Posts tagged machine
VirtualBox Manager Pro – Public Key Authentication
May 18th
VirtualBox Manger was released a couple of days ago offering ssh access to remote host machines. The application controls up to seven virtual machines on the host machine. Up to seven different host machines can be configured in VirtualBox Manager. The standard application was released for free, and it will remain free. The current version has practically no bugs, at least any that I am aware of. I will continue to support it, but I will shift my development focus to the Pro version.
VirtualBox Manager Pro currently supports DSA encrypted login. Once the user logs into a host, using password authentication, the menu contains options to generate a new DSA key, and upload it to the host machine. Uploading it to the host machine automatically appends it to the users authorized_keys2 file. Once uploaded VirtualBox Manger will automatically use DSA encrypted authentication to connect to the host. VirtualBox Manager pro is design to use a single encryption key for all configured hosts.
VirtualBox Manger Pro will be released at 19.99 and is targeting corporate level IT departments. When it is released it will encrypt the passwords stored in the applications settings, and will also prompt for a password to gain access to the application. This feature will be enabled or disabled based on security requirements. Also there will be an options dialog to choose the size of the encryption key to generate; it is currently set at 1024 bytes.
In time I will enhance the UI. I want to add a variety of notifications throughout the application to enhance communication, troubleshooting, and general usability.
VirtualBox Manager Pro will be released soon to the Android Marketplace.
VirtualBox Manager – Version 44MPG
May 17th
VirtualBox Manager was released two days ago and several updates have been published since then.
- I have fixed a bug on the delete hosts page
- Enhanced the header images on the delete hosts page and machine page
- Tweaked the keyboards in the input data menus
- Added references to the host as well as the machine in various dialog headers
- Some code cleanup trying to do more in the oncreate rather than in methods
- Fixed a bug in the help pages and customized the info respectively
As mentioned, therefore is a lot of code I have already written dealing with rsa key login. Now that the program is in a stable release state I plan to cleanup the code and then start looking at completing encrypted login features.
Remote Server Management in Local Facility – LTSP
Feb 13th
I’m using LTSP to manage a server remotely in a local facility. I setup an LTSP server on the host machine, and will place it in an air-conditioned room to preserve longevity. I configured a machine, of much lower power, to PXE boot from the server. There are several nuances to setting up an LTSP server. Once all is done you realize that it is less complicated that is can or needs to be. When things go right there is essentially three step in total. First:
sudo apt-get install ltsp-server-standalone
This installs the works. Then configured dhcp.
sudo nano /etc/ltsp/dhcpd.conf
Config the subnet to the same that you are using on your router. Clearly if your routers local ip is 192.168.0.1 your subnet would be 192.168.0.0. Then set a range. Make sure you turn off the dhcp servers in any and all routers connected to the network. You need the dhcp server on the machine to be the sole and only. Set the “next-server” option to the came local ip address of the server. Then set the rest of the options; domain, default gateway, dns…. Then reboot the server:
sudo /etc/init.d/dhcp3-server restart
Build the clients:
sudo ltsp-build-client
Thats really all there is to it. I’ve found that problems do arise, and instead of trying to fix them just purge all the installed applications and start over.
sudo apt-get remove --purge ltsp-server-standalone ltsp-server xinetd
One time I was stuck because there were two tftp inet servers, openbsd-inetd and inetd-hpa. They were conflicting. Then purge the autoremove function:
sudo apt-get --purge autoremove
Then start over installing ltsp-server-standalone. You can test your ltsp server using VirtualBox. Just like a real machine set the boot sequence to network as the first option. Now hook up a fancy monitor that can support 1920×1080 to the relatively low powered machine in the other room, and remotely manage your server from a pseudo local desktop environment.
Lock Down IP Addresses – SSH and Else
Jan 26th
If you know the IP addresses that will be connecting to your machine, lock them down. Use the hosts.allow file as follows.
sshd : localhost : allow
sshd : 192.168.3. : allow
sshd : 192.168.1. : allow
sshd : ALL : deny
Using sshd : ALL : deny and listing various allow rules blocks everything other than the allowed rules. Therefore using sshd : IP : allow you will be able to connect to the machine from that IP only and everything else will be rejected. This procedure will substantially increase the security of the server.