If you want to jump between servers without any password authentication but you still need security here is what you have to do.
There are two ways of achieving this:

On Debian/Ubuntu you can just type:

$ cd $HOME
~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key:

Press Enter each question and you will have a pair of keys ready to use.
You will be asked for a passphrase but if you do not want to insert anything just leave it blank.
This procedure will create one private and one public key.
$ ls .ssh/
id_rsa id_rsa.pub known_hosts
The private key must be secured on your box whereas the public key can be copied across
~$ ssh-copy-id -i .ssh/id_rsa.pub 192.168.1.30
At this time you will be asked for the password but once the key has been copied you will be able to ssh just perfectly.

As additional security you could lock the account to prevent someone without key to ssh into the box. In order to do that

me@mybox:~$ ssh 192.168.1.30
me@server:~$ su -
password:
root@server:~# usermod -L me

usermod -L will lock the account “me” preventing anyone using password credentials for that account. You will only be able to access with you trusted ssh-key. If you don’t want anymore the account locked just type:
root@server:~# usermod -U me
-U flag will unlock the account

ON SOME OTHER DISTROS:
the “ssh-copy-id” utility doesn’t exist so you will have to copy it manually.
If you can copy and paste then
~$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAv4k0ChLXCfpF+o/4HcqAqYEivRSHHYsTlXfT4I0jmOAI+MKjVTB/CtKqq4h7KMyXrUUo7vtceac4i2FRSm6PdsWksJXsYxkOj+ZXXD2fOnJIDKfIr41URcZH4qmztYO+/9YYcQudPzNlt9tLx5jrkhI7sLy56OmKRwfrxq+UY7ebt+j7y5DmevJP0u7bzREPUA/rcVoPxH0/u015O2BcaJmNoxR1pNfMC3Oefn1eAkodo6fOa3vHHo7WhSpDL/42xsBWPnOAAEDM9tmOUyCJDc8l4Mzm+TindqY2yL2GPspabaEAV3rfuF9O4Ywe+tVIPc2/YXo9XvQxyXZqHxtcw==== me@mybox

and paste the line into the remote server’s .ssh/authorized_keys file. REMEMBER that it’s just one line so if during copy and paste you get some new line characters that key won’t work.

If you can’t copy and paste and want to have the confidence the key has been correctly copied just scp the id_rsa.pub to the server

me@mybox:~$ scp .ssh/id_rsa.pub 192.168.1.30:/home/me/
me@server:~$ ssh 192.168.1.30
me@server:~$ cat id_rsa.pub >> .ssh/authorized_keys


For more info
man usermod
man ssh-keygen

Doing visudo you get nano instead of your favorite text editor?
Mine is vim therefore I issue:

DEBIAN/UBUNTU way

# update-alternatives --config editor
There are 4 alternatives which provide `editor'.
Selection Alternative
-----------------------------------------------
1 /usr/bin/vim.tiny
2 /bin/ed
*+ 3 /bin/nano
4 /usr/bin/vim.basic
Press enter to keep the default[*], or type selection number:

Selecting 4 I’m ready to use my full syntax colors when I edit any file.

OTHER DISTROS
Edit your .bashrc file and add the following:
EDITOR=vim
export EDITOR
Next login you will have your VIM working.
If you want to have it immediately and only for this session just type
# export EDITOR=vim
and press enter.

I’ve come across multiple ways of doing it but so far the best way is the following (I assume you are on i386 platform and you have access to the net):
1. Download boot.img.gz from Debian website
2. Download the net-install image choosing i386.
3. Plug your USB drive into a Linux PC, open the shell and type

$ dmesg

Last few lines should be like the following:

sd 7:0:0:0: [sdb] Attached SCSI removable disk
sd 8:0:0:0: [sdb] 4030464 512-byte logical blocks: (2.06 GB/1.92 GiB)
sd 8:0:0:0: [sdb] Write Protect is off

Now we know it has been mapped as sdb

4. Use zcat to load the boot.img.gz onto your USB drive

# zcat boot.img.gz > /dev/sdb

CAUTION!!! this will destroy the entire data on the USB drive, make sure you have done the backup.
If you get an error ensure the following:
- You are root (don’t use sudo)
- The USB drive it’s not mounted, if it is umount it before issuing the above command.

5. Now mount the USB drive and copy the net-inst.iso image on it.

All done! Now plug it into the box you want to setup and enjoy the old fashion Debian installer

This tip might comes handy when you do a system check and you want to make sure you don’t check the same file twice.

Let’s pretend that our “file1″ is a conf file that needs review. As you can see the output of the command issued below shows that the file was last edited in June.
Today I want to check the file without editing it and make sure next time I won’t check it again:

$ ls -l
total 0
-rw-r--r-- 1 luca luca 290 2009-06-29 16:33 file1


Touch is an excellent tool in this case:

$ touch file1
$ ls -l
total 0
-rw-r--r-- 1 luca luca 0 2009-08-29 19:43 file1

The Modification Time has changed and so has the access time.

If you want to change just the modification time leaving the access time untouched try with the -m option

$ touch -m file1
$ ls -l
total 0
-rw-r--r-- 1 luca luca 0 2009-08-29 19:46 file1
$ stat file1
[..]
Access: 2009-08-29 19:43:45.000000000 +0100
Modify: 2009-08-29 19:46:15.000000000 +0100
Change: 2009-08-29 19:46:15.000000000 +0100

And -a is just for the Access Time.

Another interesting option is -t. It lets you set the time and the date with whatever you like. This is often used to do fishy things

$ touch -t 200701012301 file1
$ stat file1
[..]
Access: 2007-01-01 23:01:00.000000000 +0000
Modify: 2007-01-01 23:01:00.000000000 +0000
Change: 2009-08-29 19:52:26.000000000 +0100


This is how to add a DNS Server to Solaris Box…

First of all, Open up your favourite text editor and add the name servers into /etc/resolv.conf

nameserver 192.168.1.1

If you need to add more, just add another one in the next line…

Following the instructions below will walk you through the process…

bash-3.00# ping www.google.com
ping: unknown host www.google.com
bash-3.00# cat /etc/resolv.conf
nameserver 192.168.1.1
bash-3.00# cd /etc/
bash-3.00# cp -p nsswitch.conf nsswitch.conf.org
bash-3.00# cp -p nsswitch.dns nsswitch.conf
bash-3.00# /etc/init.d/nscd stop; /etc/init.d/nscd start
bash-3.00# ping www.google.com
www.google.com is alive
bash-3.00#

As you can see, the Name Server is working!

Adding IP address and default gateway is rather straight forward as long as the interface is loaded. To see whether the interface is loaded, issue the command ifconfig –a

You should see something like the following…


bash-3.00# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
rtls0: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 0.0.0.0 netmask 0
ether 0:6:4f:47:76:1e


In this case, we will be adding the IP address and subnet mask to rtls0 along with the default gateway.

IP Address: 192.168.1.60
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1

Here is how its done…


bash-3.00# ifconfig rtls0 192.168.1.60 netmask 255.255.255.0 up
bash-3.00# route add default 192.168.1.1
add net default: gateway 192.168.1.1
bash-3.00# ping 4.2.2.2
4.2.2.2 is alive


Success! We can now ping a WAN IP! and here is the new output of ifconfig -a


bash-3.00# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv 4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
rtls0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.60 netmask ffffff00 broadcast 192.168.1.255
ether 0:6:4f:47:76:1e


When a Name Server looks up a domain for the IP address, it stores the information into the cache so it doesn’t have to look it up every single time a request is made. For example, if someone looks for www.nishv.com the DNS server will look up the domain and stores the IP address 72.52.178.35 into the cache for a given time so it doesn’t have to look up that domain again for a given period of time.

DNS cache poisoning (also known as DNS cache pollution) is a maliciously created or unintended situation that provides data to a DNS Server that did not originate from authoritative DNS sources.

It happens when an attacker sends malicious data in response to a DNS query. For example, DNS query for www.nishv.com can be redirected to another website.

This method is taking the phishing scam to another level, you might be visiting your bank’s website but without you realising it, you will actually be putting in all the login information into some hackers servers which made it look exactly like the bank’s website. Yes, this is very serious!

How do you patch it?

On the client side (we are talking about Microsoft Windows here), your machines should have been patches automatically if you set the Auto-Update option. If not, I recommend you check the available updates and patch it as soon as possible.

If you use a DNS Server, my recommendation is to use the following command to figure out whether it has been patched or not. If it is not, STOP using it and have a look at this post on OpenDNS for more info.

Use the following DIG command on UNIX


dig +short @{name-server-ip} porttest.dns-oarc.net txt
dig +short @ns1.example.com porttest.dns-oarc.net txt
dig +short @208.67.222.222 porttest.dns-oarc.net txt


and you should get a result similar to this…


nishv@nishv.com [~]# dig +short @208.67.222.222 porttest.dns-oarc.net txt
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"208.67.217.8 is GREAT: 26 queries in 2.1 seconds from 26 ports with std dev 20119"

Or something like this…

nishv@nishv.com [~]# dig +short @4.2.2.2 porttest.dns-oarc.net txt
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"209.244.4.25 is GOOD: 26 queries in 1.9 seconds from 26 ports with std dev 3880"


If you don’t get GREAT or GOOD and gets something like POOR, you should immediately stop using it.

If you manage that DNS server, patch it or decommission it!

This is how to check on Windows

Open up command prompt by going Start --> Run --> CMD or on Vista typing CMD on the Start Search box


nslookup -type=txt -timeout=30 porttest.dns-oarc.net
nslookup -type=txt -timeout=30 porttest.dns-oarc.net ns1.your-isp.com
nslookup -type=txt -timeout=30 porttest.dns-oarc.net NS-SERVER-IP


You must see the GREAT or GOOD, if not your DNS Server is compromised.

You can see Dan Kaminsky’s presentation below…

Setting multiple IPs on Linux or in this case Debian is rather straight forward… All the network info is stored in the file /etc/network/interfaces and you just need to add the info to the file…

Before making changes to this file, I recommend you check your values at least 3 times! If you have made a mistake and trying to do it from a remote location, YOU WILL LOCK YOURSELF OUT!

This is a sample configuration with device eth0 having the IP address of 192.168.1.2 on a Class C Network with 192.168.1.1 as the default gateway.

/etc/network/interfaces:

# /etc/network/interfaces – configuration file for ifup(8), ifdown(8)

address 192.168.1.2
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.1

In order to add multiple IPs to the same interface, In this case eth0 You need to add it in the following method…

auto eth0:0
iface eth0:0 inet static

address 192.168.1.5
netmask 255.255.255.0
broadcast 192.168.1.255

Thats it, after you have made all the necessary changes, you need to restart the networking by issueing the following command…

# /etc/init.d/networking restart

It is pretty easy when it comes to gaining root password to any Linux System as long as you have physical access.

This is how to change Fedora’s ROOT Password.

When your box starts up, You will see the GRUB screen…

What you need to do is, press the a Key instead of Enter

You will see something like the following…

kernel /vmlinuz-2.6.9-1.667 ro root=LABEL=/ acpi=on rhgb quiet

Add 1 at the end of that… So it looks like the following…

kernel /vmlinuz-2.6.9-1.667 ro root=LABEL=/ acpi=on rhgb quiet 1

This will make the box boot into Runlevel 1

You simply type

passwd

Enter the new ROOT password and reboot the machine.

Same thing goes for Any Linux System as welll… All you got to do is, add the following kernel argument…

init=/bin/bash

And then just change the password…

If you have a website and want to force www.domain.com Use the following .htaccess code

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

If you want to eliminate the www prefix like domain.com then use the following .htaccess code


RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.+)$
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]