Introduction

I have multiple OS X (sierraOS) machines that need to be tied together seamlessly with multiple SSH server keys where the servers keep changing. I would like to login to any of my servers from my multiple machines without thinking about transferring data between each of my personal computers. I will describe what is needed so you don’t need to carry around a thumb drive with all your private key files and a list of IP addresses or hostnames to memorize.

Disclaimer

Convenience over security is described here, so make sure you protect your private key with a strong passphrase as you will be storing your private key in your personal cloud. If your cloud server gets compromised and your private key’s passphrase is cracked, then it’s game over.

Requirements

  • multiple OS X machines
  • one or more servers with private/public key pairs established
  • ownCloud server
  • ownCloud client set up on your personal computers
  • some command line knowledge

Login Bash Script

First, we will need to make a bash script that will automate our logins. Instead of always typing

ssh -i ~/.ssh/privateKeyFile -p 2222 username@123.123.123.123

you can automate this with a bash script which I described here. Once the script is set up, all you have to do is run it and it will display a list of servers that you can connect to, and it will do the rest. Below is a modified snippet of the bash script. Modify it to your needs

#!/bin/bash

# This script will ask which servers you
# would like to SSH into automatically

# IP Definitions for easier modification
# Assign IPs to variables (no spaces or dashes allowed):
HEAPGEEK=123.123.123.123
VPN=123.123.123.124

# So you can reference the script path from an alias
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# Print the directions to the end user
clear
echo --- SSH Logins ----
echo Please select number from list below:
echo 1 heapgeek.com
echo 2 VPN

# Read the user input
read option
if [ "$option" = "1" ]
    then
        echo You have selected option 1
        echo Loading . . .
        sleep 2
        ssh -p 2022 -i privateKeyFile1 joseph@$HEAPGEEK
elif [ "$option" = "2" ]
    then
        echo You have selected option 2
        echo Loading . . .
        sleep 2
        ssh -p 2022 -i $DIR/privateKeyFile2 joseph@$VPN
else
    echo Invalid Option
fi
sleep 3

Moving the Script and Private Keys to ownCloud

Now we will save the above script (tailored to our server configurations) name as logins.sh into our main local computer’s .ssh directory. Also we must ensure that we have any referenced private/public key files in same .ssh directory. Finally, we will ensure that the permissions are set correctly to our script and private keys by doing a chmod 700 on our logins.sh script and a 600 on our private key files.

We will next move the entire .ssh directory from our main local computer to the root directory of our ownCloud server by first making a .ssh folder, and then moving our script and key files.

mkdir ~/ownCloud/.ssh/

mv ~/.ssh/* ~/ownCloud/.ssh/

Notice above that I’m using absolute paths to my home directory. Modify this to your needs if your SSH keys or ownCloud root is located elsewhere.

Syncing Hidden Files

Next, we will need to go into the ownCloud’s preferences of your main computer (and subsequent computers) and enable the Sync hidden files checkbox under ownCloud > Preferences > General > Edit Ignored Files > Sync hidden files

After a bit, you will see a notification that those files have been synced. To make sure, we can open up the terminal on the second computer and do a ls -la within your root ownCloud directory and see the .ssh folder there.

Testing and Debugging Your Script

Finally, we can test and debug our script to ensure it works across computers. You can navigate to within your newly synced .ssh directory and use the ./logins.sh command to invoke your script. If you get a permission denied, you will need to ensure that read, write, and execute are set for your user (by doing a chmod 700 logins.sh command discussed earlier). Same thing for our private keys ensuring they’re set to 600.

Once you get your script to run, if you get another error that permission denied/public key, then that means that your path is incorrect in your script pointing to your private key file. If you have your private key in a different directory, then point your script to that path (ensuring the path is the same on the other machines too). Otherwise, keep your logins.sh and private key files under your ownCloud .ssh directory.

Simple Alias to your Script

If you don’t want to navigate to your ownCloud .ssh directory to run your login.sh script, you can simply insert an alias into your .bash_profile file. Simply navigate to your home directory with cd ~/ and run a ls -la to display all files within that directory including hidden ones. You should see a file name .bash_profile which you can edit within nano by running a nano .bash_profile command. In this file you can append this to the end:

alias DOlogin='~/ownCloud/.ssh/logins.sh'

Where DOlogin is the command you want to type to have instant access to your login script. You can call your script with anything, but make sure it doesn’t conflict with other built in commands. Modify the path above to where your login script resides within your ownCloud installation. Once done, you will need to save and exit nano with CTRL-X… Y… Enter… Next you will need to tell the OS that you changed your profile, so run source .bash_profile. You will need to set up the alias on each machine individually that has ownCloud installed.

Conclusion

You have learned how to establish a universal SSH login script that will sync across multiple OS X ownCloud machines.

 

Interactive SSH Auto-Logins

When running multiple Unix-like web servers, it can be a pain to connect to them via SSH when it comes domain names, private keys paths, IPs, and even port numbers. Now I’m sure there are server management tools for the big boys, but this is a simple script that runs on OS X (and with some modification even a Linux distro 🙂).

In this example, I will use hard-coded IP addresses which I prefer, but you wholesale nba jerseys can use domain names if you wish. Also, I’ve changed my SSH port to something other than the default 22. If you know a bit a bash scripting, then you can modify this to your needs.

Below is the entire code, which I will explain later on:

#!/bin/bash


#  Boobs  This script will ask which websites you
# would like to SSH into automatically

# IP Definitions for easier modification
# Assign IPs to variables (no spaces or dashes allowed):
HEAPGEEK=126.236.152.43
KALFUS=192.251.196.219
VPN=104.216.97.52
TESTSERVER=192.241.201.197

# Print the directions to the end user
clear
echo --- SSH Logins ----
echo Please select number from list below:
echo 1 heapgeek.com
echo 2 kalfus.org
echo 3 VPN
echo 4 TESTINGSERVER

# Read the user input
read option
if [ "$option" = "1" ]
   wholesale mlb jerseys    then
        echo You have selected option 1
        echo Loading . . .
        sleep 2
        ssh -p 2022 -i ~/.ssh/digitalOcean-VM joseph@$HEAPGEEK
elif [ "$option" = "2" ]
    then
        echo You have selected option 2
        echo Loading . . .
        sleep 2
        ssh -p 2022 -i ~/.ssh/digitalOcean-VM joseph@$KALFUS
elif [ "$option" = "3" ]
    then
        echo You have selected option 3
        echo Loading . . .
        sleep 2
        ssh -p 2022 -i ~/.ssh/digitalOcean-VM joseph@$VPN
elif [  Network  "$option" = "4" ]
    then
        echo You have selected option 4
        echo Loading . . .
        sleep 2
        ssh -p 2022 -i ~/.ssh/testing-server-cert joseph@$TESTSERVER
else
    echo Invalid Option
fi
sleep 3

Explanation

The first part of the script defines the IP addresses and variable names so we can reference them later. If you’re like me and prefer IP addresses over domain town" names then here is where you would change them if needed. For example, my VPN doesn’t have a domain name associated with it, so a IP works in this case.

The next part just displays the list of options for the user to choose from. You can add and remove these as needed.

The next part reads the user input and executes the appropriate if-block. I’ve put in several sleep commands to delay it a bit.

The main line that needs to be modified would be:

ssh -p 2022 -i ~/.ssh/testing-server-cert joseph@$TESTSERVER

where:

ssh is the actual Secure Shell command
-p 2022 is the port number (doesn’t need to be specified if defaulted to 22)
-i ~/.ssh/testing-server-cert is the absolute path to Notification your private key on that local computer where ~/ is starting from your home directory on Mac/*nix
joseph@TESTINGSERVER People which is the username and variable name (IP address) of the server defined at the top.

Running the Script

Now that we have the script written, you will need to save it with a .sh extension and make it read, write, and executable by the owner so if you named it logins.sh you would need to change to the directory you saved your script and run

chmod 700 logins.sh

Next, in order to actually run the script, just run

./logins.sh

within the directory that the script is located.

Alias Universal Access

Finally, if you do not want to cd (change directory) into the script directory each time, then you can put an alias in your .bash_profile (OS X) pointing it to your newly created login.sh script which allows you to access your login script from anywhere on the system. So if you saved login.sh to your home directory, you would do something like this

cd ~/
nano .bash_profile

(WITHIN NANO append this to  может  the end)
alias DOlogin="~/logins.sh"

(CTRL-X Yes Enter to save and exit)

source .bash_profile

Security vs Convenience

Now this is a convenient script, but you may cheap nfl jerseys be wondering about security. Well, you should always have a password protected private key to prevent unauthorized use and obviously keep this private key private! You should also Jersey set the appropriate permissions on your private key. Finally if someone has physical or remote access to your system, then you’re hosed anyway.

Originally, I wrote this article to submit to Digital Ocean’s Article Submission Program, but they rejected it because it wasn’t a popular enough topic, so I’m submitting it here. It was tested on Digital Ocean’s VPS running Ubuntu 14.04 Server, but should run on any non-Digital Ocean setup.

Introduction

When websites and services have unscheduled outages, that may lead to customers and end users losing faith in that service. Monitoring your server automatically can notify you of issues that can range from a bad configuration file, an over taxed server, or a network attack.

In this tutorial, we will set up a separate monitoring server using PHP Server Monitor to notify you when your website has an outage via e-mail, SMS, or push notifications. We will also set up a Pushover service (optional) on your smart device to receive your notifications as an alternative to SMS and email.

Prerequisites

In order to complete this tutorial, you will need a working website (we will use WordPress for our examples). We will set up our monitoring server on a separate droplet. These are the requirements and prerequisites needed for your separate droplet that should be followed in order:

Note: Ensure you remember your mySQL password

Note: Ensure you also install the PHP CLI and cURL modules with sudo apt-get install php5-cli php5-curl if you haven’t done so in the prerequisites.

Step 1 — the Firewall

Next, we will configure the firewall to ensure that port 80 (http) is open to allow web traffic to be allowed through our firewall using Ubuntu’s uncomplicated fire wall (ufw) which was established in one of the prerequisite tutorials.

Showing the status of our firewall is simple by running

sudo ufw status

Which should output this if you only have SSH allowable

To        Action     From
--        ------     ----
22        ALLOW      Anywhere
22 (v6)   ALLOW      Anywhere (v6)

To enable port 80, run this command

sudo ufw allow 80
sudo ufw enable

If it asks if you want to enable this operation, press Y for yes. Now you can run sudo ufw status and see that is now apart of your firewall rules.

Step 2 — The GitHub Platform

Git is software which developers use to store and collaborate on code which includes versioning. GitHub is a platform to store developer code. We will install git to download our PHP Server Monitor.

Installing Git

We will need to install git using

sudo apt-get  Grieks  install git

Enter your user’s password and press Y to install git.

Step 3 — Installing PHP Server Monitor

Installing PHP Server Monitor will require several steps including resolving dependencies, and modifying some configuration files.

Now that we have git installed, we’re ready to install PHP Server Monitor. We will store our PHP Server Monitor in the /var/www/html/phpservermon directory which is publicly accessible from the Internet:

sudo git clone https://github.com/phpservermon/phpservermon  wholesale MLB jerseys  /var/www/html/phpservermon

Installing PHP Server Monitor Dependencies

In order for PHP Server Monitor to work correctly, you will need to download Composer which is a dependency manager for PHP, specifically a composer.phar file. A phar file is also known a PHP Archive.

First, make a directory to store your composer-setup file with

sudo mkdir /opt/composer

Next, navigate to that directory

cd /opt/composer

Finally, run this command to install the composer module pressing Enter after each command.

sudo php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
sudo php -r "if (hash_file('SHA384', 'composer-setup.php') === '070854512ef404f16bac87071a6db9fd9721da1684cd4589b1196c3faf71b9a2682e2311b36a5079825e155ac7ce150d') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
sudo php composer-setup.php
sudo php -r "unlink('composer-setup.php');"

Note: The highlight hash above may be modified once developers update the repository. In order to get the correct hash, please visit Composer’s Website.

Now we will copy the composer.phar file into our web directory by forcing the overwriting of the phar file that comes with PHP Server Monitor with the -f option.

sudo cp -f composer.phar /var/www/html/phpservermon

Now we will run the composer.phar within our working web directory with

cd /var/www/html/phpservermon
sudo php composer.phar install

Configuring PHP’s Time Zone

In order for PHP Server Monitor to work correctly, we will need to edit your php.ini file and set the time zone to UTC.

sudo nano /etc/php5/apache2/php.ini file

And look for ;date.timezone = by pressing CTRL + W and searching for timezone via nano’s search function. Once found, modify it to

/etc/php5/apache2/php.ini
...
[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
date.timezone = UTC
...

Once modified, press CTRL + X to exit, Y to save, and Enter to confirm the same file name.

Now we will need to restart the web server with

sudo service apache2 restart

Step 4 — Configure the mySQL Database

Now we need to establish the database that our monitor will use. First, we need to create the database

sudo mysqladmin -p create servermonitor

You will be first prompted for your server’s password and then mySQL’s password you set in the prerequisites.

Next, login to your mySQL server with

mysql -u root -p

And your prompt should change to mysql> after your mySQL password has been entered.

Now we will grant all privileges to the usermonitor database user for our new servermonitor database

mysql > GRANT ALL ON servermonitor.* TO 'usermonitor'@'127.0.0.1' IDENTIFIED BY 'yourcustomP@ssw0rd';

Remember to change the highlighted above to a password of your choosing. The output should be:

Query OK, 0 rows affected (0.01 sec)

Now we need to reload our database and flush the privileges for it to take effect

mysql> FLUSH PRIVILEGES;

Which should give the same output.

Configuring the Database File

PHP Server Monitor uses a configuration file to store the mySQL database credentials. There is a sample file provided, but we will need to copy that over to correct file name

cp /var/www/html/phpservermon/config.php.sample /var/www/html/phpservermon/config.php

Step 5 — Configuring via the Web Interface

Now we’re ready to navigate to your Server Monitor and do some initial configurations. Open up a web browser and navigate to http://your_server_ip/phpservermon/install.php and you should see success messages if everything is configured correctly.

Successful PHP Server Monitor Installation

Click the Let’s Go button to configure your database and input the following settings into the form

Database Host: 127.0.0.1
Database Name: servermonitor
Database user: usermonitor
Database password: yourcustomP@ssw0rd
Table prefix: psm_

Click Save configuration

You should get a successful connection to your database.

Note: If you get a successful connection to your database, but the configuration file could not be written, you will have to manually edit you config.php file.

sudo nano /var/www/html/phpservermon/config.php

And paste this into your config file

              /var/www/html/phpservermon/config.php              
<?php
define('PSM_DB_HOST', '127.0.0.1');
define('PSM_DB_NAME', 'servermonitor');
define('PSM_DB_USER', 'usermonitor');
define('PSM_DB_PASS', 'yourcustomP@ssw0rd');
define('PSM_DB_PREFIX', 'psm_');

Once modified, press CTRL + X to exit, Y to save, and Enter to confirm the same file name.

Configuring the Administrator Role

The next page will allow you to configure the administrator role of PHP Server Monitor. Fill out the form with your username, password and email.

Once the form is submitted, you should get some messages on the status of your installation. Now you can click Go to your monitor to view the PHP Server Monitor’s web interface.

Monitoring Our WordPress Site

You can monitor any publicly facing website, but for now we will focus on WordPress. We will need navigate to the Servers tab in the web interface and click Add New. Give your server a label and domain name. For Type, select website.

You can optionally Workshops put in a search string that is always displayed on your website to ensure your webpages are actually being displayed. For example, if for some reason your WordPress’s database goes down, your blog will display “Error establishing a database connection” which is still considered as a valid HTTP 200 OK status. You cheap jerseys can input a search string on PHP Server Monitor like WordPress which is displayed in the footer of each page to resolve this edge case.

All the other dialogues have tips on what they mean and you can fill them out accordingly. Remember to give your administrator role the permissions to view the status.

Once done, save your configuration

Step 6 — Set up the Cron Job to Monitor every 15 minutes

Now we will need to set up a cron job which will automatically run every 15 minutes. To do this, login to your server and run

sudo crontab -e

Now will will append

*/15 * * * * /usr/bin/php /var/www/html/phpservermon/cron/status.cron.php

to the end of the file. Once modified, press CTRL + X to exit, Y to save, and Enter to confirm the same file name. If successful, run sudo crontab -l to display your crontab.

Once set up, this will check every 15 minutes if your website is up. If you want to ensure this works immediately, then you can click the Update tab in the web interface which will display the last time your server was online.

Sending Notification Emails via Google’s SMTP Server (Optional)

PHP Server Monitor has several notification options including sending an email if there is an issue with the Technology servers and services that we are monitoring. In this scenario, we will be using Google’s SMTP server which does require a Google Mail (Gmail) account. You can use any email server that you manage providing your specific email credentials, including setting up a email server along side of your PHP Server Monitor.

Email Configuration

First, navigate to your server monitor web interface and click the Config and then cheap NBA jerseys the Email sub-tab.

Enable the Allow sending email and Log emails sent by the script checkboxes.

Next, fill out the form:

Email from name: Server Monitor
Email from address: your_email@gmail.com
Enable SMTP: True
SMTP host: smtp.gmail.com
SMTP port: 465
SMTP security: SSL
SMTP username: your_email@gmail.com
SMTP password: yourcustomP@ssw0rd

Click test, and a dialogue will notify you that an email will be sent.

Note: If you get a Authentication Required error message, you may have to login to your Gmail Security settings and enable Allow less secure apps.

Step 7 — Sending Mobile Notifications via Pushover (Optional)

Pushover is a notification platform that can be used on Apple’s iOS and Google’s Android platform with a variety of apps that send notifications like Github, Drupal, WordPress, eBay, and our PHP Server Monitor. At the time of writing, the Pushover app has a free 7 day trial which then has a $4.99 in-app purchase.

Pushover Sign Up and Mobile App Installation

The first step is to create an account on Pushover’s Sign Up page. Once there, simply create an account with your email and a password. You will need to verify your Pushover account in your email client.

Next, go to your mobile device’s app store, and search for the Pushover app. Once installed, you can log in to the Pushover service on your mobile device. Ensure that you enable notifications from the Pushover app. Also, name your device so you can push notifications to specific mobile devices.

Configuring Pushover Notification on PHP Server Monitor

You will need to enable Pushover in your PHP Server Monitor with an unique API token, and your Pushover user key.

Requesting a Pushover API Key

Navigate and log in to your PHP Server Monitor page and click the Config tab and then the Pushover wholesale jerseys sub-tab. Click the Click here to create your Pushover app button which will take you to your Pushover account and pre-fill the required text boxes. From here, you can modify the information or keep them as is. Http://igrovye-online-avtomaty.com/ Check the Agree to the Terms of Pushover checkbox and click the Create Application button. The next page will display your API Token.

Note: Ensure that you keep your API token private.

Copy your token and paste this in the previous PHP Server Monitor page. On your PHP Server Monitor page, ensure the Allow sending Pushover messages is enabled. Click Test and Send. You should receive a test message on your mobile device.

Configuring the Pushover User Key

To do this, click the Users tab and then edit the account you want to enable Pushover for.

Next, you will need to log into your Pushover account and copy the user key.

Note: Ensure that you keep your user key private.

Paste your user key into the Pushover Key textbox and input the device you want your notifications sent to (leave blank to push to all devices).

Configuring Server Specific Notifications

Now that you enabled Pushover, you will need to enable Pushover Notifications on each server within PHP Server Monitor.

Open you PHP Server Monitor webpage and click the Servers tab. Edit the server you want to monitor and scroll down to the Monitoring Section. Select Yes for Pushover and save your configuration.

Testing Our Entire Configuration

If you want to ensure our entire configuration works, you can bring down your server by setting up a firewall rule to disable traffic to your site. If this is a production server, then you can just monitor your notifications throughout the week to see if you have any issues.

To disable traffic to your website, you can use

sudo ufw deny 80 # if using HTTP
sudo ufw deny 443 # if using HTTPS

Conclusion

In this guide, we installed PHP Server Monitor on a separate server to monitor our public facing websites. Optionally, we also set up email and Pushover notifications to notify us if our web servers go down. Since PHP Server Monitor is a ongoing project, you can check them out on their website which offers GitHub and SourceForge repositories.

I’ve cheap jerseys come cheap mlb jerseys to cheap jerseys realize Aug that ldquo normal Neuer people really don’t care about technology. Unless that person is a geek, they use it without any thought of how things actually work. Its frustrating getting normal people’s perspective on the tech world. On the flip side, I don’t know how a car really works. I know there is an engine and wheels, but how does it really work?

I bring this topic up because the other night, I tried explaining to my girlfriend how encryption works at a very high level of abstraction. Now I’m not an encryption expert, but I know enough without getting into the fine details. Her eyes glazed over and after a bit of a one way conversation she smiled and told me that I should mentor someone. Meh.

The issue is that like minded people who enjoy technology are like minded. The same way car enthusiasts enjoy talking about the same thing. Sometimes I like hearing someone else’s perspective to see how they see it. A fresh view of a topic is always nice. One day, un-like minded people will come together and converge on something great.