Chryseus.co.uk

  • Plotting Orbits – Part 1

    Date Posted:

    This article has been reworked on 21 March 2021
- Fixed error in first equation

    Using the orbital equation it is possible to plot the orbits of planets, moons and other objects to a reasonable degree of precision, this however only works for visualising orbits that are relatively stable or at an instant in time.

    Accurate orbit data (ephemeris) can be obtained from NASA JPL Horizons system, in this case we’re interested in the Kerlerian elements rather than the state vectors which are more suitable for simulation.

    In this part I will only be plotting the orbit in two dimensions, I will cover the plotting of orbits in three dimensions in another part.

    Plotting an ellipse

    Most orbits are elliptical, although some are relatively close to circular such as the earth-sun and geosynchronous satellites, none are exactly perfect and will drift over time due to orbital perturbations, the following equation can plot a circle, ellipse, parabola or hyperbola depending on the eccentricity value, if you are not familar eccentricity is a unitless value that determines the shape of an orbit, 0 is a circle, between 0 and 1 is an ellipse, exactly 1 is a parabola and greater than 1 is a hyperbola.

    To plot in polar form the equation is:

    $$ r = \frac{a(1-\varepsilon^2)}{1+\varepsilon \cos \theta} $$

    Where a is the semi-major axis of the ellipse (the radius from the focal point) and ε (epsilon) is the eccentricity of the orbit, this can be converted to rectangular form with:

    $$ x = r \cos \theta $$

    $$ y = r \sin \theta $$

    The maximum and minimum distance from the focal point can be calculated with:

    $$r_{min} = \frac{a(1-\varepsilon^2)}{1+\varepsilon}$$

    $$r_{max} = \frac{a(1-\varepsilon^2)}{1-\varepsilon}$$

    An example of the results can be seen below:

    Rectangular form

    If you’d rather plot directly in rectangular rather than polar you can use this equation:

    $$ \frac{(x+F_1)^2}{a^2} + \frac{y^2}{b^2}=1 $$

    Where b is the semi-minor axis, and F1 is one of the two focal points, in this case the one on the right is chosen to match up with the polar equation which uses the right focal point also, the semi-minor axis can be calculated with:

    $$ b = a \sqrt{1- \varepsilon^2} $$

    And for the focal point:

    $$ F_1 = \sqrt{a^2 – b^2} $$

    Since it’s centred on the focal point F1, the centre of the ellipse is at (-F1,0) whilst F2 is at (-2*F1,0), it’s important to note that this equation does not work with an eccentricity equal or above 1.

    Alternative equation

    The alternative form given in the Wikipedia article is somewhat more complicated but yields the same results, in order for this to work you need to know the velocity at periapsis.

    To calculate the velocity you can use the vis-viva equation, using the distance to periapsis:

    $$v =\sqrt{\mu \frac{2}{r_{min}}-\frac{1}{a}}$$

    Where μ is the gravitational parameter:

    $$\mu = GM$$

    For example for earth:

    $$v =\sqrt{1.327184555 \times 10^{20} \frac{2}{1.47095 \times 10^{11}}-\frac{1}{1.49598023 \times ^{11}}} = \approx 30287.94 \text{m}/\text{s}$$

    The equation to plot the orbit is:

    $$r = \frac{\ell^2}{m^2\mu}\frac{1}{1+\varepsilon\cos{\theta}}$$

    Where m is the mass of the secondary body and the angular momentum ℓ is:

    $$\ell = m v r_{min}$$

    Categories:

    Tags:

    , ,

  • Measuring Amplifier AC Impedance

    Date Posted:

    Knowing the impedance of an amplifier or any electronic circuit can be very useful, for lower frequency applications it’s desirable to have the source impedance be much lower than the load impedance to minimize voltage drop, in RF applications and where maximum power transfer is needed it’s better to match impedance to avoid reflections, the latter is a bit more complicated so in this article we will only be considering lower frequencies, typically below 10MHz.

    Making the measurement

    The only things you need to measure the impedance is a variable resistor (potentiometer), a signal generator and a multi-meter to measure resistance and AC voltage, an oscilloscope is also desirable as multi-meters generally do not measure signals of higher frequency that well.

    Ensure your potentiometer is rated to handle the signal power

    For measuring input impedance naturally you want the variable resistance to be at the input to your amplifier, while with output impedance you want it to be at the output, the goal is to adjust the resistance until the signal voltage drops by half the input value, the signal frequency should be the nominal expected frequency for the amplifier in question, I.E for audio you may want to start at 10kHz.

    If you need to use an AC coupling capacitor make sure it’s large to avoid signal attenuation.

    So for example to measure input impedance you set your frequency generator to 10kHz sine, with an output amplitude that is typical for your amplifier, let’s say 50mV RMS, you then measure the voltage on the amplifier side of the variable resistor, adjusting until you read an AC voltage of 25mV, then it’s just a simple case of measuring the resistance of the variable resistor which will give your impedance.

    This works by forming a voltage divider between the signal source and the load, a voltage drop of half must mean the impedance is matched so both the variable resistor and the load will be of equal value.

    This works great to give you the real component of the impedance, however it tells you nothing about the reactance, which in some situations, particularly RF is quite important to know, regardless this method is cheap and reasonably quick.

    Categories:

    Tags:

    , ,

  • Securing a SSH Server

    Date Posted:

    Secure Shell is a prime target for any attacker wanting to gain access to your machine, the default configuration is reasonably secure, but there is plenty of room for improvement, this is particularly important when setting up a machine for the first time over SSH, attacks can and do occur within hours so securing it must be done quickly.

    Strong password

    You would think that this is pretty obvious, but it’s still surprising how often people choose weak passwords, you generally don’t need to go over the top with them to be secure against attack, a few basic guidelines are:

    • Use at least 8 characters
    • Do not use any common words
    • Add numbers and or symbols
    • Do not reuse passwords
    • Preferably use a password manager (I.E keepass)

    Public key authentication

    Public key authentication allows you to avoid using passwords entirely, which is very convenient, this is done by generating a key pair on your machine, which consists of a public key and a private key, the public key is added to the authorized_keys file on the server, typically ‘~/.ssh/authorized_keys’ for a specific user, the users SSH client then authenticates by decrypting a challenge that is sent by the server using their public key, this ensures that only the person with the matching private key can login.

    The most obvious downside to this is you need to keep the private key safe, you can optionally add a passphrase during key creation for more security but on the whole using public key authentication without a password is safer than just a regular password, password authentication can be disabled on the server making brute force attacks practically impossible.

    The key pair is created by using the ssh-keygen program, a number of different cryptographic algorithms are available but for optimal security RSA 4096 bit and ed25519 are the only choices I would recommend, the latter is preferred due to the smaller key size and greater speed, but may not be compatible with all software.

    ssh-keygen -b 4096 -t rsa
ssh-keygen -t ed25519

    Here is an example of generating a SSH key pair:

    ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/user/.ssh/id_ed25519): ~/.ssh/test_ed25519
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in test.
Your public key has been saved in test.pub.
The key fingerprint is:
SHA256:k1mQZaxnwsaoQlOZtAWSnyisZhOSK1i8qPp3m0eRhqw test@hostname
The key\'s randomart image is:
+--[ED25519 256]--+
|  .oo+. .+o      |
|  ..+o  .o.      |
|.o +.o = o.      |
|+o* o + X+o      |
|+*.o o oS=       |
|*+o E   ..       |
|= ..   .         |
|.   . ...        |
|o... .oo         |
+----[SHA256]-----+

    Windows users can use Putty to generate keys and perform other SSH operations.

    This will generate ‘~/.ssh/test_ed25519’ and ‘~/.ssh/test_ed25519.pub’, the public key ‘test_ed25519.pub’ can then be added to the server, either manually or using the ssh-copy-id program which requires establishing a regular SSH connection, for example:

    ssh-copy-id -i test_ed22519.pub remote_server.com

    If the remote user is different from the local user simply use user@remote_server.com instead, if you have password authentication disabled this method is not possible. Here is an example of the manual method with root connecting and the test user account already existing.

    scp ~/.ssh/test_ed25519.pub root@remote_server.com:/home/test/
ssh root@remote_server.com
mkdir -m 700 /home/test/.ssh
chown test:test /home/test/.ssh
cat /home/test/test_ed25519.pub >> /home/test/.ssh/authorized_keys
chmod 600 /home/test/.ssh/authorized_keys
chown test:test /home/test/.ssh/authorized_keys
rm /home/test/test_ed25519.pub

    This does the following:

    • Transfer public key to ‘/home/test’ on the remote server via Secure CoPy (SCP)
    • Connect to remote server as root
    • Create the .ssh directory and set permission
    • Copy the public key in to the authorized_keys file and set permission
    • Remove the public key file

    Once that is done the user can connect to the remote server, if the private key is in ~/.ssh and named id_ed25519 (or as appropriate) it will be automatically used, alternatively it can be specified manually with the -i argument, if the key requires a pass phrase you will be prompted for it.

    Disable password authentication

    This is strongly recommended once you have public key authentication setup, simply add the following to /etc/ssh/sshd_config and restart the daemon with systemctl restart sshd

    PasswordAuthentication no

    Use Sshguard

    If you really need to have password logins enabled it is strongly recommended you use sshguard, this program monitors login attempts and can ban temporarily or permanently if there are too many failures, it supports a number of firewalls including the easy to use ufw, you can read more about configuring it here.

    Use strong encryption

    Without going in to extensive detail the following algorithms have been chosen with maximum security in mind, weak ones are not included it all.

    Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr,aes256-cbc

KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

MACs umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com

    Note: The space between lines is important!

    Disable root login

    Having root login enabled is completely unnecessary, if you need root access you can use su or sudo from a regular user.

    PermitRootLogin no

    Disable forwarding

    If you are not using features like X11 forwarding, ssh-agent forwarding and so on you can and should disable them, you can do this individually or disable all forwarding with:

    DisableForwarding yes

    Change server port

    Using the default port 22 is essentially waving a big red flag, unless you have a specific reason to stick to port 22 you should use something else, this is much less useful if you have other common services running on the same server like HTTP.

    Conclusion

    There are a few more options that can be used to improve security so I suggest reading the sshd and sshd_config man pages, however for the vast majority of users this is more than sufficient to guarantee security against most attacks.

    Below is a full example sshd_config:

    # This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

Port 22
#Port 12400
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# Use 'sudo ssh-keygen -A' to generate default keys
HostKey /etc/ssh/ssh_host_ed25519_key
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
PermitEmptyPasswords no
PermitRootLogin no
ChallengeResponseAuthentication no

UsePAM yes
DisableForwarding yes
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr,aes256-cbc

KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

MACs umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com

# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server

    Categories:

    Tags:

    , , ,