at least sometimes)?
--Matthias.neumann 17:29, 27. Sep. 2017 (CEST)
shell server fingerprints
Also, the fingerprints for ssh-ed25519 is the same on shell.informatik.uni-goettingen.de and shell.stud.informatik.uni-goettingen.de, but does not match any of the fingerprints documented. I get the following fingerprint: SHA256:H4FLNG2aNYRZ3jxepIx5E0s0a2ZvtZbbmVLt56b+nK0. What is the correct fingerprint? If the documentation is correct, it looks like I'm getting the old fingerprints while the server should be using the new ones...