Adding Public/Private Key Pairs on Mac OS X and Ubuntu for Passwordless Remote SSH Sessions
On your local machine cd into the .ssh directory in your home “~/” directory. If it doesn’t exist you can create it with “mkdir ~/.ssh”. Next generate your public/private keys and copy the public key to the remote server.
cd ~/.ssh ssh-keygen -t rsa -b 4096 # will take a couple seconds but when finished # specify a full path (if there is already an existing key) or hit enter to install to the default location ~/.ssh # when it prompts for a passphrase just hit enter # and enter again when it asks to confirm the passphrase # then we copy the public key the remote server (this assumes you don't already have an authorized_keys file) # copy and paste the contents of the id_rsa.pub file into the authorized_keys file otherwise scp id_rsa.pub user@yourdomain.com:.ssh/authorized_keys
You’ll need to edit your ssh config file and restart the process to allow for public/private key authentication.
vim /etc/ssh/ssh_config # add or uncomment these two lines RSAAuthentication yes PubKeyAuthentication yes # ... and restart /etc/init.d/ssh restart
Troubleshooting
A couple of things to keep in mind. 1) Permissions matter. Make sure that your keys are not world readable (this should be secure) Run chmod 400 on authorized_keys file.
If you had a set of keys already setup in .ssh/ on your local machine and want to install the new keys in another directory so as not to overwrite the old pair, you need to add them to ssh with this command
ssh-add ~/full/path/to/your/new/keys
More information is available here http://www.debian-administration.org/articles/152
Placing an Authenticity Token in a Rails Form
<%= hidden_field_tag :authenticity_token, form_authenticity_token %>
Change default ssh port number on Ubuntu
Login as the root user or as a user that can execute sudo commands.
#open this file for editing... vim /etc/ssh/sshd_config
Find the line that reads
Port 22
Change this to an different and an available port number…
Port 8000
Next reload ssh
/etc/init.d/ssh reload
You won’t be kicked out of your session. But if you want to open a new connection to your server you need to specify the port number for the connection.
ssh -p8000 root@yourdomain.com
Ruby on Rails: email hyperlinking obfuscation parsing recipes regex regular expressions security
by bseanvt
1 comment
Email Obfuscation and Extraction from Text with Rails
There is a helper method for handling the obfuscation of email addresses in Rails.
mail_to "me@domain.com", "My email", :encode => "hex" # => <a href="mailto:%6d%65@%64%6f%6d%61%69%6e.%63%6f%6d">My email</a>
If you want to then extract an email address(or all email addresses) from a block of text here is the code. I created a helper function called “emailitize” and put it in the ApplicationHelper module inside helpers/application_helper.rb
module ApplicationHelper
#takes a string and will return the same string but with email addresses encoded and hyperlinked
def emailitize(text)
text.gsub(/([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})/i) {|m|
mail_to(m, m.gsub("@", "<small>[at]</small>"), :encode=>:hex)
}
end
end
It’s important to remember that you’ll need to pass a block to the gsub method. You can’t do something like this instead
text.gsub( /([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})/i, mail_to('\\1@\\2', '\\1@\\2', :encode=>:hex) )
It will work except the encode will fail. It will evaluate the ‘\\1@\\2′ strings rather than as dynamic variables.
You can then use this function in your views
<%= emailitize @job.how_to_apply %>
More information is available in the Rails and Ruby docs:
http://api.rubyonrails.org/classes/ActionView/Helpers/UrlHelper.html#M001887
http://ruby-doc.org/core/classes/String.html#M000817
Rails, SSL, Ubuntu, Apache2 with Phusion on Ubuntu
Here are all the commands for setting up your Rails application to server requests over SSL -on Ubuntu, of course.
There are great resources and tutorials at these websites.
http://www.tc.umn.edu/~brams006/selfsign.html
http://www.tc.umn.edu/~brams006/selfsign_ubuntu.html
https://help.ubuntu.com/7.10/server/C/httpd.html#https-configuration
The first thing, of course, is that you need OpenSSL installed.
apt-get install openssl
Once you have it installed, you can use this program to generate certificates. The generation process is interactive. It will prompt you for your name, company details, domain etc. It will also prompt for a passphrase for your certificate. Remember this because you’ll be prompted for it when restarting your webserver. If your doing this to test things out, you can make stuff up. If you are doing this for real, and will eventually want to have a certificate authority (CA) validate your generated certs, this information needs to be accurate. This is the purpose of a CA, to validate the identity of companies using certificates!
openssl genrsa -des3 -out server.key 1024 openssl rsa -in server.key -out server.key.insecure openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
The program will output certificate files. I assumed you were in your home directory when you generated them. It doesn’t really matter where they are located, but for purposes of organization, let’s move them to a location that makes sense.
cp server.crt /etc/ssl/certs cp server.key /etc/ssl/private
We’ll need to install two modules for apache to use Rails over SSL. If you don’t have them installed already, run these commands.
sudo a2enmod ssl sudo a2enmod headers
The headers module for apache lets us pass the https:// protocol to our Rails application so that it knows to use https.
The next step involves creating a VirtualHost that is listening on port 443. Port 443, is the standard port that https:// runs on.
#create your virtual host on port 443
NameVirtualHost *:443 <VirtualHost *:443> ServerName secure.example.com DocumentRoot /var/www/secure_website/public SSLEngine On RequestHeader set X_FORWARDED_PROTO "https" #***note*** some tuts mention the +CompatEnvVars options here... ignore it b/c it doesn't work SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire #you'll recog these paths, where we stored the certs here SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key #force app into production mode... RailsEnv production </VirtualHost>
You’ll also need to tell Apache to listen on port 443, if SSL module is loaded. This logic should be included out of the box. Take a look in /etc/apache2/ports.conf. If you don’t see Listen 443, wrapped in a conditional if mod statement… add Listen 443 to that file.
Force a complete reload of Apache so your certs and modules will be loaded.
/etc/init.d/apache2 force-reload /etc/init.d/apache2 restart
You’ll want to restart your Rails application as well.
cd path/to/rails/root/app #if using phusion passenger touch tmp/restart.txt
Now visit your website https://my-ssl.example.railswebsite.com (or whatever it is) and confirm that it is working. You’ll be forced to add an exception to your browsers security checks for the domain that is running a self signed certificate. Add the exception and test out your Rails application.
