Quassel is an IRC client which can be setup to have a core server, and a client, where the core is always up and running so that you are always available in IRC and also, ideally, have less connection issues etc, etc… Let’s just get right to it.
Note: There won’t be a whole lot of explanation here, as the pictures are pretty straight forward.
Sign up for Amazon Web Services and Create EC2 AMI
Create an account for AWS at http://aws.amazon.com and then login to your AWS console. You are presented the following screen. There are lots of options, but for now, all we want is a simple EC2 server on their cloud.
Click “Amazon EC2” and then “Create Instance”
There are sever AMI’s (Amazon Machine Instances) available to choose from. I am going to fire up an Ubuntu 14.04 Server, but you can choose which ever you’re comfortable/most familiar with.
Note: "Free Tier Eligible means just that, it is free to use. However, this is only for 12 months and then they’ll begin to bill you. Also, this is only for new Amazon Web Services customers. I didn’t know this and I’ve been getting billed… it’s not too expensive… but still… not very hard to just create a new account (not very hard to just create a new account every 12 months either hehe).
##Choose amount of virtual processors and RAM for the machine
Unless you plan to do something beyond the scope of this tutorial, the minimum specs are fine… resist your inner nerd urge to have more than 1GB of RAM… I know… it’s hard, but it’s plenty, trust me, I’m some guy on the internet, I’d never lie.
##Choose your subnet info
Again, do nothing here.
##Choose storage space
I’d just leave it at 15GB… you could even go less, unless you plan to use this AMI to store anything in the future.
Note: You get 30GB of free storage across any/all AMI’s you are running (though I think 2 is the limit for free).
##Create a Tag for your AMI
As far as I know, this is just used within the AWS console to refer to this specific AMI at times.
##Create a security Group
A security group in AWS is just a name given to a particular set of firewall rules that you can apply to groups of machines or a single machine as you see fit. This consists primarily of which ports it’s allowed to recieve ingress (inbound) traffic on, and what IP addresses or address range it will accept connections from.
If you know that your IP is static and won’t change, and you only connect from a couple places, you can go ahead and add your home IP address and connect from anywhere you want. If you’re using this AMI as a staging server for some attack vector and connecting to it through a VPN, you’d definitely want to leave this open/set to 0.0.0.0 so any IP can connect.
Go ahead and open up port 22 so you can SSH into your machine as need be. And then open up whatever port you want Quassel to run on. I was going to have that as 31337 for this demo, but didn’t record the process of changing it so you’ll have to figure that out on your own.
Note: You actually have to open 4242 as well for the initial Quassel Core connection, so your inbound open ports should look like this instead
##Review EC2 AMI settings and click launch
##Create SSH Key Pair for secure SSH connections.
Amazon does not give their instances default passwords, as they feel that would be too insecure (rightfully so), so instead, they have you create an SSH Key Pair and they drop the public key into your AMI’s /etc/hosts/ directory for you and give you the matching private key. Type in a name for your private key and click “download”. Save this as
>.pem somewhere safe/secure where you will not lose it, as you cannot download this private key again.
##Actually launch AMI
Click “Launch Instances” and your AMI will actually be up and running.
##View launch log
You can click “View launch log” to see the state your AMI is in as it’s booting up.
##Connect to EC2 AMI over SSH with Putty (or just ssh on linux =p)
Windows has no SSH client by default, so you need to acquire one. Sadly, there are only really 2 options that work reliably as far as I know… using cygwin to emulate a linux terminal on your windows machine, and installing ssh via cygwin, or using PuTTY. The later is way easier, and Putty is actually pretty powerful and awesome in its own right. Go ahead and download and install PuTTY. I don’t have pictures for this… I have faith in your ability to run *.exe’s from unknown sources ;p.
##Import private key into PuTTY
Putty actually has a seperate program entirely for handling import/export/generation of public/private keys (probably due to the large codebase involved with all the different algorithms different keys cant support). So in Windows, find and run Putty-Gen, and then click the"Load" button where it says “Load existing Private Key”. It will pop up and tell you that the key was loaded successfully.
#Save private key as PuTTY compatible key
Putty has some sort of different format for the file types for its keys… loading the key simple extracted the raw data of they key into the resulting window for viewing, now you must choose “Save Private Key” to save it as a Putty Key Type. Feel free to give it a passsphrase though it is not required.
Note: Have fun with half of my private key… if anyone can come up with some decent hashing/collision programs, my free-tier AMI is all yours ;p.
##Grab the IP address or hostname of your AMI from AWS Console
Run PuTTY, input the IP/hostname of your AMI, and then go ahead and give this SSH session a name for good measure (saves all the data attributed with this SSH connection for later use) and click “Save”.
##Configure Putty session with Private Key and username
Go to Connection->Data and enter the default username in the “Auto-Login username” field. For most AWS EC2 AMI’s, this username is ec2-user, however you should read the documentation for the AMI you choose, as the default username for the Ubuntu AMI is ubuntu.
Go to Connections->SSH->Auth, click the Browse button next to “Private key file for authorization”, and choose the putty compatible private key that you created with PuTTY Gen.
Note: At this point you should choose “Save Session” again back under the Session tab at the very top of the left hand tree. Otherwise, you’ll have to load the key again each time and username, as we so far only chose “save” after entering the IP/host information.
##Connect to your AMI
The first time connecting to a new host over SSH with PuTTY you should get a prompt telling you the fingerprint is unknown and asking if you want to trust it before. This is a MITM mitigation by PuTTY… if one day your fingerprint is just suddenly different for no reason, you should Not connect, and figure out why (if it’s not an attack, it’s likely because the IP address changed, while the public DNS record remained the same, or something of the sorts… buuuuut also prob just means something fishy is happening). Go ahead anc click “Yes” to accept the fingerprint as known.
##Update, Upgrade, and Install Quassel-Core with the following commands
sudo apt-get update
sudo apt-get install upgrade
sudo apt-get install quassel-core
Note: I forgot to take pictures of the update/upgrade, but there’s nothing more to it.
##Run Quassel Client and connect to AMI’s IP/hostname on port 4242
Note: At this point, if you’re on linux, you’ll need to sudo apt-get quassel-client
##Add Core to Quassel Client
Run Quasel Client. Choose “Add Core”.
##Fill in details for Core server
Give the core an “Account Name” which is just seen from the client when choosing a core.
Enter the IP/hostname of the core, which can be the IP or the public DNS provided by amazon.
Enter “4242” as the port to connect to.
Enter whatever username and password you want. It creates this account as the super user account for the quassel core.
Enter any proxy information you may have for whatever reason.
Click Ok and connect to Quassel Core.
##Follow the Quassel-Core setup Wizard
Choose SQLiteDB as database type, unless you’re configuring a core to have many, many users (which some people do), in which case you’d want a postgres DB.
Note: if you choose postgres you’ll have to apt-get install that onto the ubuntu server and/or configure it if it’s already installed.
At this point, you choose “Connect to Core”, and your Quassel Client connects to your Quassel Core. From here you need to add your Quassel Identity containing your IRC nickname(s) and IRC server info of whatever server(s) you connect to with those nicknames.
I wrote a tutorial a few days ago on how to connect to the 0x00sec IRC with Quassel just using the quassel stand-alone program, not the client… however once you connect to the core with the client, the process is identical, so for the rest of this tutorial, jump on over there and do that. See you on the other side!