eRacks Open Source Systems Blog

Making the world safe for Open Source

Setting up a server at home can be a rewarding experience. Not only does it make for an excellent experiment and learning experience, it also allows you access to your home network from anywhere in the world. You may be tempted to think that such a project would be time consuming and expensive, but actually the opposite is true. Today, the software required for running a server is relatively easy to configure. And, with open source software, a cheap computer and the right internet connection, you can be up and running with minimal cost.

The possibilities are endless with a home server. With an HTTP server like Apache (http://www.apache.org/) or Lighttpd (http://www.lighttpd.net/), you can host your own homepage, keep a remotely accessible calendar, share information with family, friends and co-workers or even experiment with your own custom web applications, with complete control over the software that supports them.

With SSH and/or FTP running on your server, you can gain access to files you have saved on your machine. What if you come to work and discover that you left an important Powerpoint presentation at home? No problem. If you have your desktop computer on the same network as your server, you can use Wake-On-Lan to power up your desktop, SSH to copy the file to your server and SSH or FTP to download it. Problem solved!

Today, with modern Linux distributions such as Ubuntu (http://www.ubuntu.com/), installing and configuring server applications has never been easier. With default configurations that work mostly out of the box with minimal tweaking, you can have a machine up and running in minutes. In addition, no special hardware is required. If you have a spare computer with a NIC, you have a server.

optdesktop_front_open

The only issue that could be an obstacle is your internet connection. First and foremost, you’ll require a broadband connection such as DSL or cable. In addition, while not required, it’s a good idea to get a static IP address if you can, which is just a unique identifier assigned to your network on the
internet that doesn’t change. DSL Extreme (http://www.dslextreme.com/), for example, offers affordable static IP solutions to residential customers. From there, you would register a domain name and point it to your IP address, or get a free subdomain if you preferred.

If you can’t find a static IP, however, all is not lost. Using a service like DynDNS.org (http://www.dyndns.org/), you can get a free subdomain name that can be automatically updated via your home network every time your dynamic IP address changes.

A home server can be a very useful thing to have, and is a worthwhile project, if for no other reason, because it’s a good learning experience. eRacks can provide the hardware you need to get the job done, and can also offer consulting services for difficult software configurations. If you decide to take the time to setup a server at home, you won’t be disappointed.

January 19th, 2009

Posted In: servers, ubuntu, unix

One Comment

There may be situations where you’d like to login to a remote machine via SSH and not have to enter a password to do it. Perhaps you have some sort of automated file transfer that makes use of SCP. Or, perhaps you frequently login to the same machine and get tired of having to enter a password each time. Whatever the reason may be, an attractive alternative to using passwords involves making use of cryptographic keys.

To give you a general idea of what’s involved, you’ll first generate a public/private key pair. Your public key is what you would copy to every machine you want to be able to log into. You can think of the public key as the lock on a door to a house. The reason why we call this a public key is that it’s safe to share it with the public, just as the lock on your door is safe to display from the outside. By contrast, your private key can be thought of as the key that fits into the lock. Unlike your public key, you should never copy it to machines that are either untrusted or to machines that you yourself don’t administer — this would be a bit like placing the key to your front door outside your house for strangers to use! Anybody who possesses your private key can access every machine to which you’ve made your public key accessible, so exercise extreme caution and guard your private key with your life.

SSH makes generating your keys very simple. From the command line, you’ll simply enter the following command:

$ssh-keygen

You’ll then be asked a series of questions. Accept all the defaults. If you don’t desire to password protect your key pair (which would require you to enter a password when you use it), hit enter when asked for the password, without typing anything in. At the end of the process, you should discover two new files in ~/.ssh, id_rsa and id_rsa.pub, where ~ stands for your home directory. From here, you’ll copy your public key (id_rsa.pub) to every machine you wish to log into and append its contents to a file called ~/.ssh/authorized_keys, where ~ stands for the home directory of the account you wish to log into.

To test your newly generated key pair, try to connect to one or more of the remote machines you copied your public key to. You’ll find that you’re sent straight to a command prompt, without the need for a password.

Now, there are situations where using keys without passwords can potentially be hazardous, so some significant thought should be given to the circumstances in which your key pair will be used. For example, I will never copy my laptop’s public key to my personal server at home, because if my laptop is ever stolen, the thief (if he knew how to use *NIX) would not only have access to all my local data, but would also have complete SSH access to my network at home, since he would have my laptop’s private key. Thus, I choose to sacrifice convenience for security in that particular situation. As with all things in life, the amount of relative security versus convenience is a trade off, so make sure you choose wisely.

Enjoy!

November 21st, 2008

Posted In: authentication, security, ssh, unix

Tags: , , , , , , ,

Leave a Comment