├── LICENSE ├── README.md ├── core_install.sh ├── coressh.iso └── credentials.txt /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # coressh 2 | Build a custom Core .iso operating system with a SSH server 3 | 4 | #### What is the Core Project? 5 | 6 | The [Core Project](http://distro.ibiblio.org/tinycorelinux) is a project dedicated to providing a small, minimal Linux distribution that can be configured for any number of purposes. Tiny Core is 7 | 8 | >designed to run from a RAM copy created at boot time. Besides being fast, this protects system files from changes and ensures a pristine system on every reboot. Easy, fast, and simple renew-ability and stability is a principle goal of Tiny Core.[^1] 9 | 10 | There are three main flavors in the Core suite: 11 | 12 | * Core (9 MB) - command-line only 13 | * TinyCore (15 MB) - Includes a GUI, wired network support only 14 | * CorePlus (72 MB) - Different windows managers, various keyboard layouts, and wireless support 15 | 16 | #### Overview 17 | 18 | This tutorial provides a walkthrough of how to build a custom ~13 MB Core .iso operating system with a Secure Shell (SSH) server. The 15 MB TinyCore will be used as the operating system and platform to create and configure the Core base .iso. 19 | 20 | The goal is to have a customized Core .iso that can be booted into using virtualization software, such as VMware, in mere seconds and is completely memory resident. The operating system is not installed onto a hard drive. The purpose of this tutorial is to set the stage for the next one, which will be about SSH tunneling through a single and multiple servers for the purpose of protecting Internet traffic on public networks, penetration testing, or accessing your home network. 21 | 22 | The resulting Core SSH server is perfect for practicing tunneling concepts because it is lightweight, memory-resident, and multiple SSH servers can be spun up in seconds. The install script and pre-configured coressh.iso files are available on the Opsdisk Github repository here: https://github.com/opsdisk/coressh. 23 | 24 | Pull requests, suggestions, and improvements are always welcome through our [contact](http://www.opsdisk.com/#contact) page or [twitter](https://twitter.com/opsdisk). 25 | 26 | #### Warning 27 | The primary purpose of the tutorial is to create a lightweight SSH server. No hardening or security best practices (denying root logins, using pre-shared keys) have been implemented with the configuration of the SSH server. **You should use the core_install.sh script to generate your own SSH host keys if you are paranoid and don't want to use the pre-configured coressh.iso provided on Github.** If you just want to set up a quick SSH lab and are not concerned about security, then the pre-configured coressh.iso is OK. 28 | 29 | #### General Flow 30 | Below is the general flow of building a custom Core .iso: 31 | 32 | * Boot into the Tiny Core .iso operating system 33 | * Install OpenSSH and ezremaster packages. OpenSSH is the SSH server and [ezremaster](http://wiki.tinycorelinux.net/wiki:remastering_with_ezremaster) is used to create custom .iso files. 34 | * Pull down core\_install.sh file from the Opsdisk coressh repository or a local web server to configure the server. This script will pull down the [Core-current.iso](http://distro.ibiblio.org/tinycorelinux/6.x/x86/release/Core-current.iso) to customize, edit a couple of files, and create the Core .iso using ezremaster. 35 | * Pull the customized Core .iso file off the Virtual Machine through SFTP. 36 | * Boot the coressh.iso as a virtual machine. 37 | 38 | #### Setting Up the Build Platform 39 | This walkthrough uses VMware Workstation 11 as the virtualization software. Your mileage may vary with other virtualization software versions and software. 40 | 41 | 1) Download the [TinyCore](http://distro.ibiblio.org/tinycorelinux/6.x/x86/release/TinyCore-current.iso) .iso file. 42 | 43 | 2) Create the TinyCore VM with the following characteristics: 44 | 45 | * Install from the TinyCore-current.iso file 46 | * Guest operating system is "Other Linux 3.x kernel" 47 | * Virtual machine name: "TinyCore" 48 | * Maximum disk size: .001 GB; Store virtual disk as a single file 49 | * Customize Hardware: 256 MB Memory, 1 processor, bridged Network Adapter, uncheck the "Connect at power on" for USB, sound card, and printer 50 | * Power on the virtual machine 51 | 52 | #### Creating the Customized Core .iso 53 | After powering on the virtual machine, select the first boot option "Boot TinyCore". After the operating system loads, click on the terminal icon at the bottom on the far right. At this point, you must hand jam commands into the terminal because SSH and VMware Tools are not installed for easy copy/paste. 54 | 55 | ```bash 56 | # Ensure you box has an IP address and that DNS works: 57 | ifconfig 58 | ping yahoo.com -c 2 59 | 60 | # Install openssl to retrieve HTTPS file from GitHub 61 | tce-load -iw openssl-1.0.1.tcz 62 | 63 | # Pull down core_install.sh script 64 | wget https://github.com/opsdisk/coressh/raw/master/core_install.sh -P /tmp 65 | 66 | # Mark script as executable 67 | sudo chmod +x /tmp/core_install.sh 68 | 69 | # Remove potential DOS line breaks 70 | dos2unix /tmp/core_install.sh 71 | 72 | # Execute the install script 73 | /tmp/core_install.sh 74 | ``` 75 | 76 | From this point on, the script will take care of the rest. It will prompt you to change the passwords for the tc and root user accounts. Below are the credentials for the pre-configured coressh.iso SSH server: 77 | 78 | ``` 79 | user: tc 80 | password: masterpassword 81 | 82 | user: root 83 | password: masterpassword 84 | ``` 85 | 86 | If you want to walkthrough the script line by line, check out the Script Walkthrough at the end of this tutorial. Once the script completes, pull the newly created ezremaster.iso off the TinyCore VM using a SFTP compatible program, like WinSCP, Filezilla, or the linux scp command. 87 | 88 | #### Booting Up the New Core .iso 89 | Create a new Core VM with the same characteristics as the TinyCore VM, except you can tweak the memory down to 128 MB (try 64 MB first and see if it crashes out). 90 | 91 | * Install from the coressh.iso file 92 | * Guest operating system is "Other Linux 3.x kernel" 93 | * Virtual machine name: "CoreSSH" 94 | * Maximum disk size: .001 GB; Store virtual disk as a single file 95 | * Customize Hardware: 128 MB Memory, 1 processor, bridged Network Adapter, uncheck the "Connect at power on" for USB, sound card, and printer 96 | * Power on the virtual machine 97 | 98 | #### Conclusion 99 | This tutorial walks you through creating a minimal Core SSH server that will be used in the next series covering SSH tunneling techniques and tips for the purpose of protecting Internet traffic on public networks, penetration testing, or accessing your home network. All of the code and files can be found on the Opsdisk Github repository here: https://github.com/opsdisk/coressh 100 | 101 | #### Script Walkthrough 102 | 103 | Install OpenSSH and ezremaster 104 | 105 | ```bash 106 | tce-load -iw openssh.tcz ezremaster.tcz 107 | ``` 108 | 109 | Start the SSH server 110 | 111 | ```bash 112 | sudo /usr/local/etc/init.d/openssh start 113 | ``` 114 | 115 | Download the Core-current.iso file to /tmp 116 | 117 | ```bash 118 | wget http://distro.ibiblio.org/tinycorelinux/6.x/x86/release/Core-current.iso -P /tmp 119 | ``` 120 | 121 | For the ezremaster walkthrough, click on the ezremaster icon (looks like a CD with "ez" on it) at the bottom of the screen. Select these options: 122 | 123 | ```bash 124 | read -p "Open ezremaster. Click on the ezremaster icon (looks like a CD with 'ez' on it) at the bottom of the screen." 125 | read -p "Use ISO Image, specifying the /tmp/Core-current.iso file" 126 | read -p "Next, Next" 127 | read -p "Click load under the 'Extract TCZ in to initrd'" 128 | read -p "Remove everything except openssh.tcz" 129 | read -p "Next until you can Create ISO (BUT DON'T CREATE ISO YET)" 130 | read -p "Press Enter to continue..." 131 | ``` 132 | 133 | Edit the isolinux.cfg file to change the boot timeout from 300 (30 seconds) to 10 (1 second). 134 | 135 | ```bash 136 | sudo cp /tmp/ezremaster/image/boot/isolinux/isolinux.cfg /tmp/ezremaster/image/boot/isolinux/isolinux.cfg.backup 137 | sudo sed -i 's/timeout 300/timeout 10/' /tmp/ezremaster/image/boot/isolinux/isolinux.cfg 138 | ``` 139 | 140 | **isolinux.cfg** contents 141 | 142 | display boot.msg 143 | default microcore 144 | label microcore 145 | kernel /boot/vmlinuz 146 | initrd /boot/core.gz 147 | append loglevel=3 148 | 149 | label mc 150 | kernel /boot/vmlinuz 151 | append initrd=/boot/core.gz loglevel=3 152 | implicit 0 153 | prompt 1 154 | timeout 10 155 | F1 boot.msg 156 | F2 f2 157 | F3 f3 158 | F4 f4 159 | 160 | Add the SSH host keys that were generated when TinyCore installed SSH. Not required, but otherwise every reboot will generate new keys. **You should use the core_install.sh script to generate your own host keys if you are paranoid and don't want to use the pre-configured coressh.iso provided on Github.** 161 | 162 | ```bash 163 | sudo cp -f /usr/local/etc/ssh/ssh_host_* /tmp/ezremaster/extract/usr/local/etc/ssh 164 | ``` 165 | Edit the SSH server configuration 166 | 167 | ```bash 168 | sudo cp /tmp/ezremaster/extract/usr/local/etc/ssh/sshd_config /tmp/ezremaster/extract/usr/local/etc/ssh/sshd_config.backup 169 | 170 | # Allow root to login 171 | sudo sed -i 's/#PermitRootLogin/PermitRootLogin/' /tmp/ezremaster/extract/usr/local/etc/ssh/sshd_config 172 | 173 | # Allows reverse SSH tunnels (-R option) to listen on interfaces besides 127.0.0.1 174 | sudo sed -i 's/#GatewayPorts no/GatewayPorts yes/' /tmp/ezremaster/extract/usr/local/etc/ssh/sshd_config 175 | ``` 176 | 177 | Ensure the correct file permissions for the SSH host keys 178 | 179 | ```bash 180 | sudo chown root /tmp/ezremaster/extract/usr/local/etc/ssh/ssh_host* 181 | sudo chmod 644 /tmp/ezremaster/extract/usr/local/etc/ssh/ssh_host*pub 182 | sudo chmod 600 /tmp/ezremaster/extract/usr/local/etc/ssh/ssh_host*key 183 | ``` 184 | Start the SSH server on boot 185 | 186 | ```bash 187 | sudo cp /tmp/ezremaster/extract/opt/bootlocal.sh /tmp/ezremaster/extract/opt/bootlocal.sh.backup 188 | sudo echo "/usr/local/etc/init.d/openssh start" >> /tmp/ezremaster/extract/opt/bootlocal.sh 189 | ``` 190 | 191 | **bootlocal.sh** contents: 192 | 193 | ```bash 194 | #!/bin/sh 195 | # put other system startup commands here 196 | /usr/local/etc/init.d/openssh start 197 | ``` 198 | 199 | Give the "tc" user a password 200 | 201 | ```bash 202 | passwd tc 203 | ``` 204 | 205 | Change root user password 206 | 207 | ```bash 208 | sudo passwd root 209 | ``` 210 | Copy the /etc/shadow & /etc/passwd files (which have the new tc and root passwords) from the current TinyCore operating system to the new Core build 211 | 212 | ```bash 213 | sudo cp -f /etc/shadow /tmp/ezremaster/extract/etc/shadow 214 | sudo cp -f /etc/passwd /tmp/ezremaster/extract/etc/passwd 215 | ``` 216 | 217 | Create the final .iso file using ezremaster. The final location is /tmp/ezremaster/ezremaster.iso 218 | 219 | ```bash 220 | read -p "Now click on Create ISO...script is done. File location: /tmp/ezremaster/ezremaster.iso" 221 | ``` 222 | 223 | [^1]: http://distro.ibiblio.org/tinycorelinux/concepts.html 224 | 225 | 226 | -------------------------------------------------------------------------------- /core_install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is used to create a custom Core .iso operating system 3 | # with a running SSH server. The core iso is created from 4 | # a running TinyCore instance, with some of the settings transferred 5 | # to the new Core .iso. 6 | # MIT License 7 | # Opsdisk LLC | opsdisk.com 8 | 9 | ################################# 10 | # Setting up the build platform # 11 | ################################# 12 | # Install from the TinyCore-current.iso file 13 | # Guest operating system is "Other Linux 3.x kernel" 14 | # Virtual machine name: "TinyCore" 15 | # Maximum disk size: .001 GB; Store virtual disk as a single file 16 | # Customize Hardware: 256 MB Memory, 1 processor, bridged Network Adapter, uncheck the "Connect at power on" for USB, sound card, and printer 17 | # Power on the virtual machine 18 | 19 | # These commands are run on target, not from the script. 20 | # Ensure you box has an IP address and that DNS works 21 | # ifconfig 22 | # ping yahoo.com -c 2 23 | # Install openssl to retrieve HTTPS file from GitHub 24 | # tce-load -iw openssl-1.0.1.tcz 25 | # Pull down core_install.sh script 26 | # wget https://github.com/opsdisk/coressh/raw/master/core_install.sh -P /tmp 27 | # Mark script as executable 28 | # sudo chmod +x /tmp/core_install.sh 29 | # Remove potential DOS line breaks 30 | # dos2unix /tmp/core_install.sh 31 | # Execute the install script 32 | # /tmp/core_install.sh 33 | 34 | # Install openssh and ezremaster 35 | tce-load -iw openssh.tcz ezremaster.tcz 36 | 37 | # Start the SSH server 38 | sudo /usr/local/etc/init.d/openssh start 39 | 40 | # wget the Core-current.iso file to /tmp 41 | wget http://distro.ibiblio.org/tinycorelinux/6.x/x86/release/Core-current.iso -P /tmp 42 | 43 | # ezremaster walkthrough 44 | read -p "Open ezremaster. Click on the ezremaster icon (looks like a CD with 'ez' on it) at the bottom of the screen." 45 | read -p "Use ISO Image, specifying the /tmp/Core-current.iso file" 46 | read -p "Next, Next" 47 | read -p "Click load under the 'Extract TCZ in to initrd'" 48 | read -p "Remove everything except openssh.tcz" 49 | read -p "Next until you can Create ISO (BUT DON'T CREATE ISO YET)" 50 | read -p "Press Enter to continue..." 51 | 52 | ########################### 53 | # Modifying the new build # 54 | ########################### 55 | 56 | # Edit the isolinux.cfg file to change the boot timeout from 300 (30 seconds) to 10 (1 second) 57 | #sudo cp -f /tmp/core_install/isolinux.cfg /tmp/ezremaster/image/boot/isolinux/isolinux.cfg 58 | sudo cp /tmp/ezremaster/image/boot/isolinux/isolinux.cfg /tmp/ezremaster/image/boot/isolinux/isolinux.cfg.backup 59 | sudo sed -i 's/timeout 300/timeout 10/' /tmp/ezremaster/image/boot/isolinux/isolinux.cfg 60 | 61 | # Add the SSH keys generated when TinyCore installed SSH. Not required, but otherwise every reboot will generate new keys. 62 | #sudo cp -f /tmp/core_install/ssh_host* /tmp/ezremaster/extract/usr/local/etc/ssh 63 | sudo cp -f /usr/local/etc/ssh/ssh_host_* /tmp/ezremaster/extract/usr/local/etc/ssh 64 | 65 | # Edit the SSH server configuration 66 | #sudo cp -f /tmp/core_install/sshd_config /tmp/ezremaster/extract/usr/local/etc/ssh/sshd_config 67 | sudo cp /tmp/ezremaster/extract/usr/local/etc/ssh/sshd_config /tmp/ezremaster/extract/usr/local/etc/ssh/sshd_config.backup 68 | sudo sed -i 's/#PermitRootLogin/PermitRootLogin/' /tmp/ezremaster/extract/usr/local/etc/ssh/sshd_config 69 | sudo sed -i 's/#GatewayPorts no/GatewayPorts yes/' /tmp/ezremaster/extract/usr/local/etc/ssh/sshd_config 70 | 71 | # Ensure the correct file permissions for the SSH keys 72 | sudo chown root /tmp/ezremaster/extract/usr/local/etc/ssh/ssh_host* 73 | sudo chmod 644 /tmp/ezremaster/extract/usr/local/etc/ssh/ssh_host*pub 74 | sudo chmod 600 /tmp/ezremaster/extract/usr/local/etc/ssh/ssh_host*key 75 | 76 | # Start the SSH server on boot 77 | #sudo cp -f /tmp/core_install/bootlocal.sh /tmp/ezremaster/extract/opt/bootlocal.sh 78 | sudo cp /tmp/ezremaster/extract/opt/bootlocal.sh /tmp/ezremaster/extract/opt/bootlocal.sh.backup 79 | sudo echo "/usr/local/etc/init.d/openssh start" >> /tmp/ezremaster/extract/opt/bootlocal.sh 80 | 81 | # Give the "tc" user a password 82 | passwd tc 83 | 84 | # Change root user password 85 | sudo passwd root 86 | 87 | # Copy the /etc/shadow & /etc/passwd files (which have the new tc and root passwords) from the current TinyCore operating system to the new Core build 88 | sudo cp -f /etc/shadow /tmp/ezremaster/extract/etc/shadow 89 | sudo cp -f /etc/passwd /tmp/ezremaster/extract/etc/passwd 90 | 91 | read -p "Now click on Create ISO...script is done. File location: /tmp/ezremaster/ezremaster.iso" 92 | -------------------------------------------------------------------------------- /coressh.iso: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opsdisk/coressh/8ed6d86c54eca83fd5e9f76e0891f5e0dbbffaba/coressh.iso -------------------------------------------------------------------------------- /credentials.txt: -------------------------------------------------------------------------------- 1 | Credentials for pre-configured coressh.iso 2 | 3 | user: tc 4 | password: masterpassword 5 | 6 | user: root 7 | password: masterpassword --------------------------------------------------------------------------------