Tag Archives: Security

Change permissions on files of a specific type in linux

Need to change all *.ksh files to be executable under a directory, but not having luck with a recursive chmod? The issue is you need to combine chmod with a find and xargs like so…

find /home/user -name '*.ksh' | xargs chmod 744

The first piece lists all the files under the path that match *.ksh and passes them to xargs and chmod. If you want to see an example without changing any permissions, just substitute ls -l like so…

find /home/user -name '*.ksh' | xargs ls -l

Setup password-less SSH and SCP with public/private keys

Want to scp a file to another server without having to enter the password?  Want to just make your security even stronger?  Public/private keys to the rescue!  Of course, if you don’t know what I’m talking about or why you would want to do this, feel free to google it or just go visit another site.

For those still with me, you need access to both the local and remote servers (duh).  I’m going to refer to the server/host you are logged into as the local machine, and the one you want to connect to as the remote machine.

First, on the local machine you need to generate your public and private keys.  To do so, enter this command…

ssh-keygen -t rsa

Be sure to just hit enter to the questions you’re prompted with (otherwise you will have to enter a password when connecting with the keys – which goes against the whole point of this post).  This will create a couple of files in your .ssh directory (something like id_rsa and id_rsa.pub – your private and public keys respectively). Your public key (the file you want to distribute) ends in “.pub”. Assuming you have that file, send it over to the remote machine (perhaps with scp, yes?)…

scp ./id_rsa.pub user@server.com:/home/user/.ssh/id_rsa.pub

Of course password authentication isn’t enabled yet so you’ll have to enter the password. Next up, you need to login to the remote machine and visit your .ssh directory, and cat the .pub file into your “authorized_keys” file (don’t worry, the command below will create the file if it doesn’t exist. I leave it to you to know how to create the .ssh directory if needed)…

cat id_rsa.pub >> authorized_keys

It’s then a good idea to secure your file and delete the temporary public key on the remote machine…

chmod 600 authorized_keys
rm id_rsa.pub

Once you’ve done all this, you should now be able to connect without a password! Just use your private key…

ssh -i ./id_rsa user@server.com

Have fun!

SSH, SFTP, and SCP on non-standard ports

One common suggestion for securing a secure shell connection on Linux is to change the port that ssh runs on.  But how exactly do you connect to a server on one of these non-standard ports?

Naturally, the syntax is different for each so here goes:

ssh

ssh -p 33432 user@server.com

Yes, ssh uses a lower case p command line argument. Just wait until we get to scp.

sftp

sftp -o "Port 33432" user@server.com

Of course sftp uses a plain English option parameter of “Port XXXX”

scp

scp -P 33432 /home/user/file.txt user@server.com:/home/user

And naturally scp uses a capital P

Gotta love consistency!