Well it’s been a long time since I have done a post or any work related to any of the projects I have been working on and they have been on hold. I am starting to begin blogging again due to me recently finished university and starting a new job as a junior software developer I basically spend all hours of the day sitting in from of a computer doing what i love and getting paid for it, who can complain :). I got my exam results back a couple of days ago and I have passed all my units giving me a HND Computing qualification, I can’t decide if I want to maybe upgrade it to a degree in web development through open university but I do know for the moment I just want work and blog.
I will be getting back to work on Bitsy.eu in the new couple of weeks Imp going on holiday soon so going to start after that, I want to finish it as at the moment there are allot of issues including being used for illegal activities as one person pointed out, they took their time to email me with a bunch of url which were being used on my service which pointed to viruses (which have now been removed), I want to adjust my service to combat this type of activity. I’ve also purchased a second domain (http://bsy.me/) which is a alias of http://bitsy.eu/ its basically just a shorter domain so that your shorten links can be even smaller for services such as twitter where every character counts.
I’m using Virtualmin which is a UI for managing web servers and such I could get rid of the UI and just configure everything myself but for usability I just use Virtualmin (I also host some clients websites so they need a easy to use interface), with my installation of Virtualmin on a CentOS 5 operating system with bleeding edge package repository enabled I’m left with the following software versions.
Apache (2.2.3)
PHP (5.2.17)
MySQL (5.0)
BIND (9.6.3)
This is an ok setup but I want to use the latest stable versions mainly for all the security fixes here is the setup which I now run it was simple to update the current packages retained all settings and data and works fine with Virtualmin.
Apache (2.2.17)
PHP (5.3.6)
MySQL (5.5.10)
BIND (9.7.3)
The only problem which I have found so far after updating was when I tried to run one of my virtual hosts using suexec (it a security feature for apache which allow you to run a virtual host as a specific user) there was an issue with the default configuration the fix was easy and only required me to recompile the suexec from source with some slight modifications to work with Virtualmin.
WARNING / MUST READ I have performed the following methods 3 times and every time everything has worked correctly and Virtualmin still operates correctly, this warnings here just to tell you I am not responsible if you do something wrong, break your system or anything of the kind.
Beginning Steps
If you are updating all 4 packages I would do it in this order MySQL, BIND, Apache and PHP this is only due to me normally doing it in this order, I have read somewhere updating PHP then apache can cause some errors but not too sure on this. I would also recommend navigating to your tmp folder.
1
cd/tmp
This is so that all the files we download will automatically be deleted later by the system, now we need to download the files we need for updating from somewhere, you can compile the different versions from source but I will be using precompiled installation files. You can get these from the site below.
RPM –-nodeps and –-force During the following guide you may need to use the –-nodeps or –-force commands to complete the installation this will normally only be an issue if you already have a older version of the package installed and installing the same package but a different version, you have to make sure you use the two commands in the correct situations or you can break your system. You should always try running the RPM using the following command.
1
rpm–Uhv filename.rpm
If you then receive a message similar to
You must install the required dependency as your system is missing it, this can be achieved by going to http://pkgs.org/ searching for the dependency for example apr-util-ldap and downloading the rpm required for your system, then run the rpm installation command for the new downloaded rpm.
1
rpm–Uhv filename.rpm
Once the installation of all required dependencies is complete (you may try installing one dependency to then find the dependency your trying to install requires another dependency this is normal) you can then try running the rpm installation command again for the main package you wish to install, if you receive a message similar to the one below.
You will receive this message if you are updating some already installed software which is a dependency off another piece of software, in the example above openssh-server and openssh-clients needs openssh version 4.3 installed to run correctly, I received the message above because I was trying to update openssh to version 5.5. In this case I would use the following command.
1
rpm–Uhv filename.rpm—nodeps
I would then have to download openssh-server version 5.5 and openssh-clients version 5.5 and also update and install any other required dependencies. The –nodeps attribute allows the installation to continue by skipping the dependency check. The –force attribute is used if the installation complains about files already existing from another package, this is caused if you are updating a package you want the new files to replace the old package so adding the –force will force the new installation replacing the old files.
Extra Checking / Package Fixing
After using this guide to update some friends server i have discovered that you can use the package-cleanup tool to find any dependency problems which you may have. By typeing the exact command below.
1
package–cleanup—problems
A list of all packages which have a dependency issue will display, if for example we have installed mysql-server 5.5.10 but it is saving mysql-client requires dependency 5.0.0.1, then you have not installed the correct version of mysql-client. You can fix this issue by finding the correct RPM with the correct version you where tryihng to install so in the example we would be looking for mysql-client 5.5.10.
With internet speeds increasing and the users expecting fast and more responsive websites the technology we use has to adjust to these changes, when a user requests a website from a web server the server replies with the website content let’s say the website is my blog, last time I checked it was around 53,929 bytes for the home page which means the users web browser needs to download all 53,929 bytes before the website will display, only if there was a way to decrease the website size decreasing the download time for my visitors (giving them a faster loading website)….well there is.
A website can be compressed lowering the total bytes required to be downloaded by the visitor which also lowers the bandwidth usage for both the client and web server sending the content, for example my blogs homepage is around 53,929 bytes uncompressed as soon as I enable compression it goes to 9,437 bytes which is a dramatic decrease (82.5% decrease) allowing my visitors to now load my blog quicker and lower the bandwidth consumption, the only side effect really is a slight increase in CPU usage on the web server as it now has to compress the content every time there is a request (pages can be caches as static html files to increase speeds and decrease stress on the server but this is not going to be covered in this post), the only requirement on the visitors side is that the web browser they are using supports compressed content as it will need to uncompress the content to be able to view the website (all modern browsers support this feature so it shouldn’t be a problem, most server compression methods can tell if the browser doesn’t support compression and will send the data normally if no support is found). There are two methods of compression which I am going to go through today which is apaches deflate module (usually provided with a default installation of apache, some shared hosts may uninstall this module so you will not be able to use the apache method) and PHP compression, it is best to use the apache method if possible but if not the alternative will do fine.
Verifying Compression Verifying that are website is being compressed is important there is no point doing all the changes to find out a couple of months later you did it wrong and it hasn’t been compressing anything, there are multiple methods of determining if your website is being compressed the easiest is to use a website such as http://www.gidnetwork.com/tools/gzip-test.php which allows you to quickly and easy check and also see some estimated compression results, the alternative is to view the header data send from the web server this is achieved differently in most browsers but with Firefox you can use a add-on called Live HTTP Headers to view the header data (you’re looking for a line which says Content-encoding: gzip).
Compressing Media Most media is already stored in a compress format such as images, music and archived files and so will not benefit from any more compression (will just be a waste of CPU usage), its mainly text based files such as css, php, html and so on which will benefit from encryption.
Apache Compression (deflate) Enabling apache deflate compression requires access to a file called .htaccess which is located in the base web directory normally public_html, this file allows us to adjust server side apache settings without needing access to the main apache configuration file (we can customize are setup for multiple websites using this file). To compress your whole website simply place the code below into your .htaccess file.
1
SetOutputFilter DEFLATE
This will now compress your whole website and all the content including css, html, javascript and php content, images are not usually compressed due to them already being stored in a compressed format, if the following code didn’t work you may not be able to adjust settings using the .htaccess file or mod_deflate is not installed on the web server (you will have to use the PHP method further in this post or ask your hosting provider for help). Not everyone wants to compress all their content so you can specify the exact content to compress by using AddOutputFilterByType.
1
2
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
This code will now compress only HTML and CSS pages all other content javascript, xml files and such are sent uncompressed make sure to remove SetOutputFilter DEFLATE as that line will cause all content to be compressed, you have specify the MIME data types which can be found here. It’s possible to compress files by extension using the code below.
1
2
3
<Files *.html>
SetOutputFilter DEFLATE
</Files>
This code will compress all files with the extension .html, the same code can be used to compress a specific file by changing *.html to the file name so for example if I want to compress only test.html I would use the code below.
1
2
3
<Files index.html>
SetOutputFilter DEFLATE
</Files>
It’s possible to adjust the compression level by simply adding DeflateCompressionLevel.
1
DeflateCompressionLevel9
This line of code can range from 1 to 9, 9 being the best compression method. By default 9 is used and there is rarely any reason to specify a compression level unless your CPU usage is high due to high website usage.
PHP Compression
It is highly recommended to use apache compression but if your unable to or unwilling its very simple to compress content using PHP, all that is required is to add the following code to the top of any PHP file needing compressed.
What this does it check if the browser requesting the website supports compression, if it does it compresses the data if not it just sends the content normally (uncompressed). This method will only compress content loaded into the PHP file so if we have a test.html page this page will not be compressed as PHP never loaded it.
This is a problem I’ve ran into many times especially when I first started using CSS and divs to build websites, you may have noticed (or not) that if you have a container DIV with some child DIVs which are using the float: attribute the container doesn’t resize to fit the child DIVs, if you where to remove the float: attribute from the child DIVs the container will adjust to the size of the containers again.
Example 1
This is child 1
This is child 2
HTML Code
PHP
1
2
3
4
<div class=“container”>
<div class=“child1”>This is child1</div>
<div class=“child2”>This is child2</div>
</div>
CSS Code
CSS
1
2
3
4
5
6
7
8
9
10
11
12
.container {
border:thicksolid#000;
width:200px;
}
.child1 {
width:100px;
background-color:#0C0;
}
.child2 {
width:100px;
background-color:#C30;
}
From this example above you can see what a container DIV looks like when the child DIVs do not contain the float: attribute, the container DIV resizes and adjusts depending on the size of the child DIVs, but without the float attribute are two child DIVs do not fit side by side.
Example 2
This is child 1
This is child 2
HTML Code
PHP
1
2
3
4
<div class=“container”>
<div class=“child1”>This is child1</div>
<div class=“child2”>This is child2</div>
</div>
CSS Code
CSS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
.container {
border:thicksolid#000;
width:200px;
}
.child1 {
width:100px;
background-color:#0C0;
float:left;
}
.child2 {
width:100px;
background-color:#C30;
float:left;
}
Now we are using the exact same code above the only difference is the float: attribute is now being used which allows the two child DIVs to sit next to each other, but now are container has stopped resizing and shows as if there is no data present. There is a simple and effective fix using CSS which will allow the container to resize exactly how it does in example 1 but still allow the two child DIVs to use the float: attribute, below is the CSS code which fixes this problem.
CSS
1
2
3
4
5
6
7
8
.clearfix:after
{
content:“.”;
display:block;
height:0;
clear:both;
visibility:hidden;
}
Using this CSS code is very simple, all you have to do is simply rename .clearfix (making sure to leave :after as this will make the CSS apply after loading all the elements, if it is applied before it will load incorrectly and may not work) with the name of the class used for your container DIV (if you have used id instead you need to replace the . with a #), this CSS code can be used in a variety of ways but this is the simplest, I have provided an example below demonstrating it working using the code from example 2.
There are a variety of operating systems available but most users don’t know this and believe Microsoft Windows is the only one but there are hundreds available. It quite easy to understand why most people believe there is only Windows due to the way it is forced upon us (you buy a new computer it’s there). The price ranges for operating systems various tremendously starting from absolutely free to thousands of pounds, most are slight variants of another operating system.
There are hundreds available but most average computer users will only come across Windows and Mac OS, most people will stay away from the others because there scared or don’t want to venture into the unknown, the internet doesn’t help especially when people can post anything putting people off. There’s also the history behind some of the other OS’s such as Linux, if I was to speak to one of my IT friends at work and mention Linux they would immediately start telling me how hard it is to manage and use, if I was to mention Linux to a friend who knew other operating systems existed he would automatically presume I was a computer geek. I think it is this kind of thinking which puts people off from even trying these great operating systems, especially when the internet is full of people pushing them into the dirt. Linux operating systems have come a long way since they first started and most Linux distributions such as Ubuntu are just as easy to use as a Windows operating system, Ubuntu even allows you to incorporate your social networking into your OS so you can get all your latest tweets and notifications alerts straight on your desktop. A majority of the internet’s websites and services are hosted on servers using a Linux operating system, Windows operating systems have been increasing in popularity due to the developments of VB.Net programming languages.
Why would I even look into Linux? Linux is a very powerful operating system which can be used for a variety of uses such as commercial and non-commercial, enterprise users, power users and home users. There is no restriction to the use of Linux and most Linux distributions are free allowing you to just install and use (Windows and Mac OS require you to purchase a CD key). There are hundreds of Linux distributions available for example Ubuntu, Cent OS, OpenSuse, Gentoo, Slackware and Fedora this is just a small sample there are allot more. If you want to give them a try but don’t want to commit to a new operating system you can download the Live CD versions which most Linux distributions provide, this live CD allows you to boot into the Linux operating system experiment without actually installing it (Windows doesn’t provide this and requires you to install to test).
Getting the operating system is one thing but what about the software we are going to use, well Linux comes with hundreds of free software such as OpenOffice (Microsoft Office replacement), any software made for windows will not work on Linux without the usage of a emulator (tricks the program into thinking its running on windows) or virtualisation platform (runs an operating system inside the Linux one, read this post for more information) but there are hundreds of free alternative software or some software providers also make a Linux compatible version.
Security is always the issue with computers especially with Windows operating systems, Windows is the most used operating system so most computer threats are targeted at that operating system, this means there is much less threats targeting Linux operating systems (there are still some threats but Linux has a unique protection system). Windows when infected by a hacker or virus can be destroyed quite easily as the viruses has access to everything, on a Linux system the internal security is much stricter and only users with a specific access level can access specific files, for example a normal user can access all their own files but they can’t install, uninstall or access any file outside of their home directory, if a action is needed which requires a higher access level the user is prompted to enter their password, what this means is that even if a user did download a virus it would only have the same access as the user who downloaded it, when it tried to gain high level access the user will be alerted.
The possibilities of Linux are endless and I would recommend that everyone at least tries it is free after all and comes with hundreds of free software. It won’t hurt to just download the live CD and play around on it for an hour or two you never know you might like it.
SSH is a secure shell command line technology allowing a user to connect to a second computer and perform many tasks securely. I have written a post which is found here which tells out all about the SSH technology. In this post I am showing you how to connect to a SSH server in Windows and Linux operating systems using public and private key authentication, you can find my password authentication guide here. I am assuming you have already created the public and private key files and the SSH server you are attempting to connect to is setup to use key authentication.
SSH using windows To allow us to perform SSH communications we need to download a SSH client which allows us to transmit and understand responses, the software we are going to be using is called PuTTy which can be found here, a direct link to the download required is here. Please download the file to an easy to find location such as the desktop. You will also need to download a program called PuTTyGen which is found here. If the key was generated on a Linux system then the private key you will be using will need to be converted from an OpenSSH format to format putty can understand, this is achieved using PuTTyGen. If you are not sure if your private key has already been converted then just continue with the converting stage anyways it won’t hurt your key in anyway.
Once both the applications have downloaded you simply double click PuTTyGen and it will launch, there is no need for any installation of this program. Your first step is to load the private key which is done by clicking File located at the top of the application and selecting Load Private Key.
You will then be presented with a window like below, you have to browse to your private key and select it, then click load.
Now the key is loaded into PuTTy gen and you will see a window which looks just like the one bellow, if you have a password set on the private key you may receive a password popup and need to provide a valid password before the software can load the key.
All we have to do now is save the private key in the format PuTTy will understand which is achieved by clicking on the Save private key button, you will then have to select the location to save your key. If you are not using a password with your key then PuTTyGen will warn you about not using a password just click yes.
Conversion of your key is now complete and you can close the PuTTyGen application and start the PuTTy software. You will begin with a screen which looks like this it may be slightly different if you have used PuTTy before.
There are two fields on this page which we are interested in and that is the textboxes located at the top of the application labelled “Host name (or IP address” and “Port”, we need to provide the IP address (can also provide a hostname if it resolves to the correct IP address) and the port number which the remote SSH server (located on the second computer) is running on by default this is 22 but can be changed.
As you can see from the image above I have provided the IP address of the second computer and a port number of 22, the computer I am connecting to has a IP address of 10.0.2.15 and the SSH server is listening on port 22 for connections. Please enter the IP address or hostname of your second computer and the port number (most probably 22).
We now need to tell putty where are private key file is located so that when the SSH server ask PuTTy knows which key to send. On the left side of the application there is a group of categories, you need to click the plus item located next to SSH and then on Auth. Your screen should now look like above.
Now click on the Browse button and locate the private key file. You must make sure you select your converted version or PuTTy won’t show the file in the file browser.
All we have to do now is click on the Open button and the connection will begin.
You may receive an error message like the one above, this means it failed to gain a connection to the second computer and there are many causes of this error. First thing would to make sure the SSH server is running on the second computer and the port is allowed on the firewall, next step would be to check that you have entered the correct IP address or hostname and port number and retry.
On a successful connection to the second computer through SSH you will receive an alert similar to the one above. This key is a way to identify that the second computer is who it says it is, you don’t really have to pay any attention to this and so I normally just click the yes or no option. If you click Yes this key will be saved for further usage stopping this alert from appearing every time you try to connect to this computer, clicking No will allow you to connect but will not save for further usage meaning it will appear again on the next login and cancel will stop the connection to the second machine. Now we are beginning the login progress where we need to enter the username of the user we want to login and then the password for that user. Simply type the username and press the enter key.
SSH using Linux Unlike windows operating systems Linux has the ability to communicate with a SSH server straight after installation of the operating system (no third party software is required). I am going to be using Ubuntu operating system but this will work on all distributions of Linux. First we need to launch the terminal which is a command line interface which will allow us to perform the SSH login. On Ubuntu this can be found by going to Applications then accessories. You will be presented with a black window with some white text.
Before we do anything with the terminal we need to place are private key into the correct directory, the private key needs to be placed into ~/.ssh/ and needs to be called id_dsa or id_rsa. You can either use the desktop to move this file to the location (you will need to enable hidden folders) or the terminal which is achieved by typing this command. You will have to replace /home/Shane/Desktop/id_dsa with the location of your private key.
PHP
1
Cp/home/Shane/Desktop/id_dsa~/.ssh/
Now that we have the file in the correct place all we now have to do is simply type ssh-add and you will receive a reply similar to the one below. Now all we have to do is begin the SSH connection.
To start an SSH connection we have to type a command to begin the SSH software, we also have to specify the port which the SSH server we are trying to connect to is listening on (normally 22), we also have to specify the IP address or hostname and the user we wish to login with (if not user is specified it will try to login with the user we are logged in with on are client), the command to do this looks like this.
PHP
1
ssh–p22root@192.168.0.12
What this command will do is start a SSH connection to the SSH server running on the computer using the IP address 192.168.0.12 and listening on port 22, it will attempt to login with the user root. We can change the port we are connecting to by changing –p 22 to –p 2290, the SSH server must be listening on the port for it to be successful. We specify the user we want to login by placing the username then an @ symbol before the IP or hostname of the computer we wish to connect to.
PHP
1
ssh–p2290bob@192.168.0.12
The command above is another example where we are connecting to the computer which is used IP address 192.168.0.12 with the user bob. The SSH server is listening on 2290 instead of 22 so we specify the port number. If you are connecting to a SSH server which is using the default port (22) then you do not need to provide the –p argument, you can use the following command and it will automatically try connecting to port 22.
PHP
1
ssh bob@192.168.0.12
On connection you may be presented with a message like this and you are asked if you want to continue connecting. This is normal and allows you to determine if you are connecting to the correct computer or if someone is tricking you into connecting to them so they can intercept your data, every SSH server has a RSA key which you should write down on installation of the SSH server. You can then compare this key to the key which you are being shown on the SSH client, if they match you are connecting to the correct computer, if not then it’s possible someone has tricked you into connecting to them allowing them to view any data you transmit. You should enter yes if you are sure you are connecting to the correct computer, if you enter no it will cancel all communication.
On entering yes the RSA key will be saved permanently on your computer stopping this message appearing the next time you connect using SSH to this computer. If the key changes at all another message will appear alerting you to a key change, if you haven’t reinstalled the SSH server then the key shouldn’t have changed meaning there’s a high possibility someone has tricked your SSH client into connecting to them instead of your desired computer. You should halt all communication in the event of this message unless you are sure it is safe.
If your key doesn’t require a password it will login in now, but if it does require a password you will be asked to enter the valid password, when you type your password nothing will appear but it is typing, this is a secure feature so that people can’t see how many characters are in your password.
SSH allows communicate to be achieved between two computers (usually used to control a remote computer), there are two parts to a SSH connect and that is a SSH server located on the machine we wish to connect to and a SSH client which allows us to connect to the SSH server. We need authentication methods on a SSH server to stop unwanted users remotely logging in, SSH is normally used to connect to a remote computer through the internet and so we need to apply restrictions to stop anyone from just connecting and performing changes. To stop unauthorised access we create user accounts on the remote computer, when we first start a connection we are asked to provide the username we want to login with and then the password or a private key (depending on the authentication method used by the SSH server) corresponding to the selected user.
In this post I am going to explain the differences between password and private key authentication and why you should use private key authentication. I have written a previous post about SSH which can be found here.
Password Authentication Password authentication is the process of logging in using a password which is associated with the selected user account, this is the easiest login method mainly due to passwords being used throughout the internet (online banking, shopping, eBay …..), this is also the default setting for a SSH server when first installed. It may seem secure but it does have its risks, to have a secure password it needs to consist of numbers, letters, capitals and symbols all in a random sequence making it incredibly hard to guess, but a password like this most probably isn’t easy to remember so will be written down somewhere (sticky note, notebook …) this is a security risk, even if the password isn’t written down there’s always the risk of a bruit force attack which will effectually if left long enough guess your password and once someone knows your password they can gain access immediately. Public key and private key authentication remove this issue and should always be used for that added security.
Good
Passwords can be easy to remember
Any user can login easily using a password
Bad
Subject to bruit force attacks
Passwords are easy to steal if written down
If password is known instant access can be achieved
Easy passwords can be guessed easy
A compromised account could compromise the whole system
Any computer can login with just the password
Public and Private Key Authentication
Key authentication works slightly different to password authentication you provide the username you wish to login with, then instead of a password the SSH server presents you with a public key, your SSH client then replies with the private key which corresponds with the public key and the server allows or disallows the login depending if the key was correct. No one can pass this stage without the correct private key which should be kept save and only issued to people who need to login using SSH, no login can be achieved without a matching key set stopping all bruit force password attempts. That is the 1st hurdle and a second one can be setup making it even harder to login, during the public and private key creation a password can be provided, this password encrypts the private key making it impossible to decrypt without the password. This type of private key is used in the exact same manner as a none pass worded key except when your SSH client goes to send the private key response it will ask for the password, without this password the key will not be decrypted and the SSH server will reject the login. This creates two hurdles which need to be passed to successfully login being the correct private key needs to be provided and if a password was setup then the password also needs to be provided. The whole world can know the password but without the private key no login can be achieved.
Good
The matching private key must be provided during login.
Only 1 private key is valid (can’t be faked).
Private key can be encrypted adding password authentication as a second defence
Each user account has a separate public and private key set.
The correct keys must be provided for the different users (can’t use 1 private key to login into all users).
Stops bruit force password attempts.
If password is known no login can be achieved without the private key if key was encrypted.
Bad
Can be harder for some users to setup the private key with their SSH client.
A server is a computer designed for a specific task such as running a website, a server tends to be powered up more often compared to a regular computer with most servers running 24/7. Servers are a major part of our everyday live, the internet is a collection of hundreds of thousands of servers all working together performing various tasks. (more…)
SSH is a secure shell command line technology allowing a user to connect to a second computer and perform many tasks securely. I have written a post which is found here which tells out all about the SSH technology. In this post I am showing you how to connect to a SSH server in Windows and Linux operating systems using password authentication, if you are using public/private key authentication please read this post. I would recommend everyone to use public/private key authentication because it increases security dramatically, a SSH client can on connect to the server if they have the correct private key and a private key can be encrypted using a password increasing security even further. (more…)
SSH short for secure shell is a network protocol allowing communications between two computers, it is natively found on Linux based operating systems and used to remotely control computers and server via a command line interface. SSH was created to replace older insecure software such as telnet, telnet lacked encryption allowing anyone to intercept the data transfer. For example it was possible someone could steal the username and password used which would give them remote access to the system. (more…)
