Recent Articles

Public Key authentication using ssh

 

Something thats been puzzling me for a little while was preventing password authenticated logins to the OS X Server with via ssh. Setting this up on a Linux box is a sinch but for some reason I couldn’t get this done on OS X.

Finally this has been solved.

cd in to your local .ssh directory. If you don’t have one then run the line below and it will take care of that.

[code language=”plain”]mkdir ~/.ssh; cd ~/.ssh
[/code]

The next step it to generate you public and private keys

[code language=”plain”]ssh-keygen -t dsa
[/code]

Follow the prompts and enter you chosen password. Choose wisely and remember it. The next step is to copy the public key over to the remote machine and create the appropreate key file.

[code language=”plain”]cat ~/.ssh/id_rsa.pub | ssh user@remote.server.com ‘cat >> ~/.ssh/authorized_keys’
[/code]

Now we have the basics in place try to ssh in to your remote server ssh user@remote.server.com and you should now be asked for you public key password. Yes the one you used to create the public and private keys. This you can save in your keychain should you wish. Now with the password entered you should be able to straight in to the remote server.

Now that we have access to the server my advice would be to open another terminal window and log in to the server for a second time. This is a safe guard and a way to correct any errors or typo’s you may have during the next steps.

Now open the /etc/sshd_config file, I use vim but nano is equally as good. As always create a cpy of the orginal file before we edit it.

[code language=”plain”] sudo cp /etc/sshd_config /etc/sshd_config.old; sudo vim /etc/sshd_config
[/code]

I created a sectoin within the file so I can locate my edits and entered or un-commented.

[code language=”plain”]# Authentication:

LoginGraceTime 1m
PermitRootLogin no
StrictModes yes
MaxAuthTries 4
MaxSessions 4

RSAAuthentication yes
PubkeyAuthentication yes

# My Additions…
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
[/code]

The above are the edits I have made to my sshd_config file. Copy the missing lines and edit the exsisting to match the above.

Now log out of one of your current ssh sessions and the log back in. You shhould all being good log in with public key authentication, no password prompt. Now log out and try to log back in with a user who has remote login permission. You should be denied access.

All is working as it should.

May 25, 2015 | By | Reply More

Site Redesign

It’s been a while… but its time to apply a new theme and a new look to the site. For the few that come expect a period of minor disruption.

See you soon.

April 10, 2015 | By | Reply More

The Driving License Part 2

There is no part 1 (yet)

I didn’t have the paper part of my current driving license with me. In fact I’m not sure where it is. So I have to go back again with a printed page from the DVLA. Great another trip back. Now, I have to get this printed page from the DVLA website and for that I need my NI number. Where on earth have I put that? I called the GOV hot line to request my NI number. I correctly answered all the security questions and identified myself. So I ask what is my NI Number? The extremely helpful man on the phone then tells me he can’t give it to me over the phone for reasons of data security. Great. He can post it to me though and I can give him any address I feel would be helpful. Thats really secure isn’t it and helpful? Ok I said and gave him my address and how long I asked will it take as I only have 30 days to provide this information to the Hong Kong Transpotation Department. There was a pause, an long pause. He cleard his voice and said it will take 9 weeks before it’s posted. Nine weeks to put a print out in to an envelope, way to go UK Government.

Now I’m in a panic. I phoned my Bank on the slim hope that somewhere they have a record of my NI number. They didn’t. Shit! Next step I’ll call the TAX office. Again, a whole list of security question which I answered correctly. Now I asked so what is my NI number? Again, a pause but only a short one. “I can’t give out that information over the phone”, he said. Oh man this is frustrating. I bit my tounge and asked him if he was to post the information how long would it take. Again a pause, then he pipes up and said “well if you have a UK address it will take around a week”. Phew. So again I can give him any address I want and I don’t need to comfirm it in any way and he was happy to post it there. Where is the security that prevented him for giving me this over the phone? So it’s no its way to my parents.

All I have to do now is wait now for this to arrive at my parents from where it will be give to me over the phone so I can finally use it to download the paper I need from the DVLA. I’m happy sometimes to not be living in such a nanny state that the UK has become. Data protection is great and I applaude it but after I have identified myself even down to my last three employers I worked for and providing the exact date on which I paid my last NI Contribution I feel that that is more than secure enough to be verbally given the information I need. How secure is the postal system by comparison?

January 31, 2015 | By | Reply More

Duet: A great iOS app

I’ve been using AirDisplay between my Macbook Air and iPad for sometime and on the whole I’ve been very happy with the setup. Its great to be able to use my iPad as a second monitor and extend my desktop’s display in to it. AirDisplay make the connection between desktop and iOS over a wireless network and there is some lag on slower networks. Although this has never been a huge problem it has at times frustrated me a little.

Today however I received an email form Duetdisplay with their release of the app Duet. They too are offering to extend your desktop on to your iOS device but buy utilising the lightening cable. I have just installed the iOS and the OS X apps and I have to say I’m seriously impressed. There is no lag at all and the resolution looks a lot sharper. The only downside at present is only being able to use one device at a time. AirDisplay allows the connection of multiple devices. Again not a deal breaker for me as I only tend to use my iPad.

  

If you want to extend your desktop Duet is a great solution and its super easy to set up.

Link to iTunes: Duet

Link to Website

December 19, 2014 | By | Reply More