Saturday 7 April 2012
Sexy SSH Tricks For Linux Geeks
Previously I had posted on mounting filesystem over SSh and now its time for yet another post on cool SSh tricks.
So lets see few of the several SSH tricks that we either need to use or can use for fun and making stuffs easier.
Do not supply any passphrase and keep on pressing ENTER if you are looking for password-free SSH login. This will create two files id_dsa(private key) and id_dsa.pub(public key). All we have to do is copy the public key to the remote server computer and then add the content of public key to the list of authorized keys as below(or using nano or whatever you find easier):
You can even supply passphrase if you want and this will make authentication more secure. In that case, be sure to set the following value in /etc/ssh/sshd_config:
Similarly, we can encrypt the SSH sessions using one of the different available block ciphers: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc. IMHO, using aes256-ctr would be sufficiently secure due to 256 bits key size. Below is an example of using both the compression and encryption while establishing the SSH connection.
To prevent the last login status, simply change and set as following in the configuration file(/etc/ssh/sshd_config):
And also, change the content of the file /etc/motd and /var/run/motd which by default contains the banner message that is displayed by SSH.
So that's the end. Of course, there are more sexy SSH tricks which I'll cover up once I get some free time. Also, share what you have :)
Read more...
So lets see few of the several SSH tricks that we either need to use or can use for fun and making stuffs easier.
Password-less SSH
No matter how convinient it is to use SSH to connect to remote server, people tend to seek for more ease and typing passwords each time you are on interactive shell is something most users hate. Moreover, you can even prevent the bruteforcing attacks by using password-free SSH with small extra configuration change. First we need to generate a pair of keys by using the ssh-keygen tool. ssh-keygen generates, manages and converts authentication keys for ssh. ssh-keygen can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA keys for use by SSH protocol version 2. In my example, I'll generate DSA keys as below:ssh-keygen -t dsa
Do not supply any passphrase and keep on pressing ENTER if you are looking for password-free SSH login. This will create two files id_dsa(private key) and id_dsa.pub(public key). All we have to do is copy the public key to the remote server computer and then add the content of public key to the list of authorized keys as below(or using nano or whatever you find easier):
cat id_dsa.pub >> ~/.ssh/authorized_keys
You can even supply passphrase if you want and this will make authentication more secure. In that case, be sure to set the following value in /etc/ssh/sshd_config:
PasswordAuthentication no
Mount Filesystem over SSH
This is another useful trick to use while working over SSH. The details on this can be read here.Copy File Over SSH Using SCP
SCP is a SSH based tool that provides an easy way to copy files over SSH. You can copy files from and to SSH server to/from your machine and also copy files from one server to another directly. Check my previous blog post on SCP for further details.Running Graphical Softwares Over SSH
With SSH, you can configure the X11 Forwarding(set to Yes in /etc/ssh/sshd_config for global effect and host-by-host basis in /etc/ssh/ssh_config by setting ForwardX11 yes) which allows us to run the graphical softwares on server over SSH. You can run the graphical softwares over SSH by supplying the -X switch while connecting to the server. An example is shown below:ssh -X samar@192.168.0.1 -p 222
Compressed and Encrypted SSH Sessions
Another good thing to do is compress and encrypt the SSH sessions. Compression is usually a very good idea for slow networks but is not desirable for faster networks where compression and de-compression might cause more overhead. The compression algorithm used by SSH is gzip and requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11 and TCP connections). The default value can be set on a host-by-host basis in the configuration files(/etc/ssh/ssh_config) by setting the Compression option. To enable compression, use the -C switch while connecting to the remote SSH server or set the Compression yes in your config file.Similarly, we can encrypt the SSH sessions using one of the different available block ciphers: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc. IMHO, using aes256-ctr would be sufficiently secure due to 256 bits key size. Below is an example of using both the compression and encryption while establishing the SSH connection.
ssh -c aes256-ctr -C hostel@192.168.0.1
Disable Root Login
Its not a good thing to allow root login in SSH so be sure root login is disabled in your SSH server. This is done by setting the configuration(/etc/ssh/sshd_config) as PermitRootLogin no. What more? Disable the password-based logins and use the key-based login. And to keep script kiddies out, you could change the default port in the configuration.Disable Last Login & Default MOTD
By default, while logging in to the SSH servers like OpenSSH, we will see some kind of banner that includes a MOTD(Message Of The Day) and last login user and time. Disabling these or changing the banner requires two modifications.To prevent the last login status, simply change and set as following in the configuration file(/etc/ssh/sshd_config):
PrintMotd no
PrintLastLog no
PrintLastLog no
And also, change the content of the file /etc/motd and /var/run/motd which by default contains the banner message that is displayed by SSH.
So that's the end. Of course, there are more sexy SSH tricks which I'll cover up once I get some free time. Also, share what you have :)
Read more...
Bookmark this post: | 
|
Thursday 5 April 2012
View ASCII Table In Your Linux Terminal
You need not be browsing some online ascii table website or need not download any document containing the list of ASCII characters if you are using linux OS. You can view the ASCII characters set encoded in octal, decimal, and hexadecimal by just opening the terminal.
In order to access the ASCII table, just type:
Isn't it cool to have all the ASCII character sets in your linux terminal?
Read more...
In order to access the ASCII table, just type:
samar@Techgaun:~$ man ascii
Isn't it cool to have all the ASCII character sets in your linux terminal?
Read more...
Bookmark this post: |
|
How To Mount Folder or Filesystem Over SSh
Many times you need to interact a lot with some directory or a filesystem while working remotely on a server over SSh. Things will be way easier if you can mount the remote folder or filesystem over SSh and I am going to show how to do this thing in this very post.
SSHFS (Secure SHell FileSystem) is a file system for Linux (and other operating systems with a FUSE implementation, such as Mac OS X or FreeBSD) capable of operating on files on a remote computer using just a secure shell login on the remote computer. On the local computer where the SSHFS is mounted, the implementation makes use of the FUSE (Filesystem in Userspace) kernel module. The practical effect of this is that the end user can seamlessly interact with remote files being securely served over SSH just as if they were local files on his/her computer. On the remote computer the SFTP subsystem of SSH is used.
SSHFS can be downloaded and installed from HERE. Most linux distros have sshfs in their repositories. You can use the respective package managers to install the sshfs in the client system(i.e. your system).
Ubuntu and debian users can type the following in the terminal to install sshfs:
Once you install sshfs, you are ready to mount the remote files and folders over SSh. The syntax for mounting the remote filesystem/folder is pretty straightforward.
The syntax is: sshfs -p SSHPort [user@]host:[dir] mountpoint
An example of mounting the remote system's /opt directory in my Desktop
Unmounting can be done by using the command as below:
I hope this counts as a useful tips for you. :)
Read more...
SSHFS (Secure SHell FileSystem) is a file system for Linux (and other operating systems with a FUSE implementation, such as Mac OS X or FreeBSD) capable of operating on files on a remote computer using just a secure shell login on the remote computer. On the local computer where the SSHFS is mounted, the implementation makes use of the FUSE (Filesystem in Userspace) kernel module. The practical effect of this is that the end user can seamlessly interact with remote files being securely served over SSH just as if they were local files on his/her computer. On the remote computer the SFTP subsystem of SSH is used.
SSHFS can be downloaded and installed from HERE. Most linux distros have sshfs in their repositories. You can use the respective package managers to install the sshfs in the client system(i.e. your system).
Ubuntu and debian users can type the following in the terminal to install sshfs:
samar@Techgaun:~$ sudo apt-get install sshfs
Once you install sshfs, you are ready to mount the remote files and folders over SSh. The syntax for mounting the remote filesystem/folder is pretty straightforward.
The syntax is: sshfs -p SSHPort [user@]host:[dir] mountpoint
An example of mounting the remote system's /opt directory in my Desktop
samar@Techgaun:~$ sshfs -p 222 kubh@192.168.0.1:/opt/ ~/Desktop/remote/
Unmounting can be done by using the command as below:
samar@Techgaun:~$ fusermount -u ~/Desktop/remote/
I hope this counts as a useful tips for you. :)
Read more...
Bookmark this post: |
|
Wednesday 4 April 2012
w3m - A Text Based Commandline Web Browser
w3m is a World Wide Web text based client. It will display hypertext markup language (HTML) documents containing links to files residing on the local system, as well as files residing on remote systems. It can display HTML tables and frames. In addition, it can be used as a "pager" in much the same manner as "more" or "less". Current versions of w3m run on Unix (Solaris, SunOS, HP-UX, Linux, FreeBSD, and EWS4800) and on Microsoft Windows 9x/NT.
Linux users can install the package from their respective repositories. Following is the example of installation in ubuntu and debian based linux.
Using the w3m browser is pretty straightforward. At start up, w3m will load any local file or remote URL specified at the command line. An example usage is as below:
You can see the whole list of available operation by pressing H(Shift + h) and you will know how comprehensive this seemingly simple command line browser actually is. w3m supports all kind of features we expect from a web browser such as hyperlink navigations, tabbed browsings, file I/O operations, bookmarking, and searching.
w3m can also be used as a pager and for translating HTML files. Taken directly from w3m manpage, following are the examples:
To use w3m as a pager:
To use w3m to translate HTML files:
or
Read more...
Linux users can install the package from their respective repositories. Following is the example of installation in ubuntu and debian based linux.
samar@Techgaun:~$ sudo apt-get install w3m
Using the w3m browser is pretty straightforward. At start up, w3m will load any local file or remote URL specified at the command line. An example usage is as below:
samar@Techgaun:~$ w3m http://www.techgaun.com
You can see the whole list of available operation by pressing H(Shift + h) and you will know how comprehensive this seemingly simple command line browser actually is. w3m supports all kind of features we expect from a web browser such as hyperlink navigations, tabbed browsings, file I/O operations, bookmarking, and searching.
w3m can also be used as a pager and for translating HTML files. Taken directly from w3m manpage, following are the examples:
To use w3m as a pager:
samar@Techgaun:~$ ls | w3m
To use w3m to translate HTML files:
samar@Techgaun:~$ cat foo.html | w3m -T text/html
or
samar@Techgaun:~$ cat foo.html | w3m -dump -T text/html >foo.txt
Read more...
Bookmark this post: |
|
Monday 2 April 2012
How To Disable Password Prompts For sudo In Ubuntu
If you are one of those linux users who very frequently use the sudo command, you might have been annoyed of entering passwords each time you use this command. However with a very simple tweak, you can change this behaviour and disable the password prompts for the sudo command.
A bit of warning though, do not modify the default behavior of asking for passwords since it would drastically compromise security of your system. Following is the warning given by ubuntu help.
If you disable the sudo password for your account, you will seriously compromise the security of your computer. Anyone sitting at your unattended, logged in account will have complete Root access, and remote exploits become much easier for malicious crackers.
Now you are aware of warning, lets see how this can be done.We need to edit the /etc/sudoers file. Lets first open the file in safe editable mode using the following command:
Using visudo for editing the /etc/sudoers lets us locate the possible errors that may occur while editing the file so always use visudo.
Following is the format of disabling password prompts for specific user.
So if we are to disable password prompts for the user samar, you can make a new line with following entry:
In case you want to let all the users with admin privilege use the sudo command without having to give the password, you can edit the line that says %admin ALL=(ALL) ALL to the following:
Once you add such line for appropriate user, press Ctrl + x and save the changes. You will either have to log out and login back or restart the shell to see the modification in effect.
I hope this is useful. :)
Read more...
A bit of warning though, do not modify the default behavior of asking for passwords since it would drastically compromise security of your system. Following is the warning given by ubuntu help.
If you disable the sudo password for your account, you will seriously compromise the security of your computer. Anyone sitting at your unattended, logged in account will have complete Root access, and remote exploits become much easier for malicious crackers.
Now you are aware of warning, lets see how this can be done.We need to edit the /etc/sudoers file. Lets first open the file in safe editable mode using the following command:
samar@Techgaun:~$ sudo visudo
Using visudo for editing the /etc/sudoers lets us locate the possible errors that may occur while editing the file so always use visudo.
Following is the format of disabling password prompts for specific user.
<username> ALL=NOPASSWD: ALL
So if we are to disable password prompts for the user samar, you can make a new line with following entry:
samar ALL=(ALL)NOPASSWD: ALL
In case you want to let all the users with admin privilege use the sudo command without having to give the password, you can edit the line that says %admin ALL=(ALL) ALL to the following:
%admin ALL=(ALL)NOPASSWD: ALL
Once you add such line for appropriate user, press Ctrl + x and save the changes. You will either have to log out and login back or restart the shell to see the modification in effect.
I hope this is useful. :)
Read more...
Bookmark this post: |
|
Saturday 31 March 2012
nmbscan - Network Shares Scanner Based On NMB/SMB/NetBIOS Protocol
NMB Scanner scans the shares of a NetBIOS/SMB network, using the NMB/SMB/NetBIOS protocols. It is useful for acquiring information on a local area network for such purposes as security auditing.
It can obtain such information as NMB/SMB/NetBIOS/Windows hostname, IP address, IP hostname, ethernet MAC address, Windows username, NMB/SMB/NetBIOS/Windows domain name, and master browser. It can discover all the NMB/SMB/NetBIOS/Windows hosts on a local area network by using the hosts lists maintained by master browsers.
You can download the version 1.2.6 of nmbscan tool from HERE.
After downloading, extract the files by typing:
Running nmbscan shows pretty much of information about the usage.
You can figure out the command line switches as per your necessity while using the tool. I hope this tool counts as useful for you. :)
Read more...
It can obtain such information as NMB/SMB/NetBIOS/Windows hostname, IP address, IP hostname, ethernet MAC address, Windows username, NMB/SMB/NetBIOS/Windows domain name, and master browser. It can discover all the NMB/SMB/NetBIOS/Windows hosts on a local area network by using the hosts lists maintained by master browsers.
You can download the version 1.2.6 of nmbscan tool from HERE.
After downloading, extract the files by typing:
mkdir nmbscan && tar -xvf nmbscan-1.2.6.tar.gz --directory nmbscan
Running nmbscan shows pretty much of information about the usage.
samar@Techgaun:~/Downloads/nmbscan$ ./nmbscan
nmbscan version 1.2.6 - Techgaun - Sat Mar 31 00:04:15 NPT 2012
usage :
./nmbscan -L
-L show licence agreement (GPL)
./nmbscan {-d|-m|-a}
-d show all domains
-m show all domains with master browsers
-a show all domains, master browsers, and hosts
./nmbscan {-h|-n} host1 [host2 [...]]
-h show information on hosts, known by ip name/address
-n show information on hosts, known by nmb name
You can figure out the command line switches as per your necessity while using the tool. I hope this tool counts as useful for you. :)
Read more...
Bookmark this post: |
|
Friday 30 March 2012
Automating Execution Of Applications In DosBox
Running dosbox and mounting the necessary directory everytime to run any software in dosbox becomes boring with time. I had to automate the execution of qbasic by using dosbox in edubuntu and so here is the tutorial for making a simple desktop entry for automating the execution of apps in dosbox.
I will be giving an example of qbasic here but you can follow the same method, of course with little modification(that you'll easily figure out). So lets start.
The first thing we will do is make a new configuration file for our qbasic at /opt/qbasic/qbasic.conf. The file will consist of following content and you need to slightly modify according to your path and command name.
Basically what we are doing above is adding our commands in the autoexec section of configuration file that will be read by dosbox. In the autoexec section, we first mount our appropriate directory(~/qbasic as C) and then switch to the mount point and finally execute the required command(qb in above example).
Now all you need to do is create a new launcher with the following command:
Notice that I'm providing my custom configuration while running the dosbox command. As per your necessity, you could provide -noconsole and -exit switches in the command above(as in games). Also, though this article focusses on linux, you can follow this with minor OS specific variations to run in windows as well. I hope this helps you. :)
Read more...
I will be giving an example of qbasic here but you can follow the same method, of course with little modification(that you'll easily figure out). So lets start.
The first thing we will do is make a new configuration file for our qbasic at /opt/qbasic/qbasic.conf. The file will consist of following content and you need to slightly modify according to your path and command name.
[autoexec]
mount C ~/qbasic
C:
qb
mount C ~/qbasic
C:
qb
Basically what we are doing above is adding our commands in the autoexec section of configuration file that will be read by dosbox. In the autoexec section, we first mount our appropriate directory(~/qbasic as C) and then switch to the mount point and finally execute the required command(qb in above example).
Now all you need to do is create a new launcher with the following command:
/usr/bin/dosbox -conf /opt/qbasic/qbasic.conf
Notice that I'm providing my custom configuration while running the dosbox command. As per your necessity, you could provide -noconsole and -exit switches in the command above(as in games). Also, though this article focusses on linux, you can follow this with minor OS specific variations to run in windows as well. I hope this helps you. :)
Read more...
Bookmark this post: |
|
Thursday 29 March 2012
Extracting All Hyperlinks From Webpages - Python
In this example, I am going to show how easily you can extract all the links in a webpage using python. If you are learning to write some small scale crawler, this can be a quick startup on how you can extract the links in any webpage.
Basically, we will send the http request to any webpage and we will read the HTML response except in the case when the connection can not be established. In such case, we will simply inform the user that we could not connect to the website.
For all these stuffs, we will import few modules and most important ones are re and urllib2 for regular expression stuff and HTTP request/response stuffs respectively.
We then write the regex for the hyperlinks for which we will make a search in the HTML data we get back after sending the request from the server. Note the <a href=[\'"]?([^\'" >]+). The small brackets are there to let us capture our necessary information i.e. the actual links.
Now you understood what we'll be doing, below is the python script to extract the hyperlinks from any webpage.
Now run the script as python extracter.py http://www.techgaun.com or any URL you wish to.
So isn't it a good start for writing your own simple web crawler? :P
Read more...
Basically, we will send the http request to any webpage and we will read the HTML response except in the case when the connection can not be established. In such case, we will simply inform the user that we could not connect to the website.
For all these stuffs, we will import few modules and most important ones are re and urllib2 for regular expression stuff and HTTP request/response stuffs respectively.
We then write the regex for the hyperlinks for which we will make a search in the HTML data we get back after sending the request from the server. Note the <a href=[\'"]?([^\'" >]+). The small brackets are there to let us capture our necessary information i.e. the actual links.
Now you understood what we'll be doing, below is the python script to extract the hyperlinks from any webpage.
#!/usr/bin/python
import re, urllib2
from sys import argv
if (len(argv) != 2):
print "No URL specified. Taking default URL for link extraction"
url = "http://www.techgaun.com"
else:
url = str(argv[1])
links_regex = re.compile('<a href=[\'"]?([^\'" >]+)', re.IGNORECASE)
url_request = urllib2.Request(url)
try:
response = urllib2.urlopen(url_request)
html = response.read()
links = links_regex.findall(html)
print '\n'.join(links)
except urllib2.URLError:
print "Can't Connect to the website"
Now run the script as python extracter.py http://www.techgaun.com or any URL you wish to.
So isn't it a good start for writing your own simple web crawler? :P
Read more...
Bookmark this post: |
|
Subscribe to:
Posts (Atom)