Blog Archives

Use SSH keys

Posted on October 29, 2014

To access an SSH server you should always use keys instead of simple passwords. Generate your keypair with PuttyGen and save your private and public key part. On Windows you can use the private part with PageAnt to provide access to the SSH server without entering a passphrase. On the SSH server store your public part within the .ssh/authorized_keys file. But don’t use the Putty-generated public part, you have to copy and paste the OpenSSH format of the public key from the PuttyGen window.

If you need your private key on a Linux client to access the SSH server, you cannot use the Putty-generated private part. You will also need an OpenSSH format. This format you can export with the menu Conversions -> Export OpenSSH key. Store your OpenSSH key as id_rsa or id_dsa file and put it into the .ssh folder of the user. Both files will be used by the SSH client (the possible file names you can find on /etc/ssh/ssh_config as IdentityFile property). If you cannot use these file names, you can also store the private key with another name, but you have to define a config section for the SSH server in ~/.ssh/config:

# # default: # .ssh/identity # .ssh/id_rsa # .ssh/id_dsa # host name_ssh_server Hostname full-qualified.ssh.server.name Port 22 IdentityFile ~/.ssh/you_own_private_key_name ForwardX11 no

You can now access the server “name_ssh_server” with
ssh username@name_ssh_server

which will use “full-qualified.ssh.server.name” on port 22. The private key file is accessible on ~/.ssh/you_own_private_key_name (file permissions 600!) and should match with an authorized public key on the SSH server.

Leave a Reply ?

Fail2Ban

Posted on December 18, 2013

by arothe

A tutorial (in German):
http://blog.256bit.org/archives/383-fail2ban-und-der-Kampf-gegen-Trackback-Spam.html

http://www.fail2ban.org/wiki/index.php/HOWTOs
http://www.fail2ban.org/wiki/index.php/MANUAL_0_8

Leave a Reply ?

Set date and time on a Linux command line

Posted on April 4, 2013

by arothe

You can set date and time of a linux server with:

date +%Y%m%d -s "20131228"

which sets the date to the 28th of December in 2013.

date +%T -s "20:15:45"

which sets the time to a quarter past 8 PM (and 45 seconds).

If you set the system datetime, you can also set the hardware clock:

hwclock --systohc --localtime

Leave a Reply ?

Renew a self-signed certificate with Eisfair

Posted on February 15, 2012

by arothe

Go to Service Administration->Certs Service->Manage certificates. The script provides a menu to select the certificate and the its operations. Choose the certificate (1), like webserver or mailserver. Choose option 11 to renew the certificate request. Follow the screen output. Select 12 to sign the request with the CA certificate. Choose option 14 to create a new certificate and to copy it on the right place. Restart your webserver or mailserver process (/etc/init.d/).

If you have one certificate for multiple namebased hosts on your webserver, you shouldn’t select option 12. Instead follow the instructions on this blog entry: .

Leave a Reply ?

Server down

Posted on September 20, 2010

by arothe

The PhOSCo.info server was down today, I have executed an update of the server software.

Leave a Reply ?

Tomcat-Apache connector

Posted on April 7, 2010

by arothe

I have installed Tomcat 6 and Apache 2.0 to use some applications within Tomcat. To have access to the applications over ports 80/443 I have also installed the mod_jk connector. But I got error messages like
build_worker_map::jk_worker.c (236): creating worker ajp13 [Fri Mar 19 12:39:23 2010] [29970:16384] [debug] wc_create_worker::jk_worker.c (141): about to create instance ajp13 of ajp13 [Fri Mar 19 12:39:23 2010] [29970:16384] [debug] wc_create_worker::jk_worker.c (154): about to validate and init ajp13 [Fri Mar 19 12:39:23 2010] [29970:16384] [debug] ajp_validate::jk_ajp_common.c (1806): worker ajp13 contact is 'localhost:8009' [Fri Mar 19 12:39:23 2010] [29970:16384] [debug] build_worker_map::jk_worker.c (248): removing old ajp13 worker Found a wildchar match worker2 -> /hudson/* [Fri Mar 19 12:39:34 2010] [29973:16384] [debug] jk_handler::mod_jk.c (1839): Into handler jakarta-servlet worker=worker2 r->proxyreq=0 [Fri Mar 19 12:39:34 2010] [29973:16384] [debug] wc_get_worker_for_name::jk_worker.c (111): did not find a worker worker2 [Fri Mar 19 12:39:34 2010] [29973:16384] [info] jk_handler::mod_jk.c (1993): Could not find a worker for worker name=worker2

All the little things within the Apache configuration have been made, but my worker hasn’t been found.
LoadModule jk_module /usr/local/apache2/modules/mod_jk.so JkWorkersFile /etc/apache2/workers.properties JkMount /hudson/* worker2

Several hours later, I have found a similar error description on the internet (but no solution…). I wrote a short mail to Rainer Jung, one of the followers, and he said, that the connector will use a default ajp13 worker if it cannot find another one. This means, that the module cannot find my workers property file.

Hm, the file permissions were correct, the file was on the correct path. The Apache documentation gave me the right hint:

The directive JkWorkersFile must not be within a VirtualHost directive. I had configured a special vhost for the Tomcat access and moved all the configuration stuff into that directive. The problem has been solved by a simple move of the JkWorkersFile line out of the VirtualHost directive. Very simple, damn.

Leave a Reply ?

Server temporary down

Posted on March 26, 2010

by arothe

The server was temporary not available, because the main DNS server of phosco.info didn’t transfer the new IP address to the slave servers in Germany.

Leave a Reply ?

SSL certificates for namebased virtual hosts

Posted on February 14, 2010

by arothe

I have read a post on Waffel’s Blog how you can setup a certificate for multiple namebased servers on Apache. It is simple to manage within Eisfair.

Choose “Service Administration” -> “Certs service” and select “Manage certificates”.
Now enter “1” for key type and choose your webserver.
Select “11” to create a new certificate request. The request will be stored to /usr/local/ssl/csr/apache.csr.
Open another terminal and switch to /usr/local/ssl
Create an extension file extension.txt using vi, as described in Waffel’s blog and enter your server names at the end.
Execute openssl x509 -req -days 365 -in apache.csr -signkey private/apache.key -out newcerts/apache.crt -extfile extension.txt -extensions mydomain_http
Select “14” (Manage certificates) to create a .pem file from the new certificate.
Use apache as SSL_CERT_NAME on the Apache configuration for every virtual server which you have included into extension.txt

Leave a Reply ?

PhoSCo.info Server

Posted on February 13, 2010

by Administrator

The server is up and running!

Greetings

André

Leave a Reply ?

Blog Archives

Archives

Tags