There is no doubt about it that SSH is a handy administration and remote access tool. Have you ever wanted to add port forwarding or cancel port forwarding from within an active SSH connection? Well, a feature that many do not know about is the ssh escape feature. With this pseudo terminal you can do some nifty things, such as forward ports over an active SSH connection.
To do this, follow these instructions:
Open up the ssh pseudo terminal control with the ssh escape function and open up a command line as follows:
[user@linuxblog.ro ~]$ ~C
ssh> help
Commands:
-L[bind_address:]port:host:hostport Request local forward
-R[bind_address:]port:host:hostport Request remote forward
-KR[bind_address:]port Cancel remote forward
As you can see from the ssh command line that the syntax is very similar to if you were forwarding a port before making the ssh connection. I normally do a local forward so I most often use the -L <port>:<host><host port> syntax. You will need to issue the ~C again to get back into ssh command mode once you’ve viewed the help to actually issue your forwarded port.
So an actual local port forward over an active SSH connection would look like this:
[user@linuxblog.ro ~]$ ~C
ssh> -L 8080:192.168.0.10:80
The above opens port 8080 locally (if allowed) and forwards it to the 192.168.0.10 host on port 80.
Hope this helps, happy forwarding!
Here is another quick tutorial;
Some times its nice to tunnel through SSH. Perhaps you have SSH running but the firewall does not allow anything but SSH in. You can tunnel VNC (or any other service) through SSH by doing the following:
On the machine local to you establish an SSH connection to the remote machine with “Local (-L)” port forwarding. This may seem confusing and often confuses me, where <-p PORT> is optional
ssh -L 5901:localhost:5900 username@HOST <-p PORT>
Once I have the connection established I can now use vncviewer to connect to my local host with the port specified
vncviewer localhost:5901
Thats all there is to it, have fun!
The economic situation is eating into your profits, and the Microsoft Office licenses look more expensive than before. Or maybe you are familiar with the way Microsoft Office has looked for over a decade: it had a file menu, edit menu, and format menu, and you balk at the thought of retraining your staff for Microsoft Office 2007’s bizarre ribbon. In either case, you don’t have to buy Microsoft Office thanks to OpenOffice.org: the best kept secret in office suites.
OpenOffice.org is a free office suite that includes a word processor, spreadsheet, slide presentation application, drawing program, and database. It’s compatible with practically all operating systems and runs well on old and new computers alike. Don’t worry about exchanging documents with Microsoft Office users because OpenOffice.org is compatible with many file formats including the new Microsoft Office 2007 formats.
Not too good to be true
Don’t let the light-weight price tag fool you to comparing OpenOffice.org with the light-weight Microsoft Works office suite. (Isn’t it a little strange that Microsoft’s Works and Office compete with each other?) OpenOffice.org has sophisticated features making it useful for personal and businesses use.
It’s good to be skeptical about free offers, but OpenOffice.org is the real thing. Its origins reach back over twenty years to StarWriter and StarOffice. Technology giant Sun Microsystems purchased StarOffice and in 2000 released most of StarOffice as the open source project called OpenOffice.org. Open source means the source code (or programming blueprints) are available to anyone who wants to learn or improve it. Open source fosters a rapid, cost-effective, community-lead approach to software development.
Often businesses need paid support and consulting, which are available for OpenOffice.org and its cousin StarOffice from Sun Microsystems and consultants worldwide. If you prefer internal support, you pocket the savings. Either way, enjoy the commoditization of the office suite and making the best choice for your own business.
Easier than you think
Having switched the office I worked at, I know first hand that regular people quickly learn OpenOffice.org. Originally chosen for its price, it was the standard office suite on all computers. Looking back, it would have been ideal to provide training, but the staff, clients, and newcomers learned it with fewer questions than I expected. Many people didn’t seem to notice it was not the Microsoft Office they used before.
Switching
The general process to switch is:
- Evaluate the product. If you have few documents with macros and few third-party integrations with third-party applications, OpenOffice.org is an easy win.
- Make the pitch. Getting support from management is essential.
- Roll it out to a select group of people.
- Highlight the positives: a familiar interface (certainly more familiar than Office 2007), unique features such as PDF export, and money diverted to higher priorities—raises for all (maybe not).
- Roll it out to everyone.
- Provide a variety of training and resources because each person learns differently. Some people prefer class room training, some books, etc. In each work area, appoint a leader to field basic questions to provide quick help and reduce overwhelming your mainline support on the day of the roll out.
Next I’ll cover some important areas to get you started in your evaluation.
Download and install
Different names
OpenOffice.org consists of multiple components like Microsoft Office.
If you’re looking for email like Outlook, consider Google Apps Messaging, Zimbra, and Scalable OpenGroupware.org.
Starting up
There’s a variety of ways to start OpenOffice.org. On Microsoft Windows, OpenOffice.org puts a shortcut on the desktop. Just double click it.
On Windows, you can start OpenOffice.org from its quickstarter next to the system clock. Right click on the quickstarter, and then left click on the component.
Like any Windows application, it can be started by clicking on the Start Menu, then clicking Programs, then clicking OpenOffice.org, and then clicking on the component.
Of course, you can start OpenOffice.org by opening any of the documents associated with it on your computer, in your email, or online.
First look inside
At a first glance, OpenOffice.org Writer version 3.1 looks more like Microsoft Word 2003 than Word 2007 looks like Word 2003. OpenOffice.org has the familiar menu bar and toolbars, and many commands are found in the same place as in Microsoft Office.
MS Office Word 2003
OpenOffice Writer 2003
Word 2007
Customizing OpenOffice.org
Make OpenOffice.org feel like home by customizing it. Here are a few suggestions.
Better safe than sorry: to enable document backups, click Tools – Options. Click Load/Save and then General. Check the box labeled Always create backup copy.
The word completion feature saves time by finishing long words. If you see OpenOffice.org has correctly guessed the word you are currently typing, press the Enter key to accept the word. If you prefer to disable this feature, click Tools – AutoCorrect. Click the last tab Word Completion. Then uncheck the box Enable Word Completion.
By default OpenOffice.org only prints the selected worksheet instead of the whole workbook. If you prefer the Excel default, do this: open Calc. Click Tools – Options. Then click OpenOffice.org Calc and Print. Finally uncheck the box Print only selected sheets.
Sharing documents
While OpenOffice.org does fairly well saving in Microsoft Office formats, it’s best to retain the default setting to save documents in OpenDocument formats.
If you need to retain a few machines on Microsoft Office, either make OpenOffice.org the primary office suite or install the OpenXML / ODF Translator, Sun ODF Plugin for Microsoft Office, or Microsoft Office 2007 SP2. Any of these will allow Microsoft Office to share ODF files with OpenOffice.org users.
Chances are those with which you do business outside your organization use Microsoft Office. When sending documents externally, train your staff to click File – Send – Email as PDF or Email as Microsoft Word. In the future ODF may be the ideal exchange medium, but today PDF and Microsoft Office formats are the de facto standards. (Freedom purists should remember the specifications of the binary Microsoft Office file formats are covered by the Microsoft Open Specification Promise).
Recommended extensions
OpenOffice.org is a breeze to enhance with many free extensions available at http://extensions.services.openoffice.org/. Here are a few favorites.
Check grammar
To underline potentially incorrect grammar with a blue squiggly line, install the popular LanguageTool extension. It does well at catching double words, homophones, and other common mistakes.
Reduce the size of presentations
Presentations can easily balloon to sizes larger than necessary. For example, you may insert a 3 megapixel image from a digital camera, but over two megapixels are wasted as a typical presentation display is only 0.8 megapixels. The extra size wastes disk space, clogs up email boxes, and takes extra time to download. Simply install Sun Presentation Minimizer to tame the size of these bloated files.
Import PDFs
Not only does OpenOffice.org out of the box export PDFs with advanced options, OpenOffice.org imports PDFs in an editable format with remarkable results. PDFs aren’t designed for editing, so don’t expect too much, but OpenOffice.org will save some people the cost of buying Adobe Acrobat.
Templates
Microsoft Office ships with many templates, and OpenOffice.org doesn’t. Don’t worry because installing templates is easy, and there are many nice templates available for free. Start with these: Sun Template Pack I, Sun Template Pack II, and Label Templates. Remember OpenOffice.org reads all Microsoft templates! Check back later on this web site for a more thorough guide to OpenOffice.org resources.
Fonts
The best fonts are those that everyone has to ensure the document looks the same on all machines. De facto standards are Times New Roman, Arial, and Courier New, and OpenOffice.org automatically substitutes these fonts if not available (for example, on Linux). OpenOffice.org comes with the DejaVu and Liberation families; the latter is very similar to Times New Roman, Arial, and Courier New.
If you run Windows XP, install the Microsoft Office 2007 fonts (such as Calibri) for better compatibility with Office 2007 documents.
For branding purposes, you may want to deploy a common font within your company. A personal favorite is Gentium Basic, and OpenOffice.org supports any TrueType font installed on your operating system. When exporting PDFs, OpenOffice.org automatically includes a subset of the font, so the document looks exactly the same on all machines.
Getting help
As you build expertise within your company to support routine issues or need assistance with one-time situations like initial deployment, check OpenOffice.org Support for free and paid resources including service plans, consultants, books, tutorials, and online forums. Check back later on this web site for a more thorough guide to OpenOffice.org resources.
Conclusion
With its mature feature set, strong support system, and economical price tag OpenOffice.org can add solid value to your business. When you are ready to put your cash to better use than paying The Other Guy, start planning your own OpenOffice.org migration.
About the author: Andrew Ziem has worked with OpenOffice.org since 2001 as an author, trainer, tester, and quasi-developer. He blogs about OpenOffice.org at http://www.oooninja.com.
Step 1: Installing the Hardened-PHP Project Signaturekey
You should first grab a copy of the Hardened-PHP Project's Release Signaturekey and import it into your GNU Privacy Guard keychain. (For further information on the usage of gnupg please consult it’s manpage)
#> gpg --import < hardened-php-signature-key.asc
gpg: /root/.gnupg/trustdb.gpg: trust-db erzeugt
gpg: key 0A864AA1: public key "Hardened-PHP Signature Key" imported
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg: importiert: 1
Step 2: Downloading and verifying the necessary files
It is now time to grab a copy of a fresh PHP tarball and the latest version of the Suhosin-Patch. Additionally you should get the digital signature (*.sig) files. You can grab all of this on our suhosin download page.
As a first precaution you can check the MD5 hashs of the downloaded files against those you find on the download page.
#> md5sum php-5.1.4.tar.bz2
66a806161d4a2d3b5153ebe4cd0f2e1c php-5.1.4.tar.bz2
#> md5sum suhosin-patch-5.1.4-0.9.0.patch.gz
ea9026495c4ce34a329fd0a87474f1ba suhosin-patch-5.1.4-0.9.0.patch.gz
When the MD5 hash values are valid you can check the digital signatures like this.
#> gpg php-5.1.4.tar.bz2.sig
gpg: Signature made Di 16 Mai 2006 23:39:04 CEST using DSA key ID 0A864AA1
gpg: Good signature from "Hardened-PHP Signature Key"
#> gpg suhosin-patch-5.1.4-0.9.0.patch.gz.sig
gpg: Signature made So 21 August 2006 20:02:53 CEST using DSA key ID 0A864AA1
gpg: Good signature from "Hardened-PHP Signature Key"
Step 3: Unpacking and Patching
You now have to unpack the PHP tarball, gunzip the patchfile and then apply the patch.
#> tar -xfj php-5.1.4.tar.bz2
#> gunzip suhosin-patch-5.1.4-0.9.0.patch.gz
#> cd php-5.1.4
#> patch -p 1 -i ../suhosin-patch-5.1.4-0.9.0.patch
If you prefer to have suhosin as builtin extension you can also download the suhosin extension source code and copy the src files into the ext/suhosin directory within your PHP source tree.
Installing on a Generic Linux/Unix
After having prepared the PHP source tree the next step is not much different from the usual installation of PHP. If you have copied the suhosin extension into the ext directory you also have to activate it.
#> [./buildconf - in case you want to compile suhosin statically]
#> ./configure --with-whatever-you-want [--enable-suhosin]
#> make
#> make test
#> make install
By executing make test you can verify, that PHP still works and does not break anything.
If you are upgrading from a previous installation of PHP you do not need to recompile all installed PHP modules and extensions unless you are upgrading to a PHP version that breaks binary compatibility. However recompiling the extensions after having installed PHP with the Suhosin-Patch can protect them from possible format string vulnerabilities, which was built into the header files.
After having recompiled and installed everything, have a look at the bundled php.ini files for examples how to use the new configuration directives. For a documentation of the new directives consult the Configuration section.
Binary extensions from for example Zend should continue flawlessly. If you encounter any problem contact us immediately.
Installing the Extension
Unlike the Hardening-Patch for PHP, nearly all of Suhosin´s features are within the extension. Therefore you might want to only install the extension and use a plain unpatched PHP. Depending on the system we might already offer binary packages. You can check our Suhosin Downloads page. In that case you only need to activate the extension inside your php.ini and maybe add Configuration directives if you are not satisfied by the default values.
Before you continue compiling the Suhosin-Extension you should verify the file integrity. Please check the preparation section of this guide. The next step is unpacking the extension tarball and performing the usual compilation steps for PHP extensions.
#> cd suhosin
#> phpize
#> ./configure
#> make
#> make install
This should install suhosin in the correct extension directory. The final step is adding a load directive to php.ini
extension=suhosin.so
and optionally add some Configuration directives in case you do not like the default values.
Special Instructions
Some distributions already come with Suhosin source or binary packages. Here is a small overview how to install Suhosin on this distributions.
Installing on Gentoo
Installing and using Suhosin on Gentoo is very easy. At the moment the Suhosin patches and extensions are only available in the external PHP Overlay, and not yet in the Portage tree, you can expect them to also be available in the main Portage tree during October 2006. Let’s install the PHP Overlay then:
#> emerge layman
#> layman -f
#> layman -a php-testing
Now let’s install PHP with the Suhosin patch and extension:
#> echo "dev-lang/php" >> /etc/portage/package.keywords
(unstable version needed)
#> USE="suhosin" emerge =php-4* for PHP4, or =php-5* for PHP5
(NOTE: you cannot also have the "hardenedphp" USE flag enabled at the same time!)
That’s it, your PHP on Gentoo is now running with the Suhosin patch enabled, and the Suhosin extension was automatically installed (from the dev-php{4,5}/suhosin package).
Installing on FreeBSD
The Suhosin-Patch and the Suhosin extension are both within the FreeBSD ports. Therefore installing it on FreeBSD is very simple. The Suhosin-Patch is an option which you can choose when you install the lang/php4 or lang/php5 port. To install the patch just do
#> cd /usr/ports/lang/php5
#> make
... now select the menu item that says: Enable Suhosin Protection
#> make install
To install the extension just do
#> cd /usr/ports/security/php-suhosin
#> make
#> make install
After these simple steps Suhosin-Patch is successfully installed on your system.
Upgrading
Upgrading to a new PHP or new Suhosin-Patch version is quite identical to the normal installation process. This is like upgrading a normal PHP. That means, if the binary compatibility was broken between PHP versions you have to recompile all installed PHP modules/extension. Upgrading the Suhosin-Extension on the other hand is as simple as recompiling it (or using a binary), replacing the file and restarting your webserver.
Reduce the size of presentations