Thursday, 20 January 2011

Upgrade security on Secure Shell with a few easy steps

Secure Shell is nearly always put in place as a secure replacement for telnet. It’s default behavior for any administrator. But the problem is, out of the box, Secure Shell isn’t as secure as it can be. There are plenty of ways to take this security measure to much higher levels, but which are the quickest to implement that will gain you the most security? Let’s dig in and find out.



SSH key authentication


No matter how you slice it, if you’re using a password to log in, that password can be cracked. That is a security hole in the waiting. You can get around this by using SSH key authentication. To do this you simply need to generate a key and then copy the key to the correct machines. Here are the steps for this (NOTE: These steps will be illustrated on an Ubuntu client and server):


On the local machine


Open up a terminal window and issue the command ssh-keygen -t dsa. That command will generate a public key that is then copied to your server with the command ssh-copy-id -i ~/.ssh/id_dsa.pub username@destination where username is the actual user name on the remote machine and destination is the actual address of the remote machine.


Now, when you attempt to log in to the remote machine you will be asked for the passphrase of the CERTIFICATE and not the user.


If you are using the graphic desktop you could also click on System | Preferences | Passwords and Encryptions Keys. From this GUI (see Figure A) select the My Personal Keys tab, click File | New | Secure Shell Key, and walk through the creation wizard.



Figure A



From this tool you can manage all of your passwords and your personal keys.

Once the key is created, right-click the key and select Configure Key for Secure Shell. From the new window you will need to add a computer name (the remote machine) and a login name. NOTE: You must already have the login name on the remote machine.


If you are using Windows to log into the SSH-enabled server, you can use the PuTTYgen utility. Download PuTTYgen, start it up, click the Generate button, move your mouse around (during the creation phase), save the public key, and copy the public key to the SSH server.


NOTE: As a precaution you should always enforce password-protected keys. If you allow the key authentication method, you might find some users create password-less keys (for ease of use). This is not safe.


Block root access


This one is critical and should be done on ALL machines that allow secure shell access. Open up the file /etc/ssh/sshd_config and look for the line:



PermitRootLogin

Make sure the above line is set to no. The correct line should read:


PermitRootLogin no

Once you have the file corrected and saved, issue the command:


sudo /etc/init.d/ssh restart

If you attempt to log on to the server using ssh as the root user you will be denied access.


Change the port number


I understand that security by obfuscation is not really security. But in the case of secure shell, the more the merrier. So I am a big advocate of changing secure shell from the default port 22 to a non-standard port. To do this, open up the /etc/ssh/sshd_config file and look for the line (near the top):



Port 22

Change this port number to reflect a non-standard port not in use. You will need to make sure all users that connect to this machine are made aware of this change in port number. You will also want to restart the SSH daemon after you make the change.


To connect to a non-standard port from the command line, you would use SSH like so:


ssh -p PORT_NUMBER -v -l USERNAME IPADDRESS

Where PORT_NUMBER is the non-standard port, USERNAME is the username to connect with, and IPADDRESS is the address of the remote machine.


Final thoughts


Out of the box, secure shell is a fairly secure means to connect to a remote machine. But when you can easily take the default a few steps further into the realm of very secure…the little time you will spend doing so will pay off. As a best practice standard, you should always, at a bare minimum, disable root login…everything beyond that is just icing on the proverbial cake.

Monday, 3 January 2011

The 10 most useful Windows 7 keyboard shortcuts

Along with Windows 7’s new features comes a set of new keyboard shortcuts. This little cheat sheet will help you work more efficiently with the latest version of Windows.



Note: This list is part of Greg Shultz’s comprehensive collection of Windows keyboard shortcuts, available as a PDF download.


The shortcuts


Photo Magician 大量圖檔批次轉檔、改大小工具

Photo Magician是個功能相當簡單的圖檔轉檔工具,主要就是用來批次修改大量圖檔的尺寸、檔案大小與檔案格式。透過內建的「Profile」選單,我們可以快速選擇常見的圖檔尺寸或各種行動裝置如iPhone、PSP、Microsoft Zune或HDTV..等裝置適用的大小。當然也可自行選擇、設定尺寸與縮放比例。

在轉檔之前,也可透過尺寸或檔案大小來過濾要處理或不處理的檔案,另外也提供了一個快速轉檔用的桌面小工具,只要把圖檔拉到視窗中即可快速執行事先選定的轉檔任務,把圖檔輸出到指定資料夾。





 





 







▇ 軟體小檔案 ▇     (錯誤、版本更新回報)


  • 軟體名稱:Photo Magician
  • 軟體版本:1.5.0.0
  • 軟體語言:英文,提供多國語系介面,尚無中文

  • 軟體性質:免費軟體
  • 檔案大小:1.61MB
  • 系統支援:Windows 98/2000/XP/2003/Vista/Win7
  • 官方網站:http://www.sheldonsolutions.co.uk/photomagician/
  • 軟體下載:按這裡


  • 使用方法:


    第1步  安裝好並啟動Photo Magician軟體之後,先在「Input Folder」與「Output Folder」欄位中設定好輸入與輸出圖檔的資料夾。

    01  

     

    第2步  接著我們可以從「Select a Profile」選單中點選一個你要的尺寸或規格,也可點選「Custom Width & Height」自行設定轉檔細節。

    02  

     

    第3步  「Conversion Settings」選單中可以設定是否處理次目錄裡的其他圖檔,或者透過圖檔尺寸、圖檔大小來篩選要處理的圖檔。

    03  

     

    第4步  「Options」選單則可設定軟體語言介面與一些圖檔格式的設定。全部設定好之後,直接按一下視窗最下方的「Process xx Image(s)」按鈕即可開始轉檔。

    04  

     

    第5步  轉檔時會有個預覽介面,結束後關閉視窗即可。

    05  

     

    第6步  如果想啟動快速轉檔工具的話,可以先設定好「Output Folder」與「Profile」等轉檔細節,然後再按一下視窗左上角的「Quick Convert Mode」按鈕,桌面上便會出現一個快速轉檔用的小視窗。

    以後只要將圖檔拉到視窗中,便可自動透過預先設定過的轉檔方式將圖檔輸出到指定資料夾中。