blog.no-panic.at

Yesterday the wonderful Howtoforge had an article that finally freed me from my beloved/hated scponly. MySecureShell offers all the functionality of a proper SFTP server, easily configurable and very well integrated.

To get it up and running on Debian, just download the latest *.deb version from Sourceforge.
Then install it with the following command:
dpkg -i mysecureshell_0.95_i386.deb

Now for every SFTP user you want on your system just do the following (substitute ‘test’ with your desired username).
Add a normal user to your system:
adduser test
Open the file /etc/passwd and change the user’s shell from /bin/bash to /bin/MySecureShell. The line then should look something like this:
test:1111:1111::/home/test:/bin/MySecureShell
Alas, you have a chrooted SFTP only user, without the clutter of numerous additional directories for the chroot. Simple and elegant

The last step is to have a look through the config file in /etc/ssh/sftp_config, it’s pretty well documented!

This is a quick HowTo for installing the eAccelerator PHP cache/optimizer on a Debian system (should be applicable to other Linux distros as well).

1. Download the latest release from SourceForge.net to your server and extract the sources.
2. Change to the sources directory and type in the following.
   export PHP_PREFIX="/usr"
$PHP_PREFIX/bin/phpize
./configure --enable-eaccelerator=shared --with-php-config=$PHP_PREFIX/bin/php-config

   This should set up the environment and compile configuration correctly.
3. Now compile with make and install with make install (as root) afterwards.
4. To configure eAccelerator you have to edit your PHP config which resides in /etc/php4/apache2/php.ini on my system.
   Add the following lines at the end: extension="eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
   The file README in the sources directory gives a pretty good explanation of all those parameters. The only one you should probably alter is the shm.size because 16MB of shared memory might be a little bit too conservative.
5. Last step is to create the directory where eAccelerator stores the cached scripts which don’t fit into the shared memory. mkdir /tmp/eaccelerator
chmod 0777 /tmp/eaccelerator

Now you’re done. Further tweaking can be accomplished by altering all the parameters in the php.ini file.

For a long time I wanted to be able to run both PHP 4 and PHP 5 on the same server. Now I finally managed to come up with a solution that is easy to install and easy to use.

1. Add the Debian Backports repository to your /etc/apt/sources.listdeb http://www.backports.org/debian/ sarge-backports main contrib non-free(on one line)
2. Issue a package update: aptitude update
3. Install PHP 5 as CGI module: aptitude install php5-cgi
4. Configure Apache by adding the following lines to your main config file. In my case this was /etc/apache2/apache2.confScriptAlias /php5-cgi /usr/lib/cgi-bin/php5
Action php5-cgi /php5-cgi

5. Now find the Virtual Host you want to run on PHP 5 and simply put the following line into the <Directory> directive.AddHandler php5-cgi .php
   This overrides the default handler for files ending in .php which would be the normal PHP 4 module. Whit this directive it is now parsed and executed by the PHP 5 CGI binary.
6. Reload your webserver config with
   /etc/init.d/apache2 reload

I set up scponly to permit some of my users, for whom I host websites, to use sftp/scp to transfer files to the server but refuse them to login with a fully functional shell. After configuring scponly to chroot to the users home directory and some initial tests it worked very well with Transmit on the Mac, Filezilla on Windows and Putty/Terminal. The only thing that didn’t work was using Dreamweaver in SFTP mode to connect to the server.

After a bit of digging around me & Herbert found out that Dreamweaver will only communicate with the SSH server if you change the config from the Debian-standard, refusing “tunneled clear text passwords”, to permiting it in /etc/ssh/sshd_config.

# Change to yes to enable tunnelled clear text passwords
PasswordAuthentication yes

After a quick /etc/init.d/ssh restart Dreamweaver was able to log in as well

To set up chroot for scponly on a Debian system do the following:

1. unzip the chroot script in /usr/share/doc/scponly/setup_chroot
2. chmod +x setup_chroot.sh
3. ./setup_chroot.sh
4. type in the user you want to have scponly access
5. accept the default for home directory
6. type in the directory to be user writeable (in my case “www”)
7. choose a password
8. optional: compile the groups.c file in /usr/share/doc/scponly gcc -o groups groups.c and move it to the chroot mv groups /home/user/bin/.

…simple as that

Ein einfacher und schneller Weg um Packages zu sichern um beispielsweise ein System zu clonen.

- Use “dpkg –get-selections > selections.txt” on your current system.
- Copy the “selections.txt” file over to your target system.
- Run “dpkg –set-selections < selections.txt" on your target system.
- Finally, "apt-get dselect-upgrade" will download and install the packages.

Die jeweiligen configs noch aus /etc und man sollte eine gleichwertige Kopie haben.