Category Archives: Administration

Regenerating Your SSH Public Key from Your SSH Private Key

Posted on by Posted in Administration, Linux, Programming, Security Tagged , , , , , , , , , , , , , , , , , , Leave a comment

Terminal Have you ever found yourself in a situation where you had your SSH private key, but not your public key? Maybe you copied your private key to a new laptop, but then realized you need your public key so your coworker can add you to the new Git repo. Or maybe you just plain lost your public key or have no idea what happened to it. But guess what, that’s not a problem! Because you can regenerate it!

Using ssh-keygen

The ssh-keygen command allows you to regenerate a public key using the -y flag. Using the -t flag you can tell it whether the key is rsa or dsa.

Is my key RSA or DSA?

Chances are it doesn’t matter; ssh-keygen will try to guess based on the input key. However, if you don’t know your key encryption, it’s probably rsa since that’s the default. The filename will also typically tell you, since it’s usually either id_rsa or id_dsa. And even beyond that, if you look at the text in the file, it should be present there as well.

Regenerating a Public Key

Here’s an example:

# ssh-keygen -y
Enter file in which the key is (/home/username/.ssh/id_rsa):
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAr3T65FaSononqBjGEZXMg8x0U3ZjYvZxAUZQA7H27VtPgrn9FhsP8Jn+sp0zOi2nFjDsbXWM5L6OPVg1N0OHpiNcg7I
lrc83GiqVGg2AWeHWWolnOwXIsrfwybVcS6ZSCGbGKVWWL5VB/mt/zzF5WD6bhU+TZXYLq8fZC4sa0sapqVccubKw2YbjA53n0wKxrYLfOjP1k56EfkHzm4n7fmlyFi
3kaCvPo31yaMD3zIVJnl/4wMntnnxqFkG7mEtQ29ngkc5ocgRvSbNNvD9IFNvL/9BqlUtiOUcV790cdoLyd0o1mFV8sGPY3zsL6l3lTkjYDmSXTTnxavjHEudC5w==

BAM! There’s your public key!

Is this safe?

Yes, regenerating your key is completely safe and there’s no reason why you wouldn’t want to do this. Public keys are public, just as their name implies. You can give your public key to anyone.

The private key is the one you should keep to yourself and safe-guard. You should be the only one with your private key, and there’s no reason you should not be able to get a copy of your own public key.

Now save that public key somewhere safe so you don’t have to generate it every time!

Happy authenticating!

Enabling SSH/SFTP Updates in WordPress on Amazon EC2 and CentOS

Posted on by Posted in Administration, Blogging, Linux Tagged , , , , , , , , , , , , , , 9 Comments

WordpressThe WordPress blogging platform does support installing and updating your plugins using SSH/SFTP! So, why is it that it doesn’t show up as an option when updating your plugins?

Well, as it turns out, your PHP installation must be configured to support SSH before this option will show up in your WordPress dashboard. In this article I’ll explain how to set this up using just a few simple commands or a plugin.

Continue reading

Installing build-essentials in CentOS (make, gcc, gdb)

Posted on by Posted in Administration, Linux, Programming Tagged , , , , , , , , , , 4 Comments

CentOS IconOnce upon a time I was a very avid desktop user of Ubuntu Linux. As a software developer, I would usually need the standard build tools installed on my machine.

Installing build tools in Debian/Ubuntu

In Debian/Ubuntu, you can install the typical build tools by installing the package build-essentials, which is just a pseudo-package that downloads all the popular development packages:

# apt-get install build-essentials

Installing build tools in CentOS

Since I prefer CentOS as my server platform, I also occasionally need to install packages using yum.

To install the common build tools using yum in CentOS you’ll want to install the group package “Development Tools”, which is similar to build-essentials in Debian/Ubuntu flavors of linux. You’ll probably also want to install kernel-devel and kernel-headers if they’re not already installed:

# yum groupinstall "Development Tools"
# yum install kernel-devel kernel-headers

This should give you a copy of make, gcc, gdb, and all those other tools you were looking for.

Happy hacking!

Using xargs for file and directory recursion

Posted on by Posted in Administration, Linux Tagged , , , , , , , , Leave a comment

Terminal Occasionally I’m away from the bash shell for too long and I forget some things. This is just a quick reminder to myself regarding the syntax and usefulness of xargs.

Why?

xargs takes a file list as input and performs some arbitrary operation on it. This is obviously useful for scripting and bulk file operations. Why use xargs? Well, quite frankly, it’s faster than using find -exec because it splits the file list into sublists and calls the command once for every sublist instead of calling the command once for every file. Also, because it uses sublists you never run into problems when trying to run commands with very large argument lists (it is actually possible to run a command and have bash reply that the maximum line length is exceeded). Below is example usage.

Example: fixing permissions

Using xargs we can easily correct permissions recursively. For instance, let’s improve our web security by locking down write privileges on our directories and files to only the owner:

find . -type d -print0 | xargs -0 -I {} chmod 755 {}
find . -type f -print0 | xargs -0 -I {} chmod 644 {}

Here’s what’s happening:

  • we use find and -type d to locate all directories under the current directory
  • we use -print0 so find will print the directories and separate the directory names by null characters instead of newlines; delimiting this way improves xargs ability to handle special characters in file names
  • then we pipe this list to xargs and use -0 to tell xargs the list is null-character delimited
  • we also use -I {} to tell xargs to replace any occurrence of {} with each filename as it runs the following command
  • ultimately the command chmod 755 {} tells xargs to chmod 755 each directory

Of course we then do the same by running chmod 644 on all files under the current directory.

Efficiency

Using xargs this way is faster than running these equivalent find commands:

find . -type d -exec chmod 755 '{}' \;
find . -type f -exec chmod 644 '{}' \;

Using find this way will run chmod individually for each directory and file, which is less efficient. The general rule of thumb is to always opt for xargs.

You can use xargs for several other things, but this example is my most frequent use-case. Happy hacking!

How to pass the ‘Yii Requirement Checker’ in CentOS 5

Posted on by Posted in Administration, Linux, Programming Tagged , , , , , , , , , , , , , , , , , , , , , , 2 Comments

YiiRecently I’ve been doing some PHP web development and I decided to check out the Yii Framework. They have a great 4-part screencast tutorial from Jeffery Winesett that gets you up and running fast and Yii looks really cool!

During the installation Yii uses a ‘Requirement Checker’ webpage that verifies you have the correct PHP version and the necessary plugins. If you’re like me, you like to see all your boxes turn green just to be sure you can get the full functionality out of your apps and frameworks instead of having to debug stuff like this later and going down a rabbit hole.

Install All The Packages

To make the best use of Yii (and several other things), you’ll need these packages: GD, mcrypt, MySQL, PDO, PEAR, APC, Memcache, PgSQL, SOAP, and XML. To get proper packages for these extensions on CentOS 5, I recommend adding the IUS Community Repository. Here’s a one-liner you can run with sudo or as root after you’ve set up that repo:

yum install php53u php53u-cli php53u-common php53u-devel php53u-gd php53u-mcrypt php53u-mysql php53u-pdo \
php53u-pear php53u-pecl-apc.x86_64 php53u-pecl-memcache.x86_64 php53u-pgsql.x86_64 php53u-soap.x86_64 php53u-xml.x86_64

Install all the packages

Have fun with Yii!

How to Download Recursively from FTP at Command Line (mget and wget)

Posted on by Posted in Administration, Linux Tagged , , , , , , Leave a comment

TerminalSometimes I want to download recursively from an FTP server and I don’t want to leave the command line. Depending on your FTP client, you may be lucky enough to have an option built-in for this but in many cases you don’t. FTP clients often feature mget, which is good for downloading files based on a glob filter such as *.txt or *.c. But still, this isn’t recursive.

Wget

Surprise! Wget supports FTP and can download recursively! You could download the full contents of an FTP server like this:

wget -r 'ftp://user:pass@host'

Or just grab a single directory like this:

wget -r 'ftp://user:pass@host/dir'

Cool, huh?

Installing Backtrack in VirtualBox

Posted on by Posted in Administration, Linux, Security Tagged , , , , , , , , , , , , , , , , , Leave a comment

TerminalFor a long time now I’ve been considering security training. I feel like it would really polish my current abilities and help me overcome some artificial learning plateaus. There are plenty of options available, but the two that I hear the most about are the Certified Ethical Hacker (CEH) program and the Offensive Security Certified Professional (OSCP) program. After doing some research it looks like OSCP is far more hands-on and well worth its price tag ($750 minimum for 30-days access to the lab; price goes up if you need more lab time). To be honest, it seems like CEH is a bit of a joke to real security professionals; perhaps it’s more useful to those with an interest in security but little experience.

In preparation for the Pentesting with Backtrack course (the course you take before applying for the OSCP exam), I’ll be installing Backtrack 5 in VirtualBox. Continue reading to learn how.

Continue reading

How to Archive and Compress and Back Again (using zip, gzip, bzip2, and tar in terminal)

Posted on by Posted in Administration, Linux Tagged , , , , , , , , , , , Leave a comment

File ArchiverPlenty of linux users enjoy working from the command line; from manipulating files to compiling software, many users never seem to leave the terminal. Something that I do all the time at the terminal is archiving and unarchiving files as well as compressing them. Today I’ll demonstrate the necessary commands to do this using a few of the most common compression schemes so that you too can handle archives like the pros.

Footnote: If you know what you’re doing already, you might like the cheat-sheet better!

Continue reading

The difference between ‘rpm -Uvh’ and ‘rpm -ivh’ (or how to install packages in RHEL, CentOS or Fedora)

Posted on by Posted in Administration, Linux Tagged , , , , , , , , , 1 Comment

RPMWhen installing packages in RHEL, CentOS, or Fedora, chances are you use yum, the default package manager. But what if you want to download a package not provided in a repository? Or what if you just want to upgrade a package to the latest version and your repositories haven’t upgraded it yet?

Most users know that to install a package from an RPM, you simply use the rpm command. But a bit of perusing on the internet will show that people use various flags when installing packages:

  • rpm -i
  • rpm -ivh
  • rpm -U
  • rpm -Uvh

In this post we’ll examine the difference and whether or not you should care.

Continue reading