Is your Linux server farm growing? If you are like me you manage a large number of Linux servers using your Linux desktop terminal for ssh access. With such a large number of linux servers how nice would it be to just ssh directly to your server without having to authenticate every time. Infact how would you like to have one server that has the ability to run scripts against any server at any time using ssh without having to authenticate.
Here are some easy steps to make login simple using ssh.
First generate your ssh key, I prefer an rsa key; well because it's an rsa key.
user@linuxbox~:>ssh-keygen -t rsa
ssh-keygen will generate our key, to specify the type use the -t option for type, and of course set the type to rsa. Next you will be asked where to put the key, I leave it as defaut. The next question that comes is for a passphrase, just a hint leaving this blank and just hitting enter makes using ssh much easier but less secure.
Now that we have our rsa key in /home/user/.ssh/id_rsa.pub, we should also log in as root and make a key for root also. The nice thing about root having ssh access is that if we are root we don't have to put a userid in our ssh command. You could always create a user with the same name as your user account also on all the machines to take care of this issue.
Copy the ssh key you generated over to your servers. This is done with the ssh copy command.
user@linuxbox~:>ssh-copy-id -i ~/.ssh/id_rsa.pub root@server
You will be prompted for root's password on the server you are copying your certificate to, but once your cert is copied over you will no longer have to put in roots password.
Now use ssh to login to your server.
user@linuxbox~:>ssh root@server
notice that you did not need a password, and you are now in to your server. In fact you can run your commands remotely for example.
user@linuxbox~:>ssh root@server cat /etc/HOSTNAME
you will notice that the server you issued the ssh command to returns the command. This becomes very usefull if you want to write remote scripts, or even run backups, or copy. You can also use the scp command now without authentication.
Friday, September 28, 2007
Wednesday, September 26, 2007
I wanted to put in some quick tips for those of you that want a linux file server without all the authentication. Sometime it's nice to just map a drive to my linux server and not have to put my user name and password in, or worry about samba enabling a user account.
Some Linux engineers like to use SWAT, a gui config, or WEBMIN to manage samba. I have actually found it easy and quick to just edit the samba config file. In this short tutorial we will make the /tmp folder into a samba share that requires no authentication with only a few minutes of configuration in the /etc/samba/smb.conf file. So lets start by opening our /etc/samba/smb.conf file using your favorite editor rather it be gedit or vi, maybe some users enjoy pico? Remember boys and girls if your not root your in read only mode.
vi /etc/samba/smb.conf
The first thing we see is the global config values. These values hold the workgroup or domain, cups info, and login information. Remember we don't want to login so the only thing we really need is the basics, here is a copy of my global config part of smb.conf.
[global]
workgroup = sambajuice
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
To easy, basically leave your global config as is and maybe only change the workgroup, don't add anything else and don't get to fancy. The next thing to do is go down to the very end of your smb.conf file and add a share, the name of the share will be in brackets and should be all the way to the left of the screen, everything else should be spaced out away from the left side and look nice and pretty.
I will add a share to the end of my file called files.
[files]
now I need to put in options to make this browseable, writable, and other good stuff. I will start with the comment. The comment is just used to give description of what the share is for.
comment = temp files on linux server
My next option will be inherit acls, I really don't want to do this as I want to make authentication as painless as possible.
inherit acls = no
next lets make sure this share is not a read only share, I would like to write to it.
read only = no
we also need the share to be browsable.
browseable = yes
I will add a writable option just to make certain we can write to this share.
writable = yes
Since I don't want to login and I just want to map I will allow guest users access to the share.
guest ok = yes
don't forget the most import part, the path to the share.
path = /tmp
I always add another write enabled option that is spelled slightly different than writable.
writeable = yes
This last one is very import if you want to make sure you have absolute access to the share. You want to force the guest to be considered as a user when accessing the files. If your user mark owns the files or folder in the share you should force mark, to make sure that you have marks rights when using the share. Here I am going to force root. This does not mean I have rights to run commands, as I am just accessing files not the system. I just have the ability to to add files, edit, delete, copy, browse and all that other jazz.
force user = root
so my share now looks like this
[files]
comment = temp files on linux server
inherit acls = no
read only = no
browseable = yes
writable = yes
guest ok =yes
path = /tmp
writeable = yes
force user = root
You can now exit out of your smb.conf file and restart or start samba. Under the share name [files] all the options listed don't have to be in any order, just as long as they are there. There are also some options I have that are not needed, this is just the way I do it. Play with your shares and try different things.
I will post later on, about securing your samba server for the workplace, and also point on Active Directory, eDirectory and LDAP authentication.
Some Linux engineers like to use SWAT, a gui config, or WEBMIN to manage samba. I have actually found it easy and quick to just edit the samba config file. In this short tutorial we will make the /tmp folder into a samba share that requires no authentication with only a few minutes of configuration in the /etc/samba/smb.conf file. So lets start by opening our /etc/samba/smb.conf file using your favorite editor rather it be gedit or vi, maybe some users enjoy pico? Remember boys and girls if your not root your in read only mode.
vi /etc/samba/smb.conf
The first thing we see is the global config values. These values hold the workgroup or domain, cups info, and login information. Remember we don't want to login so the only thing we really need is the basics, here is a copy of my global config part of smb.conf.
[global]
workgroup = sambajuice
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
To easy, basically leave your global config as is and maybe only change the workgroup, don't add anything else and don't get to fancy. The next thing to do is go down to the very end of your smb.conf file and add a share, the name of the share will be in brackets and should be all the way to the left of the screen, everything else should be spaced out away from the left side and look nice and pretty.
I will add a share to the end of my file called files.
[files]
now I need to put in options to make this browseable, writable, and other good stuff. I will start with the comment. The comment is just used to give description of what the share is for.
comment = temp files on linux server
My next option will be inherit acls, I really don't want to do this as I want to make authentication as painless as possible.
inherit acls = no
next lets make sure this share is not a read only share, I would like to write to it.
read only = no
we also need the share to be browsable.
browseable = yes
I will add a writable option just to make certain we can write to this share.
writable = yes
Since I don't want to login and I just want to map I will allow guest users access to the share.
guest ok = yes
don't forget the most import part, the path to the share.
path = /tmp
I always add another write enabled option that is spelled slightly different than writable.
writeable = yes
This last one is very import if you want to make sure you have absolute access to the share. You want to force the guest to be considered as a user when accessing the files. If your user mark owns the files or folder in the share you should force mark, to make sure that you have marks rights when using the share. Here I am going to force root. This does not mean I have rights to run commands, as I am just accessing files not the system. I just have the ability to to add files, edit, delete, copy, browse and all that other jazz.
force user = root
so my share now looks like this
[files]
comment = temp files on linux server
inherit acls = no
read only = no
browseable = yes
writable = yes
guest ok =yes
path = /tmp
writeable = yes
force user = root
You can now exit out of your smb.conf file and restart or start samba. Under the share name [files] all the options listed don't have to be in any order, just as long as they are there. There are also some options I have that are not needed, this is just the way I do it. Play with your shares and try different things.
I will post later on, about securing your samba server for the workplace, and also point on Active Directory, eDirectory and LDAP authentication.
Subscribe to:
Posts (Atom)
