Openssh a use case scenario.


Heading: “The power to serve”.

Chapter: Openssh server:

Today I found a new way to please myself! 😀

This post is not a tutorial!

Allow me to explain before you get any funny ideas. I have two boxes at home. One of them I use for my daily dealings on the net amongst things just as I am now by jotting this down right now. The other I use mainly to crunch http://boinc.berkeley.edu on several projects. I run a home server http://www.acme.com/software/thttpd (though slightly modified version still the same source! (see: http://tor-relay.thruhere.net/diff/ for more on that)) both regular (http) as well as (https) http://www.stunnel.org. I may or may not write an accompanying “howTo” for that later on? Last but not the least I support the torproject by running a relay: http://torstatus.all.de/router_detail.phpFP=f3c91bfb36cda08458a52a5f687ee0868b6f46d5

All in all I can say that I am quite the busy little bee! 😉 The one thing I didn’t have was, which is what this post was all about in the first place! Is a way to ‘remotely’ (yeah local only dude!) login to my busy box and then ‘upload’ for example my just edited new web files to the web. The alternative. To stick a usb thumb in to one of the holes in this box ‘download’ my stuff on there. Take it out drag my ass to the other end of my room and insert it into the other box. Has over time become more of a nuisance than a true alternative. 😉

So I finally set myself up like this:

The relevant parts (i.e. the modified bits) of this config file read:

# Logging 

SyslogFacility AUTH 

LogLevel VERBOSE 

# Authentication: 

LoginGraceTime 30 

PermitRootLogin no # ← That's a no brainer.
StrictModes yes 

RSAAuthentication yes 

PubkeyAuthentication yes 

AuthorizedKeysFile	%h/.ssh/authorized_keys

# The web admin and perhaps this box' Admin later 

AllowUsers webadmin # No, this user obviously doesn't exist. 

#MaxStartups 10:30:60 ¿Que?
Banner /etc/issue.net 

Then I created me a few extra necessary iptables rules and made my first trial run. Because I’ve disables password logins from the get go I had to manually append my public key (with a strength of 4096 bits) to my .ssh/authorized_keys file and succeeded in doing so.

So you know I am an admin on one box, on the other (I am too) I use a lesser privileged account for my daily dealings and only would like to log in as such. This account for example would only have to own and have edit capabilities for the files I serve up and nothing more (anything else I’ve made sure to be very restricted! If not or in case of pownage? Then I am screwed and will have to start all over again (a learning experience so to speak.).)

Anyway back on topic. So I log in from the terminal; I am greeted by my other system and have to provide my passphrase. Nothing funny thus far until I realize that I either still have much to learn about the terminal or I feel that something is missing, something graphical perhaps.

Now prior to my switch to Ubuntu I used to use filezilla (winxp) to access for example ‘my shell’ at my previous ISP‘s ip. I have ever since then (2003) been intrigued by -rwxr–r– stanza’s. 😉 But that’s besides the point because what I didn’t know is that nautilus can do the same thing for me. In a much simpler fashion than filezilla provides me with that is.

So basically I am now ‘mounting’ my other computer; I do what I have to do and after that simply ‘umount’ like as if it were a usb thumb! 😀

Sensible.and.Simple -eq simplicitas:
http://linux.about.com/od/ubuntu_doc/a/ubudg10t9.htm

For all this I wish to convey my ETERNAL GRATITUDE to all those developers out there who’ve made my (current) tasks so much simpler!! THANK YOU!

Note to self:

Next up is a way to provide me with a more secure way (sshd runs as root! (apparmor or chroot OR both?)) to login remotely from the outside for real. E.g. To set up a port forward from a high (>20000) port to a low port (22) in my router (I know security through obscurity) Still if 99%(?) of ssh ‘attacks’ are automated scripts/bots then why present them with this extra bait. Anyway a determined attacker doesn’t refrain him/herself from exploring any other vector hence the extra hurdles I want to throw in his/her way.

I do have some more ideas in mind (though non viral but still in abundant amounts. 😉 ) I do NOT wish to convey (yet) because some of those require a ‘riping process’ to get better.

Feb. 19 small update: FYI, I found this rather interesting post about how to set up a nested (x)window inside my current X session and of course I should mention its opposite. ‘Cause there may come a day where I want to open up another GUI (Gee vs Gooey :lol:) like firefox on my other box and browse from there or any other program which I normally can run perfectly from my own session now (just simply because we can!). 😉

ttfn,

Alex

Some relevant links go here:

  • https://help.ubuntu.com/community/SSH/
  • https://encrypted.google.com/search?hl=en&biw=1341&bih=557&q=sftp+ubuntu&aq=f&aqi=g10&aql=&oq=
  • Images here:

    PS: In the meantime I also wonder how one does pronounce for example:
    (free/open/net)B.S.D. /beaz_dee/? or /bee.as.dee/?
    Question: Or more general how does one pronounce the following *nix terms?
    As I am Dutch and have a relatively quircky (language) I look at it from this perspective.

    ## This is worth a post in and all by itself.
    ## Which has imho more to do with this author's extreme dislike
    ## for having to pick symbols from within any text editor.
    ## When the need of such (Which is OFTEN) arises.
    ## 'Cause a default install (just hit Enter blindly *) will give its user
    ## (* Something I'd have done say 8 years ago!)
    ## a VERY modest keyboard layout.
    ## I've made a start here: http://tor-relay.thruhere.net/type.cursus.html
    ## And (smarter) people should be able to guess my intent from just that.
    ## More to come later.
    (*)=In\ Dutch
    /       => root or simply just slash    - (wortel as in Willie Wortel /vý.li vor.tyl/)
    /usr    => usurper or perhaps 'you sir' - (gebruiker /jy.braiy.kyr/) ui = AA+œ
    /var    => var [rhymes with car]        - (var /war/)
    /etc    => et cetera                    - (etcetera,enzovoort /et.see.ty.rai/,/en.zou.woart/)
    vi      => vee for vendetta             - (la vie en rose /lai wi ẽ(n) rouz/, ok that's French I lied lol )
    vim     => vim [rhymes with dim]        - (vim=also the name of a detergent!? /wým/)
    regex   => reG(hard) ex                 - (reg eks)
    fstab   => eff stab, just like it looks - (fstep (b becomes p = unvoiced))
    gnu     => new or g'new with a hard 'g' - (gnoe /jnu/ (with a 'g' sounding like the 'ch' in loch ness /loj nes/))
    sudo    => soo do                       - (soe do /su.dou/ or su do /sï.dou/)
               [o as in cot [Spanish for "I sweat"]]
    gui     => G(hard).ee                   - (Gie /gi/)
               [as if it were French or Spanish]
    ubuntu  => oo.boon.too (oe.boen.toe /u.bún.tu/)
    debian  => [As I am Dutch I am inclined to say day.bee.an /dei.bi.yn/] I know it's Deb /deb/ (and) Ian /i.yn/!
    daemon  => day.mon /dee.myn/ [Same as above!] de.mon /di.myn/ or dia.mon(d) /dae.myn(d)/ would be more appropriate.
    Answer: http://forums.freebsd.org/archive/index.php/t-6638.html
    |---------------------------------------------------------------------------------|
        En    |Nl   |Me
        ---------------
        u/o   |a    |a
        a(rt) |     |@
    love      |     |aa/â
    (haw)aii  |aai  |ae/ay
    ## Kind of midway between (s)ay and (haw)aii
              |ei/ij|êy
        ~kahn |a/aa |ai
    ## Next comes one of the more intriguing Dutch 'glides'
    ## Typical examples: either portefuille or portefeuille
    ## One pronounces the œ (like the 'e' in burger) 
    ## while your mouth is in the position 'to say AH'
              |ui   |aiy
        ou(ch)|ou/au|av
        ma(n) |e    |e
        ai(r) |è/ai |ea/ê
    ## Because one can hear a noticeable softening at the end of the vowel
      (s)ay   |ee(j)|ee/ey
      ai(n)   |e/ee |ei
        i(ck) |i    |ý
    ## 'Eer' means honor
              |eer  |ýar/ŷr
    ## As the vodka.
    (sk)yy Russkij  |ie/iy
        ee    |ie   |i
    ## One simply rounds his/her lips while saying 'ee'
              |u/uu |ï (French u as in voiture)
        o(dd) |o    |o
        o(re) |oor  |oa/ô
              |ooi  |oe/oy
        o/oa  |o/oo |ou
        oo    |oe   |u and ú [ů] (for length)
        u     |joe  |zu/yu computer /kom.pzu.tyr/
        e/i/u |e    |y (schwa)
        y     |j/y  |y (double up for the 'y')
       ea(rth)|     |ü [ö]
    ## Western usage. The way of the 'speechless' (nie{mec,ms}ki?) the pejorative sense
              |eu   |ø (French eu as in bleu)
    ## As used in the east.          
              |ew   |ev(ropa)
        ts    |ts   |c
        ch    |tsj  |cz
        g     |g    |g
        j     |dzj  |gz
        loch  |ch/g |j {rojo,ale{x,j}andro}
        sh    |sh/sj|sz
        zh/s  |j/zj |x(iao)
    |---------------------------------------------------------------------------------|
        I probably left a few out?
    

3 thoughts on “Openssh a use case scenario.

  1. Pingback: Configure and make. « Bohemian Wildebeest's Blog

  2. Why is everyone losing their mind over the Justin Bieber haircut. Justin Bieber has received a new haircut, and this time, the barbers cut far shorter than usual — Bieber’s fresh look is a more cropped look. The singer announced he will be selling the chopped-off hair for charity. Well atleast he is doing a good thing. I would like to see him do more guest apperances on TV. Check me out *deleted*

    Like

Comments are closed.