Setting up password-less SSH and SCP


In this post, I will explore how to perform a secure copy, the Linux scp command.

To this end, I will first detail how to setup password-less authentication with OpenSSH.

Setting up openssh on the guest and the host

What I want to achieve is to be able to ssh the remote host from my guest computer with the following

$ ssh username@hostname

Let’s consider that I have both the host and the guest running ubuntu. I have to install the openssh-client package on the guest with the following command:

$ sudo apt-get install openssh-client

For testing this how-to, I have set up a fresh virtualized Ubuntu install. When I attempt to connect to the host for the first time, I get the following error for example:

$ ssh stephan@10.211.55.10
ssh: connect to host 10.211.55.10 port 22: Connection refused

I have to install openssh-server on the host with the following command:

$ sudo apt-get install openssh-server    

Now, I can open an SSH connection between my guest and my host. As this is the first time I connect to the host, I have to accept that the host be added to the list of known hosts recognized by opens. The list is available in

~/.ssh/known_hosts

For example:

~ $ ssh username@10.211.55.10
The authenticity of host '10.211.55.10 (10.211.55.10)' can't be established.
RSA key fingerprint is 9c:f5:b7:93:7a:eb:d8:fe:e5:38:a8:52:e8:06:9b:2d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.211.55.10' (RSA) to the list of known hosts.
username@10.211.55.10's password: 
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-23-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

156 packages can be updated.
28 updates are security updates.

The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

username@host:~$ 

Now that openssh is configured on the host, we can set up password-less authentication.

Setting up password-less authentication with OpenSSH

Password-less authentication with OpenSSH works as follows. In order to secure the communication between the guest and the host without the need to provide a password, they will use the private key and public key of the client along with a username known on the server. The server will add the public key of the client to its lists of authorized keys.

As I authenticate as a particular user known on the host, I will set up the openssh configuration for the host to allow the user to ssh from the guest. I will generate a private/public key pair on the guest and add the public key to the list of authorized keys on the host.

The ~$ ssh username@hostname command will use the private key available in the ~/.ssh/id_rsafile of the user executing the command on the guest computer. If I wanted to use any other key file, I could use the -i pathToKeyFile parameter and specify another key file. For example:

$ ssh -i pathToMyFile username@hostname

Now that I know what I want to achieve, let’s configure both the guest and the host.

With the default key file

The first step is to generate a private and a public key on the guest computer. I will issue the following command to generate an RSA key. I could use -t dsa to generate a DSA private key.

ssh-keygen -t rsa

The command will yield the following output. It is important not to type in a passphrase and to simply hit enter twice.

Generating public/private rsa key pair.
Enter file in which to save the key (/home/stephan/.ssh/id_rsa): 
Created directory '/home/stephan/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/stephan/.ssh/id_rsa.
Your public key has been saved in /home/stephan/.ssh/id_rsa.pub.
The key fingerprint is:
24:c9:61:0f:c5:f3:69:24:92:21:2a:bf:6e:64:0b:17 stephan@stephan-Parallels-Virtual-Platform
The key's randomart image is:
+--[ RSA 2048]----+
|    . ==.        |
|   . +o=+ .      |
|. .   +.o= .     |
| oE    o  +      |
|  ..    S.       |
|. +.             |
| =..             |
| .o              |
| ..              |
+-----------------+

Now, I have two files in the ~/.sshdirectory of my guest computer: id_rsa and id_rsa.pub

I will now copy it to my host server with the OpenSSH scp command:

$ scp ~/.ssh/id_rsa.pub username@hostname:/home/username/.ssh/myguest_id_rsa.pub

On the host, I will now add the contents of the key to the list of authorized keys:

$ cat myguest_id_rsa.pub >> ~/.ssh/authorized_keys

The above command will append the contents of the myguest_id_rsa.pub file to the file authorized_keys. If the file does not exist, the command creates it.

Let’s now remove the no longer necessary file

$ rm myguest_id_rsa.pub

For better security, let’s set the proper rights on the authorized_keys file. 600 means that the owner only can read and write.

$ chmod 600 authorized_keys

Now, when I open an SSH connection with the given username from the guest computer (logged in as the user whose key is authorized on the host) to the host computer, I no longer have to provide a password. Instead of:

~/$ ssh stephan@10.211.55.10
stephan@10.211.55.10's password: 
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-23-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

Last login: Sun Jun  3 16:44:22 2012 from stephans-macbook-pro.local

I now have

~/.ssh $ ssh stephan@10.211.55.10
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-23-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

Last login: Sun Jun  3 17:26:52 2012 from stephans-macbook-pro.local
stephan@stephan-Parallels-Virtual-Platform:~$ 

With any key file

Let’s generate a key file outside of the ~/.ssh directory.

~/temp $ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/stephan/.ssh/id_rsa): ./standalone_id_rsa
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in ./standalone_id_rsa.
Your public key has been saved in ./standalone_id_rsa.pub.
The key fingerprint is:
d4:48:5d:30:10:80:f6:2d:75:1d:49:51:47:9f:5b:eb stephan@stephan-Parallels-Virtual-Platform
The key's randomart image is:
+--[ RSA 2048]----+
|     ...++o===..o|
|    o  ..oo.o  .o|
|   . . oo..    .o|
|      o..       +|
|       .S      o |
|              .  |
|               E |
|                 |
|                 |
+-----------------+

I generated the file in the folder I was in with ./standalone_id_rsa.

Let’s now copy the file to the host:

~$ scp ./standalone_id_rsa.pub username@hostname:/home/username/.ssh/myguest_id_rsa.pub

On the host, let’s add the public key to the list of authorized_keys:

~$ cat myguest_id_rsa.pub >> authorized_keys

Let’s remove the no longer necessary key file:

~$ rm myguest_id_rsa.pub

I can now connect with the provided file:

~/temp $ ssh -i ./standalone_id_rsa stephan@10.211.55.10
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-23-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

Last login: Sun Jun  3 17:52:36 2012 from stephans-macbook-pro.local
stephan@stephan-Parallels-Virtual-Platform:~$ 

If I want to In this case, we must make sure that only the owner of the file has the rights to access the file. To achieve that, we will set the appropriate rights with chmod.

$ chmod 600 pathToMyKeyFile

References

Highlighting input fields with CSS and JQuery


The interface of our current Web Application is rather complex and contains loads of fields. The end users wanted us to make the active field or element more visible. The only hitch is that the supported browsers are IE7, IE8 and Firefox 3.6+.

The CSS dynamic pseudo-class :focus should have done the trick. The :focus selector is supported as such by Firefox, Chrome and IE9.

Here is an example of how to use it. Don’t pay attention to the ugliness of the outcome :-). In the case of the check box and radion I could only manage to change the border style and width and not the colour.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<style type="text/css">
input:focus, textarea:focus, select:focus {
        background: #FFFFCC;
        border: 2px solid red
}
</style>
</head>

<body>
            Text Field: <input type="text" /><br />
            Password Field: <input type="password" /><br />
            Text Area: <textarea></textarea><br />
            Radio Button: <input type="radio" /><br />
            Check box: <input type="checkbox" /><br />
            Button: <input type="submit" value="Submit" /><br />
            Select box:<select>
                                  <option>One</option>
                                  <option>Two</option>
                                  <option>Three</option>
                                  </select> <br />
</body>
</html>

To make it work in IE8, the page must declare a <!DOCTYPE>, as illustrated below. Furthermore, one must disable the compatibility view settings for the Web site in order to have the CSS working. Go to Tools->Compatibility View Settings and uncheck the adequate check boxes.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

Unfortunately, that does not work in IE7. However, I found a JQuery plugin that makes it work with IE7 at http://james.padolsey.com/javascript/fixing-focus-in-internet-explorer/. The only problem that I found was with select, that does not work.

Here is an example of how to use it:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<style type="text/css">
input:focus, textarea:focus, select:focus {
        background: #FFFFCC;
        border: 2px solid red
}
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.js"></script>
<script type="text/javascript" src="pseudofocus.js"></script>

</head>

<body>
            Text Field: <input type="text" /><br />
            Password Field: <input type="password" /><br />
            Text Area: <textarea></textarea><br />
            Radio Button: <input type="radio" /><br />
            Check box: <input type="checkbox" /><br />
            Button: <input type="submit" value="Submit" /><br />
            Select box:<select>
                                  <option>One</option>
                                  <option>Two</option>
                                  <option>Three</option>
                                  </select> <br />
        <script type="text/javascript">
            $.pseudoFocus();
        </script>
</body>
</html>

Links

Fixing the pesky perl: warning: Setting locale failed on Ubuntu Server


After having installed an new instance of Ubuntu Server, I run into the following error message

Setting locale failed.
perl: warning: Please check that your locale settings: LANGUAGE = “en_GB:en”, LC_ALL = (unset), LC_CTYPE = “UTF-8”, LANG = “en_GB.UTF-8” are supported and installed on your system.
perl: warning: Falling back to the standard locale (“C”).

To fix it, I had to do the following:

$ sudo dpkg-reconfigure locales

That generated the following output:

Generating locales...
  en_AG.UTF-8... up-to-date
  en_AU.UTF-8... up-to-date
  en_BW.UTF-8... up-to-date
  en_CA.UTF-8... up-to-date
  en_DK.UTF-8... up-to-date
  en_GB.UTF-8... up-to-date
  en_HK.UTF-8... up-to-date
  en_IE.UTF-8... up-to-date
  en_IN.UTF-8... up-to-date
  en_NG.UTF-8... up-to-date
  en_NZ.UTF-8... up-to-date
  en_PH.UTF-8... up-to-date
  en_SG.UTF-8... up-to-date
  en_US.UTF-8... up-to-date
  en_ZA.UTF-8... up-to-date
  en_ZM.UTF-8... up-to-date
  en_ZW.UTF-8... up-to-date
Generation complete.

Then, I ran:

$ sudo locale-gen en_GB

That generated the following output:

Generating locales...
  en_GB.ISO-8859-1... done
Generation complete.

And I eventually ran:

$ sudo update-locale LANG=en_GB.UTF-8

Then, I added the following to my .profile

export LC_CTYPE=en_GB.UTF-8 export LC_ALL=en_GB.UTF-8

That did the trick.

Creating Self-Signed Certificates on Ubuntu Server


As I investigated how to set up Apache2 on Ubuntu/Debian, I found out that there were different ways of generating self-signed certificates.

I’ll try to summarise what I gathered in this post, for the sake of understanding and remembering.

Procedure 1: The Ubuntu/Debian way

On Ubuntu/Debian,there is a utility named make-ssl-cert that is a debconf to openssl wrapper whose description is available at http://man.he.net/man8/make-ssl-cert
The utility will generate a .pem file containing both a certificate and a private key

$sudo /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf ./myCertificate.pem

The commands needs a template (/usr/share/ssl-cert/ssleay.cnf) to generate the certificate.

The generated PEM file contains both the private key and the certificate:

—–BEGIN PRIVATE KEY—–

—–END PRIVATE KEY—–
—–BEGIN CERTIFICATE—–

—–END CERTIFICATE—–

Procedure 2: The OpenSSL way with a passphrase

To generate a self-signed certificate with OpenSSL, one must go through several steps. To generate the certificate, one needs:

  • A private key
  • A Certificate Signing Request (CSR)

To generate a private key using the RSA algorithm, run the following command:

$ openssl genrsa -des3 -out myKey.pem 2048

The command works as follows:

  • The command genrsa generates an RSA private key
  • The option -des3 encrypts the private key with triple DES
  • The option -out outputs to the provided filename
  • 2048 is the size of the private key to generate in bits

The outcome of the command will be

Generating RSA private key, 2048 bit long modulus
..........+++
...................................................+++
e is 65537 (0x10001)
Enter pass phrase for myKey.pem:
Verifying - Enter pass phrase for myKey.pem:

The key is generated in a PEM format.
The contents of the generated file looks as follows:

Here is an example
----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,B86D06044242EA6B

...
-----END RSA PRIVATE KEY-----

Caveat: As the key was used to generate a passphrase, you will have to keep it preciously. For example, when using the certificate with Apache2, the passphrase will be requested at each startup of the server.

Now that we have a private key, we have two possibilities. Either we generate the Certificate Signing Request and the Certificate in one command, or we do it with two commands

Variant a – step 1: Generate a Certificate Signing Request

Run the command:

$ openssl req -new -key myKey.pem -out server.csr

The command will request you to enter quite some information as you can see on the following output:

Enter pass phrase for myKey.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:BE
State or Province Name (full name) [Some-State]:Brabant
Locality Name (eg, city) []:Brussels
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company
Organizational Unit Name (eg, section) []:My Division
Common Name (eg, YOUR name) []:My Name
Email Address []:my.name@myorganisation.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

The contents of the generated server.csr looks like this:

-----BEGIN CERTIFICATE REQUEST-----
...
-----END CERTIFICATE REQUEST-----

Variant a – step 2: Generate the self-signed certificate based on the CSR

Run the following command to issue a certificate that will be valid for 365 days.

$ openssl x509 -req -days 365 -in server.csr -signkey myKey.pem -out myCertificate.pem

The output will look like:

Signature ok
subject=/C=BE/ST=Brabant/L=Brussels/O=My Company/OU=My Division/CN=My Name/emailAddress=my.name@myorganisation.com
Getting Private key
Enter pass phrase for myKey.pem:

The contents of the certificate file looks liks:

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

Variant b: Generate the Certificate without generating the CSR

Run the following command to issue a certificate that will be valid for 365 days. You will have to enter the data as for the CSR but none will be generated.

$ openssl req -new -x509 -key myKey.pem -out myCertificate.pem -days 365

The output will look like:

Enter pass phrase for myKey.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:BE
State or Province Name (full name) [Some-State]:Brabant
Locality Name (eg, city) []:Brussels
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Organisation
Organizational Unit Name (eg, section) []:My Division
Common Name (eg, YOUR name) []:My Name
Email Address []:my.name@mycompany.com

Variant c: Remove the passphrase from the key

It is also possible to remove the Triple DES encryption from the key and therefore the need to input the passphrase. This requires that one knows the passphrase and that the access rights on the certificate be well set and be only readable by the root user.

$ openssl rsa -in myKey.pem -out myCertificate.pem

The output of the command looks like:

Enter pass phrase for myKey.pem:
writing RSA key

The contents of the generated PEM file looks like this:


-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

Procedure 3:  The OpenSSL way without a passphrase

The procedure using OpenSSL without the passphrase differs at the key generation phase. In order to generate the private key this way, run the following command, which does not request to use Triple DES:

$ openssl genrsa -out myKey.pem 2048

The output looks like:

Generating RSA private key, 2048 bit long modulus
.......+++
...+++
e is 65537 (0x10001)

The contents of the server.key file looks like:

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

Let’s now generate the Certificate with generating an intermediate CSR

$ openssl req -new -x509 -key myKey.pem -out myCertificate.pem -days 365

The output looks like:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:BE
State or Province Name (full name) [Some-State]:Brabant
Locality Name (eg, city) []:Brussels
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company
Organizational Unit Name (eg, section) []:My Division
Common Name (eg, YOUR name) []:My Name
Email Address []:my.name@mycompany.com

Setting up Apache HTTP Server with SSL support on Ubuntu/Debian


I need to set up a server to host our subversion in a secured fashion and to make it available on the Web. Therefore, I first install the Apache HTTP Server (httpd) and configure it to allow for SSL connections only.

If there are mistakes in this post, please comment. I’m eager to improve it and learn.

It took me quite some time to find some proper documentation on how to configure Apache2 on Ubuntu/Debian. I came across that interesting page on the apache Web site that pointed me to a README file: /usr/share/doc/apache2/README.Debian.gz that contains information on how to configure Apache2 on Debian.

Step 1: Install the Apache2 package

There is an Apache httpd package readily available for aptitude under the name apache2. To install it, run the following command from the terminal.

$ sudo apt-get install apache2

To test that the package was properly installed, open the following address in your browser: http://yourhostname. If the installation was successful, the browser shall display the following:

It works!

This is the default web page for this server.

The web server software is running but no content has been added, yet.

Step 2: Configure httpd to support SSL

The module mod_ssl (http://httpd.apache.org/docs/2.0/mod/mod_ssl.html) provides SSL/TLS support to httpd. It is available in the httpd installation as a part of the apache2-common package.

On Ubuntu/Debian, use the following commands to enable SSL

$ sudo a2ensite default-ssl

That yields

Enabling site default-ssl.
To activate the new configuration, you need to run:
service apache2 reload

$ sudo a2enmod ssl

That yields

Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
service apache2 restart

As written, let’s restart Apache2 to apply the changes with the following command:

$ sudo service apache2 restart

That command yields the following outcome:

* Restarting web server apache2 … waiting

and restart httpd:

$ sudo /etc/init.d/apache2 restart

Which yields again:

* Restarting web server apache2 … waiting

To test that the module was properly installed, open the following address in your browser: https://yourhostname. The first time you access the page, the browser will warn you that the certificate of the site is not trusted. You can proceed and you will get to the same page as before:

It works!

This is the default web page for this server.

The web server software is running but no content has been added, yet.

Step 3: Generate a self-signed certificate

To use a self-signed certificate, the package ssl-cert must be installed, which it was on my install.

I wanted to configure my own self-signed certificate for the server and to store it in /etc/apache2/ssl. To do so, run the following command from the terminal:

$ sudo mkdir /etc/apache2/ssl
$ sudo /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.crt

The command prompts you to enter the hostname to use in the certificate. Once done, you can now see that there is a new file in the /etc/apache2/ssl directory:

drwxr-xr-x 2 root root 4096 2011-12-16 14:40 ./
drwxr-xr-x 8 root root 4096 2011-12-16 14:12 ../
lrwxrwxrwx 1 root root 10 2011-12-16 14:40 a9630d61 -> apache.crt
-rw——- 1 root root 2685 2011-12-16 14:40 apache.crt

That last command will have generated an apache.crt file that contains both the certificate and the key. Let’s now separate that file into two files:

  • apache.pem to store the certificate
  • apache.key to store the key

I will simply copy the original apache.crt file twice, one with each name and edit each file.

$ cd /etc/apache2/ssl
$ sudo cp apache.crt apache.pem
$ sudo cp apache.crt apache.key

The apache.pem file must contain everything from the beginning line to the ending line of the certificate

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

The apache.key file must contain everything from the beginning line to the ending line of the key

-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----

Step 4: Configure httpd to use the certificate

Now, I have to configure httpd to use my new certificate. To do so, I edit the configuration with nano

$ sudo nano /etc/apache2/sites-enabled/default-ssl

We have to update the following two lines

SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

with the following two lines

SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

The private key shall only be readable by root:

$ sudo chmod 600 /etc/apache2/ssl/apache.key

Let’s now restart Apache2

$ sudo /etc/init.d/apache2 restart

Step 5: Disable the HTTP port

On Ubuntu/Debian, the enabled ports are defined in /etc/apache2/ports.conf. As I want to disable the HTTP listener, I simply disable that port in that file by commenting out the following two lines:

#NameVirtualHost *:80
#Listen 80

Final test

To check that everything works fine, let’s try to access the page at http://localhost with curl

curl http://localhost
curl: (7) couldn’t connect to host

Let’s no try to access the page at https://localhost with curl -k. The -k is used to allow connections from sites without a certificate.

$ curl -k https://localhost</pre>
<h1>It works!</h1>
<pre>
This is the default web page for this server.

The web server software is running but no content has been added, yet.


That’s it.

Finding out the IP address of my Linux


The ifconfig command provides the network interface parameters of the system.

This is an example of the outcome:

$ ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:6d:41:8d
inet addr:129.181.228.101 Bcast:129.181.231.255 Mask:255.255.252.0
inet6 addr: fe80::a00:27ff:fe6d:418d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:22801 errors:0 dropped:0 overruns:0 frame:0
TX packets:2066 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5235502 (5.2 MB) TX bytes:214719 (214.7 KB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

If I want to just know my IP address, I can simply run the following command from the terminal:

$ ifconfig | grep 'inet addr'
          inet addr:129.181.228.101  Bcast:129.181.231.255  Mask:255.255.252.0
          inet addr:127.0.0.1  Mask:255.0.0.0

If I just want to know my IPv6 address, I can run the following command from the terminal:

$ ifconfig | grep 'inet6 addr'
          inet6 addr: fe80::a00:27ff:fe6d:418d/64 Scope:Link
          inet6 addr: ::1/128 Scope:Host

Installing Oracle SQL Developer on Ubuntu


Update: As I switched to Linux Mint, I ran into an permission problem. To have it working, follow the procedure available at http://community.linuxmint.com/tutorial/view/938, which provides additional steps.


On my current project, we use Oracle database. The best free tool I have found so far to work with the database as a Java developer is Oracle SQL Developer.

Oracle does not provide a package for Debian based distros. I tried to run the tool from the generic archive but it failed to run because it seems to be aiming at another environment with respect to the Swing look and feel that it failed to load.  After some googling, I found that there is a package to make a package (sqldeveloper-package)out of the archive to make it installable as such.

Here is how to use it.

Download Oracle SQL Developer

As the download requires that one have an Oracle account, I download it from the browser at the following address: http://www.oracle.com/technetwork/developer-tools/sql-developer/sqldev-ea-download-486950.html

Install Java

See my post Install Sun JDK 6 on Ubuntu 11.10

Install the sqldeveloper-package and its dependencies

$ sudo apt-get install sqldeveloper-package debhelper

 Install dos2unix

$ sudo apt-get install tofrodos

It is necessary to create the following symlinks for the tool to work:

$ sudo ln -s fromdos dos2unix
$ sudo ln -s todos unix2dos

Make the deb package

It seems that the -b switch can be used to indicate where to generate the .deb but it does not seem to work (Or I did not spend enough time trying to get it to work). The tool will generate the .deb in the working directory.

$ cd ~/Downloads
$ make-sqldeveloper-package ~/Downloads/sqldeveloper-3.1.06.44-no-jre.zip

Install the package

$ sudo dpkg -i sqldeveloper_3.1.06.44+0.2.3-1_all.deb

The tool is now available in Applications->Programming->Sql Developer

Install Sun JDK 6 on Ubuntu 11.10


Update 2011-12-20: Following up on comments on the post, I added a section on how to  configure the Java Browser Plugin in manual installation

Update 2011-11-25: I added the information regarding the configuration of the JDK as in my previous post  Configuring Java on Kubuntu 10.10


Since Ubuntu 11.10, there is no longer an official package for the Sun/Oracle JDK. The package sun-java6-jdk is no longer officially available.

Method 1: Install a package provided by a PPA

There is a PPA (Personal Package Archives) made available by Roberto Ferramosca. To add this PPA, run the following command from the command line:

    $ sudo add-apt-repository ppa:ferramroberto/java
    $ sudo apt-get update

You can now install the JDK with the following command:

    $ sudo apt-get install sun-java6-jdk

I you’d like to install the JRE or the Java Plugin along with the JDK, use the following:

sudo apt-get install sun-java6-jdk sun-java6-jre sun-java6-plugin sun-java6-fonts

You must now set the Sun JDK as the default. You can see how to achieve this in a previous post Configuring Java on Kubuntu 10.10.

The benefit of this method is that the JDK will be updated when a newer version of the package is made available.

Method 2: Installing the JDK manually

This method consists of downloading the adequate JDK from the Oracle Web site. The file is a bin file, e.g. jdk-6u29-linux-x64.bin

The first step is to create a temporary folder where we’ll download the file.

    $ mkdir -p ~/tmp/jdk-6u29
    $ cd ~/tmp/jdk-6u29

Once downloaded, make the file executable and run it.

    $ chmod +x jdk-6u29-linux-x64.bin
    $ ./jdk-6u29-linux-x64.bin

Now copy the file to the preferred target location, e.g. ~/dev/jdk

    $ mkdir -p ~/dev/jdk
    $ cd ..
    $ mv jdk-6u29 ~/dev/jdk/

Let’s now create a symbolic link so that we can easily update with newer versions in the future.

    $ cd ~/dev/jdk
    $ ln -s jdk-6u29 jdk-6

The next step is to add to the ~/.bashrc the path to our JDK binary files.

    #Use the symbolic link
    export JAVA_HOME="~/dev/jdk/jdk-6"
    export PATH=$PATH:$JAVA_HOME/bin

That’s it.

The benefit of this method is that one can install any version of the JDK (6 or 7). The downside is that one must manually upgrade the JDK.

Manually configuring the browser plugin

To configure the plugin, you need the JRE that comes with the JDK. If you installed the JDK in $JAVA_HOME, the JRE is located in $JAVA_HOME/jre.

Based on some documentation that I found on Oracle Web Site, the solution is simply to create symlinks to the plugin. The plugin can be found in

  • $JAVA_HOME/jre/lib/amd64/libnpjp2.so for 64bit machines
  • $JAVA_HOME/jre/lib/i386/libnpjp2.so for 32bit machines

You can go to http://javatester.org/version.html to check that the plugin works fine.

Configuring the plugin for Firefox

Create a symlink to the plugin

$ sudo ln -s $JAVA_HOME/jre/lib/amd64/libnpjp2.so /usr/lib/firefox-addons/plugins/libnpjp2.so

This shall do the trick.

Configuring the plugin for Chromium

Create a symlink to the plugin

$ sudo ln -s $JAVA_HOME/jre/lib/amd64/libnpjp2.so /usr/lib/chromium-browser/plugins/libnpjp2.so

With Chromium, it is necessary to enable plugins. You can just launch it from the command line once to enable the plugins with the following command

$ chromium-browser --enable-plugins %U

If you now naviate to chrome://plugins/, you shall see something like:

Java – Version: 1.6.0.30
The next generation Java plug-in for Mozilla browsers.
Disable

Using resource bundle keys containing dots in a facelet


In order to put some order into our resource bundle with JSF, I wanted to use dots to structure the keys to make them more meaningful. I wanted to use a structure like ScreenName.title=value

We used to use the keys this way

<h:outputText value="#{bundle.title}" />

When I tried to use

<h:outputText value="#{bundle.screen.title}" />

I got an error because JSF interpreted bundle.screen.title as an expression and title was not a method of the String class. To be able to use the dots, I had to change the way to get values from the bundle as follows:

<h:outputText value="#{bundle['screen.title']}" />
%d bloggers like this: