SSH allows secure connections from one host to another. All traffic is encrypted. Authentication is usually by means of a key pair, where the private key resides on your local machine, and the public key is imported to the remote system. SSH keys have become particularly important for cloud computing, where users need to access cloud servers over a potentially hostile Internet.
Sometimes, the requirement is to access one system via another. You “hop” through the first system to reach the second. For example, an AWS server through a gateway or “jump” system. The following article shows how to do that, in a secure way, either by proxying or agent forwarding, without having to place a private SSH key onto the middle system. Continue reading →
Iptables is the name of the firewall built into the Linux kernel. It is also the tool used for firewall configuration. This post explains how to use iptables with a range of IP addresses and/or ports. It could be used, for example, to allow SSH traffic from a number of systems. Or to open up a range of ports with a single firewall rule.
Note: This article is not about blacklisting. If you are looking to set up a blacklist, perhaps to protect your server from a number of unrelated IP addresses, my related procedure on how to protect your webserver with IPset might be more appropriate.
The Linux firewall (part of the Netfilter project) is important on Internet facing systems, “edge” servers and “jump” boxes. Particularly when they do not sit behind another protective network element such as a load balancer or discrete firewall. For example, standaline cloud instances that are not part of a protected VPC infrastructure. Continue reading →
After a customer had performed some bad edits on various LDAP configuration files, users were locked out and unable to access the system. Root could still login however.
I logged in as root, and rather than mess with various config files, eg under /etc/pam.d, ran this command to disable LDAP authentication and enable “normal” authentication using /etc/shadow: Continue reading →
Running sshd in the foreground can be an effective way to debug ssh problems. In the following example, a user was unable to access a remote system using ssh keys. Running sshd in debug mode provided a quick resolution. Both source and target systems were Solaris, but the same method applies equally to Linux. Continue reading →
Copying data is something every administrator does. A single file or directory file can be copied with a single command. Moving information from one system to another needs a bit more work, but it needn’t be a pain.
The ssh command can be used to copy data from one Unix system to another. Here is an example for HP-UX, but it works on Linux too. A directory, called /var/opt/ignite, is copied from the system “pluto” to another machine called “jupiter”. Continue reading →