Published in Linux By admin

Setup automatic ssh login on two linux machines

This is a simple and proof of concept setup. It shows you how to setup an automatic ssh shell login from one Linux machine to another machine. For detail description the whole concept, you can read man page of ssh and ssh-keygen or search the web.

Scenario:
Imagine you have a Linux machine at home called CLIENT and another Linux machine called SERVER at remote location such as your office. From CLIENT, you want to simple run a command ssh username@server that will log you in to SERVER without asking for a password.
CLIENT machine setup Use the following simple steps to create empty pass phrase public/private key pair.

  • In home directory, login as the user you want to automatically login to remote SERVER.
  • Run this command: “ssh-keygen -t dsa”. When asked for pass phrase and some other information, make sure you just hit ENTER key to accept default value. Default value is empty.
  • When process finish, two files will be created in ~.ssh/ directory. Usually, they are called id_dsa and id_dsa.pub.
  • Now, you may need to move these two files out from ~.ssh directory because they may prevent you to ssh or scp file to remote SERVER machine.
  • Next, scp id_dsa.pub file to remote SERVER machine. Then move id_dsa and id_dsa.pub files back to ~.ssh directory.
  • That is all you need to do on CLIENT machine.


SERVER Setup

  • Login as the user to SERVER machine. You should have a file you scp from CLIENT machine call “id_dsa.pub”.
  • Go to ~.ssh directory. Look for a file called “authorized_keys”. If it is not there, you can create one using touch command: touch authorized_keys. Some documentations I read mention create the file of authorized_keys2 will also work.
  • Now, copy the content of id_dsa.pub into authorized_keys and save authorized_keys file.
  • Now you can test to ssh from CLIENT machine to SERVER. You should be able to login to SERVER without typing a password.

Some notes

If it does not work for some reasons, do the following.

  • Check the file owner of id_dsa.pub. It must be created by the owner of the account, not root. This is true on both CLIENT and SERVER machines.
  • Make sure content in authorized_keys file does not have empty lines at the beginning or the end of the file.
  • Sometimes, copy by highlighting in shell does not work properly. You may use read command to read id_dsa.pub file into authorized_keys from vi.
  • You can choose dsa or rsa encryption algorithm for public/private key pair.

Published in Linux By vishal

how to use squid proxy as transparent mode

in transparent squid ne need to configure browser to perticular port like 8080 and 3128.

in this mode first edit your squid.conf file

by typing in terminal

vim /etc/squid/squid.conf

edit line may be 89 in 2.6 version

http_port 192.168.0.1:3128 transparent

( where 192.168.0.1 is your local interface address )

and set visible_hostname to localhost

and insert below lines under tag
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

acl our_networks src 192.168.0.0/24 192.168.2.0/24
http_access allow our_networks

(use gedit if not familier with vim )

now start squid by typing

/usr/sbin/squid -z

now flush all rules of iptabes for transparent mode

iptables -F

iptables -t nat -F

iptables -t mangle -F

now delete this chanis bye

iptables -X

iptables -t nat -X

iptables -t mangle -X

now time to save iptables so type

service iptables save

service iptables restart

now all rules and chains will clear !

check it by /etc/sysconfig/iptables which has all defaults rules set to accept.

now /etc/rc.d/rc.local

and insert line

echo ” 1 “> /proc/sys/net/ipv4/ip_forward

and then save and close.

now asuming that your internet interface is eth0 then type :

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

service iptables save

service iptables restart

note:- check your service of iptables is set to start during boot up .

or check status of your iptables service

chkconfig –list iptables

if level 5 is on then its ok othewise start service at level 5 or level 2345.

Published in Linux By admin

How to masquerade ( internet connection sharing ) in Linux

its very simple to masquerade ( internet connection sharing in window’s language ) in linux with few lines of iptables and ip_forward commands.

first of all you have to flush and delete existing firewall rules which are be default bye linux .

so flush rules bye typing in terminal

iptables -F

iptables -t nat -F

iptables -t mangle -F

now delete this chanis bye

iptables -X

iptables -t nat -X

iptables -t mangle -X

now time to save iptables so type

service iptables save

service iptables restart

now all rules and chains will clear !

check it by /etc/sysconfig/iptables which has all defaults rules set to accept.

now /etc/rc.d/rc.local

and insert line

echo ” 1 “> /proc/sys/net/ipv4/ip_forward

and then save and close.

now asuming that your internet interface is eth0 then type :

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

service iptables save

service iptables restart

note:- check your service of iptables is set to start during boot up .

or check status of your iptables service

chkconfig –list iptables

if level 5 is on then its ok othewise start service at level 5 or level 2345.

Published in Linux By vishal

How to extract and install a variety of tar application packages

Linux/UNIX/FreeBSD contains many tar packages extensions

Probably the most common other type of package you will see are tar files. These come in a few different flavors. You can identify them by their file extensions, which will be “.tar”, “.tar.gz”, “.tgz”, and “.tar.bz2

package extension opening and extraction command

.tar tar –xvf file.tar

.tar.gz tar -zxvf file.tar.gz

.tgz tar -zxf file.tar.gz

.tar.bz2 (UNIX, FreeBSD ) tar xjf file.tar.gz

Published in Linux By vishal

How to configure interface from terminal/shell

thats the simple ! this is fedora commands so may not working for all linux version

simply type in telnet /ssh terminal or shell terminal

configuring ip address :-

ifconfig eth0 xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx

or

ifconfig eth0 xxx.xxx.xxx.xxx/xx (/xx is network bit)

configure gateway :-

route add default gateway xxx.xxx.xxx.xxx

then final if you want to cinfigure DNS address:-

vi /etc/resolv.conf

then add your name server ip

example Embarrassed

ifconfig eth1 172.16.144.3 netmask 255.255.248.0

or

ifconfig eth1 172.16.144.3/21

route add default gateway 172.16.144.1

vi /etc/resolv.conf ( required knowledge of vi editor)

nameserver=172.16.144.1

Next Page »