How to Upgrade PHP 5.3 to PHP 5.5 on CentOS 6.7

In this article, I’m going to show you how to upgrade PHP 5.3 to PHP 5.5 CentOS 6.7.

 

This article assumes you have a stock installation of CentOS, and that you already have PHP 5.3 installed

 

1. Verify current version of PHP

 

Type in the following to see the current PHP version:

 

php -v

 

Should output something like:

 

PHP 5.3.3 (cli) (built: Jul 9 2015 17:39:00)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies

 

Great, now we can move on!

 

2. Install the Remi and EPEL RPM repositories

 

If you haven’t already done so, install the Remi and EPEL repositories

 

wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm && rpm -Uvh epel-release-latest-6.noarch.rpm

 

wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm && rpm -Uvh remi-release-6*.rpm

 

Enable the REMI repository globally:

 

nano /etc/yum.repos.d/remi.repo

 

Under the section that looks like [remi] make the following changes:

 

[remi]
name=Remi's RPM repository for Enterprise Linux 6 - $basearch
#baseurl=http://rpms.remirepo.net/enterprise/6/remi/$basearch/
mirrorlist=http://rpms.remirepo.net/enterprise/6/remi/mirror
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

 

Also, under the section that looks like [remi-php55] make the following changes:

 

[remi-php55]
name=Remi's PHP 5.5 RPM repository for Enterprise Linux 6 - $basearch
#baseurl=http://rpms.remirepo.net/enterprise/6/php55/$basearch/
mirrorlist=http://rpms.remirepo.net/enterprise/6/php55/mirror
# WARNING: If you enable this repository, you must also enable "remi"
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

 

Type CTRL-O to save and CTRL-X to close the editor

 

3. Upgrade PHP 5.3 to PHP 5.5

 

Now we can upgrade PHP. Simply type in the following command:

 

yum -y upgrade php*

 

Once the update has completed, let’s verify that you have PHP 5.5 installed:

 

php -v

 

Should see output similar to the following:

 

PHP 5.5.30 (cli) (built: Oct 1 2015 09:29:18)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies

 

You’re done!

Sources : https://www.zerostopbits.com/how-to-install-upgrade-php-5-3-to-php-5-5-on-centos-6-7/

Installing Apache2 With PHP5 And MySQL Support On Ubuntu

1 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100. These settings might differ for you, so you have to replace them where appropriate.

I’m running all the steps in this tutorial with root privileges, so make sure you’re logged in as root:

sudo su

 

2 Installing MySQL 5

First we install MySQL 5 like this:

apt-get install mysql-server mysql-client

You will be asked to provide a password for the MySQL root user – this password is valid for the user root@localhost as well as root@server1.example.com, so we don’t have to specify a MySQL root password manually later on:

New password for the MySQL “root” user: <– yourrootsqlpassword
Repeat password for the MySQL “root” user: <– yourrootsqlpassword

 

3 Installing Apache2

Apache2 is available as an Ubuntu package, therefore we can install it like this:

apt-get install apache2

Now direct your browser to http://192.168.0.100, and you should see the Apache2 placeholder page (It works!):

Apache’s default document root is /var/www on Ubuntu, and the configuration file is /etc/apache2/apache2.conf. Additional configurations are stored in subdirectories of the /etc/apache2 directory such as /etc/apache2/mods-enabled (for Apache modules), /etc/apache2/sites-enabled (for virtual hosts), and /etc/apache2/conf.d.

 

4 Installing PHP5

We can install PHP5 and the Apache PHP5 module as follows:

apt-get install php5 libapache2-mod-php5

We must restart Apache afterwards:

/etc/init.d/apache2 restart

 

5 Testing PHP5 / Getting Details About Your PHP5 Installation

The document root of the default web site is /var/www. We will now create a small PHP file (info.php) in that directory and call it in a browser. The file will display lots of useful details about our PHP installation, such as the installed PHP version.

vi /var/www/info.php

<?php phpinfo(); ?>

Now we call that file in a browser (e.g. http://192.168.0.100/info.php):

As you see, PHP5 is working, and it’s working through the Apache 2.0 Handler, as shown in the Server API line. If you scroll further down, you will see all modules that are already enabled in PHP5. MySQL is not listed there which means we don’t have MySQL support in PHP5 yet.

 

6 Getting MySQL Support In PHP5

To get MySQL support in PHP, we can install the php5-mysql package. It’s a good idea to install some other PHP5 modules as well as you might need them for your applications. You can search for available PHP5 modules like this:

apt-cache search php5

Pick the ones you need and install them like this:

apt-get install php5-mysql php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl

Now restart Apache2:

/etc/init.d/apache2 restart

Now reload http://192.168.0.100/info.php in your browser and scroll down to the modules section again. You should now find lots of new modules there, including the MySQL module:

 

7 phpMyAdmin

phpMyAdmin is a web interface through which you can manage your MySQL databases. It’s a good idea to install it:

apt-get install phpmyadmin

You will see the following questions:

Web server to reconfigure automatically: <– apache2
Configure database for phpmyadmin with dbconfig-common? <– No

Afterwards, you can access phpMyAdmin under http://192.168.0.100/phpmyadmin/:

The Perfect Server – Ubuntu 12.04 LTS (Apache2, BIND, Dovecot, ISPConfig 3)

sumber: http://www.howtoforge.com/perfect-server-ubuntu-12.04-lts-apache2-bind-dovecot-ispconfig-3

Tidak bisa Login Windows 7

Kadang saat kita menggunakan windows 7 waktu  login user muncul pesan

“The User Profile Service failed the logon. User profile cannot be loaded”

Menyebabkan kita tidak bisa masuk ke windows secara normal, ada tips untuk menangani masalah tersebut :

1. Restart PC dan tekan F8 saat PC mau masuk windows, untuk masuk ke Safe Mode
2. Masuk ke registry , dari Run ketik regedit atau menggunakan software registry editor yg ada.
3. Eksplore ke HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList , tampak ada dua folder yang dengan nama berawalan S-1-5 (SID key) diikuti dengan nomor panjang..
4. Pada gambar ada dua S-1-5 (SID key) diikuti dengan nomor panjang yang sama persis (satu berakhiran .bak dan satunya tanpa .bak), lakukan seperti berikut:
   • klik kanan dan pilih rename pada folder tanpa .bak, tambahi akhiran .bk pada folder tersebut
   • Pilih folder tanpa .bak, pada panel sebelah kanan dobel klik RefCount dan ketik 0 (baca angka nol)  pada value data kemudian klik OK.
   • Seperti langkah tadi, pada folder tanpa .bak, pada panel sebelah kanan dobel klik State dan ketik 0 (baca angka nol)  pada value data  kemudian klik OK
   • Tampilan akhir adalah seperti
   • Tutup registry editor kemudian Restart Windows dan login seperti biasa.

Merubah tampilan ubuntu dengan Conky, Theme Lion, Compiz Fusion

Conky-Lua ini tersedia untuk Ubuntu,Mint,Suse,Fedora dan Debian Kali ini saya akan menggunakan theme conky-lua untuk tampilan chonky

– ok pertama install conky

1	sudo apt-get install conky-all

– selanjutnya

Download Conky-Lua disini

– setelah itu masuklah ke folder Download extract file conky yang tadi di download dengan cara click kanan extract here

setelah di ekstract hasilnya berupa folder dengan nama Conky-lua

-Masuk ke folder Conky-lua(hasil ekstract-kan tadi) d idalamnya terdapat thema conky-lua untuk berbagai distro

dalam kasus ini saya menggunakan ubuntu 12.04 maka kita ekstact thtme conky-lua untuk ubuntu .

setelah di ekstract akan menghasilkan folder Conky ubuntu-lua seperti gambar di atas

-setelah itu masuk ke folde Conky ubuntu-lua  disitu ada 3 file  clock_rings.lua,conkyrc,new-ubuntu-logo.png

-setelah itu pindahkan fike conkyrc pada folder Conky ubuntu-lua ke diterktori /home lalu ganti/rename menjadi .conkyrc ,lalu tekan ctrl+h untuk melihat file yang di hide  karena file/folder yang diawawli titik(.) akan di hide

– setelah itu buat folder .conky di direktori /home lalu copy file clock_rings.lua dan new-ubuntu-logo.png di folder Conky ubuntu-lua ke direktori .conky yang ada di /home.

– Langkah selanjutnya buka file .conkyrc(yang tadi sudah diindahkan) pada direktori /home ,menggunakan text editor anda ,cari kata-kata ini

1	~/.lua/scripts/clock_rings.lua

Ganti menjadi

1	~/.conky/clock_rings.lua

-save file tersebut .buka terminal ketik conky 

1	albar@albar-AXIOO-C14:~$ conky

maka hasilnya akan seperti berikut

Tambahan

untuk menjalankan conky secara autostart  caranya

-buka teks editor/gedit ketikkan

#!/bin/bash
sleep 5 && conky

jadi conky akan dijalankan setiap lima detik setelah login.Save dengan nama .conky_start.sh taruh file tersebut dimana saja terserah kalo saya saya letakkan di direktori /home.lalu klik kanan file .conky_start.sh properties->permission->beri tanda centang Allow executing  file as program

-lalu cari startup application pada dash home ,klik Add pada Name isi dengan Conky lalu pada Command isi dengan /home/albar/.conky_start.sh(tempat kita menaruh file .conky_start.sh)

Nah, sekarang mari kita rubah desktop Ubuntu kita menjadi tampilan Mac.

1. Install Tema, Icon dan Kursor

Untuk merubah tampilan Ubuntu menjadi Mac dengan Mac Os Lion Skin Pack 2 for Ubuntu LTS, silahkan anda buka terminal (atau tekan kombinasi tombol Ctrl+Alt+T), kemudian masukan perintah dibawah ini dengan menggunakan akun root anda :

sudo add-apt-repository ppa:noobslab/themes (menambahkan repository ppa noobslab)

sudo apt-get update (mengupdate data base repository)

sudo apt-get install mac-os-lion-cursors-v2 (untuk install tema kursor)

sudo apt-get install mac-os-lion-icons-v2 (untuk install tema icon)

sudo apt-get install mac-os-lion-theme-v2 (untuk install tema GTK)

2. Menonaktifkan Crash reports :

sudo sed -i “s/enabled=1/enabled=0/g” ‘/etc/default/apport’

 

3. Install Ubuntu Tweak atau gnome tweak :

 

sudo apt-get install gnome-tweak-tool

Lalu jalankan gnome-tweak-tool serta rubah tema Ubuntu menjadi mac os lion

Merubah tema Ubuntu dengan gnome-tweak-tool

Anda juga bisa mengunduh dan memasang Ubuntu Tweak dari sini https://launchpad.net/ubuntu-tweak/0.7.x/0.7.2/+download/ubuntu-tweak_0.7.2-1_all.deb

Lalu rubah tema Ubuntu menjadi Mac Os Lion Theme Pack versi 2 :

Merubah tema Ubuntu dengan Ubuntu Tweak

 4. Mengunduh Wallpaper Mac Os Lion

Hiasi desktop anda dengan wallpaper Mac Os Lion yang dapat diunduh dari akun dropbox saya di : https://www.dropbox.com/s/ju2z153n8lo43zq/Mac-Lion-Wallpapers.zip
Extrak dan terapkan di desktop dengan mengklik kanan desktop, lalu klik change desktop background.

5. Install Logo Apple pada Launcher

Install logo apple pada launcher dengan menggunakan perintah ini :

wget -O apple-logo.zip http://dl.dropbox.com/u/53319850/NoobsLab.com/apple-logo.zip

sudo unzip apple-logo.zip -d /usr/share/unity/5/

Mengganti Logo Apple Launcher Ubuntu

Tekan “A” jika ada pertanyaan untuk merubah / replace. Jika Anda ingin mengembalikan launcher ini menjadi logo Ubuntu, gunakan perintah berikut ini :

wget -O ubuntu-logo.zip http://dl.dropbox.com/u/53319850/NoobsLab.com/ubuntu-logo.zip

sudo unzip ubuntu-logo.zip -d /usr/share/unity/5/

6. Setting Scroll Bar

Anda cukup menjalankan Ubuntu tweak, lalu masuk ke tab Miscellaneous dan off kan pilihan Overlay Scrollbars.

7. Install Cairo Dock

Untuk membuat objek dock yang akan semakin memperindah desktop Ubuntu kita, lakukan pemasangan aplikasi cairo dock. Lakukan perintah dibawah ini pada terminal :

sudo add-apt-repository ppa:cairo-dock-team/ppa
sudo apt-get update
sudo apt-get install cairo-dock cairo-dock-plug-ins

Setelah selesai terinstall silahkan logout dan login kembali dengan menggunakan beberapa pilihan desktop berikut Cairo-Dock.

Dan setelah login, kita bisa memilih setting cairo dock menggunakan openGL untuk efek-efek yang sempurna.

Cara Compiz Extra Plugin Di Ubuntu 12.04 LTS

untuk menginstall compiz extra pada ubuntu 12.04 kalian. kalian tinggal memasukkan perintah-perintah berikut ke dalam terminal kalian.

Nb: untuk mendapatkan compiz Extra, anda perlu koneksi internet baik menggunakan wireless ataupun LAN. jika anda sudah memiliki koneksi maka buka terminal sobat dan masukkan perintah berikut

$sudo apt-get install compiz compizconfig-setting-manager compiz-fusion-plugin-extra compiz-fusion-pligins-main compiz-plugins


Cara Compiz Extra Plugin Di Ubuntu 12.04 LTS~tunggu hingga paket selesai di download…

setelah semua selesai kita download perintah berikutnya yang harus kalian masukkan adalah

$ccsm



Cara Compiz Extra Plugin Di Ubuntu 12.04 LTS~setelah anda membuka compiz manager, pada bagian effect centang plugin add   on animation dan buka plugin animation, perhatikan bagian animasi-animasi plugin dan lihat hasilnya.

Prioritas MikroTik, game, lokal dan ext proxy lagi

*) gambar diatas hanya sebagai contoh, IP yang tercantum tidak sama dengan yang akan disampaikan berikut

Bahan dasar :
– Modem ADSL Speedy Bridge Mode
– RB750 ROS 4.6
– Squid proxy yang berjalan transparant pada port 3128 + zph pada distro TSL (Trustix Secure Linux)

Sekrenario :
– PPPOE Telkom Speedy 2M down dan 512 up*
– 1M untuk jatah download semua client dengan batasan maksimal 256kbps/client
– Akses tanpa dibatasi limit untuk beberapa IP tertentu (dalam hal ini IP 192.168.2.27 dan 192.168.2.28)
– Browsing tidak dibatasi
– Aplikasi QOS pada outbound/paket yang keluar dari pppoe telkom speedy

*)berdasarkan brosur yang mereka tawarkan, syarat dan ketentuan berlaku

Manifest IP address yang digunakan :

[MODEM]
Modem IP Address = 192.168.1.1/24

[CLIENTS]
Client IP Address = 192.168.2.1-29/27

[SQUID BOX]
eth0 = 192.168.3.29/30

squid.conf dengan zph

view sourceprint?

1	http_port 3128 transparent

2	zph_mode tos

3	zph_local 0x30

4	zph_parent 0

5	zph_option 136

Saya tidak membahas proses instalasi squidnya disini, saya anggap squid sudah berjalan normal dan siap menerima rikwes.

[MIKROTIK BOX] Basic Configuration

view sourceprint?

1	/interface ethernet

2	set 0 comment="Public Interface" name=Public

3	set 1 comment="Local Interface" name=Local

4	set 2 comment="Proxy Interface" name=Proxy

view sourceprint?

1	/ip address

2	add address=192.168.2.30/27 broadcast=192.168.2.31 comment="" disabled=no \

3	interface=Local network=192.168.2.0

4	add address=192.168.3.30/30 broadcast=192.168.3.31 comment="" disabled=no \

5	interface=Proxy network=192.168.3.28

6	add address=192.168.1.2/24 broadcast=192.168.1.255 comment="" disabled=no \

7	interface=Public network=192.168.1.0

view sourceprint?

1	/interface pppoe-client

2	add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=\

3	"PPPOE Speedy" dial-on-demand=no disabled=no interface=Public max-mru=\

4	1480 max-mtu=1480 mrru=disabled name=Speedy password=****** profile=\

5	default service-name="" use-peer-dns=no user=******@telkom.net

view sourceprint?

1

/ip dns

2	set allow-remote-requests=yes cache-max-ttl=1w cache-size=4096KiB \

3	max-udp-packet-size=512 servers="125.160.4.82,203.130.196.155,203.130.196.\

4	5,222.124.204.34,202.134.0.61,8.8.4.4,8.8.8.8"

view sourceprint?

1	/ip service

2	set telnet address=0.0.0.0/0 disabled=yes port=23

3	set ftp address=0.0.0.0/0 disabled=yes port=21

4	set www address=0.0.0.0/0 disabled=yes port=80

5	set ssh address=0.0.0.0/0 disabled=yes port=22

6	set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443

7	set api address=0.0.0.0/0 disabled=yes port=8728

8	set winbox address=0.0.0.0/0 disabled=no port=8291

view sourceprint?

1	/system ntp client

2	set enabled=yes mode=unicast primary-ntp=131.107.13.100 secondary-ntp=\

3	192.43.244.18

view sourceprint?

1	/ip service

2	set telnet address=0.0.0.0/0 disabled=yes port=23

3	set ftp address=0.0.0.0/0 disabled=yes port=21

4	set www address=0.0.0.0/0 disabled=yes port=80

5	set ssh address=0.0.0.0/0 disabled=yes port=22

6	set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443

7	set api address=0.0.0.0/0 disabled=yes port=8728

8	set winbox address=0.0.0.0/0 disabled=no port=8291

view sourceprint?

1	/ip firewall address-list

2	add address=192.168.3.28/30 comment="" disabled=no list=ProxyNET

3	add address=192.168.2.0/27 comment="" disabled=no list=ApisTECH

=================end of basic configuration=================

Untuk firewall filternya saya pake home firewalling aja, yang penting aman dari dalam dan luar….

view sourceprint?

001	/ip firewall filter

002	add action=drop chain=input comment="Drop Invalid connections" \

003	connection-state=invalid disabled=no

004	add action=add-src-to-address-list address-list="port scanners" \

005	address-list-timeout=2w chain=input comment="Port scanners to list " \

006	disabled=no protocol=tcp psd=21,3s,3,1

007	add action=add-src-to-address-list address-list="port scanners" \

008	address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \

009	disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg

010	add action=add-src-to-address-list address-list="port scanners" \

011	address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no \

012	protocol=tcp tcp-flags=fin,syn

013	add action=add-src-to-address-list address-list="port scanners" \

014	address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no \

015	protocol=tcp tcp-flags=syn,rst

016	add action=add-src-to-address-list address-list="port scanners" \

017	address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=\

018	no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack

019	add action=add-src-to-address-list address-list="port scanners" \

020	address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no \

021	protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg

022	add action=add-src-to-address-list address-list="port scanners" \

023	address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no \

024	protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg

025	add action=drop chain=input comment="Dropping port scanners" disabled=no \

026	src-address-list="port scanners"

027	add action=accept chain=input comment="Allow Established connections" \

028	connection-state=established disabled=no

029	add action=accept chain=input comment="Allow Related connections" \

030	connection-state=related disabled=no

031	add action=accept chain=input comment="Allow ICMP from LOCAL Network" \

032	disabled=no protocol=icmp src-address-list=ApisTECH

033	add action=accept chain=input comment="Allow ICMP from PROXY Network" \

034	disabled=no protocol=icmp src-address-list=ProxyNET

035	add action=accept chain=input comment="Allow Input from LOCAL Network" \

036	disabled=no src-address-list=ApisTECH

037	add action=accept chain=input comment="Allow Input from PROXY Network" \

038	disabled=no src-address-list=ProxyNET

039	add action=drop chain=input comment="Drop everything else" disabled=no

040	add action=drop chain=forward comment="Drop Invalid connections" \

041	connection-state=invalid disabled=no

042	add action=jump chain=forward comment="Bad packets filtering" disabled=no \

043	jump-target=tcp protocol=tcp

044	add action=jump chain=forward comment="" disabled=no jump-target=udp \

045	protocol=udp

046	add action=jump chain=forward comment="" disabled=no jump-target=icmp \

047	protocol=icmp

048	add action=drop chain=tcp comment="deny SMTP" disabled=no dst-port=25 \

049	protocol=tcp

050	add action=drop chain=tcp comment="deny TFTP" disabled=no dst-port=69 \

051	protocol=tcp

052	add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\

053	111 protocol=tcp

054	add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\

055	135 protocol=tcp

056	add action=drop chain=tcp comment="deny NBT" disabled=no dst-port=137-139 \

057	protocol=tcp

058	add action=drop chain=tcp comment="deny cifs" disabled=no dst-port=445 \

059	protocol=tcp

060	add action=drop chain=tcp comment="deny NFS" disabled=no dst-port=2049 \

061	protocol=tcp

062	add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=\

063	12345-12346 protocol=tcp

064	add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=20034 \

065	protocol=tcp

066	add action=drop chain=tcp comment="deny BackOriffice" disabled=no dst-port=\

067	3133 protocol=tcp

068	add action=drop chain=tcp comment="deny DHCP" disabled=no dst-port=67-68 \

069	protocol=tcp

070	add action=drop chain=tcp comment="deny P2P" disabled=no p2p=all-p2p

071	add action=drop chain=udp comment="deny TFTP" disabled=no dst-port=69 \

072	protocol=udp

073	add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\

074	111 protocol=udp

075	add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\

076	135 protocol=udp

077	add action=drop chain=udp comment="deny NBT" disabled=no dst-port=137-139 \

078	protocol=udp

079	add action=drop chain=udp comment="deny NFS" disabled=no dst-port=2049 \

080	protocol=udp

081	add action=drop chain=udp comment="deny BackOriffice" disabled=no dst-port=\

082	3133 protocol=udp

083	add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \

084	icmp-options=0:0-255 limit=5,5 protocol=icmp

085	add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \

086	icmp-options=3:0 protocol=icmp

087	add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \

088	icmp-options=3:3 limit=5,5 protocol=icmp

089	add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \

090	icmp-options=3:4 limit=5,5 protocol=icmp

091	add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \

092	icmp-options=8:0-255 limit=5,5 protocol=icmp

093	add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \

094	icmp-options=11:0-255 limit=5,5 protocol=icmp

095	add action=drop chain=icmp comment="Drop other icmp packets" disabled=no

096	add action=accept chain=forward comment="Allow Established connections" \

097	connection-state=established disabled=no

098	add action=accept chain=forward comment="Allow Forward from LOCAL Network" \

099	disabled=no src-address-list=ApisTECH

100	add action=accept chain=forward comment="Allow Forward from PROXY Network" \

101	disabled=no src-address-list=ProxyNET

102	add action=drop chain=forward comment="Drop everything else" disabled=no

Untuk NAT nya sebagai berikut :

view sourceprint?

01	/ip firewall nat

02	add action=dst-nat chain=dstnat comment="TRANSPARENT DNS" disabled=no \

03	dst-port=53 in-interface=Local protocol=udp to-ports=53

04	add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \

05	in-interface=Local protocol=tcp to-ports=53

06	add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \

07	in-interface=Proxy protocol=udp to-ports=53

08	add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \

09	in-interface=Proxy protocol=tcp to-ports=53

10	add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY" disabled=no \

11	dst-address-list=!ProxyNET dst-port=80,8080,3128 in-interface=Local \

12	protocol=tcp to-addresses=192.168.3.29 to-ports=3128

13	add action=dst-nat chain=dstnat comment="PROXY NAT" disabled=no dst-address=\

14	192.168.2.30 dst-port=22,81,10000 in-interface=Local protocol=tcp \

15	to-addresses=192.168.3.29

16	add action=masquerade chain=srcnat comment="MASQUERADE MODEM" disabled=no \

17	out-interface=Public

18	add action=masquerade chain=srcnat comment="MASQUERADE PPPOE" disabled=no \

19	out-interface=Speedy

Penjelasan :
– Transparent DNS agar client tidak bisa menggunakan NS selain yang terpasang di mikrotik
– Masquerade pada modem agar modem dapat diakses dari client*
– Mengarahkan rikwes dari client tujuan port 80,8080,3128 ke squid external (TSL)
– Services yang digunakan pada TSL yaitu http (port 81), SSH (port 22) dan webmin (port 10000)

*)Ditemukan secara tidak sengaja oleh senpai cipete I-HO menurut pengakuannya sih

Untuk manglenya biar saya jelaskan satu-persatu biar ga bingung :

view sourceprint?

1	/ip firewall mangle

2	add action=mark-packet chain=forward comment="PROXY-HIT-DSCP 12" disabled=no \

3	dscp=12 new-packet-mark=proxy-hit passthrough=no

Menandai paket proxy-hit dari external proxy yang nantinya pada rule queue diberikan kebebasan tanpa proses limitasi

view sourceprint?

01	add action=change-dscp chain=postrouting comment=CRITICAL disabled=no \

02	new-dscp=1 protocol=icmp

03	add action=change-dscp chain=postrouting comment="" disabled=no dst-port=53 \

04	new-dscp=1 protocol=udp

05	add action=change-dscp chain=postrouting comment="" disabled=no dst-port=53 \

06	new-dscp=1 protocol=tcp

07	add action=mark-connection chain=postrouting comment="" disabled=no dscp=1 \

08	new-connection-mark=critical_conn passthrough=yes

09	add action=mark-packet chain=postrouting comment="" connection-mark=\

10	critical_conn disabled=no new-packet-mark=critical_pkt passthrough=no

Menandai paket ICMP dan DNS request untuk diberikan prioritas tertinggi

view sourceprint?

01	add action=mark-connection chain=prerouting comment=MARK-ALL-CONN disabled=no \

02	dst-address-list=!ApisTECH in-interface=Local new-connection-mark=\

03	all.pre_conn passthrough=yes

04	add action=mark-connection chain=forward comment="" disabled=no \

05	new-connection-mark=all.post_conn out-interface=Local passthrough=yes \

06	src-address-list=!ApisTECH

07	add action=mark-packet chain=prerouting comment="" connection-mark=\

08	all.pre_conn disabled=no new-packet-mark=all.pre_pkt passthrough=yes

09	add action=mark-packet chain=forward comment="" connection-mark=all.post_conn \

10	disabled=no new-packet-mark=all.post_pkt passthrough=yes

Menandai SEMUA paket keluar masuk dari Local interface SELAIN ke Local Address

view sourceprint?

1	add action=mark-connection chain=prerouting comment=GAMES connection-mark=\

2	all.pre_conn disabled=no dst-port=9339,843 new-connection-mark=games_conn \

3	passthrough=yes protocol=tcp

4	add action=mark-connection chain=prerouting comment="" connection-mark=\

5	all.pre_conn disabled=no dst-port=40000-40010 new-connection-mark=\

6	games_conn passthrough=yes protocol=udp

7	add action=mark-packet chain=forward comment="" connection-mark=games_conn \

8	disabled=no new-packet-mark=games_pkt passthrough=no

Menandai Paket2 GAMES untuk diberikan prioritas KEDUA

view sourceprint?

01	add action=mark-connection chain=prerouting comment=HTTP-CLIENT \

02	connection-mark=all.pre_conn disabled=no new-connection-mark=\

03	browsing_conn packet-size=0-64 passthrough=yes protocol=tcp tcp-flags=ack

04	add action=mark-connection chain=prerouting comment="" connection-mark=\

05	all.pre_conn disabled=no dst-port=80,443 new-connection-mark=\

06	browsing_conn passthrough=yes protocol=tcp

07	add action=mark-packet chain=forward comment="" connection-bytes=0-131072 \

08	connection-mark=browsing_conn disabled=no new-packet-mark=browsing_pkt \

09	passthrough=no protocol=tcp

10	add action=mark-connection chain=prerouting comment=HTTP-PROXY disabled=no \

11	dst-address-list=!ApisTECH dst-port=80,443 new-connection-mark=proxy_conn \

12	passthrough=yes protocol=tcp src-address-list=ProxyNET

13	add action=mark-packet chain=forward comment="" connection-mark=proxy_conn \

14	disabled=no new-packet-mark=proxy_pkt passthrough=no

Menandai paket untuk browsing TERMASUK http req dari external proxy dengan conn-byte=0-131072 serta paket2 protocol tcp yang berukuran kecil (packet-size=0-64 tcp-flags=ack) untuk diberikan prioritas KETIGA

view sourceprint?

1	add action=mark-connection chain=prerouting comment=REALTIME connection-mark=\

2	all.pre_conn disabled=no dst-port=22,179,110,161,8291 \

3	new-connection-mark=realtime_conn passthrough=yes protocol=tcp

4	add action=mark-connection chain=prerouting comment="" connection-mark=\

5	all.pre_conn disabled=no dst-port=123 new-connection-mark=realtime_conn \

6	passthrough=yes protocol=udp

7	add action=mark-packet chain=forward comment="" connection-mark=realtime_conn \

8	disabled=no new-packet-mark=realtime_pkt passthrough=no

Menandai paket2 REALTIME ACCESS untuk diberikan prioritas KEEMPAT

view sourceprint?

1	add action=mark-connection chain=prerouting comment=FILETRANSER \

2	connection-mark=all.pre_conn disabled=no dst-port=20,21,23 \

3	new-connection-mark=communication_conn passthrough=yes protocol=tcp

4	add action=mark-packet chain=forward comment="" connection-mark=\

5	communication_conn disabled=no new-packet-mark=communication_pkt \

6	passthrough=no

Menandai paket2 FILETRANSFER untuk diberikan prioritas KELIMA

view sourceprint?

1	add action=mark-connection chain=prerouting comment=NORMAL connection-mark=\

2	all.pre_conn disabled=no dst-address-list=!ProxyNET new-connection-mark=\

3	normal_conn passthrough=yes

4	add action=mark-packet chain=forward comment="" connection-mark=normal_conn \

5	disabled=no new-packet-mark=normal_pkt passthrough=no

Menandai semua paket yang tersisa SELAIN tujuan Proxy untuk diberikan prioritas KEENAM

view sourceprint?

1	add action=mark-packet chain=forward comment=DOWNLOAD connection-bytes=\

2	131072-4294967295 connection-mark=all.post_conn disabled=no dst-address=\

3	192.168.2.1 new-packet-mark=ApisTECH01.d_pkt passthrough=no protocol=tcp

4	add action=mark-packet chain=forward comment="" connection-bytes=\

5	131072-4294967295 connection-mark=all.post_conn disabled=no dst-address=\

6	192.168.2.2 new-packet-mark=ApisTECH02.d_pkt passthrough=no protocol=tcp

………………..dst sampe jumlah client terpenuhi semua

Menandai paket protocol tcp yang diteruskan ke client untuk memberikan batasan download pada masing-masing client dengan conn-byte=131072-4294967295

Setelah itu buat queue type nya

view sourceprint?

01	/queue type

02	add kind=pcq name=pcq_up pcq-classifier=src-address pcq-limit=200 pcq-rate=0 \

03	pcq-total-limit=8000

04	add kind=pcq name=pcq_down pcq-classifier=dst-address pcq-limit=200 pcq-rate=\

05	0 pcq-total-limit=8000

06	add kind=pfifo name=pfifo-critical pfifo-limit=10

07	add kind=pcq name=pcq_critical.up pcq-classifier=src-address,src-port \

08	pcq-limit=20 pcq-rate=0 pcq-total-limit=500

09	add kind=pcq name=pcq_critical.down pcq-classifier=dst-address,dst-port \

10	pcq-limit=20 pcq-rate=0 pcq-total-limit=500

Setelah itu menambahkan queue tree nya…..

view sourceprint?

1	/queue tree

2	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

3	max-limit=0 name="A. PROXY HIT" packet-mark=proxy-hit parent=Local \

4	priority=1 queue=default

5	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

6	max-limit=0 name="B. CRITICAL" packet-mark=critical_pkt parent=Speedy \

7	priority=1 queue=pfifo-critical

Tanpa limit dengan prioritas pertama untuk proxy hit dan critical

view sourceprint?

1	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

2	max-limit=0 name="C. INBOUND" packet-mark=all.post_pkt parent=global-out \

3	priority=8

4	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

5	max-limit=0 name="D. OUTBOUND" packet-mark=all.pre_pkt parent=Speedy \

6	priority=8

Membuat parent untuk inbound (traffic masuk ke client) dan outbound (traffic keluar dari pppoe speedy)

Untuk child INBOUND nya saya bagi menjadi beberapa prioritas seperti berikut :

view sourceprint?

01	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

02	max-limit=0 name="A. GAMES" packet-mark=games_pkt parent="C. INBOUND" \

03	priority=2 queue=pcq_critical.down

04	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

05	max-limit=0 name="B. HTTP" packet-mark=browsing_pkt parent="C. INBOUND" \

06	priority=3 queue=pcq_down

07	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \

08	max-limit=128k name="C. REALTIME" packet-mark=realtime_pkt parent=\

09	"C. INBOUND" priority=4 queue=pcq_critical.down

10	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \

11	max-limit=128k name="D. FILETRANS" packet-mark=communication_pkt parent=\

12	"C. INBOUND" priority=5 queue=pcq_down

13	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \

14	max-limit=128k name="E. NORMAL" packet-mark=normal_pkt parent=\

15	"C. INBOUND" priority=6 queue=pcq_down

Kemudian bikin parent untuk download per client nya :

view sourceprint?

1	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

2	max-limit=1024k name="F. DOWN 1M" parent="C. INBOUND" priority=8

3	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

4	max-limit=0 name="G. DOWN 2M" parent="C. INBOUND" priority=8

Disini saya buat 2 parent untuk 1M dan 2M (atau tanpa limit)
Setelah itu bikin child nya, untuk memberikan batasan download per clientnya

view sourceprint?

1	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

2	max-limit=256k name=ApisTECH01-D packet-mark=ApisTECH01.d_pkt parent=\

3	"F. DOWN 1M" priority=8 queue=pcq_down

4	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

5	max-limit=256k name=ApisTECH02-D packet-mark=ApisTECH02.d_pkt parent=\

6	"F. DOWN 1M" priority=8 queue=pcq_down

…………………..dst sampe semua paket ke masing2 client terpenuhi

Batasan download sebesar 1M untuk semua client dan maksimum 256k per client

view sourceprint?

1	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

2	max-limit=0 name=ApisTECH27-D packet-mark=ApisTECH27.d_pkt parent=\

3	"G. DOWN 2M" priority=8 queue=pcq_down

4	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

5	max-limit=0 name=ApisTECH28-D packet-mark=ApisTECH28.d_pkt parent=\

6	"G. DOWN 2M" priority=8 queue=pcq_down

Tanpa batasan download untuk IP 192.168.2.27 dan 192.168.2.28

Setelah itu bikin limit untuk uploadnya

view sourceprint?

01	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

02	max-limit=0 name="A. GAMES UP" packet-mark=games_pkt parent="D. OUTBOUND" \

03	priority=2 queue=pcq_critical.up

04	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \

05	max-limit=256k name="B. HTTP UP" packet-mark=proxy_pkt parent=\

06	"D. OUTBOUND" priority=3 queue=pcq_up

07	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32k \

08	max-limit=64k name="C. REALTIME UP" packet-mark=realtime_pkt parent=\

09	"D. OUTBOUND" priority=4 queue=pcq_critical.up

10	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \

11	max-limit=128k name="D. FILETRANS UP" packet-mark=communication_pkt \

12	parent="D. OUTBOUND" priority=5 queue=pcq_up

13	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \

14	max-limit=128k name="E. NORMAL UP" packet-mark=normal_pkt parent=\

15	"D. OUTBOUND" priority=6 queue=pcq_up

Diurutkan berdasarkan prioritas paket keluar, mulai dari games, http request, realtime connection, filetransfer dan normal request

Hasil akhir yang saya capai, masing2 client tidak terganggu oleh aktifitas download ketika mereka browsing atau maen games, baik pada saat user sedang uploadpun tidak mengganggu/memperbesar latency games…. sependek pengetahuan saya soal mikrotik setelah beberapa kali uji coba, mungkin ini setingan terbaik yang pernah saya buat.

Terimakasih kepada pihak-pihak yang telah membantu mengenalkan saya kepada mikrotik, terutama rekan-rekan warnetters KASKUS. Silahkan contoh diatas dikembangkan lagi, biar mikrotiknya ngga cmn berfungsi sokor konek, sing penting nyambung…..

Lanjut ke tutorial berikutnya kalo ada kesempatan…

sumber http://pulsaciamis.wordpress.com/2011/02/26/prioritas-mikrotik-game-lokal-dan-ext-proxy-lagi/

Membuat server video streaming dengan ostube

Anda tahu program vidoe share seperti youtube ?, Ostube salah satu software seperti youtube tersebut.
Ok…Kita sekarang membuat server video seperti youtube dengan memakai ostube dan bagaimana cara instalasinya ? ( penulis memakai ubuntu 8.10 server sebagai OSnya dan versi ostube yaitu osTube 2.6).
Sebelum melakukan installasi ostube, pastikan ubuntu sudah bertindak sebagai webserver ( cara installasi webserver seperti tulisan sebelumnya )

1. Download terlebih dahulu ostube disini

atau di sini https://drive.google.com/file/d/0B0A6zmoaBJn6UXZMQmdxalhab28/edit?usp=sharing
Saat ini file ostube penulis taruh di /home/saudi
root@nms:/home/saudi# ls
osTube_2.6_osTube_2.6_community_edt.tar.gz

2. Kita buat folder ostube di /var/www, caranya
root@nms:/home/saudi# mkdir /var/www/ostube

3. Kita copy file ostube ke folder /var/www/ostube, caranya
root@nms:/home/saudi# cp
osTube_2.6_osTube_2.6_community_edt.tar.gz /var/www/ostube/

4. Extract file ostube, caranya
root@nms:/home/saudi# cd /var/www/ostube
root@nms:/var/www/ostube# tar -xzvf
osTube_2.6_osTube_2.6_community_edt.tar.gz

5. Buka di web browser dengan alamat http://ipaddress/ostube
maka akan tampak tampilan seperti gambar dibawah

Note : Di tampilan terlihat bahwa maksimum upload adalah ‘hanya’ 10M, maka perlu dirubah, caranya yaitu
root@nms:/var/www/ostube# nano /etc/php5/apache2/php.ini
asli
; Maximum size of POST data that PHP will accept.
post_max_size = 8M
diganti menjadi
; Maximum size of POST data that PHP will accept.
post_max_size = 1000M

Sebelumnya
; Maximum allowed size for uploaded files.
upload_max_filesize = 2M

Diganti menjadi
; Maximum allowed size for uploaded files.
upload_max_filesize = 1000M

Terserah anda mau diset berapa sech

6. Buat dbase untuk ostube, caranya
buka http://ipaddress/phpmyadmin, setelah login mysqlnya maka akan ada tampilan seperti dibawah

Create dbase, username dan password spt gambar berikut

Setelah itu kita masukkan dbase yang kita buat di instalasi ostubenya, seperti gambar dibawah

Setelah di NEXT maka tampilan seperti dibawah

Dimenu akhir, ada bbrp external program yang mesti di install terlebih dahulu, mari kita lihat seperti gambar dibawah

Dengan demikian, maka harus install terlebih dahulu external program tersebut, caranya yaitu
7. Install External program yang dibutuhkan
root@nms:/var/www/ostube# apt-get install mplayer
root@nms:/var/www/ostube# apt-get install mencoder
root@nms:/var/www/ostube# apt-get install ruby
root@nms:/var/www/ostube# apt-get install flvtool2
Setelah install program-program tersebut jangan lupa refresh
maka tampilan akan berubah sebagai berikut

Setelah di NEX, maka isikan admin portal ostubenya, sebagaimana gambar dibawah

Setelah di NEXT ternyata error….harus di chmod dulu

Ok..kita masuk lagi ke console Ubuntu kita dan chmod ( sebenarnya file tersebut tidak ada, maka kita buat dulu selanjutnya di chmod )..

root@nms:/# touch /var/www/ostube/includes/config.php
root@nms:/# chmod 777 /var/www/ostube/includes/config.php

Setelah itu kita refresh halaman error tadi…:-)
Maka installasi sudah sukses, sebagaimana gambar dibawah

8. Hapus folder install
root@nms:/# rm -rf /var/www/ostube/install/
Maka setelah diakases lagi akan muncul tampilan sebagai beikut

Jangan lupa setting konfigurasi-nya, lihat menu configuration sebagaimana dibawah

9. Edit setting apache
root@nms:/var/www# cd /var/www
root@nms:/var/www# mkdir cgi-bin
root@nms:/var/www# nano /etc/apache2/sites-available/default

Ubah
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all

Menjadi
ScriptAlias /cgi-bin/ /var/www/cgi-bin/

AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all

Restart apache
root@nms:/var/www# /etc/init.d/apache2 restart
* Restarting web server apache2 … waiting [ OK ]

9. Ubah isi uu_default_config.pm
root@nms:/var/www# cd /var/www/ostube/cgi-bin/
root@nms:/var/www/ostube/cgi-bin# nano uu_default_config.pm

Dirubah menjadi
upload_dir => $ENV{‘DOCUMENT_ROOT’} . ‘/ostube/media/tmp/’,

redirect_url => ‘http://&#8217; . $ENV{‘SERVER_NAME’} . ‘/ostube/upload.php’,

path_to_upload => ‘http://&#8217;. $ENV{‘SERVER_NAME’} . ‘/ostube/uploads/’,

Selanjutnya ketik
root@nms:/var/www/ostube/cgi-bin# cp * /var/www/cgi-bin/

10. Pastikan setting Use UberUploader (requires CGI) diset YES

Ok…Sekarang kita bisa nonton UPIN DAN IPIN di local PC kita…uhuiiiiii

Finish……..dan anda punya mulitimedia website sendir

sumber: http://saudilin.wordpress.com/2010/04/03/install-ostube/

Ubuntu Server + Freeradius 2.0.x + coovachilli + Daloradius

internet —- modem ——–ubuntu server ——- switch ——- AP dan/atau LAN

Jangan lupa update dan upgrade ubuntu servernya

Edit file /etc/sysctl.conf untuk forwarding paketnya

#net.ipv4.ip_forward=1
ganti jadi:
net.ipv4.ip_forward=1

Proses installasi berpedoman pada blognya orang Thailand: http:http://manajung.blogspot.com/2010/01/daloradius-on-ubunto-910.html

1. Install Freeradius 2.x dari source

apt-get install freeradius freeradius-mysql
proses installasi akan menanyakan paket pendukung, saya yes aja :D

stop freeradiusnya

/etc/init.d/freeradius stop

jalankan dalam mode debug

freeradius -X
jika tidak ada error tekan ctrl+c untuk stop debug dan di lanjut

masukkan database ke mysql

mysql -u root -p
masukkan passwordnya: password root mysql anda
CREATE DATABASE radius;
GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'radiussecret';
FLUSH PRIVILEGES;
quit

masukkan skema contoh dari freradius

mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql
masukkan password root mysql anda
mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql
masukkan password root mysql anda

Sinkronkan freeradius dgn Databasenya

nano /etc/freeradius/sql.conf
cari baris dibawah ini jika tidak sama di ganti
server = "localhost"
login  = "radius"
password = "radiussecret"

kemudian masih dalam file ini, hapus tanda pound pada baris:
# readclient = yes
menjadi
readclient = yes

Setup freeradius server client passwordnya

nano /etc/freeradius/clients.conf
cari baris 
secret = testing123
ganti menjadi 
secret = radiussecret

Ganti autorisasi freeradius ke sql

nano /etc/freeradius/sites-available/default

pada section authorize, cari baris 
files tambahkan tanda # menjadi 
# files

cari baris 
# sql, hapus tanda commentnya menjadi
sql

cari lagi baris sql pada section accounting dan session, jika ada tanda comment (#) hilangkan
save dan exit

Tes freeradiusnya dgn memasukkan username dan password

mysql -u root -p
masukkan password root dari mysql anda
use radius;
INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('guest', 'password', 'guest')
select * from radcheck where UserName='guest';
exit

Restart freeradiusnya

/etc/init.d/freeradius restart

ketik pada console
radtest guest guest localhost 0 radiussecret

jika berhasil akan keluar result seperti ini;
rad_recv: Access-Accept packet from host localhost port 1812, id=234, length=20

==========setup freeradius selesai ==============

2. Install coovachilli

Download coova-chilli

wget http://ap.coova.org/chilli/coova-chilli_1.0.13-1_i386.deb

Install coova-chilli

dpkg -i coova-chilli_1.0.13-1_i386.deb

copy default konfigurasi chilli agar bisa di custom

cp /etc/chilli/default /etc/chilli/config

Buat folder hotspot

mkdir /var/www/hotspot
cd /var/www/hotspot
cp /etc/chilli/www/* /var/www/hotspot
mkdir /var/www/hotspot/images
cp /var/www/hotspot/coova.jpg /var/www/hotspot/images/

Buat Folder uam

mkdir /var/www/hotspot/uam
cd /var/www/hotspot/uam
wget http://ap.coova.org/uam/
wget http://ap.coova.org/js/chilli.js

Ganti host address local

sed -i 's/ap.coova.org\/js\/chilli.js/192.168.0.1\/uam\/chilli.js/g' /var/www/hotspot/uam/index.html

Edit library dari chilli untuk menggunakan ip tadi

sed -i 's/192.168.182.1/192.168.0.1/g' /etc/chilli/www/ChilliLibrary.js
sed -i 's/192.168.182.1/192.168.0.1/g' /var/www/hotspot/ChilliLibrary.js

untuk mengaktifkan coovachilli edit: START_CHILLI menjadi 1

nano /etc/default/chilli
START_CHILLI=1
CONFFILE="/etc/chilli.conf"

Edit file configurasi chilli

nano /etc/chilli/config

edit parameter (kurang lebih)seperti dibawah ini):

HS_LANIF=eth1 # Subscriber Interface for client devices
HS_NETWORK=192.168.0.0 # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.255.0 # HotSpot Network Netmask
HS_UAMLISTEN=192.168.0.1 # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990 # HotSpot Port (on subscriber network)

HS_NASID=nas01
HS_UAMSECRET=uamsecret
HS_RADIUS=127.0.0.1
HS_RADIUS2=127.0.0.1
HS_RADSECRET=radiussecret
HS_UAMALLOW=www.google.com,192.168.0.0/24

HS_UAMSERVER=192.168.0.1
HS_UAMFORMAT=http://\$HS_UAMSERVER/uam/index.php
HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html
HS_UAMSERVICE=https://192.168.0.1/cgi-bin/hotspotlogin.cgi

Edit firewall chilli

nano /etc/chilli/up.sh
tambahkan di baris paling bawah;
# may not have been populated the first time; run again
[ -e "/var/run/chilli.iptables" ] && sh /var/run/chilli.iptables 2>/dev/null
# force-add the final rule necessary to fix routing tables
iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE

===========Coovachilli selesai =====================

3. Install SSL

apt-get install libapache2-mod-auth-mysql

buat folder ssl

mkdir /etc/apache2/ssl

Install certificate

apt-get install ssl-cert

Lihat nama host untuk di masukkan nanti pada saat pembuatan certificate

hostname -f

Generate ssl-cert nya

make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

Edit hosts nya

nano /etc/hosts
127.0.0.1 localhost
192.168.0.1 ## your hostname

Enable module ssl

a2ensite ssl
/etc/init.d/apache2 force-reload

jika ada error Lakukan perintah ini

apt-get install libapache2-mod-gnutls
a2enmod ssl

Create Virtual host untuk hotspot

nano /etc/apache2/sites-available/hotspot

isinya kurang lebih seperti ini;

NameVirtualHost 192.168.0.1:443
<VirtualHost 192.168.0.1:443>
    ServerAdmin webmaster@domain.org
    DocumentRoot "/var/www/hotspot"
    ServerName "192.168.0.1"
    <Directory "/var/www/hotspot/">
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>

    Alias "/dialupadmin/" "/usr/share/freeradius-dialupadmin/htdocs/"
    <Directory "/usr/share/freeradius-dialupadmin/htdocs/">
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>

    <Directory "/var/www/hotspot/cgi-bin/">
        AllowOverride None
        Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog /var/log/apache2/hotspot-error.log

    LogLevel warn

    CustomLog /var/log/apache2/hotspot-access.log combined

    ServerSignature On
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/apache.pem
</VirtualHost>

Enable virtual hostnya

a2ensite hotspot

Edit listen portnya,seperti ini

nano /etc/apache2/ports.conf

Listen *:443
Listen *:80
#<IfModule mod_ssl.c>
#    Listen 443
#</IfModule>

Jangan lupa edit defaultnya

nano /etc/apache2/sites-available/default

NameVirtualHost *:80
<virtualhost *:80>

Create login page untuk hotspotnya

mkdir -p /var/www/hotspot/
cd /var/www/hotspot/
wget http://www.truesoft.co.th/wifi/uam.tgz
tar -xzvf uam.tgz

Reboot server, saat ini seharusnya sudah bisa dapat ip dhcp dari coovachillinya

4. Install Daloradius

Download versi terbaru dari daloRADIUS

wget http://sourceforge.net/project/daloradius//files/daloradius/daloradius-0.9-8.tar.gz

bisa juga download dari client trus di copy pake winscp

extract

tar -xzvf daloradius-0.9-8.tar.gz

copy ke directory www
cp daloradius-0.9-8 /var/www/ -R

Ganti owner dan permission

chown www-data:www-data /var/www/daloradius-0.9-8 -R
chmod 644 /var/www/daloradius-0.9-8/library/daloradius.conf.php

masukkan database daloradius ke database radius yang sudah kita setup tadi

mysql -u root -p radius < /var/www/daloradius-0.9-8/contrib/db/mysql-daloradius.sql
masukkan password root mysql anda

Sesuaikan parameter databasenya

nano /var/www/daloradius-0.9-8/library/daloradius.conf.php

Isinya di sesuaikan untuk baris berikut:

'FREERADIUS_VERSION' = '2';
'CONFIG_DB_ENGINE' = 'mysql';
'CONFIG_DB_HOST' = '127.0.0.1'
'CONFIG_DB_USER' = 'radius'
'CONFIG_DB_PASS' = 'radiussecret'
'CONFIG_DB_NAME' = 'radius'

Pastikan paket pendukung php sudah terinstall jika belum di yes aja

apt-get install php5-common php5-gd php-pear php-db libapache2-mod-php5

Silahkan di coba untuk browsing ke alamat: http://192.168.0.1/daloradius-0.9-8/login.php.
server bisa di reboot bisa juga tidak

username: Administrator
Password: radius

Tes dgn membuat user baru melalui front-end daloradius web management ex: user Rizal password chttp://opensource.telkomspeedy.com/forum/viewtopic.php?id=10812ontoh, maka akan langsung bisa login

sumber :

 

Captive Portal (Coova chilli + Yfi Manager Hotspot)

Captive Portal (Coova chilli + Yfi Manager Hotspot)
Instalasi berpedoman pada YFI Wiki

note :
Untuk mengaplikasikan Captive portal ini minimal menggunakan 2 ethernet card :
internet —- modem ——–ubuntu server ——- switch ——- AP dan/atau LAN

Tetapi pada tutorial ini saya menerapkan pada server dgn 3 ethernet card :
internet —- ADSL ——–(eth0)UBUNTU SERVER(eth2) ——- switch ——- Wired LAN
……………………………………………..(eth1)
…………………………………………………|
…………………………………………………|
…………………………………………..Access Point

Persiapan system :
1. Ubuntu 8.04 Hardy Heron dengan paket LAMP (saya terapkan tutorialnya bang Opik) thanks bang Opik
2. Putty untuk remote server dari client.
3. Webmin untuk mempermudah edit file.
Buat eth0 terkoneksi dengan modem.
Konfigurasi untuk eth1 tidak usah diisi karena nanti eth1 diberi setingan DHCP dari Coova chilli.

Berikut adalah isi dari /etc/network/interfaces saya

auto lo
iface lo inet loopback

iface eth0 inet static
address 192.168.0.2
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1 ----- ip modem

iface eth2 inet static
address 192.168.10.1
netmask 255.255.255.0
network 192.168.10.0
broadcast 192.168.10.255

Pastikan juga ]/etc/resolv.conf setting DNS dari Server nya benar, saya anjurkan install DNS local

Edit file /etc/sysctl.conf, Uncomment bagian ini agar Kernel Ubuntu dapat forwarding packet

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

Pastikan paket LAMP telah ter-install

sudo tasksel

dengan mencentang LAMP, maka semua package yang diperlukan otomatis terinstall.

Step Instalasi :
1. CakePHP
2. YFi CakePHP Application
3. YFi View Component
4. FreeRADIUS
5. Coova Chilli

1. Install CakePHP
Install juga PHP command line:

sudo apt-get install php5-cli

untuk mengubah skala file gambar, Install imagemagick.

sudo apt-get install imagemagick

Mulai versi Beta-3, Yfi Manager Hotspot sudah support multi bahasa

sudo apt-get install language-pack-id  --- bahasa Indonesia
sudo apt-get install language-pack-af 
sudo apt-get install language-pack-fr 
sudo apt-get install language-pack-ms
sudo apt-get install language-pack-nl 
sudo apt-get install language-pack-es

Download versi terbaru CakePHP di http://cakephp.org.
versi terbaru (April 2010)= cake_1.2.6
Copy, extract di direktori apache. Default ubuntu di /var/www

sudo cp cakephp-cakephp1x-1.2.6-0-gbe7ddfb.tar.gz /var/www 
cd /var/www 
sudo tar -xzvf cakephp-cakephp1x-1.2.6-0-gbe7ddfb.tar.gz

Rename direktori hasil ekstrak, agar lebih simpel (misal:cake_1.2.6)
Buat symbolic link

cd /var/www 
sudo ln -s ./cake_1.2.6 ./c2

Enable beberapa modul apache: rewrite, deflate untuk kompresi, dan headers untuk memodifikasi http header. Modul tersebut diperlukan untuk meningkatkan performance dan kecepatan web aplikasi..

sudo a2enmod rewrite
sudo a2enmod deflate
sudo a2enmod headers
sudo /etc/init.d/apache2 reload

Edit file “/etc/php5/apache2/php.ini”
Pada baris :

output_buffering = Off

ubah dengan

output_buffering = 4096

Edit file /etc/apache2/apache2.conf
Masukkan script dibawah ini:

<Directory  /var/www/c2>
    AllowOverride All
</Directory>
#-------COMPRESS CONTENT-----------
# place filter 'DEFLATE' on all outgoing content
SetOutputFilter DEFLATE
# exclude uncompressible content via file type
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|jpg|png|pdf|zip|bz2|sit|rar)$ no-gzip
#dont-vary
# Keep a log of compression ratio on each request
DeflateFilterNote Input instream
DeflateFilterNote Output outstream
DeflateFilterNote Ratio ratio
LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
CustomLog /var/log/apache2/deflate.log deflate
# Properly handle old browsers that do not support compression
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
#----------------------------------

#------ADD EXPIRY DATE-------------
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
    Header set Expires "Thu, 15 Apr 2012 20:00:00 GMT"
</FilesMatch>
#----------------------------------

#--------Remove ETags --------------------
FileETag none
#-----------------------------------------

Reload Apache

sudo /etc/init.d/apache2 reload

2. Install YFi CakePHP Application
Donwload versi terbaru YFi Cake, saya memakai versi yfi_cake-Beta-4.tar.gz
extract di direktori “/var/www/c2”.

sudo cp yfi_cake-Beta-4.tar.gz /var/www/c2 
cd /var/www/c2 
sudo tar -xzvf yfi_cake-Beta-4.tar.gz 
sudo chown -R www-data. /var/www/c2/yfi_cake/tmp 
sudo chown -R www-data. /var/www/c2/yfi_cake/webroot/img/graphics

Setting Database
Buat database ‘yfi’ dengan username dan password default ‘yfi’ (default).
Untuk settingan default gunakan perintah ini :

mysql -u root -p
create database yfi;
GRANT ALL PRIVILEGES ON yfi.* to 'yfi'@'127.0.0.1' IDENTIFIED BY 'yfi';
GRANT ALL PRIVILEGES ON yfi.* to 'yfi'@'localhost' IDENTIFIED BY 'yfi';
exit;

Catatan: Untuk keamanan anda bisa ubah username dan password, misal: “hotspot”
Jangan lupa untuk ubah File ‘/var/www/c2/yfi_cake/config/database.php’, Dibagian username dan password.
Masukkan database sample:

mysql -u root -p yfi < /var/www/c2/yfi_cake/setup/db/yfi.sql

Tes YFi CakePHP Ketik alamat server di browser:
http://127.0.0.1/c2/yfi_cake/users/
Karena saya gunakan Komputer client untuk remote server, saya ketik :
http://192.168.10.2/c2/yfi_cake/users/
Kalau yang ditampilkan adalah halaman login, berarti setting sudah benar;)

3. Install YFi Viewer Component
Download viewer component disini saya gunakan versi yfi-Beta-4.tar.gz
extract di directory default apache2 “/var/www ”

sudo cp yfi-Beta-4.tar.gz /var/www 
cd /var/www 
sudo tar -xzvf yfi-Beta-4.tar.gz

Tes Viewer Component
Masukkan alamat berikut di browser : http://127.0.0.1/yfi
Atau http://192.168.10.2/yfi  jika dari Komputer client.
Jika instalasi berhasil, akan keluar splash page dan kemudian halaman login. nice work..
Coba log in dengan salah satu user default berikut:

Role               Username         Password
Administrator        root             admin
Access Provider      ap               ap
Permanent User     dvdwalt@ri       dvdwalt@ri

4. Install FreeRADIUS Server
YFi Hotspot Manager merupakan front-end dari mysql database yang digunakan oleh FreeRADIUS. Yang dipakai adalah versi radius terbaru yaitu 2.1.8 (sip.. )

sebelum compile FreeRadius, pastikan package berikut sudah terinstall:

sudo apt-get install build-essential libmysqlclient15-dev libperl-dev libxml-simple-perl libmail-sendmail-perl

Download FreeRADIUS source code Download FreeRADIUS

tar -xzvf freeradius-server-2.1.8.tar.gz
cd freeradius-server-2.1.8
./configure | tee config_out.txt
make
sudo make install
sudo ldconfig

Lakukan tes dengan perintah berikut untuk menjalankan freeRadius dengan debug mode:

sudo /usr/local/sbin/radiusd –X

Ctrl+c untuk keluar.

Buat FreeRADIUS otomatis berjalan saat boot

sudo cp /usr/local/sbin/rc.radiusd /etc/init.d/radiusd
sudo update-rc.d radiusd start 80 2 3 4 5 . stop 20 0 1 6 .

Setup FreeRADIUS agar bisa diakses oleh YFi, ganti raddb freeradius dgn raddb YFI

sudo mv /usr/local/etc/raddb /usr/local/etc/raddb.asli
sudo cp /var/www/c2/yfi_cake/setup/radius/raddb.tar.gz /usr/local/etc/
cd /usr/local/etc/
sudo tar -xzvf raddb.tar.gz
sudo chown root.www-data /usr/local/etc/raddb/proxy.conf
sudo chmod 664 /usr/local/etc/raddb/proxy.conf
sudo chmod 644 /usr/local/etc/raddb/dictionary
sudo ldconfig

Aktifkan dan ubah dictionary chillispot
Freeradius versi terbaru, dictionary chillispot sudah ada, jadi kita tinggal tambahkan baris berikut di file /usr/local/share/freeradius/dictionary.chillispot .Untuk memasukkan attribute YFi khusus untuk voucher.
Cari baris berikut:

ATTRIBUTE       ChilliSpot-Version                      8       string
ATTRIBUTE       ChilliSpot-OriginalURL                  9       string

Masukkan data berikut dibawahnya

##YFi Specific Attributes
ATTRIBUTE       Yfi-Voucher                        40     string
ATTRIBUTE       Yfi-MAC-Reset                      41     string
ATTRIBUTE        Yfi-Data                    42     string
ATTRIBUTE        Yfi-Time                43     string

#YFi Various Counters
ATTRIBUTE       Max-Daily-Session               50      integer
ATTRIBUTE       Max-Monthly-Session             51      integer
ATTRIBUTE       Max-Weekly-Session              52      integer
ATTRIBUTE       Max-All-Session                 53      integer

ATTRIBUTE       ChilliSpot-Max-Daily-Octets               60      integer
ATTRIBUTE       ChilliSpot-Max-Monthly-Octets             61      integer
ATTRIBUTE       ChilliSpot-Max-Weekly-Octets              62      integer
ATTRIBUTE       ChilliSpot-Max-All-Octets                 63      integer

Cek file /usr/local/etc/raddb/sql.conf  dan /usr/local/etc/raddb/rlm_perl_modules/conf/setting.conf username dan password database harus sama dengan waktu kita buat database diatas.
Jalankan freeRadius dengan debug mode untuk memastikan tidak ada error.

sudo /usr/local/sbin/radiusd -X

Kalau tidak ada error, jalankan FreeRADIUS melalui startup script

sudo /etc/init.d/radiusd start

YFi menggunakan beberapa script yang harus dijalankan secara periodik. Copy Cron Script  berikut ke cron sistem.

sudo cp /var/www/c2/yfi_cake/setup/cron/yfi /etc/cron.d/

5. Install CoovaChilli
Download CoovaChilli di http://www.coova.org/Download
Versi pada saat ini CoovaChilli-1.0.14. Untuk Ubuntu bisa lewat:

 sudo wget http://ap.coova.org/chilli/coova-chilli_1.0.14-1_i386.deb

install : (CoovaChilli akan diinstall di folder “/etc/chilli”)

sudo dpkg -i coova-chilli_1.0.14-1_i386.deb

Konfigurasi CoovaChilli
copy file ” /etc/chilli/defaults ” ke “/etc/chilli/config ”

sudo cp /etc/chilli/defaults /etc/chilli/config

Ubah option di file ” /etc/chilli/config ”

#HS_WANIF=eth0 # Subscriber Interface for internet devices
HS_LANIF=eth1 # Subscriber Interface for client devices
HS_NETWORK=10.1.0.0 # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.255.0 # HotSpot Network Netmask
HS_UAMLISTEN=10.1.0.1 # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990 # HotSpot Port (on subscriber network)
#HS_DNS1=  ##tidak saya aktifkan, agar menggunakan settingan resolv.conf (harus install DNS)
#HS_DNS2= ## kalau tidak menggunakan DNS, isikan dengan ip ADSL
HS_NASID=nas01
HS_UAMSECRET=greatsecret # default
HS_RADIUS=127.0.0.1
HS_RADIUS2=127.0.0.1
HS_RADSECRET=testing123 # default
HS_NASIP=127.0.0.1 # NB!!! To explicitly set NAS-IP-Address
HS_UAMFORMAT=http://10.1.0.1/coova_json/hs_land.php
HS_UAMHOMEPAGE=http://10.1.0.1/coova_json/splash.php
HS_MODE=hotspot
HS_TYPE=chillispot
HS_WWWDIR=/etc/chilli/www
HS_WWWBIN=/etc/chilli/wwwsh
HS_PROVIDER=contoh
HS_PROVIDER_LINK=http://www.contoh.org/
HS_LOC_NAME="My HotSpot" # WISPr Location Name and used in portal

Edit file ” /etc/default/chilli ” ubah nilai ke 1

START_CHILLI=1

Start-up coova chilli

sudo /etc/init.d/chilli start

Firewall Setting
Tambahkan baris berikut di bagian akhir file  “/etc/chilli/up.sh “,

    # may not have been populated the first time; run again
    [ -e "/var/run/chilli.iptables" ] && sh /var/run/chilli.iptables 2>/dev/null
    # force-add the final rule necessary to fix routing tables
    iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE

Tambahkan coa port pada file /etc/init.d/chilli, cari pada bagian ini :

OPTS="--pidfile /usr/local/var/run/$NAME.pid"

Tambahkan –coaport 3799 untuk keperluan “Kick User off”

OPTS="--pidfile /usr/local/var/run/$NAME.pid --coaport 3799" ## Tambahkan coa port

Halaman Login
Disini saya menggunakan login page coova_json
Copy folder coova_json ke direktori apache ” /var/www ”

sudo cp -R /var/www/c2/yfi_cake/setup/coova_json /var/www

Cek di file  “/var/www/coova_json/login.php :
1. $uamsecret  harus sama dengan di file ” /etc/chilli/config “, begitu juga di file ” /var/www/coova_json/uam.php “. Defaultnya adalah ‘greatsecret’.
2. $port di “/var/www/coova_json/login.php “, jika 3660 harus diganti dengan 3990.

Silahkan restart ubuntu anda.. jangan lupa berdoa semoga lancar..
Saatnya kita test captive portal kita…

1. Tes dengan menggunakan komputer client. Setting network interface client ke dhcp, jika client mendapat ip 10.1.0.2 – dst. Berarti coova chilli berjalan normal bisa bernafas lega..
2. Coba browsing ke, misal www.google.com. Akan keluar halaman splash ( keren ga??)
3. Kemudian diarahkan ke halaman login: hs_land.php (siipp… )
4. Login dengan user dvdwalt@ri dan password dvdwalt@ri.
5. Jika akses diterima, akan nongol www.google.com

Yup, tahap instalasi Finish
Rekan2 yg sudah coba silahkan explore fitur2 dari YFI Hotspot Manager. Jangan lupa dishare yah…:) thanks

” Padukan dengan squid Transparent Proxy”
Berikut iptables yg saya gunakan untuk meredirec client HotSpot ke squid (squid satu server dengan captive portal)

iptables -A PREROUTING -t nat -i tun0 -p tcp -s 10.1.0.0/24 -d ! 10.1.0.1 --dport 80 -j REDIRECT --to 3128

Semoga bermanfaat, Thanks..:)

sumber : http://opensource.telkomspeedy.com/forum/viewtopic.php?id=8439

 

 

Passwordless root SSH Public Key Authentication on CentOS 6

It’s often useful to be able to SSH to other machines without being prompted for a password. Additionally, if you using tools such as Parallel SSH you will need to setup Public Key SSH Authentication. To set it up is relatively straight forward:

1. On the client machine (ie. the one you are SSH’ing from) you will need to create an SSH RSA key. So run the following command – ensure you don’t supply a password:

[root@node01 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
c6:66:93:16:73:0b:bf:46:46:28:7d:a5:38:a3:4d:6d root@node01
The key's randomart image is:
+--[ RSA 2048]----+
|            .    |
|       . + o     |
|      . @ E      |
|       * & .     |
|      . S =      |
|       = + .     |
|          o      |
|         .       |
|                 |
+-----------------+

This will generate the following files:

[root@node01 ~]# cd ~/.ssh
[root@node02 .ssh]# ls -l
total 8
-rw-------. 1 root root 1675 Jul 27 15:01 id_rsa
-rw-r--r--. 1 root root  406 Jul 27 15:01 id_rsa.pub
3. On the client machine tighten up file system permissions thus:
[root@node01 ~]# chmod 700 ~/.ssh
[root@node01 ~]# chmod 600 ~/.ssh/*
[root@node01 ~]# ls -ld ~/.ssh & ls -l ~/.ssh
drwx------. 2 root root 4096 Jul 27 15:01 /root/.ssh
-rw-------. 1 root root 1675 Jul 27 15:01 id_rsa
-rw-------. 1 root root  406 Jul 27 15:01 id_rsa.pub

4. Now copy the public key to the machine you want to SSH and fix permissions (you will be prompted for the root password):

[root@node01 ~]# ssh root@node02 'mkdir -p /root/.ssh'
[root@node01 ~]# scp /root/.ssh/id_rsa.pub root@node02:/root/.ssh/authorized_keys
[root@node01 ~]# ssh root@node02 'chmod  700 /root/.ssh'
[root@node01 ~]# ssh root@node02 'chmod  600 /root/.ssh/*'
You can also use the utility ssh-copy-id to do the above steps. If you don't have scp on the remote machine you will need to install it:
[root@node01 ~]# ssh root@node02 'yum install openssh-clients'

You should now be able to ssh directory from node01 to node02 without providing a password:

[root@node01 ~]# ssh node02
Last login: Wed Jul 27 15:41:56 2011 from 10.255.5.57
[root@node ~]#
sumber:http://blog.firedaemon.com/2011/07/27/passwordless-root-ssh-public-key-authentication-on-centos-6/