M | T | W | T | F | S | S |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | ||
6 | 7 | 8 | 9 | 10 | 11 | 12 |
13 | 14 | 15 | 16 | 17 | 18 | 19 |
20 | 21 | 22 | 23 | 24 | 25 | 26 |
27 | 28 | 29 | 30 | 31 |
Recent Posts
Archives
- January 2016 (2)
- October 2014 (2)
- September 2014 (15)
Live and Learn
Edit the sshd configuration file:
$ sudo vi /etc/ssh/sshd_config
Edit the following lines
# What ports, IPs and protocols we listen for Port 22
Choose an appropriate port and make sure it is not currently used on vps.
Note: Port numbers are divided into three ranges: Well Known Ports, Registered Ports, and Dynamic and/or Private Ports. The Well Known Ports are those from 0 through 1023 and SHOULD NOT be used. Registered Ports are those from 1024 through 49151 should also be avoided too. Dynamic and/or Private Ports are those from 49152 through 65535 and can be used.
Now restart SSH to make the change effective:
$ sudo /etc/init.d/ssh restart
To install the gcc and g++ compilers, you will need the build-essential package.
Build-essential contains a list of packages which are essential for building Ubuntu packages including gcc compiler, make and other required tools.
$ sudo apt-get update $ sudo apt-get install build-essential
Install the manpages for c and c++ development:
$ sudo apt-get install manpages-dev
Check the version of gcc and make:
$ gcc -v ... gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1)
$ make -v GNU Make 3.81 ...
Now you should be able to compile software using C / C++ compilers.
Archey is a tool written in Python that allows users to preview system information along with your Linux distribution logo on the terminal. Another similar tool is screenFetch.
Firstly we need to install the necessary dependencies:
$ sudo apt-get install scrot lsb-release
Download Archey and install:
$ wget https://github.com/downloads/djmelik/archey/archey-0.2.8.deb
$ sudo dpkg -i archey-0.2.8.deb
Run command:
$ archey
you will get this for ubuntu
If you want to start Archey automatically once you launch the terminal, add this to the end of your .bashrc
# Archey
archey
Save and open a new terminal to test it.
Shadowsocks is a fast tunnel proxy that helps you bypass firewalls.
Add debian sid to your source list:
$ sudo echo "deb http://shadowsocks.org/debian wheezy main" >> /etc/apt/sources.list
Install shadowsocks:
$ sudo apt-get update $ sudo apt-get install shadowsocks
Edit shadowsocks config file /etc/shadowsocks/config.json:
$ sudo vi /etc/shadowsocks/config.json
Here is my config file
{ "server":"0.0.0.0", "server_port":8388, "local_port":0, "password":"demo", "timeout":600, "method":"aes-256-cfb" }
Explanation of the fields:
Name | Explanation |
---|---|
server | the address your server listens |
server_port | server port |
local_address | the address your local listens |
local_port | local port |
password | password used for encryption |
timeout | in seconds |
method | encryption method, “aes-256-cfb” is recommended |
fast_open | use TCP_FASTOPEN, true / false |
workers | number of workers, available on Unix/Linux |
Start shadowsocks:
$ sudo /etc/init.d/shadowsocks start
On your client machine, use the same configuration as your server, and start your client.
If you use Chrome, it’s recommended to use SwitchySharp. Change the proxy settings to
protocol: socks5 hostname: 127.0.0.1 port: your local_port
https://github.com/clowwindy/shadowsocks/wiki
To change time zone from terminal, run the command:
$ sudo dpkg-reconfigure tzdata
Follow the directions in the terminal.
Dnscrypt-proxy is a protocol for securing communications between a client and a DNS resolver.
dnscrypt-proxy provides local service which can be used directly as your local resolver or as a DNS forwarder, encrypting and authenticating requests using the DNSCrypt protocol and passing them to an upstream server.
The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography and is very similar to DNSCurve, but focuses on securing communications between a client and its first-level resolver.
While not providing end-to-end security, it protects the local network, which is often the weakest point of the chain, against man-in-the-middle attacks. It also provides some confidentiality to DNS queries.
Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more.
Download the latest libsodium version libsodium-0.7.0.tar.gz and extract it:
$ tar -xzvf libsodium-0.7.0.tar.gz
Compile and install it:
$ ./configure $ make && make check $ sudo make install
Download the latest dnscrypt-proxy version dnscrypt-proxy-1.4.0.tar.gz and extract it:
$ tar -xzvf dnscrypt-proxy-1.4.0.tar.gz
Compile and install it:
$ ./configure $ make $ sudo make install
The proxy will be installed as /usr/local/sbin/dnscrypt-proxy
by default.
Start the daemon:
$ dnscrypt-proxy --daemonize --local-address=0.0.0.0:5353 --resolver-name=opendns
Now we test it:
$ dig @127.0.0.1 -p 5353 youtube.com ; <<>> DiG 9.9.5-3-Ubuntu <<>> @127.0.0.1 -p 5353 youtube.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28830 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;youtube.com. IN A ;; ANSWER SECTION: youtube.com. 300 IN A 74.125.225.198 youtube.com. 300 IN A 74.125.225.200 youtube.com. 300 IN A 74.125.225.201 youtube.com. 300 IN A 74.125.225.192 youtube.com. 300 IN A 74.125.225.194 youtube.com. 300 IN A 74.125.225.193 youtube.com. 300 IN A 74.125.225.206 youtube.com. 300 IN A 74.125.225.195 youtube.com. 300 IN A 74.125.225.196 youtube.com. 300 IN A 74.125.225.199 youtube.com. 300 IN A 74.125.225.197 ;; Query time: 56 msec ;; SERVER: 127.0.0.1#5353(127.0.0.1) ;; WHEN: Wed Sep 03 02:31:44 UTC 2014 ;; MSG SIZE rcvd: 216
Msmtp is an SMTP client.
In the default mode, it transmits a mail to an SMTP server (for example at a free mail provider) which takes care of further delivery.
To use this program with your mail user agent (MUA), create a configuration file with your mail account(s) and tell your MUA to call msmtp instead of /usr/sbin/sendmail.
Features include:
Mutt is a small but very powerful text-based mail client for Unix operating systems.
Some of Mutt’s features include:
$ sudo apt-get update $ sudo apt-get install msmtp mutt
Create the file .msmtprc in your home directory, with no more permissions than user read/write (0600).
# Set default values for all following accounts defaults #tls_trust_file /etc/ssl/certs/ca-certificates.crt logfile ~/.msmtp.log # Default account account default host smtp.qq.com from demo@qq.com auth plain user demo password demo
This is a simple configuration file and usuallly is sufficient.
Try to send a mail to test it:
$ msmtp demo@gmail.com
Input message and ctrl + D to send it.
Using TLS encryption is always a good idea.
If you are not sure whether the SMTP server supports authentication and/or TLS encryption, find it out with:
$ msmtp --host=smtp.demo.com --serverinfo
To use TLS, it is required to either enable full server certificate verification using the ‘tls_trust_file’ command or ‘–tls-trust-file’ option, or to trust one particular peer certificate using the ‘tls_fingerprint’ command or ‘–tls-fingerprint’ option, or to disable all certificate checks using ‘tls_certcheck off’ or ‘–tls-certcheck=off’.
If your system has a file that collects all system-wide trusted CA certificates, it is easiest to just use this in the ‘defaults’ section of your configuration file. On Debian-based systems, for example, the adequate command would be
tls_trust_file /etc/ssl/certs/ca-certificates.crt
But you can also find out manually which CA certificate you need to trust.
First, issue the following command:
$ msmtp --serverinfo --host=smtp.demo.com --tls=on --tls-certcheck=off
The option ‘–tls-certcheck=off’ allows msmtp to accept any certificate, so that it can print some information about it. The output of this command tells you the common name of the server certificate issuer. You have to trust this issuer to use full TLS security. Usually you can find the CA certificate on the issuer’s homepage.
Now let us add gmail account to configuration file.
First we need to get CA certificate:
$ msmtp --serverinfo --host=smtp.gmail.com --tls=on --tls-certcheck=off SMTP server at smtp.gmail.com (ig-in-x6c.1e100.net [2607:f8b0:4001:c05::6c]), port 25: mx.google.com ESMTP ga10sm76109igd.0 - gsmtp TLS certificate information: Owner: Common Name: smtp.gmail.com Organization: Google Inc Locality: Mountain View State or Province: California Country: US Issuer: Common Name: Google Internet Authority G2 Organization: Google Inc Country: US Validity: Activation time: Tue 15 Jul 2014 08:40:38 AM UTC Expiration time: Sat 04 Apr 2015 03:15:55 PM UTC Fingerprints: SHA1: 9C:0A:CC:93:1D:E7:51:37:90:61:6B:A1:18:28:67:95:54:C5:69:A8 MD5: E7:48:1D:0B:99:4A:C3:A8:31:86:E5:8F:E5:EE:4F:2A Capabilities: SIZE 35882577: Maximum message size is 35882577 bytes = 34.22 MiB PIPELINING: Support for command grouping for faster transmission STARTTLS: Support for TLS encryption via the STARTTLS command AUTH: Supported authentication methods: PLAIN LOGIN
The issuer name is Google Internet Authority G2, we got the CA certificate here.
Convert the CA certificate to readable format:
$ openssl x509 -inform DER -in GIAG2.crt -outform PEM -out gmail-smtp.crt
With this CA certificate, the following should succeed:
$ msmtp --serverinfo --host=smtp.gmail.com --tls=on --tls-trust-file=gmail-smtp.crt
Now we add gmail account to configuration file
# Gmail account gmail host smtp.gmail.com from demo@gmail.com auth on user demo@gmail.com password demo tls on tls_starttls on tls_certcheck on tls_trust_file ~/.ssl/certs/gmail-smtp.crt
Create the file .muttrc in your home directory
set sendmail="/usr/bin/msmtp" set use_from=yes set realname="demo" set from=demo@outlook.com set envelope_from=yes
Send a mail to test mutt:
$ echo "Hello World" | mutt -s "Hello" -c demo@outlook.com demo@gmail.com
Send a mail with attachment:
$ echo "Hello World" | mutt -s "Hello" -a ~/tmp/demo.tar.gz demo@gmail.com
Recent Comments