UHS6 – SSH & Subversion (SVN)

Written by Haydn Williams

SSH

SSH lets you remotely access your computer, or other computers, using a command-line interface. Installing SSH really is a breeze:

sudo apt-get install ssh

It was so quick and easy I even had to check it had actually been done!

>which ssh

The binary did exist and I was able to log into the machine without any problems. Almost too simple! You’ll probably want to increase the security of your setup a bit by using hosts.allow and hosts.deny files. These live in /etc and consist of rules that determine which hosts should be allowed to connect to certain services on your machine. My hosts.deny has the following:

ALL: ALL

and my hosts.allow has this:

127.0.0.1
SSHD: 192.168.1.23

This results in all connections from all IP addresses being denied, except for SSH from one specific machine on the local network. Note that the hosts.* files will only work on services started as daemons, not standalone, and these services must support TCP Wrappers (which are what make hosts.* work). This page, and another, revealed the following command to determine whether a particular daemon has support for TCP Wrappers; it basically checks whether the daemon depends on the relevant library, libwrap.so.0:

ldd /usr/sbin/smbd | grep wrap

Running the above command doesn’t give any result, so smbd – the Samba server daemon – isn’t affected by hosts.* (see my other post for rudimentary details on securing Samba). There are plenty of pages which delve into more detail about more complex rules for hosts.*, or you could just:

man hosts.allow
man hosts.deny

 

Subversion

Subversion (SVN) was no more difficult:

sudo apt-get install subversion subversion-tools

The first chance I got to test SVN as a client was when installing WordPress, which is covered in a different post. To test the server side of things, I just created a repository:

sudo svnadmin create /var/svn

Everything went swimmingly, so further setup will take place at a later date. There are a number of good guides online that will take you further with Subversion, which is beyond the scope of this post.

No Comments