Posted by gmendoza on June 22, 2007 under Tech Tips | 
An OpenSSH server can be used as a SOCKS compliant proxy, allowing one to tunnel virtually any type of traffic via the SSH protocol. This is very useful when surfing the web on untrusted networks such as hotel internet services and wireless hotspots. You just never know who’s snooping in on your data.
All you need is external access to a trusted OpenSSH server, perhaps the one you have at home, work, etc. If you’re using your laptop to surf the internet at your local coffee shop, you’ll simply need to establish a connection to that external SSH server using the appropriate client variables, and configure your web browser’s proxy settings to connect to a locally defined TCP port. Read more of this article »
Posted by gmendoza on June 21, 2007 under Tech Tips |
WARNING! THIS POST HAS BEEN MARKED AS OUTDATED!
While there may be useful information still contained within the article, there may be other more relevant articles out on the Internet. Please pay close attention to version numbers of software that this article refers to. If you're not careful, you could break your system if you do not understand what you are doing. If you would like to see this article updated, please contact the site administrator using the Contact page. Thanks!
UPDATE (11-03-2008): These instructions are no longer applicable to Ubuntu version 8.10 and higher. The latest versions of Ubuntu allow you to use a blank password for your keyring, which will allow user accounts automatically logged in by GDM to access the keyring.
If you are not using the the GDM auto login feature, simply make sure your keyring password is the same as your login password, this way it is automatically unlocked for you. The keyring passwords are now easy to change from “Applications… Accessories… Passwords and Encryption Keys… Edit menu… Preferences… Password Keyrings.” Highlight the “login” entry, and use the “Change Unlock Password” button.
The original instructions below ONLY apply to versions previous to Ubuntu 8.04.
ORIGINAL POST:
If you would like to avoid having to type in a password to access your gnome keyring, then you are in luck. To quote from the authors web site, “PAM_KEYRING is a pam module that launches the gnome-keyring-daemon and then unlocks a keyring using your login password.”
In Ubuntu 7.04, this comes in handy when using Network Manager to connect to your wireless network. Typically users are prompted for the “master” password to their keyring manager immediately after logging on to gnome, and this can become tedious. Installing and configuring PAM_KEYRING is a snap.
1. Install libpam-keyring from universe repositories.
$ sudo apt-get install libpam-keyring
2. Add the pamkeyring module to /etc/pam.d/gdm
$ echo "@include common-pamkeyring" | sudo tee -a /etc/pam.d/gdm
UPDATED: (10/25/2007)
With the release of Ubuntu 7.10 Gutsy, libpam-keyring is no longer needed, as this feature has been built by default in with the package “libpam-gnome-keyring”.
UPDATED: (04/21/2008) – For GDM Auto-Login Users
Sorry for not updating this post sooner. I helped someone else with this offline a while back. Here’s an excerpt from my email. It works well with Ubuntu 7.10 Gutsy, and “should” work with Hardy, unless there’s been some major changes with the libpam-gnome-keyring package that I don’t know about.
The auto login feature of GDM relies on the GDM processes ability to run Gnome as your user account, but it does not have to know the password, as it’s using an “su” command to accomplish the magic.
There lies the problem. The keyring uses the password supplied by the user to unlock itself, and being that no password is supplied to pam, it cannot unlock the keyring.
From a useful bug report, one fellow outlined how he has always done it previously using a login script. He used a tool called “pam-keyring-tool” included with the libpam-keyring package. The new libpam-gnome-keyring package does not include this binary, so in order for this to work, you need compile it from source.
I’ve successfully got it working using the following procedures:
Step 1: Download latest pam_keyring source code. I like to place all source code in /usr/src/:
cd /usr/src/
sudo wget http://www.hekanetworks.com/opensource/pam_keyring/pam_keyring-0.0.9.tar.gz
Step 2: Unpack source code
sudo tar zxfv pam_keyring-0.0.9.tar.gz
Step 3: Install prerequisites
sudo apt-get install build-essential libglib1.2-dev libglib2.0-dev
sudo apt-get install libtool libgnome-keyring-dev libpam0g-dev
Step 4: Compile and Install
cd /usr/src/pam_keyring-0.0.9
sudo ./configure --prefix=/usr
sudo make
sudo cp src/pam-keyring-tool /usr/bin/
Note: I’m not doing a “make install” because I only want this binary to be installed and nothing else)
Step 5: Test binary
/usr/bin/pam-keyring-tool --help
If you get a nice usage menu, you’ll see what the tool options are, and your compilation is complete.
Step 6: Create login script called “unlock-keyring.sh”.
Since the file will contain your password in clear text, you’ll want to keep it in your home folder, readable only by your user. Yes… I know this is lame.
mkdir ~/scripts
sudo chmod 750 ~/scripts
touch ~/scripts/unlock-keyring.sh
sudo chmod 750 ~/scripts/unlock-keyring.sh
sudo gedit ~/scripts/unlock-keyring.sh
Add the following to the script:
#!/bin/bash
echo "PASSWORD_HERE" | /usr/bin/pam-keyring-tool -u -s
Step 7: Add the script to your gnome session startup scripts
System -> Preferences -> Sessions
Under Startup Programs, add a new entry that will appear first in the list. e.g. “1-unlock-keyring”
The command will be:
“/home/USERNAME_HERE/scripts/unlock-keyring.sh”
Step 8: Ensure your /etc/pam.d/gdm-autologin is set to it’s defaults. This was the default Gutsy 7.10 version for reference.
#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_env.so readenv=1
auth required pam_env.so readenv=1 envfile=/etc/default/locale
auth required pam_permit.so
@include common-account
session required pam_limits.so
@include common-session
@include common-password
Step 9: Restart GDM or simply reboot.
I really hope this helps you guys out.
Posted by gmendoza on June 17, 2007 under Tech Tips |
NOTE (01-11-2009): This article refers to GRUB Legacy. GRUB 2 is a complete rewrite and it’s configuration is completely different than what is described below. This page will eventually be updated to include both Legacy and version 2 instructions.
If your system is using a default installation of GRUB as it’s boot loader, chances are it has not been set up with a password.
When at the GRUB menu, one can edit the kernel selection by highlighting the menu item, and pressing the “e” button. By editing the “kernel” entry, they can pass any number of boot variables and options. For instance, the options “init 1″ or “single” boot the operating system into “single user” mode (run level 1), which drops you into a root prompt with no authentication necessary.
For example, the kernel option would look like the following:
kernel /boot/vmlinuz-2.6.15-27-686 root=/dev/hda1 ro quiet init 1
or
kernel /boot/vmlinuz-2.6.15-27-686 root=/dev/hda1 ro quiet single
Ubuntu actually installs a “recovery” GRUB menu item already configured for you. How nice of them!
Of course, anyone with prolonged physical access to your server can do a lot more damage. Configuring a GRUB password can be likened to installing and locking your “screen door”. It can slow down or even discourage a potential intruder.
Instructions:
Step 1: Generate an MD5 hashed password using the “grub-md5-crypt” command line utility. Enter the command, and it will prompt you twice for any password of your choice.
grub-md5-crypt
Password: (enter password)
Retype password: (reenter password)
$1$aBQge1$oljHKOKAPuiOkvUTTzPc80
Step 2: Copy the resulting hash into /boot/grub/menu.lst using the following syntax:
password --md5 $1$aBQge1$oljHKOKAPuiOkvUTTzPc80
Step 3: Lock alternative boot options by changing the “lockalternatives” value to “true”. This option will make it mandatory for the administrative password to be entered prior to using the alternative menu item (recovery mode).
# lockalternative=true
Step 4: lock old kernel menu items, as they may have present their own security issues.
# lockold=true
Step 3: Save changes by updating grub, and then reboot to test.
sudo update-grub
You should notice that GRUB now instructs you to press “p” to enter a password in order for you to edit the kernel options, boot into single user mode or older kernels.