All posts by markcerv_admin

Limiting Access with SFTP Jails on Debian and Ubuntu

(taken from: Linode guide to Limiting Access with SFTP Jails on Debian and Ubuntu

As the system administrator for your Linode, you may want to give your users the ability to securely upload files to your server. The most common way to do this is to allow file transfers via Secure File Transfer Protocol (SFTP), which uses SSH to provide encryption. This requires that you give your users SSH logins. However, by default SSH users are able to view your Linode’s entire filesystem, which may not be desirable.

Limiting Access with SFTP Jails on Debian and Ubuntu

This guide will help you configure OpenSSH to restrict users to their home directories, and to SFTP access only. Please note that these instructions are not intended to support shell logins; any user accounts modified in accordance with this guide will have the ability to transfer files, but not the ability to log into a remote shell session.

These instructions will work for Ubuntu 9.04, Debian 5, and later. Unfortunately, the version of SSH packaged with Ubuntu 8.04 is too old to support this configuration.

Configure OpenSSH

  1. Edit your /etc/ssh/sshd_config file with your favorite text editor:

    vim /etc/ssh/sshd_config
    
  2. Add or modify the Subsystem sftp line to look like the following:

    /etc/ssh/sshd_config
    1
    
    Subsystem sftp internal-sftp
  3. Add this block of settings to the end of the file:

    /etc/ssh/sshd_config
    1
    2
    3
    4
    5
    
    Match Group filetransfer
        ChrootDirectory %h
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp

    Save the changes to your file.

  4. Restart OpenSSH:

    service ssh restart
    

    OpenSSH has been successfully modified.

Modify User Accounts

This section will set up the correct groups, ownership, and permissions for your user accounts.

  1. Create a system group for users whom you want to restrict to SFTP access:

    addgroup --system filetransfer
    
  2. Modify the user accounts that you wish to restrict to SFTP. Issue the following commands for each account, substituting the appropriate username. Please keep in mind that this will prevent these users from being able to log into a remote shell session.

    usermod -G filetransfer username
    chown root:root /home/username
    chmod 755 /home/username
    

    These users will now be unable to create files in their home directories, since these directories are owned by the root user.

  3. Next, you need to create new directories for each user, to which they will have full access. Issue the following commands for each user, changing the directories created to suit your needs:

    cd /home/username
    mkdir docs public_html
    chown username:filetransfer *
    

    Your users should now be able to log into their accounts via SFTP and transfer files to and from their assigned subdirectories, but they shouldn’t be able to see the rest of your Linode’s filesystem.

Use SFTP

  1. Use sftp from the terminal:

    sftp username@<Your_Linodes_IP>
    

    You can use the help command to see what commands you have access too within the SFTP shell. You have the ability to pwd, cd and ls, for instance. There are also commands like lpwd, that will print the local working directory. In the local home directory type touch test.txt

  2. Transfer local files to the remote system:

    cd docs
    put test.txt
    
  3. Transfer files to the local system from the remote system:

    get test.txt
    
  4. You can test the file permissions by navigating to a different directory within the SFTP shell, and trying to transfer a file.

    sftp> put test.txt /tmp/
    Uploading test.txt to /tmp/
    remote open("/tmp/"): Failure
    
  5. Exit the session with the exit command.

Ubuntu package management shortcuts from command line

Here are some of the more frequently used commands that I find useful.

To search for a particular package by name or description:
From the command-line, use:


apt-cache search keyword

The apt tool on Ubuntu 14.04 and above makes this very easy.


apt list --installed

Check available version of a package in Ubuntu repositories from command line:

apt-cache policy

You may wonder if the given package is installed or not. It’s easy to find out too.

In the above output, you see two words namely Installed and Candidate.

Installed : This will tell you the version that you have currently installed in your Ubuntu system.
Candidate : This is actual version that will be installed from the Ubuntu repositories when you install the package using apt-get.

If your system is in state where apt-get is mostly unusable you could try using dpkg to remove the affected package, in this case try:


sudo dpkg --purge php5-memcache

If you are unable to connect to git server over https

NOTE: Make sure you know/trust the server you are communicating with in the first place

Sometimes, git servers can have issues with TLS or other secure handshaking procedures. This is often due to connecting from an older linux/ubuntu box. If you are truly desperate and don’t have time to fix the SSL/TLS properly, here is a very quick fix:

export GIT_SSL_NO_VERIFY=1

Then run your normal git fetch or git push command.

Belarc Advisor – Find Installed Software License Keys

You know the feeling when you are trying to reinstall software on a computer…you’ve done it many times…but all of a sudden you can’t find the original DVD with the software key printed on it?

Yup.  M e too.

Belarc Advisor (http://www.belarc.com/free_download.html) to the rescue.  It will tell you the licenses of software already installed on the computer.

It also tells you a whole lot about your computer’s system: disk space, memory, etc.

Python Debugger

It’s pretty simple to have your python script jump out to the debugger.  Place these 2 lines right before where you want to start monitoring (otherwise, you’ll need to do a lot of stepping thru code).

import pdb
pdb.set_trace()

Some useful ones to remember are:

  • b: set a breakpoint
  • c: continue debugging until you hit a breakpoint
  • s: step through the code
  • n: to go to next line of code
  • l: list source code for the current file (default: 11 lines including the line being executed)
  • u: navigate up a stack frame
  • d: navigate down a stack frame
  • p: to print the value of an expression in the current context

Setting your git username and email address

Single Repo

If you need to quickly set the user and email address for a single git repo, you can do this:


git config user.email john.doe@example.com
git config user.name "John Doe"

If you want to modify the .git/config file directly, you can add in this block:


[user]
name = John Doe
email = john.doe@example.com

All Repos


git config --global user.email john.doe@example.com
git config --global user.name "John Doe"

Delete partitions on Drives (USB especially)

Microsoft DiskPart version 6.2.9200

Copyright (C) 1999-2012 Microsoft Corporation.
On computer: COMPUTER

DISKPART> list disk

Disk ### Status Size Free Dyn Gpt
——– ————- ——- ——- — —
Disk 0 Online 298 GB 0 B
Disk 1 Online 7509 MB 6619 MB

DISKPART> select disk 1

Disk 1 is now the selected disk.

DISKPART> clean

DiskPart succeeded in cleaning the disk.

DISKPART> create partition primary

DiskPart succeeded in creating the specified partition.

DISKPART> exit

This info was copied from: http://geekswithblogs.net/ilich/archive/2013/04/26/recovering-unallocated-space-of-a-usb-flash-drive.aspx

Using xcopy to safely copy (and verify) files from one drive to another

I recently upgraded my “data” drive from a 3TB to a WD Black 6TB Performance Desktop Hard Disk Drive – 7200 RPM SATA 6 Gb/s 128MB Cache 3.5 Inch drive.

Once I had both drives installed in the computer, it was time to copy data.

Head over to: Start Menu -> All Programs -> Accessories -> Command Prompt. Right click on it, and choose “Run as administrator”


xcopy f:\ e:\ /f /h /i /j /o /s /v /x 1>>c:\xferlog.txt 2>&1

Continue reading Using xcopy to safely copy (and verify) files from one drive to another

In Excel, Splitting a Last_Name, First_Name cell, into 2 cells

Assuming that cell B2 contains a name like, Dangerfield, Rodney, here are 2 formulas you can use to create 2 cells, one with the first name, one with the last name.

For the first name:
=RIGHT(B2,LEN(B2)-FIND(",",B2)-1)

and for the last name:
=LEFT(B2,FIND(",",B2)-1)

Next, copy those formulas down thru all apllicable rows.

Lastly, highlight the 2 columsn, right-click and choose Copy.
Then right-click on an empty column head to the right, and choose: Paste Values.

paste-as-values

Special Case

What if the name is really, “last_name, first_name middle_name”, and you don’t want the middle name?
=LEFT(RIGHT(B2,LEN(B2)-FIND(",",B2)-1),FIND(" ",RIGHT(B2,LEN(B2)-FIND(",",B2)-2)))

That’s great, but what if someone does NOT have a middle name?
Then you’ll get an error.
To solve for that, need to make it even fancier:
=IF(ISERROR(LEFT(RIGHT(B2,LEN(B2)-FIND(",",B2)-1),FIND(" ",RIGHT(B2,LEN(B2)-FIND(",",B2)-2)))),RIGHT(B2,LEN(B2)-FIND(",",B2)-1),LEFT(RIGHT(B2,LEN(B2)-FIND(",",B2)-1),FIND(" ",RIGHT(B2,LEN(B2)-FIND(",",B2)-2))))