login ssh lama atau lambat

Sepengetahuan saya ada 2 penyebab mengapa kita harus menunggu lama kemunculan prompt login ketika hendak login ke remote komputer atau server dengan ssh. Penyebab yang pertama adalah seting DNS lookup yang secara default diaktifkan pada konfigurasi sshd (/etc/ssh/sshd_config) di komputer atau server yang hendak diremote. Untuk menonaktifkannya bukalah file sshd_config:

$ vi /etc/ssh/sshd_config

carilah baris UseDNS yang secara default bernilai yes, gantilah sehingga menjadi

UseDNS no

Penyebab kedua adalah diaktfikannya seting GSSAPI. Untuk melihat apakah seting ini aktif kita dapat menambahkan opsi -v pada baris perintah ssh sebagai berikut :

$ ssh -l gregor 192.168.18.5 -v

hasilnya kira-kira sebagai berikut :

…….

debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: An invalid name was supplied

terlihat bahwa yang membuat lama adalah metode otentikasi gssapi-with-mic. jika kita memang hanya menggunakan password sebagai metode otentifikasi, maka metode gssapi-with-mic dapat dinonaktifkan. Bukalah file sshd_config pada komputer yang hendak diremote dan cari lah baris GSSAPIAuthentication.

$ vi /etc/ssh/sshd_config

ganti menjadi GSSAPIAuthentication no kemudian simpan dan keluar dari editor vi lalu restart sshd dengan :

$ service sshd restart

atau

$ /etc/rc.d/init.d/sshd restart

backing up vpopmail with rsync and ssh non standard port

this is for redhat and friends using openssh from rpm.
backup server is the server where we want to put the backup files.
remoteserver is the server where the vpopmail is.
backup server pulls data from remoteserver.

on backup server as root:

$ssh-keygen -t dsa -b 1024 -f /root/.ssh/rsync-key

just press enter for passphrase

$cd /root/.ssh
$scp /root/.ssh/rsync-key.pub root@remoteserver:/root/.ssh/

on remoteserver as root :

$cd /root/.ssh
$touch authorized_keys
$chmod 600 authorized_keys
$cat rsync-key.pub >> authorized_keys
$rm rsync-key.pub
$vi /etc/ssh/sshd_config

add or change as these :
PermitRootLogin forced-commands-only
AllowUsers root

save and exit

$service sshd restart
$vi /root/.ssh/rsync-only

add these lines :

#!/bin/sh
logger -t ssh-command “$SSH_ORIGINAL_COMMAND”
echo $SSH_ORIGINAL_COMMAND > /tmp/work.$$
if ! grep -q ‘^rsync –server ‘ /tmp/work.$$
then
logger -t rsync-key INVALID COMMAND “\”$SSH_ORIGINAL_COMMAND\”"
exit 1
fi
rm /tmp/work.$$
exec $SSH_ORIGINAL_COMMAND

save and exit

$chmod 755 /root/.ssh/rsync-only
$vi authorized_keys

change this :
ssh-dss AAAAB3NzaC1ksdfjskdjfkdjsdjas…..etc

to this :
command=”/root/.ssh/rsync-only” ssh-dss AAAAB3NzaC1ksdfjskdjfkdjsdjas…..etc

on backup server as root :

$vi /etc/crontab
add this line (all in one line) to backup every wednesday at 4 am :

0 4 * * 3 root rsync -aS –delete -e “ssh -i /root/.ssh/rsync-key -p 222″ root@remoteserver:/home/vpopmail/domains /home/mail/cron

save and exit

remote server is using non standard ssh port. that’s what -p 222 is for.

$service crond restart

references:
http://goodcleanemail.com/index.php?option=com_content&task=view&id=45
http://www.qmailinfo.org/index.php/ExampleRsyncScripts
http://qmail.jms1.net/backup.shtml

ssh without shell (non interactive)

/sbin/nologin is what you have to put instead of /bin/bash at the end of a user’s line in /etc/passwd file if you only want the user to be able to use your machine to do thing like SOCKS proxy but never be able to login to a shell.
for example:
somewhere out there you have a linux machine (LLL) with big bandwidth (Mbps) and you want to be able to browse the internet through it sometimes. you can do that by setting up a SOCKS proxy on your local machine and ssh tunneling it to LLL.
on LLL you must create a user (theuser) with password and /sbin/nologin as the shell.
supposed that LLL is located in USA and domain name is www.LLL.com and you are from a windows xp machine located in UK want to browse the internet as if you do it from LLL. first you have to get putty and then save it on c:\ then click start, run and write this c:\putty.exe -N -D 8883 -C theuser@www.LLL.com then click ok, enter user and password when prompted.
next step is to setup your browser to use localhost port 8883 as the SOCKS proxy. with mozilla it should be at tools-options-advanced-network-settings.

now point your browser to www.whatismyip.com and you should be shown the ip of www.LLL.com