Network Administrator

I needed to configure an SFTP server on a Fedora 8 Core server. To Keep things simple I choose SFTP over VSFTP as I was already running the SSH Daemon for server management.

So if you dont already have the SSH Daemon installed, open a terminal session as root and type

Yum install ssh*

Select Yes to download and install

type cd /etc/ssh

type vi sshd_config and make sure the config is similar to the one below

#####SSHD_Config######

# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don’t trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don’t read the user’s ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to ‘yes’ to enable support for the deprecated ‘gssapi’ authentication
# mechanism to OpenSSH 3.8p1. The newer ‘gssapi-with-mic’ mechanism is included
# in this release. The use of ‘gssapi’ is deprecated due to the presence of
# potential man-in-the-middle attacks, which ‘gssapi-with-mic’ is not susceptible to.
#GSSAPIEnableMITMAttack no

# Set this to ‘yes’ to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of “PermitRootLogin without-password”.
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to ‘no’.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server

# This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server

type Esc :wq and enter to close out of the vi editor and save changes

Restart the SSH Daemon by typing service sshd restart

If you have any trouble connecting, you can install Putty http://www.chiark.greenend.org.uk/~sgtatham/putty/

After installing putty, open a windows command window, browse to C:\Program Files (x86)\PuTTY>psftp -v (internal or external server IP address)

I did see a difference between Fedora and Open SuSE with this line in sshd_config, just make sure the path to sftp-server is correct. If your unsure where sftp-server is you can always run a search as find -name ‘ftp-server*’ or something like that.

Subsystem sftp /usr/libexec/openssh/sftp-server

AT&T has released a new iPhone application called Mark the Spot to help AT&T customers report any failures with their service. Having had Verizon for well over 10 years i was relucant to switch to ATT. At the time i was one of the many who were mezmorized by the possibilites of having an iPhone. Im not happy about having to pay $135 a month for two iPhones and having to do ATT network coverage outage detection. I guess if it will help and the app is simple ill do my part…

We recently came accross and issue while creating a new site to site vpn with a Cisco Pix 515 IOS 6.3(4) and a new ASA 5505 IOS 7.2(4) We were able to resolve the issue by removing peer-id-validate nocheck by issuing simple  peer-id-validate nocheck

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/vpngrp.html

Specify whether to validate the identity of the peer using the peer’s certificate:

hostname(config-ipsec)# peer-id-validate option
The available options are req (required), cert (if supported by certificate), and nocheck (do not check). The default is req. For example, the following command sets the peer-id-validate option to nocheck:

hostname(config-ipsec)# peer-id-validate nocheck

I just recently ordered a blackberry 9700 for one of our  users. My over impressions of the device were good. I really like how they have replaced the mechcanical trackball as that causes people a lot issues over time. The battery life is outstanding compared to previous devices.

One funny draw back was removing the battery cover. The device that I got had no instructions for removing the cover.

http://crackberry.com/proper-blackberry-bold-9700-battery-cover-removal

Even after watching this video the cover refused to budge. I ended up using a small flat screw driver and gently prying the cover down from the top slit and then sliding it down the rest of the way according to the video above.

http://na.blackberry.com/eng/devices/blackberrybold9700/bold_features.jsp

The BlackBerry® Bold™ 9700 smartphone has a large, hi-res screen that displays over 65,000 colors; creating a vivid viewing experience for all your photos, videos, files and websites.

Access what’s important with trackpad navigation based on how laptops are designed. Glide
your finger over the trackpad to scroll through menus and icons. A slight press and click lets you select an item to navigate where you want to go.

Enhance the 256 MB of on-board flash memory by easily inserting a microSD  Card

Hi-speed 3G network connectivity lets you browse the web or view email attachments faster. While
Wi-Fi® support enables your BlackBerry Bold 9700 smartphone to access available hotspots

Dont forget to visit http://na.blackberry.com/eng/services/appworld/ for all the latest blackberry apps.

I am working on a new site which should be lauched after the first of the year, http://www.learnitbyexample.com

Interesting website I thought I would share…..I like the real stories

http://www.trueittales.com/

I decided to look into creating a simple Wiki  page as a sort of Intranet page. I downloaded and install MediaWiki from http://www.mediawiki.org/wiki/MediaWiki. The install is pretty simple provided that you have PHP and MYSQL installed on either a Windows Web Server  IIS 6 or 7 or an Apache Web server.

For my purposes I chose to install this on both a Windows Server 2003 IIS 6  and 2008 IIS 7.

1. You will need to create a new mysql database for mediawiki.

2. Next extact the downloaded mediawiki content to either a new website directory or an existing site directory you can point your browser to http://domainname/wiki and run through the setup.

3. There are a couple entries I would add or modify to the localsettings.php

4. Also make sure you have the proper entensions turned on in your php.ini file  and that the extension directory is correct.

 ; Directory in which the loadable extensions (modules) reside.
extension_dir = “C:\PHP\ext” 

extension=php_ldap.dll
extension=php_mysql.dll

To verify your php.ini file and extensions are being read correctly create a file under  http://domainname/wiki called phpinfo.php, open the file in notepad or your favorite text editor and  copy this into the file 

<?php

// Show all information, defaults to INFO_ALL
phpinfo();

// Show just the module information.
// phpinfo(8) yields identical results.
phpinfo(INFO_MODULES);

?>

Then visit http://domainname/wiki/phpinfo.php

####Copy Below####

<?php

# This file was automatically generated by the MediaWiki installer.
# If you make manual changes, please keep track in case you need to
# recreate them later.
#
# See includes/DefaultSettings.php for all configurable settings
# and their default values, but don’t forget to make changes in _this_
# file, not there.
#
# Further documentation for configuration settings may be found at:
# http://www.mediawiki.org/wiki/Manual:Configuration_settings

# If you customize your file layout, set $IP to the directory that contains
# the other MediaWiki files. It will be used as a base to locate files.

 �
if( defined( ‘MW_INSTALL_PATH’ ) ) {
 $IP = MW_INSTALL_PATH;
} else {
 $IP = dirname( __FILE__ );
}

$path = array( $IP, “$IP/includes”, “$IP/languages” );
set_include_path( implode( PATH_SEPARATOR, $path ) . PATH_SEPARATOR . get_include_path() );

require_once( “$IP/includes/DefaultSettings.php” );

# If PHP’s memory limit is very low, some operations may fail.
# ini_set( ‘memory_limit’, ‘20M’ );

if ( $wgCommandLineMode ) {
 if ( isset( $_SERVER ) && array_key_exists( ‘REQUEST_METHOD’, $_SERVER ) ) {
  die( “This script must be run from the command line\n” );
 }
}
## Uncomment this to disable output compression
# $wgDisableOutputCompression = true;

#Site name here

$wgSitename         = “SiteNamegoeshere”;

#This is where you can change the default image at the top left of the screen.

$wgLogo = “skins/common/images/wiki.png”;
## The URL base path to the directory containing the wiki;
## defaults for all runtime URL paths are based off of this.
## For more information on customizing the URLs please see:
## http://www.mediawiki.org/wiki/Manual:Short_URL
$wgScriptPath       = “”;
$wgScriptExtension  = “.php”;

## UPO means: this is also a user preference option

$wgEnableEmail      = true;
$wgEnableUserEmail  = true; # UPO

$wgEmergencyContact = “root@localhost“;
$wgPasswordSender = “root@localhost“;

$wgEnotifUserTalk = true; # UPO
$wgEnotifWatchlist = true; # UPO
$wgEmailAuthentication = true;

## Database settings
$wgDBtype           = “mysql”;
$wgDBserver         = “localhost”;
$wgDBname           = “dbnamegoeshere”;
$wgDBuser           = “dbusrnamegoeshere”;
$wgDBpassword       = “passwordgoeshere”;

# MySQL specific settings
$wgDBprefix         = “”;

# MySQL table options to use during installation or update
$wgDBTableOptions   = “ENGINE=InnoDB, DEFAULT CHARSET=binary”;

# Experimental charset support for MySQL 4.1/5.0.
$wgDBmysql5 = true;

## Shared memory settings
$wgMainCacheType = CACHE_NONE;
$wgMemCachedServers = array();

## To enable image uploads, make sure the ‘images’ directory
## is writable, then set this to true:
$wgEnableUploads       = true;
# $wgUseImageMagick = true;
# $wgImageMagickConvertCommand = “/usr/bin/convert”;

## If you use ImageMagick (or any other shell command) on a
## Linux server, this will need to be set to the name of an
## available UTF-8 locale
# $wgShellLocale = “en_US.UTF-8″;

## If you want to use image uploads under safe mode,
## create the directories images/archive, images/thumb and
## images/temp, and make them all writable. Then uncomment
## this, if it’s not already uncommented:
# $wgHashedUploadDirectory = false;

## If you have the appropriate support software installed
## you can enable inline LaTeX equations:
$wgUseTeX           = false;

$wgLocalInterwiki   = strtolower( $wgSitename );

$wgLanguageCode = “en”;

## Default skin: you can change the default skin. Use the internal symbolic
## names, ie ’standard’, ‘nostalgia’, ‘cologneblue’, ‘monobook’:
$wgDefaultSkin = ‘monobook’;

## For attaching licensing metadata to pages, and displaying an
## appropriate copyright notice / icon. GNU Free Documentation
## License and Creative Commons licenses are supported so far.
# $wgEnableCreativeCommonsRdf = true;
$wgRightsPage = “”; # Set to the title of a wiki page that describes your license/copyright
$wgRightsUrl = “”;
$wgRightsText = “”;
$wgRightsIcon = “”;
# $wgRightsCode = “”; # Not yet used

$wgDiff3 = “”;

# When you make changes to this configuration file, this will make
# sure that cached pages are cleared.
$wgCacheEpoch = max( $wgCacheEpoch, gmdate( ‘YmdHis’, @filemtime( __FILE__ ) ) );

#To use active directory authentication instead or local 

 # you need to download http://www.mediawiki.org/wiki/Extension:LDAP_Authentication and copy LdapAuthentication.php to the extension directory under http://domainname/wiki

require_once( “$IP/extensions/LdapAuthentication.php” );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array(
  “DomainNamegoesherei.e.thenetworkadministrator.net(”
  );
$wgLDAPServerNames = array(
  “DomainNamegoesherei.e.thenetworkadministrator.net”=>”webservernamegoeshere.thenetworkadministrator.net”
  );
$wgLDAPUseLocal = true;

$wgLDAPEncryptionType = array(
  “DomainNamegoesherei.e.thenetworkadministrator.net”=>”clear”
  );

$wgLDAPSearchStrings = array(
  “DomainNamegoesherei.e.thenetworkadministrator.net”=>”DomainNamegoesherei.e.thenetworkadministrator.net\\USER-NAME”,
  );
$wgLDAPSearchAttributes = array(
  “DomainNamegoesherei.e.thenetworkadministrator.net”=>”sAMAccountName”,
  );
$wgLDAPBaseDNs = array(
  “DomainNamegoesherei.e.thenetworkadministrator.net”=>”dc=DomainNamegoesherei.e.thenetworkadministrator,dc=depending on .net or .com in my case its net”,
  );

The other day I needed a tool to show me what port an application was  using….Instead of going out in search of another tool I simply opened a command windows, and typed in  netstat -ano

I was able to see the  the local ip of the server with all the ports listed and to the right I was able to see the process id. I could then go to my task manager, select view, select columns,  make sure  process id is checked. Within the task manager select processes and you will be able to see the process ids

I have seen this in Windows Vista and Windows 7 even with the lastest 5.6.0 VPN Client. I have read suggestions about disabling the windows firewall, etc.

This seems to have fixed the problem for now:

In the Start menu, right-click on the Command Prompt, and select “Run as Administrator.”

1. Enter the following line:reg add HKLM\System\CurrentControlSet\Services\Tcpip\Parameters /v ArpRetryCount /t REG_DWORD /d 0 /f