mypapit gnu/linux

January 5, 2011August 9, 2015

Howto make SSH listens on multiple port

Although it is a security risks, it is possible to make OpenSSH listens on multiple port.

To do that, you need to edit /etc/ssh/sshd_config file. and enable the “GatewayPorts” option.

AllowTcpForwarding no
GatewayPorts yes
X11Forwarding no
#X11DisplayOffset 10

Look for the line that contain “Port 22”, and uncomment it if necessary, and add additional Port line to enable OpenSSH to listen to other ports. Like this:

Port 22
Port 80
Port 1025

The example will enable OpenSSH to listen to port 22,80,1025 simultaneously. Don’t forget to restart SSH service to enable the change by running :

sudo /etc/inet.d/sshd restart

Warning: Running SSH on multiple port may cause security risk, you have been warned!

Recommended Reading

January 4, 2011January 2, 2011

How to change Linux I/O Scheduler during runtime

This post describes the steps on how to change the Linux I/O scheduler dynamically while running a Linux operating system. You can refer to the previous post on the explanation of the differences of Linux I/O schedulers.

I/O schedulers determine how disk read/write are managed by the Linux kernel. Changing I/O scheduler requires you to know the name of your block device. So assuming your disk drive is “sda”, you can change the I/O scheduler using this command.

sudo echo noop > /sysfs/block/sda/queue/scheduler

This will change “sda” disk scheduler to NOOP, which is suitable for SSD drive. To display the current i/o scheduler, you only need to run this command.
cat /sysfs/block/sda/queue/scheduler anticipatory deadline cfq [noop]

Note that, you will need to run this command each time you reboot or switch on your machine. In order to make the change permanent, you need to edit /etc/sysfs.conf and add “block/sda/queue/scheduler = noop” at the end of the file.

January 4, 2011January 2, 2011

Easy File Encryption On Ubuntu Linux with OpenSSL

Here’s an easy way to encrypt your file using OpenSSL. The general syntax is:

openssl enc (cipher) -e -in (input file) -out (output file)

so to encrypt a “plaintext.txt” file, using aes256, you only need to run this command:
openssl enc aes256 -e -in plaintext.txt -out encrypted.txt

Similarly, to decrypt the file, you can run the command:
openssl enc aes256 -d -in encrypted.txt -out decrypted.txt

January 3, 2011January 3, 2011

The differences between Linux IO Scheduler

The Linux kernel input/output scheduler (IO Schedulers) controls the way the kernel handles read/write to disks. Different I/O schedulers may have different impact on certain workloads. Here are the list of available Linux I/O schedulers:

1) Noop
Noop scheduler is the simplest IO scheduler available in the kernel. It does not perform sorting or seek-prevention. It is intended for devices that has no mechanical parts or is capable of random access such as SSD or flash-disk.

2) Anticipatory (AS)
Anticipatory is the default I/O scheduler for Linux kernel (2.6.x) until it was replaced by CFQ. It tries to optimize disk I/O by minimizing disk seeking/head movement whenever possible. However, it does has performance impact on file and database servers

3) Deadline
As the name implies, the deadline scheduler imposes deadline on all operations. This is to prevent resource starvation, so that every operation can be completed on time without being starved by other operations. The kernel documentation suggests Deadline scheduler to be used on storage and database servers

4) Completely fair-scheduling (CFQ)
CFQ tries to allocate the same resources to all users in the same time interval, hence the name. It tries to allocate fair amount of resources to all users, which would be ideal to use this on a multi-user/multi-purpose system. It is the default scheduler for Linux kernel since 2.6.18.

January 3, 2011January 3, 2011

Ubuntu 11.04 Natty Narwhal Countdown Graphics

Join the crowd in full anticipation of Natty Narwhal, get the countdown badge now!

Available in FOUR(4) different sizes from picomol.de site

January 2, 2011

Debian: Force users to use more secure login password with pam_cracklib

One of the factor that makes your system easily crackable is the weak password. PAM cracklib forces users to choose stronger password by analyzing the password strength, length and entropy.

To enable pam_cracklib in Debian / Ubuntu operating system, you need to install libpam_cracklib:

sudo apt-get install libpam_cracklib

Then edit the “/etc/pam.d/common-password” file using your favorite editor. Then, add and uncomment the following line at the end of the file.

password required pam_cracklib.so retry=3 minlen=6 difok=3

difok determines the number of same characters that allowed to be present in the old and new passwords.