Tuesday, July 28, 2009

SSH and RSA Auth using Putty and MAC

    To allow access to a remote system for a given identity place the public key in your ~/.ssh/authorized_keys file on that remote system. All keys listed in that file are allowed access.

    Say you want to connect from your Mac to the Linux Server (Athena) as root using RSA Key Authentication. On Mac under the ~ataran/.ssh you need to do a ssh-keygen -t rsa and create the pub, priv keys with a secret passphrase. Then take this pub key from the Mac and add it to the ~root/.ssh/authorized_keys. Then from MAC you can do ssh     root@athena and you will be prompted to enter the secret passphrase.

    Now back to the other question of how to use Putty-based RSA public-key with OpenSSH server on Athena. The public-key generated by Puttygen is not compatible with the one generated by OpenSSH. However, you can manually modify the Putty-based public key before appending it to authorized_keys file on Athena.

  • ssh to your Linux server using the loginid and password

  • chmod 700 ~/.ssh folder

  • chmod 600 ~/.ssh/authorized_keys

  • ssh-keygen -t dsa
    (or rsa; accept the file names it wants to use, enter a strong passphrase)
  • Open Puttygen (Putty Key Generator), click Generate button and move the mouse cursor randomly within the key section/frame to create the key with default settings (e.g. SSH-2 RSA of 1024 bits).
  • When the key generation completes, create a strong passphrase in the text box provided.
  • Then, click save Public Key and Save Private Key button, one after another, to save the pair of key to local hard disk.
  • Transfer the Puttygen-created public key to the linux server. Let’s say this public key is only meant for root user account, append the contents of this public key in ~root/.ssh/authorized_keys file.
  • On the Linux Server open the authorized_keys file with vi editor and delete the lines initial with four dash and “Comment”. Join the remain lines into one, single line. Initial that single line with ssh-rsa keyword (a space at the end).
  • NOW change your putty settings under "connection > SSH > auth" to use privatekey.ppk
  • NOW try and connect using Putty SSH (root@athena) and enter the passphrase when prompted



Related Posts

Posted by at No comments:

Monday, July 27, 2009

Sed & Awk

Click here for an excellent article on Sed and Awk on liners that I found on the web. I will post another article for Perl one liners
Posted by at No comments:

Wednesday, July 22, 2009

Secure MySQL Install

Can be used for the Install on Synology or Any Windows or Unix based Install

  • To restart mysql on Synology /usr/syno/etc/rc.d/S21mysql.sh
  • mysqladmin -u mysql -p shutdown
  • To restartOn Synology WebGUI, System->Restore defaults->Reset MYSQL Database Password will reset password for MYSQL databaseInstalled phpMyAdmin
  • To Connect mysql -h host -u user -p myout.lst
  • For admin mysqladmin -u mysql -p pingstatusshutdown
  • show global status or show grants
  • connect with mysql using user=root and verify user table in mysql database. Update password using phpmyadmin. Note if you login using user=mysql you wont see the user table. Do not ever give anyone (except MySQL root accounts) access to the user table in the mysql database. Set passwords to all root accounts using password() function or phpmyadmin
  • mysql_install_db creates one root account (superuser) for connection from localhost only. Two anonymous-user accounts are created each with empty username and these anonymous accounts have no password so abobe can connect to mysql.On Windows, one anonymous account is for connections from the local host. It has no global privileges. (Before MySQL 5.1.16, it has all global privileges, just like the root accounts.) The other is for connections from any host and has all privileges for the test database and for other databases with names that start with test
  • mysql> select host,user,password from user
    localhost root *7D2ABFF56C15D67445082FBB4ACD2DCD26C0ED57
    Athena root *7D2ABFF56C15D67445082FBB4ACD2DCD26C0ED57
    Athena *7D2ABFF56C15D67445082FBB4ACD2DCD26C0ED57
     localhost *7D2ABFF56C15D67445082FBB4ACD2DCD26C0ED57
    localhost scott *F2F68D0BB27A773C1D944270E5FAFED515A3FA40
  • shell> mysql -u rootmysql> SET PASSWORD FOR ''@'localhost' = PASSWORD('newpwd');
    mysql> SET PASSWORD FOR     ''@'%' = PASSWORD('newpwd');
    OR
    shell> mysqladmin -u root password "newpwd"
    shell> mysqladmin -u root -h host_name password "newpwd"
    OR
    shell> mysql -u rootmysql> UPDATE mysql.user SET Password = PASSWORD('newpwd')
    -> WHERE User = 'root';mysql> FLUSH PRIVILEGES;
  • That account allows anonymous access but has full privileges, so removing it improves security. If you prefer to remove the anonymous accounts instead, do so as follows:
    shell> mysql -u root
    mysql> DROP USER '';
    DROP USER     ''@'localhost';
  • Note [mysqld]user=mysql in my.cnf shows that mysqld deamon runs as mysql user and not root
  • Coming Up-> howto secure phpMyAdmin and Enable Remote Access via open Port
Posted by at No comments:

Tuesday, July 21, 2009

Blueberry Snack Cake

Ingredients
½ cup(4 oz) butter
¾ cup(6oz) sugar
2 eggs
1 tsp vanilla extact
1 cup flour
1 tsp baking powder
¼ tsp baking soda
¼ tsp salt
½ cup sour-cream
½ cup brown sugar
1 tsp cinnamon
1 cup chopped pecans
1 cup blueberries

  • Preheat oven to 350°F. Grease 9'' square pan with solid veg shorting and dust with flour, or use pan spray
  • Place butter and sugar in a large mixing bowl, cream until light and fluffy, add eggs and vanilla. Beat
  • Toss flour, baking powder, baking soda, and salt with a task. Add alternately with sour-cream to cream mixture. Mix until smooth. Toss brown sugar, cinnamon, and nuts together.
  • Pour half the batter into prepared pan. Mix blueberries and ½ the brown sugar cinnamon and batter. Top with other half of nut mixture. Bake 30-40 minutes or until toothpick comes out clean.
Posted by at No comments:
Labels:

Samba share from MAC over WAN

Setup loopback adapter on MAC using command below and then use SSH Port forwarding.

sudo ifconfig lo0 10.0.0.1
sudo ssh -L 10.0.0.1:139:192.168.1.4:139 root@staran.webhop.net

Enable port 22 on Router and forward WAN traffic to 192.168.1.1. Note that the destination host is 192.168.1.4 and not 192.168.1.1.
Posted by at No comments:
Labels:

Setup Network Printer from MAC using CUPS

fixes the not authorized problem
Have a print server running on my Synology server. Need to print from a MAC running OS X.

Log in to cups via the browser using http://localhost:631 on the Mac.
Choose add printer, give the printer a name and location, choose Windows printer via Samba, and as device url use: smb://user:password@ip-adress/usbprinter.

User and password being valid credentials for the Synology device. I used my admin account for this, with the corresponding password.

(I prior installed the latest HP printer drivers (ver. 4.0), but I don't know if this is necessary)
Posted by at No comments:

Test from Email

Today we are getting our kitchen cabinet work almost completed. Awesome job done by one hardworking contractor.
Posted by at No comments:

Test again

Testing out features of Blogger.




Posted by at No comments:

Launch

This is a first page My domain. Check it out
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)