SSH login using keys

Here’s how to setup SSH so you can use keys for authentication.

1. Create a set of keys:

ssh-keygen -t dsa

2. Hit “Enter” three times, we want the default location for the keys, and no passphrase.
3. You should now have a folder called .ssh in your home folder. Inside are the public and private keys.
4. Use SCP to copy the public key, “id_dsa.pub” to your remote hosts.

scp .ssh/id_dsa.pub me@10.1.2.3:

5. On each host create a .ssh folder in the account you want to access on the remote host (can be multiple accounts).

mkdir .ssh

6. Move (or copy if multiple) the id_dsa.pub file inside the .ssh folder, renaming it to authorized_keys

mv id_dsa.pub ~/.ssh/authorized_keys

7. Set the folder permissions on .ssh to 700.

chmod 700 ~/.ssh

Log out of the host and try logging back in. If everything is still set to defaults, you should be logged into the remote host without using a password.

This method is as secure as the interactive login but you need to guard your private key.

Advertisements

Configuring bash on a Mac

The Mac OS does not create/copy a .bash_profile for you when your account is created. Follow these steps to setup a normal bash profile.

1. Create .bash_profile with the following contents:

if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi

2. Create .bashrc with the following contents:

export PS1="[\u@\h:\w]\$ "

export JAVA_HOME=/Library/Java/Home

3. Add any aliases to .bashrc

Pound from source

Pound is a reverse proxy, load balancer and HTTPS front-end for Web servers.

1. Install (or confirm installed):

gcc
openssl-devel
pcre-devel

2. Download pound source from http://www.apsis.ch/pound
3. Untar the source tarball
4. Navigate into the source
5. Apply the patch (see the git repo below)

patch -p1 < Pound-2.6.patch

6. Configure the package

./configure \
--prefix=/usr/local/pound \
--sysconfdir=/usr/local/pound/conf \
--enable-pcreposix

7. Run:

make

5. Create folders

mkdir -p /usr/local/pound/{sbin,conf}

6. Copy the pound binary to /usr/local/pound/sbin
7. Create a pound.cfg file in /usr/local/pound/conf

Look for an init script here: https://github.com/breauxaj/pound.git

Balance from source

Balance is a very straight forward TCP load balancer.

1. Install (or confirm installed):

gcc

2. Download balance source from http://www.inlab.de/
3. Untar the source tarball
4. Run:

make

5. Create folders

mkdir -p /usr/local/balance/{sbin,conf}

6. Copy the balance binary to /usr/local/balance/sbin
7. Create a balance.cfg file in /usr/local/balance/conf

The syntax for the config is very simple:

-b 127.0.0.1 8080 127.0.0.2 127.0.0.3

Look for an init script here: https://github.com/breauxaj/balance.git

Nginx from source

As the biggest rival to Apache in the web server market, it’s good to know how to build and use Nginx.

1. Install (or confirm installed):

openssl-devel
pcre-devel
gcc
zlib-devel

2. Download nginx source from http://nginx.org/en/download.html
3. Untar the source tarball
4. Run

./configure --prefix=/usr/local/nginx \
--with-http_ssl_module \
--without-mail_pop3_module \
--without-mail_imap_module \
--without-mail_smtp_module \
--with-http_stub_status_module

5. As root run:

make && make install

6. Start web server using init script to confirm function, review logs for issues

You can find an init script for nginx here: https://github.com/breauxaj/nginx.git