Tag: linux

SSH REMOTE HOST IDENTIFICATION HAS CHANGED

contrib Leave a comment 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is

If you receive the above message when attempting a SSH connection it may be down to the host IP changing. If this is expected you can remove your known_hosts file or use:

ssh-keygen -R [hostname/IP address]

to remove the entry from the known_hosts file.

IP Forwarding and Masquerading in Linux Using UFW

data Leave a comment

In this example we have 2 private subnets 192.168.1.0/24 and 172.16.1.0/24 where only 192.168.1.xxx addresses can directly access the router at 192.168.1.1. We want to access the internet from both subnets.

We need a machine connected to both networks and allow IP forwarding from 172.16.1.0/24 to 192.168.1.0/24. Although probably better with 2 NICs it can be done usings network aliases using only 1 network interface.

Presuming you have a configured NIC with an address for eth0 on the 192.168.1.0/24 range and on eth0:1 an address from 172.168.1.0/24 we can start configuring the machine. This machine will act as the gateway for the 172.16.1.xxx range.

First check if packet forwarding is activated.
Step 1:
Check /etc/default/ufw and make sure DEFAULT_FORWARD_POLICY is set to ACCEPT.

DEFAULT_FORWARD_POLICY="ACCEPT"

Step 2:
Type the following to test for IP forwarding

cat /proc/sys/net/ipv4/ip_forward

If this returns 0 we need to turn it on. Edit /etc/ufw/sysctl.conf and uncomment

net.ipv4.ip_forward=1

Now to configure IP masquerading, network address translation
Edit the file /etc/ufw/before.rules and add the following code to the top.

*nat
:POSTROUTING ACCEPT [0:0]

#Forward traffic from the alias range 172.16.1.xxx through eth0
-A POSTROUTING -s 172.16.1.0/24 -o eth0 -j MASQUERADE

COMMIT

To activate new firewall settings type

ufw disable
ufw enable

If ufw was not already enabled you may need to alter some rules as it may now be blocking some routes and ports. In this example we may need to add rules such as.

ufw allow from 192.168.1.0/24
ufw allow to 192.168.1.0/24
ufw allow from 172.16.1.0/24
ufw allow to 172.16.1.0/24

Tested with ubuntu server 11.10

Using OpenSSH on a Linux Server with Filezilla

data Leave a comment

On your linux server install OpenSSH if not already present.

#debian
apt-get install openssh-server
#redhat
yum install openssh-server

Using Filezilla on a client enter the relavent details using the SSH protocol SFTP and user credentials setup on the server.

Filezilla will ask you if you want to trust the connection and will display the rsa key. SSH keys are generally stored in /etc/ssh/. You can view the rsa key on the server by typing:

ssh-keygen -lf /etc/ssh/ssh_host_rsa_key

For more direct remote management using SSH you can use cross-platfrom tools such as PuTTY or the FireSSH extension for the Firefox web browser