Monday, 24 February 2014

Windows Volume Activation in Cambridge

Client Configuration

Client in this case refers to any Microsoft operating system using volume activation and a KMS key, servers as well as desktop versions.
All configuration is done via a VB script (slmgr.vbs) which is installed by default on all Windows systems capable of using KMS. It is located in the Windows\system32 directory. You must use a command shell run with administrator privilages.

General Prerequisites

You need to ensure that you can communicate via TCP port 1688 to our KMS servers.
Right click on a command shell and select Run as Administrator before entering the commands.

Change the SID

Before imaging a system for use with KMS you must generate a unique SID. If you are doing a clean install from media you will get a unique SID. If you're planning on imaging systems you can use sysprep with the generalise option, the Windows Automated Installation Kit or join the system to a domain.
Once you have done this you can configure the system to use KMS for activation.

Configuration Steps

  • Set the KMS server (slmgr -skms servername)
  • Install the KMS Product Key (slmgr -ipk product key)
  • Activate the system (slmgr -ato)

Set the KMS Server (slmgr -skms servername)

You need to configure your client to point to the KMS server. By default it will try and autodetect an activation server using DNS and SRV records, based on the DNS domain suffix of the client. Since these records would not match in the majority of cases this is not a viable method for us so direct registration of the KMS server is the supported method.
The server name is kms.csx.private.cam.ac.uk.
You should use the FQDN to identify the KMS system rather than the IP address or NetBIOS name.
To configure the client for direct registration launch a command window with elevated privileges and enter:
 \windows\system32\slmgr.vbs -skms kms.csx.private.cam.ac.uk
This will override any attempt by the client to use autodiscovery and point the system to the central KMS server.

Install the KMS Product Key (slmgr -ipk product key)

On Windows Vista, server 2003, 2003 R2 and 2008 the product key can be found in a pid.txt file in the \Sources folder on the install media. Windows 7 and Server 2008 R2 product keys can be found below. This may cause an error message, see Troubleshooting below.
To install a product key use slmgr.vbs
\windows\system32\slmgr.vbs -ipk Product Key
If a pre-existing key is present you may need to use the -upk option to remove this before you can install the pid key.

Windows 7, 8, Server 2008 R2 and Server 2012 use the following keys for KMS activation;

Operating System Edition Product Key
Windows 8.1
Windows 8.1 Professional GCRJD-8NW9H-F2CDX-CCM8D-9D6T9
Windows 8.1 Professional N HMCNV-VVBFX-7HMBH-CTY9B-B4FXY
Windows 8.1 Enterprise MHF9N-XY6XB-WVXMC-BTDCT-MKKG7
Windows 8.1 Enterprise N TT4HM-HN7YT-62K67-RGRQJ-JFFXW
Windows 8
Windows 8 Professional NG4HW-VH26C-733KW-K6F98-J8CK4
Windows 8 Professional N XCVCF-2NXM9-723PB-MHCB7-2RYQQ
Windows 8 Enterprise 32JNW-9KQ84-P47T8-D8GGY-CWCK7
Windows 8 Enterprise N JMNMF-RHW7P-DMY6X-RF3DR-X2BQT
Windows 7
Windows 7 Professional FJ82H-XT6CR-J8D7P-XQJJ2-GPDD4
Windows 7 Professional N MRPKT-YTG23-K7D7T-X2JMM-QY7MG
Windows 7 Enterprise 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
Windows 7 Enterprise N YDRBP-3D83W-TY26F-D46B2-XCKRJ
Windows 7 Enterprise E C29WB-22CC8-VJ326-GHFJW-H9DH4
Windows Server 2012 R2
Windows Server 2012 R2 Server Standard D2N9P-3P6X9-2R39C-7RTCD-MDVJX
Windows Server 2012 R2 Datacenter W3GGN-FT8W3-Y4M27-J84CP-Q3VJ9
Windows Server 2012 R2 Essentials KNC87-3J2TX-XB4WP-VCPJV-M4FWM
Windows Server 2012
Windows Server 2012 Core BN3D2-R7TKB-3YPBD-8DRP2-27GG4
Windows Server 2012 Core N 8N2M2-HWPGY-7PGT9-HGDD8-GVGGY
Windows Server 2012 Core Single Language 2WN2H-YGCQR-KFX6K-CD6TF-84YXQ
Windows Server 2012 Core Country Specific 4K36P-JN4VD-GDC6V-KDT89-DYFKP
Windows Server 2012 Server Standard XC9B7-NBPP2-83J2H-RHMBY-92BT4
Windows Server 2012 Standard Core XC9B7-NBPP2-83J2H-RHMBY-92BT4
Windows Server 2012 Multipoint Standard HM7DN-YVMH3-46JC3-XYTG7-CYQJJ
Windows Server 2012 Multipoint Premium XNH6W-2V9GX-RGJ4K-Y8X6F-QGJ2G
Windows Server 2012 Datacenter 48HP8-DN98B-MYWDG-T2DCC-8W83P
Windows Server 2012 Datacenter Core 48HP8-DN98B-MYWDG-T2DCC-8W83P
Windows Server 2008 R2
Windows Server 2008 R2 HPC Edition FKJQ8-TMCVP-FRMR7-4WR42-3JCD7
Windows Server 2008 R2 Datacenter 74YFP-3QFB3-KQT8W-PMXWJ-7M648
Windows Server 2008 R2 Enterprise 489J6-VHDMP-X63PK-3K798-CPX3Y
Windows Server 2008 R2 for Itanium-Based Systems GT63C-RJFQ3-4GMB6-BRFB9-CB83V
Windows Server 2008 R2 Standard YC6KT-GKW9T-YTKYR-T4X34-R7VHC
4GGC4-9947F-FWFP3-78P6F-J9HDR
Windows Web Server 2008 R2 6TPJF-RBVHG-WBW2R-86QPH-6RTM4

Activate The System (slmgr -ato)

KMS clients will automatically attempt to contact the KMS server every two hours to activate.
You can force a client to activate the following slmgr.vbs switch.
  slmgr.vbs -ato
  

 Windows 10

Windows 10 has the KMS key built in.
Use step 1 (to set the KMS server to kms.csx.private.cam.ac.uk)

 \windows\system32\slmgr.vbs -skms kms.csx.private.cam.ac.uk
 
and step 3 (activating the product using -ato)

  slmgr.vbs -ato

Checking The License Status

Checking The License Status

Viewing the system properties should tell you if the system is activated or not. You can also use slmgr -dlv to view detailed licensing status of a system.

Converting clients from MAK to KMS licensing/Issues with KMS

You need to tell Windows that it is going to activate using KMS rather than MAK. When you buy a copy of Windows from software sales you will get a MAK key as part of the paperwork, this is not the one to use. Every Vista and Server 2008 (non R2) volume license media has a pid.txt file found under \Sources. This contains the KMS key. Alternative KMS keys can be found in the Volume Activation Technical Reference, for links look at the end of the page.

Troubleshooting

For Server 2008 when using the pid key from the \Sources\pid.txt file you may see the following error after adding the key with -ipk
  • Run Slui.exe 0x2a 0xC004F015 to display error text
  • Error 0xC004F015
This error can be ignored. Run Slmgr -ato and the system should activate.
When using the commands above, you may get errors such as '0x800706BA The RPC server is unavailable' (which may indicate a network error but is often displayed as an unhelpful generic error message) or 'Error 0x800706BA occurred in connecting to server -ipk'. The following three points should be noted:
  • Check that you are logged in as an Administrator running an Administrative command prompt
  • In the cscript command itself try using a / instead of -
  • If the error is with the -skms command it may indicate a network error (failure to communicate on port TCP 1688 - due to this you cannot activate via Lapwing and may get error 0x4004F00C)
For a more detailed list of error codes and possible causes see Microsoft's How to troubleshoot Volume Activation error codes on Windows Server 2008 and Windows Vista-based computers at http://support.microsoft.com/kb/938450.

Source : http://www.ucs.cam.ac.uk/support/windows-support/winsuptech/volact/windowsva

Thursday, 13 February 2014

Nagios 4.0.1 Released – Install on RHEL/CentOS 6.x/5.x and Fedora 19/18/17

Nagios is an awesome Open Source monitoring tool, its provides you more comprehensive monitoring environment to always keep an eye on your all machines / networks whether you are in a your data center or just your small labs.
With Nagios, you can monitor your remote hosts and their services remotely on a single window. It shows warnings and indicates if something goes wrong in your servers which eventually helps us to detect some problems before they occur. It helps us to reduce downtime and business losses.
Recently, Nagios released its latest versions Nagios 4.0.1 on 15th October 2013, and its latest stable release of Nagios plugins 1.5.
This article is intended to guide you with easy instructions on how to install latest Nagios 4.0.1 from source (tarball) on RHEL 6.4/6.3/6.2/6.1/6/5.8, CentOS 6.4/6.3/6.2/6.1/6/5.8 and Fedora 19,18,17,16,15,14,13,12 distributions. Within 30 minutes you will be monitoring your local machine, no any advanced installation procedure only basic installation that will work 100% on most of the today’s Linux servers.
Please Note: The installation instructions were shown in here are written based on CentOS 6.4 Linux distribution.

Installing Nagios 4.0.1 and Nagios Plugin 1.5

If you follow these instructions correctly, you will end up with following information.
  1. Nagios and its plugins will be installed under /usr/local/nagios directory.
  2. Nagios will be configured to monitor few services of your local machine (Disk Usage, CPU Load, Current Users, Total Processes, etc.)
  3. Nagios web interface will be available at http://localhost/nagios

Step 1: Install Required Dependencies

We need to install Apache, PHP and some libraries like gcc, glibc, glibc-common and GD libraries and its development libraries before installing Nagios 4.0.1 with source. And to do so we can use yum default package installer.
[root@tecmint]# yum install -y httpd php gcc glibc glibc-common gd gd-devel make net-snmp  (RedHat / CentOS)

Step 2: Create Nagios User and Group

Create a new nagios user and nagcmd group account and set a password.
[root@tecmint]# useradd nagios
[root@tecmint]# groupadd nagcmd
Next, add both the nagios user and the apache user to the nagcmd group.
[root@tecmint]# usermod -G nagcmd nagios
[root@tecmint]# usermod -G nagcmd apache

Step 3: Download Nagios Core 4.0.1 and Nagios Plugin 1.5

Create a directory for your Nagios installation and all its future downloads.
[root@tecmint]# mkdir /root/nagios
[root@tecmint]# cd /root/nagios
Now download latest Nagios Core 4.0.1 and Nagios plugins 1.5 packages with wget command.
[root@tecmint nagios~]# wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-4.0.1.tar.gz
[root@tecmint nagios~]# wget https://www.nagios-plugins.org/download/nagios-plugins-1.5.tar.gz

Step 4: Extract Nagios Core and its Plugins

We need to extract downloaded package with tar command as follows.
[root@tecmint nagios~]# tar –xvf nagios-4.0.1.tar.gz
[root@tecmint nagios~]# tar –xvf nagios-plugins-1.5.tar.gz
When you extract these tarballs with tar command, two new folders will appear in that directory.
[root@tecmint nagios ~]# ll
total 3712
drwxrwxr-x 18 root root    4096 Oct 17 03:28 nagios-4.0.1
-rw-r--r--  1 root root 1695367 Oct 15 19:49 nagios-4.0.1.tar.gz
drwxr-xr-x 15  200  300    4096 Oct 14 10:18 nagios-plugins-1.5
-rw-r--r--  1 root root 2428258 Oct  2 11:27 nagios-plugins-1.5.tar.gz

Configure Nagios Core

Now, first we will configure Nagios Core and to do so we need to go to Nagios directory and run configure file and if everything goes fine, it will show the output in the end as sample output. Please see below.
[root@tecmint nagios~]# cd nagios-4.0.1
[root@tecmint nagios-4.0.1 ]# ./configure --with-command-group=nagcmd
Sample output:
Nagios executable:  nagios
        Nagios user/group:  nagios,nagios
       Command user/group:  nagios,nagcmd
             Event Broker:  yes
        Install ${prefix}:  /usr/local/nagios
    Install ${includedir}:  /usr/local/nagios/include/nagios
                Lock file:  ${prefix}/var/nagios.lock
   Check result directory:  ${prefix}/var/spool/checkresults
           Init directory:  /etc/rc.d/init.d
  Apache conf.d directory:  /etc/httpd/conf.d
             Mail program:  /bin/mail
                  Host OS:  linux-gnu

 Web Interface Options:
 ------------------------
                 HTML URL:  http://localhost/nagios/
                  CGI URL:  http://localhost/nagios/cgi-bin/
 Traceroute (used by WAP):  /bin/traceroute

Review the options above for accuracy.  If they look okay,
type 'make all' to compile the main program and CGIs.
Now, after configuring we need to Compile and install all the binaries with make command and make install command will install all the needed libraries in your machine and we can proceed further.
[root@tecmint nagios-4.0.1 ]# make all
[root@tecmint nagios-4.0.1 ]# make install
Sample output:
*** Main program, CGIs and HTML files installed ***

You can continue with installing Nagios as follows (type 'make'
without any arguments for a list of all possible options):

  make install-init
     - This installs the init script in /etc/rc.d/init.d

  make install-commandmode
     - This installs and configures permissions on the
       directory for holding the external command file

  make install-config
     - This installs sample config files in /usr/local/nagios/etc
Following command will install the init scripts for Nagios.
[root@tecmint nagios-4.0.1 ]# make install-init
To make nagios work from command line we need to install command-mode.
[root@tecmint nagios-4.0.1 ]# make install-commandmode
Next, install sample nagios files, please run following command.
[root@tecmint nagios-4.0.1 ]# make install-config
Sample output:
/usr/bin/install -c -m 775 -o nagios -g nagios -d /usr/local/nagios/etc
/usr/bin/install -c -m 775 -o nagios -g nagios -d /usr/local/nagios/etc/objects
/usr/bin/install -c -b -m 664 -o nagios -g nagios sample-config/nagios.cfg /usr/local/nagios/etc/nagios.cfg
/usr/bin/install -c -b -m 664 -o nagios -g nagios sample-config/cgi.cfg /usr/local/nagios/etc/cgi.cfg
/usr/bin/install -c -b -m 660 -o nagios -g nagios sample-config/resource.cfg /usr/local/nagios/etc/resource.cfg
/usr/bin/install -c -b -m 664 -o nagios -g nagios sample-config/template-object/templates.cfg /usr/local/nagios/etc/objects/templates.cfg
/usr/bin/install -c -b -m 664 -o nagios -g nagios sample-config/template-object/commands.cfg /usr/local/nagios/etc/objects/commands.cfg
/usr/bin/install -c -b -m 664 -o nagios -g nagios sample-config/template-object/contacts.cfg /usr/local/nagios/etc/objects/contacts.cfg
/usr/bin/install -c -b -m 664 -o nagios -g nagios sample-config/template-object/timeperiods.cfg /usr/local/nagios/etc/objects/timeperiods.cfg
/usr/bin/install -c -b -m 664 -o nagios -g nagios sample-config/template-object/localhost.cfg /usr/local/nagios/etc/objects/localhost.cfg
/usr/bin/install -c -b -m 664 -o nagios -g nagios sample-config/template-object/windows.cfg /usr/local/nagios/etc/objects/windows.cfg
/usr/bin/install -c -b -m 664 -o nagios -g nagios sample-config/template-object/printer.cfg /usr/local/nagios/etc/objects/printer.cfg
/usr/bin/install -c -b -m 664 -o nagios -g nagios sample-config/template-object/switch.cfg /usr/local/nagios/etc/objects/switch.cfg

*** Config files installed ***

Remember, these are *SAMPLE* config files.  You'll need to read
the documentation for more information on how to actually define
services, hosts, etc. to fit your particular needs.

Step 5: Customizing Nagios Configuration

Open the “contacts.cfg” file with your choice of editor and set the email address associated with the nagiosadmin contact definition to receiving email alerts.
# vi /usr/local/nagios/etc/objects/contacts.cfg
Sample Output
###############################################################################
###############################################################################
#
# CONTACTS
#
###############################################################################
###############################################################################

# Just one contact defined by default - the Nagios admin (that's you)
# This contact definition inherits a lot of default values from the 'generic-contact'
# template which is defined elsewhere.

define contact{
       contact_name                    nagiosadmin             ; Short name of user
       use                             generic-contact         ; Inherit default values from generic-contact template (defined above)
       alias                           Nagios Admin            ; Full name of user

       email                           tecmint@tecmint.com     ; *** CHANGE THIS TO YOUR EMAIL ADDRESS ****
       }

Step 6: Install and Configure Web Interface for Nagios

We are done with all configuration in the backend, now we will configure Web Interface For Nagios with following command. The below command will Configure Web interface for Nagios and a web admin user will be created “nagiosadmin”.
[root@tecmint nagios-4.0.1 ]# make install-webconf
In this step, we will be creating a password for “nagiosadmin”. After executing this command, please provide a password twice and keep it remember because this password will be used when you login in the Nagios Web interface.
[root@tecmint nagios-4.0.1]# htpasswd -s -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
New password:
Re-type new password:
Adding password for user nagiosadmin
Restart Apache to make the new settings take effect.
[root@tecmint ]# service httpd start (On RedHat / CentOS)
[root@tecmint ]# systemctl start httpd.service (On Fedora)

Step 7: Compile and Install Nagios Plugin

We have downloaded nagios plugins in /root/nagios, Go there and configure and install it as directed below.
[root@tecmint nagios]# cd /root/nagios
[root@tecmint nagios]# cd nagios-plugins-1.5
[root@tecmint nagios]# ./configure --with-nagios-user=nagios --with-nagios-group=nagios
[root@tecmint nagios]# make
[root@tecmint nagios]# make install

Step 8: Verify Nagios Configuration Files

Now we are all done with Nagios configuration and its time to verify it and to do so please insert following command. If everything goes smooth it will show up similar to below output.
[root@tecmint nagios]# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
Sample Output
/usr/bin/install -c -m 644 sample-config/httpd.conf /etc/httpd/conf.d/nagios.conf

*** Nagios/Apache conf file installed ***

 /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
...
...
Total Warnings: 0
Total Errors:   0

Step 9: Add Nagios Services to System Startup

To make Nagios work across reboots, we need to add nagios and httpd with chkconfig command.
[root@tecmint ]# chkconfig --add nagios
[root@tecmint ]# chkconfig --level 35 nagios on
[root@tecmint ]# chkconfig --add httpd
[root@tecmint ]# chkconfig --level 35 httpd on
Restart Nagios to make the new settings take effect.
[root@tecmint ]# service nagios start (On RedHat / CentOS)
[root@tecmint ]# systemctl start nagios.service (On Fedora)

Step 10: Login to the Nagios Web Interface

Your nagios is ready to work, please open it in your browser with “http://Your-server-IP-address/nagios” or “http://FQDN/nagios” and Provide the username “nagiosadmin” and password.
Nagios Login
Nagios Login
Nagios Web Interface
Host View
Nagios Host View
Nagios Host View
Nagios Overview
Nagios Overview
Nagios Overview
Service View
Nagios Services
Nagios View Services
Process View
Nagios Process View
Process View
Congratulations! You’ve successfully installed and configured Nagios and its Plugins. You’ve just begin your journey into monitoring.

Upgrade Nagios 3.x to Nagios 4.0.1

If you are already running an older version of Nagios, you can upgrade it anytime. To do so, you just need to download the latest tar archive of it and configure it as shown below.
[root@tecmint ]# service nagios stop
[root@tecmint ]# tar –zxvf nagios-4.0.1.tar.gz
[root@tecmint ]# cd nagios-4.0.1
[root@tecmint ]# ./configure
[root@tecmint ]# make all
[root@tecmint ]# make install
[root@tecmint ]# service nagios start
That’s it for now, in my upcoming articles, I will show you how to add Linux, Windows, Printers, Switches and Devices to Nagios monitoring Server. If you’re having any trouble while installing, please do contact us via comments. Till then stay tuned and connected to Tecmint and don’t forget to Like and Share us to spread around.
Read Also:
  1. How to Add Linux Host to Nagios Monitoring Server
  2. How to Add Windows Host to Nagios Monitoring Server

Source : http://www.tecmint.com/install-nagios-in-linux/

Friday, 7 February 2014

How To Set Up SSH Tunneling on a VPS


Introduction


In this article, you'll learn how to create a safe, encrypted tunnel between your computer and your VPS along with how to bypass limits in a corporate network, how to bypass NAT, etc.

This article will cover some basic theory, which you can skip if you like just by going straight to the examples further down.

Communication in the Internet, Network Protocols and Communication Ports


Every piece of software installed in your computer, that wants to send or receive data through the Internet, has to use a protocol of the application layer from TCP/IP stack. Those protocols define a way to communicate and the format of the messages sent between the hosts over the Internet etc. For instance:
  • HTTP - used to download websites and files from your web browser
  • FTP - used to send files between a client and server
  • DNS - used to change host name into an IP address and vice versa
  • POP3 and (or) IMAP - used to download/browse your e-mail
  • SMTP - used to send e-mail
  • telnet - used to connect remotely to a server
  • SSH - similar to telnet, but in a secure, encrypted version, so nobody can see what we send to a server and what the server sends to us.
Next, messages of the given protocol has to be packed into a TCP segment or UDP datagram (in transport layer). Those protocols are used to transport data through the Internet - they are working in transport layer. TCP protocol is connection-oriented, which means that before sending data, it is required to create a connection between the remote machines. TCP always provides data in the correct order. If any segment will be lost in the network, it will be sent again if it does not receive the confirmation in time. TCP is considered fairly reliable.

UDP protocol is not connection-oriented. It doesn't provide retransmissioning for lost datagrams. If packets are not received in the correct order, UDP will, nonetheless give them to an application in the order that they were received. Because of that, UDP is mainly used to transmit real-time multimedia data - VoIP talks, videoconferences, audio and video. UDP is used sometimes by other protocols in the application layer - for instance, in the case of DNS.

In this case a protocol of the higher layer has to resend a query after not receiving an answer in the given amount of time. UDP is used here mainly, because it has low overhead: sending 1 small query in 1 datagram and receiving an answer takes less time and needs to transmit less data than making a TCP connection (exchanging 3 segment between hosts): sending a query from a client, sending a confirmation from the server, sending an answer from the server, and then sending a confirmation from a client and disconnecting the connection (4 segments).

To identify different connections to and from the same IP address, we use port numbers. Each server of a given application layer protocol binds to a given port number and waits for an incoming connection. The client connects to this port (in the case of a TCP connection) or sends a datagram to that port (in the case of UDP). For the most used, well-known protocols, there are reserved port numbers. For example, the HTTP server usually listens on port 80 TCP (alternatively, clients would have to connect to it by specifying the port number itself in an address - http://example.org:1234/), DNS server usually listens on port 53 UDP (sometimes port 53 TCP, too). The client needs to use a port on its side, too. They are "high ports" like 52044 and are randomly generated.

Here, you can see more reserved ports that we use everyday.

The segments and datagrams are then packed into IP packets, in the network layer. In the packets, the source and target computer are identified by IP addresses. They are global - only 1 host can use the same address at a time (excluding a magic like NAT used in home routers with private IP addresses: 192.168.x.x, 10.x.x.x, 172.16-31.x.x; x is a number between 1 and 255). Based on those addresses, routers can decide how to send the packet to get to the target computer.

The packets are then packed into frames/cells in the data link layer and then transmitted in a cable or in the form of radio waves on the local network. In the data link layer, in the frames, the computers are identified by their MAC addresses. Frames with MAC addresses are completely deleted from the routers which extract packets from them. They decide which network to send the packets to, pack them into new frames and send them on their way. If a network between both routers uses MAC addresses, addresses of those routers are included in the frame - the source one and the target one. It's not possible to communicate between two computers in different networks using only MAC addresses, even if they are not duplicated - the producer associates only one address with one card, so any manufactured carts can have the same MAC address as a card made by another producer.

TCP/IP (DoD) model

Encapsulation

About SSH. Theory, Part 1


SSH is a protocol in the application layer. It's the successor of telnet and is used for connecting to your VPS remotely in text mode. Unlike telnet, SSH is encrypted. It uses port 22 TCP, but you can easily change the port in your server's configuration.

SSH allows the user to authenticate themselves several different ways. For example:

-using a username and password

-using a pair of keys - first, a private one (top secret), and second - a public one (on server): a program that you use to connect with SSH has to solve math problem using a private key and send the solution to the server. The problem is different each time, so it's difficult to break the key using that authentication method.

Nowadays we use version 2 of SSH.

The most popular SSH server implementation is OpenSSH. The most popular clients are PuTTY (for Windows) and OpenSSH (for Linux). Both PuTTY and OpenSHH allow users to create tunnels.

SSH allows users to create a TCP tunnel between the server and client and to send data through that tunnel. SSH supports TCP tunnels only, but you can work around that i.e. via a SOCKS proxy. A tunnel like that is established between a chosen TCP port on server and a chosen local port. It's unencrypted, of course, so anybody can check what we use it for.

Concepts that will be used

Loopback interface - a virtual network card installed in the system with the IP address 127.0.0.1. Only applications installed on the system have access to that address. Remote access is not possible. You can start a VPS on that interface and have remote access only from the same system or via tunnel.

SMTP - an application layer protocol that let you send e-mails. It's used for both communicating between mail servers and the communication between a server and a mail client. SMTP uses port 25 TCP for unencrypted communication and port 587 TCP or 465 TCP (deprecated - not recommended) for an encrypted connection (SSL).

POP3 - protocol in the application layer used to download new e-mails from a server to local mail client. It's rarely used nowadays as it has been superseded by IMAP. For unencrypted connections it uses port 110 TCP, for encrypted connections - port 995 TCP.

IMAP - a protocol similar to POP3, but with support for folders, labels, reading and managing messages and folders on the server without downloading everything to local PC and deleting it from the server. IMAP uses port 143 TCP for unencrypted connections and port 993 TCP for encrypted connections.

Example 1: Tunnel to an IMAP server


A tunnel between local port 143 on the loopback interface - 127.0.0.1 - and the IMAP server for receiving mail (unencrypted connection) on the same remote machine.

Unix and OpenSSH:

ssh abc@def -L 110:127.0.0.1:110
 
abc - username on server
def - server address
110: - local port that will be opened on loopback interface (127.0.0.1) on local machine
127.0.0.1 - IP address of computer that we creating a tunnel to via our SSH tunnel
:110 - port number of target machine we'll get to via tunnel

Windows and PuTTY:

Here you can read how to create connection to your VPS using PuTTY. That connection is required to create a tunnel.
  • Choose your connection, load data and go to Connection->SSH->Tunnels and set it as follows:

    Yay!


  • Click on Add. After that every protocols it should look like this:

    Yay!


  • Now you can save the session and connect using it.

Now you can just configure your mail client to connect to the VPS not directly, but using port 110 of the loopback interface - 127.0.0.1. You can do the same thing with different protocols - SMTP (25), IMAP (143), etc.

Example 2. Tunnel to a Web Server


A tunnel between local port 8080 on the local interface (127.0.0.1) and the WWW server, bound to a remote machine's port 80. This time we'll connect to it using the loopback interface.

As I said earlier, the HTTP protocol is used to download WWW websites to the browser.

Unix and OpenSSH:


ssh abc@def -L 8080:11.22.33.44:80
 
    abc - username on server
    def - server address
    8080: - port on the local machine that will be opened on loopback interface (127.0.0.1)
    11.22.33.44 - IP address of the server that we'll create a tunnel to using SSH

Windows and PuTTY:


  • Choose the connection and load the settings.
  • Go to Connection->SSH->Tunnels
  • Set it like this:

    it looks like this

  • Click on Add:

    it looks like that

  • Now you can save the session and connect.

Theoretically speaking, after going to 127.0.0.1:8080 in your browser, you should see a website located on the remote server we've connected to.

Practically speaking, HTTP 1.1 introduced the Host parameter to queries. This parameter is used to send the DNS domain name of the VPS we're connecting to. If it uses the Virtual Host mechanism, the page you'll get will either be an error page or the server's main page, but not through the tunnel.

In this case, we have to do one more thing: in the hosts file on local PC, add the VPS address and your loopback interface:
127.0.0.1 website
website is the address to site you want to connect to (without the http:// at beginning and the / at the end).

The Hosts file is located at /etc/hosts (Linux) or C:\Windows\system32\drivers\etc\hosts (Windows). To edit this file, you must be an administrator or have administrative privileges.

Important! If you want to create a tunnel on a local port numbered less than 1024 on Unix systems, you must have root privileges.

Example 3. SOCKS proxy


A SOCKS proxy allows you to send traffic from any protocol through a tunnel. It looks, from the outside, like a single TCP connection.

In this example, we'll create a tunnel between an SSH server and a client on port 5555 on the loopback interface. Next, we'll set our browser to use our SOCKS server as proxy server for every outgoing connections.

This solution might be useful to bypass the restrictions on corporate networks. If the port that our SSH uses is locked, we can tell the server to listen on port 443 using the Listen option in the OpenSSH configuration file (/etc/ssh/sshd_config or /etc/openssh/sshd_config).

Unix and OpenSSH:


ssh abc@def -D 5555
 
    abc - username
    def - server address
    5555 - local port number, where the tunnel will be created

Windows and PuTTY:


  • Choose the connection and load the settings.
  • Go to Connection->SSH->Tunnels
  • Set it like this:

    noname1

  • Click on Add:

    noname2

  • Save the session and connect to it.

In your browser settings, set up a SOCKS proxy that runs on 127.0.0.1:5555, from now until you close the connection in PuTTY or OpenSSH.

Example 4. Bypassing NAT



NAT (specifically PAT, which is the NAT form used in home routers) is a mechanism that allows many people to use one internet connection. A router that uses NAT has one public address and modifies all private addresses in packets received from internal network to its own public address and sends them to the Internet. Upon receiving packets back, it does the opposite - it remembers the IP addresses and port numbers in a special NAT table.

A connection from the outside is possible only when we set appropriate port forwarding on the router. However, we can bypass that problem and create a tunnel between our computer and the server to connect our computer and server directly.

Part 1.


In the second part, we'll create a tunnel between local port 80 (on our computer - the local HTTP server) and port 8080 on the remote server. However, because of security reasons, the remote port 8080 will be opened only on the loopback interface of the VPS - 127.0.0.1. Because of that, we have to reconfigure our server to open connections on every port. We'll do that now.

  1. In your favorite editor, open the /etc/ssh/sshd_config (or /etc/openssh/sshd_config) file as root.
    nano /etc/ssh/sshd_config

  2. Find:
    #GatewayPorts no

  3. Change that line to:
    GatewayPorts yes

  4. Save the file and close the editor.

  5. Restart SSHD server:
    Debian/Ubuntu:
    service ssh restart
    
    CentOS:
    /etc/init.d/sshd restart

Part 2.


In this section, we will create the tunnel.

Unix and OpenSSH:


ssh abc@def -R 8080:127.0.0.1:80
 
    abc - username
    def - server address
    8080 - port number that will be opened on remote server - our proxy server
    127.0.0.1 - IP address we open tunnel to
    80 - port number we open tunnel to
This time, our tunnel is local, but we can make a tunnel connection to other computers in the same network by using NAT.

Windows and PuTTY:


  • Choose the connection and load the settings.
  • Go to Connection->SSH->Tunnels
  • Set it like that:

    It looks like that

  • Click on Add:

    noname3

  • Save the session and connect.

After logging in, we can get to our local HTTP server from outside our network through an OpenSSH proxy server that has a public IP address. Open the following in a browser:
http://IP-address-or-domain-of-our-server-change-that-for-your-name:8080/

Theory continued



As you can see, there are three types of SSH tunnels:

  • Local - -L option - a tunnel is opened on our local port and listens for connections that are redirected first to our saved connection to the SSH server, and next to the target host.

  • Remote - -R option - a tunnel is opened on SSH server. After receiving a connection by the server, all transmissions are redirected out our local tunnel.

  • Dynamic - -D option - a tunnel is opened on a local loopback interface. Transmission takes place through the SOCKS protocol. You can tunnel any packets through this - TCP, UDP. It's possible to connect to any server on the Internet through a proxy SSH server. To redirect all system traffic through the SOCKS proxy, you can use a program like proxifier.
Source : https://www.digitalocean.com/community/articles/how-to-set-up-ssh-tunneling-on-a-vps

Thursday, 6 February 2014

How to Update WordPress Automatically Without Using FTP

In some cases, you are not able to update/upgrade your WordPress and plugins to a newer version without providing your FTP connection information. This is a common issue whereby the WordPress system can’t write to your /wp-content folder directly.
FTP
To solve this issue you need to define the FTP details in your wp-config.php file so WordPress will remember it. Alternatively, you may also provide WordPress with write access to your /wp-content folder by accessing the FTP root file and changing the folder file permission (CHMOD) to 775 rather than the default 755 and 644.
There is however an easier way to deal with this; by defining constant, FS_METHOD in your wp-config.php file. This bypasses WordPress’s recurring prompts, and allows auto-updates of your files to happen. And it takes only 1 line of code to do this.

1. Open /wp-config.php

Now the first thing you need to do is to open the wp-config.php file from your WordPress root folder (you may access this file from your WordPress installer folder). From the installation folder, the file is located at wordpress/wp-config.php

2. Insert FS_METHOD

Paste the following code to your wp-config.php file, preferably just below every other line of code.
define('FS_METHOD','direct');
FS Method

3. Save and upload

When you have already pasted the one-line code, you can proceed to upload the file to your WordPress root folder on your server, and it should work right away. Uploading can be done directly from your host control panel.

Conclusion

The FTP issue normally happens when you are on shared hosting and when WordPress is having a conflict with permissions and ownerships. With this ‘direct’ method implemented, you will be able to update or upgrade your WordPress and plugins installations to newer versions without having to provide any FTP details.

Source : http://www.hongkiat.com/blog/update-wordpress-without-ftp/