Friday, March 28, 2014

create SSH key using puttygen and connect to linux server

here will show you how to create public key and connect to Linux server.
First of all, you need to install puttygen, you can get it from http://winscp.net/download/puttygen.exe

1. Click Generate 


2. Just move around your mouse cursor inside the box until it done process


3. Copy the key and paste to your server at ./ssh/authorized_keys and save down the private key


If you want to enable password when connect using this private key, just enter password here before you click save private key. everytime you use this private key to connect to your server, it will ask for password



Now you can try connect using Putty
remember to select your private key at Connection > SSH > Auth




Troubleshoot
1. If it show error message " server refused our key"
please make sure the file at ./ssh/authorized_keys is using 700 permission

2. For other error, you can enable LogLevel DEBUG3 at /etc/ssh/sshd_config. Then monitor the log at /var/log/secure



Wednesday, March 26, 2014

AWS mount S3 bucket to amazon linux

Before start, please create S3 bucket first as this will be needed to mount to your EC2 instance.
There is 2 way to connect and mount S3 into your EC2. One is using user secret key and access and another is using the IAM role.


Here is the step by step to create IAM user access

1. Login to your AWS console and go to IAM section.
2. Click create a new group of users


3. create a project name


4. select Amazon S3 Full Access


5. Click Continue


6. Create a users for this if you do not have a user or add existing users. this is if you have another users to manage your AWS and limited access. If you are admin itself, just go to account and use the security key and secret key


7. confirm the details and click Continue


8. drop down and save your access key ID and secret access key



Here is the step by step for creating IAM roles

1. Click on Roles and create new role


2. Create a role name


3. Select Amazon EC2


4.  Select Amazon S3 Full Access


5. Click Continue


6. Confirm everything and create role




Now you need to create an EC2 instance, but do take note, during creating, you should be stop at this pages, and you need to select the IAM role to the one you created just now





After done create an instance, ssh into it and we start to install package needed

this is package needed for later use
# yum install kernel-devel libxml2-devel curl-devel gcc gcc-c++ pkgconfig openssl-devel subversion git -y

this is the package we will be using to install and mount
# yum install automake fuse fuse-devel -y

download down the latest s3fs-fuse package
# git clone https://github.com/s3fs-fuse/s3fs-fuse.git

configure, make, and make install
# cd s3fs-fuse
#  ./configure --prefix=/usr
# make
# make install

Now we create a folder for mounting
#  mkdir /data

If you are using IAM role, mount it using this command
# /usr/bin/s3fs <bucket name> /data -o rw,allow_other,uid=0,gid=0,default_acl=public-read,iam_role=<IAM role name>

If you are using user secretkey and access
# echo "<Access Key ID>:<Secret Access Key>" | tee -a /etc/passwd-s3fs
# chmod 640 /etc/passwd-s3fs

then mount it using this command
# /usr/bin/s3fs <Bucket Name> /data -o rw,allow_other,uid=<UID>,gid=<GID>,default_acl=public-read



After success, you can use df to show out the partition to confirm it

Thursday, March 20, 2014

FTP access locked at web directory

This post will teach you how to install FTP service to your server and create users which is locked to web directories.

Install FTP services
     # yum install vsftpd

now we create user which is without home directory and remove users mailbox. Then we will update its password.
     # useradd -M ftpuser
     # rm -rf /var/spool/mail/ftpuser
     # passwd ftpuser

this will make parent directory and update it to user login directory
     # mkdir -p /var/www/html/ftpfiles
     # usermod -d /var/www/html/ftpfiles

Open and edit ftp config to lock the user at their home directory
     # vim /etc/vsftpd/vsftpd.conf

and enable " chroot_local_user=YES "

Now this ftpuser will be lock at its home directory once login and unable to access other folder

we need to enable ftpuser to upload file into it
since i locking it to web directory, i set the owner to apache

     # chown apache:apache ftpuser

now add ftpuser to belong to apache group

     # useradd -G apache ftpuser

DONE
now you can try ftp into it

note 1
add this line to force active mode
pasv_enable=NO