Password-less login on Openssh

Because OpenSSH allows you to run commands on remote systems, showing you the results directly, as well as just logging in to systems it's ideal for automating common tasks with shellscripts and cronjobs. One thing that you probably won't want is to do though is store the remote system's password in the script. Instead you'll want to setup SSH so that you can login securely without having to give a password.

Thankfully this is very straightforward, with the use of public keys.

To enable the remote login you create a pair of keys, one of which you simply append to a file upon the remote system. When this is done you'll then be able to login without being prompted for a password - and this also includes any cronjobs you have setup to run.

If you don't already have a keypair generated you'll first of all need to create one.

If you do have a keypair handy already you can keep using that, by default the keys will be stored in one of the following pair of files:

• ~/.ssh/identity and ~/.ssh/identity.pub
  • (This is an older DSA key).
• ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub
  • (This is a newer RSA key).

If you have neither of the two files then you should generate one. The DSA-style keys are older ones, and should probably be ignored in favour of the newer RSA keytypes (unless you're looking at connecting to an outdated installation of OpenSSH). We'll use the RSA keytype in the following example.

To generate a new keypair you run the following command:

skx@lappy:~$ ssh-keygen -t rsa

This will prompt you for a location to save the keys, and a pass-phrase:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/skx/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/skx/.ssh/id_rsa.
Your public key has been saved in /home/skx/.ssh/id_rsa.pub.

If you accept the defaults you'll have a pair of files created, as shown above, with no passphrase. This means that the key files can be used as they are, without being "unlocked" with a password first. If you're wishing to automate things this is what you want.

Now that you have a pair of keyfiles generated, or pre-existing, you need to append the contents of the .pub file to the correct location on the remote server.

Assuming that you wish to login to the machine called mystery from your current host with the id_rsa and id_rsa.pub files you've just generated you should run the following command:

ssh-copy-id -i ~/.ssh/id_rsa.pub username@mystery

This will prompt you for the login password for the host, then copy the keyfile for you, creating the correct directory and fixing the permissions as necessary.

The contents of the keyfile will be appended to the file ~/.ssh/authorized_keys2~/.ssh/authorised_keys for the older DSA key types. for RSA keys, and

Once this has been done you should be able to login remotely, and run commands, without being prompted for a password:

skx@lappy:~$ ssh mystery uptime
 09:52:50 up 96 days, 13:45,  0 users,  load average: 0.00, 0.00, 0.00

What if it doesn't work?

There are three common problems when setting up passwordless logins:

• The remote SSH server hasn't been setup to allow public key authentication.
• File permissions cause problems.
• Your keytype isn't supported.

Each of these problems is easily fixable, although the first will require you have root privileges upon the remote host.

If the remote server doesn't allow public key based logins you will need to updated the SSH configuration. To do this edit the file /etc/sshd/sshd_config with your favourite text editor.

You will need to uncomment, or add, the following two lines:

RSAAuthentication yes
PubkeyAuthentication yes

Once that's been done you can restart the SSH server - don't worry this won't kill existing sessions:

/etc/init.d/ssh restart

File permission problems should be simple to fix. Upon the remote machine your .ssh file must not be writable to any other user - for obvious reasons. (If it's writable to another user they could add their own keys to it, and login to your account without your password!).

If this is your problem you will see a message similar to the following upon the remote machine, in the file /var/log/auth:

Jun  3 10:23:57 localhost sshd[18461]: Authentication refused: 
 bad ownership or modes for directory /home/skx/.ssh

To fix this error you need to login to the machine (with your password!) and run the following command:

cd
chmod 700 .ssh

Finally if you're logging into an older system which has an older version of OpenSSH installed upon it which you cannot immediately upgrade you might discover that RSA files are not supported.

In this case use a DSA key instead - by generating one:

ssh-keygen

Then appending it to the file ~/.ssh/authorized_keys on the remote machine - or using the ssh-copy-id command we showed earlier.

Note if you've got a system running an older version of OpenSSH you should upgrade it unless you have a very good reason not to. There are known security issues in several older releases. Even if the machine isn't connected to the public internet, and it's only available "internally" you should fix it.

---

Instead of using authorized_keys/authorized_keys2 you could also achieve a very similar effect with the use of the ssh-agent command, although this isn't so friendly for scripting commands.

This program allows you to type in the passphrase for any of your private keys when you login, then keep all the keys in memory, so you don't have password-less keys upon your disk and still gain the benefits of reduced password usage.

If you're interested read the documentation by running:

man ssh-agent 

Reference:

QEMU

QEMU is a fast processor emulator using dynamic translation to achieve good emulation speed. It is a free open-source alternative to VMware.

Reference:

Autostart a Domain / VM Command

There are various ways to start virtual machines at at boot time. This means you don't have to type virsh start vmName command. This can be done by marking a vm as autostart. To configure a domain to be automatically started at boot. It will create an softlink at /etc/libvirt/qemu/autostart/. So if your VM name is debianlenny1, your config file name should be /etc/libvirt/qemu/debianlenny1.xml and the softlink should be created at /etc/libvirt/qemu/autostart//debianlenny1.xml

Autostart a Domain / VM Command

virsh autostart vmName
virsh autostart debianlenny1

Sample outputs:

Domain debianlenny1 marked as autostarted

Also, make sure /etc/init.d/libvirtd service is stared on boot:
chkconfig libvirtd on

Reference:  

Likewise

I've found this great software that enable your existing linux workstation to authenticate on your Windows Active Directory 

Reference 

Simple guide on how to unhide directories in your USB drive hidden by a worm virus

One of the problems that most end-users encounter after inserting their USB drive to an infected pc is that, they thought their directories/folders were deleted by a virus. Most of the time, their folders were just hidden by a virus and created an .exe or .scr files that have the same name with your hidden folders and mimicked the appearance of your folder so the user could be fooled to click them. Another problem is that, you can't just simply unhide your files by choosing "Show hidden files and folders" from your Folder Options. Why? It's because the virus modified the folder's attribute into System and Hidden. By default, protected operating system files are hidden even if you choose to show hidden files.

How to install OpenQRM 4.7 with LXC containers in Debian Squeeze/Lenny: Step by Step

I'm looking forward to have this IT management system on the near future, for now I want it to keep as reference first. 

What is openQRM

openQRM is the next generation, open-source Data-center management platform. Its fully pluggable architecture focuses on automatic, rapid- and appliance-based deployment, monitoring, high-availability, cloud computing and especially on supporting and conforming multiple virtualization technologies. openQRM is a single-management console for the complete IT-infra structure and provides a well defined API which can be used to integrate third-party tools as additional plugins.

For full documentation and tutorial : 

Reference:

Virtualization With KVM On A Debian Lenny Server

This guide explains how you can install and use KVM for creating and running virtual machines on a Debian Lenny server. I will show how to create image-based virtual machines and also virtual machines that use a logical volume (LVM). KVM is short for Kernel-based Virtual Machine and makes use of hardware virtualization, i.e., you need a CPU that supports hardware virtualization, e.g. Intel VT or AMD-V.

I do not issue any guarantee that this will work for you!

Read More 

Kernel Based Virtual Machine

KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V). It consists of a loadable kernel module, kvm.ko, that provides the core virtualization infrastructure and a processor specific module, kvm-intel.ko or kvm-amd.ko. KVM also requires a modified QEMU although work is underway to get the required changes upstream.

Using KVM, one can run multiple virtual machines running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc.

The kernel component of KVM is included in mainline Linux, as of 2.6.20.

KVM is open source software. 

Reference: 

Enabling CGI-BIN on Untangle ver 0.0x

 Enable cgi-bin script folder by creating file /etc/apache2/conf.d/cgi-bin.conf:

 ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ 

Put the following file in /usr/lib/cgi-bin/

Addind a startup script to be run on startup Debian

Oops, Since i'm just a newbie in handling debian server, I've noticed that some of my scripts are not working after a series of reboot and I've found out that /etc/rc.local does not work on debian linux. Looking over the internet I've found some link to point to my direction.

Answer is this : 

1. Ok so suppose you have a script you want to run each time you boot up( I have a script to start my internet connection with authentication).It is pretty easy 1. Write a script and put it in/etc/init.d/ directory. 

  Lets say you call it man.

2. Then run %update-rc.d man defaults.

3. Do not  forget to make the script you write executable , it can be done by chmod +x man.

% man update-rc.d for more information. It is a Debian utility to install scripts. The option “defaults” puts a link to start FOO in run levels 2, 3, 4 and 5. (and puts a link to stop man into 0, 1 and 6.)

Also, to know which runlevel you are in, use the runlevel command

Reference1:

Reference2:

Reference3:

Rsnapshot - remote filesystem snapshot utility

rsnapshot is a filesystem snapshot utility for making backups of local and remote systems.

For reference :

a. rsnapshot 1

b. How to reference:

     b1. rsnapshot Howto

     b2. rsnapshot Howtoa

Apache VirtualHost

I'm looking a solution for this one on apache configuration.

Problem: URL : test.sample.org/tes1 = test1.sample.org

and i want to redirect it to test1.sample.org if i have existing sud domain

Below is the solution : I'm running my Apache 2.2 on CentOS 5.0

Server configuration

NameVirtualHost 172.20.30.40

<VirtualHost 172.20.30.40>
# primary vhost
DocumentRoot /www/subdomain
RewriteEngine On
RewriteRule ^/.* /www/subdomain/index.html
# ...
</VirtualHost>

<VirtualHost 172.20.30.40>
DocumentRoot /www/subdomain/sub1
ServerName www.sub1.domain.tld
ServerPath /sub1/
RewriteEngine On
RewriteRule ^(/sub1/.*) /www/subdomain$1
# ...
</VirtualHost>

<VirtualHost 172.20.30.40>
DocumentRoot /www/subdomain/sub2
ServerName www.sub2.domain.tld
ServerPath /sub2/
RewriteEngine On
RewriteRule ^(/sub2/.*) /www/subdomain$1
# ...
</VirtualHost> 


Reference:

LMCompatibilty on Windows 7

 Windows 7 starter to enable access on my Samba fileserver and i found this solution over google searching.

I found that on my Windows 7 starter I need to change the registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/LmCompatibilityLevel

key "Value type" from 4 to 2

Reference:

Enabling IP forwarding on WindowsXP

To enable TCP/IP forwarding, follow these simple steps:

1. Start Registry Editor (Regedit.exe)
2. In Registry Editor, locate the following registry key:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
3. Set the following registry value:
   Value Name: IPEnableRouter
   Value type: REG_DWORD
   Value Data: 1
   A value of 1 enables TCP/IP forwarding for all network connections that are installed and used by this computer.
4. Quit Registry Editor.

Reference:

Turning Off Image Preview Thumbnail and Disable Windows Picture and Fax Viewer in Windows XP

Windows XP displays thumbnail style of preview for images, pictures and photos in Windows Explorer’s Details section on left pane when users select a pic. The preview will also automatically created and displayed when users browse and view a folder in Thumbnail view. Beside, when open or double click on a format associated with popular graphic formats, the photos or pictures will open in Windows Picture and Fax Viewer instead of user preferred or favorite image viewer or editor, due to the fact that the default action on image file is to preview it using Windows Picture and Fax Viewer.

The Ultimate Torrentflux Server based on Ubuntu / Debian

This is the all-inclusive guide on installing a safe torrentflux server. Tested on Ubuntu 8.04 Server and Debian Lenny. Using torrentflux-b4rt edition.

1. Basic Security

You should perform these basic steps to secure your server.

1.1 SSH access

Change your root password:

# passwd

Create “normal” user account:

# adduser steffen

Change SSH port and disable root login:

# nano /etc/ssh/sshd_config

"Port 2222"
"PermitRootLogin no"

Make shure you can login with the normal user account created in the step before. Otherwise you will be locked out of your system.

Restart SSH:

# /etc/init.d/ssh restart

Now you can connect to your system with:

# ssh -p 2222 -l steffen xx.xx.xx.xx

Run “su” to get admin rights:

# su

Remote Desktop on Panther MAC OS

Use Remote Desktop in Mac OS Panther

1. Ensure that you have a working network and that all computers are turned on.

2. Check that you have the most current version of "Remote Desktop" components installed. You will install the "Client" package on to the networked computers and the "Admin" package on your computer.