Archive for December, 2011

OpenSSH from Linux to Windows 7 via tunneled RDP

December 27, 2011

I recently acquired a new second hand Asus laptop from my work,
that will be performing a handful of responsibilities on one of my networks.

This is the process I took to set up OpenSSH on Cygwin running on the Windows 7 box.

I won’t be going over the steps to tunnel RDP as I’ve already done this in another post

Make sure your LAN Manager Authentication Level is set as high as practical.
Keeping in mind, that some networked printers using SMB may struggle with these permissions set to high.

  1. Windows Firewall -> Allowed Programs -> checked Remote Desktop.
  2. System Properties -> Remote tab -> turn radio button on to at least “Allow connections from computers running any version of Remote Desktop”
    If you like, this can be turned off once SSH is set-up, or you can just turn the firewall rule off that lets RDP in.

CopSSH which I used on my last set of Linux to Windows RDP via SSH set-ups is no longer free.
So I’m not paying for something I can get for free, but with a little extra work involved.

So I looked at some other Windows SSH offerings

  1. freeSSHd which looked like a simple set-up, but it didn’t appear to be currently maintained.
  2. OpenSSH the current latest version of 5.9 released September 6, 2011
    A while back OpenSSH wasn’t being maintained. Looks like that’s changed.

OpenSSH is part of Cygwin, so you need to create a
c:\cygwin directory and download setup.exe into it.

    1. Right click on c:\cygwin\setup.exe and select “Run as Administrator”.
      Click Next.
    2. If Install from Internet is not checked, check it. Then click Next.
    3. Accept the default “Root Directory” of C:\cygwin. Accept the default for “Install For” as All Users.
    4. Accept the default “Local Package Directory” of C:\cygwin.
    5. Accept the default “Select Your Internet Connection” of “Direct Connection”. Click Next.
    6. Select the closest mirror to you. Click Next.
    7. You can expand the list by clicking the View button, or just expand the Net node.
    8. Find openssh and click the Skip text, so that the Bin check box for the item is on.
    9. Find tcp_wrappers and click the Skip text, so that the Bin check box for the item is on.

If you selected tcp_wrappers and get the “ssh-exchange-identification: Connection closed by remote host” error,
you’ll need to edit /etc/hosts.allow and add the following two lines before the PARANOID line.

ALL: 127.0.0.1/32 : allow
 ALL: [::1]/128: allow

These lines were already in the /etc/hosts.allow

(optional) find the package “diffutils”, click on the word “skip” so that an x appears in Column B,
find the package “zlib”, click on the word “skip” (it should be already selected) so that an x appears in Column B.

Click Next to start the install.
Click Next again to… Resolving Dependencies, keep default “Select required packages…” checked.
At the end of the install, I got the “Program compatibility Assistant” stating… This program might not have installed correctly.
I clicked This program installed correctly.

Add an environment variable to your Systems Path variable.
Edit the Path and append ;c:\cygwin\bin

Right click the new Cygwin Terminal shortcut and Run as administrator.
Make sure the following files have the correct permissions.

/etc/passwd -rw-r–r–
/etc/group -rw-r–r–
/var drwxr-xr-x

Create a sshd.log file in /var/log/

touch /var/log/sshd.log
chmod 664 /var/log/sshd.log

Run ssh-host-config

  1. Cygwin will then ask Should privilege separation be used? Answer Yes
  2. Cygwin will then ask Should this script create a local user ‘sshd’ on this machine? Answer Yes
  3. Cygwin will then ask Do you want to install sshd as service? Answer Yes
  4. Cygwin will then ask for the value of CYGWIN for the daemon: []? Answer ntsec tty
  5. Cygwin will then ask Do you want to use a different name? Answer no
  6. Cygwin will then ask Please enter a password for new user cyg_server? Enter a password twice and remember it.

replicate your Windows user credentials with cygwin

mkpasswd -cl > /etc/passwd
mkgroup --local > /etc/group

I think (although I haven’t tried it yet) when you change your user password, which you should do regularly,
you should be able to run the above 2 commands again to update your password.
As I haven’t done this yet, I would take a backup of these files before I ran the commands.

to start the service, type the following:

net start sshd

Test SSH

ssh localhost

When you make changes to the /etc/sshd_config,
because it’s owned by cyg_server, you’ll need to make any changes as the owner.
I added the following line to the end of the file:

Ciphers blowfish-cbc,aes128-cbc,3des-cbc

As it sounds like Blowfish runs faster than the default AES-128

There are also a collection of changes to be made to the /etc/sshd_config

for example:

  • Change the LoginGraceTime to as small as possible number.
  • PermitRootLogin no
  • Set PasswordAuthentication to no once you get key pair auth set-up.
  • PermitEmptyPasswords no
  • You can also setup AllowUsers and DenyUsers.

The options available are here in the man page (link updated 2013-10-06).
This is also helpful, I used this for my CopSSH setup.

Open firewalls TCP port 22 and close the RDP port once SSH is working.

As my blog post says:
ssh-copy-id MyUserName@MyWindows7Box

I already had a key pair with pass phrase, so I used that.
Now we should be able to ssh without being prompted for a password, but instead using key pair auth.

http://pigtail.net/LRP/printsrv/cygwin-sshd.html
http://www.petri.co.il/setup-ssh-server-vista.htm
http://www.scottmurphy.info/open-ssh-server-sshd-cygwin-windows

Tags:, , , ,
Posted in GNU/Linux, Microsoft, Networking, Security, SSH | 2 Comments »

JavaScript Reserved Words

December 19, 2011

Funnily enough, most of these are not used in the language.
They cannot be used to name variables or parameters.
In saying that,
I did some testing below and that statement’s not entirely accurate.

Usage of keywords in red should be avoided.

Reserved Keyword Comments
abstract  no
boolean  no
break  yes
byte  no  No type of byte in JavaScript
case  yes
catch  yes
char  no  JavaScript doesn’t have char. Use string instead
class  no  technically JavaScript doesn’t have class
const  no  no const, but read-only can be implemented
continue  yes
debugger  yes
default  yes
delete  yes
do  yes
double  no  JavaScript only has number (64 bit floating point)
else  yes
enum  no
export  no
extends  no
false  yes
final  no
finally  yes
float  no  JavaScript only has number (64 bit floating point)
for  yes
function  yes
goto  no
if  yes
implements  no  JavaScript uses prototypal inheritance. Reserved in strict mode
import  no
in  yes
instanceof  yes
int  no  JavaScript only has number (64 bit floating point)
interface  no  technically no interfaces, but they can be implemented. Reserved in strict mode
let  no Reserved in strict mode
long  no  JavaScript only has number (64 bit floating point)
native  no
new  yes  use in moderation. See comments in Responses below
null  yes
package  no Reserved in strict mode
private  no  access is inferred. Reserved in strict mode
protected  no  JavaScript has privileged, but it’s inferred. Reserved in strict mode
public  no  access is inferred. Reserved in strict mode
return  yes
short  no  JavaScript only has number (64 bit floating point)
static  no Reserved in strict mode
super  no
switch  yes
synchronized  no
this  yes
throw  yes
throws  no
transient  no
true  yes
try  yes
typeof  yes
var  yes
volatile  no
void  yes
while  yes
with  yes
yeild  no Reserved in strict mode

When reserved words are used as keys in object literals,
they must be quoted.
They cannot be used with the dot notation,
so it is sometimes necessary to use the bracket notation instead.
Or better, just don’t use them for your names.

var method;                  // ok
var class;                   // illegal
object = {box: value};       // ok
object = {case: value};      // illegal
object = {'case': value};    // ok
object.box = value;          // ok
object.case = value;         // illegal
object['case'] = value;      // ok

I noticed in Doug Crockfords JavaScript The Good Parts
in Chapter 2 under Names, where he talks about reserved words.
It says:
“It is not permitted to name a variable or parameter with a reserved
word.
Worse, it is not permitted to use a reserved word as the name of an object
property in an object literal or following a dot in a refinement.”

I tested this in Chrome and FireFox with the following results.

var private = 'Oh yuk'; // if strict mode is on: Uncaught SyntaxError: Unexpected strict mode reserved word
var break = 'break me'; // Uncaught SyntaxError: Unexpected token break

 

var myFunc = function (private, break) {
   // if strict mode is on or off: Uncaught SyntaxError: Unexpected token break
   // strangly enough, private is always fine as a parameter.
}

 

var myObj = {
   private: 'dung', // no problem
   break: 'beetle' // no problem
}
console.log('myObj.private: ' + myObj.private) // myObj.private: dung
console.log(' myObj.break: ' + myObj.break); // myObj.break: beetle

 

JavaScript also predefines a number of global variables and functions
that you should also avoid using their names for your own variables and functions.
Here’s a list:

  • arguments
  • Array
  • Boolean
  • Date
  • decodeURI
  • decodeURIComponent
  • encodeURI
  • encodeURIComponent
  • Error
  • eval
  • EvalError
  • Function
  • Infinity
  • isFinite
  • isNaN
  • JSON
  • Math
  • NaN
  • Number
  • Object
  • parseFloat
  • parseInt
  • RangeError
  • ReferenceError
  • RegExp
  • String
  • SyntaxError
  • TypeError
  • undefined
  • URIError

Tags:,
Posted in JavaScript, Scripting, Uncategorized, Web | 2 Comments »

DVCS vs CVCS

December 3, 2011

Some differences between Distributed Version Control Systems (DVCS) and Centralised Version Control Systems (CVCS)

The central server dilemma

I hear a number of people being fearful about what they hear about DVCS not having a central repository.
In most cases this is not entirely true.
There are a number of DVCS models that work very well utilising one or more central servers.
In fact all the DVCS I’ve worked with or set-up have used one or more central repositories.

One of the key differences between Distributed and Centralised.
Is with distributed, the authoritative or central source is the source you want it to be, rather than being constrained by the system into having to have your source in one place.
There has been occasions where we have had to use one of the developers local repositories when the central server has been down.
This is simply making a decision that the entire team is aware of, that you are going to push / pull to / from an alternative repository.
Hg has it’s own inbuilt web server, so this is very easy to do.

One of the big advantages with a DVCS is the flexibility.
With increased flexibility and power, comes the increased likelihood of someone screwing something up.
Personally I’d much rather have the extra flexibility.

Branching Merging

Is easy and encouraged in DVCS.
DVCS are designed with branching and merging to be a common task.
Therefore they do it well, and some of the paranoia around this concept is no longer justified when you go distributed.

Mercurial (Hg) vs Git commits

Both Hg and Git are distributed.
Git has this extra step between your working directory and your repository called the Index (strangely enough)
All changes in git go into a staging area, then into your repository.
The index is used to combine a set of changes that you want to commit as one operation.
When you commit, what is committed is the contents of your index rather than your working directory.

The idea of the index, is that some of the history is erased once a commit is made, as multiple changes and their details are wrapped into a single commit.
There is a philosophical debate as to which way is better.
Is it better to have every change recorded, or is it better to have a bunch of changes wrapped into an atomic change, so that some detail is negated.
I’m kind of on the fence about this one, as I think there are pros and cons for both arguments.

Interfacing with Hg and Git for Windows users

There are currently several options here.

command line

file explorer

  1. TortoiseHg
  2. TortoiseGit
  3. GitExtensions for Explorer and Visual Studio integration

For Visual Studio users

  1. Git Source Control Provider also http://gitscc.codeplex.com/
  2. VisualHg

Tags:, ,
Posted in GNU/Linux, Microsoft, Version Control | 3 Comments »