Tag Archives: windows

Configure Public Key Authentication for SSH on Linux

Very recently, I acquired myself a cheap Linux based VPS for personal use. Since passwords are barely considered a method of security these days, I decided one of the first things I needed to do was secure my SSH setup.

My chosen method to SSH (and for many others) is via PuTTY. One of the handy things about PuTTY is the PuTTYgen application that comes along with it. PuTTYgen is used to generate and convert keys for use with PuTTY for authentication.

Go ahead and open up PuTTYgen and we will use it to generate both a public key (for the server) and private key (used for the client, keep this one secure).

  1. Click Generate, you will be then instructed to move your mouse around like a madmen to assist in generating the random key code.
  2. Upon generation, you will be given the opportunity to provide a passphrase for the key pair.
  3. Save both the public key and private key as well as copy the code listed under Public key for pasting into OpenSSH authorised_keys file into a text document

At this point we should have a public key for our Ubuntu server, private key for use with PuTTY and the contents of the public key in a text document for easy copy/paste we will do later.

Now SSH into the server. Once in, we will create a hidden folder in our user’s home directory to store the public key and appropriately secure it.

mkdir ~/.ssh
chmod 700 ~/.ssh

Next, change directory to our new hidden folder, create and open up a file to store the key.

cd ~/.ssh/
nano authorized_keys

Once Nano text editor opens up, paste in the contents of the text document we created earlier with the contents of the public key and save.

Let’s now secure the file

chmod 600 authorized_keys

Now you are ready to SSH into the server with Public Key Authentication via PuTTY. To test this, open up PuTTy and fill in all the regular details for the server (IP address etc..). Under Category expand the SSH section and click on Auth. Now click the Browse button and navigate to the Private key we saved earlier. Once selection, hit Open to start the connection.

If everything was done correctly you should now be connected into your server (or prompted for the passphrase of the private key if you set one).

Can we go further?

I’m glad you asked; while we have just setup Public Key Authentication, it is still possible to authenticate with your plain old password. But, we can disable password authentication.

First, we are going to backup the current (hopefully default) SSH config by doing the following:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup

Next, we will elevate and open up the running SSH config in the Nano text editor

sudo nano /etc/ssh/sshd_config

Once in, look for the following line

#PasswordAuthentication yes

and change to

PasswordAuthentication no

Last but not least, you can add a little security by obscurity by changing the default port to another of your choosing. Simply look for the following line

Port 23

And change 23 to a number of your choosing.

Don’t forget to restart the SSH service to allow the above changes to apply

sudo service ssh restart

Now your Linux server is just that little bit more secure.

Note: The above was tested on Ubuntu Server 14.04 LTS, your mileage may very on other versions and flavours

Windows Server & System Center Technical Preview

Hot on the heels of the Windows 10 Technical Preview release, Microsoft have now added the Windows Server and accompanying System Center Technical Preview for the masses.

Microsoft is touting a couple of new features for new newest irrition of their Cloud OS vision stating the following additions to the product family;

Infrastructure upgrades: Rolling upgrades for Hyper-V clusters to the next version of Windows Server without downtime for your applications and workloads. This includes support for mixed versions as you transition your infrastructure.

Networking:  New components for our software-defined networking stack that enable greater flexibility and control, including a network controller role to manage virtual and physical networks.

Storage: New synchronous storage replication that enhances availability for key applications and workloads plus storage Quality of Service to deliver minimum and maximum IOPS in environments with workloads with diverse storage requirements.

Remote Desktop: Enhanced application compatibility with OpenGL and OpenCL support.

Identity and Access Management: New scenarios to reduce the risk profile of administrators with elevated rights, including time-based access with fine-grained privileges, and new application publishing capabilities.

Microsoft are making the Windows Server & System Center technical preview available via Technet, MSDN and even on Microsoft Azure!

Time to fire up the labs and head on over to http://blogs.technet.com/b/server-cloud/archive/2014/10/01/announcing-availability-of-windows-server-technical-preview-and-system-center-technical-preview.aspx and pick your method of deployment.

Windows 9 is dead, long live Windows 10

Windows_Product_Family_9-30-Event-741x416[1]

Yes that’s right folks, before Windows 9 could change your mind about the modern Windows it has been taken out the back and shot; Introducing Windows 10.

At one stage under the guise of Windows Threshold, Windows 10 promises to be the one Windows across all devices; what Windows 8 was meant to be. From Internet of Things devices (hello Galileo), smart phones and tablets right up to notebooks, desktops, Xbox’s and servers.

On that note, nothing has been said whether we will see Windows Server 10 (2015?) or the server side will truly fall under the one banner along with the other consumer versions.

Microsoft have talked the talked and named the enterprise customers as their key target for Windows 10, which is probably why the whole current and future System Center suites will be able to support devices with Windows 10.

‘Continuum’ promises to make Windows 10 flexible when using multiple different inputs such as the traditional keyboard & mouse and touch and ease the transition between the two.

But what else can be expected from Windows 10? So far Microsoft have demonstrated the following:

Modern/Metro haters can rejoice, the Start menu is officially slated for a return (a feature no doubt, aiming to please enterprise)

Tech-Preview_Start-menu[1]

Enhancements to the Windows Snap feature mean that not just two apps can be snapped to the sides of the desktop

Tech-Preview_Three-program-snap-and-suggestions[1]

A cue from Mac OSX and many flavours of Linux comes native multiple desktops

Tech-Preview_Virtual-desktop[1]

Pictures are never enough, so preview the above in motion as demonstrated by Microsoft’s Joe Belfiore

If that wasn’t enough, you can watch the media brief, in its entirety below

Excited? Keen? Then keep your eye on http://preview.windows.com/ for the opportunity to access the preview of Windows 10.

Ping a set of hosts with Powershell

You may find yourself one day having to ping a set of machines on a regular basis. Rather than drop to a Command Prompt and type in ping followed by each and every host name, wait for the results and move on to the next host name I asked myself there has got to be a better way to do things.

In comes the Powershell command Test-Connection.

Test-Connection is essentially the Powershell equivalent of the Ping command but with all the scripting benefits of being a Powershell command as well as being very expandable and customisable.

For my example environment; I have a couple of test sites and couple of different roles in each site and my naming convention is based around this (hosts are named site-role). Often sites are spun up or brought down so I wanted the script to be modular rather than hard code the host names somewhere directly. Thus with this script there are three files in total:

  1. ping.ps1
    The powershell script shown below
  2. sites.txt
    A list of the site names
  3. roles.txt
    A list of role names

So without further ado, below is the PowerShell code to grab and put into your ping.ps1 file:

#Set Variables for AD Sites, Workstation Roles + Collection
$sites = Get-Content sites.txt
$roles = Get-Content roles.txt
$collection = $()
#Grab Site Name
foreach ($site in $sites)
    {
    #Add the Role Name
    foreach ($role in $roles)
        {
            #Combine Site + Role to create DNS name "site-role"
            $server = "$site-$role"
            $status = @{ "ServerName" = $server; "TimeStamp" = (Get-Date -f s) }
            #Ping DNS name via PS command Test-Connection once
            if (Test-Connection $server -Count 1 -ea 0 -Quiet)
                {
                    $status["Results"] = "Up"
                }
            else
                {
                    $status["Results"] = "Down"
                }
            #Output status of ping along with timestamp
            New-Object -TypeName PSObject -Property $status -OutVariable serverStatus
            $collection += $serverStatus
        }
    }

The script is already commented out to explain things step by step but essentially, for each site in sites.txt, powershell will Test-Connection once for each role in roles.txt and output the result complete with Up/Down status, a timestamp and the hostname.

Give it a try in your environment. Maybe you can expand the script and get it to log to an Excel file?

Piping Command Line output to clipboard

Piping output of applications is nothing new to those in the profession of IT (especially the *nix administrators out there) but there was a feature added to Windows 7/Server 2008 R2 that doesn’t seem to be widespread.

Any command that you enter at the Command Line prompt or CMD as we all know it as can be piped to the Windows clipboard with a simple argument. All you need to do is at | clip to your command.

For example, let’s pipe a list of power plans using powercfg to the clipboard:

powercfg -list | clip

The output of this looks like the below:

pipe_input

Notice how there is…no output.

Now let’s head into notepad and paste what is on the clipboard:

pipe_output

Hey presto, all the output from the command that would have displayed at the CMD prompt was piped into the clipboard and now into whatever output of your choosing (in this case, Notepad).

Fellow SysAdmin’s know what to do

PIPE, ALL THE THINGS

Cheers to fellow redditors for the find