OpenSSH Installation and Configuration

OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions. [www.openssh.com]

Here’s the summary of commands on installing and configuring SSH in Ubuntu.

SSH INSTALLATION

To install OpenSSH client:

sudo apt-get install openssh-client 

(open-ssh client is installed by default)

To install OpenSSH server:

sudo apt-get install openssh-server

SSH CONFIGURATION

To test if ssh server is running:

ssh localhost
ssh user@server_ip_address

To stop ssh server:

sudo /etc/init.d/ssh stop

To start ssh server:

sudo /etc/init.d/ssh start

To restart ssh server

sudo /etc/init.d/ssh restart

CONNECT AND DISCONNECT FROM A CLIENT

To connect to a remote host:

ssh user@remote_pc's_ip_address

To disconnect from a remote host:

exit

The Kernel: Loading and Removing Modules

The kernel is the heart of the Operating System. Linux Kernel could be Monolithic or Modular. A monolithic kernel supports everything (hardware, network, file systems) compiled from a single file; mostly used in embedded systems. A Modular kernel comprises of some drivers compiled as object files, which can be loaded or removed anytime. Modular kernel doesn’t need to be always recompiled when a hardware is added.

To check you current kernel version, enter the command:
uname -a
uname -r

More on Modular Kernel…
The modular kernel consists of the kernel itself and athe kernel modules.
All modules of a kernel are stored in /lib/modules/$(uname -r) and have a file extension of ko.

Controlling Kernel modules: utilities supplied by nmdutils package

lsmod – lists currently loaded kernel modules
syntax:

lsmod

rmmod – low level command used to remove a module
syntax:

rmmod modulename

insmod – low level command used to insert a module
syntax:

insmod filename

modinfo – display module details

depmode – determines module dependencies and rebuilds /lib/modules/kernel-version/modules.dep

modprobe – loads and removes modules, takes care of dependencies. configuration files is stored in /etc/module.conf & /etc/conf.modules.
syntax:

sudo modprobe modulename

sudo modprobe -r modulename

e.g.

sudo modprobe vfat
lsmod  | grep fat output:
vfat	17335	0
fat	55505	1 vfat

sudo modprobe -r vfat
lsmod | grep fat output:
--output blank--

Find Files and Commands in Linux

find – search a file from a certain criteria.
syntax:

find directory criteria [-exec command {} \;]

e.g.:

remove all files belonging to user 502:
find / - type f -user 502 –exec rm –f {} \;

locate – list all files and directories that match the expression.
syntax:

locate string

locate queries the /var/lib/slocate/slocate.db database. This database is kept up to date via a daily cron job which runs updatedb. updatedb read /etc/updatedb.conf file. The Security Enhanced version of the GNU locate is slocate.

whereis – return the full path to source or binaries as well as documentation files matching string by scanning the PATH variable as well as a number of well known locations.
syntax:

whereis string

which – return the full path to the file called string by scanning the directories defined in the user’s PATH variable only. which is only used to find commands.
syntax:

which string

apropos – search manual page names and description.
syntax:

apropros string

whatis – display manual page description.
syntax:

whatis string

Creating Hard and Symbolic Links

What’s the difference between soft link and hard link?

A soft link to a file/directory is the new inode created that points to the same data and it can be created across filesystems. A hard link is an additional name for the same inode and it can only be created within the same filesystem. The reference count for soft link is 1 while reference count for hard link increases by one every new hard link.

The syntax for soft link and hard link are:

ln -s filename softlinkname
ln filename hardlinkname

Creating a hard and soft link from the sample file
e.g.

ln -s sample sample.sl
ln sample sample.hl

ls -l output:
-rw-r--r-- 2 dhee dhee 27 2011-08-31 12:56 sample
lrwxrwxrwx 1 dhee dhee 6 2011-08-31 12:56 sample.sl -> sample
-rw-r--r-- 2 dhee dhee 27 2011-08-31 12:56 sample.hl

Speed Up Package Downloads and Updates with apt-fast

Use apt-fast instead of apt-get for faster download speed in downloading and updating packages in Ubuntu.

To use apt-fast:

1. Download the file apt-fast.sh from http://www.mattparnell.com/linux/apt-fast/.
2. Rename the file to apt-fast [mv apt-fast.sh apt-fast].
3. Move the file to /usr/bin [mv apt-fast /usr/bin].
4. Add execution permission to the file [chmod +x apt-fast].
5. Use apt-fast to download/upload packages.

apt-fast install package

apt-fast update

Faster downloading and updating time with apt-fast!

Default Routing

Default Route is known as the gateway of last resort. If a route is not known, packets are forwarded to a default-route of a router which generally leads to another router. Default routes are used on stub networks – those with only one exit path out of the network.

To create a default route, use the following syntax:
ip route 0.0.0.0 0.0.0.0 next-hop_address
or
ip route 0.0.0.0 0.0.0.0 exit_interface
or
ip default-network network_address

The three syntax differ in such a way that:
– if the next hop address is used, AD is set to 1.
– if the exit interface is used, AD is set to 0.
– if ip default-network is used, the default network will be advertised of igp is configured on th router.

Suppose we want to send all unknown routes outside our network. Let’s say our network is 10.0.0.0.

Here’s how to configure a default route given the topology above.

1. Configure each of the router’s interfaces.

2. Configure Default Routing.

R2(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.1

R3(config)#ip route 0.0.0.0 0.0.0.0 200.200.200.1

3. use ip classless command for subnetted networks

R2(config)#ip classless

R3(config)#ip classless

4. Verify the configuration

R2#ping 200.200.200.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/61/72 ms

R3#ping 10.10.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/54/80 ms

R1#show ip route
Gateway of last resort is not set
C    200.200.200.0/24 is directly connected, Serial0/1
     10.0.0.0/24 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, Serial0/0

R2#show ip route
Gateway of last resort is 10.10.10.1 to network 0.0.0.0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, Serial0/0
S*   0.0.0.0/0 [1/0] via 10.10.10.1

R3#show ip route
Gateway of last resort is 200.200.200.1 to network 0.0.0.0
C    200.200.200.0/24 is directly connected, Serial0/0
S*   0.0.0.0/0 [1/0] via 200.200.200.1

Special File Permission

setuid grants temporary access permission. A normal user inherits root privileges for the purpose of that process. setuid bit is represented by an S/s.
-rwSrw-rw- –> Setuid bit set, not executable
-rwsrw-rw- –> Setuid bit set, executable

syntax:

chmod 4*** file

e.g.: chmod 4644 /etc/passwd

setgid works the same way with setuid. The difference is; instead of the root, the group privileges are inherited. setgid is bit represented by an S/s.
-rw-rwSrw- –> Setgid bit set, not executable
-rw-rwsrw- –> Setgid bit set, executable
file should be a member of the group, to access privilege.

syntax:

chmod 2*** file

e.g.: chmod 2755 hexdump

stickybit keep programs in swap even after execution. Files in a directory with the sticky bit set can not be deleted by anyone other than the owner of the file, the owner of the directory, and the root user. Sticky bit is represented by an T/t.
-rw-rw-rwT –> Sticky bit set, not executable
-rw-rw-rwt –> Sticky bit set, executable

syntax:

chmod 1*** file

e.g.: chmod 1755 myfile

umask and chattr

umask alters the standard permission. umask is set in etc/profile.

File Creation
default permission when creating a file: 666 [rw- rw- rw-]
permission when a file is created : 644 [rw- r– r–]
this is because of umask setting in etc/profile, umask 022 is subtracted from 666

Directory Creation
default permission when creating a file: 777 [rwx rwx rwx]
permission when a directory is created : 755 [rwx r-x r-x]
this is because of umask setting in etc/profile, umask 022 is subtracted from 777

chattr change a file’s attributes. It is used to change and drop attributes.

chattr +i file

ls command do not display attributes. lsattr command must be used instead

lsattr file

chown and chgrp

To change file ownership, use chown command. And to change the group where a file belong to, use chgrp command.

change file owner:

chown user file

change file owner and group:

chown user:group file

change only the group:

chgrp user file

File Permissions

In Linux, users are able to control file access through the use of permissions.
The three modes of file access are:
read -view the file
write – change the file
execute – run the file

A file is different from a directory when talking about permissions. In a directory, the three mode of access are:
read – view directory’s contents
write – add, delete, rename files
execute – open a files or sub directories in a directory

Files and Directories can be accessed by:
file owner or user (u) – with an entry in /etc/passwd
member of the files’ group (g) – with an entry in /etc/group
anyone else or others (o)

Using ls -l command, all file’s attributes can be examined.

Changing File Permission

Permissions can be specified in absolute form or surgical form.
Absolute form use octal specification.

| u | g | o |
rwx rwx rwx
421 421 421
Here's a summary of numerical permission:
7     full
6     read and write
5     read and execute
4     read only
3     write and execute
2     write only
1     execute only
0     none

syntax:

chmod ### file

e.g
chmod 540 sample.txt

Surgical form use who/how/what specification

Who:
u - user 
g - group
o - other 
a - all (u+g+o)
How: 
+ - Add permission, existing unaffected 
- - Remove permission, existing unaffected 
= - Set permission, existing replaced
What:
r - read
w -write
x -execute

syntax:

chmod WhoHowWhat file

e.g.:
Add execute permission for the file’s owner: chmod u+x file.txt
Remove write permission from group and others: chmod go-w file.txt
Set the file to read only for everyone (kills existing permissions): chmod a=r file.txt