Archive for the ‘Interesting’ Category

sftp without shell access

July 15, 2010

OpenSSH was the first version of the famous daemon that came with an built-in chroot functionality. Chrooting the sshd and restricting the shell access to a few commands can be a great solution to grant a few users secure access to exchange files.

1.vi /etc/ssh/sshd_config

Replace the line – “Subsystem sftp /usr/lib/openssh/sftp-server”  with –

Subsystem sftp internal-sftp

UsePAM yes

Match user user1
# The following two directives force user1 to become chrooted
# and only have sftp available.  No other chroot setup is required.
ChrootDirectory /sftp-upload
ForceCommand internal-sftp
# For additional paranoia, disallow all types of port forwardings.
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no

2.  Now add a user as follows –

useradd -d /user1 -s /bin/false user1
3.

cd /sftp-upload

mkdir user1

chown -R user1:user1 user1/

4. Restart your sshd daemon ( kill -HUP <sshd pid>

Non – standard only restrict shell access –

You want to allow a user to place files or folder on his/her home directory through sft client or winscp client but you don want to any kind of shell access. Here is a simple tricks to restrict this.

Just change his login shell to /usr/local/libexec/sftp-server (Solaris) or /usr/lib/openssh/sftp-server ( Linux).
Moreover if you want to restrict access over your sensitive data just disable the others read (r) and execute (x) perm of that files and folder.

Broadcast message to login user through terminal

January 27, 2010

Let say you was unable to call your friend, maybe he forgot to bring his cellphone and you know he is login to a linux server doing something, and you have permission to ssh to that particular server, then you can write him a message.

First, type:

who

who will list of all user have login and and login to which terminal, you will see something like pts/0, pts/1.

Example output:

bob pts/0 2007-03-10 02:21 (:0.0)

With the information, now you can write messages to the user bob.

write bob pts/0

After typing the command line above, you can start to type your messages. When you hit enter, you message will be send to that terminal. Terminate the write by ctrl+D.

You can cat a file and pipe to write command too.

cat memo.txt | write bob pts/0

You can broadcast your message to all login user with wall command. wall, write to all.

cat announcement.txt | wall

Or simply type wall, then start to write your message. For wall, the message will be send only after you hit ctrl+D. And the message will be send to all users that login including you.

Configure Firefox To Use SSH SOCKS Proxy Tunnel

November 9, 2009

The following instructions need to be done AFTER your ssh client (i.e. PuTTY) has been configured to open a secure tunnel. Connecting through the tunnel with Firefox (or any other program) only works while the tunnel is actively open. This means you must stay logged in for the entire time you are browsing. For instructions on downloading and configuring PuTTY, click here.

To configure Firefox to work with the proxy follow these instructions:

1. Open FireFox.
2. Click ‘Tools’ at the top to pull down the Tools Menu.
3. From the menu, select ‘Options…’ at the very bottom. This opens the Options window.
4. Click ‘Advanced’ at the top right corner of the window.
5. Click the ‘Network’ tab.
6. Where it says ‘Configure how Firefox connects to the Internet’ click the ‘Settings…’ button. This opens the Connection Settings window.
7. Select ‘Manual proxy configuration:’.
8. Where it says ‘SOCKS Host:’ enter localhost into the box.
9. 9) Where it says ‘Port:’ enter 9853 into the box.
10. Click the ‘OK’ button.
11. Click the ‘OK’ button on the previous window.
12. In the browser location bar (the place where you type web addresses), type about:config and press Enter. This opens a different set of Firefox preferences.
13. Where it says ‘Filter:’ at the top, type network.proxy.socks. The list of preferences will automatically change to show your proxy preferences.
14. Highlight ‘network.proxy.socks_remote_dns’ by clicking it only once. Then, right-click it. This opens a small pull-down menu. Select ‘Toggle’ from the menu to change its value to ‘true’. This adds privacy by preventing DNS queries from leaking. This is the reason why Firefox is recommended over other browsers for using this service.
15. Close Firefox and restart it.
16. Go to a site like cmyip.com to check and make sure your IP address shows up as the proxy address and not your real IP.

Bash prompt goodies – PS1 varible

October 19, 2009
sample

In the above picture you see useful thing:

the user name is Red colored, host name is Blue and current directory is colored with Black. This will help you while you are working with multiple tab at a time-

In bash you can customize you prompt using the environment variable PS1. In order to get the above result insert the following in your .bashrc or .profile file.

export PS1=”\e[1;31m\]\u\e[1;30m\]@\e[1;34m\]\h \e[0;30m\]\w$ “

Efficient and more logical port forwarding

June 2, 2009

Sometimes we need enable port forwarding. But we need to keep that window of the terminal open. If we close that session port forwarding wont work. The following command will minimize this drawback.

ssh -Nf -L <from IP add>:port:<to IP add>:port <localhost/the host on where you want to do this forwarding >

Where,

N = means do not execute a remote cmd. that is don run the shell.

f = Requests ssh to go to background just before command execution.