The following step will configure the Postfix server to relay emails from a remote SMTP server with authentication.

1. First of all, configure the custom relayhost parameter. This will configure postfix to relay emails via the remote SMTP servers.

   sudo postconf -e "relayhost = smtp.gmail.com:587" 
   

   You can also configure the Postfix server for d relaying emails based on the sender address.

2. create an SMTP host and authentication mapping file:

   sudo nano /etc/postfix/smtp_sasl_password 
   

   Add your remote SMTP host and credentials one per line. See the below example:

   smtp.gmail.com           your_email@gmail.com:your_email_password
   

   Save the file and close it.

3. Next use the postmap command to update the Postfix lookup table for the above-created configuration file.

   sudo postmap /etc/postfix/smtp_sasl_password  
   

4. Update the Postfix main configuration file with the following commands:

   sudo postconf -e "smtp_sasl_auth_enable = yes"
   sudo postconf -e "smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_password"
   sudo postconf -e "smtp_sasl_security_options ="
   

5. Finally, restart the Postfix service

   sudo systemctl restart postfix
   

6. All done. You can verify the changes by sending an email via the configured remote SMTP servers.

Postfix SASL Authentication provides a secure way to transfer emails, and it’s easy to set up. It also allows you to customize the authentication process, so if you want to use things like two-factor authentication or IP whitelisting, you can. Overall, Postfix SASL Authentication is a great option for anyone who needs a secure and reliable way to transfer emails. It’s a must-have for anyone who takes security seriously!

The post Postfix: Configure SASL Authentication for Remote SMTP appeared first on TecAdmin.

SSH works by installing SSH server and SSH application respectively on destination(remote) and source(Client) machine.

After installing the SSH application on the client-side, you can provide information related to the remote server. On the server-side, There will be an SSH daemon that continuously checks for specific TCP/IP ports for client connection requests. Once the client initiates the connection requests with the right credentials, the SSH daemon starts exchanging the identification data with the client to establish a secured remote connection.

You can log in to your remote SSH server by types:

• Password Authentication
• Public Key Authentication (Passwordless)

In this tutorial, we will find out how to set up a Public key-based or passwordless SSH Login.

How to Setup Passwordless SSH Login

In passwordless or key-based authentication we create a pair of keys –

• Private key: Stored securely and secretly on the client-side.
• Public key: Stored or given to the server that we want to access.

When we try to connect with a remote server using the authentication key, a message will be created by the public key based on the remote server. That message can only be read with the private key based on the client-server. After reading that message, the Client-server will send a response to the remote server to verify and establish the connection. Once you create and set up the keys, the entire process will be completed automatically.

How to create SSH Keys

So before we create a new key pair, let’s check once if you have already a key pair or not on your system, and for that, you can run the following command in your command line:

ls -al ~/.ssh/id_*.pub 

If you find the keys then you can use them for the further process otherwise you can create new ones. To generate new key pair, open your command line and enter this code:

ssh-keygen -t rsa 

Enter and accept the default location. Next, you will be asked for a passphrase. It depends on you that if you want it or not. If you do not want it then press Enter otherwise enter a passphrase for an extra layer of security. Also, not using a passphrase will help you in automating a lot of tasks. After hitting Enter, your keys will be created. You can list your keys with this command.

ls ~/.ssh/id_* 

Now as we have generated our keys, it’s time to copy the key on the remote server that you want to access. We will do this with the ssh-copy-id command. Type the following command on your command line:

ssh-copy-id -i ~/.ssh/id_rsa.pub remote_username@server_ip_address 

You will be asked for the remote_user password. Once you enter the correct password, the public key will be stored in the remote server.

Now you can log in to your remote server without a password. Use the following command to establish a connection immediately:

ssh remote_username@server_ip_address 

How to disable Password Authentication

So as we have created our SSH keys, now we can disable the password authentication for security. Before disabling the password authentication, make sure you have stored the public key on your remote server and you are able to log in using the authentication key.

To disable the password authentication, enter the following command and open SSH configuration files as a root user or sudo privileged user.

sudo nano /etc/ssh/sshd_config 

Then search for the ‘password authentication’ line and modify it as follow:

PasswordAuthentication no

After changing it, save your file and restart the SSH service.

sudo systemctl restart sshd 

Now you will be able to login into the remote server without a password.

Conclusion

SSH is a secured and easy method to connect to a remote server. It is a simple and common Linux activity and you can learn it for your daily use. And you can even set up a passwordless SSH login by using authentication keys.

The post How to Set Up Passwordless SSH login appeared first on TecAdmin.

With authentication enabled on your MongoDB instance, you can set specific rules about what user accounts are permitted to do and what sort of access they have. This also means that you can also lock down certain features so that only authorized users have access to them.

In this article, we will show you how to enable authentication in MongoDB so that only authorized users can access the database and its contents.

Create an Admin User

We will first create a user to manage all users and databases, and then we will create a MongoDB database owner with reading and write privileges on one database instance.

To manage all users and databases, create an admin user on your MongoDB server. Using Mongo shell, switch to the admin database and create a user.

use admin 

db.createUser({
   "user":"admin",
   "pwd":"admin_password",
   "roles":[
      {
         "role":"root",
         "db":"admin"
      }
   ]
}) 

Verify the authentication, run command on Mongo shell:

db.auth("admin", "admin_password") 

The result “1” is for successful authentication.

Create Database Specific User

Now, set up a user for your application’s database. Use the “use” command to select your database, and then create a user with the following commands. You must change the database name, username, and password to the ones listed below.

use mydb 

db.createUser({
   "user":"db_user",
   "pwd":"your_password",
   "roles":[
      {
         "role":"dbOwner",
         "db":"mydb"
      }
   ]
}) 

Verify the authentication, run command on Mongo shell:

db.auth("db_user", "your_password") 

The result “1” is for successful authentication.

Enabling Authentication on MongoDB

You have just created a user for your database. Now, flip the authentication switch to enforce login. To enforce authentication on your MongoDB server, edit /etc/mongod.conf in your preferred text editor.

sudo vim /etc/mongod.conf 

Add/Edit the below lines to the configuration file

security:
      authorization: enabled

Save your file and close.

Then restart the MongoDB instance to apply the changes.

sudo systemctl restart mongod 

All done!

Conclusion

You have secured your MongoDB server by enabling proper authentication on databases. MongoDB will reject all requests without authentication. Its also recommended to restrict Mongodb port 27017 via a firewall, whether it is provided by the cloud hosting or the system’s inbuild firewall.

The post How to Enable Authentication in MongoDB appeared first on TecAdmin.

For this article, you must have apache access with full privileges. If you are using shared hosting visit below link to configure the same using .htaccess.

Setup Basic Authentication in Apache using .htaccess File

Step 1 – Create Authentication File

Let’s start with creation of users in .htpasswd file. This file will contain user and password information either in plain text or md5 encrypted, which can access the website.

touch /etc/apache2/.htpasswd
htpasswd -m /etc/apache2/.htpasswd myuser1

• -c : is used only for first time when you create .htpasswd file. Do not use this if .htpasswd already exists else it will recreate file.
• -m : is used to save password in md5 format.

Let’s create another user using following command..

htpasswd -m /etc/apache2/.htpasswd  myuser2

Step 2 – Setup Apache Basic Authentication

You have configured Apache basic authentication using .htaccess file or directly with the Apache Virtual host. In this tutorial, we will configure settings in the Apache virtual host. If you like using .htaccess follow this tutorial.

Let’s edit Apache virtual host configuration file in your favorite text editor. Then add the following configurations in the virtual host block.

<VirtualHost *:80>
   ServerName example.com

   <Location />
	Deny from all
	#Allow from 127.0.0.1  ##Set IP to allow access without password
	AuthUserFile /etc/apache2/.htpasswd
	AuthName "Restricted Area"
	AuthType Basic
	Satisfy Any
	require valid-user
    </Location>

</VirtualHost>

• <Location /> : Part of website you want to restrict. / is for retrict full website or you can specify location like /admin or /demo etc.
• Deny from all :Restrict everyone
• AuthUserFile :File where users login details are saved.
• AuthName :Message will be appeared on credentials window.
• AuthType :Type of authentication to be used. Read more.
• Satisfy :Interaction between host-level access control and user authentication. Read more.
• require :Selects which authenticated users can access restricted area on website. Read more

Restart Apache Service

After making any changes in the Apache configuration file (httpd.conf or apache2.conf), you need to restart the Apache web service.

For CentOS/RHEL 6/5 Users:

sudo service httpd restart

For CentOS/RHEL 8/7 Users:

sudo systemctl restart httpd.service

For Ubuntu/Debian Users:

sudo systemctl restart apache2

The post How To Enable Password Authentication with Apache appeared first on TecAdmin.

Create .htaccess File.

First create a .htaccess file in your website document root to protect entire site or in specific directory and add following content.

  AuthType Basic
  AuthName "Secure Content"
  AuthUserFile /home/myuser/public_html/.htpasswd
  require valid-user

Create Users in .htpasswd

Now start with creating users in .htpasswd defined in .htaccess file. You can add user and password either in plain text or md5 encrypted.

Adding password in plain text format:

# htpasswd -c /home/myuser/public_html/.htpasswd  myuser

Adding password with md5 crypt format

# htpasswd -cm /home/myuser/public_html/.htpasswd  myuser

Configure Apache to allow .htaccess Authentication

By default Apache doesn’t allow to use of .htaccess, So you also need to update below setting in your httpd.conf to allow .htaccess based authentication. We use Allowoverride variable to define if .htaccess will read by apache or not.

From:
AllowOverride none

To:
AllowOverride AuthConfig

To set AuthConfig will allow only authentication in .htaccess, rest of setting (if any) will be ignored. To allow all setting defined in .htaccess file use “All” in place of AuthConfig”.

Restart Apache and Test Setup.

After making any changes in apache configuration file (httpd.conf or apache2.conf), you need to restart Apache web service.

For CentOS/RHEL 6/5 Users:

# service httpd restart

For CentOS/RHEL 7 Users:

# systemctl enable httpd.service

For Ubuntu/Debian Users:

# service apache2 restart

Thanks for reading this article, I hope it will help you to understand to set up basic authentication in Apache using .htaccess.

The post How to Setup Basic Authentication in Apache using .htaccess appeared first on TecAdmin.