Colin Harrington

Ubuntu

SSH without passwords (Public/Private Keys)

by on Oct.03, 2011, under Linux, Ubuntu

Secure Public/Private Key Cryptography isn’t exactly new stuff in the world of Computing. It makes our world go round. It is the basis for secure communication in today’s world. HTTPS, SSL, TLS, SSH are all cryptographic protocols that use Public/Private key infrastructures. Without these protocols, we would think twice about using credit card, banking or any other sensitive information on the Internet.

We all know that passwords aren’t very secure. If you choose a password that is easy to remember then its easier to guess via brute force. If you choose a password that is random or hard to remember then you are more likely to write it down. Any well-versed digital community member already has many username/password credentials to remember so we are less likely to remember extremely difficult random passwords. This is the password paradox, which leads me to look into managing access via public/private key pairs instead.

Generate a public/private key pair (if you don’t have one already)

Github has an excellent tutorial with good illustrations on how to generate ssh keys with ssh-keygen, but here is an overview:

  • *Backup your existing keys* — if they exists so that you don’t overwrite them.
  • generate a new key with ssh-keygen

Definitely setup a passphrase! – Its like a password for your private key. The passphrase is a second line of defence if anyone were to acquire your private key.

The .pub is your public key, you can safely share this anywhere, whereas the private key is entirely private! DO NOT show anyone, don’t copy it anywhere and only securely back it up.. This is your new password and large liability if it fell into the wrong hands.

Example:
Some folks like to generate and manage keypairs for each location, or at least manage certain levels of keys, but I’m not going to dive into that topic.

Configure the Server (if needed)

Make sure that the server has Public key authentication enabled (most do). for OpenSSH it would be the following in the sshd_config:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

Then all you have to do is:

  • Put your public key (the one ending in .pub) as a line in the ~/.ssh/authorized_keys file (create it if it doesn’t exist)
  • Restart your SSH server
  • Log in without being prompted for a password

This is really handy for managing servers especially on Amazon’s EC2, local access between machines, SFTP, SSH tunneling, or even getting access to a jailbroken iPhone or any other device with OpenSSH installed on it.

The guys over at debian-administrator.org wrote a good guide to Password-less logins with OpenSSH that is worth looking into if you have issues or want to dive deeper.

Passwords aren’t very secure, you already know this. If you use one that’s easy to remember, it’s easier to guess or brute-force (try many options until one works). If you use one that’s random it’s hard to remember, and thus you’re more inclined to write the password down. Both of these are Very Bad Things™. This is why you’re using ssh keys.
5 Comments :, , , more...

Arduino + Ubuntu 10.10 Maverick Meerkat :: no rxtxSerial in java.library.path

by on Nov.19, 2010, under General, Ubuntu

I’m just getting into the Arduino, and have an awesome project that I’m working on with some friends.

Playing with a multi-color LED

Playing with a multi-color LED

I found the Arduino IDE in package manager, and went to install it
sudo apt-get install arduino

Or Via Synaptic:Arduino via Synaptic

When I went to run it died with the following exception:

A little googling turned up the this bug. It basically describes that there is an issue with Ubuntu 10.10 + sun-java not including the jni directory in the classpath. There are several solutions, but basically this comment sums it up the best:

1) don’t use sun-java but default-jre instead. This bug is actually a known bug in sun-java. (bug #325506)
2) add export LD_LIBRARY_PATH=/usr/lib/jni to your .bashrc, the .deskop file (in /usr/share/desktop), or on the command line before starting arduino
3) add the new package (instructions are above).

I opted for #2 so far…  The idea flow for potential projects are unending.  I should try some CI build Lights/lamps next :-)

4 Comments :, , , more...

Hulu Desktop for Linux! 32 & 64bit versions for Ubuntu & Fedora

by on Oct.08, 2009, under General, Linux, Streaming, Ubuntu, Video

Hulu Desktop (currently Beta) is now available on Linux!  A friend tipped me off to an article on TechCrunch about it. 

Wohoo Hulu Desktop on Linux

Downloading it and setting it up was pretty easy.  I went to Hulu Desktop and selected download for linux.  From there It gave me choices for Fedora and Ubuntu (both 32 & 64bit versions!)  Since I run Ubuntu I downloaded and installed the deb – easy enough.

When you first launch it it asks you to accept the EULA.

Eula

The first time I launched Hulu Desktop I got an error, that "Hulu Desktop could not locate the Flash plugin.  If you do not have it installed, please modify ~/.huludesktop with the correct location of libflashplayer.so." (remember the beta sticker?)

Hulu Desktop error : Flash Plugin

I had to edit the ~/.huludesktop file to use the wrapped version of the Flash plugin /var/lib/flashplugin-installer/npwrapper.libflashplayer.so and it worked like a charm!

.huludesktop

Playback worked great, probably better than the in-browser experience.  The interface is slick, better than the web-interface and more along the lines of Boxee.  Fullscreen worked well for me.

Hulu Desktop -> Heroes menu

Props to Hulu for providing a Linux version.  The Linux desktop is a first class citizen.  Skype has a Beta version that rocks on Linux.  Google Chrome, Firefox, etc. Who is next? Adobe?  CS5?  I’d pay for Adobe CS5 on Linux.

So far its been pretty good stuff for Beta Software!  I’ll definitely be using Hulu more now. 

Here is a shot of the opening screen:

Opening Image

And another of the Menu (while watching media):

Popular menu

11 Comments :, , , more...

Grails Growl-like notifications in Linux (Ubuntu, 9.04)

by on May.24, 2009, under General, Groovy-Grails, Linux, Ubuntu

When I was developing on OSX, a fellow developer Ted Naleid tipped me off to a script that does Growl notifications for Grails events that Marc Palmer had written.   The Growl notifications were handy, but now that I’ve been working on Linux, I’ve definitely missed them.

I first used a tool called Mumbles, which attempted to be a clone of Growl, but I later realized that the built in notification system is probably the way to go.  After I learned of Ubuntu 9.04 (Jaunty Jackalope) had some major visualization enhancements to the notifications, I thought that it was definitely the way to go. 

This is what I currently have with Ubuntu 9.04:

Jaunty Grails notification Plugins

Jaunty Grails notification final

Implementing this is very simple, you simply create an _Events.groovy file in your ~/.grails/scripts  directory (create it if it doesn’t exist) with the following contents (modified from the Growl Script):

eventStatusFinal = { msg ->
    libNotify('Final status', msg)
}
eventStatusUpdate = { msg ->
    libNotify('Status', msg)
}
eventCreatedFile = { fileName ->
    //libNotify('Created file', fileName)
}
eventStatusError = { message ->
    libNotify('Error', message)
}
eventExiting = { code ->
    libNotify('Exit', "Return code $code")
}
eventCreatedArtefact = { type, file ->
    libNotify('Created artefct', "$type with name $file")
}
eventCompileStart = { kind ->
    //libNotify('Compiling', "Compiling $kind")
}
eventCompileEnd = { kind ->
    //libNotify('Compilation complete', "Compiled $kind")
}
eventPluginInstalled = { pluginName ->
    libNotify('Plugin installed', pluginName)
}
// Do the notification
void libNotify(title, message) {
    def cmd = [
        'notify-send',
        title,
        message,
    '-i',
    'grails'
    ]
    cmd.execute()
}

It is simply using Groovy to execute "notify-send $title $message -i grails".   if you don’t have notify-send, it is part of libnotify so sudo apt-get install libnotify-bin will get you what you need.  If I get some time I’d like to find a way to take advantage of a Java Dbus implementation to talk to the notification system without having to go through libnotify.

If you want mumbles notifications just do something like this:

void mumblesNotify(title, message) {
    def cmd = [
        "mumbles-send",
           "-l",
        title,
        message
    ]
    cmd.execute()
}

Occasionally I’ll get a failure that there are too many files open (using .execute() in Groovy) and that should be cleared up by using a Java implementation of the DBus notifications.

Let me know what you think.  Anything that could be done better?

 

18 Comments :, , more...

Customizing rEFIt (an EFI Bootloader – Intel Macs) Slick!

by on May.05, 2009, under General, Linux, Logo, Ubuntu

I recently installed Ubuntu 9.04(Jaunty Jackalope) on a 17" Macbook pro and as a part of that process, I had to install a bootloader called rEFIt.  You could think of EFI is just a next-gen BIOS.

Even though the bootloader looks decent, I don’t like the look of silver/grey color, so I decided to customize it.  The process to customize rEFIt was relatively straight forward and the result is beautiful.

This is what I came up with:

background

This is what it looks like with a Windows Partition:

boot screen with 3 icons

I love the simplicity of it!!

Here is a closeup of the icons / OS Choices:

 

I don’t really know where the icons came from, but they look tasty :-)  On Linux there is a decent package for working with mac icons (.icns) or sudo apt-get install icnsutils  which will get you some useful tools (png2icns and icns2png)

I did have to make a few modifications to the Tux icon [os_linux.icns] to give him a ‘glow’ so that he doesn’t fade into the black on black:

Tux Crystal Modified by Colin

This windows Icon [os_win.icns] is the stock version I think (send me a link to the author if you know):

 

I did add a slight ‘glow’ to the apple icon [os_mac.icns] (send me a link to the author if you know):

I tried a number of custom ‘selected’ themes but gradients didn’t look right, so I went with the simple plan.  The selection bitmap can be found here:

selection_big.bmp

 

the process is simple once rEFIt is installed:  modify the refit.conf with the icons in place, and you are done!

Here is what I came up with for my refit.conf (comments removed):

timeout 5
banner hostname.bmp
selection_big   selection-big-ring.bmp
hideui tools shell funcs hdbadges label
legacyfirst

The original comments in the refit.conf file are helpful!  Its straight forward if you can read :-)

  • timeout = the number of seconds before it automatically chooses for you
  • banner = the bitmap of the upper part of the screen (top left pixel = background color)
  • selection_big = the grey ‘ring’ that indicated the selection
  • hideui = Hide elements of rEFIt so we can get a clean interface
  • legacyfirst = Legacy OS first (Linux)

Use at your own risk!!

If I had the time, it would be fun to build/enhance rEFIt to have an all-black fill instead of the grey/silver.

I’ve had a good experience with Ubuntu 9.04 on a 17" Macbook Pro, and I’ll Blog about it – and see what I can do to help update the documentation – look for an upcoming post.

 

56 Comments :, , , more...

Ubuntu Logo

by on May.03, 2009, under Linux, Logo, Ubuntu

I spent a little bit of time customizing rEFIt, which is an EFI Bootloader that  can be used on intel macs.  So far I like it.  Its not 100% feature complete (imho), but its open source :-) 

I found myself looking for a good logo for Ubuntu that it shows after you make your OS Choice in rEFIt.  There was plenty of good artwork on deviantart.com, but I decided to make my own :-)

So this is what I came up with based on one of the official logos:

Ubuntu Logo

Click to enlarge (668×668)

ps, I also have a post coming on customizing rEFIt (it looks juicy)

4 Comments :, , more...

Customizing the Gnome Clock Panel (Ubuntu 8.10)

by on Dec.18, 2008, under Linux, Ubuntu

UbuntuOne of the incredible benefits of running an open source operating system is the fact that you can customize just about everything.

I ran across a posting on Lifehacker about how to Customize your Linux Panel Clock.  The Lifehacker article referenced another article that gives an example of how to customize it with some simple HTML tags and pretty standard time formatter values.  The article isn’t exact for Ubuntu 8.10, but its there if you look for it (/apps/panel/applets/clock_screen0/prefs)  I wasn’t able to get it to do the span tags in Ubuntu 8.10, but it might be more flexible in the near future according to this post.

* Note to self, play around with gconf-editor some more…

Leave a Comment :, , more...

Easy Ubuntu Upgrade :: Hardy Heron Hits Home! Hurray!!

by on Jul.02, 2008, under Linux, Ubuntu

Good work!! -> Credit to http://feeblemind.tuxfamily.org/dotclear/index.php/2006/05/17/64-humanity-to-othersMy experience in upgrading Ubuntu Gutsy Gibbon to Hardy Heron was a fairly smooth one.  It was a straight forward process, The System Updater told me that there was a distribution upgrade.  I followed the assigned steps and shortly had upgraded my whole system.  The status bar was horribly in-accurate, changing from 4 minutes all the way to 54 minutes and back again in the matter of 30 seconds, but it was nothing that I haven’t seen on other operating systems. 

The Installer maintained all of my current customizations (since they are in my home directory ~/ ).  I was surprised to see that even my Compiz settings were all exactly how I had left them.  I was happy that the Installer asked me what to do with merge conflicts in my /etc files, (samba.conf, php.ini, apache2.conf, etc.).  There were only a few things that I had to tidy up

  • Configuring the Launch Size of my Terminal window (Ubuntu Forums)
  • blacklisting the pcspkr kernel module (by adding the line "blacklist pcspkr" to /etc/modprobe.d/blacklist – see ubuntuforums for more discussion)

I can now reliably use the standby functionality.  I have a dual Monitor setup and it works well. 

Is Ubuntu ready for mom?  no, but its definitely on the right course!  In my opinion, ubuntu is ready for the little brother, and the wife of a geek.  It doesn’t test the Mom test, nor the Grandma test yet. 

*Update* After a few months of using Hardy Heron, I have realized that Linux is my primary OS.  I’ve taken the jump – its working out great. I still have some things that I would like to see ironed out a bit more, but its worth much more than I paid for it!!

It had been a while since I re-imaged. I finally got a chance to buy a larger hard drive for my laptop.  I was suprised on how easy it was to get NTFS rw support with linux using NTFS-3G.  I decided a while ago to give Windows and Linux each their own partitions along with a shared Data Drive now in NTFS.

So the Partition Table looks like this: 

$ sudo fdisk -l /dev/sda

Disk /dev/sda: 200.0 GB, 200049647616 bytes
255 heads, 63 sectors/track, 24321 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x2d24c9d9

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1        6266    50331613+   7  HPFS/NTFS
/dev/sda2            6267       15150    71360730    7  HPFS/NTFS
/dev/sda3           15151       23942    70621740   83  Linux
/dev/sda4           23943       24321     3044317+   5  Extended
/dev/sda5           23943       24321     3044286   82  Linux swap / Solaris 

 Here is a good article about setting up NTFS Support in Ubuntu.  Linux is getting better every Day.

2 Comments :, , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!