 Okay. Here we are again with you looking down on me from up above. Today we're going to be looking at something similar to what I did a couple of weeks ago in a video. We talked about Netcat or NC or NCAT, slightly different things. All kind of do the same thing. But I mentioned a few times in that video and I've had a few comments asking about doing something like that encrypted, which is what we're going to look at today. But what we're going to use is called Socat, which is basically kind of like Netcat, but it has encryption options. I'm going to show you some very basic aspects of it. I do want to start off by saying, is that a lot of what you may want to do, at least for personal stuff, if you want to do something secure across the network, just use SSH. SSHN, you can transmit stuff, you can do anything you want through SSH. I understand there's going to be cases where you can't do that. You don't want to create accounts for everybody. You know, if you're creating an app, you just want it to be able to connect with encryption keys. So we're going to look at some simple stuff today, basically doing some similar stuff that we did last time. We're going to get like a shell going remotely. But let's go ahead and jump right in. So yeah, you're going to have to have Socat installed. And we're also going to be using OpenSSL to generate some keys. So use your package manager, should be in your repositories. And also the notes for all this are up on Payspin. Check out the links in description. I'm going to go over things fairly briefly here. You know, I'm going to do a lot of copy and pasting because it's a lot of typing. But again, the notes are in the description of this video. Now looking at the screen here, I have two different machines here. The top up here that says Fort is going to be our server. And that's actually my old ThinkPad that I do use as a server to backup files to which is on the other side of the room over there. And then Chip, the bottom part of the screen here is my local, my new ThinkPad that I use as my main computer. Fort and Chip are actually both references to Punisher Comics. You may get those references, you probably won't. Anyway, here we go. So first thing we need to do is generate keys for both our server and clients. So up in our server here, we're going to use OpenSSH. We're going to use OpenSSH. GenRSA, that's the type of key we're going to be generating, the output. I'm going to just create a file in the current directory called server.key. And it's going to be 2048 bits. You're going to want to store this somewhere on your system if you're going to use it more than once. I'm just doing it in this temporary directory because I'm just doing it for this video. But create that, generate it, save it someplace that you're going to be able to access it. Okay, now we're going to take that and we're going to generate a certificate with it. Again, here we're going to require new keys. So you can look at all this stuff in the man file. Basically, we're saying create a key. It's not going to expire for 365, three days. So it's going to last for a long, long time. And so we're going to take the key that we generated here and we're going to create the certificate. Boom. Now it's going to ask you a number of things. You can leave all these blank except for one. When I first tried doing this, it messed me up because I skipped through all of them. But what we want to do is we want to click through them. You can again fill in this information you want until you get to common name. You need to fill this out and it needs to either be the IP address of the machine you're generating the key on or the domain name, whichever you're going to use to connect to it. So I'm just going to use the IP address, which on my local network, this one is 192.168.1.150. Boom. Leave the email address blank. So now I can list it out. I have a key. I have a certificate. Let's go ahead and from there, what we're going to do is we're going to cap both those files into a new file. So we have server key, server certificate, and we're going to put it in a PME file. And these are all just plain text files. So I can actually at this point cat out server dot PME and it'll actually show us the key. I'll make it full screen here. So we have our key, our key, our private key and our certificate. Okay. Now I need to put that on the client machine as well. So all I have to do in this case, again, I'll make that full screen. I'll make my terminal. Now if I'm connected through SSH, so I could transfer this file over. But since it's not very long and it's just plain text, I'm going to copy it. I'm going to come down here. I'm going to say cat into server dot PME or PEM. And then I will paste that information in there and control the or you can use Vim or whatever text editor, but I've shown you in the past that you can just use cat as text editor. So now let me zoom back in here. I have that file on my client down here at the bottom and I can cat it out. As long as I copied everything properly, it's good to go. But now we also want to make sure that the permissions are set properly on this. So we're going to use change mod 600 on both our key and our PEM file, PEM PEM file. And this is just saying basically you don't want other people on the system to be able to read or edit this file. They don't, you don't want them to have access to it at all. And so we're going to use 600, which I believe will give you, you know, read permission to it, but it will, actually let's just list out here real quick. Yeah, you have read write to it, but it's not executable and no one else can read it. Okay, so we've generated our keys for the server. We're going to do the same exact thing for the client. So here we go. We're going to generate the key. Now we're going to generate the certificate. This time I'm going to call it client key and client certificate. Again, click through these. And then when I get here, I'll put in my IP address, which is that. Okay. And then we will cat those into this file. We will then change the permissions for it. And now I'm going to cat out that client PEM file. There we go. And since that's my local machine, again, I could zoom out and copy it, or I can use something like X clip. So now it's in my clipboard. And up here, I can say cat into client dot PEM. I can now paste that file. And then I will hit control D. And you can even see, you know, just checking the last line of it, I copy the right thing. Okay, so I got that copied over. We both have service. Now we're ready to roll. We have certificates created and shared and sharing. It's always the hardest part. I don't know if I said this earlier in the video. It's like, how do you encrypt something and pass a key to somebody without somebody else getting it? If you want everything to private, I mean, there's public and private keys, but you need to share things at certain ways. It's, it's, it can be confusing. It can be difficult. So I'm just sharing things through SSH here. So when I'm transferring that stuff, it's all encrypted anyway. But yeah, you have to transfer those somehow protected. Okay, now we're going to start using so cat. So, so far, all we've done is generate keys, which can be used for lots of different things, encrypting files, encrypting anything, right? So we're going to use so cat. And we're going to say open SSL, because we're, that's the type of key we're using. And, oh, you know, I'm copying the client's information into the server. We don't want that. We're going to say so cat open SSL dash listen, we're going to give it a port here. I'm just going to use 4443. We're going to use reuse address IPv4 and fork. So reuse address just as basically if you read the man file, it's telling you that the server is able to restart right away. And fork will allow you to, so basically when I connect, it allows other clients to connect while I'm connected. And when I disconnect the server keeps running. Okay, now we're going to say the certificate for the server, the machine I'm on and the client. Okay. And then here I'm just saying dash that means anything that comes in, just show it to standard output. So we'll display on the screen. So we're just going to be sending messages back and forth. So I'll start that up. And now down here. And again, all this is in the notes in the description on pay spin. I'm going to again, so cat open SSL. Now I just need to put in the IP address or domain name if I have a domain name for the server and 50 and the port number verify zero. Not really sure what that means. I should look that up. But that's just examples that I learned from that's what they did. Now again, the certificate is going to be the one for the current machine. And then the CA file is going to be the one for the server machine, the remote machine. And then again, we're going to do just the dash saying standard outputs. Now I hit that. Now I can start typing stuff. I can say hello. And they can then up here it oops, up here I can say, Hey, buddy. So we are messaging back and forth using encryption. So these are all the commands. Once you have the keys generated, these are the commands to start up a server. And these are the commands to connect to that server. If I come down here, I can split this screen. Let me go ahead and copy and paste this exact same command down here. Just to show you, I'm going to connect to the server again. Now I have two clients connected to the same server. And I can say, Hey, pal. And that goes to the server. Okay, control C to kill out of that and close this window now and kill that with control C. But the server's still running. But I'll come up here and hit control C. So again, that's what the fork does. It allows it to keep running and allow multiple connections to the server. Okay, so what else can we do with this? There's lots of different options. But you can have it execute a command when someone when a client connects and the output can go to that client. So for example, I can say ex ec. So we're going to execute, we're going to execute, we're going to say bin date. So we're saying, when a client connects, run the date command. So if down here I run the same exact command I ran last time, I connect, it gives me the date and time of the server and then disconnects and the server is still running. So I can run it again and get that date and time again. So if you needed to synchronize clocks, there's better ways to synchronize your clocks between machines. And most things are synchronized with the internet now. But, but yeah, you can run any command. So for example, instead of the date command, I can just say bash. Now you have yourself an encrypted remote shell. So I can come up here, same can make same command for the client. And now I can list and I can see the files in here, I can type date, it will show me the date. I can do, I don't know what other commands can I do if config, there we go, we got the if config of the server. And you don't get the prompt and everything nice, like you do if you SSH in, but it's running those commands and outputting it to your screen here. Let's give one more example here. So what I'm going to do here is I'm going to go back up to this first one where we're just, excuse me, passing information back and forth. I can pipe stuff into my server. So excuse me again. I can pipe stuff into the client to go to the server is what I meant. So we're going to do this. So last time I showed you that I could I think I wrote a little program in Godot where it tracked my mouse cursor and sent that information. Well, XEV, if you're on a licks machine running Xorg, that will show you when you start that up, you get this window and it will show you whatever keys you're pressing. But also when you move the mouse, it shows you the coordinates, it shows you both the local within that window and also the total, the global. So I actually have three monitors here. So when I'm right here, it's showing that my position is pretty far over. But go ahead, let's go ahead and clear that. And what I'm going to do is I'm going to go back to this command here, and I'm just going to pipe in XEV. And I'm going to pipe that over to the server there. Something went wrong. What did I do wrong here? Is the server running? I didn't start the server. There we go. Now we'll run it. And now you can see when I'm doing it here, it's sending it to the server up here. So this is the server. And as I'm moving, all that information is being displayed on the server being sent to the server real time. I mean, instantly, boom, boom, boom, boom, boom, right? Control Q to get out of that or whatever keys you use to close a window. What I can also do is I can also, since I'm piping this and stuff, I can pipe it into something like grep. And I can grep for root colon. And I can do that now when I send it. It's going to trim out some of that information. So it's just giving the line. And if I come down here, it might be a little bit clearer. It's just giving the line with the time. And also, you can see the coordinates of the mouse cursor. Something I did try to do that didn't work out so great. If I came up here, if I try to pipe this into a cut, and I say cut, I guess a little smaller, with the colon dash F2, I was thinking that I'd be able to cut just this information here. And it works, but the cut command is obviously a little slow. And there's probably a better option for this. Because when I do this, it does work, but you can see it's lagging. It's like showing it in chunks and it's not instantaneous. So there's got to be a better way to do that. But I'm just showing you that you can pipe things, you know, from the client into the server, and then the output from the server into another process, if you need to. So yeah, so that's so cat in a nutshell. Again, check out the links in the description to everything I just did. And again, for personal stuff, if you're looking for security, SSH is awesome for most things, you know, but so cat is great. If you need to do these quick little application things across the network, and you want to encrypt it, it's just like netcat or NCAT or NC, but with encryption options, you can also use it without the encryption options, and it works kind of like netcat. But one of the main reasons you would use it is for encryption. And here we used open SSL. Again, it supports other types of encryption as well, but that's a very commonly used one. I do thank you for watching. Please visit filmsbychrist.com. That's Chris of the K. There is a link in the description. And as always, I hope that you have a great day.