Saturday, November 30, 2013

How to Configure SSH Secure Shell Server in Linux | Remote Login Utility

Hello Friends, Next we are going to discuss about SSH we can say secure shell server , Basically it a Remote login utility which is used to connect Remotely with other system. This utility works as Telnet but the key difference is it has security features & has data encryption scheme.

Type:System V-managed service 
Package: openssh-server ( for server ) & openssh-clients ( for Client )
Daemon:/usr/sbin/vsftpd
Script:/etc/init.d/vsftpd
Ports:22
Configuration files:/etc/ssh/sshd_config,/etc/ssh/ssh_config,
Log:/var/log/xferlog
Related:tcp_wrappers,ip_conntrack_ftp,ip_nat_ftp
default selinux daemon= /var/ftp

Step 1: we need to login as root privilages & then to install sshd server type yum install openssh-server 



Step 2: now we need to install Client for sshd server so type yum install openssh-client


Now after installation start service by service sshd start


here is our sshd dir in /etc/ssh


customize sshd.config & ssh.config file accordingly if we want to run ssh on other port then we just need to change Port 22 to other on which we want to run ssh & uncomment it ( remove # ). now we need to login to our ssh server by ssh username@server_ip_address with default port 22. else if you are using user defined port then ssh -p port_no username@server_ip_address 

:') > Now let's understand RSA ( Rivest-Shamir-Adleman ) key authentication for ssh access : here we comes with security while remote connection, RSA provide us secure data transmission over internet for more info about RSA google it. so we want to setup RSA key for any user for example if i want to setup for user "nullport" & when we try to login as nullport user then it simply loged in without password basically here we generates two files in /home/user/.ssh folder where one is public key file (id_rsa.pub) & other is identification file ( id_rsa )



Here is our public key & Identification file ..


ok now play with config file 
Our ssh config file is here  # /etc/ssh/sshd_config 
we need to change the ssh port no. from sshd_config file just we need to uncomment it & replace ssh port no (by default 22) we can define what ever we need, Let's we config it at port no. 2222, we can define the ListenAddress of our machine so that we can only access in a particular network by default it is 0.0.0.0 i.e we can access it from anywhere & from any network. 
we have by default PermitRootLogin yes we have to No or by default this option is like #PermitRootLogin yes Remove # & set it to NO  it & we need to define our own root user by adding a single Line AllowUsers nullport now only user nullport have root access to our system we need to save the config file & restart the service by command service sshd restart  now we don't have login permissions with root users too as we try to login as root user with ssh root@192.168.56.101 & when we apply the password then we get nothing it give us a message access denied & when we try with our user nullport we define it in config file then we can logged it the machine remotely by ssh nullport@192.168.56.101 then we can logged in. as we know only the root user can change everything in our machine but remotely we can't logged in as root privileges.  

One more thing i want to discuss with you if we define our own port no then we need to define it while logged in remotely as ssh nullport@192.168.56.101 -p 2222 suppose here we define our port no 2222 in our config file. 

here we can use putty from windows , 
*** we just avoid hackers to root the server :') not fully but if he is not much expert then we can avoid him "Hackers are the Power"
so this is our short tutorial on ssh Remote login utility ....  

Wednesday, November 20, 2013

How to configure Secure FTP server in Linux Centos/Red Hat

Hello friends today we are going to discuss with you how to install ftp server in your Linux , so as we know ftp server is used to transfer files

So here is ftp service profiles

Type:System V-managed service 
Package:vsftpd 
Daemon:/usr/sbin/vsftpd
Script:/etc/init.d/vsftpd
Ports:21(ftp),20(ftp-data)
Configuration files:/etc/vsftpd/vsftpd.conf,/etc/vsftpd/ftpusers,/etc/pam.d/vsftpd
Log:/var/log/xferlog
Related:tcp_wrappers,ip_conntrack_ftp,ip_nat_ftp
default selinux daemon= /var/ftp

& here we are going to discus how to use ftp account by anyone who don't have account on Linux i.e remote user & as well by local users how have account 
so Let's start configurations 

step 1: we need to login as root user in your Linux machine & then type following commands yum install vsftpd-* -y 

Step 2: Now follows these commands 

# service vsftpd start    ( To Start vsftpd service    )
# chkconfig vsftpd on   ( To Auto start after reboot )
# service vsftpd restart ( To Restart vsftpd service )


                           
Step 3 : Now we need to configure the vsftpd.conf  file

open vsftpd.conf with editor you want vi , gedit , nano etc. as you are using & edit it

:') > If we want to Restrict anonymous user login : 

to do so just anonymous_enable=YES ( Replace YES with NO flag )
save & restart service again
# service vsftpd restart 

:') > If we want to restrict Local user login :
to do so just uncomment  # local_enable=YES ( remove # )
save & restart service

:') > If you want to restrict local user to change root :

as we knows a local user can use root dir "/" so here is our security effects , if you are not restricting local users to access root dir then it will become a security breach & anyone can access all dir in the root dir. So how to config this  # chroot_list_enable=YES ( remove # ) &  # chroot_list_file=/etc/vsftpd/chroot_list ( remove # ) save & quit

Now edit chroot_list file

# vi /etc/vsftpd/chroot_list
type username
save & quite
# service vsftpd restart

:') > If you want a single users login :

to restrict a single user to login we need to edit ftpusers file as
# vi /etc/vsftpd/ftpusers
type username
save & quit

now it ask password and deny login

or we can edit user_list  too as
# vi /etc/vsftpd/user_list
type username
save & exit

now it deny access without asking

Step 4 : Now we need to set upload permissions for anonymous user :

mkdir -p /var/www/null_ftp
chgrp ftp /var/www/null_ftp
chmod g+w /var/www/null_ftp
chcon -Rt public_content_t /var/www/null_ftp
chcon -t public_content_rw_t /var/www/null_ftp

now we need to edit vsftpd.conf file
#anon_upload_enable=YES ( remove # )
save & quit

Step 5: If you want to give permission for anonymous user to creat directories:
Simple we need to edit vsftpd.conf file
#anon_mkdir_enable=YES( remove # )

Step 6 : If you want show any banner page :
now again we need to edit vsftpd.conf 
#ftpd_banner=welcome to blah ftp service ( Remove # & type your matter you want to show
save & quit

ok now we can use our ftp server

Client commandline connection :
Now as we want to connect on other end in Client machine so what to do this
we just need to type ftp <ip address> 

when you are using as local user then give your username & password else if you want to login as anonymous user you just simply need to connect simply without password




thnx & njoy Configuration