and spouses in your password unless you ve takencare to obscure the name with other characters likeFr3ddi3*! and even then it s not a great idea. It s also abad idea to use your license plate number that should beobvious, but you d be surprised how many people do it. Be sure to choose a password that is obscure, but memo- rable. Writing it down leaves the password susceptible tothe prying eyes of anyone who gets access to your work- space. One common mnemonic is to use the first letter ofeach word in a phrase you won t forget. Throw in somepunctuation, or change case now and then, and you have amemorable password that s also hard to guess. All KingEdward s Horses Can Master Big Fences! translates toAkehCmBf!, which is pretty unguessable.
You want to have a cheap webhost for your apache application, then check apache web hosting services.

set up port forwarding between a PostgreSQLclient running on your local computer and aPostgreSQL server running on louvre, simply useSSH to log into louvreand include a bit of commandline magic: $ ssh -L 5432:louvre:5432 louvreTo break that command down a bit, the sshcommandconnects to the SSH server running on host louvre. The cryptic-looking bit in the middle of the command(-L 5432:louvre:5432) forwards data from port 5432on your local computer to port 5432 on louvre. Nowwhen you start up a PostgreSQL client, you connectto localport 5432, even though the PostgreSQL serveris running on a different computer: $ psql -h localhost -p 5432Welcome to psql, the PostgreSQL interactive terminalfreddie=# If you have a firewall between yourself and louvre, you can ask SSH to forward data across the firewallto a third computer. For example, if bastilleis act- ing as a firewall (meaning that you can t directly con- nect to any machines behindbastille), this commandarranges for SSH to carry PostgreSQL data acrossthe firewall and deliver it to louvre: $ ssh -L 5432:louvre:5432 bastilleNotice that with this command, you re logging intobastille, but SSH is forwarding the data to louvre. SSH can forward data to any machine that bastillecan talk to. When SSH forwards data for you, thedata stream is automatically encrypted. If you wantto compress the data as well, just add a -Cto thecommand line. Choosing good passwordsChoose your passwords carefully. A good password shouldinclude both upper- and lowercase letters, numbers, andpunctuation if allowed. The system will set a limit on thelength of your password, but generally speaking, the longerthe password the better. It s a bad idea to honor pets, Port forwarding with SSH can solve a lot of problemsfor you, such as the following: Some software packages require access to spe- cific port numbers. You can reach software on the other side of afirewall. Your data is traveling in encrypted form andcan t be seen by villains. Your data is compressed and zips through thenetwork much faster. Port forwarding is kind of a strange process. Thebasic idea is that you connect to a port on your localcomputer, and SSH takes all the data that you send tothat port and forwards it to another port on anothercomputer. SSH also sends data back in the otherdirection for a complete connection. Here s an example. PostgreSQL database serverstypically listen for clients on TCP port 5432. Whenyou run a PostgreSQL client application, the clientconnects to the server on that port. The client andserver exchange SQL queries and results over theconnection and disconnect when they re finished. APostgreSQL client can connect to a server on thesame computer (using local port 5432) or a serverrunning on a remote computer (using the remotehost name and port 5432). You can introduce SSH into this mix to solve threedifferent problems: If a firewall is present between the client and theserver, SSH can carry the data across the firewallfor you. If you have a slow connection to the server, SSHcan compress the data stream to improve performance. If you re transmitting sensitive data across aninsecure network, SSH will encrypt the datastream for you.
We recommend cheap and reliable webhost to host and run your web applications: Coldfusion Web Hosting services.

the dialog closes, a link on the server s/homedirectory appears on your desktop. 3.To connect to the remote machine, just double- click the icon. A Konqueror browser window opens, showingthe /homedirectory. Copying Files with scpscpis similar to the cpcommand: It copies a file froma source to a destination. The difference betweenscpand cpis that scpcan deal with files stored onremote hosts. scpuses the SSH protocol to encryptthe file being transferred and can take advantage ofSSH s compression feature to save you time. You canuse scpto completely replace cp. To copy a file fromone directory to another (on your local machine), use the following command: $ scp /tmp/drink-recipes.txt /home/ If you want to copy a file from an SSH server or to anSSH server, include the remote host name on thecommand line, like this: $ scp louvre:/pics/monalisa.jpg /tmp/ $ scp /tmp/monalisa.jpg orsay:/pics/ If you see a name that includes a colon, itmost likely refers to a remote computer. The first command copies /pics/monalisa.jpgfromhost louvreto the /tmpdirectory on your local com- puter. The second command copies the picture fromyour local computer to host orsay. If you haven tcopied your public key to louvreor orsay, you reasked for a password. You can also use scpto copy from one remotemachine to another remote machine: $ scp louvre:/pics/monalisa.jpgorsay:/picsEnable compression with the -Coption: $ scp -C /tmp/monalisa.jpg orsay:/pics/ If you don t specify a fully qualified pathname, scpassumes that you want to copy into (or from) yourhome directory on the remote computer. For exam- ple, the command$ scp -C louvre:paintings.list orsay: copies a file from your home directory on louvretoyour home directory on orsay. You can include wildcards in an scpcommand, butyou have to quote them if you want the wildcards tobe expanded by the computer on the other end ofthe connection. For example, to copy all the .jpgfiles in your home directory on louvreto your localmachine, use the following command: $ scp -C louvre:*.jpg /tmp/ If you forget the quotes, the bash shell expands thewildcard before scpever gets a chance to see it. You can use scpto copy an entire directorytree with the -roption. Secure (And Fast) PortForwarding with SSHNo Web site should be without a good firewallbecause too many villains are out there waiting toattack your computer. Firewalls keep the bad guysout, but they can sure make life tough for those of uswearing the white hats. Fortunately for the goodguys, SSH can slip you past a firewall in no time. Port forwarding lets you securely connect to a spe- cific port on a remote computer without beingblocked by a firewall. Neither the remote machine noryour local system can even tell that a firewall is there.
If you are in need for cheap and reliable webhost to host your website, we recommend http web server services.

In the Command field, enter the following command: gnome-terminal -x ssh bastille4.Click OK. Double-click the new link, and you re logged in andworking. If you ve configured your desktop as wedescribe earlier in Passing on your passphrase, youdon t need to stop and enter passwords along the way. With your remote terminal, you can open anygraphical application on your Linux host. At the command line, enter the name of theprogram kedit, kate, konqueror. . . thelist is endless. You can open as many windows on your local desk- top as your connection will support. These windowswork like local windows in all respects, with theexception of drag and drop. Instead of drag and drop, we recommend using scpat the command line. Seethe next section for details. If you re using KDE as your desktop environment, you can create a link to a remote file or directory. Double-click a link to a remote directory, and KDEwill open the directory with the Konqueror browser. After you double-click a link to a remote file, KDEopens the file using the right application (based onthe file s MIME type). Follow these steps to create anew link to a remote directory: 1.Right-click on the desktop and chooseCreateNew.Link to Location (URL) from thepop-up menu. 2.Enter the following command in the Enter Linkto Location (URL) field and click OK: fish://bastille/homeSubstitute your remote machine s name or IPaddress for bastille. fish:is a KDE protocol that provides remotefile management over an SSH connection. SeeTechnique 1 for more information. they don t belong. If the system fingerprintsdon t match, SSH will warn you and you ll knowyou have a potential man-in-the-middle attack. If that happens, ask the remote system adminis- trator to read you his or her server s fingerprintover the phone. Getting graphicYou can also run graphical programs from yourremote machine on your local desktop. The SSHserver forwards X Windows traffic over the SSH con- nection automatically. Here are a few examples toillustrate how this works: To see what time it is on the remote system, typethe command xclock &. The clock displays thetime on your local desktop, but it also displaysthe time on the server (you can t tell the differ- ence if you re in the same time zone). To see the files on the server, type konqueror & and press Enter. The Konqueror browser startsrunning on the server,but the display appears onyour local desktop. Creating Shortcuts to YourFavorite SSH LocationsSSH is handy at the command line, but you can alsolaunch SSH sessions from a desktop link. And, ifyou re a KDE aficionado, you can use the fish:pro- tocol to create a link to a remote file or folder. To add a desktop link that opens a terminal windowconnected to an SSH server, follow these steps: 1.Right-click on your desktop and chooseCreateNew.Link to Application. A dialog opens. 2.Type a name for the link and click the Exe- cute tab.
Searching for affordable and proven webhost to host and run your servlet applications? Go to Linux Web Hosting services and you will find it.

eliminate the need to enter your passphrase everytime you log in to a remote system, you have to talkKDE (or GNOME) into asking you for the passphrasewhen you first log in to your local desktop. After thekey is unlocked, it s ready for use (and reuse) untilyou log out of your local desktop. If you use KDE, the easiest way to set this up is withKonqueror. Here s how: 1.Open your Konqueror browser and surf to thefollowing directory: ~/.kde/Autostart2.Right-click on the browser and choose CreateNew.Link to Application from the pop-upmenu. 3.Name your link (Passphrase) and click theExecute tab. 4.In the Command field, enter the following command: /usr/bin/ssh-add5.Click OK. A new Autostart icon appears in the Konquerorwindow. The next time you log in to KDE, you llbe prompted for your passphrase. If you re a fan of GNOME, follow along to edit yourAutostart folder: 1.Open the Main Menu and choose Preferences. More Preferences.Sessions. 2.Click the Sessions icon to open the Sessions dialog. 3.Click the Startup Programs tab and thenclickAdd. The Add Startup Program dialog appears. 4.Type /usr/bin/ssh-addin the StartupCommand field and click OK. Logging In with SSH and Key AuthenticationWhen you log in to an SSH server using public-keyauthentication, you re greeted with a remote com- mand line. The commands that you enter are exe- cuted by the SSH server until you log out. If you wantto use graphical environments, you can access those, too. We give you the details in the following sections. Starting from the command lineTo use your key authentication to log in to a machinewith SSH, follow these steps: 1.At the command line, type ssh bastilleandpress Enter. You re prompted for your passphrase (the oneyou entered when you generated your key set). 2.Enter the passphrase. You re logged in! A few quick words about fingerprintsThe first time you log in with SSH, your local system addsthe server s public key to its list of known computers andissues a warning similar to the following: The authenticity of host `192.168.0.135 can t be established. RSA key fingerprint isb4:2y:88:23:98:33:g1:03:ec:7b:d8:2b:b8:83: y3:f8. Are you sure you want to continue connecting (yes/no)? Type yesand press Enter to continue. In the future, if the server s public key changes, SSH willwarn you. Some nasty people intercept transmissionsand redirect logins to steal password informa- tion that will enable them to get into places40_
If you are searching for cheap webhost for your web application, please visit MySQL5 Web Hosting services.

the steps shown in Listing 33-1 to transferyour public key to the remote system. After youenter each command, you re prompted for yourpassword on the remote system. In the example, substitute your user name onthe remote system for freddie, and the name(or IP address) of the remote system forbastille. Passing on your passphraseIf you did all that work to avoid typing in a pass- word, why should you have to enter a passphraseinstead? The passphrase unlocks your private keyfor use when you log in to a remote system. Withouta passphrase, your private key would be exposed onyour local machine for anyone to see. If you do a lot of work on a remote machine, add the passphrase to your startup procedureand create desktop shortcuts to save you timelogging in and out. The following steps explainhow to arrange for KDE or GNOME toprompt you for the passphrase when you login to your desktop environment. See CreatingShortcuts to Your Favorite SSH Locations forinformation about creating desktop shortcuts. If you re in an environment where security iscrucial, never walk away from your computerwithout first logging out. A troublemaker whowalks up to your unattended computer canimpersonate you if you re logged in. If you fol- low the steps described in this section, anyonewith physical access to your computer can alsouse your private key while you re logged in. 1.Open a command line, type the following com- mand, and press Enter: $ ssh-keygen -t rsaYou re prompted to enter a file to save the key in. 2.Press Enter, and SSH will find a good place forthe file. You re prompted for a passphrase. 3.Enter a good password. Check out the sidebar Choosing good pass- words, later in this chapter, for some ideasabout choosing passwords. 4.Enter the same passphrase again to verify it. Remember the passphrase; you ll need it later. SSH acknowledges that it has created your keypair and displays the filenames where the keysare saved. ssh-keygenalso issues a key finger- print, but you can ignore that for now. To use yourkey pair with SSH, you need to distribute thepublic key, which we explain how to do in thenext section. Distributing your public keyBefore you can use your key pair to log in to an SSHserver, you have to copy your public key into your~/.sshdirectory on the server. The easiest way toget your key to the server is to use the scpcommand. Don t share anything but your public key bye-mail. The private key is always kept private, encrypted on your system. LISTING33-1: HANDINGOUTYOURPUBLICKEY$ ssh freddie@bastille mkdir .ssh Password: $ ssh freddie@bastille cat >> .ssh/authorized_keys2 < .ssh/id_rsa.pubPassword: $ ssh freddie@bastille chmod 700 .ssh .ssh/authorized_keys2 Password: $
You want to have a cheap webhost for your apache application, then check apache web hosting services.

SSH for Top-SpeedConnectionsThe great thing about SSH is that you get all the secu- rity benefits, plus access to a GUI environment withspeeds that can t be matched by the other desktopsharing tools. SSH can compress the bits travelingover the network connection to improve perform- ance. The speed advantage is really evident if youhave a low-bandwidth or high-latency connection. Think of latencyas the distance between yourcomputer and the server that you re connectedto. If you re connected to a computer 10 feetaway from you, you probably have a low- latency connection. If you need to log in to acomputer in a foreign land over a satellite con- nection, all your data travels from your com- puter, up to the satellite, back down to earth, and then across the rest of the network: That s ahigh-latency connection. Setting Up Public-KeyAuthentication to Secure SSHWhen you log in to a typical personal computer, youprovide a password. The password authenticatesthat you are who you claim to be. Anyone who knowsyour password can fake out a server. Passwords aretypically very short and easy to remember; thosetwo qualities make passwords easy to use, but alsomake them incredibly insecure. Public-key authentication is an alternative to pass- word authentication. Public-key authentication isvery secure, and SSH also makes it convenient. Inpublic-key authentication, each key has two parts a public key and a private key. You always keep your private key a secret, but you share your publickey. The two keys are mathematically related in away that only Stephen Hawking can understand. Amessage encrypted with the public key can bedecrypted only with the private key. A messageencrypted with the private key can be decryptedonly with the public key. To authenticate a connection by using a public key, the server encrypts a message with your public keyand sends the result to your client. The SSH clientdecrypts the message using your private key andreencrypts it with the server s public key. In thisexchange, you ve proven you are who you say youare and verified that you re connected to the properserver. Public-key authentication is perfect for telecom- muters and those doing customer support workbecause it enables you to easily access comput- ers that you will log in to often. Just copy yourpublic key once, and you re ready to go. The public and private keys are stored in the ~/.sshdirectory. To set up key authentication with SSH, here s an overview of what you need to do: 1.Generate the key pair. 2.Give the SSH server a copy of your public key(but keep your private key to yourself). You can copy the public key to the server byusing a file transfer tool such as scp(securecp). 3.(Optional) Set up your passphrase so that youdon t have to enter it every time you log in. Your public/private key pair is generated from a whole mess of random numbers. It s veryunlikely that any two key pairs will be identical. A typical key is at least 128 characters long. Linux automatically contains everything youneed to use public-key authentication, so youdon t have to install any extra software. Yay! Generating the key pairTo generate your public/private key pair, followthese steps:
If you are searching for cheap webhost for your web application, please visit MySQL5 Web Hosting services.

33Save Time By Keeping your private bitsprivate Using a secure GUIacross a network Using public-key authen- tication for remote login Using scpto copy files Forwarding ports tosecurely breach a firewall TechniqueSecuring YourConnections with SSHIn the good old days, if you wanted to log in to a remote computer, yousimply ran telnet. The telnet program would reach across a networkand give you a remote command line. When you typed a commandinto the telnet client, the characters that you typed were sent blissfullyover the wire, and the telnet server on the other end would execute thecommand and send the results back to you. Were we really so young then? With the advent of the Internet, new villains appeared, eager to grab ourpasswords and credit card numbers as they leapt from ISP to ISP. Theproblem with telnet is that everything that you type is sent across the net- work in the clear. Anyone watching the bits stream across the networkcan see your private bits. The solution to this problem is SSH. SSH, which is an acronym for secure shell,encrypts your data as it travelsacross a network so that passwords, financial data, and private e-mail arenever exposed to any hacker who can intercept them. An SSH connectionconsists of two parts: a server and a client. An SSH server waits patientlyon a host computer, listening on a specific port for a client to log in. Whenan SSH client connects to a server, the two programs begin a lengthynegotiating session that results in a fully encrypted connection. SSH provides a remote command line. With SSH, you can start graphicalprograms that run on the server but display their data on your local computer. SSH also provides port forwarding. With port forwarding, you can tunnelthrough firewalls to gain access to machines on the other side. Forwardeddata is protected traveling back and forth to the protected host, while theserver remains secure behind its firewall. In this technique, we introduce you to the benefits of using an SSH client. SSH provides a secure connection across a local network or over the Inter- net, through firewalls, and with great speed, and it merges with your desk- top environment via a quick link. We show you how to use your SSH client(which comes complimentary with Fedora) to do all of these things.
If you are in need for cheap and reliable webhost to host your website, we recommend http web server services.

To add a command alias to the sudo configura- tion file, define the Cmnd_Aliaswith the fullyqualified pathname to the command: Cmnd_Alias DANGER = /usr/su, /usr/bin/ kill, /usr/bin/killall, /bin/rm, sbin/mkfsThe location of the commands may vary sys- tem to system. Use the fully-qualified path- name when you define your command alias. 2.Add a command alias in the Cmnd Alias Specifi- cations section of the sudoersfile to create analias for the RPM command: Cmnd_Alias RPM = /bin/rpm3.Then add a line to the sudoersfile under theUser Privilege Specification section: OPERATORS ALL = NOPASSWD: RPMThis line grants access to the rpmcommand to allmembers of the OPERATORS User_Aliason ALLhost machines. OPERATORSmust add sudoto the front of the rpmcommand in order for sudo to grantthe required privilege: $ sudo rpm -Uhvrpmpackage.rpm.
Please visit our professional web hosting services to find out about cheap and reliable webhost service that will surely answer all your demands.

create ringtone

Advanced professional mobile radio systems can be very similar to website free ringtone systems.

a user name, and it will include all theusers. Use the expression ALLwhere youwould use a host name, and it will interpret itto mean all the hosts it knows about. Instead of using ALL, you can substitute yourown User_Aliasinto the command and limitthe users that can mount and unmount CDs. After you set up users by following the steps in thissection, the users need to add sudoto the front ofthe mountand umountcommands when entering themto use their sudo privileges. Including the NOPASSWDflag exempts your users fromhaving to enter their sudo passwords. Passwordsoffer an extra line of security, but for some things(such as mounting a CD), your users will thank youfor not requiring a password. Managing access to dangerous commands with command aliasesUse command aliases to easily manage privileges fordangerous commands. When a user needs to use adangerous command, you can ration the accessinstead of giving out the superuser password andunlimited access to allcommands. Here are somecommands you might consider controlling with sudo: su rm mkfs kill killall partedOne handy command that other users wouldfind helpful, but that normally requires super- user privileges, is rpm. If you read Techniques 17and 18, you already know how handy rpmiswhen it comes to installing and updating soft- ware. And with sudo aliases, you can share thetool without sharing the superuser password. privileges of dozens of users, aliases can really helpspeed things up. Simplifying group managment with a Host_AliasUse the Host_Aliasto make management of groupsof computers easier. To add a Host_AliasnamedFRANCEconsisting of bastille, versaille, and louvre, add the following line to the sudo configuration file: Host_Alias SERVERS = bastille, versaille, louvreYou can also specify computers by IP addresses: Host_Alias SERVERS = 192.168.0.1,192.168.0.36, 192.168.0.22You can use a Host_Aliasin combination with aUser_Aliasto assign the user group privilegedaccess to a group of computers without giving outthe superuser password. Mounting and unmounting CDs without thesuperuser passwordYou might want to allow users to mount and unmountCDs without becoming the superuser. If you don twant to expose the privilege on allyour computers, create a Host_Aliasthat includes the computers thatthe users will access. To do so, follow these steps: 1.Add the Host_Aliasto the Host Alias Specifica- tion section of the sudoersfile: Host_Alias CDROMHOSTS = 192.168.0.1,192.168.0.28, 192.168.0.218 2.Add a line in the User Privilege Specificationsection of the sudoersfile that gives the privi- leges to everyone: ALL CDROMHOSTS = NOPASSWD: /sbin/umount/dev/cdrom, /sbin/mount /dev/cdromALLis a built-in alias that matches all items ofthat particular kind (all users, all hosts, and soon). Use the expression ALLwhere you would39_
Check Tomcat Web Hosting services for best quality webspace to host your web application.