Friday, November 23, 2007

OpenSSH and 'Matching' Rules

Most of the time on the servers I maintain, there's a strict set of options in the /etc/ssh/sshd_config file -- after all, things like X11Forwarding yes or any of the Plain-text challenge options should really be tightly controlled on operational servers.

Occassionally though, there's a reason to relax these permissions, but rather than doing this globally, OpenSSH has the ability to do this on a per user, group or connecting IP address basis.

A box that I look after has MaxAuthTries set to 1 and LoginGraceTime set to 30 in order to slow down brute-force password guessing attacks (something I highly recommend for boxes in the field, by the way) -- but the owner of the box is a little heavy on the keys sometimes and ends up having to try two or three times to get their password right.

Let's say our users name is Tom and he connects from

Simple solution -- First, open your /etc/ssh/sshd_config (or possibly /etc/sshd/sshd_config if you're using a Fedora/RHEL/SuSE box) file and add:

Match User tom Address
MaxAuthTries 5
LoginGraceTime 120

So, while normal users get 30 seconds and 1 try to enter their password -- the owner of the box gets 5 tries and 2 minutes before he's disconnected.

note: When using Match rules, the User (and/or Address) keywords are case-sensitive, at least on Ubuntu 6.06 and RHEL 4.

note ii: When specifying multiple Match rules on the line above (such as User and Address) the expression is treated as a logical AND -- so all the parts must match before the block is invoked.

Tuesday, November 20, 2007

.torrent files from the command line

Over the past few weeks, i've been playing with BitTorrent more for moving files around, but found no good way of being able to make .torrent files from the command line.

About a week ago, I found CreateTorrent and attempted to build packages for it, there were two major issues -- 1) there was no ability to make torrents private and 2) the program kept segfaulting whenever there was a '(' or ')' in the directory the files were stored in.

Today, when searching for createtorrent patches on Google, I found:

buildtorrent, which looked to do exactly what I wanted.

The code wasn't GNU Autotools ready, so I spent an hour or so fixing that (patches have gone upstream to the author) -- then I was able to build packages for it.

Ubuntu Gutsy users can grab them from here, packages for other distributions will be available as I have time to build them.

Friday, November 9, 2007

Fedora and The iPod Nano

In semi-celebration of Fedora 8 being released today, I have spent the day wrestling with mock and rpmbuild to bring you up-to-date libgpod packages (built from SVN 1759), allowing Fedora users to try out the new iPod handling code just like Ubuntu users can.

Completely unofficial, just like their Ubuntu cousins -- but they build cleanly and correctly write the Firewire ID to a brand new 3rd Gen Nano (and thus, gtkpod actually syncs music and rhythmbox reads the music).

Packages available from here.


edit i: It appears the packages weren't actually mentioned in the original post, thanks to James for pointing this out.

edit ii: Yes, these include the snazzy HAL callout method that means you can plug your iPod in and everything is done automatically, no manual firewire hacking required :)

Tuesday, November 6, 2007

Changing the Zen-Cart 'Sales Pitch'

If you use Zen-Cart or OSCommerce, you may have found the need to change the 'Tagline Here' text on the main page at one point or another.

The usual solution is to copy includes/languages/english.php to your template directory and then change the tagline text there -- an adequate solution, if you only work with one template, but what if you run multiple stores, or you are dealing with a user who has no access to the filesystem, or an FTP program, or is simply uncomfortable editing something across a network.

The solultion I came up with, allows you to edit this field directly from the Administration Panel -- first edit the includes/languages/english/header.php file and change:

--- define('HEADER_SALES_TEXT', 'TagLine Here');

Next, open your Administration Panel and navigate to Tools -> Install SQL Patches and in the cut-and-paste box, add the following:

--- cut here ---

INSERT INTO configuration (configuration_title, configuration_key,
configuration_value, configuration_description,
configuration_group_id, sort_order, date_added) VALUES ('Store
Advertising - Tagline', 'STORE_TAGLINE', 'Tagline Here', 'Set Shop Tagline /
Default = Tagline Here', '1', '4', now());

--- cut here ---

Now you can go to Configuration -> My Store and configure the tagline
that is used for your shop, much easier than adding it by hand and much easier than editing your languages file to it.

Saturday, November 3, 2007

dos2unix and recursion using bash

More a 'don't ever forget this line again' command for me, but a handy one-liner for a box that has find and dos2unix -- but not a perl interpreter.

find . -type f \( -iname '*.css' -o -iname '*.html' \) \! -path "*images*" -exec dos2unix {} \;

  • Finds all files with a .css or .html extension, starting from the current working directory.
  • Ignores anything in a directory including the word images.
  • Then executes dos2unix on anything that matches.
Of course, you could execute anything (just change dos2unix to whatever you need to run).