Notes and comments from ORM Designer development
1) Install git client
choco install git -Y
2) generate ssh key for your email
ssh-keygen -t rsa -b 4096 -C "[email protected]"
3) enable `OpenSSH Authentication Agent` in Services management
4) add key to agent
ssh-add C:\Users\USER\.ssh\id_ed25519
5) add key to github
type "C:\Users\USER\.ssh\id_ed25519.pub"
6) test key
ssh -T [email protected] Hi USER! You've successfully authenticated, but GitHub does not provide shell access.
How to connect to remote computer with private key by using ssh:
#register private key ssh-add ~/dev/Private/ludek_vodicka_dsa.openssh #connect to computer and forward local port to remote computer and remote port ssh my-computer.com -p PORT -lUSER -L LOCAL_PORT:REMOTE_COMPUTER:REMOTE_PORT #connect to computer and create SOCKS proxy on port SOCKS_PORT ssh my-computer.com -p PORT -lUSER -D SOCKS_PORT
If your private key was created for Windows, it will probably not work on linux/mac. It’s necessary to convert it by using puttygen (on mac or windows). You need to open it by puttygen and choose “Save as openssh” from menu.
Even though I find phpMyAdmin and similar tools useful I don’t like them on production servers. When I spent a lot of my time protecting website against SQL injection I don’t want to leave opened doors to access the database through phpMyAdmin. Many phpMyAdmin installations are not protected with HTTPS and just one login on a public or attacked wifi can lead to a lot of troubles. So I recommend to delete the phpMyAdmin installation from the server and start with a more comfortable and secured way to do the task.
SSH tunnel will give you the security you’re looking for. Start your Putty, load the session and configure tunnel:
I’ve selected port 3366 to be used on my local machine so it avoids conflict with my other installation. Now I can connect from any tool to MySQL database at localhost:3366. I prefer Netbeans IDE and MySQL Workbench which is also really great for server/user configuration.
We are using SSH a lot to deploy our projects and to do common maintenance tasks. If you are accessing your server many times a day you might find frustrating typing the password all the time. You can use private key instead. Here are some detailed articles about adding RSA key and configuring SSH daemon. Bellow is a summary of the basic steps for Windows users.
Putty which is a great alternative to the Linux tools. To generate private/public key you should use PuttyGen.exe. Run the application, click generate and follow the instructions. It’s a good idea to put your name into the key comment so you could easily recognize your public key in configuration files. You should also protect your key with a password.
Copy the public key which is located in the big text field above Key fingerprint field. Append the public key into /root/.ssh/authorized_keys file (if you want to login as root). You might need to create this file if it doesn’t exist already. Click on Save private key button and save the key to a secured place. You can now use this private key to login with putty to the remote server. To make things more comfortable you can use an agent to store unlocked private keys in the memory while you are logged into your computer. Run this command after you login:
pageant.exe john_doe.ppk
Without any further settings you should now be able to login to the remote SSH without password. If everything worked as expected you can now disable password authenticated access to make your server more secure:
# /etc/ssh/sshd_config
PasswordAuthentication no
To load you key after you login to a Linux box (useful for deployment) insert:
# ~/.bash_profile
# include .bashrc if it exists
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
keychain --clear id_rsa
. ~/.keychain/$HOSTNAME-sh
ssh-add
Now we have a little bit more secured but more comfortable way to use SSH.
To change computer network use following commands:
sudo nano /etc/hostname sudo reboot [/surcecode] To check host name: hostname
To setup SSH access use:
sudo apt-get install ssh sudo apt-get install openssh-server
