Categorylinux

Setting Up an sftp Site on Amazon Web Services EC2, and a Guest Account

(Original/copy post  from http://cloud.ubuntu.com/ami/, http://www.cybersprocket.com/2009/tips-tricks/sftp-tips-tricks/ and http://blog.markvdb.be/2009/01/sftp-on-ubuntu-and-debian-in-9-easy.html) and adapted a little bit.

This consists of three parts:

  • setting up an sftp site on EC2
  • creating a new user account
  • configuring the new user account to do read-only ftp, with no ssh privileges

This is intended for transferring files to and from trusted users. I use this as an adequate solution for occasionally sending very large files to clients, using an EC2 instance dedicated to that task. After the transfer is complete, I shut down or delete the instance.

Set up a server using Amazon Web Services EC2, choosing an Ubuntu Amazon Machine Image (AMI). (You can find an AMI using http://cloud.ubuntu.com/ami/. You may want to choose one that’s free tier eligible, such as ami-1aad5273)

ssh into the server:

ssh -i keyfile.pem [email protected]

Install vsftpd:

sudo apt-get install vsftpd

Create a new user:

sudo adduser newusername

Using the AWS Management Console, generate a new key pair for the third-party user.

On Linux, you can generate the public and private keys with the following command on your own local system:

ssh-keygen -b 1024 -f newusername -t dsa

On the server, create the .ssh directory for the new user:

sudo mkdir /home/newusername/.ssh

Paste the public key into /home/newusername/.ssh/authorized_keys.

Set permissions:

sudo chmod 700 /home/newusername/.ssh

sudo chmod 600 /home/newusername/.ssh/authorized_keys

sudo chown -R newusername:newusername /home/newusername/.ssh

Test the new user’s sftp login from your local machine:

sftp -o IdentityFile=newkeypair1.pem [email protected]

Make a new group for users who should be limited to using only sftp:

sudo groupadd sftponly

sudo adduser newusername sftponly

Edit /etc/ssh/sshd_config and change the Subsystem line to:

Subsystem sftp internal-sftp

and add these lines to the end of /etc/ssh/sshd_config:

Match group sftponly
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Set permissions, without clobbering files necessary for EC2’s key-based authentication (only download):

sudo chown root:root /home/newusername

To deny SSH shell access, run the following command:

sudo usermod newusername /bin/false

If you want permit uploads use the command below.

sudo chown newusername:newusername /home/newusername

and…

sudo chown -R newusername:newusername /home/newusername/.ssh

sudo /etc/init.d/ssh restart

Now the new user can connect by sftp, but not by ssh. Place the files you want to share in /home/newusername, and share the key with the user or upload your files.

How to Install Apache on CentOS 7

The Apache web server is one of the most popular and powerful web servers in the world, due to its ease of administration and flexibility. In this tutorial we will install Apache on a server that doesn’t have a web server or database server already installed.

Pre-Flight Check
  • These instructions are intended for installing Apache on a single CentOS 7 node.
  • I’ll be working from a Liquid Web Self Managed CentOS 7 server, and I’ll be logged in as non-root user. If you need more information then visit a tutorial on How to Add a User and Grant Root Privileges on CentOS 7.
Step 1: Install Apache

First, clean-up yum:

sudo yum clean all

As a matter of best practice we’ll update our packages:

sudo yum -y update

Installing Apache is as simple as running just one command:

sudo yum -y install httpd

Step 2: Allow Apache Through the Firewall

Allow the default HTTP and HTTPS port, ports 80 and 443, through firewalld:

sudo firewall-cmd --permanent --add-port=80/tcp

sudo firewall-cmd --permanent --add-port=443/tcp

And reload the firewall:

sudo firewall-cmd --reload

Step 3: Configure Apache to Start on Boot

And then start Apache:

sudo systemctl start httpd

Be sure that Apache starts at boot:

sudo systemctl enable httpd

To check the status of Apache:

sudo systemctl status httpd

To stop Apache:

sudo systemctl stop httpd

Be Sociable, Share!

 

HOWTO quickly add a route in Mac OSX

Adding a route manually can be necessary sometimes. When on Linux, I know the command by head:

1
sudo route add -net 10.67.0.0/16 gw 192.168.120.254

On the Mac the command is similar, but a bit different 🙂 Just as a note to myself and anyone else interested:

1
sudo route -n add -net 10.67.0.0/16  192.168.120.254

This sets up a route to the 10.67.0.0/16 net through gateway 192.168.120.254. First one on Linux, second one on Mac OSX.

sed – 20 examples to remove / delete characters from a file

In this article, we will see the examples of how to remove or delete characters from a file. The syntax of sed command replacement is:

This sed command finds the pattern and replaces with another pattern. When the replace is left empty, the pattern/element found gets deleted.

Let us consider a sample file as below:

1. To remove a specific character, say ‘a’

This will remove the first occurence of ‘a’ in every line of the file. To remove all occurences of ‘a’ in every line,

2. To remove 1st character in every line:

.(dot) tries to match a single character. The  ^ tries to match a pattern(any character) in the beginning of the line.   Another way to write the same:

This tells to replace a character with nothing. Since by default, sed starts from beginning, it replaces only the 1st character since ‘g’ is not passed.

3. To remove last character of every line :

The $ tries to match a pattern in the end of the line.

4. To remove the 1st and last character of every line in the same command:

Two commands can be given together with a semi-colon separated in between.

5. To remove first character only if it is a specific character:

This removes the 1st character only if it is ‘F’.

6. To remove last character only if it is a specific character:

This removed the last character only if it s ‘x’.

7. To remove 1st 3 characters of every line:

A single dot(.) removes 1st character, 3 dots remove 1st three characters.

8. To remove 1st n characters of every line:

.{n} -> matches any character n times, and hence the above expression matches 4 characters and deletes it.

9. To remove last n characters of every line:

10. To remove everything except the 1st n characters in every line:

.* -> matches any number of characters, and the first 3 characters matched are grouped using parantheses. In the replacement, by having \1 only the group is retained, leaving out the remaining part.

11. To remove everything except the last n characters in a file:

Same as last example, except that from the end.

12. To remove multiple characters present in a file:

To delete multiple characters, [] is used by specifying the characters to be removed. This will remove all occurences of the characters a, o and e.

13. To remove a pattern  :

Not just a character, even a pattern can be removed. Here, ‘lari’ got removed from ‘Solaris’.

14. To delete only nth occurrence of a character in every line:

By default, sed performs an activity only on the 1st occurence. If n is specifed, sed performs only on the nth occurence of the pattern. The 2nd ‘u’ of ‘Ubuntu’ got deleted.

15. To delete everything in a line followed by a character:

16. To remove all digits present in every line of a file:

[0-9] stands for all characters between 0 to 9 meaning all digits, and hence all digits get removed.

17. To remove all lower case alphabets present in every line:

[a-z] represents lower case alphabets range and hence all lower-case characters get removed.

18. To remove everything other than the lower case alphabets:

^ inside square brackets negates the condition. Here, all characters except lower case alphabets get removed.

19. To remove all alpha-numeric characters present in every line:

All alpha-numeric characters get removed.

20. To remove a character irrespective of the case:

By specifying both the lower and upper case character in brackets is equivalent to removing a character irrespective of the case.

Original article here, from The UNIX School.

Linux Increase Networking Performance Tuning Network Stack (Buffers Size)

Starting a Stress Test to improve performance, I reach some limits when the system was under intense fire up. By default the Linux network stack is not configured for high speed large file transfer across WAN links. This is done to save memory resources. You can easily tune Linux network stack by increasing network buffers size for high-speed networks that connect server systems to handle more network packets.

The default maximum Linux TCP buffer sizes are way too small. TCP memory is calculated automatically based on system memory; you can find the actual values by typing the following commands:

The default and maximum amount for the receive socket memory:

The default and maximum amount for the send socket memory:

The maximum amount of option memory buffers:

 Tuning the Values

Set the max OS send buffer size (wmem) and receive buffer size (rmem) to 12 MB for queues on all protocols. In other words set the amount of memory that is allocated for each TCP socket when it is opened or created while transferring files:

WARNING! The default value of rmem_max and wmem_max is about 128 KB in most Linux distributions, which may be enough for a low-latency general purpose network environment or for apps such as DNS / Web server. However, if the latency is large, the default size might be too small. Please note that the following settings going to increase memory usage on your server.

Now, as root user…

You also need to set minimum size, initial size, and maximum size in bytes:

Turn on window scaling which can be an option to enlarge the transfer window:

Enable timestamps as defined in RFC1323:

Enable select acknowledgments:

By default, TCP saves various connection metrics in the route cache when the connection closes, so that connections established in the near future can use these to set initial conditions. Usually, this increases overall performance, but may sometimes cause performance degradation. If set, TCP will not cache metrics on closing connections.

Set maximum number of packets, queued on the INPUT side, when the interface receives packets faster than kernel can process them.

Now reload the changes:

Use tcpdump to view changes for eth0, eth1 or wlan0, or…

See the results, enjoy it!

 

 

 

 

© 2017 Ziben IT Solutions

Theme by Anders NorénUp ↑