sshfs project page
fuse project page
List of filesystem develop using fuse

It worked fine, until I noticed that scp'ing to the NSLU2 didn't work anymore... Reverting back to the sh shell, scp started to work again... The error was right after startup of scp it replied with "Connection closed". No info on logs, what so ever.

I'm running SlugOS, and according to this thread: http://tech.groups.yahoo.com/group/nslu2-general/message/6537 it looked like a bash version bug.

Indeed I did have version 3.2-r2 installed... and so it would not work.

Because I have the optware repository enabled ( http://www.nslu2-linux.org/wiki/Optware/Slugosbe) I've checked that the bash version on this repository was newer. So:

- ipkg remove bash

- ipkg-opt install bash

- cp /opt/bin/bash /bin/bash

And while mantaining an open session, changed the shell to bash on one user and tried to logon. It worked.

And scp? It worked also, so with my finger's crossed, I've changed again the root shell to bash, and logon on a new session. No problem. Indeed scp worked right away also.

So if any problems with scp failing, just upgrade your bash version.

Key words: sftp-server bash connection closed failed error 0

Para copiar desde otro PC al nuestro:

$ scp -rv usuario_origen@host_origen:ruta_origen ruta_destino

Para copiar desde nuestro ordenador a otro:

$ scp -rv ruta_origen usuario_destino@host_destino:ruta_destino

Nota: se necesita la contraseña del otro host para poder acceder a él.

For example, in my case I was using a Nagios based monitor that needed to connect to a group oh hosts and from time to time I got bursts of this error when trying to access the monitored machines.

This is an example of the log file:

10 13:43:02  hoard04 [2]: Protocol error. ssh is complaining, see next
message. #d83bb35 (ssh_common.c 427)
10 13:43:02  hoard04 [2]: ssh_exchange_identification: Connection
closed by remote host

Even though the problem solves automatically by just ingnoring it for a while (really) I prefer to fix the problem rather than the symptoms, so with a little help from google I came up with the right solution.

This problem happens when the server hits the MaxStartups limit in the /etc/ssh/sshd_config file. This value acts as a security measure if for example someone tries to compromise your server with a DoS attack. By default its set to 10 so its relatively easy for SSH to get stuck at 10 connections.

Anyway, to solve the issue you just have to edit the mentioned file and bump the MaxStartups limit to, say 25 or 50 if you need a lot of connections.

Grazie al mio periodo di vacanza, dedito al puro dolce e sano far niente (ma niente niente eh)

mi lavo con uno straccio avvolto in un bastone

mi sono imbattuto per puro caso sul tubo in questo:

Oggi ho scoperto che conoscendo Il Segreto posso avere tutto ciò che voglio. Zan Zan! La prima cosa che ho pensato è stata: "Paranoia!", la seconda: "Lo voglio sapere subito!". Visto che il mio fondo per i libri è stato dilapidato per I Segreti della Sistina ho cercato, sempre sul tubo, i filmati del dvd allegato. Beh.. ci sono tutti! Ora non li posto perchè sticazzi, se volete ve li cercate, comunque ora io lo SO! Pappappero pappappà.

Vabbè mi fate pena: in breve Il Segreto è che bisogna concentrarsi sulle cose positive perchè la "forza dell'attrazione" (che viene spiegata nei filmati) porta a noi le cose che pensiamo.. un po' tipo Genie, ma più complicato. Basta mi sono stufato.

Vi lascio con un'ultima immagine dei magnifici relatori del libro:

EDIT: il post è di ieri, solo che ho fatto casino con le immagini, mi sono depresso e stavo facendo tardi per la cena dai miei. Cosa più importante avevo da vedere Voyager con mi padre, quindi l'ho pubblicato oggi. 

Problem war folgendes: Ich möchte an ein Netzwerkdrucker-WebInterface von einem Kunden in einem internen Netzwerk(Von außen nicht erreichbar)um Einstellungen vorzunehmen. Wenn möglich ohne hinzufahren. Ein Arbeitskollege hat mir dann geraten einen ssh-Tunnel aufzubauen.

ssh -L lokalerport:zielrechner:zielport login@gateway(firewall)

Bedeutet im Klartext:

Ich baue eine Verbindung zum Gateway auf(login@gateway(firewall)in diesem Falle die Firewall des Kunden) und steuere über diese eine beliebige Interne IP(zielrechner) an. Dann kann ich den Port 80 (zielport)(HTTP - eben fürs Webinterface) der Drucker IP auf einen frei wählbaren Port(lokalerport) auf localhost legen und anschließend simpl im Browser unter http://localhost:port abrufen! Und das alles mit diesem einen Befehl :)

Enter gedrückt und schon kann ich den Internen NetzDrucker vom Kunden bequem vom Arbeitsplatz aus konfigurieren.

Geht übrigens mit allem was nen Webinterface hat... Router ...Switches ... Modems... und wenn der Port stimmt sogar noch andere Scherze... also eine riesen Erleichterung.

War ich richtig beeindruckt von :)

Well I've moved my work computer from XP to Kubuntu 8.04, and since then I struggle to do the same as I did with the XLive CD.

Basically with the XLive CD this is how it works:

- On your windows PC after starting the XLive CD, the X server starts and bind to the TCP X port to hear incoming connections. These incoming connections come from the client I try to access.

- On the client side I just do and export=ip_my_windows_machine:0.0 and start the X application.

- That's it.

On Kubuntu I've tried several configurations to allow the KDE display manager to listen to network connections. I've searched a lot, changed the xorg.conf file, the kdm.rc file, and yes it didn't work....

Well the issue was that I needed a paradigm change in how to connect to my client machines. I took me a while to see that I do not need to fiddle with my KDE configuration...

So how you can you do it?

Simple:

- Connect to your client machine through ssh (You're using ssh, righ? ) and edit the file sshd.conf or ssh_config (It depends on your version) located in /etc/ or one of it's subdirectories like sshd.

- Edit the file and make sure that you have a line ForwardX11 yes

- Save and restart the ssh deamon.

Now on your workstation instead of connecting with just ssh user@IP use ssh -X user@IP. With this command all X connections will be forwarded automatically to your Kubuntu desktop, just like you did an export DISPLAY and so on.

You will need root access to the server.

Login as root and use your favorite editor to modify the /etc/motd file. For this example I'm using vi.

# vi /etc/motd

Now type in the message you wish all users to see once they login to your server. Lets try something like this:

If you are not an authorized user for this server
or you are a hacker trying to access confidential info, think before you type.
Maybe join the human race and refrain from hacking it?  See
"Schlindler's List" part where the German commandant is shooting
prisoners in the prsion year "because he can".  Schlindler tells him
"true power is in not doing evil even though you can."
You know, no one crushed you under their boot when you were a
baby, although they certainly could have...  With great power comes great responsibility.

OK, Now you're done editing the file, type Esc to enter command mode and then type :wq to save the changes

Logout from SSH, then log back again and you will see your custom message.

Please note that the message will be displayed AFTER people log in. If you want to show a message BEFORE, you might want to edit your sshd_config file.

So everybody is SSHing into their home boxes, except me, because I just don't know how. I'm running a Kyocera KR1 router with a Verizon Wireless EVDO card, in a rural area of NE Arizona where there are no phone lines or cables to the property. Throughput speeds are pitiful. We have four machines using this connection: a desktop system running Ubuntu 8.04 Hardy Heron; an old Dell desktop running Debian Etch, an ancient Packard Bell with Damn Small Linux 4.0 installed; and an eeePC 701 Surf 2GB model, running eeebuntu NBR 1.0. I know less than nothing about Dynamic DNS, but that's going change by the time I'm done, however long it takes.

High Hopes and Low Spirits
I want to learn how to SSH. My documentation for this first attempt came in the form of a tutorial called, “Ep: 0149 klaatu - DynamicDNS | 2008-07-25,” which I found on hackerpublicradio.org. Recorded by Klaatu, who needs no introduction to the FOSS community, (but in case he does to other people, check out the links to just a couple of his hangouts on the Internet, below), I had dreams of simply jumping in and getting things all set up. I listened along, stopping the recording from time-to-time to type in relevant URLs, and to open terminals, etc. And it all went swimmingly.

You know, the way it did for that girl at the beginning of Jaws.

This was a long process that ultimately ended in frustration. I followed Klaatu's instructions to the letter, but at some point we were simply using different alphabets. If I may mangle the Bard for a moment, the fault lies not in our star (of the tutorial), but in ourselves: my ignorance did me a grave disservice here once again, to say nothing of the confusion caused by the massive variety of firmware running on an equally massive number of different routers out there. Certainly, the Kyocera KR1 is different from the router used in the tutorial, and things started to go bad from almost the very moment it was time to change the settings on my machine. Always keep in mind, I don't know what the hell I'm doing, so I can be completely stymied by little things like unfamiliar terminology.

[[[[[[[[[[[[[[[[[[[[]]]]]]]]]]]]]]]]]]]]

ENTER The Blue-Haired Stranger
We start off on this audio tutorial with some peppy electronic music, reminiscent of the evening news, which quickly segues into an intro and short anecdote about Klaatu's first encounter with SSH, and a very basic explanation of what Dynamic DNS is. He talks about No-ip.com, to use as your “bridge”, and, himself, uses it in the tutorial. I signed up over there, and that went well-enough, though it's not the easiest site to navigate -- I think mostly because they're a commercial venture, and are naturally pushing their profit-making services over their basic one, which I was looking for. Using their basic service, though, is free (as in beer), so that's why Klaatu feels most people would want to do so. Being a cheap Yankee, I certainly agree.

I logged in to No-ip.com, and used it to add a host name. That, too, was confusing, since they have some domain names for free, and some only available to their paying customers; and while they have these listed separately, they do put them together on the same dropdown menu, and you can – as I did, twice -- go through all the steps and submit your information before they tell you that you made a mistake. I could've avoided this by looking through the entire menu first, thus seeing the delineated sections, but I needed to be frustrated for a few moments, I guess. Part of this was caused by the fact that Klaatu's example, “geekgalaxy.com” is on the pay-for list, though he emphasizes going the free route.

Finally, I picked one that worked, and put together a name I figured I could remember (very important for the retention-challenged amongst us). My ultimate goal is SSH only, so No-ip.com basically said that all I needed out of them was a DNS host. The tutorial also recommends this. I don't really understand the available services at this site, but that's what I was after, so that's what I chose. I gather that the purpose is to create a name you can just type into an application that effectively hides your IP address at home or where ever it is you're trying to SSH into. This part seemed to go well, and I did, indeed, end up with a host name registered at No-ip.com.

The next step in the tutorial involved configuring the firewall that I have on our main Ubuntu box, here, which is the one I'd most likely want access to when out and about. (Actually, now that I'm thinking of it, I'd more likely want to get into my DSL box, where I spend a lot of my time. Maybe I will, next time.)

Now Boarding At Port 22
Now, this begins a trickier part of the tutorial, because, naturally, Klaatu couldn't tell me exactly which buttons to press on my firewall application, yet that is the kind of hand-holding a new enthusiast like myself is looking for, and which the first half of his how-to was able to more-or-less provide. I was looking to enable “SSH”, which is Port 22. I don't really know what ports are, except for the sea, air, and space kind, but Wikipedia has this to say about them, which doesn't help me at all. Whatever the hell they are, Klaatu warns not to be tempted to mess with any of the other ports at this point, and, specifically, not to enable “HTTP”, as it represents a severe security risk. When I want to flirt with danger, I'll tear the labels off my soup cans; in the meantime, I'll stick with “SSH”.

Believe or not (because I'm not sure I do, nor do I yet have a success to, in fact, prove that I did), I was able to go into my firewall and open Port 22 of my machine, as well as enable TCP on it, which, in the tutorial, I was told to do. UDP was an option here, but I don't know the difference, and even Klaatu admits on this recording that he doesn't either. He provides some (highly confusing) info on adjusting your iptables, in case you either have no firewall, or simply prefer using them instead – though I'd expect that anyone capable of properly working with their iptables has little need for a basic tutorial like this, different in scope though it is.

Supposedly, at this point, if I did this correctly, I'd be all set to go. That is, unless I had a wireless router on my network, connecting the target computer to the Internet. Which I did. So I'm not.

Get Your Kicks On Router 666
As far as I can tell, this where it went sour. While I easily could have screwed something up earlier, I didn't feel completely lost until I had to make changes in the HTML router interface; and, like the situation with the firewall, there are just too many variables for Klaatu to have guided me by the hand. Now, I've been inside my router before, poking around trying to figure out a big mystery -- telephone in one hand, with a solicitous but ultimately impotent help desk person on the other end. I didn't learn much there (didn't even solve the problem), so this new trip into my router's config was somewhat spooky. Klaatu makes the statement that most of the people listening to his tutorial – because it is hosted on Hacker Public Radio, a rather geeky place – have configured their router before. Again, I submit that SSH may well be a person's first exposure to the controls of their router, as they mightn't have needed to go in there before for any other reason.

Be that as it may, I certainly don't have useful experience there, so this part of the tutorial was critical; yet Klaatu was using a Netgear router, and the interface for it is different enough from my KR1 that I was effectively on my own. Specifically, he has a “Port Forwarding/Port Triggering” control pane in his. I'm sure I do too, but not by that name. And since nomenclature is everything sometimes, despite the sweetness of a rose, I was unable to positively identify the correct subcategory in my router's control interface. Oh, I clicked on lots of things, but none of them allowed my eeePC (from where I was working) to access the target desktop computer. I mean, is it even possible to SSH in this manner from one machine to another when they're both behind the same router? Your guess is at least as good as mine, and probably a whole lot better.

In the end, it was no-go for me using only this tutorial. I am SSH-less yet.

[[[[[[[[[[[[[[[[[[[[]]]]]]]]]]]]]]]]]]]]

The Good – Klaatu is an excellent speaker, and I don't know if he does any professional training, but he certainly could. This tutorial, like others by him I've heard, is both concise and verbose where needed, and he's very open about what he does and doesn't know. His knowledge of this topic clearly dwarfs my own (though that's not hard, obviously), and, despite my lack of success while following his tutorial, it provided a good introduction to free DDNS services, and I believe that I was able to successfully create a usable host name for future attempts. I also feel like I have a decent handle on the basic concept and what I should expect to accomplish. This is considerably more than I had when I started.

The Bad – I'm still unable to SSH into my target box. I place the blame squarely on my ignorance (of course), and the myriad router differences that exist in the world. I think I will need to search for an overview, or even another tutorial, that covers the KR1 in particular regarding DDNS.

The Ugly – The single most frustrating thing about this isn't this at all, but rather, the continual interruptions I had while trying to do this. I simply cannot succeed at learning how to do SSH (or probably much else) if I have to continually stop and deal with other things. I suppose this isn't ugly at all if it inspires me to change how I do things, but it's maddening, regardless.

Links
hpr0149-klaatu-dynamic-dns.mp3 (direct download of the show)
straightedgelinux.com/interweb (an excellent page of text and emendated screenshots, specific to this tutorial, also by Klaatu)
hackerpublicradio.org
No-ip.com
TCP and UDP port (Wikipedia page)

Thanks to Klaatu for his fine work. Check him out on the following podcasts (or just Google him – the guy's everywhere):
The Bad Apples podcast
Linux Cranks podcast
Fedora Reloaded podcast
Hacker Public Radio (quite a few episodes)

Next Up:

SSH (part two)
“Artie Ephem Blows Into Town (or maybe he just blows)”

¿Qué versión del kernel tengo?

$ uname -r
2.6.17.13-smp

¿Qué versión de X tengo instalada?

$ X -version 2>&1 | sed ‘/^$/d’ | head -n1
X Window System Version 6.9.0

¿Tengo aceleración por hardware en mi placa de video?

$ glxinfo | grep “direct rendering”
direct rendering: Yes

¿Qué procesador(es) tiene mi compu?

$cat /proc/cpuinfo | grep “model name”
model name : Intel(R) Pentium(R) 4 CPU 3.00GHz
model name : Intel(R) Pentium(R) 4 CPU 3.00GHz

¿Cuál es la frecuencia del(los) procesador(es)?

$ cat /proc/cpuinfo | grep “cpu MHz”
cpu MHz : 3000.586
cpu MHz : 3000.586

¿Que porcentaje del disco(s) esta usado/libre?

$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 10G 6.5G 3.5G 65% /
/dev/sda2 10G 4.9G 5.2G 49% /home

¿Cual es la temperatura del CPU?

$ cat /proc/acpi/thermal_zone/THRM/temperature
temperature: 43 C

¿Cual es el nombre de la maquina?

$ hostname
amd64

¿Cual es la MAC de la placa de red?

$ /sbin/ifconfig | awk ‘/HWaddr/ {print $5}’
00:XX:XX:XX:XX:XX

¿Cuanta memoria tiene disponible la compu?

$ free -m | sed -n ‘2,2p’ | awk ‘{print $2 ” MB”}’
494 MB

¿Cuánta memoria está usando la compu?

$ free -m | sed -n ‘3,3p’ | awk ‘{print $3 ” MB”}’
297 MB

¿Cuanta memoria está libre?

$ free -m | sed -n ‘3,3p’ | awk ‘{print $4 ” MB”}’
195 MB

¿Hace cuanto que está encendida la compu?

$ uptime | cut -d, -f1 | cut -d” ” -f3-

¿Qué proceso está consumiendo más CPU?

$ ps -eo pcpu,pid,user,args | sort -k1 -r -n | head -2
%CPU PID USER COMMAND
2.1 10346 zarpele /usr/lib/opera/9.27-20080331.6/opera -style Plastik

¿Qué dispositivos tengo en los bus PCI?

$ /sbin/lspci
00:00.0 Host bridge: Intel Corporation 915G/P/GV/GL/PL/910GL Express Memory Controller Hub (rev 04)
00:01.0 PCI bridge: Intel Corporation 915G/P/GV/GL/PL/910GL Express PCI Express Root Port (rev 04)
00:02.0 VGA compatible controller: Intel Corporation 82915G/GV/910GL Express Chipset Family Graphics Controller (rev 04)
00:1b.0 Audio device: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) High Definition Audio Controller (rev 03)
00:1c.0 PCI bridge: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) PCI Express Port 1 (rev 03)
00:1d.0 USB Controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB UHCI #1 (rev 03)
00:1d.7 USB Controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB2 EHCI Controller (rev 03)
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev d3)
00:1f.0 ISA bridge: Intel Corporation 82801FB/FR (ICH6/ICH6R) LPC Interface Bridge (rev 03)
00:1f.1 IDE interface: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) IDE Controller (rev 03)
00:1f.2 IDE interface: Intel Corporation 82801FB/FW (ICH6/ICH6W) SATA Controller (rev 03)
00:1f.3 SMBus: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) SMBus Controller (rev 03)
06:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)

¿Qué dispositivos tengo en los bus USB?

$ /sbin/lsusb
Bus 5 Device 1: ID 0000:0000
Bus 3 Device 1: ID 0000:0000
Bus 2 Device 1: ID 0000:0000
Bus 1 Device 1: ID 0000:0000
Bus 4 Device 2: ID 03f0:1d17 Hewlett-Packard
Bus 4 Device 1: ID 0000:0000

¿Cuál es el nombre de usuario que tengo?

$ whoami
zarpele

¿A que grupos del sistema pertenezco?

$ groups
users floppy audio video cdrom

¿Cuánto espacio de disco usa mi cuenta?

du -sh $HOME
3.6G /home/eternauta

¿Que versión del compilador de C tengo instalado?

$ gcc –version | head -n1
gcc (GCC) 3.4.6

¿Qué librerías utiliza el programa xxx (por ejemplo mplayer)?

$ ldd /usr/bin/mplayer
linux-gate.so.1 => (0xffffe000)
libdvdnav.so.4 => /usr/lib/libdvdnav.so.4 (0xb7ecc000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0xb7e9c000)
libmad.so.0 => /usr/lib/libmad.so.0 (0xb7e87000)
libdv.so.4 => /usr/lib/libdv.so.4 (0xb7e5f000)
libtheora.so.0 => /usr/lib/libtheora.so.0 (0xb7e31000)
libogg.so.0 => /usr/lib/libogg.so.0 (0xb7e2c000)
libpng.so.3 => /usr/lib/libpng.so.3 (0xb7df1000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7ddf000)
libjpeg.so.62 => /usr/lib/libjpeg.so.62 (0xb7dc2000)
libasound.so.2 => /usr/lib/libasound.so.2 (0xb7d02000)
libdl.so.2 => /lib/tls/libdl.so.2 (0xb7cfe000)
libxmms.so.1 => /usr/lib/libxmms.so.1 (0xb7cf1000)
libmpcdec.so.5 => /usr/lib/libmpcdec.so.5 (0xb7ce3000)

¿Qué hora y día es hoy?

$ date
Fri Oct 3 12:56:14 ART 2008

¿Tienés un calendario de este mes?

$ cal
October 2008
Su Mo Tu We Th Fr Sa
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31

Fuente: Taringa

Pues resulta que si que tenemos otra opción y mucho mas facil, introduciendo el siguiente comando:

cd -

Nos volvemos a situar en la carpeta anterior a la que estamos actualmente. Pongamos un ejemplo para que se entienda mejor:

user@ubuntu-server:~$ pwd

/home/user

user@ubuntu-server:~$ cd /etc/apache2/

user@ubuntu-server:/etc/apache2$ ls

apache2.conf  envvars     mods-available  ports.conf       sites-enabled

conf.d        httpd.conf  mods-enabled    sites-available

user@ubuntu-server:/etc/apache2$ cd -

/home/user

user@ubuntu-server:~$

Está claro que este tip es bastante util, pero hay que acostumbrarse a usarlo !!

Fuente: spsneo.com/blog/

This section covers the configuration of the firewall, ssh, and creating user accounts. The final part will cover the install of MySQL, PHP, and Pure-ftp.

Now this part is all command line baby!!!  So I'm not going to provide any screen shots since you shouldn't need them.  If you think you need screen shots for this section just stop reading now.  Seriously leave!  Okay so first I'm going to setup ssh.  It should already be installed so all we need to do is configure it.

I'm kind of a security freak so I'm going to walk you through how to do public-key authentication, and how to change the port of the ssh server so you aren't logging in on the standard port 22.  But before we do that I'm going to show you how to setup the firewall.  This is a basic setup but should be pretty secure. If you want to know more about configuring the firewall check out this tutorial.

cd ~
mkdir scripts
vim ./myfirewall


Just paste in this script (make modifications where you see fit):
#!/bin/bash
#
# iptables firewall configuration script

# flush all current rules from iptables
iptables -F

# allow ssh connections on tcp port 8768 <-- this is just random pick anything over 6000
iptables -A INPUT -p tcp --dport 8768 -j ACCEPT
# allow ftp connections on tcp port 21 <-- for more security you can change this
iptables -A INPUT -p tcp --dport 21 -j ACCEPT

# set default policies for INPUT, FORWARD and OUTPUT chains
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# set access for localhost
iptables -A INPUT -i lo -j ACCEPT

# accept packets belonging to esablished and related connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# save settings
/sbin/service iptables save

# list the rules
iptables -L -v

Finally make this file executable and you have a script:
chmod +x myfirewall

To run it you just type (you must be logged in as root):
~/scripts/myfirewall

This will make it easier when you want to add rules. It flushes all the rules, rebuilds the rules, saves them, and lists all the rules at the end. Once this is done we should reboot to let the firewall settings take effect.
shutdown -r now

Another thing we want to do before we configure ssh is to create a user. We aren't going to allow root access to ssh so we need someone to login as. Once it's restarted we are going to login as root and create a user. (just replace username and password with your desired username and password)
useradd username
passwd username password

Now when you login to that username you can always switch to the root user by typing:
su -
Then it will prompt you for the root password. To switch back:
logout

Rule of thumb is to never login to root unless you absolutely have to in order to change something. It can be really dangerous to login as root all the time because if you make a mistake there is most likely no way of going back. Now that I gave you that warning we are going to login as root because we need to setup the ssh server.

First let's create a backup of the sshd_config file so we can go back if we make a mistake.
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

Now let's edit the original file.
vim /etc/ssh/sshd_config

And just copy this configuration and paste it into the window. Or you can type it in manually, just make sure to double check everything at the end.

After you have done that all you need to do is to create the .ssh folder with the authorized keys file.  Make sure you are logged in as a user other than root and do this.

mkdir ~/.ssh
chmod 700 ~/.ssh

Now all you have to do is to upload your public key to the server. If you do not have one it's pretty easy to make.

Okay so I didn't plan on having a part 3 to this tutorial, but there is a lot more than I thought there would be. So now that we have ssh setup properly and have the firewall configured then we are good to move on to the next part.

It will then prompt you with something like this:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): <-- I just press enter here
Enter passphrase (empty for no passphrase): <-- I usually put in a password
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key finger print is:
9d:27:2f:d5:6f:31:a3:fc:8f:f2:10:76:6e:bc:aa:88 user@localhost.localdomain

Now that you have a public and private key pair you need to upload your public key to the server you want to connect to.

scp ~/.ssh/id_rsa.pub user@host:.

Once you do that you need to login to the remote machine and copy the contents of your public key to the users authorized_keys file.

cat ~/id_rsa.pub >> .ssh/authorized_keys

if there is no .ssh directory:

mkdir .ssh
chmod 700 .ssh

if there wasn't an authorized_keys file before, make sure to modify the permissions (this only needs to be done if you are using strict permissions in the /etc/ssh/sshd_config):
chmod 600 .ssh/authorized_keys

That is all you have to do from the client side on a Linux/Unix/Mac Os X machine. Now lets look at the Windows way of doing things. I have done this with both XP and Vista before so it should work the same way, that is as well as I can remember it works the same.

Windows doesn't come with an ssh client, unlike the other operating systems, so you must download a client in order to use ssh. Luckily there is PuTTY! If you click on the very top download it should only take a minute since it is a very lightweight application. While you are there you are going to need PuTTYgen as well.

Now for the part that sucks for me... having to take screen shots, optimize the images, upload them and paste them. All the while supplying you with step by step instructions. Seriously I give props to the people that do this more than I do, this takes a long time to make a tutorial.

So lets open up PuTTYgen and see what it looks like.

Just click on the "Generate" button.  And you will get this screen.

This part is kind of fun because you get to move your mouse around in that area to generate the key.  The only time it sucks is when you set the number of bits to higher than 1024, I would normally go with 2048 but you always have the choice of 4084 as well.  If you choose the last one I hope you have some stamina because it takes a while.

Now you just need to type in the information you want.  If you don't want to put a password for the private key that is your choice.  If you want to make a password you can always use pageant to make it so you don't have to type a password everytime.  MAKE SURE YOU SAVE BOTH THE PRIVATE AND PUBLIC KEYS!  And put them in a location you can find.

Now we insert that private key into PuTTY.  So lets configure our PuTTY session.

First we are going to open up PuTTY and go to the Auth section under SSH.  Leave the defaults and browse for where you saved your private key.  Now go back up to Sessions.

Fill out the connection information, create a session name and save the configuration.  Now we have to upload the public key to the server.

Hopefully the ssh server is using password authentication right now, or you have some means to ssh into the server.  Because this is now command line via ssh.  Let's upload the public key to the server.

scp /path/to/file/publickey.pub user@host:.

Now connect via ssh to the server, we are going to add the public key to the authorized_keys file.  Since we used PuTTYgen to create the public key we need to convert it to the openssh format. And in that same command we append it to the end of the authorized_keys file.

ssh-keygen -if publickey.pub >> .ssh/authorized_keys

and that's all folks!  Now you should be able to connect to your server using public key authentication.  Hope you made it through this okay.

# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 8768
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel DEBUG

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding no
#X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

One you have it installed:

1. Open PuTTY.

2. Connect to your server:

# ssh username@IPAddressHere

Log in as your Primary User, enter your password when prompted for a password.

3. Once you are logged in, you should see this:

[username@hostname username] $

4. Su to root:

# su -

Type in the root password when prompted for a password.

5. If you su'ed successfully, your prompt should look like this now:

[root@hostname root] #

If you have any questions related to PuTTy, head on over to the PuTTy FAQ.

Interested in a GUI for managing and running ssh and related utilities? Check out SecPanel.

功能上大同小異，皆使用視窗的方法。

而在Ubuntu裡，除了VNC及內建的"遠端桌面"，還可以使用telnet & ssh指令來遠端登入，ssh是種簡單方便又高安全性的連線方式，Linux or 其他Unix-like OS底下為標準配備。

*什麼是ssh(截取wiki)

1.開啟終端機鍵入以下指令

sudo apt-get install ssh

2.威利以pietty在MS作業系統上做遠端登入示範圖例及說明

Si no eres amigo de que ésto pase, puedes crearte tu propio comando que elimine un archivo mandandolo a la papelera de reciclaje, usando la util instruccion alias

Por ejemplo, vamos a crear el comando borrar, lo definiriamos desde el terminal de la siguiente manera:

alias borrar="mv -t ~/.local/share/Trash/files --backup=t"

Ahora ya podemos usar este comando para borrar archivos sin miedo a perderlos para siempre, o por lo menos con el margen de duda de habernos equivocado:

borrar archivo

Para que podamos usar este atajo siempre que iniciemos nuestra máquina, tenemos que agregar la declaración de alias en una línea en el fichero oculto /home/nuestro_usuario/.bashrc

Fuente: Ubuntu Kung Fu

Como bien sabeis, ejecutando el comando history podemos ver los comandos que hemos ejecutado anteriormente, ya sea en la misma sesión o en dias anteriores.

Cuantas veces habremos desgastado la tecla cursor arriba en busca de ese comando que pusimos y que ahora no recordamos.

Pues bien, si conocemos alguna parte de ese comando podemos hacer una búsqueda del mismo, y con un poco de suerte encontraremos el comando original.

Para acceder a la denominada búsqueda inversa, pulsamos simplemente Control R y escribiremos el texto que pueda relacionar con nuestro comando, y con algo de suerte éste aparecerá, será cuando pulsemos Enter para ejecutarlo directamente o bien cursor derecha o cursor izquierda si lo que queremos es editarlo antes de lanzarlo.

Siempre es mejor ésto que buscar en todo el historial secuencialmente, ¿ no ?

Por cierto, si acabamos hartos de nuestro historial, siempre podremos borrarlo con:

history -c

O bien que nunca vuelva a registrarse el historial

export HISTSIZE=0

Fuente y algún ejemplo en inglés en : The Geek Stuff

Suponiendo que ya tenemos VLC instalado, abrimos una consola y escribimos lo siguiente:

vlc -I ncurses

# Nos abrirá el reproductor VLC en modo terminal.

# Presionando h podemos ver una lista de todos los posibles comandos, los mas interesantes son:

B -> Explorador de archivos

a -> Subir Volumen

z -> Bajar Volumen

Barra Espaciadora -> Pausar/Reproducir

# Uno de los comandos mas útiles, es lanzar todos los mp3's contenidos en una carpeta "Musica" como si fuera una lista de reproducción

vlc -I ncurses ~/Musica/*.mp3

Como veis, nada nuevo bajo el sol, aunque como bien digo, puede que tenga mas utilidad de la que pensamos, espero que a alguno le pueda venir bien el tip.

Fuente e Imagen: spsneo

Dazu muss man diesen einfach nur konvertieren.

Zuerst müssen die Putty-tools installiert werden. (Unter Ubuntu/Debian)

sudo aptitude install putty-tools

Nun konvertiert man den Schlüssel mittels puttygen

puttygen ssh-key.ppk -O private-openssh -o ~/.ssh/id_rsa

ssh-key.ppk ist hier der Schlüssel, der von Putty erstellt wurde.

Danach wird der private Schlüssel von open-ssh automatisch genutzt.

This is good news for me, and good news for you if you want to be like me and build servers.  This server is going to be a Pure-ftp server install.  So I'm going to have it setup for everything I need to have a working FTP server

So I guess we can start at the beginning. I'm going to walk through the install steps that I did. I don't really like the way that CentOS takes up so much space when you install a Graphical User Interface (GUI, I know most of you are thinking, "I'm not a moron I know what that means"). Luckily CentOS gives you lots of options in the installation.

I downloaded the DVD image here: http://isoredirect.centos.org/centos/5/isos/i386/

If you want the 64-bit version: http://isoredirect.centos.org/centos/5/isos/x86_64/

I am using the i386 version but I'm assuming the install goes pretty much the same way.

Once you have that, and a ready machine to install it on (mine is a virtual machine) then we are ready to begin.

So pop the CD in and boot up the machine to the CD.

Just hit enter at this screen.

The next screen asks you to check the CD, just go ahead and skip it.

Then once it loads the GUI install screen hit next.

Select the language.

Choose your keyboard layout.

Now my (virtual) disk was completey unformatted so I got this warning.  I just clicked yes.

Now on this next screen I don't really need any special partitioning schemes.  I'm installing this on to an 8 GB disk and once I have it up on my servers I'm going to add like a 20 GB secondary disk.  If you don't know much about partitioning you should read this.

I told it to delete everything on the disk so it will throw a warning which I accept.

On this you normally want to do a manual static IP address assignment.  But I'm not going to do that, because I am using DHCP assignments so this will have it's own reserved address on my network.  So while you might want to use a static address, I'm going to accept the default and use DHCP.

Next you want to choose your time zone.

Choose a password for the root login.  I recommend at least 8 characters, and using a random password generator making sure to include both capital and lowercase alphanumeric characters as well as symbols. (ex. Niu!5a?L, but just so you know I didn't use this one) I have these generated for me using a random password generator online. I usually have it generate like 10-15 then I choose the ones I like.  Just make sure you can remember it.

Next we are going to choose our environment.  I am looking for optimal performance in this server so I'm not going to choose a GUI, they just take up too many resources, so I am selecting server.  This will be command line only after the OS install.  Notice at the bottom how I selected "customize now" at the bottom of the screen.

Next we are going to choose some packages to install from the CD.  We are going to leave the defaults in most categories but we need to add and subtract a few here and there.  On this screen I chose that I wanted the development tools (this is so we can compile programs from source if neccessary).

In the server category we are going to uncheck most of them.  I only left the mail server (in case I want to setup notifications later using a service monitor), server configuration tools, and at the very bottom even though you can't see it Windows file integration.

After those customizations we hit next and move on and everything gets installed.

It takes about 15-20 minutes.  But we are finally finished with the CentOS install.  Next we will add our apache, php, mysql, pureftp, and other goodies.  We didn't add them earlier because I like to have a little more control, I like to have the latest and greatest.  There are other cases where you want to install a certain version of apache or mysql and php because of support and what not.  Let's move on shall we?

1.No micro CLIENTE, rode os seguintes comandos:
$ mkdir -p $HOME/.ssh
$ chmod 0700 $HOME/.ssh
$ ssh-keygen -t dsa -f $HOME/.ssh/id_dsa -P ''


Este comando retornará dois arquivos, $HOME/.ssh/id_dsa (chave privada) e $HOME/.ssh/id_dsa.pub (chave pública).

2.Copie a chave pública $HOME/.ssh/id_dsa.pub para o SERVIDOR:
(dica)
scp $HOME/.ssh/id_dsa.pub servidor@host:/dir_desejado

3.No micro SERVIDOR, rode os seguintes comandos:
$ cat id_dsa.pub >> $HOME/.ssh/authorized_keys2
$ chmod 0600 $HOME/.ssh/authorized_keys2


Dependendo da versão do OpenSSH, o seguinte comando é requerido:
$ cd $HOME/.ssh && ln -s authorized_keys2 authorized_keys


4.No micro CLIENTE, teste o resultado:
$ ssh -i $HOME/.ssh/id_dsa server


Um teste feito com o rsync:
# rsync -avz --delete --exclude=wp-config.php -e "ssh -i /root/.ssh/id_dsa" root@172.16.18.8:/var/www/site /var/www/
receiving file list ... done

sent 39 bytes received 43125 bytes 86328.00 bytes/sec
total size is 23200403 speedup is 537.49

Era isso!

It has grown to become just about usable now, providing a shell interface to any Windows Console application (e.g. cmd, PowerShell), though not yet programs such as edit. The protocol library SSH.NET has been written from scratch and is probably about 90% complete (minus extra features such as TCP port forwarding) and all the necessary cryptographic algorithms have been implemented/integrated in full. The main task in order to make it fully usable is finishing the Windows Console scanner (also very nearly usable) and then create a proper user-interface for authentication, which is currently hard-coded.  Of course, there are other aspects to the project such as the Windows Service (which is already working) and the admin interface, though they are not so important for the first release. I am also considering splitting the development into two seperate projects, one of them being the SSH server and the other an xterm shell for Windows Console applications (which would be utilised by the server). The main purpose of this is so that the xterm shell can be completed (or at least made stable) much sooner than the SSH server and can serve as a useful program by itself.

Unfortunately, although the project has come along very well I likely won't be able to find the time to work much on such a large project in the near future. (A one-man team was never going to finish the job!) I am nonetheless keen to maintain the project and see it become mature with the help of other experienced coders. If you're interested in contributing to Windows SSH Server (or the Windows Console xterm shell) in any way, please contact me via Launchpad and I'll be glad to answer any questions and possibly set you up as a developer.

Um SSH Zugriff auf einem Etch einzurichten muss ich lediglich, als Root, folgendes in der Konsole eingeben:

apt-get install openssh-server

Auf nem Ubuntu System dürfte das ähnlich gehn ... eben mit sudo.