SSH/Telnet and .htaccess

CybrHost suggests you use a SSH client for all communications to the server including uploading and downloading files. Why? SSH provides a fully secure bi-directional interface such that all data transferred in both directions is always encoded. It is quite difficult for a hacker to obtain worthwhile data when using SSH. SCP is a natural extension off of a SSH connection so I believe most SSH clients also provide SCP.

The following "free" clients are recommended for interoperating with OpenSSH from Windows machines:

• PuTTY is an SSH1+SSH2 implementation. PSCP, an scp-style program for Windows, is also available. PuTTY is available under the MIT licence (BSD-like).
  "PuTTY is a free implementation of Telnet and SSH for Win32 platforms, written and maintained primarily by Simon Tatham, who lives in Great Britain."
• TTSSH (SSH1) is an SSH1-only implementation, by Robert O'Callahan.
  "TTSSH is a free SSH client for Windows. It is implemented as an extension DLL for Teraterm Pro. Teraterm Pro is a superb free terminal emulator/telnet client for Windows, and its source is available. TTSSH adds SSH capabilities to Teraterm Pro without sacrificing any of Teraterm's existing functionality. TTSSH is also free to download and use and its source is available too, with an open source license. Furthermore, TTSSH has been developed entirely in Australia [...]."
• Cygwin (POSIX software on top of Windows)
  OpenSSH (SSH1 and SSH2 protocol) with Cygwin can run on Windows using the portable version of OpenSSH.
• MSSH
  MSSH from the Metropolitan State College of Denver supports Windows 95 and Windows 98, supporting SSH1 protocol.
• OpenSSH for Windows
  Another OpenSSH running on top of Windows..
• Secure iXplorer
  Secure iXplorer is graphical front end to PuTTY's pscp.exe.
• WinSCP
  WinSCP is a scp(1) program for Windows, with PuTTY integrated into it.
  

Mac OS X includes OpenSSH by default. The following clients are recommended for interoperating with OpenSSH from Mac OS 9 machines:

• NiftyTelnet 1.1 SSH is an SSH1-only implementation which comes with a scp-style program. Written by Jonas Wallden.
  "NiftyTelnet 1.1 SSH r3 is an enhanced version of Chris Newman's NiftyTelnet 1.1 application which adds support for encrypted terminal sessions using the SSH (Secure Shell) protocol. Please read the included Readme file before distributing this version."
• MacSSH is an SSH2-only implementation.
  "MacSSH is a modified version of BetterTelnet with SSH2 support. [...] The only SSH2 client for MacOS that could be found is a commercial product thats costs more than $100 so here is MacSSH."
  The only method to TELNET to our servers is through a SSH client. Additional SSH client software can be found at Tucows Internet Software, scroll down to Network Protocols and select 'SSH.'

To Restrict Entry via .htaccess
Create a .htaccess file in a text editor, FTP that file to your site, then using TELNET or SSH to create the .htpasswd fileby typing:

vi .htaccess

A typical /htaccess file for restricted entry is:

AuthUserFile /home/sites/site10/html/restricted/.htpasswd
AuthName "CybrHost .htaccess Example"
AuthType Basic
<Limit GET>
require valid-user
</Limit>

When you have entered the file you can update the file, if using vi, by typing <shift>ZZ.

Next type /etc/stronghold/bin/htpasswd -c .htpasswd username (using TELNET) to create the file and add "username" as the first user. The program will prompt you for a password, then verify by asking again. You will not see the password when entering it here:

/etc/stronghold/bin/htpasswd -c .htpasswd username
Adding password for username.
New password:
password
Re-type new password:
password

To add more users in the future, use the same command without the -c switch:

/etc/stronghold/bin/htpasswd .htpasswd bob ("bob" will be added to your .htpasswd file.)

To delete users, open the .htpasswd file in a text editor and delete the appropriate lines:

username:v3l0KWx6v8mQM
bob:x4DtaLTqsElC2

Custom Error Files
For custom error files create a .htaccess file that will be located in your 'root' (/html for CybrHost) directory. This file will typically be hidden from FTP programs since the name begins with a period '.'! You must also create a 'PAGE' displaying the custom error text you wish to use.

An example of entries for a .htaccess file could be:

ErrorDocument 400 /error400.html
ErrorDocument 401 /error401.html
ErrorDocument 403 /error403.html
ErrorDocument 404 /error404.html
ErrorDocument 500 /error500.html

An example for using a standard .html error page would be:
http://cybrhosting.com/error400.html

Image Theft
Many people like to steal images from your site and by doing so consume your available bandwidth. To prevent this type of abuse create a .htaccess file in your html directory as follows:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.yourdomain.com/.*$ [NC]
RewriteRule .*\.jpg$ - [F]

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.yourdomain.com/.*$ [NC]
RewriteRule .*\.gif$ - [F]

That's it!

Privacy | Acceptable Use Policy | gTLD Registration Agreement | Domain Name Resolution Policy

Copyright © 2002, Microwerx Inc. All Rights Reserved.