Webmin SSL certificate

Posted by root on Monday Nov 11, 2013 Under Bash, Centos, Debian, Linux, SSH

This happens because the default SSL certificate that is generated by webmin is not issued by a recognized certificate authority. From a security point of view, this makes the certificate less secure because an attacker could theoretically redirect traffic from your server to another machine without you knowing, which is normally impossible if using a proper SSL certificate. Network traffic is still encrypted though, so you are safe against attackers who are just listening in on your network connection.

If you want to be really sure that the Webmin server you are connecting to is really your own, the only solution is to order a certificate from an authority like Verisign that is associated with your server’s hostname and will be recognized web browsers. This certificate should be placed in the file /etc/webmin/miniserv.pem and be in the same certifcate+key format as the existing miniserv.pem file.

To request a certificate, follow these steps :


Run the command

openssl genrsa -out key.pem 2048

This will create the file key.pem which is your private key

Run the command

openssl req -new -key key.pem -out req.pem

When it asks for the common name, be sure to enter the full hostname of your server as used in the URL, like www.yourserver.com. This will create the file req.pem, which is the certificate signing request (CSR)
Send the CSR to your certificate authority by whatever method they use. They should send you back a file that starts with —–BEGIN CERTIFICATE—– which can be put in the file cert.pem.

Combine the private key and certificate with the command cat key.pem cert.pem

/etc/webmin/miniserv.pem

Re-start webmin (making sure it is in SSL mode) to use the new key.

Tags : , , | add comments

Install KVM QEMU Virtual Machines in Debian

Posted by root on Sunday Oct 20, 2013 Under Bash, Linux, SSH, Ubuntu, VM

Introduction

KVM is a full virtualization solution for Linux on x86 (64-bit included) hardware containing virtualization extensions (Intel VT or AMD-V). It consists of a loadable kernel module, kvm.ko, that provides the core virtualization infrastructure and a processor specific module, kvm-intel.ko or kvm-amd.ko.

In Debian, Xen and VirtualBox are alternatives to KVM.

 

Installation

Install the qemu-kvm package with apt-get or aptitude, e.g. using this command:

 

aptitude install qemu-kvm libvirt-bin

The daemon libvirt-bin daemon will start automatically at boot time and load the appropriate kvm modules, kvm-amd or kvm-intel, which are shipped with the Linux kernel Debian package. If you intend create VMs from the command-line, install virtinst.

In order to be able to manage virtual machines as regular user you should put this user into the libvirt group:

 

adduser youruser libvirt

 

Setting up bridge networking

It can be useful to set up a bridge for the KVM VMs as described here at QEMU page.

 

Managing VMs from the command-line

You can then use the virsh(1) command to start and stop virtual machines. VMs can be generated using virtinst. For more details see the libvirt page. Virtual machines can also be controlled using the kvm command in a similar fashion to QEMU.

 

Managing VMs with a GUI

On the other hand, if you want to use a graphical UI to manage the VMs, you can use the Virtual Machine Manager virt-manager.

apt-get install virt-manager

 

Migrating guests to a Debian host

 

Migrating guests from RHEL/CentOS 5.x

There are a few minor things in guest XML configuration files (/etc/libvirt/qemu/*.xml you need to modify:

  • Machine variable in <os> section should say pc, not rhel5.4.0 or similar
  • Emulator entry should point to /usr/bin/kvm, not /usr/libexec/qemu-kvm

In other words, the relevant sections should look something like this:

 

  &lt;os&gt;
    &lt;type arch='x86_64' machine='pc'&gt;hvm&lt;/type&gt;

  --- snip ---

  &lt;devices&gt;
    &lt;emulator&gt;/usr/bin/kvm&lt;/emulator&gt;

If you had configured a bridge network on the CentOS host, please refer to this wiki article on how to make it work on Debian.

 

Troubleshooting

No network bridge available

virt-manager uses a virtual network for its guests, by default this is routed to 192.168.122.0/24 and you should see this by typing ip route as root.

If this route is not present in the kernel routing table then the guests will fail to connect and you will not be able to complete a guest creation.

Fixing this is simple, open up virt-manager and go to “Edit” -> “Host details” -> “Virtual networks” tab. From there you may create a virtual network of your own or attempt to fix the default one. Usually the problem exists where the default network is not started.

cannot create bridge ‘virbr0’: File exists:

To solve this probelm you may remove the virbr0 by running:

brctl delbr virbr0

Open virt-manager and go to “Edit” -> “Host details” -> “Virtual networks” start the default network.

You can check the netstatus

virsh net-list --all

 

Optionally, you can use bridge network BridgeNetworkConnections

 

See also

 

External links


 

CategorySystemAdministration

Tags : | add comments

Stop / Restart / Start Open SSH Server

Posted by root on Monday Jun 17, 2013 Under Bash, Remote Access, SSH

Ubuntu Linux: Start OpenSSH Server

Type the following command:
$ sudo /etc/init.d/ssh start
OR
$ sudo service ssh start

Ubuntu Linux: Stop OpenSSH server

Type the following command:
$ sudo /etc/init.d/ssh stop
OR
$ sudo service ssh stop

Ubuntu Linux: Restart OpenSSH server

Type the following command:
$ sudo /etc/init.d/ssh restart
OR
$ sudo service ssh restart

Ubuntu Linux: See status of OpenSSH server

Type the following command:
$ sudo /etc/init.d/ssh status
OR
$ sudo service ssh status

Controlling sshd using upstart based commands

Since the script /etc/init.d/ssh has been converted to an Upstart based job, try the following commands to start / stop / restart the OpenSSH server:

Stop/Start/Restart the OpenSSH using the following commands

The syntax is:

 
sudo stop ssh
sudo start ssh
sudo restart ssh
sudo status ssh

Source: http://www.cyberciti.biz/faq/howto-start-stop-ssh-server/
Tags : | add comments