By default, FTP servers require the user to login in order to upload or download files. Many web hosts, however, additionally offer the ability to use anonymous FTP. It basically gives you the ability to allow users to login to the FTP server without providing a username or a password.

What it really does is give users access to a username called anonymous, which does not require a password. They can then perform whatever tasks that are allowed for that user. For example, the anonymous use may be allowed to download public files but probably will not be allowed to upload. Downloading with FTP takes load off of the web server and usually offers more connections so more users can access the files at once.

Despite its name, anonymous FTP is not completely anonymous. As a website owner, you can still track IP addresses and host name, in case someone attempts to compromise your system. If you do not offer public downloads of any sort, it is usually a good idea to disable anonymous FTP.

1. Make sure your username and password are correct.
2. Double-check the hostname. Although “localhost” works on most servers, it may not on yours.
3. Test the connection string (if you wrote the code yourself). You may have a simple typo.
4. If you have your own server, check the mysql server to see if it is running and running without errors.
5. Does the database you are trying to connect to actually exist? Sometimes automatic database creation fails, and you are left wondering why you cannot connect to it.
6. If you can connect locally but cannot connect remotely, check your firewall settings to see if port 3306 (or whichever port you use for mysql) is open.
7. Finally, be sure your mysql user has the necessary privileges to perform whatever task you are trying to accomplish.

Photo Source: Flickr

A test user will have a unique set of configuration settings, its own home folder, and its own username and password. The second dilemma I encountered, however, was that once the account was created, I did not want to always have to log out of SSH and then login as the other user. In fact, for security reasons, I did not want the test user to have SSH access all.

Normally, the “su” command is used to become root, but you can also use it to login as any other user, directly from your SSH command prompt. To execute the command, type:

su -- username

It will then ask you for the specified user’s password. Enter it, and you are ready to test.

Image Source: Oxygen icons

There are certain practices you can use to make your passwords more secure:

• Use a mixture of letters and numbers
• Mix lowercase and uppercase letters
• Make the password at least 8 characters long
• Change default passwords given to you
• Do not use a real dictionary word in any language
• Do not use acronyms that are easily deciphered
• Never give your password to anyone, even someone claiming to be a web host or system administrator
• Do not use the same password you use for other things
• Do not use letters or numbers that relate to personal information (birthdays, names, etc.)
• Change your password often.

If you need help creating a password, consider using a password generator. PC Tools has a free online password generator that will allow you to specify length, types of characters, and similarities. Best of all, it will allow you to create multiple passwords at once. Now you have no excuses left for having a password that is easy to guess.

1. First you need to connect to an SSH host on each machine (this will create the .ssh directory in your home directory):

ssh anymachine.com

2. On the local machine, type:

ssh-keygen -t dsa

It will prompt you for the secret passphrase. After you enter the passphrase, it will create id_dsa and id_dsa.pub in the /home/user/.ssh directory.

3. Next copy the above-mentioned files to the remote server:

scp ~/.ssh/id_dsa.pub yourdomain.com:.ssh/authorized_keys2

4. Now tell your server which key to use:

ssh-agent sh -c 'ssh-add < /dev/null && bash'

It will ask your for your passphrase and create a new bash shell.

5. Finally, type ssh yourdomain.com (It should now connect without asking you for a password).

Source: http://pkeck.myweb.uga.edu/ssh/
Photo Source: Wikimedia Commons

To limit password reuse, you will need to edit the /etc/pam.d/system-auth file.

Find the line that begins with “password” and add “remember=10” to the end of it:

password sufficient pam_unix.so use_authtok md5 shadow remember=10

Save the file and close it. Now users will not be able to reuse any of their last 10 passwords because Linux will always remember the last ten. You may select a higher or lower number depending on how stubborn your users are. Enjoy!

Source: nixCraft
Photo: Flickr

Password aging is one way to make sure users changing their passwords often to lessen the likelihood that would-be attackers can figure them out and exploit them. The “chage” command in Linux allows you to change the number of days between password changes. To set the minimum days (i.e. the number of days before a user must change his/her password) enter:

# chage -m

So, if you want the user called “bob” to change his password in 90 days, you would enter:

# chage -m 90 bob

After 90 days, bob will be prompted for a password change. You can also set expiration dates for accounts and inactive passwords. If you have particularly stubborn users who refuse to use secure passwords, this is a way to prompt them often until they run out of uncreative password ideas. Please use this tool only for good.

In this example, you will grant a user the “SELECT” privilege.

1. First login to your server via SSH and enter the following:

mysql -uadmin -p`cat /etc/psa/.psa.shadow`

(you will be prompted for your password)

2. At the “mysql>” prompt, enter:

GRANT SELECT ON database.* TO username@'localhost' IDENTIFIED BY 'password';

After you have assigned privileges, enter:

FLUSH PRIVILEGES;

You will need to replace “database”, “username”, and “password” with the appropriate information. That is all it takes to enter a basic privilege. For more extensive examples, see mediatemple.net

Photo Source: Flickr

Answer: cPanel uses its own web-based frontend to make database creation very easy. Just follow these simple steps:

1. Login to cPanel
2. Under the Databases section, click “MySQL Databases”
3. Where it says “Create New Database” enter a short name for your database.
4. Click “Create Database”.

Next, you will need to have a user for the database. If you do not have any users, you will need to create one. If you do, skip to step 4.

1. Scroll down to the bottom until you see “Add New User”.
2. Enter a name and password.
3. Click “Create User”
4. Under “Add User To Database” find your user in the dropdown menu and then find the database you created in the second dropdown menu.
5. Click “Add”.

You have now created a database that will give permissions to the user you created. When you install scripts or applications, they will access the database using the username and password you specified. Therefore, make sure you remember it, but also make sure it is secure.

To disable root login, edit your sshd_config file and add the following line (if it is not already present):

PermitRootLogin no

If you or another user with root access needs to become root, they can rely on “su” or “sudo” once they have logged in as a regular user with basic permissions.

The next important thing to secure is passwords, and a big no-no is using an empty password. In some circumstances, you cannot control what passwords (or lack thereof) other users choose, but with SSH, you can prevent users from choosing blank passwords. Enter the following line in sshd_config:

PermitEmptyPasswords no

Photo: Flickr