GnuPGP or GPG (Gnu Privacy Guard) is a computer program that implements the OpenGPG standard; an open source alternative to the PGP commercial product.

The core package for GnuPGP gnupg is installed by default on Ubuntu.  This quick start guide will discuss about performing file encryption with GPG.

Generating a Key

Type the following command:

$ gpg --gen-key

After executing the command you will be prompt with the following:

Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)

Enter option 1 to allow encryption and decryption.

What keysize do you want? (2048)

Enter 2048 which is the default recommended by GnuPGP

Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years

Enter 0 so that there is no expiration date for the key.

Next you will need to enter your user information.

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) "

Enter your “Real name”, “Email address”, and “Comment” is optional.

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?

Confirm your information by entering O, and the key generation will begin.

Enter passphrase:

Next you will need to enter a passphrase; remember that if you forget your passphase then your key will be useless.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++.++++++++++.++++++++++.+++++++++++++++++++++++++.+++++++++++++++.+++++++++++++++...+++++.+++++++++++++++++++++++++++++++++++++++++++++>++++++++++>.+++++............................................................................+++++

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 283 more bytes)

During the key generation follow the instruction mentioned above and wait patiently for your key to complete generating.

When the key has completed generating the following summary will be prompted:

gpg: key 2DFD492E marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   1024D/2DFD492E 2009-10-14
Key fingerprint = FCAC 0686 401B A333 546E  F081 0459 61E9 2DED 490C
uid                  Vincent Kong <vkong@myemail.com>
sub   2048g/457534BF 2009-10-14

The new generated key ID is 2DFD492E

Listing the keys

$ gpg --list-keys

Importing a Public Key

$ gpg --import KEYFILE

Encrypting a File

To encrypt a file for another user, the encryption must be done with their public key, which needs to be imported first.

$ gpg --output ENCRYPTED_FILE.gpg --encrypt --recipient USER_PUBLIC_KEY_ID ORIGINAL_FILE

Decrypting a File

If a user sent you a file that has been encrypted with your public key, it can be decrypted with the following:

$ gpg --decrypt ENCRYPTED_FILE.gpg

Exporting Your Public Key

$ gpg --armor --export KEY_ID

Signing a Public Key

In GnuPG, if you get an error saying There is no assurance this key belongs to the named user when trying to encrypt, you need to sign the public key.

$ gpg --sign-key PUBLIC_KEY_ID

Edit a Key

$ gpg --edit-key KEY_ID

Information associated to KEY_ID will be displayed followed by the Command> prompt; type help to display the list of command which can be used to modify the key

A detailed how-to guide about GnuPGP can be found here.

Related posts:

1. Samba on Ubuntu Quickstart Guide
2. MySQL for Ubuntu Quickstart Guide
3. WordPress Quickstart Guide

For more information refer to the man pages for rbash.

$ man rbash

To change the user’s shell modify the file /etc/passwd

$ nano /etc/passwd

and replace /bin/bash with /bin/rbash e.g.

guest:x:100:100::/home/guest:/bin/rbash

Related posts:

1. Restricting Shell for only SCP/SFTP
2. Samba on Ubuntu Quickstart Guide
3. Apache HTTP Authentication

To install rssh

$ apt-get install rssh

By default rssh doesn’t allow anything, to allow only sftp modify the rssh.conf file.

$ nano /etc/rssh.conf

Uncomment the line for allowsftp and other transfer protocols you want to enable.

#allowscp
allowsftp
#allowcvs
#allowrdist
#allowrsync

To restrict a user to only allow sftp access, modify the /etc/passwd file

$ nano /etc/passwd

For example

ftp:x:100:100::/home/ftp:/usr/bin/rssh

Related posts:

1. Restricting Shell Users to their Home Directory
2. Apache HTTP Authentication
3. Configuring Apache for SSL Support

Related posts:

1. Free Anti-virus and Spyware
2. Remote Desktop with SSH Tunneling

The first requirement is to have a remote host running an SSH server. e.g. a box at home running OpenSSH. Then, you need to have an SSH client installed on your local machine, for Windows you can use PuTTY.

Establish an SSH tunnel using PuTTY:

Create a new PuTTY session

Run PuTTY and create a new session to connect to the remote host. Fill in the hostname, the port (usually 22), make sure SSH is checked.

Configure the Secure Tunnel

Click on “Tunnels” on the left panel to set up dynamic fowarding for a local port. Under “Add new forwarded port” type in the port number (e.g. 4080) for the source port, leave the destination blank, and check Auto and Dynamic. Then click the “Add” button. You should see D4080 listed in the “Forwarded Ports” box.

Establish an SSH tunnel on Linux:

Use the following command:

$ ssh -D 4080 username@remote_host_server

The tunnel is created when you login to the SSH server.

Configuring Your Web Browser:

To use the SSH tunnel as a SOCKS proxy you need to change the connection settings in the browser.

In the Firefox Connection Settings:

• Check “Manual Proxy Configuration:”
• Fill in 127.0.0.1 for the “SOCKS Host:” and 4080 for “Port:”
• Check “SOCKS v5″

Once everything is done you are now surfing the web securely.

Related posts:

1. Remote Desktop with SSH Tunneling
2. SSH through HTTP Proxies
3. HTTP Tunnel Through ISA Server

To use .htaccess files, you need to enable it in the server configuration by specifying the directive AllowOverride AuthConfig, typically within the <Directory> section.
<Directory /opt/apache/htdocs>
AllowOverride AuthConfig
</Directory>

Create a password file, which should be placed somewhere not accessible from the web. For example if your documents are served in the directory /opt/apache/htdocs, you can put the password file in the /opt/apache/passwd directory. To create the file use the htpasswd command that came with Apache.

$ htpasswd -c /opt/apache/passwd/passwords myusername

Create an .htaccess file in the diretory you wish to protect. For example, if you wish to protect the directory /opt/apache/htdocs/protect:

$ cd /usr/local/apache/htdocs/protect/
$ nano .htaccess

Add the following lines inside the file:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /opt/apache/passwd/passwords
Require user myusername


• The AuthType directive determines the method that is used to authenticate the user. The most common method is Basic, however, it sends the password unencrypted.
• The AuthName directive sets the Realm to be used in the authentication. The realm is used by the browser to determine what password to send for a given authenticated area.
• The AuthUserFile directive sets the path to the password file that created with htpasswd.
• The Require directive provides the authorization part of the process by setting the user that is allowed to access the protected area. To allow anyone in that is listed in the password file use: Require valid-user

Once the .htaccess file has been saved, you have restricted access to the area you want to protect.

For more information: http://httpd.apache.org/docs/2.0/howto/auth.html

Related posts:

1. Apache for Ubuntu Quickstart Guide
2. Configuring Apache for SSL Support
3. Apache mod_proxy and Reverse Proxy

Installing Firestarter

1. Select System -> Administration -> Synpatic Package Manager and select firestarter. Then choose to install the package.
2. After installing Firestarter, log out and then back in again (to update the menus to show Firestarter).
3. Once the desktop is back up, select Applications -> System Tools -> Firestarter. When you run Firestarter for the first time, it will walk you through a wizard which should be very easy to follow.
4. After you finish the wizard save your settings. The Firestarter main window then opens.

Configuring Firestarter

The configuration files for Firestarter could be found in /etc/firestarter, however it is not recommend that you edit these files manual. The graphical interface is very intuitive making it easy to add and remove firewall rules.

More information on Firestarter configuration

Related posts:

1. Samba on Ubuntu Quickstart Guide
2. OpenSSH for Ubuntu Quickstart Guide
3. Apache for Ubuntu Quickstart Guide

• To encrypt files I use AxCrypt a free software by Axantum Software AB.
• To shred files or securely delete them, I use Eraser.

These two software also comes with portable versions so that it can be installed in a USB flash key or portable hard drive.

Another software that I use is TrueCrypt. This software is able create a virtual encrypted disk within a file on a hard drive and then mounts it as a real disk. What I find particular useful that “Traveller Mode” functionality. It allows TrueCrypt to be installed on any portable hard drive or storage devices.

To setup the traveller mode, I had to first create a new volume on my portable drive by following the tutorial.

After creating the volume, I followed these instructions to complete the traveller mode setup.

Related posts:

1. Apache HTTP Authentication
2. Editing 1GB Text Files
3. Free Anti-virus and Spyware

Remote Desktop is very convenient, it suffers from to flaws: Although the connection uses 128-bit encryption, it still has the man-in-the-middle vulnerability where the traffic can be decrypted along the way. The default port of Remote Desktop is also 3389 which in most circumstances is blocked by firewalls in the network.

A solution to these flaws is to use Remote Desktop through a SSH tunnel.

SSH Server

The first requirement is to have an SSH server existing on your network. If you already have a Linux server like Ubuntu then you can install OpenSSH. However, if you only have computers with Windows then you can install copSSH.

Port Forwarding for SSH

To access the SSH server from a remote location you need to do port forwarding on port 22 through any firewall and router.

Enabling Remote Desktop

To enable Remote Desktop on Windows XP, right click on “My Computer”, and select “Properties”. Under the “Remote” tab check the box “Allow users to connect remotely to this computer”. The Remote Desktop user will require a password associated with the account.

Connecting to the SSH Server

To connect to your SSH Server remotely requires knowledge of your public IP address. This can be checked easily using the website http://checkip.dyndns.org. If you are using an ISP that provides you with a dynamic IP address, then you can setup a free account with No-IP http://www.no-ip.com or DynDNS http://www.dyndns.com where they can provide you with a fully qualified domain name.

Install/Configuring PuTTY

To open a SSH tunnel from the remote computer to your SSH server, you need to install PuTTY http://www.chiark.greenend.org.uk/~sgtatham/putty on the remote client computer. Open the application after installation is completed.

1. Expand “SSH” under “Connection”, and then go to “Tunnels”.
2. Under “Add new forwarded port:” enter a port number beside “Source port” e.g. 3390
3. Beside “Destination” enter your computer name or computer local IP address along with the port for Remote Desktop 3389 e.g. 192.168.1.10:3389, and click on the “Add” button.

Use a different Source port for each additional Remote Desktop host PC.

To improve traffic click on “SSH” under “Connection”. Check the box “Enable Compression”

Click on “Session” and under the “Host Name (or IP address)” enter the public IP address or a fully qualified domain name of the SSH server PC. Enter a unique name in the “Saved Sessions” window and click on “Save”. Click on “Open” and login to the SSH server with the appropriate user and password information.

SSH Tunneling the Remote Desktop session

Establishing a Remote Desktop connection through SSH tunnel is accomplished when PuTTY is started and the user has logged on to the SSH server. To Remote Desktop from the client computer, on the client computer go to “Start” > “All Programs” > “Accessories” > “Communications” and select “Remote Desktop Connection”. In the “Computer:” textbox enter “localhost:3390″, and click on the “Connect” button.

Related posts:

1. Remote Desktop on Ubuntu
2. Portable Remote Desktop Client for Windows
3. Remote Desktop on Xubuntu

• 7-Zip is a file archiver with a high compression ratio.
• FileZilla is a fast and reliable FTP client and server with lots of useful features and an intuitive interface.
• UniTTY is a multi-faceted client that does much more than just standard SSH.
• Putty is a free implementation of Telnet and SSH for Win32 and Unix
  platforms.
• PSPad is a freeware programmer’s editor for Microsoft Windows operating systems.
• Notepad++ is a free source code editor (and Notepad
  replacement), which supports several programming languages, running
  under the MS Windows environment.
• CutePDF Writer is the free version of commercial PDF creation
  software.
• FlashGet is a leading download manager and has the highest amount of users on the internet.
• KeePass Password Safe the free, open-source, light-weight and
  easy-to-use password manager.
• SyncBack Freeware is a freeware program that helps you easily backup and synchronise
  your files.
• SyncToy helps you copy, move, rename, and delete files between folders and computers quickly and easily.
• AVG Anti-Virus Free Edition is one of the most popular solutions to provide basic security protection on home and non-commercial PCs.
• Ad-Ware 2007 Free remains the most popular anti-spyware product for computer users around the world, with nearly one million downloads every week.
• Spyware Terminator a free spyware removal and spyware protection program.
• CCleaner a simple program that removes unused and temporary files from Windows machines.
• Recuva (pronounced “recover”) is a freeware Windows utility to restore files that have been accidentally deleted from your computer.
• Smart Data Recovery is a free data recovery tool for Windows operating system
  that supports the FAT and NTFS file systems.

Related posts:

1. Free Anti-virus and Spyware
2. More Free Spyware
3. Analyzing My Hard Disk