Virtual Private Networks (VPN):

There are two virtual platform versions provided in VPN, the Gateway based and Client based. These platforms can be initiated from the web browsers such as the Internet Explorer version 7 or Firefox version 3 and higher. There are a few glitches with the newest and oldest versions supporting the functions of VPN interface efficiently. A Virtual Private Network establishes a connection between the entire corporate network and the cloud network. This type of connection is useful when there is a mixed pool of public and private cloud applications. Once the connection between the networks is established it then requires mapping the network drives of the server using the inside IP address. The mapping not only assists in making file transfers at a faster rate but also assists in making the necessary changes whenever required in the file system. The most popular VPN is the Cisco AnyConnect VPN Client. It is a great platform which can easily set up the connection between the networks for safe and fast file transfer.

Remote Desktop Connection (RDC):

This establishes connection with the remote cloud servers directly from the desktop of the computer. RDC is used most often for the Windows Virtual Server and needs the connection port-3389 to be connected to the web network. Once RDC has been set up on the computer, the server desktop will be displayed on the window of your computer and this can be used as a virtual interface to manipulate and alter the commands to effectively manage the server remotely. RDC for virtual cloud networks is similar to the Remote Connection between the physical servers used for the local network connections, so interfacing with it can be easy for those who use the Windows Remote Desktop connection for establishing a connection between physical servers in their enterprise.

Secured Shell (SSH):

Secured Shell functions similar to the RDC but it only uses the Linux based Virtual Server. It also requires a few console based commands which are used to start the database or web servers or setting up new file shares. This method requires that the appropriate ports to be connected to the cloud server.

File Transfer Protocol (FTP):

This is the best method for bulk and easy file transfer for activities like loading the data base or developing a new website. For this method it is required to connect the ports 20 and 21 appropriately so that it points to the outside IP address of the server. Once the connection is correctly established, a FTP virtual platform can be installed on the desktop or the FTP command can be easily run directly from the server. This platform will enable efficient bulk file transfer from the file resource to the cloud server.
Using a cloud server can make your life much easier, especially with the knowledge above.

I will assume you already have Seahorse installed on your desktop. I will also assume you have access to the remote machine via ssh. With that in mind, let’s get started.

Step 1: Fire up the GUI

You will find the Seahorse GUI in System > Preferences > Passwords and Encryption Keys. Start it up and you will see the standard Seahorse GUI. In that GUI, the tab you want to work with is the My Personal Keys tab. Click on that tab and you will see any personal keys you have already created. If you do not see any, you have to first create a key.

Step 2: Creating a key

Figure 1

To begin the process of creating a key, click File > New and a small window will open (see Figure 1). From that new window click Secure Shell Key and then click Continue. When you do this you will be prompted for the following:

• Key Description.
• Advanced options: Key type and strength.

You can elect to set up the key or just create they key. Click Just Create and you will be prompted to create a passphrase (and confirm the passphrase). Once you have created your key it will appear in the Personal Keys tab.

Step 3: Set up key for secure shell.

The next step is to set that newly created key up to be used for Secure Shell. You need to have access to the remote machine at this point because the key will be automatically copied for you.

Go back to the personal keys tab and right click the key you want to set up for Secure Shell. When you right click it, select the option for Configure Key for Secure Shell. When you select this a new window will open asking for two pieces of information:

• Computer name.
• Login name

If you do not have the computer name in your /etc/hosts file you can just use the computer’s IP address for the Computer Name. For the Login Name you must use a legitimate login on the remote computer. When you have those two pieces entered click Setup and you will be prompted for the remote username’s password. Upon successful authentication the key will have been copied and you are ready to go. You can now ssh to that machine with the added security of ssh key authentication.

In this article I am going to show you how to install and use unison-gtk to merge a pair of local folders on a Linux machine. It will make for a simple example of how this tool can be used for remote folder synchronization, which holds countless uses.

Features

Naturally you will want to know what features unison-gtk offers. Let’s take a look:

• Simple GUI interface for command line tool.
• Can deal with updates to both replicas of a distributed directory structure.
• Works well between two network connected machines.
• Merge the contents of files.

Unison-gtk might not have the most lengthy feature set, but this tool is incredibly handy never the less. Now let’s get on with the action.

Installation

Let’s install this both using command line and Add/Remove Software. First, command line. To install unison-gtk do the following:

1. Open up a terminal window.
2. Issue the command apt-get install unison-gtk (or if you are using a non-sudo type distribution su to root and issue a command like yum install unison-gtk).
3. Close your terminal when the installation completes.

That’s it. Now, let’s look at the GUI steps.

1. Open up the Add/Remove Software utility.
2. Search for “unison” (no quotes).
3. Mark both unison and unison-gtk for installation.
4. Click Apply

That’s it. You now have unison-gtk installed. You will find the menu entry in Applications > Accessories.

Usage

Using unison-gtk might seem tricky at first. It’s not. You just have to pay close attention to which folders are which. I am going to demonstrate this tool using two folders: TEST and TEST2 (both residing in my users ~/ directory).

Figure 1

When you first fire up unison-gtk it is going to ask you to create a profile. What this profile is really doing is asking you to select the directories you want to sync. You will select the first and then you will select the second. When you come to setting up the second directory you will see (as shown in Figure 1) that you can set this up for remote synchronization via SSH, RSH, or Socket.  You can create more profiles after you have walked through the “first run wizard” as well.  For the sake of this article we are going to stick with local folders.

Figure 2

When your profile is complete unison-gtk will open with your two folders ready (see Figure 2). Pay close attention to how unison-gtk lays out the folders. Both folders are listed in what appears to be a header listing. Where the folders are is important as this will not change. What will change is how unison-gtk indicates what has changed in the folders. Say, when you first fire this up, both folders are in sync. Immediately unison-gtk will check the differences in the folders and let you know what they are. In my current test folders (which have already been sync’d) I have three files: test, test2, test3. Now, let’s say I add the file test4 to the TEST directory. When that happens, if I hit the Restart unison-gtk will indicate to me a new file has been found in the TEST directory (see Figure 3).

Figure 3

In order to sync these two folders I have to pay close attention to which way the sync occurs. The way my profile is set up TEST is on the left and TEST2 is on the right. My new file is in TEST so it’s on the left. As you would then expect, this sync needs to go LEFT TO RIGHT. Make sure the Action arrow is point in the right direction. If, for example, it were going in the wrong direction unison-gtk would assume you wanted the file erased.

After you are sure the arrow is facing the right direction click the Go button and unsion-gtk will do it’s job. You should now have all four files in both TEST and TEST2. Very simple.

Final thoughts

Of course unison-gtk is much more complex than what I have illustrated. But what you have seen here is how easy it can be to merge the contents of two directories on a Linux machine. And in case you are wondering, there is a Windows version of unison-gtk which can be found here.

One of those ways is with the help of bash aliases. A bash alias is a way to create shortcuts to commands that would normally take a lot of typing or are a challenge to remember. So instead of ssh -v -l jlwallen 192.168.1.10 I could enter just desktop or whatever I want that shortcut to be. In that vein, I am going to offer up some very handy shortcuts for you to add to make your command line usage more efficient.

Where they go

If you open up a terminal and issue the command ls -a |less you should come across a file called ~/.bashrc. This file is very powerful and handles a LOT of tasks. One such task is that of aliases. Within that file you will find the section:

# Alias definintions

This is where you put your user-created aliases…and where we will place the aliases listed below. Once you create the aliases, you will notice they don’t work within the same terminal you used to add them with your text editor. You have to fire up a new terminal to make sure they work. Because of this, always leave your original terminal open to make sure the new terminal will still work. I have witnessed a user fubar their bash such that the terminal would no longer open. So use caution when randomly closing your terminals. Now, on the aliases.

Ask before you remove

Admit it, you’ve accidentally deleted a file that could have been prevented if you had used the -i switch with the rm command. To avoid this common mistake, let’s add an alias such that any time the rm command is issued, it is done with the -i switch. This alias would look like:

alias rm=”rm -i”

Secure shell

As I mentioned earlier, secure shell’ing to a machine can be a real pain when you do it over and over. Create an alias like so:

alias server1=”ssh -v -l USER ADDRESS”

Where USER is the user name you would log in with and ADDRESS is the address of the machine you are remoting into.

Bookmark alias

Here’s a fun one. You can open up your browser to a specific bookmark, from the command line with an alias like so:

alias ghacks=”chromium-browser http://www.ghacks.net”

Of course you would replace chromium-browser with your default browser and the URL with the address you want the browser to open up to.

RPM batch installation

Say you do a lot of batch installations of RPMS. And say you always save your RPM files to ~/RPMS. You can add an alias to quickly install those RPMS like so:

alias brpm=”rpm -ivh ~/RPMS/*rpm”

Update/upgrade with apt

Instead of having to issue both command for updating apt and upgrading your installation, combine them into one easy to use alias like so:

alias update=”sudo apt-get update ; sudo apt-get upgrade”

You will have to enter your sudo password once and the update/upgrade will take place.

Final thoughts

Bash aliases are only limited to your imagination. After you spend enough time with the command line you will see that these aliases can really make your day to day Linux life much easier.

In this article I am going to show you how to install and use the rsnapshot backup utility so that you too can have consistent, reliable backups for your Linux system – server or desktop.

Installation

Before you install you will need to make sure you have (at minimum) both rsync and perl installed on your machine. There are a few ways you can install rsnapshot. You can install from source by downloading the latest .tar.gz file (from the rsnapshot download page) and do the following:

1. Open up a terminal.
2. Change to the directory the newly downloaded file his being held.
3. Issue the command tar xvzf rsnapshot-XXX.tar.gz (Where XXX is the release number) to unpack the archive.
4. Issue the command cd rsnapshot-XXX to change into the newly created directory.
5. Issue the command ./configure.
6. Issue the command make to build the software.
7. Issue the command make install to install the software.

You could also download and install the pre-compiled binary (in .rpm, .deb, etc) form and install from that. Another way to install rsync is to the open up your Add Remove Software tool, search for rsync, and install from there.

No matter how you install you will wind up with an executable (rsnapshot) in /usr/bin/ and a configuration file (rsnapshot.conf) in /etc. You are ready to begin configuring your backup.

Configuration

All of the configuration for rsnapshot happens in the /etc/rsnapshot.conf file. Open that up with your favorite text editor (you will need root privileges to do so)  and get ready to get your hands  a little dirty.

Because everyone’s set up is different, I am only going to point you to the sections of the configuration file you need to edit for your needs. The configuration file is very well laid out, so you shouldn’t have any trouble with the configuration. But just in case…

The first section you will need to set up is the SNAPSHOT ROOT DIRECTORY section. This is where you define the location where your snapshots will be stored.

The next section (since we are installing this on Linux) is to uncomment out the cmd_cp directive under the EXTERNAL PROGRAM DEPENDENCIES section. Also, in this section, if you plan on using Secure Shell (ssh) for remote backups, you will need to uncomment the cmd_ssh line.

The next section is the BACKUP INTERVALS section. Here you have three (with an options fourth) options to set up:

• hourly
• daily
• weekly

The default is set up nicely like this:

interval hourly 6
interval daily 7
interval weekly 4

This means you will have six hourly backups (every four hours), seven daily backups (once a day), and four weekly backups (once a week).

The final section you need to configure is the BACKUP POINTS / SCRIPTS section. Here you are going to define what is to be backed up. By default rsnapshot will back up /home, /etc, and /usr/local to the locally defined backup point. You will notice after this section is a very well laid out section of sample backups. Take a look at these closely as they will help you create various types of backups (including remote backups).

Final step – cron

The last thing you need to do (after you save your configuration file) is to set up cron to run the rsnapshot tool. You will want to set up the root users cron for this (so Ubuntu-based distributions will use the command  sudo crontab -e) so issue the command:

crontab -e

and add something like:
0 */4 * * * root /usr/bin/rsnapshot hourly
0 23 * * * root /usr/bin/rsnapshot daily
0 23 * * 6 root /usr/bin/rsnapshot weekly
The above will run rsnapshot hourly ever four hours, daily at 11pm, and weekly on saturday at 11pm.

That’s it. You’re backup is ready to go.

Final thoughts

Make sure you put some thought into your backup plan. After all, it will save you should a disaster strike. The rsnapshot tool is a very handy tool that can take the venerable rsync utility and make it far more useful.

Collaborate with the screen command

Let’s say you and your co-worker are both working on debugging an application and your partner has run into a snag. Instead of having to march back and forth between offices, or leaving the comfort of your own chair (you lazy thing), you can log onto your co-workers machine and collaborate! Here’s how it works. Both machines will be Linux machines and both will have ssh accessibility. If you need to help your co-worker out follow these steps:

1. Secure shell into your friends machine…the only catch is, you have to log on with his username/password.
2. Issue the command screen -s NAME Where NAME is any name you want.

Now your co-worker has to open up a terminal window and issue the command screen -x NAME Where NAME is the same name you used in your command. Now whenever either of you type in your screen both of you will see what is going on at the same time.

To detach yourself from this session you have to hit <Ctrl>a and then d. That means hold down <Ctrl>, hit a, and then hit d. You will be released from the session.

Execute files as programs in GNOME

Say you have that killer bash script you use for something tucked away in your home directory. You can run that script by open up a terminal window and issuing the command to run the script, OR…you can set up Nautilus so that files can be run with a simple double click. Now, use caution with this, because it can open up security issues. But if you know you are safe (are you ever really safe?) you can set this feature.

To set this up open up Nautilus to the directory that will house the script and then right-click the script and select Properties. In this new window click on the Permission tab and then check the box for Execute. Close the Properties window and then, back in Nautilus, double click that script and see what happens…it should execute.

Double your copy/paste pleasure

You have have heard me mention before how Linux has a cool way to copy paste. You simply highlight what you want to copy with the left mouse button (click and drag to select) and then click the middle mouse button to paste. But did you know that form of copy/paste does not effect the traditional <Ctrl>c/<Ctrl>v? That’s right. So effectively you have a primary and secondary buffer for copy/paste. You can highlight section A with the left mouse button drag/highlight method and then copy section B with the standard <Ctrl>c method. Now you two different pieces of text to paste – one with the middle mouse button and the other with <Ctrl>v! Sweet.

Final thoughts

There’s your fun friday Linux tricks. Now, go out and enjoy the weekend! Or just sit at home and continue to rock away on your Linux box.

One cool ability of Nagios is that it allows you to group machines into services. Say, for instance, you have a number of machines that serve as Web servers or Samba servers. Instead of having to scroll around to find them, you can group those machines together, by service, to make for much easier monitoring. In this tutorial I am going to show you how to take advantage of this nifty feature.

Assumptions

I am going to assume that you already have Nagios installed and working. I will also assume you know which machines are on your network and what services they are running. For the sake of this tutorial, we will piece together all machines that fall under the categories: ssh-servers and debian-servers.

Machine-specific .cfg files

The first thing to do is to create a specific .cfg file for each machine you need to add.  This subject was already addressed in the “Easily extend Nagios’ functionality” article. Without these .cfg files, Nagios will not be able to see the machines – this is critical for being able to group machines by service.

Setting up the groups

If you look in /etc/nagios3/conf.d you will find a file called hostgroups_nagios2.cfg (NOTE: The “2″ is not a typo. For some reason the configuration files have not been renamed to reflect the migration from 2 to 3.) This is the file in charge of grouping machines together by service. A typical entry will look like:

# A list of your Debian GNU/Linux servers
define hostgroup {
hostgroup_name  debian-servers
alias           Debian GNU/Linux Servers
members         localhost, Elive, courtney-desktop
}

Figure 1

As you can see I already have three machines grouped together. You can have as many as you like. Now, when you take a look at the Nagios’ Hostgroup Overview, you will see the machines you have defined listed (see Figure 1).

Notice the Host names listed. These names are taken from the configuration you see above. You can’t, however, just edit the names to make them whatever you want. Those names have to reflect the host_name directive in the particular hosts .cfg file. So for courtney-desktop above you might find a courtney_desktop.cfg file containing the line host_name courtney-desktop.

Now, do the same for all of your SSH servers, by adding in any hosts that serve up ssh to clients. It’s done the same way. In the /etc/nagios3/hostgroups_nagios2.cfg file you will all all hosts to the ssh-servers section.

Once you have added all your hosts to your groups, you have to make sure you restart Nagios in order for the changes to take effect. Do this with the command /etc/init.d/nagios3 restart. You can now view your groups in your browser.

Final thoughts

We keep chugging along with Nagios, making it ever more useful to the already-too-busy administrator. In upcoming articles we will tackle other Nagios-specific tasks.

In this article I will show you how to take advantage of the secure shell user-specific configuration files.

Assumptions

Naturally this article will assume you have secure shell installed and working. Now these configurations only work for the secure shell client, not the server. I will also assume the client from which you will be connecting from has a working internet connection and the hosts you want to connect to are reachable using secure shell as per normal. With that said, let’s get down to work.

Configuration file location

If you take a look at you ~/.ssh directory you probably will not find a configuration file. Instead you will have to create one. Fear not, it’s simple. The file that secure shell will look for is called config. So open up a terminal window, open up your favorite editor, and create the file ~/.ssh/config.

Possible options

Let’s look at a sample config file. Say you have host ssh.sample.host that is the target host. You want to be able to forward X11 and the username on the host you want to connect to is jack. This configuration file would look like:

Host ssh.sample.host

ForwardX11 yes

User jack

Now when you issue the command ssh ssh.sample.host all you will need to do is enter the user password. This command would replace the usual ssh -l jack ssh.sample.host -X. You could make this even easier by adding an entry for ssh.sample.host in your /etc/hosts file like so:

ssh.sample.host  NICKNAME

Where NICKNAME would be an easy name to remember. So now the command would look like ssh NICKNAME. That is much easier to remember and type.

You can also make options global. Let’s say you don’t want any forwarding of X11 on any ssh connection. For that you can create a section like this:

Host *

ForwardX11 no

This way none of your ssh connections will forward X11.For the global section you might want to add the line:

Protocol 2,1

which will instruct ssh to always use SSH2 first.

Global config

If you like you can edit the /etc/ssh/ssh_config file to make some of these options global. If you do this, the options will apply to all users on the system (including root). If you want more granular control over your users ssh connections, and you have multiple users on a system, go with the user-specific configuration instead.

Final thoughts

Secure shell is certainly the way you need to be making your remote connections to and from your Linux machines. And because secure shell is so flexible, you have numerous options that will allow you very specific control over how users connect as well as making yours and their lives much simpler.

WinSCP provides access to file operations such as copying or moving files, editing files directly in the interface, creating folders, renaming files and folders and change a file’s or folder’s properties including chmod.

WinSCP 4.2.7 is a bug fix release that fixes four issues encountered in previous versions of the Windows software program.

• Increased maximal size of accepted SFTP packet.
• Bug fix: Failure when closing connection after another failed connection.
• Bug fix: Root path was not remembered as last working path on a drive.
• Bug fix: Hang-up after closing connection

The new version of WinSCP is provided as a download directly on the developer’s website. The program is portable and compatible with both 32-bit and 64-bit editions of the Microsoft Windows operating system.

In this article I will show you how to take control of a remote Linux desktop with the help of x11vnc, Remote Desktop Viewer, and secure shell. You will, of course, have to have secure shell access to the remote machine. Other than that you have everything you need. So let’s get to work.

Installation

You will need the following installed in order to take on this task.

Local machine

• VNC client (such as gtk vnc)
• Ssh client (openssh works fine)

Remote machine

• Ssh server (openssh-server works great)
• VNC server (x11vnc is my recommdation)

Fire up your package management tool, search for the above applications, and install each. If you do not already have the secure shell server installed on the remote machine, you will need physical access in order to install the tools. If you already have the ssh server installed you can simply ssh to the remote machine and install the VNC server from command line (such as sudo apt-get install x11vnc) Once you have these installed you are ready to start setting up your connection.

x11vnc

The first thing you need to do is secure shell to the remote machine (we’ll say the remote machine is at IP address 192.168.1.10) and start up the VNC server. From the command line (on the remote machine) you will enter the command x11vnc. This will start the VNC server but you will not get your bash prompt returned to you. To have your VNC server running at all times you could add the line:

x11vnc &

to the end of your /etc/rc.local

The Client Machine

Figure 1

For the purposes of this tutorial I will use the Gtk VNC Viewer. It is a very simple to use, up to date, client. You will find this tool in Applications > Internet. When you first start it up you will see a fairly straight-forward connection window. You only need enter:

• IP Address:Port: IP address and port of the remote machine (in the form of 192.168.1.10:5900). NOTE: x11vnc uses port 5900 by default.
• User name: The user name you will connect with on the remote machine.
• Password: Password of the user on the remote machine.

If you know the above information is correct (and you know you’ll be connecting to this machine again) click the Add button to add the remote machine (as shown in Figure 1).

To connect to the remote machine either enter the information in the text areas and click the Connect button or double click on a saved machine from the list.

Figure 2

When you connect a new, maximized window will open showing your remote desktop (see Figure 2). From this window you can do the following:

• Disconnect: Disconnect from the remote machine.
• Send keys: Send key-combinations to the remote machine.
• Fullscreen: Switch to a full screen window.
• Screenshot: Take a screen shot of the remote desktop.
• Make icon on desktop: Create an icon that allows you to connect to this remote desktop with a double-click.

You can now interact with this remote machine as if it were your own desktop.

Final thoughts

Taking advantage of the remote desktop is a great way to train users or trouble shoot problems on a remote machine. I use this exact setup for a number of clients. It works well.

One tool to help you manage your secure shell connections is the GNOME SSHmenu tool. This helpful application adds a small applet to the GNOME panel that allows you to make secure shell connections with a single click. And not only does this applet make it easy to connect, it also stores multiple connections, so all of your ssh connections are just a click away. In this tutorial I am going to show you how to install GNOME SSHmenu and set up your secure shell connections so you can take advantage of this handy tool.

Installation

If you fire up Synaptic and do a search for “ssh-menu” (no quotes), you will see two entries:

• ssh-menu
• ssh-menu-gnome

You will need to install both of these applications. So mark them both for installation and click the Apply button. Once these packages are installed you are ready to begin.

Adding the applet

Because this is an applet, not so much a stand-alone application, you need to add the applet to your GNOME panel in order to make it available for use. To do this right click the GNOME panel and select Add to Panel. From this new window you can select the SSH Menu Applet entry and then click the Add button. When you do this a window will appear asking if you want to manually add your hosts, or if you want to give the applet a shot at auto-configuring your connections. This auto-configuration reads your ~/.ssh/known_hosts file in order set up your connections.

Figure 1

Of course you might not want all of your connections listed in the applet. For that you can select to manually configure your connections. If you make that choice the window will be dismissed and the SSH applet will appear in your panel (see Figure 1). As you can guess, the SSH applet is indicated by the “SSH” (no quotes).

Manually adding hosts

Figure 2

In order to make your connections you first have to add hosts. Do do this left click the SSH applet and select Preferences. From the Preferences window (see Figure 2) you can add, edit, copy, and remove hosts. You can also (from the Options tab) back up your ssh connections configurations, enable “tear-off” menus, enable “open all windows”, and enable “open all tabs”. click the Add Host button.

Figure 3

When you click Add Host a new window will open (see Figure 3)where you enter the following information:

Title: Name of the connection (this will appear in the SSH applet menu).

Hostname: Address for connection. If you connect with a different username will be in the form username@address.

Geometry: This dictates to the applet the size of the terminal window to open. To make this easy for you can open a terminal, size it to the exact proportions you want, click the Grab button, and then click on that pre-sized terminal window.

Profile: Select Default from this.

If you want to make sure your configuration works, click the Test button and a terminal window will open to your connection.

Usage

Now that you have the applet configured for a connection click the OK button to dismiss the preferences window, left click the applet, select the connection you just created, and wait for the prompt in the window that will open to request your password. Congratulations, you now have your first host set up in the applet. You can create as many as you like and then just select the one you want to connect to from the list.

Final thoughts

This simple tool has made my administration life so much easier. No more opening up terminals and typing ssh commands (or bothering with bash aliases). Now all of my secure shell connections are nothing more than a click away.

There is one thing that most Linux backup tools have in common and that is their underlying technologies. In most cases one of the tools that make the GUI backup tools possible is the venerable rsync. Rsync is an incredibly fast and lightweight file copy tool that can not only copy files to and from a local machine, it can also copy over a network connection – which makes rsync an ideal candidate for user-generated backup scripts or cron jobs.

In this tutorial you will learn how easy it is to use rysnc to not only back up specified directories to an external usb drive, but also to backup over a network connection via ssh.

Command structure

The structure of the rsync command is:

rsync [OPTIONS] SOURCE DESTINATION

Where SOURCE is the location of the directory to be backed up and DESTINATION is where the backup will be placed.

Now the structure of the command changes when you are employing a network facility such as ssh. At that point the command structure would look like:

rsync [OPTIONS] ssh SOURCE user@destination:/directory

Where user is the user name on the remote machine, destination would be either an IP address or domain, and /directory is the explicit path to the directory you want to back up to.

Usage

For the first example we are going to backup the directory /home/jlwallen/Documents to the directory /media/disk/BACKUPS. This destination is a directory located on an external USB drive obviously mounted to /media/disk. The command for this backup will be:

rsync -avh /home/jlwallen/Documents /media/disk/BACKUPS

This is where we run into our first “gotcha”. What happens with the above command is that any subdirectory in /home/jlwallen/Documents will be created on /media/disk/BACKUPS. So if you want to create a similar directory structure on the destination you should first create a parent directory similar to that of the source. So before you run the rsync command issue this command:

mkdir /media/disk/BACKUPS/Documents

The new rsync command would be:

rsync -avh /home/jlwallen/Documents /media/disk/BACKUPS/Documents

The options used in the above command are:

• a: Archive mode
• v: Verbose mode
• h: Output in human readable format.

Now let’s backup the same source to a remote location with the help of secure shell. It will help your cause to first make sure you can log into the remove machine via ssh. Once you have that working you are ready to backup. Using our same example we are going to backup to user jlwallen at the IP address 192.168.1.10 to the directory /home/jlwallen/BACKUPS/Documents. To do this the command would look like:

rsync -avhe ssh /home/jlwallen/Documents jlwallen@192.168.1.10:/home/jlwallen/BACKUPS/Documents

The added option is e which allows you to specify the remote shell to use.

You will be prompted for the remote users’ password and then the coping will begin. But what if you don’t want to have to use a password? If you are wanting to set up automated, remote backups you will have to allow this process to happen without entering a password. To do this you have to create an SSH key without a password. Here are the steps for this:

create an ssh key on the source machine with the command:

ssh-keygen -t dsa

Press enter when prompted for a password.

Once the key is created copy that key to the destination key with the following command:

ssh-copy-id -i .ssh/id_dsa.pub username@destination

Where username is the user on the remote machine and destination is the IP or domain of the remote machine.

Now rsync copying can be done without having to enter a password.

Final thoughts

The nice thing about this setup is you can now use rsync to create a cron job for backup automation. Rsync is an incredibly flexible and reliable means for backing up your directories and files. It should be since it is the foundation that so many other backup tools were based on.

With SecPanel you can create a profile for each of your ssh connections so that connecting is just a matter of opening up the tool, selecting the connection you want from a list, and clicking the Connect button. And for each profile you create, you can associate numerous configuration options. In this tutorial you will learn how to install and use SecPanel to manage your secure shell connections.

Features

SecPanel hosts a number of useful features:

• X11 tunneling  control
• SCP management
• IPv4/6 support
• SSH1/2 support
• Keypair management
• Trace window

and more.

Installing

Like most modern Linux applications SecPanel can be installed by following these simple steps:

1. Open up your Add/Remove Software utility.
2. Search for “secpanel” (no quotes).
3. Mark SecPanel for installation.
4. Click Apply to install.
5. Okay any dependencies.

That’s it.

Running SecPanel

Figure 1

You will find SecPanel in the Internet sub-menu of your Applications menu. When you click that entry to start up the application you will see the main window (see Figure 1) where you can start to add connections. You will notice in Figure 1 there are already profiles listed. Be default there will be none (you have to create them first.) So let’s illustrate how Profiles are created.

Figure 2

To create a new Profile click on the New button. This will open up the Profile editor (see Figure 2). In this window the only required options are:

• Profile Name: The name you want to give your profile.
• Title: This is the name that appears in the Connections listing window.
• Host: The address you want to associate with this profile.
• User: You can either supply a username that is associated with this connection or configure the connection to ask each time a connection is made.

With regards to the username: If you always connect to this server with the same username, go ahead and configure a user. If, however, you connect to this server with different usernames (depending upon what job or service you are tackling) check the “Ask” checkbox. With this configuration a small box will open, when you go to connect, asking you to first input a username.

Other important options to consider are:

• No agent forwarding: Do not allow public-key authentication.
• No X11 forwarding: Do not allow X11 tunneling (you will not be able to remotely run GUI tools).

When you have your profile configured to your liking click the Save button to save your profile. In order to connect to this profile you have to go back to the main window (click the far left icon under the menu bar), select the profile you want to connect to, and click the Connect button.

Keypair

You can also manage keypairs for ssh connections, from within SecPanel. To do this click on the Lock icon from within the main window. When this new window opens you can do things like delete hostkeys, generate keypairs, distribute public keys, add identities, and more. One of the more important tasks you can take care of is the generation of keypairs. The generation of keypairs with this tool is extremely simple. Even distributing public keypairs is made simple with this tool.  Note, however, you can only distribute your keypairs to the machines in your profiles. If a server is not in one of your profiles, you can not distribute a keypair to it.

Multi

If you have an application installed (like MultiXter or ClusterSSH) you can connect to multiple servers at once which is good for such tasks as sending the same command to clustered servers. You will first have to have a supported tool installed.

Final thoughts

If you manage a lot of ssh connections SecPanel is a tool you should certainly look into. If you are used to PuTTY on a Windows machine, you will be very happy with SecPanel.

It does not take long before the SSH or SFTP server is up and running. All it takes is to start the server in the server management console and add at least one user account. User accounts require the usual set of information that include a username, home directory and a password. A public key can be added as well to provide public key authentication. The server administrator can define the user rights in the very same user creation dialog.

It is possible to enable command and shell access, sftp and forwarding separately from each other. The login requirements can also be configured. Users have basically three options to log into the server: password authentication, public key authentication or keyboard-interactive authentication. The server admin can make any or all of the selected methods a requirement.

The server management console contains several settings that are of importance. Administrators define the server-key file location and log path in there, session timeouts, the server port, ssh and sftp security settings like forcing a delay on new connections or blocking IPs after a number of failed connection attempts. The management console itself can be password protected and configured to a specific port and IP.

The free version of Silvershield SSH and SFTP Server should be just fine for smaller networks. Users who want more connections without having to pay for the SSH server can take a look at FreeSSHd A Free SSH Server For Windows or the Windows SSH Server WinSSHD.

FreeSSHd is a free SSH Server for the Windows operating system. Users can setup the SSH server on one computer system running the Windows operating system and use SSH compatible tools like Putty to connect to that remote computer system. The server can be setup with just a few mouse clicks. The administrator is only required to add users that are allowed to connect to the computer system in the SSH Server configuration.

Authorization can be NT authentication, passwords stored in SHA1 hashes or Public key driven. It is furthermore possible to allow shell, sftp and tunneling access individually. Having said that it should be obvious that FreeSSHd not only offers shell access to authorized users but also secure ftp and tunneling access.

Various options are available that define certain aspects of the SSH Server software. It is possible to add whitelist and blacklists of IP addresses that are allowed to connect to the server, enable event logging, set the secure FTP home path, select a specific allowed cipher, enable tunneling, telnet and check the access logs of the SSH server.

FreeSSHd is a comfortable SSH and SFTP server for the Windows operating system. Setup of the server should not pose to many difficulties even for inexperienced users. All in all a great software program that can be run manually or added to Windows services for extra comfort.

Scp is a part of the secure shell application. If you have installed ssh (secure shell) then you have scp installed on your machine. The only problem with scp is figuring out exactly how to use it. It’s not predictable and the man page is absolutely no help. That’s where gHacks comes in. In this article you will learn how to securely copy files from one machine to another using scp.

The Setup

Let’s first get out of the way the setup of a test network. We’ll use MachineA, with an IP address of 192.168.1.1, for the local machine and MachineB, with an IP address of 192.168.1.2, for the remote machine. Both machines will be Linux machines and both will have ssh installed. For the examples we will be copying the file sample.pdf and the directory /home/jlwallen/TEMP. The username we will use is jlwallen.

The syntax

The syntax of the scp command is basically:

scp FILENAME USERNAME@ADDRESS_OF_REMOTE_SERVER:FILENAME

One very important issue is that the FILENAME should be the full path to the file to be copied.

Copy file from A to B (While logged into A)

To copy sample.pdf from A to B when you’re logged into A issue the command:

scp /home/jlwallen/sample.pdf jlwallen@192.168.1.2:/home/jlwallen/sample.pdf

You will be prompted for jlwallen’s password. Once you enter that password the copy will occur.

Copy file from A to B (While logged into B)

scp jlwallen@192.168.1.1:/home/jlwallen/sample.pdf /home/jlwallen/sample.pdf

You will be prompted for jlwallen’s password.

Copy Directory from A to B(While logged into A)

scp -r /home/jlwallen/TEMP jlwallen@192.168.1.2:/home/jlwallen/TEMP

You will be prompted for jlwallen’s password. This command will copy the entire contents of the TEMP directory.

Copy Director from B to A (While logged into B)

scp -r jlwallen@192.168.1.1:/home/jlwallen/TEMP /home/jlwallen/TEMP

Pretty simple stuff once you actually know the structure of the command.

Make it passwordless

If you’re like me you like to automate things. You can do this with scp but you have to set it up so you can log in without passwords. The best way to do this is by using keys. Here is how it is done:

On the local machine generate a keypair with the following:

ssh-keygen -t rsa

You will accept the defaults and just hit enter. Do not give this a passphrase.

This will generate two files in the ~/.ssh directory: id_rsa and id_rsa.pub. You need to first give your id_rsa the right permissions with the command chmod 700 ~/.ssh/id_rsa. Now you need to copy the id_rsa.pub file over to the server you want to log into. Do this with the command:

scp ~/.ssh/id_rsa.pub 192.168.1.2:~/.ssh/authorized_keys

Now log into the remote machine (via ssh) and make sure the ~/.ssh directory has the right permissions with the command chmod 700 .ssh

The next step is to configure ssh and sshd. On the local machine open up the file /etc/ssh/ssh_config and look for the line:

ForwardAgent yes

This line will most likely be commented out. Remove the “#” character and save the file.

Now on the remote machine open up the /etc/ssh/sshd_config file and make sure you have the following lines:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile????? .ssh/authorized_keys

Save that file and restart sshd with the command /etc/rc.d/init.d/sshd restart

Back on the local machine issue the two following commands:

ssh-agent

ssh-add

You shouldn’t be prompted for a password for the second command.

Now attempt to ssh to the remote machine like so:

ssh 192.168.1.2

You should not be prompted for a password. You are now able to ssh and scp without having to enter a password.

Final Thoughts

Now that you know how to scp (and do so without user intervention), you can create all sorts of fun automated backup scripts that will backup a local machine to a remote server. There is one warning I will issue: if someone can get your id_rsa file they might be able to get into your machine. So make sure the machine that holds that file is safe.

Some services offer free SSH accounts, to edit and access files anywhere, host websites, use them as proxies (or IPv6 gateways) and some even let you run processes like IRC bots and compilers.

Generally, such free Shell accounts impose a monthly bandwidth quota of a few megabytes, so you don’t use too much of their resources. Some providers are more generous than others, though, and some charge for additional space and bandwidth.

Most SSH providers offer Unix-based hosting. Mitja Sladovic offers a very large list of such free providers.

The most popular service is the SDF Public Access UNIX System, established in 1987. Free users are offered email hosting (POP or IMAP), games, access to the text-based ‘Lynx’ web browser, web hosting, various network utilities and 80MB space. For access to gcc, php etc., one must pay a one-off fee of $36. In order to validate your account, and receive access to network utilities, one must send them $1 or €5 (in order to deter spammers).

Blinkenshell is another interesting option. Free accounts get 50MiB of space, access to several compilers, an IPv6 tunnel, hosting, email, IRC access and even the ability to have MySQL databases. One can’t use Blinkenshell for IRC bots, though. A few services do provide access to eggdrop, a popular IRC bot, such as Polarhome and aeshells.

Naturally, novices may struggle with such services as no graphical interface is provided. These services do, however, provide a rapid way to compile applications on different platforms (like Linux and BSD) and allow boring processes, like IRC bots, to run for you.

Update: Freeshell is still the number one destination for free remote SSH accounts.

Secure shell was created as a replacement for telnet because telnet transmitted unencrypted passwords. The encryption is handled via public key cryptography. Through secure shell the user can issue commands on a remote server or even tunnel the X protocol in order to run remote graphic applications locally.

Using secure shell on Linux will require you to install openssh-clients and if you want to run an secure shell server (so others can secure shell into your machine) you will need to install openssh-server. These can be found in your Add/Remove Program utility. During the installation you will most likely be informed that the installer needs to generate a key. You won’t have to do anything for this key generation. And, depending upon the Add/Remove Program utility that you use you may not even see any sign that this is happening.

Basic usage

To use secure shell you will need to open up a terminal window (gnome-terminal, konsole, aterm, eterm, etc). Once this is open you can begin. The structure of the command is:

ssh OPTIONS REMOTE_SERVER_ADDRESS

Secure shell has quite a list of options available. For a complete listing of these options issue the command man ssh to see them all. But the most useful options are:

• -v This gives verbose output so you can see all output given as a connection is being made.
• -l This allows you to specify a username for the connection.
• -X This instructs the remote server to allow the tunneling of X protocols.

Say you want to connect user jlwallen to server 192.168.1.10 and you want to tunnel X. The command to do this would be:

ssh -v -l jlwallen 192.168.1.10 -X

You would see a good deal of information pass by before you are asked for the users password. If this is the first time you’ve attempted this connection you will be prompted (via Y or N) if you want to allow the addition of a key to be placed in the ~/.ssh/known_hosts file. If you are wanting to make this connection you will have to accept this key.

ssh daemon

Now if you want to have the secure shell daemon running on your machine (so that users can log on) you will have to start the deamon. The ssh daemon (sshd) is started from the init.d system. On a Fedora-like system this daemon is started like so:

/etc/rc.d/init.d/sshd start

On a Ubuntu-based system this daemon is started like so:

/etc/init.d/sshd start

Once the daemon is started users can now log in. NOTE: The sshd daemon runs on port 22 so you will need to have that port open in order to allow connections.

Final Thoughts

Secure shell is one of the better means of logging into a remote machine securly. Sure there are other methods but secure shell is easy to use, reliable, and secure.

Xming is an X server for Windows which can be used to secure forward X11 sessions from Unix machines. Basically, using Xming, a graphical program, like Firefox or xeyes, can be run remotely from an SSH server with X11. Using X11 tunneling, many things can easily be done remotely, whether that be word processing, file-sharing or accessing an email client.

Xming requires a little configuration. In my opinion, Xming works best with the Putty and comes with it. ssh.exe can also be used.

Putty must be configured to enable X11 forwarding, which is done inside Putty by going to SSH>X11 and ticking ‘Enable X11 forwarding’. Whilst programs can be launched via remote SSH terminal, the Xlaunch program which comes with Xming is much easier to use.

In Xlaunch, the chosen view for X11 windows is chosen (one window, multiple windows or full screen), the SSH server and login details is entered as is the application which is to be run. xterm (the terminal) is a good choice!

A SSH connection can be used to use an encrypted channel to transfer the unencrypted data so that the data is protected from third parties. To make use of this encrypted channel a connection has to be established and maintained between the local computer and a SSH server on the Internet. If your Email provider would offer SSH access for instance it could be setup to create a connection with their SSH server to retrieve and send emails.

My Encrypted Tunnel is a free application that makes use of Putty Link to establish an SSH connection:

MyEnTunnel is a simple system tray application (or NT service) that establishes and maintains TCP SSH tunnels. It does this by launching Plink (PuTTY Link) in the background and then monitors the process. If the Plink process dies (e.g. connection drops, server restarts or otherwise becomes unreachable) MyEnTunnel will automatically restart Plink to reestablish the tunnels in the background. It tries to use as little CPU and system resources as possible when monitoring (When the “Slow Polling” option is enabled it only does one context switch per second).

It can also be used to exchange data between two computers. To do this one computer needs to act as the SSH Server. Users looking for an advanced Windows client with additional functionality might find it in Tunnelier which is free for personal use.