HPN-SSH on CentOS

Somewhere along learning how to build my own blog and LAMP stack, I stumbled across HPN-SSH – a project to improve network performance in SCP file transfers.You can read more about it here.

This is how you can install it:

Install required software for compiling and patching OpenSSH/HPN-SSH:

Download latest versions of OpenSSH portable and HPN-SSH patch into /usr/src:

Extract OpenSSH:

Change directory in extracted folder and apply patch:

Configure OpenSSH:

Remove old config files to prevent any conflicts:

Compile and install:

Now we have the newest version of OpenSSH installed and patched with the improvements from HPN-SSH; however we still need to make some changes to the /etc/ssh/sshd_config to take advantage of them. Near the bottom of your config file you will see a section for HPN related options; I used the following options from other guides I found:

Another important thing to note is that the new sshd config file will reset some of your options like PermitRootLogin so be sure to check those. On my system the SyslogFacility option was commented out so the ssh related messages were logged to /var/log/messages instead of /var/log/secure; this subsequently broke my fail2ban setup since fail2ban was looking for failed authentications in /var/log/secure. To fix this I had to change the SyslogFacility option to:

Don’t forget to restart sshd when you’re finished:

Remove /home Partition on CentOS

During my experiments with building a seedbox, I noticed that CentOS created a separate partition for the /home directory. Since I was building a seedbox at a cloud provider, I wanted the entire disk as a single partition for large torrent downloads.

Below is an example layout on a default install of CentOS 6.5:

The following commands will remove the /home partition and resize the root one:

Running df-h again will show that we have a single partition for /:

Now we still need to edit /ect/fstab to prevent CentOS from trying to mount a non-existent partition on start up. Delete the line that corresponds to the old /home partition; in my example its line 10:

Deluge 1.3.6 Seedbox on CentOS 6.5

I’ve recently been experimenting with using a seedbox; I built one using CentOS 6.5 and Deluge. The original guide I followed used a repo that only had Deluge 1.3.5 and later through some googling I found a repo for installing 1.3.6.

First add the repo for Deluge 1.3.6:

Add the following lines:

I also needed the repo for the geoip package which is required for deluge; my CentOS install at home needed it but a CentOS cloud server I tried didn’t:

Now we can install geoip and deluge:

Create a user to run deluge:

Set deluge daemon and webui to start automatically:

Add the following lines:

Now deluge will automatically start and run under seedbox user. Don’t forget to add rules to iptables for port 8112 which is the default port for the deluge webui.

deluge_webui

Iptables and Fail2ban Duplicate Rules

For a while I always wondered why fail2ban sometimes put in the same rule twice under iptables:

It turns out that when fail2ban service starts, it inserts the fail2ban-ssh rule at the top of your iptables rules; so if you did save of your iptable rules with the fail2ban-ssh rule already inserted, iptables loads its default rules (with fail2ban-ssh in it) and then fail2ban adds it again when it starts.

To fix this, I deleted the fail2ban-ssh rules from iptables and saved those rules; now when my server boots iptables loads without the fail2ban-ssh rule and fail2ban adds it when it starts.