Author: Dolapo Soboyede

How to Set Up Login via SSH Keys on Linux Servers

Here’s a tutorial that talks about setting up login via SSH keys on Ubuntu servers as well as how to log in to such servers from Mac and Windows clients. This tutorial builds on DigitalOcean’s excellent tutorial (How To Set Up SSH Keys) [1].

About SSH Keys

SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. While a password can eventually be cracked with a brute force attack, SSH keys are nearly impossible to decipher by brute force alone. Generating a key pair provides you with two long string of characters: a public and a private key. You can place the public key on any server, and then unlock it by connecting to it with a client that already has the private key. When the two match up, the system unlocks without the need for a password. You can increase security even more by protecting the private key with a passphrase.

Step One—Create the RSA Key Pair
The first step is to create the key pair on the client machine (there is a good chance that this will just be your computer):

ssh-keygen -t rsa

Step Two—Store the Keys and Passphrase
Once you have entered the Gen Key command, you will get a few more questions:

Enter file in which to save the key (/home/demo/.ssh/id_rsa):
You can press enter here, saving the file to the user home (in this case, my example user is called demo).

Enter passphrase (empty for no passphrase):
It’s up to you whether you want to use a passphrase. Entering a passphrase does have its benefits: the security of a key, no matter how encrypted, still depends on the fact that it is not visible to anyone else. Should a passphrase-protected private key fall into an unauthorized users possession, they will be unable to log in to its associated accounts until they figure out the passphrase, buying the hacked user some extra time. The only downside, of course, to having a passphrase, is then having to type it in each time you use the Key Pair.

The entire key generation process looks like this:

ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/demo/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/demo/.ssh/id_rsa.
Your public key has been saved in /home/demo/.ssh/id_rsa.pub.
The key fingerprint is:
4a:dd:0a:c6:35:4e:3f:ed:27:38:8c:74:44:4d:93:67 demo@a
The key's randomart image is:
+--[ RSA 2048]----+
|          .oo.   |
|         .  o.E  |
|        + .  o   |
|     . = = .     |
|      = S = .    |
|     o + = +     |
|      . o + o .  |
|           . o   |
|                 |
+-----------------+

The public key is now located in /home/demo/.ssh/id_rsa.pub The private key (identification) is now located in /home/demo/.ssh/id_rsa

Step Three—Copy the Public Key
Once the key pair is generated, it’s time to place the public key on the virtual server that we want to use.

You can copy the public key into the new machine’s authorized_keys file with the ssh-copy-id command. Make sure to replace the example username and IP address below.

ssh-copy-id user@123.45.56.78

Alternatively, you can paste in the keys using SSH:

cat ~/.ssh/id_rsa.pub | ssh user@123.45.56.78 “mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys”
No matter which command you chose, you should see something like:

The authenticity of host '12.34.56.78 (12.34.56.78)' can't be established.
RSA key fingerprint is b1:2d:33:67:ce:35:4d:5f:f3:a8:cd:c0:c4:48:86:12.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '12.34.56.78' (RSA) to the list of known hosts.
user@12.34.56.78's password: 
Now try logging into the machine, with "ssh 'user@12.34.56.78'", and check in:

  ~/.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.

Note: if you create your private key in a non-standard location, you will want to copy it to the remote server using the ssh-copy-id command with the i flag as follows: 

ssh-copy-id -i ~/.ssh/your-id-rsa-file user@123.45.67.222

Now you can go ahead and log into user@12.34.56.78 and you will not be prompted for a password. However, if you set a passphrase, you will be asked to enter the passphrase at that time (and whenever else you log in in the future).

Logging in from Various Clients

Mac

Note: if you are logging in from a Mac client, you may want to store your private key credentials in the keychain so that you don’t get asked for a password henceforth. To do this, run the following command: 

ssh-add -K ~/.ssh/you-id-rsa-key

Then entire your passphrase when prompted (if you set one earlier).

Windows

If you are logging from a Windows machine, you may want to use a client like Putty. If you try to use your OpenSSH key directly with Putty, you may run into an error like “Unable to Use key file /Path/to/your/id-rsa-file (OpenSSH SSH-2 private key)”. To fix this, you will need to convert your private key to one that Putty can use. Puttygen is a software you can use for this. Download Puttygen, run the program, go to Conversions > Import key, find your private key and click Open, then click Save private key. This will generate a .ppk file which you can use with Putty. You may find more details in CNX Soft’s excellent tutorial [2].

Optional Step Four—Disable the Password for Root Login
Once you have copied your SSH keys unto your server and ensured that you can log in with the SSH keys alone, you can go ahead and restrict the root login to only be permitted via SSH keys.

In order to do this, open up the SSH config file:

sudo vim /etc/ssh/sshd_config

Within that file, find the line that includes PermitRootLogin and modify it to ensure that users can only connect with their SSH key:

PermitRootLogin without-password

Put the changes into effect:

reload ssh

References

1. How To Set Up SSH Keys. https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys–2. [04/12/2016].

2. How To Use Putty with an SSH Private Key Generated by OpenSSH. http://www.cnx-software.com/2012/07/20/how-use-putty-with-an-ssh-private-key-generated-by-openssh/. [04/12/2016].

How to execute a Git command using custom private key

By default, when running Git command on repositories accessed via SSH, Git uses your default private key, i.e. /.ssh/id_rsa. Suppose you have multiple SSH keys and you want Git to use a specific non-default one to perform a command, you may do this using a command like

GIT_SSH_COMMAND="ssh -i ~/.ssh/your_rsa_key" git push origin master

Note that you need Git 2.3 and newer.

References

How to tell git which private key to use? http://superuser.com/questions/232373/how-to-tell-git-which-private-key-to-use.

How to install a Github package using pip

Suppose you are working on a Python project and want to quickly install a public package from Github, you can do this using a command like:

pip install -e git://github.com/someusername/package-name.git#egg=some-packagename

If the repository is private and your SSH private key has been added to the repository’s access list, then you can access it using a command like:

pip install -e git+ssh://git@github.com/someusername/package-name.git#egg=some-packagename

How to Copy Long Console Log in Google Chrome

When debugging JavaScript, you may come across situations where you have printed out some super-long variable which Chrome console doesn’t fully show. In order to retrieve the full variable, right-click the output, click Store as Global Variable. A variable name will appear at the bottom of the console together with the value you desire. Let’s assume the variable name is temp1. Execute the following command in the console:

copy(temp1);

That’s it! The value is now in your clipboard and can be pasted into an editor of your choice.

How to Encrypt and Decrpt files with GPG

Hi folks,

Today I write about an easy way to encrypt and decrypt files using GPG. GPG (also called GnuPG) is an acronym for GNU Privacy Guard. It is a free software replacement for Symantec’s PGP cryptographic software suite. It is a popular encryption software that supports several algorithms, including RSA, DSA, IDEA, etc. [1].

So, first, install GPG if you don’t already have it.

On a Mac run the command:

brew install gpg

Next, encrypt your file using the command, assuming you want to use AES-256 algorithm:

gpg --output <file name> --symmetric --cipher-algo AES256 <unencrypted file name>

You will be asked for a password which will be required for decryption.

To decrypt the file, use the following command:

gpg --decrypt <file name>

Again you will be asked for the password. Use the same one you provided during encryption.

Sources

  1. GNU Privacy Guard – Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/GNU_Privacy_Guard

How to Scan Images Remotely

Hi folks,

Today I’ll briefly discuss a nice and easy way to scan images remotely. Suppose you have your multifunction printer or scanner hooked up to an Ubuntu server via a USB cable and you need to quickly scan a document while using a remote machine. How can you go about it? It’s easy. Just use the scanimage command over SSH. There’s an API called SANE (Scanner Access Made Easy) that provides a standard way to access raster image scanners [1]. SANE supports Windows, Linux, UNIX and OS/2. scanimage belongs to the SANE package and is available on Ubuntu by default.

First, log in to the server via SSH.

Next, turn on your printer/scanner and insert the document you wish to scan.

Next, run the following command:

scanimage --format=tiff ><your-file>.tiff

This should fire up your printer/scanner, scan the image and save the result in tiff format. From there you can transfer the output file to your machine for use.

Note that there are alternative ways to achieve this, e.g. by setting up a SANE daemon (saned) on your scanner server and then setting up a SANE client for Ubuntu or using TWAIN for Windows and Mac OS, thus allowing you to use compatible scanner software on the client [2].

Sources

  1. Scanner Access Now Easy – Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/Scanner_Access_Now_Easy
  2. SaneDaemonTutorial – Community Help Wiki. https://help.ubuntu.com/community/SaneDaemonTutorial

The Art of Treading Water

A few weeks ago I made my first successful attempt at treading water at the neighbourhood swimming pool. At the end of the lesson I asked my friendly instructor to allow me practice treading water and she obliged. Note that I had attempted treading water on numerous occasions using various techniques I had seen on Youtube at the pool only to find myself sinking fast to the bottom of the pool. This time, I did a few things different, thanks to instructions from my wise instructor. First, I had to look upawards. Second, I had to make sure my upper body was bent forward such that a line from my waist to my head made an angle of say thirty degrees to the vertical wall of the pool. Third, I had to constantly kick in a cycling motion, as if riding a bike. And finally, I had to rotate foreams in circles parallel to the surface of the water, palms open. Think of it as trying to wipe an imaginary table parallel to the water surface. On doing these four things simultaneously, I was able to keep my face above water for a good couple of seconds for the first time. Now that is hard core! But I was ecstatic afterwards. Now, having described my personal way of treading water, I’ll quickly go over the common ways I’ve found for treading water.

First, when treading water, it’s very helpful to move your arms in circles such that you effectively push the water downwards. By pushing the water downwards, the water pushes your body upwards in accordance with the law of conservation of momentum. Another helpful motion is the kick with the legs. There are a few types of kicks you can use to thread water.

First, using breast stroke kicks. Think of the regular breast stroke kicks, but you just do it downwards. It’s a fairly easy way to push the water downwards and hence your body upwards.

Second, flutter kicks. You can also use these to tread water. This generally requires more energy though, but for some people it just works.

Below is a nice video that shows using the aforementioned techniques.

Third, egg beater kick. This is basically the same as breast stroke kicks, but one leg at a time. Below is a video that demonstrates this.

So, how do you guys tread like to tread water? Feel free to leave comments.

How to Create VirtualHost in Tomcat 8

Hi folks,

Today I will discuss how to create a VirtualHost on Tomcat 8. For those who don’t know, Tomcat is a very popular open-source web server for hosting Java web applicationsm. Tomcat implements a bunch of Java EE specifications like Java Servlet, JavaServer Pages (JSP), Websocket and Java EL [1].

Let’s assume you installed Tomcat 8 in /usr/local/apache-tomcat-8.0.30. you want to add a virtual host sweetapp.com. Assume the project folder is at /usr/local/apache-tomcat-8.0.30/webapps/myapp

Open the file /usr/local/apache-tomcat-8.0.30/conf/server.xml
Then add the following lines:

 <Host name="sweetapp.com" appBase="webapps" unpackWARs="true" autoDeploy="true">
 <Alias>www.mydomain.org</Alias>
 
 <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
 prefix="sweetapp_access_log" suffix=".txt"
 pattern="%h %l %u %t "%r" %s %b" />
 
 <Context path="" docBase="/usr/local/apache-tomcat-8.0.30/webapps/myapp"
 debug="0" reloadable="true"/>
</Host>

Save and close the file.

Then restart tomcat using the commands:

   /usr/local/apache-tomcat-8.0.30/bin/shutdown.sh
   /usr/local/apache-tomcat-8.0.30/bin/startup.sh

Sources

Apache Tomcat – Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/Apache_Tomcat