By default CentOS allows ssh access to all users who can authenticate with the server. This can be a security risk especially when you have setup the server to authenticate against an Active Directory domain. In this case all the users on the domain can login via ssh to your CentOS server. You can, however, very easily restrict logins to specific users, computers, or even users on specific computers.

To do this, edit /etc/ssh/sshd_config by adding the AllowUsers directive in the following format.

AllowUsers user@host

This allows the user ‘user’ to login at the host named ‘host’. Multiple users can listed by separating each with a space. You can also use * to specify wildcards. You can also specify IP addresses and ranges using *.

AllowUsers *@192.168.1.* johndoe@192.168.1.3

This will allow all users to log into all computers with address starting with 192.168.1 and the user johndoe to log only into the with IP address 192.168.1.3.

This will work for other Linux OSes as well.

 

The lsof command can display all open files in Linux. With some filtering you can use it to show all open/utilized ports as well.

lsof -i TCP:443
This command will list all processes, their pids, and user under which the process is running, that are utilizing port 443.

To list all TCP ports, one could use
lsof -i TCP

Type lsof –help for more options.

 

The company I work for has been a Windows only shop for a long time and has recently starting moving towards Linux. We’re growing at fast pace and sustaining our operations remaining a Windows shop will be too expensive. That’s not to say we’re completely ditching MS.

I recently put into service a new server running Ubuntu Server 8.04.1 to host our SVN and continuous build server (Hudson). I was looking for a way to authenticate the server against Active Directory and came across Likewise Open. I was surprised at the simplicity of the whole setup.

  1. sudo apt-get install likewise-open
  2. sudo domainjoin-cli join yourdomain.com yourADusername
  3. sudo update-rc.d likewise-open defaults
  4. sudo /etc/init.d/likewise-open start

Just make sure to replace yourdomain.com and yourADusername with your own domain name and active directory username. If you’re using a firewall, which you should be, make sure the required TCP/UDP ports are open.

I still need to figure out how to mount network shares automatically. I’ll keep this post updated with my findings.

 

If you ever get locked out of your Ubuntu installation as I found myself to be tonight, you can reset your password quite easily using the following steps.

  1. Power up your computer.
  2. Press ESC at the grub menu.
  3. Press e for edit.
  4. Highlight the line that begins “Ubuntu, KERNEL ………” and press e.
  5. Go to the end of this line, add rw init=/bin/bash and press enter.
  6. Press b to boot your system.
  7. Your system will boot up to a passwordless root shell.
  8. Type in passwd username where username is the username you lost the password for.
  9. Set your password.
  10. Type in reboot.

That is it! you can now log in using your new password. You can even reset your root password here but cannot login with it at the login screen.

 

Did you know there are alternate shortcuts to the commonly used cut (ctrl+x), copy (ctrl+c) and paste (ctrl+v) shortcuts?

Action Shortcut Alternate Shortcut
Cut Ctrl+X Del+Shift
Copy Ctrl+C Insert+Ctrl
Paste Ctrl+V Insert+Shift

These are kind of confusing so I’m sticking to the Ctrl+ shortcuts. For those who use different keyboard layouts like Dvorák the X, C and V keys are placed far apart and awkward to use. In such cases the alternate shortcuts maybe easier to use.

© 2012 !NSFW Suffusion theme by Sayontan Sinha