Setting up SSH public/private keys

SSH can be set up with public/private key pairs to have a personal security control onto your ssh connection.

To obtain your public and private keys, on your client machine you only need to type:

$ ssh-keygen -t rsa -C "John Doe "

where instead “John Doe” you must insert your name and surname.
The output is:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/fra/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):

where you have to insert the filename for your key (for example “fcastagnotto_key”) and the passphrase to protect the use of your private key (lika a password).

After that, the command shows the key fingerprint and the key’s randomart image of your public key and then, your keys are created!!

You can find your private key (for me is the file fcastagnottoLINUX_key) and your public key (for me is the file fcastagnottoLINUX_key.pub) under the directory where you have been done this procedure.

Then, if your keys aren’t under your ~/.ssh/ folder, you have to move them there. For my keys, this is the command:

$ sudo mv fcastagnottoLINUX_key* .ssh/ -v

To complete the setup for the key recognition, you must copy your public key into your remote server whit the command

$ ssh-copy-id user@192.168.1.2

where the you have to replace user with your remote user and 192.168.1.2 whit the IP address of your remote machine. This command place your public key into the remote machine’s authorized_keys file. (This command ask you to insert the remote user’s password for the copy of the key)

At this point, you can test your remote recognition with

$ ssh user@192.168.1.2

and you should have to insert your passphrase, to correct login into your remote machine!!

Enjoy! ;)

Reinstall GRUB with a GNU\Linux LiveCD or LiveUSB

Sometimes, I had to install Windows in addition to GNU\Linux on the same machine. Sad days.

Best way to do this, is to start with the Linux installation -that opens the partition program- to have a right division of your disk. After this installation, I install Windows in its own partition, but this OS doesn’t like the linux bootloader and it rewrite the disk MBR with the reference to start the Microsoft Bootloader.

So in this condition, to reinstall the GRUB bootloader (the best used bootloader with new GNU\Linux distros) you can use the live distro on the CD or pendrive.
When the live-system starts, you need to know the system name of the linux partition. To know that, use the command

$ sudo fdisk -l

that shows the various partitions of the machine. Then you can identify your linux partition and know the system name that is “/dev/sdaX” or “/dev/hdaX” where X is a number.

Then, you only need to write these commands:

$ su
# mkdir /disk
# mount /dev/sdaX disk
# mount --bind /dev disk/dev
# mount -t proc none disk/proc
# chroot disk /bin/bash
# grub-install /dev/sda
# update-grub

In case you have the /boot folder into a different partition, you need to write also

# mount /dev/sdaX disk/boot

before the chroot command.

After that, you can do a normal restart of your system from HD and the bootloader is restored!

Automatic “1st result” on Firefox

This is not a post only for linux user, but is for all the “Firefox users“.

Here I simply post the method to allow Firefox to show the first result of the Google search, only tiping some keywords in the adress bar, without clicking on the results list of Google.
This function was implemented in the older versions of Firefox (like the 7th-8th), but in the modern versions it appears the list of Google and you must select the result that you want.

So, to enable this function, go to the address bar and type
about:config
and then promise to Firefox that you’ll be careful with the configuration parameters.   XD

In the Search field, type keyword: it can show only few item.
Then,

  1. set  keyword.enabled   to   true
  2. set   keyword.URL   to   http://www.google.it/search?ie=UTF-8&sourceid=navclient&gfns=1&q=

 

Now, enjoy you new searches!   ;o)

Compare files and folders

When you need to compare files and folders (and folder trees), you can use the bash command diff.

I analyze the complex case of compare folder trees, for example when you have two directory trees maked in the same mode, but not really equal.
So, you must type:

$ diff -rw project1/ project2/ | diffstat

where i use the -r option to recursively compare any subdirectories, and the option -w to ignore all whte spaces.
At the end, i use the diffstat command to make histogram from diff-output, that transform the output in a best view.

If you have too many files and folders to analyze, you can read in the best way using the less command, appended after diffstat with a pipe.

 

Enjoy!!  ;)

Ethernet virtual-interfaces (Debian system)

If you need more than one ethernet interface on your machine, you need a virtual-interface!
An ethernet virtual interface it’s an autonomous interface with an IP address, that simulates a physical ethernet interface.

On a debian-based OS, for more ethernet interfaces on a single physical interface you must add these lines at the end of interfaces, assuming eth1 the default physical interfaces:

auto lo
iface lo inet loopback

auto eth1 eth1:0

iface eth1:0 inet static
address 192.168.1.71
        netmask 255.255.255.0
        gateway 192.168.1.1
iface eth1 inet static
        address 192.168.1.70
        netmask 255.255.255.0
        gateway 192.168.1.1

whit an IP address different from the IP of the interface of the system (note that here, I’m working on my personal LAN 192.168.1.0/24), and then restart the networking daemon:
$ sudo /etc/init.d/networking stop
$ sudo /etc/init.d/networking start

(If the networking daemon doesn’t restart correcly, do a system reboot)

So now, on your system you will have two ehternet interfaces (you can also create others virtual interfaces, in the same way).
To control your ethernet configuration, run the ifconfig command.

Enjoy!  ;)

Tunneling SSH

If you are in a work space where the outgoing server blocks all the connection, except for the only that it know as safe, but you want to connect to a your HTTP server, to use some services -like Pyload, usually blocked because it use the port 8080-, you only need the port 22 open on the outgoing server (is usually open, for LAN debugs) and the public IP address of your remote server.

Then, you can redirect all the HTTP traffic from the server into the SSH tunnel, like that:
§ ssh user@192.168.1.200 -L 12345:192.168.1.200:8000

This is only an example, so now all the traffic that the remote server (here is 192.168.1.200) usually send to the port 8000 or 8080 is redirect into the ssh tunnel. Now, I can only open my preferred browser, and at the standard address “127.0.0.1:12345” I find my server application!

So note that the port 12345 is a random number, but it must not be a used port number on your system.

So, enjoy!!   ;-)

Auto-completion Bash (Debian systems)

Using an embedded system linux, that I create with an old Debian 6.0.6 minimal armel and the new kernel 3.8.6, on a Freescale i.MX53 board, I discovered that some linux distributions do not have the bash auto-completion pre-installed.

Yeah, is not a great surprise, but it’s a problem when you use a minimal distribution or a distribution that you don’t know..

So, for the Debian systems, you must only install the package “bash-completion”:

$ sudo apt-get install bash-completion

If the bash-completion doesn’t work, you must modify the file .bash_profile in your home directory, by un-comment these lines:

if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
    . /etc/bash_completion
fi

If you don’t have the file .bash_profile don’t worry: you must use the .bashrc file.If you don’t have the lines, you only have to add the lines to make the bash-completion work.

Follow

Get every new post delivered to your Inbox.

Join 36 other followers