Friday, May 4, 2018

A Free Public VDE (Virtual Distributed Ethernet) Switch: Connect anything to anything anywhere over layer-2 ethernet

The Public VDE Networking server at Università di Bologna does not seem to be up, so I deployed my own in the spirit of that original effort. It is open-access, public, available to everybody.

It allows any Virtual Distributed Ethernet (VDE) Switches anywhere to be connected securely over the internet. Password-less accounts are created on Linux like this.

To connect to my free open access VDE public ethernet network, just virtually "wire" your switch to my public one using this command:

dpipe vde_plug = ssh vde0@sanyalnet-cloud-vps3.freeddns.org vde_plug

I am using this VDE switch to connect a VAX-11/780 in Kitchener, Ontario, Canada to a bunch of DECnet nodes in the Washington DC metro area. The exact commands I am using to set up the local VDE switches and connect them via the public VDE switch are:

/usr/local/bin/vde_switch -t vde-decnet-tap0 -s /tmp/vde-decnet.ctl -m 666 --mgmt /tmp/vde-decnet.mgmt --mgmtmode 666 --daemon --fstp

/usr/local/bin/dpipe /usr/local/bin/vde_plug /tmp/vde-decnet.ctl = /usr/bin/ssh vde0@sanyalnet-cloud-vps3.freeddns.org vde_plug

The second command line runs in the foreground in the terminal unless you force it background using screen or nohup etc.

Also, the above command lines work on CentOS 7 on which I built VDE from sources. On Ubuntu, you can simply install vde2 from the repos which puts the tools in /usr/bin instead of /usr/local/bin.

If possible, please enable FSTP when you create your local VDE switches (use the --fstp parameter in the vde_switch command line) to try to control ethernet loopbacks and floods so that I don't have to keep rebooting my server.

Tuesday, May 1, 2018

How to create a Linux account with empty password (no password) with SSH access

I had a very good reason to want a password-less account for users to login over SSH: make a publicly available Virtual Distributed Ethernet (vde) tunnel broker for anyone to connect anything from anywhere over a free public globally available layer-2 virtual ethernet switch requiring no password (details in next post).

It turned out to be pretty tricky, but I finally have what I wanted - an account on a Ubuntu 14.04 server that accepts ssh connections from anywhere to a user without prompting from a password.  This has nothing to do with exporting rsa/dsa keys and manipulating .ssh/authorized_keys etc. Neither has this anything to do with passwordless logon to Linux graphical desktops.

Here is a summary of what worked for me.

  • adduser someuser
  • passwd -d someuser    #delete password
  • vi /etc/ssh/sshd_config
    • Chanege PermitEmptyPasswords from no to yes, i.e.
      # PermitEmptyPasswords no
      PermitEmptyPasswords yes
    • If AllowUsers is enabled, don't forget to add the new username to the list of allowed users. I always configure the AllowUsers line to limit usernames that can log in to my internet-facing servers.
  • service ssh restart
  • vi /etc/pam.d/common-auth
    • change nullok_secure to nullok as in:
      # auth    [success=1 default=ignore]      pam_unix.so nullok_secure
      auth    [success=1 default=ignore]      pam_unix.so nullok
  • vi /etc/securetty
    • add the following line (I put it under "console" at the very top):
      ssh
  • suppress the big Ubuntu login banner by creating an empty file called .hushlogin in the new user's home directory

--