Mar 23, 2011
However, there are situations where you have to allow direct logins for system or shared accounts. For example, within an Oracle RAC cluster you have to enable direct ssh logins for oracle. But in such an environment you have to protect the whole cluster as a single entity against incoming ssh connection, i.e. direct oracle logins should not work if you come from a node that is not part of the cluster. In the following example I will show how to achieve this goal as well.
Usually all system and shared accounts have one thing in common, that is they are not in the "users" group. The following example assumes that all individual user accounts are in the "users" group but system and shared accounts like root and oracle are not. If you want to go a step further, a good solution would be to implement a new 'logingroup' users group which would require users to be given explicit access.
In this example I will show how to restrict direct logins for:
- SSH (/etc/pam.d/sshd)
- Console Login (/etc/pam.d/login)
- Graphical Gnome Login (/etc/pam.d/gdm
- or for all logins (/etc/pam.d/system-auth)
Oct 20, 2010
This package includes system performance tools for Linux (Red Hat Linux / RHEL includes these tools by default).And for Debian or Ubuntu use "apt-get"
# apt-get install sysstat
Display the utilization of each CPU individually using mpstat
If you are using SMP (Multiple CPU) system, use mpstat command to display the utilization of each CPU individually. It report processors related statistics. For example, type command:
Linux 220.127.116.11 (debian) Thursday 06 April 2006
05:13:05 IST CPU %user %nice %sys %iowait %irq %soft %steal %idle intr/s
05:13:05 IST all 16.52 0.00 2.87 1.09 0.07 0.02 0.00 79.42 830.06
To mount a Samba share when Linux system comes up after reboot edit the /etc/fstab file and put entry as follows for your Windows/Samba share:
//ntserver/share /mnt/samba smbfs username=username,password=password 0 0
For example, if you want to mount a share called //ntserver/docs then you need to write following entry in /etc/fstab file:
//192.168.0.1/share /mnt/samba smbfs username=sameed,password=passwd123 0 0
Jul 19, 2010
Is there any requirement? You can only do this if that remote computer's motherboard and Ethernet network card support the WOL feature!
Let say in your home network, you have computer A and computer B that are connected to network by using network cables. You wish to power up the computer B remotely (we call it remote computer in this case) from computer A, then here is how you can make it done.
May 15, 2010
Here's a useful tip for people that access their computer or server over the Internet using SSH. Change your SSH port from the default port 22 to something else. Although this is not a foolproof hack to secure your server, it can at least help greatly. Let's look at you this would be done on an Ubuntu machine. NOTE that this change should not be performed over a remote SSH connection, you might lose all contact with your server.
1 First, check to see if the SSH service is running at all, and if it is, then on which port. Run the following command:
# netstat -tulpn
May 7, 2010
In previous post i explain about ssh without password. hope you tried.
This time i am showing some trick, from that you can make ssh tunnel and easily make connect to your office server from home without knowing public IP.
Scenario : Your company block access to port 22 ( i.e ssh port) and you do not know public IP or Your Server is not mapped to Public IP. You can want to work from home with ssh service.
Solution : You need to generate you customize port on your home pc from office server which you want to connect. for that you need two important things. First Internet on both end and static IP to your home PC. Finally following steps.
For consideration, Home IP is 18.104.22.168
First on server side
1. login to server as root or super privilege
2. run following commands
# ssh -R 988:localhost:22 email@example.com
-R will generate port 988 on localhost of home pc (i.e 22.214.171.124)
After getting terminal, login on your pc and leave this terminal open.
Now Come to home pc
1. login to home server as root
2. run following command
# ssh -p 988 localhost
-p will connect to port 988 on localhost.
This will help to connect back to office server. Because ssh thinks, he is connecting to localhost on port 988 and port 988 will lead to your office server without asking IP and router mapping.