Tag Archives: SSH

Linux

David Murphy: Tempus fugit

Leave a comment

Nine years, one month.

That’s how long I’ve had one server running with Linode. It has been through a number of versions of Ubuntu, and been re-installed at least twice (once to switch from 32-bit to 64-bit). It has operated as a LugRadio mirror; hosted many websites, both static and dynamic; hosted my blog for many years; operated as a Jenkins server; and done more general duties as an IRC bouncer, and general dogsbody.

Why the sentimentality? I’m shutting the server down today. Not that anyone will notice of course (unless you’re paying close attention to IP addresses or SSH host keys) since it has already been replaced with a DigitalOcean droplet (still running Ubuntu of course).

Linode have done absolutely nothing wrong – in fact just the opposite. I have been regularly rewarded with extra storage/memory/bandwidth, and they have always been responsive to my few needs. So much so that I am still remaining a customer. (So far) I am only moving one server to DigitalOcean.

So why the change? A few reasons: that server now does very little besides running my IRC bouncer; I wanted to try DigitalOcean out (I have heard a lot of good things); finally, perhaps most importantly considering the first reason – the droplet is half the price of the linode. In fact if I had gone for the $5 per month droplet instead of the $10 one, I could have had four servers for the price of one!

The post Tempus fugit appeared first on David Murphy.

…read more

Source: FULL ARTICLE at Planet Ubuntu

Linux

Zotero on Nexus7 in Plasma Active

Leave a comment
snapshot2

Zotero, in a nutshell, is a pretty sophisticated literature management tool. It lets you, “… collect, organize, cite, and share your research sources.” In this post I briefly present how I got Zotero running on the Nexus7 tablet in Plasma Active.

Please note that this is a first proof of concept and that there are still many usability issues. However, this demonstrates that it is, generally, possible to run Zotero also on alternative architectures. Personally, my intention is to use Zotero this way while commuting and it should actually suffice for this purpose.

Zotero consist of two parts, a client and a server side. The client side is the user frontend. The server is used as backend for archival and synchronization. The client application is available as browser-plugin and standalone application. I got the standalone version running in PA on Nexus7.

Technically, the Zotero standalone version is a XULRunner application; the Zotero standalone client application itself does not contain any platform dependent code. So, to get Zotero running in PA on Nexus7 an armv7hl version of XULRunner is needed. Luckily, there is already a XULRunner package available in the Mer repositories.

For convenience, I branched the xulrunner version I am using plus some dependencies in a separate project on the Mer OBS. So, in order to get xulrunner and its dependencies it should be enough to add that repository and “zypper in xulrunner”.

The Zotero installation is straight forward. Firstly, a Zotero standalone archive has to be downloaded and extracted. After extracting the Zotero standalone application, one finds a xulrunner directory in there. This can be safely deleted as we are using the xulrunner from Mer. Furthermore, the “zotero” binary is useless for us as it has the wrong architecture. The remaining directory can be simply copied to the Nexus7, e.g., via SSH.

To run Zotero simply execute “xulrunner application.ini” in the directory that contains the application.ini and zotero.jar files. In my case I had to edit application.ini in order to adjust the xulrunner version. Below are some screenshots of Zotero running in PA on Nexus7 and Okular showing a paper from the Zotero database.

Note that I increased the font size via the Zotero preferences. Additionally I extracted the zotero.jar content and increased the icon sizes such that they are easier to hit on the touch screen (find . -name “*png” -exec convert {} -resize 48×48< {} ;). Also note that some drop-down menus are not shown and other drop-down menus are shown in wrong places such that clicking some entries is rather a matter of anticipation or luck but as said this approach still has many issues. Fortunately, the sync feature, at least via WebDAV, seems to work well and opening *.pdf files from the Zotero database works as well. Nonetheless, you have been warned, the user interface on Nexus7 PA, right now, has quite a number of glitches. For me, it is already great to have Zotero with it’s “full” feature set available on a tablet.

Maybe, …read more

Source: FULL ARTICLE at Planet KDE

Linux

Can't login to server with ssh

Leave a comment

By bitlord

Hello,
I’m having an issue logging into one of my SLES 11 servers. It doen’t ask for my password and will not take my key.

Code:
bitlord@SLES11
< ssh -v bitlord@calliope
Sun_SSH_1.1.4, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to calliope [X.X.X.56] port 22.
debug1: Connection established.
debug1: identity file /home/bitlord/.ssh/identity type -1
debug1: identity file /home/bitlord/.ssh/id_rsa type 1
debug1: identity file /home/bitlord/.ssh/id_dsa type -1
debug1: Logging to host: SLES
debug1: Local user: bitlord Remote user: bitlord
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
debug1: match: OpenSSH_5.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1.4
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: Peer sent proposed langtags, ctos:
debug1: Peer sent proposed langtags, stoc:
debug1: We proposed langtags, ctos: en-US
debug1: We proposed langtags, stoc: en-US
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 165/320
debug1: bits set: 1020/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'SLES' is known and matches the RSA host key.
debug1: Found key in /home/bitlord/.ssh/known_hosts:84
debug1: bits set: 1109/2048
debug1: ssh_rsa_verify: signature correct
debug1: newkeys: mode 1
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: got SSH2_MSG_SERVICE_ACCEPT
<>
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering agent key: /home/bitlord/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 149 lastkey 76f18 hint -1
Connection closed by XX.XX.XX.56
debug1: Calling cleanup 0x34d88(0x0)

Does anyone have any ideas?

…read more

Source: FULL ARTICLE at The UNIX and Linux Forums

Linux

Ayrton Araujo: Amazon AWS OpsWorks

Leave a comment

Amazon released a platform as service like appfog/heroku for be more attractive to web developers.

They are calling it by OpsWorks, supporting deployment and scale wep apps and setup load balancer layers with a few clicks. Initially the list of stack scripts is not too big, supporting only the following:

  • Load balancer 
  • HAProxy 
  • App Server 
    • Static Web Server 
    • Rails App Server 
    • PHP App Server 
    • Node.js  
  • DB 
    • MySQL 
  • Other 
    • Memcached
    • Gangila
    • Custom (Not tested. I don’t know what is it) 

    Except missing python apps and other dbs, I think this have a lot of potential.

    The cool stuff is the possibility of choose between Apache 2 or Nginx and Ubuntu 12.04 LTS instead Amazon Linux.

    The service if free, but use carefully because it automatically setup EC2 machines, load balancers and other AWS related features to make your stack run. It is also interesting because you can access your machines remotely via SSH and manage it via your AWS panel or API, as a normal EC2 machines.

    If you choose to use Ubuntu Server, you could set up juju for make your stack more powerful, but avoid conflicts with OpsWorks.

    See it in action: 

    And, of course, to test it:
    https://console.aws.amazon.com/opsworks/home?#firstrun

    What do you think about?

    From: http://blog.ayrtonaraujo.net/2013/04/amazon-aws-opsworks.html

    Linux

    Autodeploy script

    Leave a comment

    By ridham

    Hi All!

    I am managing databases on handful of servers and standardizing some of the scripts. In order to copy/deploy new version of script I have established passwordless SSH among all the servers and most importantly from my base server.

    I developed a simple script that should copy a given file to the list of the servers listed in a list – ASCII Text – file.

    Here is the script code:

    Code:
    #!/bin/ksh
    set -x
    export BKP_SCRIPT=~/scripts/common/bkp_existing.sh
    if [ $# -lt 4 ]; then
    echo ""
    echo "Usage: $0 "
    echo ""
    exit 1
    fi
    export SRC_DIR=$1
    export SRC_FILE=$2
    export TRGT_DIR=$3
    export TRGT_FILE=$4
    export TRGT_SRVR_LIST=${SRC_DIR}/deploy_trgt_srvr.list
    if [ -s ${TRGT_SRVR_LIST} -a -s ${SRC_DIR}/${SRC_FILE} ]; then
    echo "Continue..."
    else
    echo "Validate source file: ${SRC_DIR}/${SRC_FILE} as well as list file: ${TRGT_SRVR_LIST} exists"
    exit 2
    fi
    cat ${TRGT_SRVR_LIST} | while read RMT_HOST_NAME
    do
    echo ${RMT_HOST_NAME}
    scp -p ${BKP_SCRIPT} ${RMT_HOST_NAME}:${BKP_SCRIPT}
    ssh ${RMT_HOST_NAME} ${BKP_SCRIPT} ${TRGT_DIR}/${TRGT_FILE}
    scp -p ${SRC_DIR}/${SRC_FILE} ${RMT_HOST_NAME}:${TRGT_DIR}/${TRGT_FILE}
    done

    If I comment out the scp and ssh command it traverse through all the servers listed in the list file. If not then it process only first line and then stops. I used “set -x” and last line it executes is: “read RMT_HOST_NAME”

    Any insights will be most appreciated.

    …read more

    Source: FULL ARTICLE at The UNIX and Linux Forums

    Linux

    Zygmunt Krynicki: Why is command-not-found crashing?

    Leave a comment

    Background

    Many many years ago I wrote the command-not-found program. It’s still there on the CD, on the server, installed by default. I’m really proud of that. What makes the pride go away is the sea of bugs in that program.

    It does not help to say that command-not-found crashes gracefully, telling you how to report the problem. I myself feel helpless about those problems but once in a while someone wants to help out and comes asking for directions.

    I’m really really happy to help anyone contribute bug fixes, improvements or just play around with the code to understand it better. In that spirit, instead of responding privately (as command-not-found has no mailing list or anything similar) I’ve decided to write a blog post about the problem, hoping both to archive my thoughts and redirect others to it when needed and to get some attention from people that could suggest a way to fix the problem.

    So, the question is “do you know why is command-not-found crashing?”
    Yes, I do.

    Unicode decoding problems

    Consider this scenario:

    1. The program is being given some bytes, on stdin, via arguments to main() or otherwise
    2. The program wants to interpret those bytes as text, it needs to know the encoding.
    3. The program queries some locations to know what the encoding is.
    4. The program attempts to interpret the bytes according to that encoding. Something is incorrect though (corrupted bytes, incorrect encoding hints) and stuff blows up. This is the UnicodeDecodeError exception that is often happening.

    There are several separate causes of this problem. I will talk about that later.

    Locale problems

    Another group of failures is related to locale. Locale is being used for several things but most importantly, for interacting with gettext to get translated strings to be used at run-time. Locale related problems look as follows:

    1. The program uses standard library calls to initialize the locale system and the translation catalog.
    2. That operation queries some environment variables and looks at certain files and tries to load them
    3. Something is incorrect (bad settings, missing files) and stuff blows up. This is the locale.Error exception that is sometimes happening.

    So if I know why this happens, why is it not fixed: because it’s not easy. You will notice that this virtually never happens if you are using Ubuntu directly. You’d have to try to get that to happen (explicitly mis-configure your system / remove essential files). This is not interesting to fix as it affects practically nobody. It’s only interesting in the manner that the “fix” should be equally good for local and ….

    Remote users

    This is where all of the problems are coming from. This is almost always observed when logging in remotely with SSH. SSH inherits / sets certain environment variables depending on the configuration of the system people connect FROM. Some of those are SSH/pam bugs that incorrectly negotiate which variables are okay to forward. The …read more

    Source: FULL ARTICLE at Planet Ubuntu

    Linux

    SSH issue – can't get password less login to work

    Leave a comment

    By bitlord

    Hello,
    I can’t seem to get the password less login to work on one of my SLES 11 servers. My ssh agent lets me login to all my other servers, which are Solaris 10, RHEL 5, and SLES 11 servers. Some servers mount my home directory and others don’t.

    The server that I’m having an issue with doesn’t mount my home directory. I can log in with my password. My agent on a Solaris 10 server is working with the other servers. Usually if the agent is not working it will ask for my passphrase, which leads me to believe it is a configuration issue.

    I have copied my pub key over and put in authorized_keys file.

    Any ideas?

    …read more

    Source: FULL ARTICLE at The UNIX and Linux Forums

    Linux

    Distillation

    Leave a comment

    Wow, things got crazy with my two previous posts about KDE’s Git corruption troubles.

    Unfortunately, what became obvious from the comments on this blog (and, I assume, elsewhere, although I didn’t read comments on any other sites) was that the essential message was, almost universally, completely lost. I wrote the original post because KDE is an open-source project and we’ve never been about hiding issues from the community at large, so I felt it was perfectly fair to be open and honest about the troubles we had, in the hopes that it could help other projects from encountering them. Rather than take something useful away from it, most people seemed to take the Gawker approach. That’s fine, and I take no offense from people shooting the messenger when it’s clear they didn’t actually read past the headlines, but the point was to make people – especially other open-source projects – think about their own systems and their procedures. If I helped one other project avoid data loss because they reexamined their own systems, then great.

    So, I’m redirecting my previous two posts, about KDE’s Git troubles, to this post, which I’m going to keep relatively short – because I want to make sure the lessons I was trying to put out there for other open-source projects are very clear.

    Continue reading Distillation

    Linux

    Problem using scp to transfer a file

    Leave a comment

    By jyoung

    I am testing the following command to transfer a file from my server (AIX 5.2) to another server. I was able to generate the keys and sent them the public key.

    Code:
    scp -v -P 4030 /home/lawson/.ssh/jimtest.txt someuser@some.ftpsite.net:/Inbound/jimtest.txt > jimtest_out.txt 2>&1

    Based on the output from the command it looks like it is authenticating correctly, but the file is not getting sent or they tell me they are not getting it. Can you take a look at the above command and let me know if it is not correct. I am currently doing this from the command line, but will script it when I get it working. Below is output from the comman execution.

    Code:
    Executing: program /usr/local/bin/ssh host some.ftpsite.net, user someuser, command scp -v -t /Inbound/jimtest.txt
    OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.6l 04 Nov 2003
    debug1: Reading configuration data /usr/local/etc/ssh_config
    debug1: Connecting to some.ftpsite.net [0.0.0.0] port 4030.
    debug1: Connection established.
    debug1: identity file /home/lawson/.ssh/identity type -1
    debug1: identity file /home/lawson/.ssh/id_rsa type 1
    debug1: identity file /home/lawson/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version Maverick_SSHD
    debug1: no match: Maverick_SSHD
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_3.8p1
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'some.ftpsite.net' is known and matches the RSA host key.
    debug1: Found key in /home/lawson/.ssh/known_hosts:2
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    Welcome to the Gateway Interchange SSH server.
    debug1: Authentications that can continue: password,publickey,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/lawson/.ssh/identity
    debug1: Offering public key: /home/lawson/.ssh/id_rsa
    debug1: Server accepts key: pkalg ssh-rsa blen 149
    debug1: read PEM private key done: type RSA
    debug1: Authentication succeeded (publickey).
    debug1: channel 0: new [client-session]
    debug1: Entering interactive session.
    debug1: Sending command: scp -v -t /Inbound/jimtest.txt
    debug1: channel 0: free: client-session, nchannels 1
    debug1: fd 0 clearing O_NONBLOCK
    debug1: fd 1 clearing O_NONBLOCK
    debug1: fd 2 clearing O_NONBLOCK
    debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
    debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
    debug1: Exit status -1
    lost connection

    Any thoughts. I want to determine if the problem is on my side or theirs. Thank you.

    …read more
    Source: FULL ARTICLE at The UNIX and Linux Forums

    Linux

    [SOLVED] Problem using scp to transfer a file

    Leave a comment

    By jyoung

    I am testing the following command to transfer a file from my server (AIX 5.2) to another server. I was able to generate the keys and sent them the public key.

    Code:
    scp -v -P 4030 /home/lawson/.ssh/jimtest.txt someuser@some.ftpsite.net:/Inbound/jimtest.txt > jimtest_out.txt 2>&1

    Based on the output from the command it looks like it is authenticating correctly, but the file is not getting sent or they tell me they are not getting it. Can you take a look at the above command and let me know if it is not correct. I am currently doing this from the command line, but will script it when I get it working. Below is output from the comman execution.

    Code:
    Executing: program /usr/local/bin/ssh host some.ftpsite.net, user someuser, command scp -v -t /Inbound/jimtest.txt
    OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.6l 04 Nov 2003
    debug1: Reading configuration data /usr/local/etc/ssh_config
    debug1: Connecting to some.ftpsite.net [0.0.0.0] port 4030.
    debug1: Connection established.
    debug1: identity file /home/lawson/.ssh/identity type -1
    debug1: identity file /home/lawson/.ssh/id_rsa type 1
    debug1: identity file /home/lawson/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version Maverick_SSHD
    debug1: no match: Maverick_SSHD
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_3.8p1
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'some.ftpsite.net' is known and matches the RSA host key.
    debug1: Found key in /home/lawson/.ssh/known_hosts:2
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    Welcome to the Gateway Interchange SSH server.
    debug1: Authentications that can continue: password,publickey,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/lawson/.ssh/identity
    debug1: Offering public key: /home/lawson/.ssh/id_rsa
    debug1: Server accepts key: pkalg ssh-rsa blen 149
    debug1: read PEM private key done: type RSA
    debug1: Authentication succeeded (publickey).
    debug1: channel 0: new [client-session]
    debug1: Entering interactive session.
    debug1: Sending command: scp -v -t /Inbound/jimtest.txt
    debug1: channel 0: free: client-session, nchannels 1
    debug1: fd 0 clearing O_NONBLOCK
    debug1: fd 1 clearing O_NONBLOCK
    debug1: fd 2 clearing O_NONBLOCK
    debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
    debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
    debug1: Exit status -1
    lost connection

    Any thoughts. I want to determine if the problem is on my side or theirs. Thank you.

    …read more
    Source: FULL ARTICLE at The UNIX and Linux Forums

    Linux

    iptables Rules for my network

    Leave a comment

    By Vaibhav.T

    Hi Champs

    i am new in Iptables and trying to write rules for my Samba server.I did some help from internet, created one script and run from rc.local :

    #Allow loopback

    iptables -I INPUT -i lo -j ACCEPT

    # Accept packets from Trusted network

    iptables -A INPUT -s my-network/subnet -j ACCEPT

    # to allow established session to received traffic

    iptables -A INPUT -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT

    # to allow SSH on port 22 from my network

    iptables -A INPUT -i eth0 -p tcp -s my-network/subnet –dport 22 -m state –state NEW,ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -o eth0 -p tcp –sport 22 -m state –state ESTABLISHED -j ACCEPT

    # To Allow incoming traffice on default SAMBA PORTS

    iptables -A INPUT -p udp –dport 137 -j ACCEPT
    iptables -A INPUT -p udp –dport 138 -j ACCEPT
    iptables -A INPUT -p udp –dport 139 -j ACCEPT
    iptables -A INPUT -p tcp –dport 139 -j ACCEPT
    iptables -A INPUT -p tcp –dport 445 -j ACCEPT

    #Enable Logging

    iptables -A INPUT -j LOG
    iptables -A INPUT -m limit –limit 2/min -j LOG –log-prefix “Iptables packet Drop” –log-level 7

    # Drop all other Packets

    iptables -A INPUT -j DROP

    I also created one separate log file for iptables in /var/log/iptables.log and edit /etc/syslog.conf :

    *.info;kern!=warning;mail.none;news.none;authpriv.none;cron.none /var/log/message

    # Add new location

    kern.warning /var/log/iptables.log

    But my Drop packets are not showing in iptables.log file.Please let me know if i am doing wrong and let me know the correct way to write.I only want samba communication nothing else.

    Thank You

    Vaibhav

    …read more
    Source: FULL ARTICLE at The UNIX and Linux Forums

    Linux

    Configuring the SSH keys..

    Leave a comment

    By NelsonC

    I am currently working on setting up a server to scp some files over for backup purposes.

    Server 1 – Bob (Appliance)
    Server 2 – Sana (RH 5)

    Server 1 –
    1 – Generated RSA2
    2 – Collected the public key to be input on the backup server = Sana

    Server 2 –
    1 – This is were I am stuck the procedure for configuring the SSH keys varies depending on your server type, but I only have one public key, all guides I seem to come accross reference private, public, chain.. any advice?

    …read more
    Source: FULL ARTICLE at The UNIX and Linux Forums

    Linux

    SFTP user include/exclude without preventing SSH login

    Leave a comment

    By rbatte1

    I have been asked to see if we can restrict SFTP access to authorised users only. There will be business users who will log on with SSH, but they are locked into a menu. They will have write access to the production data to do their job, but we don’t want them to have access to read/write the files with SFTP or anything else for that matter.

    For plain FTP, we would use the /etc/ftpusers file and re-create it each night with all users in /etc/passwd except those in the allowed list. Not clever, but it worked.

    We’re running RHEL / Centos 6.3 and the server is running vsftp is installed for plain FTP along with openssh-server-5.3p1-81.el6_3.x86_64 The sshd_config file defines sftp as starting up /usr/libexec/openssh/sftp-server

    Any suggestions? Badly, the users home directory is a common area with the application & data below it, so I can’t just enforce the chroot jail. User SSH login is by userid/password rather than certificate. Not sure if that helps or hinders.

    Thanks, in advance,
    Robin

    …read more
    Source: FULL ARTICLE at The UNIX and Linux Forums

    Linux

    Bash script set command to a variable

    Leave a comment

    By hce

    Hi,

    Will following set up work in bash script? I’ve got errors if assigning following binary command to a variable. But on the other hand, COMMAND=”ls” works. Any explanation please? How can I assign binary command to a variable COMMAND then I can just call ${COMMAND}?

    COMMAND=”rsync”
    SSH=”ssh”

    ${COMMAND} -vaz -e “${SSH} …..

    Thank you.

    Kind regards.

    …read more
    Source: FULL ARTICLE at The UNIX and Linux Forums

    Linux

    Steven Harms: Google Pixel for Developers

    Leave a comment
    Chrome OS Desktop

    Google Pixel: The Perfect Linux Laptop?

    When I ordered the Chromebook Pixel, I was confident I would not like it. $1299 for a laptop that is only a browser? For http://rcm.amazon.com/e/cm?lt1=_blank&bc1=000000&IS2=1&bg1=FFFFFF&fc1=000000&lc1=0000FF&t=mindwarpnet-20&o=1&p=8&l=as4&m=amazon&f=ifr&ref=ss_til&asins=B007472CIK, Windows 8, better battery life, more storage, more ram etc. The following post is the story of how my perspective changed, and how I use this machine as a power user / developer.

    The Competition

    The first though most people have with the Pixel is, why not a Macbook Retina 13 refurb, or the http://www.amazon.com/gp/product/B009LL9VDG/ref=as_li_ss_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B009LL9VDG&linkCode=as2&tag=mindwarpnet-20.

    Feature Pixel Macbook Retina 13 Samsung Chromebook
    Screen 2560×1700 12.85” 2560×1600 13.3” 1366×768 11.6”
    Quality IPS IPS TN
    Touch Yes No No
    Local Storage 32GB 128GB 16GB
    Cloud Storage 1TB 5GB 100GB
    Processor i5 1.8GHz i5 2.5GHz Exynos 5 1.7GHz
    Ram 4GB 8GB 2GB
    Battery Life 5 hours 7 hours 6.3 hours
    Price $1299 $1499 $250

    What Sets the Pixel Apart?

    What the table above doesn’t account for are the qualitative features which make all of the difference. The build quality is fantastic, and the Pixel feels very tough. The Aluminum used in the Pixel feels stronger and more durable than the Macbook, and feels like it is less prone to denting. The screen is extremely bright, and even when plugged in I only use it at 70% brightness, and when on the go I turn it down to nearly minimum. Even with the brightness set so low, it is easier on the eyes and more readable than the TN panels common in most laptops.

    Chrome OS itself really gets out of your way. Out of the box I only installed the secure shell app, and I was able to do 50% of the Linux development I wanted to. No tweaking, driver downloading etc, out of the box I had a very fast browser, multi-monitor support, retina level text, music and cloud file storage.

    The next question to answer was how do I do heavier development? Chrome actually has a great remote desktop feature built in, so I was able to connect to my much more powerful Ubuntu workstation, and run Eclipse there. It worked well over my local network, although there are even better solutions if you don’t enjoy the slight latency for screen refreshes and window dragging.

    ]

    Enter Crouton

    Crouton provides a way to install Ubuntu and run it without rebooting from Chrome OS. This means if I run Crouton and simply press CTRL-ALT-Refresh I am instantly in my XFCE full Ubuntu 12.04.2 environment, and I can run any X86 programs I desire. I was able to use SSH XForwarding to also connect to my desktop, and it was also fast and fluid. I was able to load vim, git, gcc etc, however I actually like just using regular Chrome OS and a SSH session where possible, so I can switch between locations with ease. https://github.com/dnschneid/crouton.

    Battery Life

    Most reviews highlight that battery life is less than four hours, but skip over how low you can set the brightness on this laptop. 60% brightness on the Pixel is brighter than a lot of laptops at 100%, and the screen is extremely clear and readible. I was able to get 6 hours of battery life without issue, …read more
    Source: FULL ARTICLE at Planet Ubuntu

    Linux

    SSH on a Shell Script

    Leave a comment

    By mathbalaji

    Hello,

    I’m sure you’d have received a lot of questions like this, but I couldn’t find anything relevant to my problem in the first search. Sorry in advance if this is a repeated question.

    I’m trying to do an SSH inside a shell script and expect the shell script to connect to a remote server (for deleting a few files and another script for reboot). I have the following challenges:

    1. I know the username/password for the remote server, but I cannot pass it via terminal.
    2. I’ve done the RSA authentication in the past, but the server where I’m writing the script doesn’t have RSA authentication enabled (in the

    Code:
    /etc/ssh/sshd_config

    file). So, creating the

    Code:
    ssh-keygen

    and pasting the public key inside authorized_keys doesn’t work for me.
    3. I don’t have

    Code:
    spawn

    or

    Code:
    sshpass

    command in the server. When I try these commands, the terminal says unknown command.

    I guess there’s no way I can write the script here! Let me know if you think otherwise!

    OS: GNU Linux

    PS: This is my first question here!

    Thanks,
    B.

    …read more
    Source: FULL ARTICLE at The UNIX and Linux Forums

    Linux

    Steven Harms: Google's Nexus 10 vs Microsoft's Surface Pro

    Leave a comment
    Microsoft Surface Pro vs Nexus 10

    Microsoft Surface Pro vs Samsung Nexus 10

    Microsoft’s Surface Pro is the company’s most recent attempt to revolutionize the way we see the personal computer, merging the traditional desktop with tablets in a single interface. Google’s Nexus 10 comes with Android, which is purpose built for smart phones and tablets.

    While comparing these two devices, I didn’t expect to enjoy the Nexus 10 as much as I did. On paper having a full core i5 processor in a tablet form was exactly what I was looking for. I don’t have many qualms with the Windows 8 interface, and think it is a decent step forward. However, when using the Surface Pro’s 10.6” screen, I found myself really enjoying the Windows 8 applications, while staying away from the desktop applications and using my laptop for those instead. The problem is that if I don’t actually run desktop applications on it, there isn’t much purpose over the whole line of Atom based Z2760 tablets that still breeze through the Windows 8 applications with ease and double the battery life.

    Category Winner
    Display Nexus
    Processor Surface
    Ecosystem Nexus
    Legacy Ecosystem Surface
    Weight Nexus
    Battery Life Nexus
    Open Source Nexus
    Storage Tie – Surface requires more space, but comes with more

    The Nexus 10 lasts 3-4 hours longer than the Surface, while having a crisper display, and having more marquee applications available (obviously tablet applications, not legacy). ConnectBot for SSH is fantastic (I used it to generate this blog), and I found the Chrome browser very responsive. To Microsoft’s credit, IE 10 is great too, but from an interface perspective it is definitely first release material (for instance: how do you find your current downloads?). In addition, the Android notification framework works very well, while Microsoft’s live tiles look slicker, but functionally are less useful.

    I found that when using Windows 8 and Android applications, the speed of both systems was generally equal. From a gaming perspective, the i5 and HD4000 of the Surface Pro provides a huge advantage over the Nexus 10, but if I am going to play PC games, I will just do it on my regular desktop and not a 10.6” screen (and now on Ubuntu with Steam).

    I think Microsoft did a fantastic job designing Windows 8 and the Surface, but even if they were closer in price (Nexus 10 was $499 while the Surface Pro was $999), I would purchase the Nexus 10 over the Surface. It is lighter, open source, higher resolution, longer battery life, and with the Logitech Keyboard even a better typing experience.

    …read more
    Source: FULL ARTICLE at Planet Ubuntu