Linux-tips

Censorship being all the rage, and DNS blocking being a popular enforcement method - I thought I'd show you guys a little trick to route around DNS blocking using your /etc/hosts file. We'll be using thepiratebay.com in this example, as it's a frequent target of ISP DNS blocking. Open up your /etc/hosts file from the terminal by typing: sudo gedit /etc/hosts

Add this entry to the bottom of the page:

194.71.107.80    thepiratebay.com    tpb

Save the file, and close. You can now access The Pirate Bay by typing tpb in your browser address bar.

The situation: Not wanting instant messages monitored, not trusting the IM clients out there. Running an SSH server on your Linux machine can provide secure chat with a trusted party, and much more.

Getting started:

 A dynamic DNS provider is needed (your computer will need its own web address). Try these guys: http://freedns.afraid.org/menu/

Now that you have a dynamic DNS provider let's install the SSH server, and some additional security. For Debian based users: apt-get install openssh-server denyhosts

For other system users see OpenSSH here: http://www.openssh.org/ and denyhosts here: http://denyhosts.sourceforge.net/

Once these are installed it's time to do some configuration. Many routers allow you to set dynamic dns for your network. Check your router first. You can also use a dynamic dns client on the computer running the SSH server, see here: http://freedns.afraid.org/scripts/freedns.clients.php

Time to configure the server. We need the edit the file /etc/ssh/sshd_config, for debian based users: gedit /etc/ssh/sshd_config

I run my server on a non-standard port to prevent annoying port scans. Pick any number above 10000. I want the computer to listen on all interfaces/protocols so I don't set a specific ListenAddress

# What ports, IPs and protocols we listen for
Port 12121
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

To tighten security adjust the PermitRootLogin option to "no"

Denyhosts has been installed for added security. How does it work?

"When run for the first time, DenyHosts will create a work directory. The work directory will ultimately store the data collected and the files are in a human readable format, for each editing, if necessary.

DenyHosts then processes the sshd server log (typically, this is /var/log/secure, /var/log/auth.log, etc) and determines which hosts have unsuccessfully attempted to gain access to the ssh server. Additionally, it notes the user and whether or not that user is root, otherwise valid (eg. has a system account) or invalid (eg. does not have a system account).

When DenyHosts determines that a given host has attempted to login using a non-existent user account a configurable number of attempts (this is known as the DENY_THRESHOLD_INVALID), DenyHosts will add that host to the /etc/hosts.deny file. This will prevent that host from contacting your sshd server again."

For more see here: http://denyhosts.sourceforge.net/faq.html#1_5

Next step is creating user accounts for the trusted party/parties you want secure communications with.

Debian based users can use the useradd command, see here: http://www.debianadmin.com/users-and-groups-administration-in-linux.html or use your distro's desktop administration tool like Gnome control center.

The user you've created accounts for can now use an SSH client to log directly into your computer. Linux has an SSH client by default. From the terminal type: ssh -p 12121 user@domain.com The -p option specifies port, so if your SSH server runs on port 44223 the user would type -p 44223. user is username and domain.com is your dynamic dns address.

For windows SSH clients:  http://www.openssh.org/windows.html

Once logged in the user can leave you messages via the wall command: http://linux.die.net/man/1/wall talk command: http://linux.die.net/man/1/talk or classic email on the local system using mailx or another mail program: http://linux.die.net/man/1/mailx

SSH servers have many other uses:

Encrypted file transfer using the scp command: http://www.linuxtutorialblog.com/post/ssh-and-scp-howto-tips-tricks

An SSH server provides a proxy server for secure communications from work computers, for breaking out of corporate firewalls, etc: http://kimmo.suominen.com/docs/proxy-through-ssh/