Linux Tricks
Showing posts with label Linux Tricks. Show all posts
Showing posts with label Linux Tricks. Show all posts

Troubleshooting Time Sync Issues on Ubuntu: A Comprehensive Guide

Antosh Dyade September 27, 2024 Add Comment
Troubleshooting Time Sync Issues on Ubuntu: A Comprehensive Guide
Antosh Dyade
Time synchronization is crucial for maintaining accurate system operations, especially on servers and applications that rely on precise timestamps. If you've noticed that your Ubuntu system's time isn't syncing correctly, don't worry—this guide will walk you through troubleshooting and fixing the issue step by step.

 

Why Time Sync Matters


Accurate timekeeping is essential for various functions, including logging events, scheduling tasks, and ensuring security protocols are upheld. Inconsistent time can lead to confusion and errors, especially in distributed systems or when working with databases.

Step 1: Check Current Time Settings


To start diagnosing the issue, you'll want to check your current time settings. Open a terminal and run:


timedatectl


This command will display the current system time, time zone, and whether Network Time Protocol (NTP) is active. Pay attention to the "NTP synchronized" field.

 

Step 2: Enable NTP


If NTP is not active, you can easily enable it. Simply execute the following command:


sudo timedatectl set-ntp true


This command tells your system to sync time automatically with internet time servers.

Step 3: Install NTP Service (if necessary)


If you're not using `systemd-timesyncd`, you might want to install the `ntp` package. To do this, run:


sudo apt update
sudo apt install ntp


Installing this service allows your system to synchronize its clock more effectively.

Step 4: Check NTP Status


After installation, you can check the status of the NTP service with:


systemctl status ntp


If it's running but not syncing correctly, you can restart it using:


sudo systemctl restart ntp

Step 5: Update Time Manually


If all else fails, you can set the time manually to get it close to the correct time. Use the following command to sync with a reliable time server:


sudo ntpdate pool.ntp.org


This will update your system clock immediately.

 

Step 6: Check Firewall Settings


Sometimes, a firewall can block NTP traffic. Ensure that your firewall is not preventing UDP traffic on port 123, which is used by NTP.

 

Step 7: Review System Logs


If you're still experiencing issues, check your system logs for any error messages that may provide insight. Use the following commands:


journalctl -u systemd-timesyncd


or


cat /var/log/syslog | grep ntp


These logs can help identify specific problems with your time synchronization.

 

Step 8: Reboot


If you've made changes to your configuration, a reboot can sometimes help apply these settings effectively. Reboot your system with:


sudo reboot

Step 9: Time Zone Settings


Finally, ensure that your time zone is set correctly. You can change your time zone using the following command:


sudo timedatectl set-timezone <Your_Timezone>

Example:

For New York, you would use:


sudo timedatectl set-timezone America/New_York

Conclusion


By following these steps, you should be able to resolve any time synchronization issues on your Ubuntu system. Accurate timekeeping is essential for optimal performance and reliability, so don’t hesitate to revisit these settings if you encounter further problems. If you’re still experiencing issues, feel free to reach out for more assistance. Happy syncing!

SFTP : Windows Open SSH Server, Connecting through Linux Client Using Public Key

Antosh Dyade January 22, 2023 Add Comment
Antosh Dyade

SFTP (SSH File Transfer Protocol) is a secure file transfer protocol runs over the SSH protocol. It supports the full security and authentication functionality of SSH.

SFTP has replaced legacy FTP as a file transfer protocol provides all the functionality with security and reliability.

SFTP also protects against password sniffing and man-in-the-middle attacks. It protects the integrity of the data using encryption and cryptographic hash functions, and authenticates both the server and the user.


OpenSSH Installation using .zip file

  • Goto https://github.com/PowerShell/Win32-OpenSSH/releases
  • Download the OpenSSH-Win64.zip file from the latest release
  • Extract the zip file contents to the folder C:\Program Files\OpenSSH

  • Open a command prompt as Administrator and use the following command to change to openssh directory
  • cd "C:\Program Files\OpenSSH"
  • Run the following command 
    powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1



  • Now the sshd and ssh-agent windows services should be installed. This can be seen in the services.msc window
  • Change the startup type to Automatic from Manual and start both the services. Since we have set the startup type as automatic, both the services will start automatically upon system startup.
  • Create the appropriate firewall policy to expose the SFTP port 22 to local or remote systems if required
  • Now SFTP server accepts connections using username and password authentication

Setup SFTP server in newer versions of windows

  • Click windows button and search for “manage optional features”
  • Click on “add a feature” and search for OpenSSH server and install it
  • Now Open SSH server and OpenSSH Authentication agent services should be installed in the services.msc window
  • You ca right click and change the start up type of both the services as automatic if you want the services to start upon system start up
  • Create the appropriate firewall policy to expose the SFTP port 22 to local or remote systems if required
  • Now SFTP server accepts connections using username and password authentication

Downsides of password based authentication in SFTP

  • OS user credentials of the server operating system are to be shared with the SFTP client which is not desirable
  • OS user password is to be changed to change the password of SFTP client
  • OS user password will be transmitted over the network

Benefits of using public key based authentication in SFTP

  • This type of authentication is more robust and secure
  • SFTP client need not know the OS user password
  • Multiple clients can use different private keys for a single OS user
  • Private key can be changed easily from time to time without changing the user’s OS password
  • Access of SFTP client can be easily revoked by just removing the client’s public key from the authenticated list, without locking out or modifying the OS user account

Setup public key based authentication in Linux

  • Open a terminal window and run ssh-keygen command. Press enter till the execution is complete as shown in the image below


  • During the key generation process, password protection can be set to private key by entering a passphrase as shown in the above image. This ensures additional protection in case the private key is in wrong hands
  • The public key will be saved as /home/<username>/.ssh/id_rsa.pub (home directory of user and /root for root directory)  and private key will be saved as /home/<username>/.ssh/id_rsa (home directory of user and /root for root directory)


Place the public key in the SFTP server

  • Use following scp (secure copy) command to copy the public key in the server directory (The default directory is C:/ProgramDate/ssh) as shown in the screenshot
  • scp .ssh/id_rsa.pub  <username>@<sftp server ip or hostname>:/C:/ProgramData/scp  

Copying Public Key in authorized_key

  • Method 1 : If you have direct access to Windows Server, than open command prompt go to C:/ProgramData/ssh and use type command to copy/append the public key in administrators_authorized_key


  • Method 2: 
    • If you don't have direct access to Windows Server than Login to server with SSH  from Linux as shown below to copy the public key in administrators_authorized_key as shown bellow. 

    • After Entering the Password it will show the windows login as shown below screen shot


    • Goto C:/ProgramData/ssh directory and enter following command as shown in the screenshot


Change the Permission of the administrators_authorized_keys file using following command directly from 

  • Use following command to allow the access permission of administrators_authorized_key to only administrator and system users of windows operating system. 

icacls administrators_authorized_keys /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"


Enabling Public Key authentication 

  • Goto Server C:/ProgramData/ssh folder open sshd_config file in notepad in admin mode and uncomment pubkeyAuthentication yes line and save the file. 
 


  • Restart the Openssh services and try to login without password from the Linux box


  • Now you are able to login have complete access on User Home directory 



  • If you want to give access to specific folder, add following line at the of  sshd_config  file and restart the service.
    • In this demonstration I have used SFTP_Root folder present in user home directory.
Match User <username>
ChrootDirectory ~/<directoryname>
X11Forwarding no
AllowTcpForwarding no
PermitTTY no
ForceCommand internal-sftp
PasswordAuthentication no



  • It will give access SFTP_Root folder only




How to get the File from the server 

Method 1: Login to the sftp server and use get command to get the file as shown in the screenshot



Method 2: Directly download the file from the command prompt using sftp command as shown in the screenshot bellow




Thanks for reading this blog.








Subscribe to: Posts (Atom)