Closed rdorsch closed 1 year ago
mwarning
commented
1 year ago Hi,
I verified nc -l -k -p 3333 -c 'read key; echo "$key" >> ssh_keys.txt; echo "Your key was received!"' to be working for:
$ nc -h
Ncat 7.80 ( https://nmap.org/ncat )Other netcat implementations probably need a different set of parameters.
rdorsch
commented
1 year ago Am Donnerstag, 13. April 2023, 17:14:52 CEST schrieb Moritz Warning:
Hi,
I verified
nc -l -k -p 3333 -c 'read key; echo "$key" >> ssh_keys.txt; echo "Your key was received!"'to be working for: ```` $ nc -h Ncat 7.80 ( https://nmap.org/ncat )Other netcat implementations need a different set of parameters.
I suggest to add a sentence that information to the documentation.md file. I would have helped me to find out faster, what is going wrong. I was not aware that there are (so significantly) different netcat implementations.
Thanks Rainer -- Rainer Dorsch
mwarning
commented
1 year ago
Hi Moritz,
I read "SSH Key Registration" in https://github.com/mwarning/trigger/blob/master/docs/documentation.md which did not seem to work on the upcoming Debian 12:
rd@h370:~$ which nc /usr/bin/nc rd@h370:~$ nc -h OpenBSD netcat (Debian patchlevel 1.219-1) usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl] [-m minttl] [-O length] [-P proxy_username] [-p source_port] [-q seconds] [-s sourceaddr] [-T keyword] [-V rtable] [-W recvlimit] [-w timeout] [-X proxy_protocol] [-x proxy_address[:port]] [destination] [port] Command Summary: -4 Use IPv4 -6 Use IPv6 -b Allow broadcast -C Send CRLF as line-ending -D Enable the debug socket option -d Detach from stdin -F Pass socket fd -h This help text -I length TCP receive buffer length -i interval Delay interval for lines sent, ports scanned -k Keep inbound sockets open for multiple connects -l Listen mode, for inbound connects -M ttl Outgoing TTL / Hop Limit -m minttl Minimum incoming TTL / Hop Limit -N Shutdown the network socket after EOF on stdin -n Suppress name/port resolutions -O length TCP send buffer length -P proxyuser Username for proxy authentication -p port Specify local port for remote connects -q secs quit after EOF on stdin and delay of secs -r Randomize remote ports -S Enable the TCP MD5 signature option -s sourceaddr Local source address -T keyword TOS value -t Answer TELNET negotiation -U Use UNIX domain socket -u UDP mode -V rtable Specify alternate routing table -v Verbose -W recvlimit Terminate after receiving a number of packets -w timeout Timeout for connects and final net reads -X proto Proxy protocol: "4", "5" (SOCKS) or "connect" -x addr[:port] Specify proxy address and port -Z DCCP mode -z Zero-I/O mode [used for scanning] Port numbers can be individual or ranges: lo-hi [inclusive] rd@h370:~$ nc -l -k -p 3333 -c 'read key; echo "$key" >> ssh_keys.txt; echo "Your key was received!"' nc: invalid option -- 'c' usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl] [-m minttl] [-O length] [-P proxy_username] [-p source_port] [-q seconds] [-s sourceaddr] [-T keyword] [-V rtable] [-W recvlimit] [-w timeout] [-X proxy_protocol] [-x proxy_address[:port]] [destination] [port] rd@h370:~$
It worked flawless on Debian 11 which seems to have a different version of netcat:
sh@home:~$ nc -h [v1.10-46] connect to somewhere: nc [-options] hostname port[s] [ports] ... listen for inbound: nc -l -p port [-options] [hostname] [port] options: -c shell commands as `-e'; use /bin/sh to exec [dangerous!!] -e filename program to exec after connect [dangerous!!] -b allow broadcasts -g gateway source-routing hop point[s], up to 8 -G num source-routing pointer: 4, 8, 12, ... -h this cruft -i secs delay interval for lines sent, ports scanned -k set keepalive option on socket -l listen mode, for inbound connects -n numeric-only IP addresses, no DNS -o file hex dump of traffic -p port local port number -r randomize local and remote ports -q secs quit after EOF on stdin and delay of secs -s addr local source address -T tos set Type Of Service -t answer TELNET negotiation -u UDP mode -v verbose [use twice to be more verbose] -w secs timeout for connects and final net reads -C Send CRLF as line-ending -z zero-I/O mode [used for scanning] port numbers can be individual or ranges: lo-hi [inclusive]; hyphens in port names must be backslash escaped (e.g. 'ftp-data'). sh@home:~$ which nc /bin/nc sh@home:~$
Digging somewhat more revealed that Debian 12 (and potentially earlier versions) come with two versions of netcat:
rd@h370:~$ ls -l /bin/nc.traditional -rwxr-xr-x 1 root root 34952 Aug 20 2021 /bin/nc.traditional rd@h370:~$ ls -l /bin/nc.openbsd
-rwxr-xr-x 1 root root 43592 Oct 20 23:19 /bin/nc.openbsd rd@h370:~$ ls -l /usr/bin/nc lrwxrwxrwx 1 root root 20 May 13 2018 /usr/bin/nc -> /etc/alternatives/nc rd@h370:~$ ls -l /etc/alternatives/nc lrwxrwxrwx 1 root root 15 Oct 13 2019 /etc/alternatives/nc -> /bin/nc.openbsd rd@h370:~$
It seems that the description in trigger in incompatible with the openbsd variant.