Vvvegard!

I’ve played around with SSH to some extent, and thought I’d write down a few nifty features that I like. Kind of a little follow-up on my Key-based authentication and Accessing ArcHTTP-post. Keep in mind that you have to change things like host and user to fit your appropriate needs.

scp foo user@host:~/bar
# To copy a folder use the prefix -R foo/, like this
scp -R foo/ user@host:~/

ssh -l user host -D 8080

ssh -l user host -L 8080:localhost:80

Host foo
        User root
        HostName host
        IdentityFile ~/.ssh/otherkey
        Compression yes
        CompressionLevel 9
        KeepAlive Yes
Host bar
        User foo
        HostName host

As OS/X does not ship with ssh-copy-id, a utility to copy your public ssh-id to a remote server, you have to manually “install” it. Do the simple steps as described below, or – get it yourself from a server running OpenSSH. It’s located in /usr/bin/ssh-copy-id.

First, create the file

sudo nano /usr/bin/ssh-copy-id

Insert bash-script. Optionally you can get the script another OpenSSH installation, like Debian or Ubuntu. See “cat /usr/bin/ssh-copy-id”.

#!/bin/sh

# Shell script to install your public key on a remote machine
# Takes the remote machine name as an argument.
# Obviously, the remote machine must accept password authentication,
# or one of the other keys in your ssh-agent, for this to work.

ID_FILE="${HOME}/.ssh/id_rsa.pub"

if [ "-i" = "$1" ]; then
  shift
  # check if we have 2 parameters left, if so the first is the new ID file
  if [ -n "$2" ]; then
    if expr "$1" : ".*\.pub" > /dev/null ; then
      ID_FILE="$1"
    else
      ID_FILE="$1.pub"
    fi
    shift         # and this should leave $1 as the target name
  fi
else
  if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then
    GET_ID="$GET_ID ssh-add -L"
  fi
fi

if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then
  GET_ID="cat ${ID_FILE}"
fi

if [ -z "`eval $GET_ID`" ]; then
  echo "$0: ERROR: No identities found" >&2
  exit 1
fi

if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
  echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2
  exit 1
fi

{ eval "$GET_ID" ; } | ssh ${1%:} "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1

cat <<EOF
Now try logging into the machine, with "ssh '${1%:}'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

EOF

Then make it executable by the system.

chmod +x /usr/bin/ssh-copy-id

Boyaka! I just got my certificate from HE.net, and I’m currently certified as “Sage”, as of now the highest level of IPv6 certification. Is your home network IPv6-enabeled?

Have you ever noticed how chain letters always contain an awful amount of misspelled words? Have you ever noticed how they seem to evolve over time? Now i finally have proof that there must be some guy, agency or other Non-Biological Extraterrestrial (NBE) that oversee all chain letters and make sure that they never stay the same.

So far I’ve noticed that the changes are small and often very discrete. The following picture is from a Norwegian chain letter that was on Facebook, posted by two of my friends. So it’s safe to say that the origin of this message is from more or less the same source, yet, only a few hops later, the message has evolved. The essential meaning stays the same, but they changed one little word.

When will this madness end? How will spam filters cope? Should we be alarmed? I’ve already equipped my tinfoil hat and will continue mye search for what i believe to be NBE’s.

Exhibit 1:

We can utilize the power (.. or lack?) of mod_rewrite in Apache2 to dynamically add subdomains for all subdirectories in a certain folder. I cannot recall where i first read how to do this, but all creds goes to someone on the Internet! Also, this only works “out-of-the-box” for Debian Lenny running latest stable version of Apache2, but it should work on all systems running Apache2, with slight modification.

First we need to enable some modules:

a2enmod rewrite vhost_alias
/etc/init.d/apache2 restart

Next up we do some rewrite magic, you need to change some paths and domains to reflect your setup, personally I just use some search and replace in nano to reflect whatever domain and site I’m setting up.

<VirtualHost *:80>
ServerName eksempel.no
ServerAlias *.eksempel.no #wildcard catch all
VirtualDocumentRoot /var/www/%1
UseCanonicalName Off
IndexOptions FancyIndexing
### Use mod_rewrite to direct eksempel.no to www.eksempel.no
RewriteEngine On
RewriteCond %{HTTP_HOST} ^eksempel.no
RewriteRule (.*) http://www.%{HTTP_HOST}$1 [R=301,L]
### Logging
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog /var/log/apache2/access_log_eksempel combined
<Directory /var/www>
AllowOverride None
</Directory>
</VirtualHost>

You must also restart Apache2 for your changes to apply.

/etc/init.d/apache2 restart

I use Nagios to monitor all my servers, and Nagios has a nice feature called “parents”, basically what it does is to check parent services before reporting anything, it makes much more sense to report that the entire server is offline instead of all the services running on all the virtual machines running on that host machine. To do this we need to install and configure nrpe-server on Xen-Server.

First we need to download and configure a yum-repo (1):

wget http://download.fedora.redhat.com/pub/epel/5/$(uname -i)/epel-release-5-4.noarch.rpm
rpm -hiv epel-release*.rpm
sed -i 's/enabled=1/enabled=0/g' /etc/yum.repos.d/epel.repo

Install nrpe and nagios-plugins via yum and configure it to start on boot:

yum install --enablerepo=epel nagios-plugins nrpe
chkconfig nrpe on

Configure iptables to accept connections on 5666, the default nrpe-server port. Insert following line before the first -REJECT in /etc/sysconfig/iptables:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5666 -j ACCEPT

Restart nrpe-server and iptables:

/etc/init.d/nrpe restart
/etc/init.d/iptables restart

That’s it. Configure nrpe as you’d normally would, making sure that you’ve edited allowed_hosts to accept connections from your Nagios-server.

Refrences:
(1) http://www.cmdln.org/2010/03/04/installing-nrpe-on-xenserver/

ArcHTTP will only listen to localhost, for security purposes. But say you are in a situation where you need to configure a Areca-controller without rebooting and you have no installed browser, or even worse, you cannot install a local browser. Normally you’d only find your self in that situation running a Linux-server, and you are probably using OpenSSH to manage it. Like I did.

To access the ArcHTTP web interface you can tunnel your own connection inn via Socket 5 and configure whatever you needed (… to not mess with!) as localhost. When you are done you terminate the connection congratulate your self on a job well done.

ssh -l root host -D local_port

Rdiff-backup is a small nifty python-based incremental backup software. Rdiff is similar to rsync, but adds support for incremental and revision-based backup. This way you can keep, in this example, up to 14 days of changes. Rdiff-backup also differs (!) from rsnapshot as it only stores the changes over time of a certain file, and this saves you a lot of storage. It’s extremely usable for database-backups, as they tend to change little but grow huge.

You might have to do small adjustments to stuff like users and parent directory. In this guide i use /root/ as parent directory for most actions, and all commands should work then.

Continue reading ‘Using rdiff-backup to keep your files safe and secure!’ »

If you ever had the following error message on you Macbook’s SuperDrive,

The disc can’t be burned; it might be incompatible with this disc drive. Please try a different brand of disc, or try burning at a slower speed.

you are probably in luck. It’s does not seem to be some sort of firmware error or anything wrong with the disk you are using. It’s simply the SuperDrives laser that has gotten dusty and needs cleaning. Simple find a creditcard and a t-shirt with long threaded weaving. Use the creditcard to hold the cloth wrapped around and insert it into the SuperDrive and carefully move it back and forth whilst applying a little force downwards. The optical sensor should be on the left side, but I cleaned both sides.

Note, if you are within warranty you should not do this at home. I guess mighty Steve would void your ass back to outer space if he ever saw you doing it… For some pictures of the madness, head over to PicasaWeb.

Chrome to Phone is a quite genius little tool. Let’s say you’ve got to catch a buss but you are reading a very interesting article on the Internet? Sending the link via email or even relocating it on your phone is very time consuming, Google has solved that with Chrome To Phone. Even more interestingly you can make a route on Google Maps and then send that route to your phone, just by the click of a button.

To install Chome To Phone you need to head over to Googles project server, as this is very beta at the moment.  Download and install the plugin for your Chrome browser and then open <your favorite barcode scanner> and scan the 2d-barcode for the Android App. To be able to install this app you need to setup your phone to accept applications from unknown sources under Settings -> Applications.

The Application requires that you run the latest version of Android, Froyo. This is yet to be publicly released, but should hit you in a few weeks if you own a Nexus One. Other phones most likely must wait a few months before Android Froyo is delivered to their phones.