OpenSSH is very popular SSH server. Widely used on different Linux distribution. I used it for many years on my VPS server. It is easy to use, but security is the top issue for any server. Here is the top 6 security settings for Open SSH server.
To make it safe and minimize the risk, change the default setting and make it more safe.
OpenSSH setting file is located:
1) Only Use SSH Protocol 2
SSH protocol version 1 (SSH-1) has man-in-the-middle attacks problems and security vulnerabilities. SSH-1 is obsolete and should be avoided at all cost. Open sshd_config file and make sure the following line exists:
2) Allow Only Specific Users or Groups (AllowUsers AllowGroups)
By default anybody who is authenticated successfully are allowed to login. Instead you can restrict which users (or groups) you allow to login to the system.
This is helpful when you have created several user accounts on the system, but want only few of them to login.
This is also helpful when you are using NIS, openLDAP (or some other external system) for authentication. Every user in your company might have account on NIS, OpenLDAP etc. But, on a specific server you want only few of them to login. For example, on production system you want only sysadmins to login.
Add the following entry to the sshd_config file to allow only specific users to login to the system. In the example below only ramesh, john and jason can login to this system. Usernames should be separated by space.
AllowUsers ramesh john jason
Add the following entry to the sshd_config file to allow only the users who belong to a specific group to login. In the exampe below only users who belong to sysadmin and dba group can login to the system.
AllowGroups sysadmin dba
Continue reading “OpenSSH server Security Top 6”
Some times you need to find out what version is your Linux OS. Just like when I need to download a module, I have to find out which one is right for my OS. Then I can download 32bit, or 64bit package.
The most common way to find your Linux installation is enter the following shell command.
i386 => 32bits, x86_64 => 64bits
Continue reading “Is your Linux 32bits or 64bits”
Canadian Web Hosting offers two different types of VPS hosting, Linux and Windows running under Citrix Xenserver. They can choose different operating systems such as Windows 2008, Redhat, Debian, CentOS, SUSE, and Fedora.
As we know, many people use Windows desktop OS and know Windows only. So when they want to choose a VPS, they pick up Windows VPS.
Let’s look at the the service and price Canadian Web Hosting provided.
Say, VPS-Win 1000.
It has 20GB disk space, 1000GB Bandwidth. It is good enough for one or two busy forum or sites.
Two IPs. It is so good to have the individual IP. Especially for commerce site.
512M memory, 256Mhz CPU, are also OK.
For experienced Windows user, server is a little bit different. So Remote Desktop can help them manage Windows VPS server without problem. MS SQL 2008 express is included.
Firewall and Intrusion Protection are very important. I heard so many cases that site was hacked, site was hijacked. Just because the security issues.
So if you have a lot of Windows experience, and start to launch an web site, I recommend you buy this Windows VPS for $85.40/month.
Continue reading “VPS of Canadian Web Hosting”
To see how Linux CPU utilization, one command is enough.
Continue reading “How to Find Out Linux CPU Utilization?”
To upgrade Webmin, you need a webmin installation on the Linux first. 🙂
Say, from your desktop browser, enter https://yourlinuxbox:10000
It is security connection.
Then, do if as below:
To have updates installed automatically, go to the Webmin Configuration module, click on Upgrade Webmin and use the form in the Update Modules section.
The latest version of Webmin is 1.430
I use Ubuntu 8.04. It is shipped with GNOME Desktop.
Gnome 2.22 now.
You may want to read its release notes.
Continue reading “GNOME 2.22”
I have a script file used in cron jobs.
I create and edit this file on Windows 2000. The editor is UltraEdit.
When I finished editing, I upload the file to Dreamhost by FTP.
I tried to use it through SSH command.
It failed with following error notes.
Continue reading “DOS Format and Unix Format”
I saw the official site said, new Ubuntu will release in 6 days. I am already waiting for months.
Can we upgrade it now?
DaNmarner said it is time to upgrade now.
Continue reading “Upgrade your Ubuntu from 7.10 to 8.04”
I have a Ubuntu installation on one of my desktop.
I am not a expert of Linux, but I like the spirit of Linux. Free and Open.
I alway get the tips, referrence, howtos from these top 10 Ubuntu Blogs.
1) Ubuntu Geek
2) Ubuntu Blog
3) Mark Shuttleworth
4) Ubuntu Fridge
5) All about Linux
Continue reading “Top 10 Ubuntu Blogs”
Movabletype 4.01 has the internal upload facility, which can upload images to the assets manager.
My blog is always runing well on my Windows 2003, until I moved it to the Linux server.
The photo is not displayed on the sidebar. Only the file name is shown there.
After researching over 2 hours, I found the problem is the path.
Windows uses “\” as the path symbol. Linux uses “/” as the path symbol.
The path saved in the database is something like, “\images\photo-1.jpg”
It can not be displayed correctly in Linux server. Movabletype has not have the tool to change the path. I have to use PhpMyAdmin to change the path manually. It is saved in mt_asset table. Change the asset_file_path and asset_url to match Linux rule.
Then the photo widget shown properly and the page of manage assets can display image asset and preview popup can shown the correct image.
It is not the end. I have to check all my blog use the thumb image, which has some URL use the old Windows path. Manually change them again.
After these changes, all images use the MT4.01’s inclusive asset manager can be displayed perfectly.
Please be reminded thant when you move your MT blog from Windows to Linux. And also I think if the MT blog moves from Linux to Windows has same problems.