Securing SSH

This post is about what I have learned for protecting SSH (Secure Shell) from being hacked. Please advise me if I miss or get something wrong.

Username and Password

Do not use common words as your username or password, neither use your username exactly as your password. This applies everything needs your username and password. Read Password strength, if you need a good password. In my opinion, if you need to write down something in somewhere for your password including using softwares, then that’s not a good password. Currently, our brain is the best safety, but not quite liable.

When I saw someone trying to get into my laptop, they usually try names like bob, bill or services’ names; and definitely root. If your name is bob, please don’t feel happy when this username bob is available on a social networking website. You would be a highly possible target.

Using Public Key

Using public key has two benefits: a) you don’t need to type your password, but passphrase may(must, read next) need, b) it has a guarantee of high security strength.

b doesn’t mean you can use lazy password or you won’t be hacked. That only says that it’s *almost* impossible if someone trying to hack your account by guessing or calculating correct keys. But if someone can hack into your account on your computer, then they can get your keys. Maybe they don’t need to, just can get by wrong permissions on directories and files. This is more possible to be ignored by Windows users. Even you protect your files flawlessly, there always is a target for bad people, root. root can do anything. Therefore, you must set a passphrase for your keys. If you haven’t, please run

ssh-keygen -p

to set one. This can ensure your key isn’t in clear text but encrypted.

Generating a Key

Simply follow ssh-keygen. After generating, if you have ssh-copy-id, you can run (Tip from Charles Harris, Thanks!)

ssh-copy-id .ssh/id_rsa.pub username@remote

If you don’t have it, do the following:

Transfer ~/.ssh/id_rsa.pub to remote server (scp would be a good way to transfer), run on remote server

cat id_rsa.pub >> ~/.ssh/authorized_keys
rm id_rsa.pub

On both remote server and local, make sure

chmod 700 ~/.ssh
chmod 600 ~/.ssh/*

Enhancing /etc/ssh/sshd_config

Continue reading →

Notes on Installing Fedora 8 x86_64 on Dell Inspiron 6400

I will keep updating this post at anytime

This time I installed x86_64 architecture. I wasn’t planning to “do a fresh install”, I was planning to “upgraded Fedora 7 i386 to Fedora 8 x86_64.” I think I failed but not totally. I could boot into X with fglrx, however, upgrading package makes a lot of problems. Too many conflicts. I was warned with “… It is likely to not succeed. …” while upgrading. I have to say “that’s wrong!” It should say “… If you insist to upgrade it from different architecture, then the time you spend for it can do fresh install at least 10 times. …” Before I installed my laptop, I upgraded Fedora 6 i386 with Fedora 8 i386 on my private server. The result is great, I can tell that’s no problem with doing that.

Now, I will describe what I did for installing Fedora 8 x86_64. Notice that this will not be a systematic post.

I didn’t customize packages while installing. While first booting, I saw irqbalance failed. I added livna repo (It is being merged into RPM Fusion.). Installed kmod-fglrx (for ATI Mobility Radeon X1400) and other packages, removed rhgb (fancy but not practical), yum-updatesd (too annoying to me) and some others as well. After rebooted, I got 1680×1050 resolution.

Firefox and Flash

Installed Flash for Linux x86 RPM. Run mozilla-plugin-config -i (-c for reinstalling after upgrade of Flash)as current user, you need nspluginwrapper package. You should see Flash immediately, no need to restart Firefox.

Compiz Fusion

Continue reading →

Moving /boot and a Volume Group (root / and swap) to new disk

I was trying to move /boot, / and swap to a smaller disk. Yes, a SMALLER disk. My private server is with a Fedora 6 system on a 80G disk, but it only occupies 2.78 GB. My data files are on other disks. So I decided to use a 40G disk to replace this 80G disk before I upgraded this server to Fedora 8. While I was writing this post, the server has been successfully upgraded, it is doing first time yum update.

Warning: Use this at your own risk.

You may only damage the new disk if you do something wrong, the old one should still work.

The old disk

Original system disk is on /dev/hda, the partitions look like

Disk /dev/hda: 82.3 GB, 82348277760 bytes
255 heads, 63 sectors/track, 10011 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/hda1   *           1          13      104391   83  Linux
/dev/hda2              14       10011    80308935   8e  Linux LVM

Continue reading →

Waiting for Fedora 8

Fedora 8 will be released on Novemeber 8. I am interested in GNOME 2.20, Firefox 3, Network Manager and Laptop Support.

As of releasing Fedora 8, that means the maintenance of Fedora Core 6 will be ended in December. Good time to backup for upgrading or fresh installing, or to build my own Linux (Linux from Scratch).

Windows! We’re done!

I feel really tired with Windows. So I decided to change my daily environment to Linux. I still leave a place for Windows because some webpages are IE-only and those are about banking services(What a joke, but it’s true). I remember a friend asked me “Would I use the security system with figure-print reader if I have a such laptop?” My answer is NO! if it is on Windows. I don’t understand why do I not believe the reliability of Windows. Maybe I connect reliability to the price that you pay. More you paid more you want.

Months ago, I found applications using .net framework didn’t work and Firefox crashed often or just hanged. Later, I thought it’s GDI+ problem, because all the applications which uses windows form from framework must crash but console applications won’t. An interesting thing is Visual Studio doesn’t use .net framework in its GUI, you have to bring up form’s design view for error message. Microsoft’s desktop applications heavy use .net framework are few, strange? I knew Defender uses because it is also crashed on my computer.

I just reinstalled Windows XP(I give it 9GB, it is a waste), I plan only running Microsoft Update(just renamed from Windows Update), IE, Antivirus software and Microsoft Money. That’s all. I haven’t requested any technical support of software companies for a long long time. Because I usually get what I already know.

One month ago, I bought a mac mini, the most cheapest model. I haven’t had any problem with it, but I think I have to feed it more memory. mac is really an artwork not a computer, although it also do computer jobs well. When I received the mac mini, every step to setup is amazing. Even I like it much, but I rather use it.

I am using Fedora 7. Ubuntu is original plan… but again ATI video card problem. The process installation shows me that laziness sometimes is a good thing. I will write all down.

By the way, what is purpose of releasing Safari for Windows?

VNC and Remote Desktop

On Linux(Fedora Core 6) side

Installing

Install vnc-server: yum install vnc-server
Install tsclient for connecting to Windows’ Remote Desktop: yum install tsclient
Install vnc client for connecting to a vncserver, if need: yum install vnc

Setting

Using vncserver :1 to create a vnc server with display no. 1 and default config files within your home directory. And you might be prompted password for connecting to this vnc display. If you need to change the password for this vnc display, using vncpasswd.
Continue reading →