I recently fired up a CentOS 6 VPS for debugging and testing some remote stuff. However, when I tried using an SSH key to remotely login, I was stopped with the dreaded “Server refused our key” error that we’ve all seen when we mess up an SSH key or use a PuttyGen-created public key rather than copy/pasting the OpenSSH key contents into authorized_keys like we should (don’t act like you’ve never done it).
So I triple-checked everything and even used ssh-keygen on the server to create the keys rather than using PuttyGen, but it still wouldn’t work. As I was Googling around searching for answers, I noticed people using a restorecon command and the “PermitRootLogin without-password” setting in their sshd_config file for enabling root login via passwordless keys. An example post can be found here.
Turns out the restorecon command is what we need to use. I don’t know much about the command but it’s man-page says it “restore file(s) default SELinux security contexts”.
After running this on my server, I was able to login as user adam with a password-less SSH key:
restorecon -R -v /home/adam/.ssh
I’m honestly not sure what the resetorecon command does, but I know its what’s needed to make password-less SSH keys work for user adam. If you want to login as root with a password-less SSH key, then you’d run this command:
restorecon -R -v /root/.ssh
As a note, I’m unsure if this is just CentOS 6 or not, but a friend that uses CentOS 5.x said that he has never had to use the restorecon command to get SSH keys to work, so it might be a new standard feature found in the release notes of CentOS 6.
Let’s face it, most of the stuff you keep in Dropbox aren’t important. No one will be trying to guess your password for your archive of gifs and lolcat pics. However, you might have some sensitive data such as personal pictures or legal documents. Here are a couple of the simplest methods to protect your sensitive data. These methods are based on protecting individual directories/folders, so they should work for any cloud storage solution such as Dropbox, Skydrive, Google Drive, SugarSync, etc.
Method #1 – Simple password-protected folder compression
The easiest method of password protecting a directory is to compress it as a ZIP file with a password.
- In Linux Mint, and most other Ubuntu derivatives and Windows, there should be an entry in the right-click menu to compress a file or folder such as this:
- Compress the folder as a ZIP file and set a password.
- Now you have a password protected ZIP file of the folder. No one can open, see, or edit any of the files in the folder without knowing the password.
Now just delete the uncompressed folder. Each time you need to edit or see files in the folder you’ll have to unzip it, and rezip it when you’re done.
Method #2 – Encrypting the directory
Using TrueCrypt, you can securely encrypt the directory with a password. With this method, the directory can be mounted as a drive anytime you’d like to use it. Then you can add, remove, or alter files as you want before unmounting it. I chose TrueCrypt because they have clients for Windows, Mac, and Linux. I will be covering its installation and use in Linux, but the method should be similar for Windows as well.
- Download the TrueCrypt package from their website: TrueCrypt.
- Install TrueCrypt byextracting and running the shell script.
- Once its finished installing, start TrueCrypt and click “Create Volume”
- Select “Create an encrypted file container”
- Select “Standard TrueCrypt volume”
- Choose where you want to save the encrypted volume. It will appear as a single file once its created.
- Choose the encryption algorithm and hash algorithm you’d like.
- Choose how big you’d like the make the encrypted volume. The file will appear this big at all times, even if you leave it empty. So, be careful how big you make the volume file depending on how much space of your Dropbox account you’re willing to give up.
- Choose your password.
- Choose the filesystem type you’d like to use. If you plan on using the files within the encrypted volume in Windows, you might want to select FAT rather than Ext2/3.
- On the next screen you should move your mouse around a little to randomize the header and master keys, then click “Format” to start formatting and encrypting the volume. In my experience, it takes somewhere around one minute per gigabyte.
- Now you can mount the encrypted volume you’ve created by clicking “Select File…”, selecting the file, and clicking “Mount”.
- Put in the password for the encrypted volume. You should also see a popup asking for your machine’s root password for permissions to mount the volume.
- The volume is now mounted (just like a USB flash drive; you can see it on the left side).
- You can put any files in the volume that you want to keep encrypted.
To dismount the volume, you must either right-click the volume from within the TrueCrypt window and selecting “Dismount” or by clicking the “Dismount All” button. Simply unmounting the volume like you would a USB drive (such as clicking the little eject icon on the menu on the left) will not unmount the encryption, so you will be able to remount it without inputting a password. For this reason, be sure to dismount the volume via TrueCrypt.
After installing Ubuntu 12.10 and Skype, I noticed that Skype doesn’t have an option to automatically start once you log in. I’m unsure if this is true for previous versions of Ubuntu, but if so, the fix is still easy. To remedy this, you just need to add it to the “Startup Applications” list in your settings. For the command, just use “skype” without quotes, like so:
Looks like Steam will be opening the Linux beta to everyone next week!
Steam Linux to Launch Open Beta Next Week | OMG! Ubuntu!.