GloboDyne.gr Blog

Generate the authentication key

On the client machine, the user must generate a public / private keys pair that will identify himself on the servers. One can choose to protect it with password or not.

Letting it with no password, means that anyone with access to the key files (eg. root on the client’s machine) will have the same level of access of the user and no password will be asked when the client tries to connect to the servers.

Protecting the keys with password means that every time the user tries to connect to a server using those keys , the password for decrypting it will be asked. This is surely more secure, since anyone who can read the key files, will only see an encrypted version.

To generate the key pair do:

john@laptop:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/john/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/john/.ssh/id_rsa.
Your public key has been saved in /home/john/.ssh/id_rsa.pub.
The key fingerprint is:
44:3e:ef:58:94:15:52:c2:88:ca:ab:21:43:53:3d:42 john@laptop
john@laptop:~$

Just let the default file (~/.ssh/id_rsa). Enter the password at choice, as explained before. If you need to change the password or add one, do:

john@laptop:~$ ssh-keygen -p
Enter file in which the key is (/home/john/.ssh/id_rsa):
Key has comment ‘/home/john/.ssh/id_rsa’
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.
john@laptop:~$

In this case, a new password was added. Note that this operation does not change the public / private key pair. It only changes its encryption.

Install the public key on the servers

Once the public key is installed on the server, access will be granted with no password question. SSH usually comes with an utility called ssh-copy-id that simply adds the contents of client’s ~/.ssh/id_rsa.pub to the server’s ~/.ssh/authorized_keys:

john@laptop:~$ ssh-copy-id -i .ssh/id_rsa.pub root@192.168.0.1
15
john@192.168.0.1′s password:
Now try logging into the machine, with “ssh ‘john@192.168.0.1′”, and check in:

.ssh/authorized_keys

to make sure we haven’t added extra keys that you weren’t expecting.

john@laptop:~$

Note that at this point password access is needed. This procedure can be done by any other way you wish. For example, the server’s administrator himself can add the public key to allow a user access, instead of giving him a password.

Access

At this point, user’s account on the server can be locked for password authentication. On Linux systems, one can make:

root@192.168.0.1:~# passwd -l john

to lock john’s account. Key authentication will still be possible.

Now, try to access the server:

john@laptop:~$ ssh john@192.168.0.1
Enter passphrase for key ‘/home/john/.ssh/id_rsa’:
john@192.168.0.1:~$

On this case, the client’s key was encrypted and its password was asked. If it had no password, nothing would have been asked, and access would be direct:

john@laptop:~$ ssh john@192.168.0.1
john@192.168.0.1:~$

Close Open DNS Servers
For those of you who check your nameservers and other DNS related issues using the popular site dnsreport you’re probbaly seeing Fail Open DNS Servers. We’ll show you have to fixed named to close open dns servers.

How do I check my system?
Go to www.dnsreport.com and enter your domain name, eg webhostgear.com

You are safe if you see:
PASS Open DNS servers

You need to follow this tutorial if you see:
FAIL Open DNS servers

Closing Open DNS Servers Tutorial

1) Login to your server and su to root.

2) Edit the /etc/named.conf file such as:# vi /etc/named.conf

Look for:

key "rndckey" {
};

After this add the following, replacing mainIP and secondaryIP with your systems nameservers.

acl "trusted" {
mainIP;secondaryIP;127.0.0.1;
};

or if you want to allow your local subnet:

acl trusted {
 192.168.1.0/24;
 localhost;
 };

3) After that is done you want to add the section that says only the trusted is allowed for certain functions. Check your options area and make sure you add the following:

allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };

So the final result looks something like:

options {
        directory "/var/named";
        allow-recursion { trusted; };
        allow-notify { trusted; };
        allow-transfer { trusted; };
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
         // query-source address * port 53;
};

4) Save the changes and restart the named service: service named restart

5) Recheck your site at dnsreport.com

When your customers buy something from you and you use PayPal to accept payments, your customer will find themselves at the PayPal checkout page. Normally your customer will only see your email address at the top of this page. It is possible to customise this page to make it look like your own website. One way to achieve this is to create a nice looking graphical banner, using the same style as your own website, and including your own business logo.You can only do this with a PayPal business account (read our PayPal FAQ about the different types of account).

Here’s what you need to do:

1. Log into PayPal
2. Click ‘Profile’
3. Click ‘Custom Payment Pages’ under ‘Selling Preferences’
4. Click ‘New’
5. Enter a name for your custom page. In the ‘Header Image URL’ field, paste the URL that we provide you with. This will be different for everyone, because you all have different business logos.

1. Click Save
2. Select the new page and then choose ‘Make Primary’ and then click ‘Yes’ when you’re prompted if you’re sure you want to do this.

Now when your customers see your PayPal checkout page they no longer see just your email address, they see your business logo instead.

// get all php files
$files = glob(‘*.php’);

print_r($files);
/* output looks like:
Array
(
[0] => phptest.php
[1] => pi.php
[2] => post_output.php
[3] => test.php
)
*/

Open /etc/inittab and add the following line:

T0:23:respawn:/sbin/getty -L ttyS0 38400 vt100

Open /boot/grub/menu.lst and add:

serial –speed=38400
terminal serial

Alix has 3 leds.

The first one turns on by default.

Debian comes with alix-leds-source.

cd /usr/src
apt-get -y install build-essential
apt-get -y install leds-alix-source
apt-get -y install linux-headers-$(uname -r)
tar -xvjf leds-alix.tar.bz2
cd modules/leds-alix/
make
make install
rm -rf /usr/src/modules
cd /
apt-get –yes –purge remove linux-headers-$(uname -r)
apt-get –yes –purge remove leds-alix-source
apt-get –yes –purge remove build-essential
apt-get –yes –purge autoremove
apt-get clean

vi /etc/modules

leds-alix
ledtrig-default-on
ledtrig-heartbeat
ledtrig-gpio
ledtrig-timer
reboot

echo 1 > /sys/class/leds/alix\:1/brightness
(Led 1 Turns on)

echo heartbeat > /sys/class/leds/alix\:2/trigger

(Led 2 is Blinking like pulse)

echo ide-disk > /sys/class/leds/alix\:3/trigger
(Led 3 blinks with compact flash activity)

Για να εγκαταστήσουμε το NetGuard θα χρειαστούμε τη τελευταία έκδοση, την οποία μπορούμε να κατεβάσουμε από το http://www.netguard.gr/ καθώς επίσης και μια μία Compact Flash 2GB τουλάχιστον.

NetGuard Screen Shot

Θα χρειαστούμε επίσης και ένα pc το οποίο θα τρέχει κάποια έκδοση Linux (οποιαδήποτε διανομή).

Αφού συνδέσουμε με κάποιον reader τη Compact Flash στο PC θα τρέξουμε τη παρακάτω εντολή:

dd if=netguard.img of=/dev/sdd

(Υποθέτουμε ότι το σύστημα έχει αναγνωρίσει τον reader με την Compact Flash σαν sdd)

Για να να βρούμε το όνομα της συσκευής στο συστημά μας τρέχουμε:

fdisk -l