unix86.org

While upgrading to the John Simpson’s new combined patch for qmail or doing a fresh install you may see the following error after replacing the old smtpd-run file with the Simpson’s new run file.

root@test# telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
421 unable to read controls (#4.3.0)
Connection closed by foreign host.

This is due to some default settings in the smtpd  run file which you have downloaded from the jms’s site. If you look at the file at /services/qmail-smtpd/run file using any editor you will find the following defult settings as shown below. Give special attention to the red marked area below and make sure the smtp.cdb file,validrcptto & qmailscnner settings are in place. Adjust your smtp.cdb settings first. Chances are you are not using validrcptto options, in that case comment out that part by putting # sign in front. And remove hash sign for your appropriate qmailscnner setup.  Its always a good idea to read the options in detalis and have a good understanding of each one.

http://qmail.jms1.net/scripts/service-qmail-smtpd-run.shtml

###############################################################################
#
# options for tcpserver/sslserver

IP=unset
PORT=25
SSL=0
SSL_CERT=”$VQ/control/servercert.pem”
SMTP_CDB=”/etc/tcp/smtp.cdb”
MAX=30

# these require the “tcpserver limits” patch for ucspi-tcp, available here:
# http://linux.voyager.hr/ucspi-tcp/

#MAXLOAD=750
#MAXCONNIP=2
#MAXCONNC=5
#DIEMSG=”421 $LOCAL Service temporarily unavailable”

# my newer version of the tcpserver limits patch allows you to specify
# individual DIEMSG values for each policy.
# http://qmail.jms1.net/ucspi-tcp/

#DIEMSG_MAXLOAD=”421 $LOCAL Server busy, try again later.”
#DIEMSG_MAXCONNIP=”421 $LOCAL Too many connections from your IP.”
#DIEMSG_MAXCONNC=”421 $LOCAL Too many connections from your network.”

###############################################################################
#
# options for programs which run before qmail-smtpd

#RBLSMTPD_PROG=”rblsmtpd”
#RBL_GOOD=””
#RBL_BAD=”zen.spamhaus.org dnsbl.njabl.org dnsbl.sorbs.net bl.spamcop.net”

#GREYLIST=”jgreylist”

#JGREYLIST_DIR=”$VQ/jgreylist”
#JGREYLIST_NOREV=1
#JGREYLIST_BY_IP=0
#JGREYLIST_HOLDTIME=120
#JGREYLIST_LOG=1
#JGREYLIST_LOG_PID=1
#JGREYLIST_LOG_SMTP=0
#JGREYLIST_TIMEOUT=60
#JGREYLIST_LIMIT=0

#RECORDIO=”recordio”

###############################################################################
#
# options for qmail-smtpd itself

SMTPD=”qmail-smtpd”
#SMTPGREETING=”$LOCAL NO UCE”
#GREETDELAY=30
#DROP_PRE_GREET=1
FORCE_TLS=0
DENY_TLS=0
MFCHECK=3
#MAXRCPT=100
#RELAYREJ=1
QMAILSMTPD_LOG_MAIL=1
QMAILSMTPD_LOG_RCPT=1
#QMAILSMTPD_HELP_VERSION=1

###############################################################################
#
# options pertaining to the AUTH command.

AUTH=0
REQUIRE_AUTH=0
ALLOW_INSECURE_AUTH=0

# if using the AUTH_CDB method
#AUTH_CDB=”$VQ/control/auth.cdb”

# if using the CHECKPW method
CHECKPW=~vpopmail/bin/vchkpw
TRUE=`which true`

# to change the environment whenever somebody authenticates
#AUTH_SET_MFCHECK=0
#AUTH_SET_MAXRCPT=0
#AUTH_SET_DATABYTES=0
#AUTH_SET_SPFBEHAVIOR=1
#AUTH_SET_VALIDRCPTTO_LIMIT=10
#AUTH_SET_VALIDRCPTTO_LOG=1
#AUTH_SET_SPF_LOG=1
#AUTH_SET_RELAYREJ=0
#AUTH_SET_VALIDRCPTTO_CDB=””
#AUTH_SET_QMAILSMTPD_LOG_MAIL=1
#AUTH_SET_QMAILSMTPD_LOG_RCPT=1
#AUTH_SET_QMAILSMTPD_HELP_VERSION=1

###############################################################################
#
# options pertaining to the “validrcptto.cdb” mechanism.
# see http://qmail.jms1.net/patches/validrcptto.cdb.shtml for details.

VALIDRCPTTO_CDB=”$VQ/control/validrcptto.cdb”
VALIDRCPTTO_LIMIT=10
VALIDRCPTTO_LOG=2

###############################################################################
#
# options pertaining to the SPF mechanism.

SPFBEHAVIOR=3
SPF_LOG=1
SPF_BLOCK_PLUS_ALL=1

###############################################################################
#
# options pertaining to the Domainkeys mechanism.
# this requires an add-on patch.

#DOMAINKEYS=0
#DKVERIFY=DEfGhIJK
#AUTH_SET_DKSIGN=/etc/domainkeys/%/default

###############################################################################
#
# options for programs which run after qmail-smtpd

# if you are using simscan…

#QMAILQUEUE=”$VQ/bin/simscan”
NOP0FCHECK=1
#SIMSCAN_DEBUG=0
#SIMSCAN_DEBUG_FILES=0

# if you are using qmail-scanner, un-comment ONE of these lines.

#QMAILQUEUE=”$VQ/bin/qmail-scanner-queue”
#QMAILQUEUE=”$VQ/bin/qmail-scanner-queue.pl”

Network Tools

FileZilla http://sourceforge.net/projects/filezilla/

VNC http://www.realvnc.com/products/download.html

Development Tools

C++ IDE

Code::Blocks http://www.codeblocks.org/

To install APEX (Oracle Application Express) on Oracle 10g. Follow those step-by-step to install it: :

1. Download the latest version from APEX website

2. Unzip the archive in a convenient location on your hard-disk

3. Start a SQL*Plus from that location

C:\APEX\>  sqlplus  /  as  sysdba

Install APEX:

@apexins SYSAUX SYSAUX TEMP /i/

Change admin password:

@apxchpwd

Set images path (APEX_HOME is the folder where you unziped the archive):

@APEX_HOME/apex/apxldimg.sql APEX_HOME

Run the following script where “password” is the admin password set 2 steps before:

@APEX_HOME/apex/apxxepwd.sql password

HTML

<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN”>
<html>
<head>
<title>Your Page Title</title>
<meta http-equiv=”REFRESH” content=”0;url=http://www.the-domain-you-want-to-redirect-to.com/the-page.html”></HEAD>
<BODY>
Optional page text here.
</BODY>
</HTML>

After 5 seconds, redirect to another page

<meta http-equiv=”Refresh” content=”5; url=http://www.new-domain-name-or-old-domain-name.com/html/tags.jsp”>

JavaScript

<script language=”Javascript” type=”text/javascript”> <!– Hide script //<![CDATA[ window.location.href="http://www.unix86.org.com/" //]]> End script hiding –> </script>

PHP redirect (index.php) 

<?php header(”Location: http://www.unix86.com/”); ?>

Perl Redirect 

#!/usr/bin/perl -w use strict; use CGI qw/:standard/; print redirect(’http://www.ibm.com’);

More efficient, not loading the CGI module:

#!/usr/bin/perl -w use strict; print ‘Status: 302 Moved’, “\r\n”, ‘Location: http://www.ibm.com’, “\r\n\r\n”;

Apache redirect

Apache redirects are recommended if you want to redirect all web pages in a directory to a new place.

 In httpd.conf:

Redirect   /mydirectory   to   http://www.unix86.com/personal

For example, accessing http://www.unix86.com/mydirectory/photos.html will redirect the browser to http://www.unix86.com/personal/photos.html

The following example redirects any page (even non-existing ones) to a new site:

RedirectMatch (.*) http://www.unix86.com

This example makes the browser to load the web page from this server, but using another server to load the images

RedirectMatch (.*)\.png$ http://www.unix86.com/images/$1.png
RedirectMatch (.*)\.jpg$ http://www.unix86.com/images/$1.jpg
RedirectMatch (.*)\.jpeg$ http://www.unix86.com/images/$1.jpeg
RedirectMatch (.*)\.gif$ http://www.unix86.com/images/$1.gif 

On Linux system, we can run /etc/init.d/network restart to restart networking servrices. But, on FreeBSD, it is different.

With FreeBSD 7, to start FreeBSD networking services, run:

/etc/rc.d/netif  start

To stop FreeBSD networking services:

/etc/rc.d/netif  stop

and restart the FreeBSD network services, run:

/etc/rc.d/netif  restart

Configure FreeBSD networking manually

Usually, on all Unix/Linux and Unix-like systems, we can use ifconfig command to configure network interface and IP address.

On FreeBSD 7, to shutdown a network interface, run:

ifconfig  em0  down

To bring up a NIC, run:

ifconfig  em0  up

You can run ifconfig -a to list all interfaces with IP address, netmask, MAC address and other NIC information.

To list all shuted down NIC, run:

ifconfig  -d

To list all up and running NIC, run:

ifconfig  -u

For more information about ifconfig, run:

man  ifconfig

rundll32.exe keymgr.dll, KRShowKeyMgr

Start>Settings>Control Panel>User Accounts>Change Account>{Select User to clear stored pass}>Manage My Network Passwords

Private and public RSA and DSA keys can be generated on Unix based systems (such as Linux and FreeBSD) to provide greater security when logging into a server using SSH. The ssh-keygen command allows you to generate, manage and convert these authentication keys.

Refer also to the Logging into an SSH Server Using PuTTY article for more information about how to use RSA and DSA keys with PuTTY on Windows, if you are connecting to an SSH server with Windows.

Create a new RSA or DSA keyfile

To create a new key it’s as simple as entering the following command, where the -t flag is used to specify the type of key to be generated:

ssh-keygen -t rsa
OR
ssh-keygen -t dsa

After entering the above command you will be prompted for the location to save the file. By default this will be either ~/.ssh/id_rsa or ~/.ssh/id_dsa depending on the type of key generated. Just hit the enter key to save it to the default location, or specify a different name. You will then be prompted for a passphrase. Type this in and hit the enter key; you will then be prompted to re-enter to confirm. After doing so, two files will be created: the private keyfile is the name specified (by default id_rsa or id_dsa) and the public one the same but with a .pub extension.

You can also specify the filename on the command line with the -f flag like so:

ssh-keygen -t rsa -f /path/to/my_rsa

Purpose of the passphrase

When creating a new RSA or DSA key you can choose to leave the passphrase blank by simply hitting the enter key twice when prompted to enter one. This will allow you to log into an SSH server without entering a passphrase. For heightened security you should always save a passphrase; when you log into the SSH server using your private keyfile you will be prompted to enter the passphrase. Without one, if someone were to get hold of your private keyfile they would be able to log into the SSH server without any further validation.

Comments

The public key file that is generated contains a comment at the end of it as a reference for the file. Some SSH clients (such as the Windows client PuTTY) show this comment when logging into the remote server. By default the comment will be user@hostname but you can change it to a different name using the -C flag like so:

ssh-keygen -t rsa -C "Chris Hope"

Without the comment specified the public RSA file generated might look like so (note the data will be all on one line; it’s had line breaks added here to make it present on the page nicely):

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAxBMcq75vmnWnTFDVOkNn
qJzAj9JfEqqN4m5/7kxcey7ZxKswGlYDZpkETce6INXfiGU9Xd1GY4WC
enqN6iWu99lNqvMrJoAH/L1v6r6UPEjpc7QE1SeSQvdTYzx9xgXtCxg3
JbAXykjUcDbsRngHy1AglkKvJr6UWu8csifM2yM= chris@toolbox

With the comment specified as in the above example it would look like this instead:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAxBMcq75vmnWnTFDVOkN
nqJzAj9JfEqqN4m5/7kxcey7ZxKswGlYDZpkETce6INXfiGU9Xd1GY4
WCenqN6iWu99lNqvMrJoAH/L1v6r6UPEjpc7QE1SeSQvdTYzx9xgXtC
xg3JbAXykjUcDbsRngHy1AglkKvJr6UWu8csifM2yM= Chris Hope

Read the manpage for ssh-keygen for more information about the ssh-keygen command.

If your daily activity requires loging in a lot of Linux systems through SSH, you will be happy to know (if you don’t already) that there’s a way to allow secure, authenticated remote access, file transfer, and command execution without having to remember passwords for each individual host you connect.

The $HOME/.ssh/authorized_keys file contains the RSA keys allowed for RSA authentication. Each line contains one key, which consists of the following fields: options, bits, exponent, modulus and comment. The first field is optional, bits, exponent and modulus fields give the RSA key and the last field isn’t used at all in the authentication process, but it will be somewhat convenient to the user, for instance to know which key is for which machine.

Before we start, make sure your computer has a ssh client installed and the remote Linux system has ssh installed and sshd running, with RSA authentication enabled (RSAAuthentication yes in /etc/ssh/sshd_config).

First, you will need to generate the local RSA key:

# ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
(It’s safe to press enter here, as the /root/.ssh is the default and recommended directory to hold the RSA file.)

Enter passphrase (empty for no passphrase):
Enter same passphrase again:
(The password you enter here will need to be entered every time you use the RSA key but fortunately, you can set NO passphrase by pressing Enter. However, the upside is that you only have to remember this one passphrase for all the systems you access via RSA authentication and you can change the passhrase later with “ssh-keygen -p”.)

Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.

Once the public key has been generated, it’s time to upload it on any Linux systems you usually log into. It’s recommended you use scp as the file transfer utility:

# scp .ssh/id_rsa.pub username@servername.com:~

This command will copy the id_rsa.pub file in the $HOME directory. For instance, if you used root as the username, the file will be found in the /root directory and if you used a normal user, the file will be in the /home/that.user/ directory.

Next, connect to the remote host through SSH, with the username you used in the step above. RSA authentication won’t be available just yet, so you’ll have to use the old method to login. Once you are connected, add the new hostkey to the file /root/.ssh/authorized_keys or /home/user/.ssh/authorized_keys. If the .ssh directory doesn’t exist, create it.

# cd $HOME
# cat id_rsa.pub >> .ssh/authorized_keys

The two right-angles will add the contents of id_rsa.pub file to the authorized_keys file, so in case the file already exists, you won’t have to worry about the existing content being modified.

You are all set. To test the RSA authentication, initiate a ssh connection from your PC to one of the Linux systems:

# ssh username@remote.servername.com

If everything worked out well, you should be either asked for the passpharase (if you entered one), or get directly logged in. If you are prompted for the ssh password or get an error message, retry the above command using -v in order to turn verbose mode on and to be able to track down and correct the problem.

SSH is a secure clone of rsh with RSA encryption based authentication. This article tells you how to use ssh without having to type in your password everytime you use ssh.

Introduction:

The basis of using ssh without typing your password is public key based authentication. You need to generate a pair of public/private keys for this. We shall stick to version 2 of ssh.

Public key should save on the server side and the private key should save on the client side.

Firstly, generate your public/private keys using ssh-keygen 

$ ssh-keygen -t rsa

You must use the -t option to specify that you are producing keys for SSHv2 using RSA. This will generate your id_rsa and id_rsa.pub in the .ssh directory in your home directory.

Copy the id_rsa.pub to the .ssh directory of the remote host (server side) you want to logon to as authorized_keys2 .

[Note: If you have more than one host from which you want to connect to the remote host, you need to add the local host's id_rsa.pub as one line in the authorized_keys2 file of the remote host, i.e., you can have more than one entry. Also, you need to 'chmod 600 authorized_keys2' to make it unwritable to everybody apart from the user. The .ssh directory permission should be 0700.]

You are basically telling the sshd daemon on the remote machine to encrypt the connection with this public key and that this key is authorized for version 2 of the ssh protocol. Try using something secure like scp for this copying. 

$ scp ~username/.ssh/id_rsa.pub username@server-name-or-ip-address:~username/.ssh/authorized_keys2

Your public key based authentication has been setup. You won’t be asked your password on the remote machine. However, you need a program that manages your keys for you called an agent. You need to start the agent, tell it your passphrase, and hook up to the agent whenever you need to connect to the remote machine.

We need to generate and using ssh keys for automated:

1. Login
2. Make backups
3. Run commands from shell etc

Generate SSH Keys:

Logon into your Workstation and create the Cryptographic Key:

ssh-keygen -t rsa

Assign the pass phrase (press [enter] key twice if you don’t want a passphrase). It will create 2 files in ~/.ssh directory as follows:

~/.ssh/id_rsa : identification (private) key
~/.ssh/id_rsa.pub : public key

Use scp to copy the id_rsa.pub (public key) to 172.16.0.252 server as authorized_keys2 file, this is know as Installing the public key to server.

cd ~
scp .ssh/id_rsa.pub pcman@172.16.0.252:.ssh/authorized_keys2

From workstation login to server:

ssh 172.16.0.252

or

ssh -l pcman 172.16.0.252

(Both DID not request you to input the password)

Changing the pass-phrase on workstation (if necessary):

ssh-keygen -p

Use of ssh-agent to avoid continues pass-phrase typing.

At workstation type:

ssh-agent $BASH
ssh-add

Type your pass-phrase

From here, whenever connecting to server it won’t ask for password.
Above two commands can be added to ~/.bash_profile so that as soon as I login into workstation I can set the agent.

Deleting the keys hold by ssh-agent

a) To delete all keys

ssh-add -D

b) To delete specific key

ssh-add -d key

c) To list keys

ssh-add -l