Webramz blog

What are SSH Keys?

By using SSH Keys (a public and private key to be precise), you can easily connect to a server, or multiple servers, without having to enter your password for each system.

It is possible to setup your keys without a passphrase, however that is unwise as if anyone gets hold of your key they can use it. This guide describes how to setup your system so that passphrases are remembered securely.

Generating SSH Keys

The keys can then be generated by running the ssh-keygen command as a user:

# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
45:54:10:01:9d:ef:a3:34:a6:d9:f3:a2:41:e3:87:b7 root@localsquid

It will prompt you for a location (which you should leave as the default), however the passphrase is the important bit! I hopefully need not tell you the rules of a good passphrase?
Default key length for RSA is 2048 and is sufficient.

Copying the keys to the remote server

Now you have generated the keys you need to copy them to the remote server. By default, for OpenSSH, the public key needs to be concatenated into ~/.ssh/authorized_keys.

# scp ~/.ssh/id_rsa.pub root@192.168.1.100:

This copies the public key (id_rsa.pub) to your remote server via scp (note the : at the end of the server address). The file ends up in the home directory, but you can specify another path if you like.

Next up, on the remote server, you need to create the ~/.ssh directory if it doesn’t exist and concatenate the key authorized_keys file:

# ssh root@192.168.1.100
root@192.168.1.100's password:
# mkdir ~/.ssh
# cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
# rm ~/id_rsa.pub
# chmod 600 ~/.ssh/authorized_keys

The last two commands remove the public key from the server (which isn’t needed now), and sets the correct permissions on the authorized_keys file.

If you now disconnect from the server, and attempt to reconnect, you should be asked for the passphrase of the key (if any):

# ssh root@192.168.1.100
Enter passphrase for key '~/.ssh/id_rsa':

If you are unable to login with the key, double check the permissions on the authorized_keys file.
Also check the permissions on the ~/.ssh directory, which should have write permissions off for ‘group’ and ‘other’. Run the following command to disable ‘group’ and ‘other’ write permissions for the ~/.ssh directory:

# chmod go-w ~/.ssh

Note : Be Careful while using these steps.

A few times now we have seen problems on the Linux virtuozzo servers where the /vz partition errors out and the kernel forces it to go into a read-only state. The solution is to manually run a filesystem check (FSCK) with the -fy arguments on the /vz partition. It is possible on a vz server to do this without a support ticket, however you must be careful with a few steps.

1. Stop the vz service (service vz stop)

2. Disable the vz service from restarting on boot (chkconfig –level 2345 vz off)

3. Comment out the /vz partition inside the /etc/fstab file to prevent the /vz partition being automaticlyt checked on boot.

4. Reboot the server

5. Once the server reboots and you can SSH back in you can begin the filesystem check.

6. Determine which physical partition is /vz/ You can do this with the command (fdisk -l /dev/sda). This will show you all the partitions.

Usually the /vz partition is the last one listed and will have the larges amount of blocks with a “ID” of 83 and “System” label of Linux:

EXAMPLE
# fdisk -l /dev/sda

Disk /dev/sda: 299.9 GB, 299978719232 bytes
255 heads, 63 sectors/track, 36470 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sda1 * 1 1305 10482381 83 Linux
/dev/sda2 1306 2610 10482412+ 83 Linux
/dev/sda3 2611 3915 10482412+ 83 Linux
/dev/sda4 3916 36470 261498037+ 5 Extended
/dev/sda5 3916 4437 4192933+ 82 Linux swap
/dev/sda6 4438 4568 1052226 83 Linux
/dev/sda7 4569 36470 256252783+ 83 Linux

In the above example you can see that /dev/sda7 have the most blocks and has the “ID” of 83 and “System” label of Linux:.

Therefore we would issue the command (fsck -fy /dev/sda7).

7. Once the file system check is complete you can uncomment the /vz parition in /etc/fstab

8. re-enable the vz service to start on boot (chkconfig –level 2345 vz on)

9. start up the vz service (service vz start)

All should then be well. You can monitor the logfile /var/log/vzctl.log as VE’s are brought online.

If you are uncomfortable doing any of this then please contact a senior tech or management and we can help out. Please remember it is very dangerous to FSCK a mounted partition to always ensure the target partition os unmounted before beginning. Generally you cannot umout a /vz partition after stopping the VZ service so I recommend the reboot with /vz partition disabled and the vz service disabled.

From blog entry at: http://blog.jphoude.qc.ca/2007/10/16/creating-static-copy-of-a-dynamic-website/

At work we have several websites that we develop, but each year we make a new version and we want to keep an archive of the old version.

Since it takes a lot of memory to keep a Zope instance for these old websites that probably won’t need to be edited ever again, it makes sense to make a static copy of the website. It also eliminates the work needed to update the instance when security patches come out (and eliminates security risks, in cases of old versions that are no more maintained).

There are some tools that can help in this case; I chose to use wget, which is available in most Linux distributions by default.

The command line, in short…

# wget -k -K  -E -r -l 10 -p -N -F --restrict-file-names=windows -nH http://website.com/

…and the options explained

-k : convert links to relative
-K : keep an original versions of files without the conversions made by wget
-E : rename html files to .html (if they don’t already have an htm(l) extension)
-r : recursive… of course we want to make a recursive copy
-l 10 : the maximum level of recursion. if you have a really big website you may need to put a higher number, but 10 levels should be enough.
-p : download all necessary files for each page (css, js, images)
-N : Turn on time-stamping.
-F : When input is read from a file, force it to be treated as an HTML file.
-nH : By default, wget put files in a directory named after the site’s hostname. This will disabled creating of those hostname directories and put everything in the current directory.
–restrict-file-names=windows : may be useful if you want to copy the files to a Windows PC.

Possible problems

• wget download the homagepage, robots.txt then stops!
  Your robots.txt file probably denies access to your site to search engines. Yes, in recursive mode, wget will respect the robots.txt file, so you will need to remove it before making the copy. Don’t forget to put it back in the static site if that’s what you want.
• Stylesheets : if you have @import stylesheet imports, wget won’t see them, and won’t download them  You might want to change them to <link rel=”stylesheet” … /> imports, which wget will see and download.
• Stylesheet images : wget won’t download background-images referenced in CSS files. For most websites that should not be too long to download those images manually.
• Be sure that you CSS files and with “.css”! Apache won’t send the correct mime-type if your file extension is not .css, and Firefox will not use the stylesheet.
  (test.css?color=blue won’t work, change it to test.css?color=blue&ext=.css)
  The same problem may happen with other files types that need to have a proper mimetype set (video files, for instance)
• LinguaPlone specific problems
  • To prevent having several duplicated files with the set_language parameter, you could setup one subdomain for each language, and force the set_language= in the Apache redirect rule.
  • I also recommand to change the language link so it points to the main page instead of the current page.
  • You have several possibilities here, but by just doing a wget without changing anything, you may end up with pages where languages are a bit fucked up.
• <base> tag problem : If you pages contains a base tag (which is true for Plone sites), wget will empty it’s value but leave the base tag there ([base href="" /]). That works in Firefox, but it will confuse IE, which won’t load any images, CSS or links.To fix it, you can remove the base tag completely with this command :

  # find | grep html$ | xargs perl -i -p -e 's/<base href=\"\" \/>//g'

Downsides

• Most file names will change (bad for SEO)
• May take some manual work to have a working static copy

After taking care of all the possible problems, you should have a working static site! Be sure to check with both IE and Firefox (at least), because some problems happen in only one browser.
Then, you can shut down your CMS and server the static content using a standard webserver.

Don’t forget to put a nice 404 page pointing to your main page, since your URLs probably changed, and several visitors will get a 404 error if they come from search engines or bookmarks.

The whole point of LVM is that you CAN resize partitions, use multiple physical disks or partitions as one “logical” partition, etc. In order to utilize the free space you will need to create an additional partition using the free space.

Find out which disk the free space resides on using “fdisk -l”, then do “fdisk /dev/hda” replacing hda with whichever disk is correct. Once a partition has been created using the free space we can now create a new physical volume:

pvcreate /dev/hda3

Replace hda3 with whatever the name of the new partition is (available within “fdisk -l”). Now we will extend the Volume Group to the new physical volume like so:

vgextend /dev/VolGroup00 /dev/hda3

Where VolGroup00 is the name of whichever VG exists on your system (available by running “vgdisplay”). Where hda3 is the name of the new partition (again). Once the VG has been extended we can now extend the Logical Volume:

lvextend -L +20G /dev/VolGroup00/LogVol00

Where 20G is changed to the amount of free space available and VG and LV changed to their correct names. Once the Logical Volume has been extended we have to extend the ext4 filesystem within that LV:

resize2fs /dev/VolGroup00/LogVol00

Again, change the names to match your system. You can perform all of this on a running system..including the last command. Extending ext4 on a mounted partition works fine since early versions of the 2.6 kernel.

This is my list of better, fast public dns servers and free dns server (as compare to your ISP / DSL / ADSL / cable DNS service providers dns servers). These dns servers are free to all. I was able to improve my browsing speed with following DNS servers. Use any one of the following provider.

Free Public DNS Server

Service provider: Google

• 8.8.8.8
• 8.8.4.4

Service provider: ScrubIt
Public dns server address:

• 67.138.54.100
• 207.225.209.66

Service provider:dnsadvantage
Dnsadvantage free dns server list:

• 156.154.70.1
• 156.154.71.1

Service provider:OpenDNS
OpenDNS free dns server list:

• 208.67.222.222
• 208.67.220.220

Service provider: vnsc-pri.sys.gtei.net
Public Name server IP address:

• 4.2.2.1
• 4.2.2.2
• 4.2.2.3
• 4.2.2.4
• 4.2.2.5
• 4.2.2.6

How do I change or setup DNS server IP address?

Visit below mentioned site to setup DNS as per your operating system:

• Linux
• FreeBSD
• Sun Solaris
• Microsoft Windows Vista / XP / Server 2003
• Router / Wifi Router