MyCalendar

Issue in Setting HTTP Proxy for SVN!!!

For setting the HTTP proxy for SVN the regular setting of http_proxy environment variable would not work.

i.e. export http_proxy=http://my-proxy-server.com:8080/ would not work.
There is a “servers” file in svn which is present at the following location

Win : C:\Documents and Settings\krishna\Application Data\Subversion\servers
Linux: /etc/subversion/servers or /home/krishna/.subversion/servers

Here you need to set the proxy server and port settings so that command line SVN can access the external world form the proxy. Uncomment and change the lines necessary

[global]
# http-proxy-exceptions = *.exception.com, www.internal-site.org
http-proxy-host = myproxy.us.com
http-proxy-port = 8080
# http-proxy-username = defaultusername
# http-proxy-password = defaultpassword
# http-compression = no
# http-auth-types = basic;digest;negotiate
# No http-timeout, so just use the builtin default.
# No neon-debug-mask, so neon debugging is disabled.
# ssl-authority-files = /path/to/CAcert.pem;/path/to/CAcert2.pem

If you get something like
svn:/home/krishna/.subversion/servers:73: Option expected

then it means that you have a space at the start of the property which you have un-commented. Make sure that there is no space in the beginning of the property in the servers file.

I've struggled alot for few mins ... then came to know that, this is an issue with xml parsing in svn!!! It is very Picky!!!

SSH Problem: ssh_exchange_identification: Connection closed by remote host

Are you tired of getting the exception ssh_exchange_identification: Connection closed by remote host even if the key is correct !?????? 

Then here are few tips to rectify that ...!!

1) Check the permission of /var/log/btmp, it must be 600 
    chmod 600 /var/log/btmp

now
ll /var/log/btmp
-rw------- 1 root utmp 73026817 Jan 11 11:13 btmp

Check now....!!! Still not solved !!?????

2) /var/empty/sshd must be owned by root and not group or world-writable
chown -R root:root /var/empty/sshd

Now  
ll  /var/empty/sshd 
-rw------- 1 root utmp 73026817 Jan 11 11:13 sshd

Then Try, U must be logged-in !!!

Have FUN!!!

FTP Server config on linux

FTP Server

File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading files between computers. FTP works on a client/server model. The server component is called an FTP daemon. It continuously listens for FTP requests from remote clients. When a request is received, it manages the login and sets up the connection. For the duration of the session it executes any of commands sent by the FTP client.
Access to an FTP server can be managed in two ways:

• Anonymous
  
• Authenticated
  

In the Anonymous mode, remote clients can access the FTP server by using the default user account called "anonymous" or "ftp" and sending an email address as the password. In the Authenticated mode a user must have an account and a password. User access to the FTP server directories and files is dependent on the permissions defined for the account used at login. As a general rule, the FTP daemon will hide the root directory of the FTP server and change it to the FTP Home directory. This hides the rest of the file system from remote sessions.

vsftpd - FTP Server Installation

vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, and maintain. To install vsftpd you can run the following command:

sudo apt-get install vsftpd

Anonymous FTP Configuration

By default vsftpd is configured to only allow anonymous download. During installation a ftp user is created with a home directory of /home/ftp. This is the default FTP directory.

If you wish to change this location, to /srv/ftp for example, simply create a directory in another location and change the ftp user's home directory:

sudo mkdir /srv/ftp
sudo usermod -d /srv/ftp ftp 

After making the change restart vsftpd:

sudo /etc/init.d/vsftpd restart

Finally, copy any files and directories you would like to make available through anonymous FTP to /srv/ftp.

User Authenticated FTP Configuration

To configure vsftpd to authenticate system users and allow them to upload files
edit /etc/vsftpd.conf:

local_enable=YES
write_enable=YES

Now restart vsftpd:

sudo /etc/init.d/vsftpd restart

Now when system users login to FTP they will start in their home directories where they can download, upload, create directories, etc.
Similarly, by default, the anonymous users are not allowed to upload files to FTP server. To change this setting, you should uncomment the following line, and restart vsftpd:

anon_upload_enable=YES

	Enabling anonymous FTP upload can be an extreme security risk. It is best to not enable anonymous upload on servers accessed directly from the Internet.

The configuration file consists of many configuration parameters. The information about each parameter is available in the configuration file. Alternatively, you can refer to the man page, man 5 vsftpd.conf for details of each parameter.

Securing FTP

There are options in /etc/vsftpd.conf to help make vsftpd more secure. For example users can be limited to their home directories by uncommenting:

chroot_local_user=YES

You can also limit a specific list of users to just their home directories:

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

After uncommenting the above options, create a /etc/vsftpd.chroot_list containing a list of users one per line. Then restart vsftpd:

sudo /etc/init.d/vsftpd restart

Also, the /etc/ftpusers file is a list of users that are disallowed FTP access. The default list includes root, daemon, nobody, etc. To disable FTP access for additional users simply add them to the list.

FTP can also be encrypted using FTPS. Different from SFTP, FTPS is FTP over Secure Socket Layer (SSL). SFTP is a FTP like session over an encrypted SSH connection. A major difference is that users of SFTP need to have a shell account on the system, instead of a nologin shell. Providing all users with a shell may not be ideal for some environments, such as a shared web host.

To configure FTPS, edit /etc/vsftpd.conf and at the bottom add:

ssl_enable=Yes

Also, notice the certificate and key related options:

rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

By default these options are set the certificate and key provided by the ssl-cert package. In a production environment these should be replaced with a certificate and key generated for the specific host. For more information on certificates see the section called “Certificates”.

Now restart vsftpd, and non-anonymous users will be forced to use FTPS:

sudo /etc/init.d/vsftpd restart

To allow users with a shell of /usr/sbin/nologin access to FTP, but have no shell access, edit /etc/shells adding the nologin shell:

# /etc/shells: valid login shells
/bin/csh
/bin/sh
/usr/bin/es
/usr/bin/ksh
/bin/ksh
/usr/bin/rc
/usr/bin/tcsh
/bin/tcsh
/usr/bin/esh
/bin/dash
/bin/bash
/bin/rbash
/usr/bin/screen
/usr/sbin/nologin

 This is necessary because, by default vsftpd uses PAM for authentication, and the /etc/pam.d/vsftpd configuration file contains:

auth    required        pam_shells.so

The shells PAM module restricts access to shells listed in the /etc/shells file.
Most popular FTP clients can be configured connect using FTPS. The lftp command line FTP client has the ability to use FTPS as well.

References

• See the vsftpd website for more information.
  
• For detailed /etc/vsftpd.conf options see the vsftpd.conf man page.
  
• The CodeGurus article FTPS vs. SFTP: What to Choose has useful information contrasting FTPS and SFTP.
  
• Also, for more information see the Ubuntu Wiki vsftpd page.