Difference between revisions of "Linux hints"

From Klaus' wiki
Jump to: navigation, search
(Speed up the SSH login)
(Speed up the SSH login)
 
(One intermediate revision by the same user not shown)
Line 257: Line 257:
  
 
On the server side in the '''/etc/ssh/sshd_config''' file add '''''UseDNS no''''' to the end of the file. Restart the sshd service and the login should be swift here after.
 
On the server side in the '''/etc/ssh/sshd_config''' file add '''''UseDNS no''''' to the end of the file. Restart the sshd service and the login should be swift here after.
 +
<source lang=bash>
 +
]$ systemctl restart sshd.service
 +
</source>
  
 
== NX hint collection==
 
== NX hint collection==

Latest revision as of 11:02, 13 October 2017

See also Centos and Fedora

Assorted hints, that makes the life easier in the daily life with Linux. Most of the hints are noted here in order to remember the exact syntax of the construct.

Using ssh and friends extensively

SSH is one of the most versatile commands in the *nix environment.

In the text below please remember that

user@host

user is a login you have access to (typical your own user name or maybe in rare situations root) on host.

If you have not dropped your public ssh key file on the remote host you will be prompted for at valid password.

host

can be specified as a host name, which is known in the DNS or an IP address.

Copy your credentials to a remote host

By coping your credentials to a remote host you don't have to enter a password every time you login.

First if you have not previously generated a private-public key pair you'll have to do so, but first check that you have not done this previously:

 
]$ ls -la ~/.ssh

if you don't see a id_rsa and a id_rsa.pub file go ahead with this command:

 
]$ ssh-keygen

just hit enter on all prompts.

Now you're ready to use ssh-copy-id. ssh-copy-id has this format:

 
Usage: /usr/bin/ssh-copy-id [-i [identity_file]] [user@]machine

Typically you'll enter:

 
]$ ssh-copy-id -i ~/.ssh/id_rsa.pub <my username>@<remote hostname or IP>

Test that you can create a ssh connection without loggin in.

I believe that Putty also have or can generate a private-public key pair giving the same convenience. It can be copied the manual way.

The manual way

First copy the local id_rsa.pub file to the remote host using scp as described below.

Then add the file to the ~/.ssh/authorized_keys file by issuing this command:

 
]$ cat <your id_rsa.pub file from where you have placed it> >> ~/.ssh/authorized_keys

Note the >> which means add to the file if it exists or create it if it don't.

Windows

Log on the the remote host.

If the ~/.ssh directory does not exists issue:

$ mkdir ~/.ssh
$ chmod 700 ~/.ssh

Open the Networking sharing center by right clikcing on the network icon in the system tray. In the Networking sharing centre find the computers name as shown in the picture below.

Computername.jpg

In this case the computername is kenneth_n_m.hih.dk

In Windows open a cmd window and navigate to the directory where you saved the public key.

Open the public key file in for example Notepad++.

Remove the two first lines starting with "--- BEGIN"... and insert instead "ssh-rsa " (ssh-rsa and a space)

Remove the last line starting with "--- END"...

Join the remaining lines into one very long line.

At the end just after the "==" add a space and the identification as seen from the remote host. e.g. == E12Kenneth@kenneth_n_m.hih.dk

Ensure that all the above is in only one line starting with "ssh-rsa very-long-cryptorubbish== E12Kenneth@kenneth_n_m.hih.dk".

Save the file.

> pscp <public.key filename> <username-at-remote>@bren.hih.au.dk:/home/<username-at-remote>/.ssh/windows-public.key

Log on to the remote host.

Issue this command:

$ cat ~/.ssh/windows-public.key >> ~/.ssh/authorized_keys
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys

Create a file remotely

If you need to let output from one command locally be the input to a file on a remote system issue this command:

<local command>|ssh <remote username>@<remote host> "cat > <remotefilename>"

an example:

]$ xmodmap -pke|ssh -p 2222 klausk@bren.hih.au.dk "cat > .Xmodmap"

the output (on stdout) will be sent to bren using klausk's login and send the result into the file .Xmodmap

Comparing two files

In general comparing two files can be done like this:

diff <firstfile> <secondfile>

or using vim

vim -d <firstfile> <secondfile>

To compare two files of which one resides on another system issue this command:

vim -d <firstfile> scp://<remote-system>//<path-to-file>/<secondfile>

To compare two files both resident on different systems issue this command:

vim -d scp://<first-remote-system>//<path-to-file>/<firstfile> scp://<second_remote-system>//<path-to-file>/<secondfile>

where <remote-system> is either the IP address or its hostname including domain as in bren.hih.au.dk - if using a different username than the one you're logged in with on current system use <username>@<remote-system>

Using SSH to get around

Thanx to this page it is easy to collect useful examples of extensive usage of ssh.

Here are examples of copying from local to remote and the other way around.

PUSH:

tar cvf - . | gzip -c -1 | ssh user@host cat ">" remotefile.gz
ssh target_address cat <localfile ">" remotefile
ssh target_address cat <localfile - ">" remotefile
cat localfile | ssh target_address cat ">" remotefile
cat localfile | ssh target_address cat - ">" remotefile
dd if=localfile | ssh target_address dd of=remotefile
ssh target_address cat <localfile "|" dd of=remotefile
ssh target_address cat - <localfile "|" dd of=remotefile
( cd SOURCEDIR && tar cf - . ) | ssh target_address "(cd DESTDIR && tar xvpf - )"
( cd SOURCEDIR && tar cvf - . ) | ssh target_address "(cd DESTDIR && cat - > remotefile.tar )"
( cd SOURCEDIR && tar czvf - . ) | ssh target_address "(cd DESTDIR && cat - > remotefile.tgz )"
( cd SOURCEDIR && tar cvf - . | gzip -1 -) | ssh target_address "(cd DESTDIR && cat - > remotefile.tgz )"
ssh target_address "( nc -l -p 9210 > remotefile & )" && cat source-file | gzip -1 - | nc target_address 9210
cat localfile | gzip -1 - | ssh target_address cat ">" remotefile.gz

PULL:

ssh target_address cat remotefile > localfile
ssh target_address dd if=remotefile | dd of=localfile
ssh target_address cat "<" remotefile >localfile
ssh target_address cat "<" remotefile.gz | gunzip >localfile

COMPARE:

###This one uses CPU cycles on the remote server to compare the files:
ssh target_address cat remotefile | diff - localfile
cat localfile | ssh target_address diff - remotefile
###This one uses CPU cycles on the local server to compare the files:
ssh target_address cat <localfile "|" diff - remotefile

Push: Push local file to remote server.

Pull: Pull remote file from remote server to local machine.

Tunnelling through SSH

On Reverse ssh tunneling there is a fine description of how to ssh from a host behind a firewall.

Login to a virtual host from home

You want to log into your development host, but from home. It is possible using bren as a jump-stone. Issue a command like this, where you have modified addresses etc to suit your needs:

ssh -A -t <user>@<hostname> ssh -A  <user on virtual>@<ip of virtual host>

The -A instructs ssh to run an ssh-agent in the background serving keys. The -t instructs ssh to force a pseudo-tty to be allocated.

Ensure that you can login without entering passwords distribute your public key using ssh-copy-id.

See also this page and this page for further info about multihop and other advanced ssh connections.

Direct login to your virtual dev-host

This is the setup:

+---------+     §       +------------------+
|         |     §       |     bren         |
|         |     §       |   +----------+   |
| Home PC |-----§-------§-+ |          |   |
|         |     §       | | | virtual  |   |
|         |     §       | +-| dev-host |   |
|         |     §       |   |          |   |
+---------+     §       |   +----------+   |
                §       |                  |
                §       +------------------+
 § = network boundaries (firewalls and the Internet)

and you'd like to login in just a few keystrokes. Is that possible? Yes!

You can login in one command. Follow these instructions to set-up up your Linux. If you're running Apple (which is FreeBSD down below) it is probably something alike, but there may be differences. Windows user: Installing the full Cygwin should enable you to prepare at set-up alike.

Create/edit the file ~/.ssh/config and insert this

Host bren
   HostName bren.hih.au.dk
 
Host my-devhost
   ProxyCommand ssh -q <user>@bren nc 10.1.18.nnn 22

The first two lines specifies that you want to reach the host bren at bren.hih.au.dk (because this is not a public address you'll need to have it define locally in your /etc/hosts or in your local DNS. Alternatively you can replace the URL with the IP address directly.

The next two lines tells us, that when accessing my-devhost, we shall use ssh to connect to bren and as user <user>, next the nc command is used to jump to the dev-host at the 10.1.18.nnn address on port 22 (replace nnn with your specific number).

In this particular case I login in on my home PC as klaus not klausk, so when establishing a connection to my-devhost I issue

$ ssh klausk@my-devhost

which will bring me directly to the devhost using bren as a jump stone.

You can use the ssh-copy-id to send your ssh keys directly to the devhost and thereby login without being prompted for your password.

sshfs - a user mounted remote file system

Please see the Sshfs page.

Speed up the SSH login

On the server side in the /etc/ssh/sshd_config file add UseDNS no to the end of the file. Restart the sshd service and the login should be swift here after.

]$ systemctl restart sshd.service

NX hint collection

NX is a wonderful envention, but it comes with some quirks. I've collected my experiences here.

After an upgrade

After updating the free-nx server it might be necessary to run, as root:

nxsetup --install

to reinstall the configuration.

After upgrading ssh

Sometimes an update of ssh makes the configuration unstable. Try this:

nxsetup --install  --setup-nomachine-key

which should bring the ssh-keys back in working order.

Keyboard issues

If the keyboard doesn't work correctly (typically the arrow, pagup/dwn, etc keys) execute this in a NX session console:

setxkbmap -model evdev -layout us

change us with your keyboard layout. i.e. dk for Danish.

You can add this to be executed every time you log in by placing it in your ~/.bashrc file.

Example:

# .bashrc                                                                                                               
 
# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi
 
# User specific aliases and functions
PS1="\[\e[33m\]"$PS1"\[\e[m\] "
 
alias ps='/bin/ps -ef'
alias vi='vim'
alias lt='ls -larth'
alias ll='ls -lah'
 
PATH=${PATH}:./
 
if [ "$DISPLAY" != "" ] ; then
# Call X clients 
#Set up the keyboard
  setxkbmap -model evdev -layout dk
fi

See also here for further info about the prompt.

Session closes

If you encounter that you can login, but the session is immediately closed issue this on the remote server:

$ /sbin/restorecon -v -v /home/<your home dir>/.Xauthority

Slow NX on Windows

From nomacinhe.com I've picked up this advice:

NX can be slow in drawing some elements of KDE desktop
This problem has been verified with NX Client installed on a Windows 7 64-bit connected to an NX session running a KDE desktop version 3.

This desktop environment shows a tool-tip box which appears gradually and then disappears completely when the pointer moves over the elemnts on the task bar.

The drawing of such tool-tips appears slow. While drawing progresses, the NXWin process on the Windows host takes a lot of CPU time (50% on a dual core CPU).

This problem doesn't occur if DirectDraw engine is disabled in NX Client settings. To do it:

   Press "Configure"
   Chose tab "Advanced"
   Check the box "Disable DirectDraw for screen rendering".

This problem has never seen on 32-bit Windows versions.

Restore Session with Nomachines Client version 4.x

When using Nomachines client, which is after my opinion the best, version 4 against the FreeNX server version 3.x there seems to be problems with reconnection to a previous closed session. This can be overcome by editing the /etc/nxserver/node.conf enabling auto reconnect.

Remove the # and change the "0" to "1" in the line containing

ENABLE_AUTORECONNECT="1"

Howto downgrade a yum-installed package

Lookup the exact version number - maybe in /var/log/yum.log*

Login as root or sudo: (here nx-3.4.0-4.el5.centos.i386 is downgraded to nx-3.3.0-14.el5.centos.i386)

yum downgrade nx-3.3.0-14.el5.centos.i386

To prevent automatic upgrade when yum in run by cron add this to the yum.conf in /etc:

exclude=nx*

Scan a network for occupied addresses

Use nmap.

To scan the 255 addresses for activity in the network 10.1.18.0 use this command.

$ nmap -sP 10.1.18.0/24

Sendmail

In order to let sendmail forward root messages to a human receiver edit the /etc/aliases file and add something like this at the end (only root can do):

root:           name@domain.org

where name@domain.org shall be changed to an appropriate mail address.

Finally run

newaliases
service sendmail restart

to reflect the changes.