Using Public/Private Key Pairs with SSH

This is one of those subjects that is a little difficult to convey clearly. It is a logical process and not difficult...but it is precise in the sense that certain files must be correct, be in the right places and have correct permissions. I've organized these instructions in three parts, key generation; local (client) side setup; remote(server) side setup.

For more information about public/private keys, see the Wikipedia article.

1. Generating a Public/Private key Pair

The private key will be named whatever you specified and the public key will have that name appended with ".pub". These keys will be located in the ~.ssh directory. For example, using the default name for a dsa key pair, the files will be "id_dsa" and "id_dsa.pub". Always keep the private key private. The public key is not secret and can be put in unsecure locations.

You need to generate the correct type of key for the remote system you are dealing with. In this article, we are using a dsa type key as an example. If the remote system requires an rsa key pair, generate an rsa pair instead.

To generate dsa key pair:

ssh-keygen -t dsa

The program will ask a series of prompted questions. For our purposes, it is Ok to just keep pressing the enter key for the defaults. The generated keys will be stored in your ~/.ssh directory. See the generated keys with:

ls -l ~/.ssh

2. Setup on the Local Side

Ensure Correct Permissions

chmod 700 ~/.ssh
chmod 600 ~/.ssh/*


If directory or filename permissions are not correct, ssh will fail to use the keys.

Create a config File

For each remote system, create a multi-line entry in the ~.ssh/config text file. You can create this file using your favorite editor, vi for example. File contents (one group per server, one group shown):

Host friendly_server_name_here
HostName ip_number_here
IdentityFile ~/.ssh/id_dsa
PasswordAuthentication no
Port 22
User your_username_on_remote_here


Of course, replace the three bolded items with your information for your accounts.

Give the config file the correct permissions:

chmod 600 ~/.ssh/config

3. Setup on the Remote Side

Copy the public key file you generated from your local machine to the remote machine's .ssh directory:

scp ~/.ssh/id_dsa.pub username@servername:~/.ssh

Log in the remote machine for the next operations:

ssh username@servername

Append the contents of your public key file to ~/.ssh/the authorized_keys file:

cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

Actually, the ~/.ssh/id_dsa.pub file does not need to be there, just appended to the ~/.ssh/authorized_keys file. It was just convenient to do it this way. Ensure Correct Permissions

chmod 700 ~/.ssh chmod 600 ~/.ssh/*

Done!

Now you can login to the remote system with:

ssh username@servername

...and not need to enter a password!

Padding a Numeric in Bash

I needed to pad a day of the month value to 2 places in a bash script.

This is made easy by the GNU program printf, which is part of standard distributions of Linux. In the following script snippet, the current day of the month is passed from the command invocation (or, if not specified, defaulted to the current day). It is then zero-padded with printf.

TODAY=$(date +%d) if [[ "$1" != "" ]]; then TODAY=$1 fi TODAY=$(printf "%02d" $TODAY) # Zero pad day.

Nautilus as Root in Ubuntu

Firstly, you can just run Nautilus as root from the command line with:

gksudo nautilus

The following procedure will add a root file browser to the Applications | System Tools menu.

I got this from http://ubuntuforums.org/archive/index.php/t-256998.html.

Create a text file with:

gksudo gedit /usr/share/applications/Nautilus-root.desktop

Add these lines to the file:

[Desktop Entry]
Name=File Browser (Root)
Comment=Browse the filesystem with the file manager
Exec=gksudo "nautilus --browser %U"
Icon=file-manager
Terminal=false
Type=Application
Categories=Application;System;


Open Nautilus with: Applications -> System Tools -> File Browser (Root)

An Alternative

This is from a comment by Cerebrux to this post:

1) Open Synaptic and install the "nautilus-gksu"

2) Logout- Login

3) And now do right-click on a folder and "open as administrator".

P.S. If you want the "open terminal here" in your right-click, then just install "nautilus-open-terminal"

Firstly, you can just run Nautilus as root from the command line with:

gksudo nautilus

The following procedure will add a root file browser to the Applications | System Tools menu.

I got this from http://ubuntuforums.org/archive/index.php/t-256998.html.

Create a text file with:

gksudo gedit /usr/share/applications/Nautilus-root.desktop

Add these lines to the file:

[Desktop Entry]
Name=File Browser (Root)
Comment=Browse the filesystem with the file manager
Exec=gksudo "nautilus --browser %U"
Icon=file-manager
Terminal=false
Type=Application
Categories=Application;System;


Open Nautilus with: Applications -> System Tools -> File Browser (Root)

An Alternative

This is from a comment by Cerebrux to this post:

1) Open Synaptic and install the "nautilus-gksu"

2) Logout- Login

3) And now do right-click on a folder and "open as administrator".

P.S. If you want the "open terminal here" in your right-click, then just install "nautilus-open-terminal"

SQLyog on Ubuntu

SQLyog is a popular MySQL GUI client that can be very convenient for certain operations like quickly dumping a database, schema changes. For operations that are awkward via the command line, it is useful.

I've installed SQLyog on my Ubuntu (Hardy Heron) laptop. It was very easy using Wine.

To install SQLyog with Wine

Install Wine on your Ubuntu system using the Synaptic Package Manager. As of this writing, version 1.0.0.1 was current. the exact version of Wine is probably not important.

Download SQLyog from here. I use the community edition. It is not important where you download the installation (Windows EXE) to. Just save the program file someplace convenient that you can easily navigate to via bash in the Terminal.

Open a Terminal window and change to the directory where you stored the EXE installation file. Type:

wine SQLyog714.exe

This is the exact filename that I downloaded. You will probably need to change it to the filename you downloaded.

Follow through the installation process using the standard SQLyog installer. Accept defaults. The program will be installed under a directory in your home directory called .wine.

At the end of the installation, the dialog will allow you to run the program. Go ahead and run it for the thrill of seeing a Windows program run on Linux. Wine is great!

Create a shortcut to run SQLyog in Terminal

I like to run SQLyog from the command line. I could change to the program's directory and start the program with wine SQLyog.exe. Like this:

cd ~/.wine/drive_c/Program\ Files/SQLyog\ Community wine SQLyog.exe

For convenience, I created a script to start SQLyog just by typing sqlyog. I created a text file called sqlyog with the above two lines and made it executable with chmod +x sqlyog. I have a directory in my $PATH for scripts like this, so I can fire SQLyog from anywhere.

Adding SQLyog to the Ubuntu Applications menu

On my installation of SQLyog, an entry was not made in the Applications menu to launch SQLyog. I added it to Applications | Wine by right-clicking on Applications and selecting Edit Menus. I added a new menu item with the New Menu button. The command to run SQLyog is:

env WINEPREFIX="/home/andrew/.wine" wine "C:\Program Files\SQLyog Community\SQLyog.exe"

Virtual Web Server Sandboxes on Ubuntu

Problem: Multiple virtual web sites are needed on an Ubuntu machine.

Solution: Set-up virtual servers in Apache and modify the /etc/hosts file so URLs of your choosing will resolve to the virtual sites that you create.

This procedure was tested using Ubuntu Hardy Heron.

For Apache's documentation about name based virtual hosting, see:

http://httpd.apache.org/docs/1.3/vhosts/name-based.html

Step One: Modify the hosts File

The /etc/hosts text file is owned by root and allows a simple means to resolve a URL that your type into your web browser to an IP number. In this case we want our example URL of my.example.com to resolve to the IP address of the local machine, just like localhost. This is normally 127.0.0.1. Edit the /etc/hosts file with:

sudo vi /etc/hosts

Find the line that reads:

127.0.0.1 localhost

On the same line, after localhost, add a space and the name of your virtual site:

127.0.0.1 localhost my.example.com

That's it for the hosts file. You do not need to restart anything.

Step Two: Set-up a Virtual Website on Apache

Apache has the handy ability to discern the URL from a browser's address line and serve up the site that has been configured for it. This allows a server with a single IP address (like our 127.0.0.1) to host several sites at once.

For each virtual web site on the server, create a text file in the /etc/apache2/sites-available directory. Use the following template to create the file (called my.example.com in this example):

<VirtualHost *:80>

ServerAdmin username@localhost
ServerName my.example.com
DocumentRoot /home/username/public_html/my.example.com
CustomLog /var/log/apache2/my.example.com.log combined

</VirtualHost>

You will need to create this file as root, so:

sudo vi /etc/apache2/sites-available/my.example.com

Now, you can use a Debian (Ubunto is a Debian variant) utility to easily create a link to this configuration file:

sudo a2ensite my.example.com

The above line simply creates a link to the my.example.com file in the /etc/apache2/sites-available directory. This allows you to enable and disable sites easily. The Debian disable counterpart to a2ensite is a2dissite (which just deletes the link).

Lastly, reload Apache:

sudo /etc/init.d/apache2 reload

After ensuring that you have something to sever in the site's document directory, enter the URL you used in your browser's address field and try it out!

Reading a File on the Internet with vi

Enter the fully qualified name of the file that you want to open in the current buffer, for example:

http://andrewault.blogspot.com/ Place the cursor over the name somewhere. In Normal Mode (not Insert Mode) type: gf

vi will use the appropriate unix utility (in this case, wget) to download the file and then read it into a new buffer.

New Blog Design

I grew tired of my blog's previous design. It was a little too green, plain and sort of depressing. I've given it a bit of a makeover. I hope people this is attractive.