UBUNTU 10.04 - Hiding users at grafic login screen

I had a problem since I created some additional users for particular tasks but I didnt want they were shown in the login screen.
Edit this file

fem@rodizio:~$ sudo vi /etc/gdm/custom.conf


adding this lines

[greeter]
Exclude=user1,user2,user3,nobody

where user1, user2 and user3 are users to hide at login screen; nobody must be added otherwise it will be shown.
Then reboot..

SOCKS5 Proxy for secure browsing

If you use to connect from open access internet points and you have a valid account on a SSH server , in my case I can use a simple modified router a Pirelli AGA (mounting linux and a valid SSH server) to do so.

From the shell of the client

fem@rodizio:~$ ssh USER_SERVERSSH@SERVERSSH -p 1022 -D 2100

"-p 1022" since my ssh service listen on this port (the default one is 22)
"-D 2100" tells the SSH client (localhost) to listen at this port to listen our browser requests.

We have only to go on browser settings (ie, opera, firefox ,chrome etc) and indicate that we use a socks5 proxy indicating as ip "localhost" and as port "2100"

that's all

OPENWRT - Reverse tunnel with SSH

I want to reach a router that is connected to the net using like gateway a USB dongle, the problem is that my network provider use a NAT that doesn't allow to reach the dongle with a public ip.
The solution is a "reverse tunnel" (in this case with SSH) that is initiate from the remote host we want to reach (the OpenWRT router) to a SSH server that in my case is an Ubuntu 10.04 box.
OPENWRT use as SSH client dropbear, a lightweight version that is compatible with public key authentication of the standard openSSH.


Generate a valid public key on the OpenWRT router with dropbear in .ssh folder . NO PUBLIC KEY FILES HAVE TO BE INSIDE THIS FOLDER OTHERWISE DROPBEARKEY WILL GENERATE AN ERROR!!

root@OpenWrt:~/.ssh# cd /root/.ssh/
root@OpenWrt:~/.ssh# dropbearkey -t rsa -f id_rsa


The output shold be something like that

root@OpenWrt:~/.ssh# dropbearkey -t rsa -f id_rsa
Will output 1024 bit rsa secret key to 'id_rsa'
Generating key, this may take a while...
Public key portion is:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgwCZfO3SRHCmekstO+tLRS4Yj3a0/8tCeWgXbQLI+3dv+wqZKS1wfOlLviRA9yj124CoAAAAB3NzaC1yc2EAAAADAQABAAAAgwCZfO3SRHCmekstO+tLRS4Yj3a0/8tCeWgXbQLI+3dv+wqZKS1wfOlLviRA9yj124Co
V6GRZbzPmJ+b root@OpenWrt
Fingerprint: md5 ac:a4:aa:f8:a2:a7:e8:ae:b9:ad:aa:2e:a4:eb:a0:a7


Copy the string of the generated public key in authorized_keys in the .ssh folder of the SSH server (ssh-rsa ..... root@OpenWrt) , I used scp command but you can do it in every way , by hand for example.


root@OpenWrt:~/.ssh# cd /root/.ssh/
root@OpenWrt:~/.ssh# scp -P 1022 authorized_keys USER_SERVER@SERVERSSH:/home/USER_SERVER/.ssh/

Now it should be possible to authenticate with the public key and without password

Note that this 2 commands are equivalent with the dropbear client

root@OpenWrt:~/.ssh# dbclient -i ~/.ssh/id_rsa -y -p 1022 USER_SERVER@SERVERSSH #equivalent to
root@OpenWrt:~/.ssh# ssh -i ~/.ssh/id_rsa -y -p 1022 USER_SERVER@SERVERSSH

This is the command to make the tunnel ssh run in background (this is necessary if you want to put it in a script)


/usr/bin/dbclient -f -N -R 1500:localhost:22 -p 1022 USER_SERVER@SERVERSSH -i /root/.ssh/id_rsa -y


Now logging in the SSH server shell with this command we will be able to reach the OpenWRT shell using port 1500 of the SSH server and using the tunnel we have create.


USER_SERVER@SERVERSSH:~/ssh root@localhost -p 1500


SSH automatic authentication without inserting password

We start with 2 ubuntu box's 10.04 , one is the server (SERVER_SSH) the other is the client (CLIENT_SSH).
Both box's have not .ssh folder in their home directory.

On the CLIENT_SSH:
make .ssh folder in the home directory

user@CLIENT_SSH:~$ mkdir ~/.ssh

generating id_rsa.pub public key

user@CLIENT_SSH:~$ cd ~/.ssh
user@CLIENT_SSH:~$ ssh-keygen -t rsa

copying content of id_rsa.pub in the authorized_keys file using cat command (can do it also by hand copying and pasting)

user@CLIENT_SSH:~$ cd ~/.ssh
user@CLIENT_SSH:~$ cat ~/.ssh/id_rsa.pub >> authorized_keys

add the ssh client

user@CLIENT_SSH:~$ssh-add




On the SERVER_SSH:

make sure the /etc/ssh/sshd_config file allow this kind of authentication

otheruser@SERVER_SSH:~$ vi /etc/ssh/sshd_config

the following parameters must be set on 'yes'

RSAAuthentication yes
PubkeyAuthentication yes


make .ssh folder in the home directory

otheruser@SERVER_SSH:~$ mkdir ~/.ssh

copying the client authorized_keys file to the server (-P 1022 its only for me since the ssh service is listening on this port, otherwise put 22 here)

restarting ssh server

otheruser@SERVER_SSH:~$ /etc/init.d/ssh restart

Now, should be possible authentication without inserting password at prompt.

Blocking websites on OpenWRT

If you have an openwrt router that is your gateway and you dont want to let users access some websites, you must edit the file dnsmasq.conf:


root@OpenWrt:~# vi /etc/dnsmasq.conf


adding this line:


#### Blocked website internet.tre.it ####
address=/internet.tre.it/127.0.0.1


then restarting dnsmasq service


root@OpenWrt:~# /etc/init.d/dnsmasq restart


that's all.