Setting up a SFTP Server on Windows

I recently had to create an SFTP server on our work development system, and after doing a fair bit of Googling on the topic found a good solution. The solution is a combination of research done at differnt sites. It is this solution that I am sharing in hopes that it will help someone else.

This tutorial will help you turn your Windows based system into a SecureFTP server.

Background

Secure Shell (SSH) is a program that lets you log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. When using ssh, the entire login session, including transmission of password, is encrypted and therefore is very secure.

You may have noticed that many webhosts allow ssh access. This means that you can login to their webserver and execute many UNIX commands (the ones they allow you access to) on your account. Not only can you connect to other computers that provide SSH access, but you can also allow others to connect to your computer using SSH.

To take this one step further, you can also turn your Windows PC into a Secure FTP (SFTP) server. SFTP is a program that uses SSH to transfer files. Unlike standard FTP, it encrypts both commands and data, preventing passwords and sensitive information from being transmitted in clear text over the Internet. It is similar to FTP, but because it uses a different protocol, you must use a FTP client that supports SFTP (more about that later).

Installing SSH on Windows

Most UNIX based systems (Linux and OSX) come with SSH preinstalled, so connecting to a remote host is very easy. However, if you run a Windows system, you need to download some additional software to make the SSH programs available to you. Fortunately a free open-source project called SSHWindows, provides a nice Windows installer that will setup the SSH client and Server on your system.

Your first step will be to download the Binary Installer Release from SSHWindows. Once downloaded, run the installer and be sure to install both the client and server components.

Configure the SSH Server

In this next step, I have summarized the information that is included with the readme.txt that is included with SSHWindows (it can be found in c:\program files\openssh\docs)

Your first configuration step is to set up the passwd file. You will need to set up the passwd file before any logins can take place.

Passwd creation is relatively easy and can be done using two programs that are included with SSHWindows – mkgroup and mkpasswd. Both of these programs are located in the c:\program files\openssh\bin directory.

To begin creating the group and passwd files, open a command prompt window and navigate to the c:\program files\openssh directory.

You must first create a group file. To add all local groups on your computer to the group file, type the command as shown below:

mkgroup -l >> ..\etc\group

You will now need to create a passwd file. Any users in the passwd file will be able to log on with SSH. For this reason, it is recommended that you add users individually with the -u switch. To add a user to the passwd file type the command shown below:

mkpasswd -l -u username >> ..\etc\passwd

NOTE: the username specified above must be an existing windows login account.

Creating Home Directories for you Users

In the passwd file, you will notice that the user’s home directory is set as /home/username, with username being the name of the account. In the default install, the /home directory is set to the default profile directory for all users. This is usually c:\documents and settings.

If you want to change this location you will need to edit the passwd file. The passwd file is in plain text and can be edited in Notepad or any text editor. The last two entries for each user are safe to edit by hand. The second to last entry (/home/username) can be replaced with any other directory to act as that user’s home directory. It’s worth noting that when you run SSH on windows, you are actually running SSH in a scaled down version of cygwin, which is a Unix emulator for Windows. So, if you will be placing the user somewhere outside the default directory for their Windows profile, you will need to use the cygdrive notation.

To access any folder on any drive letter, add /cygdrive/DRIVELETTER/ at the beginning of the folder path. As an example, to access the winnt\system32 directory on the *c:* drive you would use the path:

*/cygdrive/c/winnt/system32*

Connecting to your SFTP Server

To connect to your new SFTP server, you will need to download an FTP client that supports SFTP. I use Filezilla which is a nice free FTP and SFTP client. You might also try WinSCP which is another free SFTP client.

To test if your server is running, create a new connection in your client and specify SFTP as the server type, 22 as the port, and localhost or 127.0.0.1 as the server name. You will also need to provide the user account and password for any account that you added to your passwd file. Now connect to the server. If all went well, you should see a directory listing where you pointed the home folder to. If not, there are a couple of things to check. Make sure your Windows firewall is set to allow traffic over port 22 and finally double check your passwd file to make sure that the account you added is actually there.

Security

Because SSH allows access to only Windows user accounts, you can restrict access based upon NTFS file permissions. As such, SFTP does not provide for chroot jails (a Unix method for locking a user to his/her home directory). Simply lock down your filesystem for that user, and SFTP will respect that.

Summary

In the end, setting up an SFTP server turned out to be a very effortless task. With a couple of open source programs and a couple of command-line commands, you can up and running in no time at all!

July 10, 2008 Posted by lxcite | Windows | | No Comments Yet

Installing Apache, MySQL, and PHP on Linux

Apache, MySQL, and PHP have become one of the most utilized combinations for developing content driven websites. They are robust, flexible, provide a decent level of security, and they are available for many different platforms. That being said, lets get to building a web server.

Get the sourceballs -

The first thing you need to do is obtain the sourceballs for each package, we will be compiling each package from scratch here, and, while there are also binary packages available for some distributions, I find your end results are usually better when building each package for your machine. Make sure you get the source files.

Here are the links and the package versions available at the time this tutorial was written

Apache
URL : http://httpd.apache.org/download.cgi
Current Version – 2.0.48

MySQL
URL : http://www.mysql.com/downloads/mysql-4.0.html
Current Version – 4.0.16

PHP
URL : http://www.php.net/downloads.php
Current Version – 4.3.4

Ok, so you’ve got the files now what ?, well now the fun begins..

Installation –

The first thing we need to do is extract the sourceballs so we can work with the files included in them. Beginning now we will be working as root, so open a terminal window, change to the directory in which you saved your downloaded files and become root by issuing the su command, enter the root password and you should be good to go.

To extract the sourceballs type the following commands;

#tar -zxf httpd-2.0.48.tar.gz (enter)

#tar -zxf mysql-4.0.16.tar.gz (enter)

#tar -zxf php-4.3.4.tar.gz (enter)

The commands above will extract the sourceballs into their own separate directories. Now lets move on to compiling the source into usable programs. We’ll start with Apache.

Compiling Apache –

Change into the directory created when you untarred the sourceball as follows;

#cd httpd-2.0.48 (enter)

Follow this command by typing;

#./configure –prefix=/usr/local/apache2 –enable-mods-shared=most (enter)

This tells Apache to install in the /usr/local/apache2 directory, and to build most of the available loadable modules. There are a ton of options with Apache, but these should work for the most part. Once the configure is done and the system returns the prompt to you, issue the following command;

#make

This will take a few minutes, once the prompt comes back again issue the following command;

#make install

Wait for a few minutes and viola !, Apache is installed with the exception of a few minor changes we still need to make. They are as follows..

Issue the following command;

#vi /usr/local/apache2/conf/httpd.conf

Check to make sure the following line is present in the file at the bottom of the LoadModule list, if it is not there add it;

LoadModule php4_module modules/libphp4.so

Find the DirectoryIndex line and edit it so it looks like the following;

DirectoryIndex index.html index.html.var index.php

Find the AddType application section and add the following line;

AddType application/x-httpd-php .php

Thats it, save the file and we are done with Apache. Now, on to MySQL !

Compiling MySQL -

Change into the MySQL source directory as follows;

#cd mysql-4.0.16 (enter)

Follow this command by typing;

#./configure –prefix=/usr/local/mysql –localstatedir=/usr/local/mysql/data –disable-maintainer-mode –with-mysqld-user=mysql –enable-large-files-without-debug (enter)

Sit back and wait for a while while configure does its thing, once the system returns the prompt to you issue the following command;

#make (enter)

Unless you have a very fast machine this will take some time, so spend time with your family, grab a beer, go for a walk, or whatever you’re into. When you get back, assuming the system has returned the prompt to you issue the following command;

#make install (enter)

Cool !, MySQL is installed, there are only a couple things left to do to get it working, first we need to create a group for MySQL as follows;

#/usr/sbin/groupadd mysql (enter)

Then we create a user called mysql which belongs to the mysql group;

#/usr/sbin/useradd -g mysql mysql (enter)

Now we install the database files as follows;

#./scripts/mysql_install_db (enter)

Then we make a couple minor ownership changes;

# chown -R root:mysql /usr/local/mysql (enter)

# chown -R mysql:mysql /usr/local/mysql/data (enter)

Last but not least, we use vi to add a line the ld.so.conf file as follows;

#vi /etc/ld.so.conf

And we add the following line;

/usr/local/mysql/lib/mysql

Thats it, MySQL is installed, you can run it by issuing the following command;

#/usr/local/mysql/bin/mysqld_safe –user=mysql &

And as long as we’re here we might as well set a root password for MySQL as follows;

#/usr/local/mysql/bin/mysqladmin -u root password new_password

Where new_password is the password you want to use.

Ok, so far so good, on to PHP !

Compiling PHP -

Change into the PHP source directory as follows;

#cd php-4.3.4 (enter)

Follow this command by typing;

#./configure –prefix=/usr/local/php –with-apxs2=/usr/local/apache2/bin/apxs –with-mysql=/usr/local/mysql (enter)

Once the prompt comes back to you issue the following command;

#make (enter)

Hang out for awhile, and then yep, you guessed it, once you have the prompt back;

#make install (enter)

Once the install finishes and you have the prompt back issue the following command;

#cp php.ini-recommended /usr/local/php/lib/php.ini (enter)

Then edit that file;

#vi /usr/local/php/lib/php.ini (enter)

And change the following;

Find the doc_root section and enter the correct path for the directory which serves your web content, such as;

doc_root= “/usr/local/apache2/htdocs/”

(this is default for apache2)

Then find the file_uploads section and change it to reflect the following;

file_uploads=Off

(for security reasons)

Thats if for PHP, now lets see if it all works..

Testing –

Assuming your MySQL process is still running from earlier, lets start Apache by issuing the following command;

#/usr/local/apache2/bin/apachectl start (enter)

This starts the Apache web server, now change into the following directory;

#cd /usr/local/apache2/htdocs (enter)

And using vi create a file called test.php;

#vi test.php

Add the following line to the file;

<?php phpinfo(); ?>

Save the file, then fire up your browser and point it to localhost/test.php. You should see a listing of all kinds of cool info about Apache, PHP, etc. If you do then your set !, if you don’t, then take a look at your logs for Apache and MySql, and remember Google is your friend. But hopefully you do, and now you have a fully functioning setup.

Ok, one last step and we’ll be done, you have everything running now, but you had to start Apache and MySql manually, that’s something you don’t want to have to remember to do everytime you reboot your machine, so lets fix it.

Starting Apache and MySQL Automatically –

Lets start with MySQL, as root make your working directory that of the MySQL source directory you worked with earlier, something similar to;

#cd /home/xxxx/mysql-4.0.16 <enter>

Then, copy the file mysql.server to your /etc/init.d directory as follows;

#cp support-files/mysql.server /etc/init.d/mysql

Ok, lets create some links in the startup folders for run levels 3 and 5.

#cd /etc/rc3.d <enter>

#ln -s ../init.d/mysql S85mysql <enter>

#ln -s ../init.d/mysql K85mysql <enter>

#cd /etc/rc5.d <enter>

#ln -s ../init.d/mysql S85mysql <enter>

#ln -s ../init.d/mysql K85mysql <enter>

#cd ../init.d <enter>

#chmod 755 mysql <enter>

Thats it for MySQL, it should start automatically now when you reboot your machine. Now lets do the same for Apache, still as root make your working directory that of the Apache binaries as follows;

#cd /usr/local/apache2/bin <enter>

Then, copy the file called apachectl as follows;

#cp apachectl /etc/init.d/httpd <enter>

Now, for some more links;

#cd /etc/rc3.d <enter>

#ln -s ../init.d/httpd S85httpd <enter>

#ln -s ../init.d/httpd K85httpd <enter>

#cd /etc/rc5.d <enter>

#ln -s ../init.d/httpd S85httpd <enter>

#ln -s ../init.d/httpd K85httpd <enter>

And thats it for Apache !, it should start automatically along with MySQL the next time you boot your machine.

That brings us to the end of this tutorial, hopefully you found it helpful, and Good Luck !

June 27, 2008 Posted by lxcite | Installing Apache, Linux, MySQL, PHP on Linux | | No Comments Yet

Configure DNS Server

This tutorial shows a simple DNS configuration steps (for a single domain only).

Domain name: e-security.co.in

Ip address: 192.168.1.22

1.) vi /etc/named.conf

=> for fast shortcut–>

–> goto 37th line

–> type <esc>11yy

–> goto 47th line

–> press p

File Contents

zone “e-security.co.in” IN {

type master;

file “e-security.co.in.for”;

allow-update { none; };

};

zone “1.168.192.in-addr.arpa” IN {

type master;

file “e-security.co.in.rev”;

allow-update { none; };

};

2.) cd /var/named/chroot/var/named/

=>make duplicate of localhost.zone and rename it as “e-security.co.in.for”

=>make duplicate of named.local and rename it as “e-security.co.in.rev”

3.) vi e-security.co.in.for

@ IN SOA @ root.e-security.co.in. (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS ns1.e-security.co.in.

IN A 192.168.1.22

ns1 IN A 192.168.1.22

www IN A 192.168.1.22

4.) vi e-security.co.in.rev

@ IN SOA e-security.co.in. root.e-security.co.in. (

1997022700 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ) ; Minimum

IN NS e-security.co.in.

22 IN PTR e-security.co.in.

5.) vi /etc/resolv.conf

nameserver 192.168.1.22

search e-security.co.in

6.) vi /etc/hosts

127.0.0.1 localhost.localdomain localhost

192.168.1.22 e-security.co.in

7.) vi /etc/sysconfig/network

NETWORKING=yes

HOSTNAME=e-security.co.in

8.) service named restart

9.) service network restart

TEST YOUR DNS SERVER

10.) nslookup www.e-security.co.in

11.) dig www.e-security.co.in

June 27, 2008 Posted by lxcite | Configure DNS Server, Linux | | No Comments Yet

Windows Is Still More Reliable Than Linux On The Server

Windows Server and Linux are growing up fast, but they still aren’t a match for the solid, stable Unix systems on the high-end of the server scale.

That’s the conclusion of a report from The Yankee Group, which released it 2006 Global Server Reliability Survey on Wednesday. The report compared a number of server operating systems in areas of reliability, down time and recovery.

It found that Windows Server 2003 showed the highest reliability gains, surpassed only by mature Unix-based server operating systems like HP-UX from Hewlett-Packardand Sun Solaris 10 from Sun Microsystems.

Windows Server 2003 had nearly 20 percent more annual uptime in similar deployment scenarios over Red Hat Enterprise Linux.

RELATED ARTICLES

Red Hat Finds a Social Ladder of Sorts
Sun Embraces Linux With New Java License
HP Backs Carrier Grade Debian GNU/Linux
For more stories on this topic:

The Yankee Group found that corporate Linux, Windows and Unix servers experience on average three to five failures per server per year, resulting in 10.0 to 19.5 hours of annual downtime for each server. The down time for Linux systems was longer not due to a software failure, but because Linux often isn’t as well-known or that well documented.

“One of the reasons for extended down time often had nothing to do with performance and reliability of the OS,” said Laura DiDio, research fellow for application infrastructure and software platforms at The Yankee Group.

“The one random element I can’t emphasize enough is I think some of the disparity we see between Red Hat Linux down time and Windows and Unix comes not so much from any inherent flaws in the Linux core kernel, but the unfamiliarity of some of the network administrators with Linux.”

When a Linux system fails, it can sometime send a Linux administrator, who likely has less years of experience than a Sun or IBM Unix veteran, scouring the Internet for documentation or a fix.

LATEST NEWS

Analysts to Microsoft: ‘Yahoo? Time to Move On’
Those Creeping Unified Communications
Stocks End the Week on Top
When ‘Poking’ on Facebook, Manners Matter
Government Not Driving IPv6 for Enterprise

Overall, DiDio said, all of the server operating system environments have shown markedly improved reliability in recent years, both in hardware and software. The improvements in hardware from Dell, HP and other vendors has given the operating systems a better base on which to run.

This in turn helps the software, which has also improved. With each new release of the Windows server since Windows 2000 was released in 1999, Microsoft has showed a 20 to 30 percent improvement in reliability, said DiDio.

The poorest performing operating system was Debian GNU/Linux, while SUSE Linux from Novell had the best performance, even topping some of the big Unixes. But it’s used so little as to be statistically irrelevant, said DiDio.

Another reason Linux may prove shakier is that many shops, more than 50 percent in this survey, were making some level of customization to their Linux environment. Making changes to the kernel and underlying system increases the chances for breakage somewhere in the system.

But don’t unplug the mainframe just yet. In terms of power, performance and reliability, DiDio said the only thing that could come close to mainframe performance is the high-end Unix systems from Hewlett-Packard, Sun and IBM. “And even that is debatable.”

June 27, 2008 Posted by lxcite | Linux, Servers, Windows | | No Comments Yet

Intel® Centrino® Duo Processor Technology with Intel® Core2 Duo Processor

pdf

June 27, 2008 Posted by lxcite | Processor | | No Comments Yet