mintCast 311 – SSH
Introduction:
- Welcome to mintCast Episode 311.
- First up, in our Wanderings, I had to rebuild my network, Moss becomes more reliant on Linux Mint, Joe games on an Atari, Josh gets nominated for awards and installs Deepin, and Tony Hughes gets scammed.
- Then, in the news, Firefox protects everyone and lots of new releases.
- In our innards, we talk secure connections.
- Finally, we wrap up the show with lots of feedback and a couple recommendations
BI-WEEKLY WANDERINGS:
- Leo
- Got a 64GB SD card (Patriot V30, A1) for Batocera. Gives more room than the 32GB ADATA USB I was using, and fully hides itself within the laptop! And turns out, my HP Stream won’t boot from an SD card, so I had to get a 64GB Sandisk Cruzer Fit. Worked like a charm. Now to find a use for a 64GB SD card.
- pavucontrol – Pulse Audio Volume Control. Allows me to increase the input volume on the mic on the way in, which allows me to avoid adjusting it within Audacity itself.
- Arch… a busy week and a dead switch this weekend put my plans on hold
- Now I’ll be testing out the newish Cisco SG350P and an ERPOE-5.
- Moss
- The new job has kept me completely occupied, but I’m listening to more podcasts during drive time. No new money, no new hardware. I did sell the Canon printer at last, and ordered the HDMI cable so I can test those other computers I have.
- I found that I did not have Mumble or multiple workspaces set up for Ubuntu Budgie 19.04, and ARandR in Bodhi is not that easy compared to Displays, so I will likely continue to use Linux Mint for podcasts for the present. Once again, when you need something to work the first time and every time, Linux Mint for the win.
- I’ve been polishing my script for the next episode of Distrohoppers’ Digest. The last episode could have stood a bit more work on my end, and I will take the learning experience and grow from it.
- I was hoping to install OpenMandriva Lx 4 on the announced date of June 6, but it is not out yet and the announcement seems to have been pulled. Large parts of the openmandriva.org website were giving 404 or 505 errors but have been revived just this week. Softpedia states that the final version will be out “in summer or early autumn”, with no source quoted.
- The donation to Linux Mint has been made in the name of mintCast Team, as promised (6/1/19, so it will be in the June numbers). I have spent a lot of time being sad as the Destination Linux Telegram group is exploding with all the wonderfulness of SELF.
- Josh
- Finalist in Tech4Good awards and the ARM Young Coder of the Year
- Revising for mock exams 🙁
- Installed Deepin on my Dell XPS 13 and it’s great! Screen setup is a pain though. The config window is the worst I’ve ever seen. The installation process is amazing, it’s really graphical and is probably the best installer i’ve ever seen on a distro. Worked straight away with my DSP MST hub (unlike Ubuntu) and I would highly recommend it as a starting distro.
- Tony H
- Buying and installing Windows 10 1903, and Mint19.1 mate to another E7440 I picked up on eBay, not only was it a good deal for the advertised specification, it was even better when I got it and it was an i7 as opposed from the i5 in the description on the auction. WIN
- Well it’s finally happened I fell for an online scam during the week, I couldn’t find my Euro health insurance card (ehic) and went online to order a new one, and got caught out by a dodgy processing website that charges you to do what you can do for free. ALL my fault, not feeling well due to an ear problem and in a rush I didn’t read all the small print on the site. As my wife did it last time I didn’t realize it was an NHS Portal and should have had the NHS logo etc. This has cost me £33 to learn a painful lesson in how not to behave on the web. Made me feel quite vulnerable, and understanding of others that get scammed far more seriously than that.
- And after a conversation with Ken Fallon, HPR will be airing the first episode of Distrohoppers Digest to give us a little publicity (Thursday 20th June 2019 http://hackerpublicradio.org/eps.php?id=2839)
- Joe
- Family in town. Minimal projects
- Working on a bluetooth speaker.
- Had no battery when i received it but a 5v power was hooked directly up to the battery power input.
- The speaker was also hooked up manually and no solder was used. The speaker did not work at all until I took it apart and moved the connections
- I took apart a battery bank and a couple of USB cables so that I could give it external and battery power and soldered all the connections. Works pretty well now.
- Drilled a hole in the back so that you can get to the button on the bank and see the lights so you know how much charge it has.
- Got a hot glue gun to hold the board in the correct position.
- My dad brought me an Atari 1010
- Ordered a bunch of broken speakers and headphones to work on, plus I am consolidating a bunch of the old ones that I have for my vacation next week. Going to do a lot of trouble shooting and soldering. Yes I spend my vacation doing crazy crap
- Borderlands 2: Commander Lilith & the Fight for Sanctuary
- Doesn’t work on Linux yet. So far even with proton for me although I see others have it working fine.
- Going to try Lutris
- May have to finally go fix my Windows install.
The News:
- Firefox has Tracking Protection baked in
- E3 2019: games list, news and everything you might have missed
- Josh is VERY excited about the new MS Flight sim
- Zorin OS 15 release
- Deluge 2.0 BitTorrent Client released
- OpenProject 9, FOSS alternative to Trello or Jira, released
- Unity Editor for games officially available for Linux, supported by CentOS and Ubuntu for now – NOT OPEN SOURCE
Linux Innards:
- Leo
- SSH stands for Secure SHell. It’s a remote control protocol that allows you to remotely give commands to another machine.
- If you’re good at networking, this means that you can touch files or run commands at home, when you’re on the other side of the world!
- We’ll focus on the local network today
- Make sure the user account that you want to use is created on the computer you want to connect to. In my case, that’s the Leo account
- While you’re creating the account on the computer you want to control, also install the package: sudo apt install openssh-server. The ssh server turns on by default, and enables itself on startup. systemctl disable ssh will stop this from starting up on boot.
- Back on your local machine, use the command ssh $USER@$IP. As long as there isn’t a firewall in the way, it’ll ask if you want to remember this machine. Hit yes and supply your username and password.
- You can now run any command you would normally run as if you were right in front of the remote computer. Update things, install new packages, whatever you’re comfortable with in the terminal.
- The real benefit here is the file sharing that’s enabled with this process through SFTP.
- Open up Nemo or Caja (I believe Thunar has this ability too, but the names might be different), click File, then Connect to Server. Make sure SSH is the protocol and supply the IP address in the Server field, and fill out your username and password. This will log you in and give you access to all the files your user has permission to.
—–
-
- To add a large amount of security, you would want to use Public Key Authentication. In short, you create a padlock and a key. The padlock is your public key, and the key to open it is your private key. You can give anybody your public key, but you MUST keep your private key private. Otherwise, the security is gone
- To create this pair, run ssh-keygen. Your keys get stuck in your home folder within the .ssh directory. The permissions are automatically set on your private key to only allow you to see and change it. No one else on the system has permissions.
- To place the public key on the remote computer, use the ssh-copy-id command. In my case the command would look like ssh-copy-id -i ~/.ssh/id_rsa.pub leo@$IP
- You can now log in via SSH in the terminal, or through Nemo or Caja with no password at all! Your keys are being used and you’re now much harder to hack.
- The last step would be to disable password authentication entirely. In the terminal run sudo nano /etc/ssh/sshd_config. Find the line that says PasswordAuthentication no, and remove the hash mark from the beginning of the line.
- Restart the ssh service with systemctl restart ssh
- Now, your key is the only key that will work for ssh.
- Joe
- I wanted to go a bit further with automating ssh and show something useful that you can do on a daily basis with it
- So i am going to tell you how to setup sshfs so that you can access all of your files as if they were local.
- Access times are pretty good. Even from outside my network i am able to watch movies using VLC
- So even with a thin device you can have all of your files as if the drives are mounted to the local machine.
- First make sure that the ssh keys are setup as described by a couple of the others.
- Next make sure that sshfs is installed. It might be already installed but it needs to be on the client machine at least.
- Then you need to create a local folder to mount to. This should be set to some permissions that you can use. 755 should do it.
- Test your sshfs
- sshfs user@remote:/location path/localMount -C
- The -C allows for compression which is very helpful
- I usually mount my whole /mnt from my server to whatever folder i setup
- The next thing to do is setup some alias’ so that your less used mounts are easy to access
- Then setup a couple of scripts so that you can automount the remote drives whenever you are connected to the internet. Also to correctly unmount and remove when you lose connection.
- This is done using tools that are already available to use in linux mint
- I redid my setup to verify that it works and it is not perfect but it works pretty well
- There are 2 places that you are going to want to put scripts
- /etc/network/if-up.d/
- For when you are connecting to a network
- And /etc/network/if-down.d/
- For when you are disconnecting
- The files that you create should be bash scripts but should not have .sh in the name
- /etc/network/if-up.d/
- /etc/network/if-up.d/name
- #!/bin/sh
- sleep 5s
- su user <<‘EOF’
- sshfs user@server:/mnt /mnt/local -C
- EOF
- I want the mount to be owned by the user instead of root but the script needs to be owned and run by root hence the su user
- I want the network to be fully connected to i am giving a 5 second delay.
- etc/network/if-down.d/name
- #!/bin/sh
- killall -9 sshfs
- sudo umount /mnt/local
- #This will clear the mount so you don’t get conflicts on reconnect
- This is a very simple setup that works a large portion of the time. I want to re-write the scripts so that they are always looking to see if the mount is connected and for internet connections in a much more robust manner. Probably by pinging a website and checking for the mount.
- My server is overheating under load again. Which means it is a motherboard problem. So when i can afford it i will need to rebuild. Not sure what kind of setup i should get.
- Needs to be pretty fast
- Lots of ram
- Space for 5 3.5 inch drives
- Preferably quiet
- Not huge
- /etc/network/if-up.d/
- Moss – So you want to know how hard it is. Most of our listeners understand that I’m the least technical member on the mintCast team… Well, it works. I may not remember how we got there, but with a lot of help from Leo, I managed to ssh to my wife’s computer. Checked files in Terminal, ran caja, opened her external drive. Whoopee.
Vibrations from the Ether:
[A large number of HP printers still have the printhead on the ink cartridge. Here is a 2.5-year-old list (we could not find an update).]
Check This Out!
- Leo
- Moss
- Jason Evangelho wrote about DistroTest.net in Forbes Magazine Online… . and crashed the site. It seems to be up today but the live distros aren’t running. The scripts need to be rewritten, and the servers need to be upgraded.
- Tony H
- If you do need to create an install medium for Windows 10 which now needs a 5Gb disc, and you don’t have a dual layer DVD RW or DLDVD and need to create a bootable USB drive check out this utility, WoeUSB. In the last week I have used it to create the latest Win10 1903 .iso into a number of USB drives for installing to a couple of machines I was preparing for other people. In fact Etcher even suggested using it to create the bootable disk when I tried to use it to do the job, if it doesn’t like the drive you’re using, use GParted to wipe the partition recreate the partition table then format to fat32, after that it should work fine.
Announcements:
- No Tony H next show as he will be sailing the high seas on Holiday :-))
- Maybe no Joe
Wrap-Up:
- Bo – undercastnetwork.com
- Moss – Triad Bardic College, Peaceful Hippo, Distrohoppers’ Digest, MeWe, my music is on Bandcamp, [email protected]
- Tony Hughes – HPR – http://hackerpublicradio.org/correspondents.php?hostid=338 Occasional Blog https://tony-hughes.blogspot.com/ , Twitter @TonyH1212, [email protected], [email protected]
- Leo – leochavez.org and @leochavez on Twitter, and the Full Circle Weekly News podcast
- Josh – edublocks.org and @all_about_code on Twitter
- Joe – www.Tllts.org www.linuxlugcast.com MeWe [email protected]
Thanks:
- Josh for working on redesigning our website, setting up the YouTube and Twitch streams, and providing lots of technical help.
- Bytemark hosting for providing the new hosting server for the website. (Which will roll out soon, we promise!)
- Archive.org for hosting our audio files.
- The folks at Hacker Public Radio for the Mumble server we use to communicate
- The Linux Mint development team for the fine distro we love to talk about.
Podcast: Play in new window | Download
Subscribe: RSS
Don’t cut the show into parts. The people who complained can just hit pause and start back when they are ready. Down with the entitlement.
If you cut the show into 2 parts, and alternate between the parts week to week, you haven’t done anything to cut the length down, since you have 2 weeks worth of content for each part, so breaking the show into 2 parts doesn’t help, unless you do both parts every week. If you do feedback every other week, you’ll have 2 weeks worth of feedback.
You had a question about a dual boot where to get back into Linux, the guy had to go back into BIOS. I had a BIOS like that. I had Linux on a flash drive, and had the BIOS set to boot from the flash drive. I could still select the other OS from the Grub menu, but if I booted without the flash drive, and BIOS found the OS on the hard drive, it would automatically decide to boot from the hard drive from then on, even if the flash drive was present, so I’d have to go into BIOS to get it to look for the OS on the flash drive again. If this is the problem, it could be fixed by getting flash memory of a kind he doesn’t use, and plug it into the computer, and leave it in. Now run grub customizer, or Puppy’s grub fixer, and have it put the grub system on that flash memory that will never leave the PC. Then set the BIOS to boot from that flash memory. The flash memory can be small because it will point to an OS on another media, but the BIOS will never boot without it again. Even if the media with Linux on it is removed, Grub will still point to it the next time it is inserted.
I have had 2 computers, one a laptop that had Mint 19 Cinnamon on them, and I’ve read that update manager had a setting that would automatically keep the OS up to date, but it doesn’t. I tried referencing a shell script in crontab to do “apt-get update” and “apt-get upgrade”. Though this works when I run it as root, having crontab run it get’s me the error:
************************************************************
Err:1 http://archive.canonical.com/ubuntu bionic InRelease
Could not resolve ‘archive.canonical.com’
************************************************************
along with 5 other similar errors in resolving sources. I’d like to have my systems auto-updating, but haven’t had any success.
Another problem I’ve had lately is that Audacity stops recording at random places. In the past, on 32 bit systems it would record for hours if left unattended, but now it seems to stop at random places. Searching online it seems like no one else has had this problem.
Thanks for the show, and whatever y’all decide to do about the length is fine with me. I edit the morning message for my church, and I appreciate the time any of this takes behind the scenes.