SSH....(Part 2)

I regretted mentioning that I would get back with the key authentication in my previous SSH post since it did not look like I was getting to it. But thanks to the whim that I carry around..here it is..spent half a day today playing around with SSH key authentication. You may want to go over Part 1 in case you haven't...before proceeding.

In Part 1, I tried my hand at setting up an SSH connection based on basic fingerprint and then password authentication. Today spent half a day playing with SSH to try the public-key cryptography feature which is basically meant to erase the need to enter a password that has a lot of chances of being snooped.

Machines involved: 

1. HP Pavilion dv6000 laptop (L1) (with Windows Vista :-(   running and putty installed)

2. HP Pavilion desktop (D1) (Pentium 4!! really old..but good for playing such stuff): Installed the latest Ubuntu 12.04 LTS (codenamed Precise Pangolin) on it last week

3. An assembled Pentium dual core desktop (D2) ( running Ubuntu 11.10)

In my case, I have taken D1 to be my server, while L1 and D2 are client machines.

Brief:

To brief about the key cryptography,  the client machine that wants to access the server runs a key pair generator (like PUTTYgen in Windows or ssh-keygen command in Ubuntu Linux). This generates a pair of keys, a public key that the client shares with the server machine and is stored in a specific location on the server and the private key that is stored on the client itself. Whatever communication takes place between the two, is encoded in terms of these keys and can be decoded only if one has the other key. Various types of keys supported include DSA and RSA.

Generating keys:

Windows: 

On Windows (L1), I used the PUTTYgen to generate the key pair. I had selected the SSH-2 RSA (default) option and 2048 bit length (the more.. the harder to crack). Click on "Generate" to start the process. To bring in randomness to the number generation, it is good to give some random cursor movement as the app asks for. Once generated, save both the public key(no specific extension) and private key(.ppk).

Linux: 

In Ubuntu, the SSH client comes pre-installed. The "ssh-keygen" command is used

amit@Hp-desktop-ubuntu-11:~$ ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/home/amit/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/amit/.ssh/id_rsa.

Your public key has been saved in /home/amit/.ssh/id_rsa.pub.

The key fingerprint is:

22:7b:9d:0e:62:a9:ec:3c:29:2c:1d:15:e0:d0:1e:b6 amit@Hp-desktop-ubuntu-11

The key's randomart image is:

+--[ RSA 2048]----+

|....             |

| o+ .            |

| o.o .           |

|  E .            |

|   .. . S        |

|  .  + o .       |

|.. o= o o        |

|o++o o o         |

|.o=.    .        |

+-----------------+

Sending the public key to the server:

The public key needs to be stored in the file "authorized_keys" at the location 

/home/[username]/.ssh/authorized_keys

Linux: 

One has to run the command ssh-copy-id  on the client (D2) as shown below:

amit@Hp-desktop-ubuntu-11:~$ ssh-copy-id amit@192.168.2.5

where 192.168.2.5 is the IP address of the server and "amit" is the user account that I would log into when connected. You will be prompted for the password of the user account on the server. Once that is provided, the file gets saved at the appropriate location on the server.

Windows: 

In Windows, you can run the PSFTP application to transfer a file. Once transferred to the right location, ensure that the file is named as "authorized_keys" as is the requirement. Ideally this should have sufficed. But there is a complication here that took me some time and googling to realise. The text formatting that PUTTY provides for the public key is not directly compatible with OpenSSH format. An example:

PUTTY o/p:

---- BEGIN SSH2 PUBLIC KEY ----

Comment: "rsa-key-20120514"

AAAAB3NzaC1yc2EAAAABJQAAAQEAx0O0uS31JUq4syTjV1Sufl3SNVfrV1dmPh8N

ZA6WSaAufBldoOwDTMutDZ1xcWwKkvK6xfbv6t9SX+BZOSRCpxrd6NPbPUZZxNra

94hKaO7depgn2OwCAsiMkYtbbta+k1q7rDu1Ri4mrfeFyl4dbnpphTnjF3quWMOF

zs7biu7YrBjgkYzGqbRdiFS4yH3Y03rFi4ZXPeioxfwaoka2enliKYmdeHDc0K8z

A0XBbnFrNYKKqPS7GIhGvwHJfEKt7IlxXhyL4/3prWfPd25Nd2uBmcGI3BCClTl2

ME+8UIsNtNEv7GshCj5o/VnlaOWxRyBeotp03H0i6gd/LIeXJw==

---- END SSH2 PUBLIC KEY ----

Key format expected by OpenSSH:

ssh-rsa(single space)AAAAB3NzaC1yc2EAAAABJQAAAQEAx0O0uS31JUq4syTjV1Sufl3SNVfrV1dmPh8NZA6WSaAufBldoOwDTMutDZ1xcWwKkvK6xfbv6t9SX+BZOSRCpxrd6NPbPUZZxNra94hKaO7depgn2OwCAsiMkYtbbta+k1q7rDu1Ri4mrfeFyl4dbnpphTnjF3quWMOFzs7biu7YrBjgkYzGqbRdiFS4yH3Y03rFi4ZXPeioxfwaoka2enliKYmdeHDc0K8zA0XBbnFrNYKKqPS7GIhGvwHJfEKt7IlxXhyL4/3prWfPd25Nd2uBmcGI3BCClTl2ME+8UIsNtNEv7GshCj5o/VnlaOWxRyBeotp03H0i6gd/LIeXJw==(single space)amit@HP-LAPTOP

The expected key should start with the string "ssh-rsa" followed by a single space then the actual key with no spaces after any character, a single space again in the end followed by an optional mention of the name of the user account that will be logged in as the client.

I spent quite some time debugging this. I kept getting the error "Server refused our key" and then prompting for a password which is what we do not want. One has to be very sure there are no extra characters like spaces, new lines etc. within the key due to the formatting that windows adds to the files. That was the issue in my case as also faced by another user:

http://www.walkernews.net/2009/05/03/how-to-create-putty-based-rsa-public-key-for-openssh-server/

Thanks to him, it was easy to debug...

Finally, firing an SSH session from client:

Windows: 

This is the last step where you get to know if everything is correct or not. In Windows, open PUTTY application. You can configure a session and save it with the right IP address and user account on the server eg. amit@192.168.2.5. Under the menu for Category, go to Connection > SSH > Auth. Give the path of the private key file (.ppk) that was stored earlier. Once the connection is opened, if everything goes well, you should be greeted by the command prompt of the server machine. Else, you would be prompted for the account password since the key based authentication did not work out well.

Linux:

Run the command "ssh [IP address] -l [username]" and you should get the same result as mentioned above. For user "pradeep", the output would look as follows:

If you do mention a passphrase when generating the keypairs you will be prompted at this point for the same before logging you in. Else the log in will be unobstructed. 

Now if you have more users logging to the same account on the server, the public keys get appended in the authorized_keys file. I think a linux client is much much easier to use since you avoid the incompatibility and manual editing of the key file and every client that does a "ssh-copy-id" automatically appends the keys in the file. No extra effort or editing needed... 

Thats all folks!! (reminds me of looney tunes..  :-)  )

By the way learnt one more thing in this process. People using Ubuntu might know that the first user they create automatically gets into the sudoers list, but every other user account is just a general user account with no sudo privileges. So if one wants to add a user to  a sudoers group, first "su" to the sudo-capable account and run the command

sudo  usermod -a -G sudo [username]

Try to log out and log into the specific user account which needs the rights. The "-a" flag is important since it tells that this group is to be appended to the already existing groups to which the user belongs to.

Also do check out the wikipedia page for more theory on this topic...

Grate expectations!!

Is it possible not to expect? Is it humanly possible for anyone to do that perpetually? The inertia of this stupid mind does not let me go off many thoughts that have been bugging my mind since some time now. Disappointments at college, at work, at home and everywhere else when looked closely seem to have a different reason each time, but when looked through the reverse telescopic view ( a figment of my imagination..dont bother..in case you do..there's a post about it too...though I know you won't..but just in case..), everything seems to have their roots at "expectations". The property to visualise getting something in return the moment an idea strikes your mind. It is not the fault of the idea. The idea is a harmless, dimensionless (forgive me, physicists..not talking science here) seed that is planted either by external factors or your own subconsciousness. But you do not want to nurture the idea just like that. You start with, "What's in it for me?" and when you get a valid answer like fame, money, love, attention blah blah and you agree to water the seed. This very "me" makes that idea important to you and it grows and grows and you can't leave it. In fact, it is so ingrained that it gives you a high of "feel good" when good things happen. But what happens when things don't work out the way they should have been? The same clay that makes a pot of "feel good" turns into a quagmire. Considering your oneness with the idea, you cannot believe how it could fail. You start fighting aggressively and no wonder the more you struggle, the more you go deeper into it.

At work, I remember, I had decided from not day one, but somewhere midway that I would not care about grades. I would work as hard as I can without expecting anything in return. I would not care about what people talked about me. I was gonna learn without keeping any expectations. So when I was the last person to leave office or coming on a weekend, people joking as they made their way out, I would just smile. It never affected me, as if there was a separate personality handling these comments and just dumping them. Then also as I heard that, " You were worthy of a very good grade. But.." I could not get good grades twice because I made my intentions clear much ahead of time, I did not feel bad. Instead I replied, " I can understand. There are other people who are gonna stay back and need more encouragement than me." ( Believe me..I was made the laughing stock cum epitome of idiocy as I relayed the story to my parents). It did not pain me at all. Repeated telecasts of the story at home, however, thanks to my parents, were enough to plant the seeds of expectations and now suddenly, I feel so bad about it. Add to that hearing about other colleagues who made a good plan about when to inform and whom to inform about their plan to quit and managing to get the best grade. Cheers to being over-frank!!

Coming across a rich guy or a well settled guy or a learned guy or a healthy guy and feeling the inferiority eat you in as you know you are light years away from getting there. One may say the reason for disappointment is competition, but deep down it comes to expectations; expecting that you be like him.

I could go on and on..proving examples..unsure though if I am right..

I feel expectation begets sorrow, disappointment and the ideal way is not to....expect. I am gonna try and do it, thinking about the smallest thought and nurturing it without expectations. Even partial success is good enough for me..and it starts from not checking facebook periodically for comments, likes..:).....I am at war.....with myself.....har har mahadeo.... 

Broadband plans

I keep changing my broadband (triband from MTNL) plans every few months..keep checking the mtnl website or come across some hoarding somewhere about new data plans.

I started with the 399 plan (1GB limit 1Mbps) few years back. Never bothered to change until two years back. Once the overseas skype calling started and also when the internet usage widened from just email to chat, music, videos etc..the data plan had to change when the bills started to shoot. I found out from my usage summary that my downloads were close to 2-3 GB So changed it to a Rs. 750 plan (5GB download limit). It worked well for 2-3 months. Then one of the months we had some long skype talks. I think it was triggered when I bought a Belkin Wifi Router and now we could keep moving the laptop wherever we wanted and still keep Skyping. So as we say in marathi.."thode laadat aalo..." The next month the bill showed the usage going to 9GB and we had to pay the extra usage charges...whoa..burned the pocket..Immediately changed to an unlimited plan and after that I changed the unlimited plan twice trying out different speeds. The first one had low speed during the day and it changed to close to 1 Mbps at night when I was back home. But 384 kbps during the day was very slow..my dad cribbing about him not able to open even gmail (had to select basic html mode for that too). So tried to get an uniform speed one..one that gave 700 kbps during the day and some 800 kbps during the night for Rs. 749. That was cool..but then there was greed..the more speed the better..heard about the "xpress unlimited plans" from MTNL. So got it changed yesterday. So for Rs. 750, I get 2 Mbps speed till 15GB download and then 752 kbps for further downloads. Sounds good. Checked the speed using speedtest.net and found a peak of 1.8 Mbps now. I think 2 Mbps is gonna be the limit considering the bottleneck of ADSL technology. The next step can only be a continuous unlimited 2 Mbps connection whenever MTNL offers it for close to Rs. 600-800. After that, either MTNL changes the cabling to Fiber and changes the modems too or we have to switch to Wifi for higher speeds......

Current unlimited plans: http://mtnlmumbai.in/index.php/unlimited-plan

Waiting..

I am waiting...waiting to be disengaged from service. It was an year ago that I decided on planning for further studies. From then on, the mind has been one scene of a melee..different disconnected tasks / thoughts each wanting to supersede the other for priority. Some thoughts that are just like those rogue processes that slow down your PC, without adding any value..their origins unknown..Add to that my whims and the blessings of the surroundings (the recos were indeed frustrating)..and it becomes a perfect mix for confusion / irritation. Three months back, I formally announced my decision to quit. I had imagined that the last month would be a cakewalk leading to a smooth exit.

But, things are still not getting cooled. In fact, they have heated up like they never were in the last year, accompanied by a lot of travelling, as if saying to me, " Won't spare you so easily, dude..". A major contributor in my restlessness towards this is my close association with the work. It is difficult for me (my bad..) to be fully dedicated to something at one point in time and suddenly starting to neglect it ( no wonder my blogs are dedicated to inertia of being...). Have heard without heed a lot of preachings from family members about how I am wrong in this regard..but they will be at peace too shortly, I hope..

Two more weeks and I will be free again. Work thoughts are going to flow out and new thoughts would flow in. I know it will take some time to focus in the newly found freedom. Hope to make the best of it...and I get back to waiting..

The Bazar experience

Makar Sankrant passes..and my mom starts receiving invitations for "haldi kunku" pressing her to return the favor by conducting one herself. The item to be given away becomes a hot topic of discussion within the family. Cost is indeed a factor since it is to be given to atleast 30-40 ladies.  When she asked me, I was reminded of the ad I saw in newspapers and at BEST bus stands (Bravo publicity team !!). See the image in the post. So I suggested to her to have a go at Big Bazar as we remember the day India became a republic...a suggestion I regret giving now.

I have generally heard from other people or seen such a scene only in ads on TV where crowds are involved in shopping in a super market as if life depended on it. I was lucky to experience it myself this time. Me and my mom headed to the Big Bazar at Growels 101, Kandivali...very rarely do we travel outside the Malad -Goregaon belt for basic shopping. Cut to growels..we were welcomed by two queues of 50-60 people. Note here the queue was to enter the shop..coz the shop couldn't handle more. I could already feel the atmosphere around me..as if you are in line to be sent on the battlefield waiting for your turn. People were discussing what they will buy once they are in. In the meantime, I was observing the people who fought and emerged out of the place with more than 6-7 shopping bags. I was trying to observe the trend. I could see that some specific items were selling like hot cakes.

Once we were in, suddenly we both were taken by the storm of people inside. Literally...and I mean it really..no space to walk. People going across you in every possible angle, with their trolleys, baskets with their "Excuse", "Thoda jaga do", some threatening you with just the amount of load they are carrying. It made us forget why we were there. Mom forgot the purpose of the visit and started talking about some bulk packets of cooking oil cans, grains and started checking the offers. I had to pull her out of the temptation and remind her why we were there. So we got aside and started discussing, "What can we buy?" Low cost but something that is very useful..etc etc..First mistake...should have gone there with a plan...Big bazar in this season is surely not the temple to think in. We both wading through the place was becoming difficult, so I suggested her to be at a place with whatever we already bought and I went around the place. This is when I realized I made a bad suggestion about Big Bazar. Of course you do find deals at Big Bazar. Buy a 5 L can of A and get a 1kg pack of B free, buy 1 get 1 free (with the two things bound together in a tight tape with stickers on it) etc. It is a good place for families to get 2-3 months of stuff with some good deals. So you will generally have deals on huge packs and not small ones. Anyway, we did not want to waste all that effort we put in getting inside and we bought the items at that place. Some things I noticed,

• You need a bigger place for such a thing. Though Big Bazar is experienced at handling large crowds, it surely does asphyxiate you surrounded by hundreds of people. A bigger place will make the shopping more pleasant.
• People have this habit of holding meetings near that very unavoidable nook to decide what they should buy, why they should buy, the prospects, profits..damn it..find a better place and plan in advance. This is not a normal supermarket where you can have a stroll..this is Big Bazar in its sabse saste din!!! Be considerate about other shoppers..
• Find a good time to go to this place..an unusual time to be precise..to avoid the crowds coz they are deadly and they care a damn...you can end up coming home with a bruised finger or arm thanks to the trolleys that keep rolling with their owners fixating on the offers.
• Do not forget to take your vehicle. Moving around waiting for rickshaws with those heavy bags can be troublesome.
• Be sure you avail all the offers especially since they have separate counter where the freebies are handed over.

That's all..phew..tiring....still 3 more days to fight...anyone interested?!

Streaming different audio streams to different audio devices in Ubuntu 11.10

Started with my sis talking to me over Skype. And I wanted to listen to some Westlife songs on youtube. But the issue was that her voice was routed to the speakers and when I played the song (i had the song buffered), it too started playing on the speaker. So, naturally, I was being swore at for this. Especially since she got to listen to the song through my mic streaming to her at less than 300 kbps. I can understand how it must be sounding to her. So my problem definition: I wanted to get the westlife song to my USB headset and my sis call on the speaker. This way, she does not get to listen to the staccato variant of the song and I get both the call and the song.

Bit of googling and forum reading led me to Pulse Audio Volume control application for linux. The package is named "pavucontrol". Command to install it in ubuntu:

$ sudo apt-get install pavucontrol 

Run the application. It provides an interface for you for audio input, audio output and a tab where you can set the type of audio interface for each device. eg. a normal sound card would be Analog stereo duplex. Other options are Analog stereo output, input, digital stereo etc...

The feature which I was looking for was in the first tab. This tab gives you an interface for each application that is using an audio stream. In my case, it was showing me two entries:

1. Skype

2. Alsa plugin for chrome (since I was listening to youtube through chrome. Chrome uses the alsa plugin to access the sound hardware.)

For each of these applications, it provides a slider volume control and also provides a drop down for selection of audio device to be used (most required). So I simply selected the USB headset for alsa plugin and internal sound card for the skype app. There..done! Everyone's at peace... 

What I understood..ALSA(Advanced Linux Sound Architecture) works at a lower level and is closer to the hardware, while, Pulse Audio is a sound server at a higher level that provides you a host of features for the available streams like manipulatiing the stream, streaming it to another pulse audio server over the network, routing to different audio hardware etc..

Reco..gnition

Seen some of my friends get recommendation letters from professors during the last years at degree college and seen them complain. During the last 3 months, I was fortunate to experience the process and unfortunate to have an experience worse than that of my friends. And frankly, I do not know why...

Experience: Out of the three recos I needed, one went extremely smooth, effortlessly. Hats off to the prof! The remaining two made and continue to make me beg and plead and cry. Why? One, the two didn't seem to have the time to submit them, because they were "extremely busy". That, I can never believe. Second, The account does not seem to open or there is some problem with the email account. Well, when did you realise that? Now? Or was I the lucky one to enlighten you about it? Three, "I was busy and now I am on a vacation". Aaargh!! I have met people at my workplace who are genuinely extremely busy, and generally tend to forget your request in the rush of things. But twice, maybe thrice reminding them does the thing. I think the reminder count in my case must have gone upto 12-15 considering missed calls, messages and e-mails. It starts frustrating you especially when it blends positively with the frustration at workplace sometimes. and you start to think...are you so insignificant that people do not care about your plans...so insignificant that the professor forgets for a moment that you have asked and confirmed from him for a reco...and asks you, " How can you assume that I will give a reco?" All this, as it appears to me, stems only from the "i m busy" phenomenon. So how much time does it take to fill up recos? If the prof has a draft ready, probably 10 min. for each. In fact I was a lucky witness to a record breaking feat of 7 recos within half an hour. I mean, are you really that busy then, that it took so many days? The most frustrating thing of all, is that you stay up late at night for completing applications much in advance, balancing work and these guys just keep dallying. So inconsiderate! All your hard work goes in vain.

After the count of 15 reminders, I personally visited the college twice, first in vain and in the second I nailed it for one prof, thanks to the "informer". One still remains, I continue, messaging and calling with no response from the other end with personal visits in the past all in vain. Wish me luck!

Some lessons learnt*:
1. Be good to professors at college. Be in his good lists. Do projects under him proactively when in college. If you take a break from college for work, be in touch with him. I probably did only 30% of this and hence I am to blame. Remember, if you need a reco, you need to have reco-gnition..
2. Be in touch with juniors who can update you on the prof's availability.
3. Be extremely calm with the prof, even if he swears at you. Do not forget, you need him. He does not.
4. The best thing is to take up a job at the college, if you are open to it. Then, you can remind him at your will.

Now I go back to waiting for the last one...

*: Lessons apply more for people who have studied from my college. Though they are general in nature, there may be some changes and modifications here and there....