OpenSSH: Disabled Reverse DNS Lookup

at · Tags: , , , , ,

The post is mostly to myself, but hopefully useful for others too.

When connecting to an OpenSSH server, one of the first things that the server does is to perform a reverse DNS loopuk on the client’s IP, which is in general a slow operation and causing for an unnecessary delay during authentication. However this reverse DNS lookup can be disabled.

Do the following to disable it:

# In /etc/ssh/sshd_config:
UseDNS no

Related posts:

  1. Howto: Convert an OpenSSL key to a public/private OpenSSH key-pair
  2. Intel Releases LatencyTop 0.1
  3. Decompile and Disassemble Windows Exe-files
  4. Optimize MySQL for Low Memory Use
  5. Howto Secure Apache
  6. Hack a PC using PXE Netboot

Comments (3)

Howto: Convert an OpenSSL key to a public/private OpenSSH key-pair

at · Tags: , , , , , , , , , , , , , , , , ,

This howto demonstrates how to convert an OpenSSL key to a public/private OpenSSH key-pair.

The motivation for converting this is simple — dual use. That is to say, any user or application that has been issued a certificate can now use their SSL-based credentials for both SSL- and SSH-based authentication.

Requirements
You’ll need a valid certificate and private key — actually only the key is required. This recipe assumes that your certificate and key will have the names user-crt.pem and user-key.pem, respectively. If your key is encrypted (which it should be), you’ll also need to have it’s passphrase handy.

You’ll need a shell account on a system that supports OpenSSH logins using public/private key authentication.

Solution
The solution is to extract the public key from the private key using ssh-keygen, copy the new key-pair into place, and test them out.

1. Copy the private SSL key to ~/.ssh/id_ssl.
$ cp user-key.pem ~/.ssh/id_ssl
$ chmod 600 ~/.ssh/id_ssl

2. Extract the public SSH key using ssh-keygen.
$ ssh-keygen -y -f ~/.ssh/id_ssl > ~/.ssh/id_ssl.pub
$ chmod 600 ~/.ssh/id_ssl.pub

3. Add the public key to your authorized_keys
$ cat ~/.ssh/id_ssl.pub >> ~/.ssh/authorized_keys

4. Test the new key by attempting to SSH to localhost.
$ ssh -i ~/.ssh/id_ssl localhost

At this point, you’ll need to enter your passphrase (assuming you had one), and if all goes well, you’ll be sitting at a new shell prompt.

5. Remove the test key from your authorized_keys file.

In theory, a single certificate and key issued to an employee would be sufficient to access all participating SSL- and SSH-based resources in a given environment (or perhaps the entire company).

This post is based on an original recipe by Klayton Monroe.

Related posts:

  1. SSL: Verifying that a Certificate matches a Private Key
  2. SSH Key for Login Without Password
  3. Openssl to create an unencrypted key from an encrypted one (Remove password)
  4. Howto Create Generate a Certificate Signing Request
  5. Howto Convert Text File From UTF-8 to ISO-8859-1 Encoding
  6. GnuPG/GPG: Exporting your Public Key
  7. Sending Spam with SWT
  8. SSL Certificates Review: What to Buy
  9. OpenSSL CSR Wizard
  10. OpenSSH: Disabled Reverse DNS Lookup

Comments (1)

Opening and Forwarding Ports To A VirtualBox-based Guest

at · Tags: , , , , , , , , , , , , ,

Here are the commands used to open and forward the host’s port 2222 to the guest’s port 22 (SSH Server Port).

Type this into a terminal:


VBoxManage setextradata nameofyourguest "VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/HostPort" 2222
VBoxManage setextradata nameofyourguest "VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/GuestPort" 22
VBoxManage setextradata nameofyourguest "VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/Protocol" TCP

Could also be used to forward PostgreSQL and HTTP:


VBoxManage setextradata nameofyourguest "VBoxInternal/Devices/pcnet/0/LUN#0/Config/postgresql/HostPort" 5432
VBoxManage setextradata nameofyourguest "VBoxInternal/Devices/pcnet/0/LUN#0/Config/postgresql/GuestPort" 5432
VBoxManage setextradata nameofyourguest "VBoxInternal/Devices/pcnet/0/LUN#0/Config/postgresql/Protocol" TCP
VBoxManage setextradata nameofyourguest "VBoxInternal/Devices/pcnet/0/LUN#0/Config/http/HostPort" 8080
VBoxManage setextradata nameofyourguest "VBoxInternal/Devices/pcnet/0/LUN#0/Config/http/GuestPort" 80
VBoxManage setextradata nameofyourguest "VBoxInternal/Devices/pcnet/0/LUN#0/Config/http/Protocol" TCP

Related posts:

  1. Howto Access via ssh a Virtualbox Guest machine
  2. Sockets Programming in Java
  3. Convert from VMWare To VirtualBox
  4. How to mount bin / cue image files in Linux
  5. Crack Windows Password
  6. MySQL Optimization and Performance Tips
  7. Gaming with Intel GMA 900, GMA 950, 915 or 945 GL/GV/GM Based Chipsets

Comments (2)

Why Startups Need Automated Infrastructures

at · Tags: , , , , ,

Related posts:

  1. Setting up your own APT repository with upload support
  2. Beautiful and Efficient File Upload Using Flash and Ruby on Rails
  3. Best Practice Information Architecture
  4. Mentoring Collaborative UCD

Comments

How to Mount a Remote Filesystem Using SSH and sshfs

at · Tags: , , , , , , , , , , , , , , , ,

From time to time I work on remote servers and some times it would be very useful to be able to mount the remote file system on my local machine. Recently I found sshfs, which is a filesystem client based on the SSH File Transfer Protocol and since most *nix like servers; Linux, FreeBSD, NetBSD, OpenBSD servers with OpenSSH installed already support this protocol it is very easy to set up – Read: on the server side there’s nothing to do, setup or configure. On the client side mounting the filesystem is as easy as logging into the server with SSH.

Technically (more) the sshfs is based on FUSE, which is the best userspace filesystem framework for linux ;-)

Here is how I connect to my remote SSH-based servers and hosts:


$ sshfs -o uid=1000,gid=1000 cc@remote.host.com:/home/cc /media/mountpoint

I use the uid and gid arguments to give my own normal user with those uid and gid to have write access to the mounted filesystem.

This post describes the sshfs in more details and moreover howto use it on Ubuntu and Debian.

The sshfs website.

Related posts:

  1. Howto: Resize Xen Loop Disk Image
  2. Installing Xen on Debian Etch 4.0
  3. Xen Howto: Install Windows
  4. Remote Control Your Computer with Your iPhone
  5. Sockets Programming in Java
  6. How to mount bin / cue image files in Linux
  7. Migrate existing Ext3 filesystems to Ext4
  8. Howto: How to Reset the MySQL Root Password
  9. Ubuntu Howto: Install Xen
  10. Howto Install Windows XP / Vista on Xen

Comments

Howto Access via ssh a Virtualbox Guest machine

at · Tags: , , , , , , , , , , , , ,

By default, the network connection in VirtualBox is set to NAT (Network Address Translation), that is every packet coming from the Guest machine is modified so that it seems as it has come from the Host machine. In this way it’s easy for the Guest machine to connect to all the rest of the network (the internet included) but nobody can start a connection with the Guest Machine since it’s hidden behind the Host one.

This blog post describes a technique to route incoming connections to VirtualBox guest instances in order to enable for example SSH and sshfs connections

Related posts:

  1. Seamless Windows Applications on Ubuntu Linux Using VirtualBox
  2. How to Mount a Remote Filesystem Using SSH and sshfs
  3. Howto Wiretap – Sniff Network Traffic
  4. Xen Howto: Install Windows
  5. Opening and Forwarding Ports To A VirtualBox-based Guest
  6. Browse Faster Using a Local DNS Cache
  7. Ubuntu Howto: Install Xen
  8. Howto Install Windows XP / Vista on Xen
  9. Howto: Install Windows Vista Fonts in Ubuntu
  10. Installing Xen on Debian Etch 4.0

Comments

Run Single Commands on a SSH-based Server

at · Tags: , , , , , , , , ,

You can run a single command on an OpenSSH server by adding the command to the end of the ssh command.


ssh -fCT user@server

-f = Allows ssh to close after the connection is established.
-C = Use Compression
-T = No terminal session will be started

Related posts:

  1. Accessing Munin nodes through SSH tunnels
  2. SSH Key for Login Without Password
  3. Rethinking the GUI (Graphical User Interface) and the CLI (Command Line Interface)
  4. Howto Access via ssh a Virtualbox Guest machine
  5. Xen Howto: Install Windows
  6. Linux Terminal Speed Performance Comparison
  7. Howto Wiretap – Sniff Network Traffic
  8. How to Mount a Remote Filesystem Using SSH and sshfs
  9. Howto: Convert an OpenSSL key to a public/private OpenSSH key-pair
  10. Speed Up Google Maps-based Applications With Caching

Comments

“Bookmark” SSH-Connections using SSHMenu for GNOME

at · Tags: , , , , , , , ,

As a regular Linux user I use SSH over and over again during a workday. Normally it is almost the same hosts I connect to every day or just a few different, all in all the amount of hosts I connect to regularly is fairly small.

To avoid tedious and repetitive username and host type-ins, I found a small GNOME applet called SSHMenu, which keeps all regular SSH connections available within a single mouse click.

This screenshot depicts the idea.

SSHMenu

Related posts:

  1. Gnome System Monitor User Interface Rework
  2. Howto Access via ssh a Virtualbox Guest machine
  3. Gnome 2.10 Snaek Peek
  4. Gnome NetworkManagerInfo applet
  5. Gnome 2.14 feature highlights
  6. Howto Wiretap – Sniff Network Traffic
  7. Tour of Gnome 2.12 features
  8. Ubuntu Themes
  9. Run Single Commands on a SSH-based Server
  10. Top 10 Free Windows 7 Applications

Comments

« Previous entries Next Page » Next Page »