Posted on: February 2nd, 2010 by Famous Phil
This post is going to be short, sweet, and to the point 
It seems that every time I build a new server, I’m constantly at a loss for memorizing the commands that generate public keys in SSH (Secure Shell). SSH for the computer illiterate is the Linux equivalent to Windows Telnet Services. This basically gives you a command prompt that is running on a remote computer.
SSH is the heart and soul of linux based computers because *everything* can be done through the command line simply. Unfortunately, Windows is just starting to catch up with Telnet using a new application called powershell. Powershell is very unlike the linux command line though since it is more a scripting language than a command based language. This is why I always scratch my head when working with Microsoft Exchange Server’s Powershell commands and end up reverting to the famous Microsoft graphical administration interface which gives me the option of “next next next finish”. I really do appreciate the Microsoft wizards that make software so easy to administer. Anyways, Linux never started with a graphical desktop (Unlike Windows and Macintosh), therefore, the command line in linux is far easier to use when administering a system.
To get back to my original topic, I am a fan of passwordless entry into my own systems. With linux and SSH, there are a few authentication methods, 1 being password entry, and 2 being public key authentication. With a password login, you basically enter a username and password and you are logged into a command prompt on linux.
With public key authentication, you generate 2 keys at your local computer, one being a private key and the other being a public key. Basically, you give the server you wish to connect to the public key, and only you hold onto the private key. When you connect to the server, it will first give you the public key so that you can verify that the server is actually the server that you want to connect to. This will be ignored on the first connect, but in the future, if this key changes, you will be notified that the server was possibly compromised. Upon allowing the connection, you will give the server your private key and it will run some calculations on the key you provided. If the result matches that of the server’s public key, you will be granted access. Since keys are generally 256 hexadecimal characters long, these are much more secure than normal passwords, and they are generally much easier to use (unless your laptop is stolen).
So now onto how to actually use these keys:
1. Generate the key on your local machine (not the remote machine).
A. ssh-keygen -t rsa
2. Verify that your remote server has an ~/.ssh directory. ~ in linux is the home directory.
3. Copy the local public key to the server
A. This can be done with: scp ~/.ssh/id_rsa.pub user@remote_server:~/.ssh/authorized_keys2
B. Notice I specified authorized_keys2… this is actually for SSH Protocol 2 which is a more secure SSH protocol than the original.
C. scp is secure copy in linux and it copies files between computers using SSH tunnels.
4. Attempt to ssh into your remote machine. It should not need a password anymore.
A. ssh user@remote_server
Hopefully this helps make sense of SSH keys.
Afterthought on 2/4/10:
when using the scp command as a copy / paste above, this will overwrite your authorized_keys2 file on the remote computer. To prevent this from happening, append to the file using this command (thanks Cris for pointing this out to me):
cat ~/.ssh/id_rsa.pub | user@remote_server “cat >> ~/.ssh/authorized_keys2“
Tags: key, keygen, Linux, ssh
Posted in Hosting / Server Administration
|| 4 Comments »
Posted on: February 18th, 2009 by Famous Phil
As the owner of a hosting company, I have made several decisions regarding which server to use, what kind of control panel should I provide, should I add features to my hosting, how many resources should I include, etc. In my opinion, one of the most important decisions in hosting is choosing how your users will use the service, meaning what control panel should I use? There are many options for Linux including, Plesk, LXAdmin, and the most popular: CPanel.
CPanel is the control panel that I choose to use for Matthouse hosting accounts, but why did I choose CPanel, what are its advantages and disadvantages?
I suppose I should first begin with a small description of what CPanel is. CPanel allows the hosting client to modify all aspects of their site from an easy to use web-based interface such as FTP accounts, Email accounts, statistics, subdomains, additional domains to host, etc. CPanel makes it very easy for the hosting company to give the client total control of their website without the requirement of providing full server access.
Here are the advantages of using CPanel:
- Its very easy to install, just install Linux and run the installation script, it will configure most of your server automatically
- Cpanel provides a very easy visual interface where you can manage your server. There are several panels that are meant for administrators, clients, and even email users. There are also very easy to follow tutorials posted on CPanel’s website for those users who may not know where to start
- Cpanel automates most of the hosting experience which reduces stress on the hosting company
So, what are the disadvantages of hosting with CPanel?
- I personally believe that CPanel is meant for websites that are small to medium. CPanel itself is a resource hog and requires at least 256MB of ram on the server to run, and this amount probably won’t even run a website getting 200 hits a day without running out of memory or running into swap space on the server. Most servers will have much more RAM than this, but a base install should not require more than 50 to 60MB of ram.
- On a default install, CPanel usually is optimized for a dedicated server with 4 to 16GB of RAM. Even the VPS Optimized version of CPanel requires additional configuration to keep CPanel within check. If you don’t do initial configuration in Apache, etc, you may run into memory errors easily since Apache will start up 20 to 30 processes at 1 to 6MB a piece. In addition, most of the Apache configuration is default and many modules are missing such as Source Gaurdian which will protect PHP code from hurting your server. In addition, CPanel doesn’t secure SSH or FTP, you you should still install a firewall and tighten SSH security.
- CPanel is software which contains vulnerabilities just like any other software. Cpanel updates run nightly, however what happens if someone discovers a security risk and decides to attack your server before the updates are pushed to your server covering the vulnerability? To come back to my past disadvantage of Cpanel is meant for small to medium sites, I believe this aids to the arguement that big sites are more likely to be hacked than smaller sites.
- CPanel costs money to license. This is rarely a factor to most big sites and companies because they have that kind of money to spend for something easy to use, however CPanel licenses are not cheap. This really could be neither and advantage of disadvantage, but its worth sticking on my list of points to consider.
So when would I recommend a CPanel installation? Thats simple, I’d recommend it for hosting companies that host many sites on a single server. It reduces stress on the hosting company, and generally these servers have plentiful resources to handle CPanel in its entirety. Also sites that are generally on shared CPanel hosting are not big enough to have a good probability of being hacked.
When would I not recommend installing CPanel. I would personally say never install CPanel on a large site that gets over 5000 unique hits a day or more. CPanel may make administering the site easier, however most sites that are this big bring in a lot of revenue and paying for CPanel could be just slightly cheaper than hiring an experienced server administrator or a friend to run the server without CPanel. Installing the core components and configuring them manually will also ensure that you have minimal code that can be hacked (Yes, web servers are software). I’ve always been taught that the less code you use, the less likely there will be problems with it.
Thats all the time I have. I might follow up on this depending on how many comments I receive.
Tags: CPanel, Host, hosting, Linux, Manager, Web, WHM
Posted in Hosting / Server Administration
|| 21 Comments »
Posted on: January 31st, 2009 by Famous Phil
As expected, I completed moving all of the websites hosted on the former mthsweb1 (Matthouse Web Server 1) server over to the new mthsweb4 server. I haven’t heard any complaints so far about the new server so far and don’t expect to hear of any problems. Tonight I will be doing some testing on the old matthouse web 1 server before it expires later in February. I hope to learn some new knowledge from my testing later tonight regarding apache optimization.
Earlier today, I helped a friend in the hosting business move a massive website (http://clevelandleader.com) from his server to a virtual server that will just host that website. This website is ranked ~76,000 on the alexa scale which means that it gets an insane amount of traffic. My best guess would be 300 to 1500 loads per second. The site itself has a huge mysql database that is over 2GB and the sql move alone almost crashed a dedicated server with a quadcore processor (it did have a lot of other websites on it though). Regardless, after the move, my friend didn’t realize that a default whm (cpanel, inc) installation doesn’t optimize the server nearly enough for a large website like this. Heck, I don’t even know if whm was made for such a large website. I did optimize the server and compile apache correctly just to handle the needs of clevelandleader.com. I also did a lot to prevent apache from crashing with the high load.
Traditionally, with such a large website such as cleveland leader, the web server hosting the site would only run a web server, no overhead like cpanel. I feel that cpanel has made the hosting process much easier, but I just don’t think it was made to handle such a large website. Also, the fact that cpanel uses the root password directly means that if there is a security vulnerability and the user obtains that root password through hacking or whatever, the server could be compromised not only from cpanel’s whm but also from the terminal through ssh (or a rare occasion of console access, meaning sitting in front of the server physically). This could present a major problem. Most smart hosting companies use cpanel’s wheel group to give su access to certain cpanel uesrs that can then login to the terminal via ssh and then su root with the root password to gain root. This provides a 2 password layer and adds an additional layer of security to the server.
Another pitfall that large websites face is the need for a dedicated mysql server, that is if mysql can even handle the load. Mysql was made for small to medium sites and it was made for maybe 100 to 200 queries per second, but much more than that and it undergoes a massive strain. Many large websites find themselves moving to more powerful database servers such as Microsoft SQL or Oracle which are much more powerful solutions that were made for high loads.
So why am I even talking about this! I felt that this would be the best way to introduce a new idea that I’m going to begin working on within the next couple of weeks. I have purchased the domain (http://adminreference.com) and will begin a forum where users can share their administration experience and knowledge to the world. I am a seasoned Windows administrator and a somewhat experienced Linux admin. I find myself knowledgable about both server operating systems and I post tutorials on multiple websites that don’t really aim for administration concepts. I also hope that some day this can help me when I am stuck on a massive problem.
I encourage you to stay informed as I begin this new journey. I will likely be ready to release the site sometime in the next couple of weeks. I am not sure how to market such a website, however I’m sure as people begin coming, someone will have knowledge about that as well.
Tags: admin, administration, facebook, help, hosting, Linux, Microsoft, Personal, reference, server, Server Hosting
Posted in Hosting / Server Administration
|| 6 Comments »