≡ Menu


Install OpenSSH Server on Asus EEE PC

Q. How do I install OpenSSH server on Asus EEE Laptop PC?
[click to continue…]

How to Tunnel X Windows Securely over SSH

Q. How do I tunnel X Windows Securely over SSH? I'd like to run X program on my remote Linux server and get back display to Laptop computer connected by high speed internet?

A. A tunneling protocol is a network protocol which encapsulates a payload protocol, acting as a payload protocol. Reasons to tunnel include carrying a payload over an incompatible delivery network, or to provide a secure path through an untrusted network.

SSH is frequently used to tunnel insecure traffic over the Internet in a secure way. Simply type the following command:

$ ssh -X user@server.corp.com
$ ssh -X user@

You can requests compression of all data to improve up user experience (good for a low speed link such as wan link) using -c option:
$ ssh -c -X user@

Once logged in type any X windows program name such as:
$ xeys &
$ oowriter &

To start kde type:
$ startkde &

To start default desktop type:
$ startx

How to: Turning off SFTP server under Linux / UNIX cpanel server

Q. I've CentOS Linux cpanel server. I'd like to turn off SFTP server but only allow SSH for root user. How do I trun off sftp server?

A. OpenSSH / sshd reads configuration data from /etc/ssh/sshd_config. The file contains keyword-argument pairs, one per line. Lines starting with ‘#’ and empty lines are interpreted as comments. Configures an external subsystem such file transfer daemon (SFTP) done through this file only. Arguments should be a subsystem name and a command to execute upon subsystem request. The command sftp-server implements the “sftp” file transfer subsystem. sftp-server is a program that speaks the server side of SFTP protocol. sftp-server is not intended to be called
directly, but from sshd using the Subsystem option.

Disable / Turn off sftp server

Open /etc/ssh/sshd_config file:
# vi /etc/ssh/sshd_config
Find line that read as follows:
Subsystem sftp /usr/lib/openssh/sftp-server
Remove or comment out line by prefixing #:
# Subsystem sftp /usr/lib/openssh/sftp-server
Save and close the file. Restart sshd service:
# /etc/init.d/sshd restart

Upgrade WHM / cPanel Linux server to EDGE release

Q. How do I upgrade my CentOS Linux 5.0 dedicated server to WHM / cPanel edge release?
[click to continue…]

Monitor Linux user activity in real time

Q. How do I Monitor Linux User Activity in real time?

A. The whowatch program scans the most current common log file of Linux server and creates the following statistics in real time:

=> The users currently logged on to the machine, in real-time.
=> User login name,
=> User tty
=> User host name
=> User's process
=> The type of the connection (ie. telnet or ssh)
=> Display of users command line can be switch to tty idle time.
=> Certain user can be selected and his processes tree may be viewed as well as tree of all system processes.
=> Kill user process etc

I have already written how to install and configure whowatch. Please refer this previous article.

Iptables is not sending LOG to syslog file

Q. I am running SSH/MySQL/Webserver and setup iptables based firewall. But my logs are send to console rather than the system log files. How do make sure that iptables LOG target messages are send to /var/log/messages file?

A. IPTABLES LOG module turns on kernel logging of matching packets. When this option is set for a rule, the Linux kernel will print some information on all matching packets (like most IP header fields) via the kernel log where it can be read with
dmesg or syslogd.

You can configure level of logging with an option called --log-level level. For example, drop and LOG all incoming port 22 TCP, message:
iptables -I OUTPUT -j LOG --log-level crit -p tcp --dport 22

Read man pages of iptables and syslog.conf for more info.

Configure rsh so that is does not prompt for a password

Both rsh or rlogin prompt for a password. All you need to do is open /etc/hosts.equiv file on host system and add entries for all hosts you would like use without password .

This file list of hosts and users that are granted "trusted" r (rsh/rloging) command access to your system without supplying a password.

$ cat /etc/hosts.equiv



In above file job1, job2, job3 hosts can connect without a password.

Caution: R (rsh/rlogin) commands are very insecure if possible switch to secure shell (ssh). You can configure ssh so that is does not prompt for a password.