Networking ex/aman ks

projects/bash_networking_security/bastion_connect.sh

@@ -1 +1,31 @@
 #!/bin/bash
+
+# Check if KEY_PATH environment variable is set
+if [ -z "$KEY_PATH" ]; then
+  echo "KEY_PATH env var is expected"
+fi
+
+# Check if the public instance IP is provided
+if [ -z "$1" ]; then
+  echo "Please provide bastion IP address"
+  exit 5
+fi
+
+# Set variables
+BASTION_IP=$1
+PRIVATE_IP=$2
+COMMAND=$3
+
+# Connect to the public instance
+if [ -z "$PRIVATE_IP" ]; then
+  ssh -i "$KEY_PATH" ubuntu@"$BASTION_IP"
+else
+  # Connect to the private instance through the public instance
+  if [ -z "$COMMAND" ]; then
+    ssh -i "$KEY_PATH" ubuntu@"$BASTION_IP" ssh -tt -i /home/ubuntu/AmanKS-private-server.pem ubuntu@"$PRIVATE_IP"
+  else
+    # Run a command on the private instance
+    ssh -i "$KEY_PATH" ubuntu@"$BASTION_IP" ssh -tt -i /home/ubuntu/AmanKS-private-server.pem ubuntu@"$PRIVATE_IP" "$COMMAND"
+  fi
+fi
+

projects/bash_networking_security/tlsHandshake.sh

@@ -1 +1,63 @@
 #!/bin/bash
+
+#!/bin/bash	#!/bin/bash -x
+
+# Step 1 - Client Hello (Client -> Server)
+RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
+   "version": "1.3",
+   "ciphersSuites": ["TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"],
+   "message": "Client Hello"
+}' http://3.80.89.74:8080/clienthello)
+
+
+# Step 2 - Server Hello (Server -> Client)
+SESSION_ID=$(echo "$RESPONSE" | jq -r '.sessionID')
+
+echo "$RESPONSE" | jq -r '.serverCert' > cert.pem
+
+
+# Step 3 - Server Certificate Verification
+wget  https://devops-feb23.s3.eu-north-1.amazonaws.com/cert-ca-aws.pem
+
+VERIFICATION=$(openssl verify -CAfile cert-ca-aws.pem cert.pem)
+
+if [ "$VERIFICATION" != "cert.pem: OK" ];
+then
+  echo "Server Certificate is invalid."
+  exit 5
+  else
+    echo "cert.pem: OK"
+fi
+
+
+# Step 4 - Client-Server master-key exchange
+#echo "Hi server, please encrypt me and send to client!" > masterKey.txt
+openssl rand -out masterKey.txt -base64 32
+
+
+
+MASTER_KEY=$(openssl smime -encrypt -aes-256-cbc -in masterKey.txt -outform DER cert.pem | base64 | tr -d '\n')
+
+
+
+# Step 5 - Server verification message
+RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
+  "sessionID": "'"$SESSION_ID"'",
+  "masterKey": "'"$MASTER_KEY"'",
+  "sampleMessage": "Hi server, please encrypt me and send to client!"
+}' http://3.80.89.74:8080/keyexchange)
+
+
+# Step 6 - Client verification message
+
+echo "$RESPONSE" | jq -r '.encryptedSampleMessage' > encSampleMsg.txt
+cat encSampleMsg.txt | base64 -d > encSampleMsgReady.txt
+
+decrypted_sample_msg=$(openssl enc -d -aes-256-cbc -pbkdf2 -kfile masterKey.txt -in encSampleMsgReady.txt)
+
+if [ "$decrypted_sample_msg" != "Hi server, please encrypt me and send to client!" ]; then
+  echo "Server symmetric encryption using the exchanged master-key has failed."
+  exit 6
+else
+  echo "Client-Server TLS handshake has been completed successfully"
+fi

projects/bash_networking_security/vpc.sh

@@ -1,4 +1,4 @@
-REGION=""
-VPC_ID=""
-PUBLIC_INSTANCE_ID=""
-PRIVATE_INSTANCE_ID=""
+REGION="eu-north-1"
+VPC_ID="vpc-0f65e720a07cb52f4"
+PUBLIC_INSTANCE_ID="i-06f114af1ad8c86a5"
+PRIVATE_INSTANCE_ID="i-06478197c46e3b152"