RSS
 

Posts Tagged ‘ssh’

Autorun Screen Sessions on an SSH Session

06 May

Source: Automatic ‘screen’ on remote logins

It annoys me whenever an SSH session I have to a server drops, and I can’t reconnect to the session, especially when there’s a long running tasks that I need to know the status of.

So anyway, the solution to this one is a project called GNU Screen. To summarize, it creates a virtual terminal session for you that you can actually resume on if ever your connection (or whatever) was terminated.

The problem with it is that you have to manually invoke the screen command when you successfully login, like so:

screen -D -RR

To run it on every SSH session, you can a script it to your bashrc profile. Either with your own bashrc located in ~/.bashrc or a global profile in /etc/bash.bashrc for all users. I normally put it for all users.

The script to add is found below, and is taken from taint.org:

# Auto-screen invocation. see: http://taint.org/wk/RemoteLoginAutoScreen
# if we're coming from a remote SSH connection, in an interactive session
# then automatically put us into a screen(1) session.   Only try once
# -- if $STARTED_SCREEN is set, don't try it again, to avoid looping
# if screen fails for some reason.
if [ "$PS1" != "" -a "${STARTED_SCREEN:-x}" = x -a "${SSH_TTY:-x}" != x ]
then
  STARTED_SCREEN=1 ; export STARTED_SCREEN
  [ -d $HOME/lib/screen-logs ] || mkdir -p $HOME/lib/screen-logs
  sleep 1
  screen -RR && exit 0
  # normally, execution of this rc script ends here...
  echo "Screen failed! continuing with normal bash startup"
fi
# [end of auto-screen snippet]
 
No Comments

Posted in HowTo

 

Setting Up an Ubuntu 9.10 (Karmic Koala) Linode VPS

21 Jan

So I was shopping for a VPS over the past week and decided that Linode would be a good choice. My deciding factor? Check out the benchmarks here by Eivind Uggedal (Thanks btw).

So anyway, here’s a summary:

  1. Getting Started with Linode
  2. Setup SSH
  3. Setup Firewall

Getting Started with Linode

Now, basically, you’ll want to follow the Getting Started with Linode guide… for me, just setup your default settings, and connect to the server through SSH.

Once in, you’ll want to secure your system. We’ll do an upgrade.

apt-get update
apt-get upgrade

Now, create your user, change the password, and add it as a sudoer.

adduser -m john
passwd john
# visudo uses nano or vi as the editor depending on your environment, normally it's nano on the first try
# In case you aren't familiar with these, just use your favorite text editor and edit /etc/sudoers
visudo

Look for the line:

root    ALL=(ALL) ALL

And add the following line below it:

john    ALL=(ALL) ALL

Oh and btw, change john to whatever username you wish.

Setup SSH

This is the most important. Brute force attackers will hit the port 22 first and run common usernames and passwords against. If they detect that port 22 is not open, they’ll just give up on your IP, and move on to the next. So this is very, VERY important. I make mine listen to… just kidding. I’m not telling you of course. Anyway, to change the port, edit /etc/ssh/sshd_config (Use whatever text editor you are comfortable with, mine’s VI):

sudo vi /etc/ssh/sshd_config

Edit the following configurations:

Port 22
PermitRootLogin yes

Change listening port to whatever port you might want to listen to (E.G. 22123), and disallow root login (change it to no). Save your file, and restart your SSH service by running:

sudo /etc/init.d/ssh restart

You just made your server 10-fold more secure.

Setup Firewall

So Ubuntu recommends ufw (Uncomplicated Firewall). This isn’t uncomplicated at all if you are used to iptables as you have to relearn the commands. No fear, it’s pretty simple. First up, let’s get it working:

sudo apt-get install ufw
# Next line is depending on the SSH port that you allowed, very, Very, VERY important! =)
sudo ufw allow 22123
# Next 2 lines is if you want HTTP/HTTPS, which you most probably will
sudo ufw allow 80
sudo ufw allow 443

That’s it. If you want to delete the rule again, just run:

sudo ufw delete deny 80

And it’ll remove block the HTTP service.