Tag Archives: Installation Log

Generate a ssh key and disable password authentication on Ubuntu server

Update:There is now an updated version of this guide for Ubuntu 12.04: Generate a ssh key and disable password authentication on the Ubuntu 12.04 (Precise Pangolin) server

1. Generate the ssh key pair on the desktop computer:
ssh-keygen

2. Copy the public key to the server:
scp ~/.ssh/id_rsa.pub user@10.10.10.1:

3. Connect to the server:
ssh user@10.10.10.1

4. Append the public key to authorized_keys and remove the uploaded copy:
cat id_rsa.pub >> ~/.ssh/authorized_keys
rm id_rsa.pub

5. Edit the ssh server configuration to make sure that public key authentication is enabled (it should be enabled by default):
sudo nano /etc/ssh/sshd_config

5.1 These entries must be set to yes:
RSAAuthentication yes
PubkeyAuthentication yes

6. Reload the configuration:
sudo /etc/init.d/ssh reload

7. Disconnect from the server:
exit

8. Try connecting without the need to give the password to the ssh-client:
ssh user@10.10.10.1

You might need to give a password now to access your private key file, but you should not need to give the password to the ssh program.

9. Disable password authentication:
sudo nano /etc/ssh/sshd_config

9.1 The following settings should be set to no:
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

9.2. Reload the configuration:
sudo /etc/init.d/ssh reload

10. Test that password authentication really is disabled:
10.1 Disconnect from the server:
exit

10.2 Rename your private key file:
mv ~/.ssh/id_rsa ~/.ssh/id_rsa.backup

10.3 Try to reconnect to the server:
ssh user@10.10.10.1

This should produce a permission denied message: “Permission denied (publickey).”

10.4 Restore your private key file:
mv ~/.ssh/id_rsa.backup ~/.ssh/id_rsa

Done 🙂


Referens

Debuntu

Advertisements

Change to static ip on the Ubuntu Hardy Heron server

There is now an updated guide for Ubuntu 12.04: Change to static ip on the Ubuntu 12.04 (Precise Pangolin) server

1.1: Edit /etc/network/interfaces:
sudo nano /etc/network/interfaces

1.2: Change from dhcp to static:

- iface eth0 inet dhcp
+ iface eth0 inet static
+        address 10.10.10.1
+        netmask 255.255.255.0
+        gateway 10.10.10.10
+        network 10.10.10.0
+        broadcast 10.10.10.255

2: Make sure that the name server is specified in ‘/etc/resolv.conf’:
nameserver 10.10.10.10

3: Uninstall the dhcp-client (otherwise it will overwrite your changes on the next renew cycle!):
sudo apt-get remove dhcp3-client

4: Restart the network to use the new settings:
sudo /etc/init.d/networking restart

Done 🙂

Automatically update Ubuntu Hardy Heron server with a ruby script

Needs

I wanted my newly installed Ubuntu server to check for updates every day and then automatically update itself if there were any new updates found. I search the web trying to find an existing solution that would work out of the box for me. But I am of course very picky of what I want, so I could not found anything that met all my needs:

  • Automatically check for updates every day.
  • Automatically download and install any updates that were found.
  • Report both success and failures to my e-mail and show me in the subject if the update failed or succeeded.
  • Use an external smtp-server with authentication.

As I am also trying to learn the Ruby programming language, besides from Linux, I decided to use it to create my update script.

Installing Ruby

Ruby is not installed by default on Hardy Heron but can easily be installed from the Ubuntu repositories:

sudo apt-get install ruby

The Script


#!/usr/bin/ruby
##### Information ##############################################
# DESC:	This is an update script for Ubuntu Hardy Heron 8.04.
#	It will fetch any availible updates with aptitude and
#	install them. An e-mail with the result is then sent
#	using the configured smtp-server.
# AUTH:	Niklas "Lani" Lagergren
# REV.:	1.0 2008-08-06
#	* Initial release.
#
# COPY: No copyright claimed. No rights reserved. No warranty
#       given.
################################################################

##### Configurable mail server options: ########################
# These parameters needs to be changed to match your enviorment
################################################################
@mail_server = 'your.mail-server.com'
@mail_port   = 25
@mail_domain = 'your.mail-domain.com'
@mail_user   = 'username'
@mail_pass   = 'password'
@mail_from   = 'from@your.mail-domain.com'
@mail_to     = 'to@somewhere.nil'

require 'net/smtp'

# Format date according to rfc 2822, example:
# Fri, 11 Jul 2008 09:13:20 +0200
def time_to_rfc2822(time)
  time.strftime('%a, %d %b %Y %H:%M:%S ') +
    if time.utc?
      '-0000'
    else
      off = time.utc_offset
    sign = off < 0 ? '-' : '+'
    format('%s%02d%02d', sign, *(off.abs / 60).divmod(60))
  end
end

# Send e-mail according to the configuration in the instance variables.
def send_mail(subject, body)
  msg = "From: Ubuntu Server <#{@mail_from}>\r\n" +
    "To: Server Administrator <#{@mail_to}>\r\n" +
    "Subject: #{subject}\r\n" +
    "Date: #{time_to_rfc2822(Time.new)}\r\n" +
    "Message-Id: <#{Time.new}@#{@mail_domain}>\r\n" +
    "\r\n#{body}\r\n"

    Net::SMTP.start(@mail_server, @mail_port, @mail_domain, @mail_user,
      @mail_pass) do |smtp|
      smtp.send_message msg, @mail_from, @mail_to
    end
end

# Run aptitude commands to update the system and capture it's output.
puts 'Running aptitude...'
body = `aptitude update 2>&1`
body << `aptitude dist-upgrade -y 2>&1` if $? == 0
body << `aptitude clean 2>&1` if $? == 0

subject = "#{@mail_domain} update #{$? == 0 ? 'succeded' : 'FAILED'} #{Time.new}"

puts 'Sending mail...'
send_mail subject, body
puts 'Mail sent.'

Set the script to run every day
Obviously you need to change the mail settings in the script as the comment suggest. Then save the script, I named it “autoupdate”. To run the script on a daily basis copy it to “/etc/cron.daily”. And don’t forget to set execute permissions on the script (and as I have the password stored in the file I also removed all permissions from “others”:

sudo chmod 770 autoupdate

Test the script
The easiest way to test the script is of course to just execute it:
sudo ./autoupdate

If you really want to make sure that it will execute when executed in the same way as when execute by the cron job you could run:

sudo run-parts /etc/cron.daily

Note that this will execute all scripts in the cron.daily folder. Another side note is that it probably won’t run with the same permissions as when executed from the cron job, and it will probably take a long time to execute.

Now check your mailbox or the log files for the result:

cat /var/log/aptitude

Hopefully someone out there can benefit from this script as it is, or if you’re like me; tweak it to suite your own needs 😉