Saturday, December 24, 2011

Mounting Remote Directories With SSHFS


How you can mount a directory from a remote server on the local server securely using SSHFS.
SSHFS (Secure SHell FileSystem) is a filesystem that serves files/directories securely over SSH, and local users can use them just as if the were local files/directories. On the local computer, the remote share is mounted via FUSE (Filesystem in Userspace).

1. Login to the server as root:
$ sudo su

2. Installing SSHFS:

On the local system, SSHFS must be installed as follows:
$ apt-get install sshfs

3. Using SSHFS As root:

Mount the remote directory /home/backup to the local /backup directory as the local root user:

First add root to the fuse group:
$ adduser root fuse

Create the local /backup directory and make sure it's owned by root:
$ mkdir /backup
$ chown root /backup

Then mount the remote /home/backup directory to /backup:
$ sshfs -o idmap=user root@192.168.0.101:/home/backup /backup

Note: You can use a full path for the remote system, as shown above, or a relative path, like this:
$ sshfs -o idmap=user root@192.168.0.101:backup /backup

If you use a relative path, this path is relative to the remote user's home directory, so in this case it would be /root/backup. You can even leave out the remote directory, as follows:
$ sshfs -o idmap=user root@192.168.0.101: /backup

This would then translate to the remote user's home directory - /root in this case.

Note:
-o idmap=user makes that it does not matter if the local and the remote system use different user IDs - files owned by the remote user are also owned by the local user. If you don't use this, you might get permission problems.

If you connect to the remote host for the first time, you will see a warning about the authenticity of the remote host (if you have connected to the remote host before using ssh or scp, you will not see the warning). In any case, you will be asked for the root password for the remote server:

root@server1:~# sshfs -o idmap=user root@192.168.0.101:/home/backup /backup
The authenticity of host '192.168.0.101 (192.168.0.101)' can't be established.
ECDSA key fingerprint is a2:38:f3:df:7a:6c:b6:3c:d6:c3:9c:88:93:e2:f0:63.
Are you sure you want to continue connecting (yes/no)? <-- yes
root@192.168.0.101's password: <-- server2 root password 
root@server1:~#

Let's check if the remote directory got mounted to /backup:
$ mount

root@server1:~# mount
/dev/mapper/server1-root on / type ext4 (rw,errors=remount-ro)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
udev on /dev type devtmpfs (rw,mode=0755)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
none on /run/shm type tmpfs (rw,nosuid,nodev)
/dev/sda1 on /boot type ext2 (rw)
root@192.168.0.101:/home/backup on /backup type fuse.sshfs (rw,nosuid,nodev,max_read=65536)
root@server1:~#

$ df -h

root@server1:~# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/server1-root
                       29G 1015M   27G   4% /
udev                  238M  4.0K  238M   1% /dev
tmpfs                  99M  212K   99M   1% /run
none                  5.0M     0  5.0M   0% /run/lock
none                  247M     0  247M   0% /run/shm
/dev/sda1             228M   24M  193M  11% /boot
root@192.168.0.101:/home/backup
                       29G 1019M   27G   4% /backup
root@server1:~#

Looks good!

To unmount the share, run:
$ fusermount -u /backup

3.1. Creating A Private/Public Key Pair On local server
Of course, we don't want to type in a password every time we try to mount the remote share. Therefore we create a private/public key pair and transfer the public key to server2 so that we will not be asked for a password anymore.

local server:
Create a private/public key pair on server1.example.com:
$ ssh-keygen

root@server1:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): <-- ENTER
Enter passphrase (empty for no passphrase): <-- ENTER
Enter same passphrase again: <-- ENTER
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
ca:0d:df:a8:0b:18:4e:a7:f3:a2:8b:e2:81:4b:ab:f8 root@server1.example.com
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|                 |
|  o . . S        |
|.o = . = o       |
|.o= . o + .      |
|=.+o . .         |
|@*E.. o.         |
+-----------------+
root@server1:~#

It is important that you do not enter a passphrase otherwise mounting will not work without human interaction so simply hit ENTER!

Next, we copy our public key to server2.example.com:
$ ssh-copy-id -i $HOME/.ssh/id_rsa.pub root@192.168.0.101

Now check on the remote server if local server's public key has correctly been transferred:

remote server:
$ cat $HOME/.ssh/authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnz2RwCZLLqBtB1rZKyN9XVfdAdt+PSpbGeLn+vlG/5nQvCSJhkRM3vpdmHPFrcYgJGtIU4gTCg6VDox2AxzJdGsrZN6zsLCndhgbs/r7N56ucuhdKSdeM/gLocnxkdQ86EECQqq42DaXgtqz3d8Q/Z+1KxYR82p7XK5ZoQG9vovNQNx9qhxIhsYIXMAbEv61bD1e0pBP9k9c1GfrZ79iRQrV+4UhHs/+Bca1YNby4gRmKIZK4FkzOYRUWYnIKVMMteC+lNho+ZMkKioo4CR3Z02hOV7ELFapqFY+6g7sj9cpLaM9gMY3rOd4EDARU+45U9yHBPsmIlA3zh4VkdnG/ root@server1.example.com

Now back to local server, try to mount the remote share again (make sure it's unmounted before you run the command):

local server:
$ sshfs -o idmap=user root@192.168.0.101:/home/backup /backup

If all goes well, you should not be prompted for a password:

root@server1:~# sshfs -o idmap=user root@192.168.0.101:/home/backup /backup
root@server1:~#

3.2 Mounting The Remote Share Automatically At Boot Time:

local server:

If you don't want to mount the remote share manually, it is possible to have it mounted automatically when the system boots. Normally we would modify /etc/fstab to achieve this, but unfortunately the network isn't up yet when /etc/fstab is processed in the boot process, which means that the remote share cannot be mounted.

To circumvent this, we simply add our mount command to /etc/rc.local, which is the last file to be processed in the boot process, and at that time the network is up and running:

$ vi /etc/rc.local

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

/usr/bin/sshfs -o idmap=user root@192.168.0.101:/home/backup /backup
exit 0


You can test this by simply rebooting your system:
$ reboot

After the reboot, you can check with the following commands, if the remote share got mounted:
$ mount
$ df -h

4. Using SSHFS As A Regular User

local server:

I want to use the local user flaca now and mount the remote directory /home/someuser/backup, owned by someuser, to the local directory /home/flaca/backup.

Create the user flaca, if it doesn't exist:
$ adduser flaca

remote server:

On the remote server, create the user someuser, if it does not exist:
$ adduser someuser

Then become someuser...
$ su someuser

... and go to someuser's home directory where you create the backup (/home/someuser/backup) directory - make sure it's owned by someuser:
$ cd
$ mkdir ~/backup
$ chown someuser ~/backup

local server:

First add flaca to the fuse group:
$ adduser flaca fuse

Now go to the flaca account:
$ su flaca

Create the local /home/flaca/backup directory and make sure it's owned by flaca:
$ cd
$ mkdir ~/backup
$ chown flaca ~/backup

Then mount the remote /home/someuser/backup directory to /home/flaca/backup (still as user flaca) - you can either use a relative or the full path for the remote directory:
$ sshfs -o idmap=user someuser@192.168.0.101:backup ~/backup

or

$ sshfs -o idmap=user someuser@192.168.0.101:/home/someuser/backup ~/backup

From here, you can use the rest of the process as explained at the beggining (for root user).

I hope this was usefull for you!

Friday, December 23, 2011

Configuring virtual network interfaces in RedHat


In RedHat we are using the files in /etc/sysconfig/network-scripts/ to configure the network. We'll see how to configure virtual interface using these files.

The configuration of an interface would typically be using a file called /etc/sysconfig/network-scripts/ifcfg-eth1, in the case of eth1, with the following information:

DEVICE=eth1
IPADDR=10.17.128.50
NETMASK=255.255.255.0
ONBOOT=yes

In the case of a virtual interface would be very similar, you just need to add two points and a number that identifies it. For example, create the file /etc/sysconfig/network-scripts/ifcfg-eth0:0 with the following contents:

DEVICE=eth1:0
IPADDR=10.17.80.50
NETMASK=255.255.255.0
ONBOOT=yes

Then we run /etc/init.d/network restart:

# /etc/init.d/network restart

Shutting down interface eth0:                              [  OK  ]
Shutting down interface eth1:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:                                [  OK  ]
Bringing up interface eth1:                                [  OK  ]

# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:1E:C9:AB:EF:73
          inet addr:10.16.80.1  Bcast:10.12.80.255  Mask:255.255.255.0
          inet6 addr: fe80::21e:c9ff:feab:ef73/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:714 errors:0 dropped:0 overruns:0 frame:0
          TX packets:801 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:131970 (128.8 KiB)  TX bytes:119930 (117.1 KiB)
          Interrupt:169 Memory:f8000000-f8012100

eth1      Link encap:Ethernet  HWaddr 00:1E:C9:AB:EF:75
          inet addr:10.17.128.50  Bcast:10.12.128.255  Mask:255.255.255.0
          inet6 addr: fe80::21e:c9ff:feab:ef75/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:2616 (2.5 KiB)
          Interrupt:169 Memory:f4000000-f4012100

eth1:0    Link encap:Ethernet  HWaddr 00:1E:C9:AB:EF:75
          inet addr:10.17.80.50  Bcast:10.12.80.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:169 Memory:f4000000-f4012100

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:137686820 errors:0 dropped:0 overruns:0 frame:0
          TX packets:137686820 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3287570989 (3.0 GiB)  TX bytes:3287570989 (3.0 GiB)

In case you want to configure a range of IPs is very annoying to have to create a file for each IP, so if we can create correlated with a single file. Create a file called /etc/sysconfig/network-scripts/ifcfg-eth0-range0 with the following:

IPADDR_START=10.17.80.50
IPADDR_END=10.17.80.60
CLONENUM_START=0

Then restarting /etc/init.d/network we can see how it created all interfaces from IP 10.17.80.50 to 10.17.80.60 (total 10) using a single file for it.

# /etc/init.d/network restart

Shutting down interface eth0:                              [  OK  ]
Shutting down interface eth1:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:                                [  OK  ]
Bringing up interface eth1:                                [  OK  ]

# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:1E:C9:AB:EF:73
          inet addr:10.16.80.1  Bcast:10.12.80.255  Mask:255.255.255.0
          inet6 addr: fe80::21e:c9ff:feab:ef73/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:518 errors:0 dropped:0 overruns:0 frame:0
          TX packets:561 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:114796 (112.1 KiB)  TX bytes:75124 (73.3 KiB)
          Interrupt:169 Memory:f8000000-f8012100

eth1      Link encap:Ethernet  HWaddr 00:1E:C9:AB:EF:75
          inet addr:10.12.128.50  Bcast:10.12.128.255  Mask:255.255.255.0
          inet6 addr: fe80::21e:c9ff:feab:ef75/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:55 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:11100 (10.8 KiB)
          Interrupt:169 Memory:f4000000-f4012100

eth1:0    Link encap:Ethernet  HWaddr 00:1E:C9:AB:EF:75
          inet addr:10.17.80.50  Bcast:10.17.80.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:169 Memory:f4000000-f4012100

eth1:1    Link encap:Ethernet  HWaddr 00:1E:C9:AB:EF:75
          inet addr:10.17.80.51  Bcast:10.17.80.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:169 Memory:f4000000-f4012100

eth1:2    Link encap:Ethernet  HWaddr 00:1E:C9:AB:EF:75
          inet addr:10.17.80.52  Bcast:10.17.80.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:169 Memory:f4000000-f4012100

eth1:3    Link encap:Ethernet  HWaddr 00:1E:C9:AB:EF:75
          inet addr:10.17.80.53  Bcast:10.17.80.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:169 Memory:f4000000-f4012100

eth1:4    Link encap:Ethernet  HWaddr 00:1E:C9:AB:EF:75
          inet addr:10.17.80.54  Bcast:10.17.80.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:169 Memory:f4000000-f4012100

eth1:5    Link encap:Ethernet  HWaddr 00:1E:C9:AB:EF:75
          inet addr:10.17.80.55  Bcast:10.17.80.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:169 Memory:f4000000-f4012100

eth1:6    Link encap:Ethernet  HWaddr 00:1E:C9:AB:EF:75
          inet addr:10.17.80.56  Bcast:10.17.80.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:169 Memory:f4000000-f4012100

eth1:7    Link encap:Ethernet  HWaddr 00:1E:C9:AB:EF:75
          inet addr:10.17.80.57  Bcast:10.17.80.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:169 Memory:f4000000-f4012100

eth1:8    Link encap:Ethernet  HWaddr 00:1E:C9:AB:EF:75
          inet addr:10.17.80.58  Bcast:10.17.80.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:169 Memory:f4000000-f4012100

eth1:9    Link encap:Ethernet  HWaddr 00:1E:C9:AB:EF:75
          inet addr:10.17.80.59  Bcast:10.17.80.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:169 Memory:f4000000-f4012100

eth1:10   Link encap:Ethernet  HWaddr 00:1E:C9:AB:EF:75
          inet addr:10.17.80.60  Bcast:10.17.80.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:169 Memory:f4000000-f4012100

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:137755392 errors:0 dropped:0 overruns:0 frame:0
          TX packets:137755392 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3304455536 (3.0 GiB)  TX bytes:3304455536 (3.0 GiB)

We can use the parameter definitions for CLONENUM_START to combine unique range of interface definitions, we only have to be careful not to "tread" between them.

How do I remove virtual interfaces such as eth0:1 or eth1:1?

A. Use ifconfig command. It is used to remove virtual interfaces or network aliases.

Ifconfig is used to configure the kernel-resident network interfaces. It is used at boot time to set up interfaces as necessary. After that, it is usually only needed when debugging or when system tuning is needed.

Type the command to remove eth0:1:
# ifconfig eth0:1 down

/etc/sysconfig/network-scripts/ifcfg-ethX-range0 file

To remove interface permanently edit network configuration file stored at /etc/directory. For RedHat the file stored in /etc/sysconfig/network-scripts/ directory. For Debian or Ubuntu Linux just edit file /etc/network/interfaces and remove the entries. For example open file called:  /etc/sysconfig/network-scripts/ifcfg-eth1-range0

# vi /etc/sysconfig/network-scripts/ifcfg-eth0-range0

You will see network aliases configuration:

IPADDR_START=192.167.1.5
IPADDR_END=192.167.1.100
CLONENUM_START=0
NETMASK=255.255.255.0

Just comment out everything or just rename the file:
# mv /etc/sysconfig/network-scripts/ifcfg-eth0-range0 /etc/sysconfig/network-scripts/working.ifcfg-eth0-range0.backup

Note: always rename the file "ifcfg-eth0-range0" adding a word at the beggining of it. For example. 2011-12-23_ifcfg-eth0-range0 . If you don't rename like that there is a risk (when you restart the network service) that both ranges/virtual interfaces start up.

Just restart network service:
# service network restart

Friday, December 16, 2011

HOWTO list all currently running services in RedHat server?

There are different ways and tools to find and list all running services RHEL Linux systems:

service: list running services

service --status-all
service --status-all | grep ntpd
service --status-all | less

Print the status of any service:
For example, apache (httpd) service
service httpd status

List all known services (configured via SysV):
chkconfig --list

List service and their open ports:
netstat -tulpn

Turn on / off a service:
ntsysv
chkconfig service off
chkconfig service on
chkconfig httpd off
chkconfig ntpd on

For more information, please refer to the man page of each command:

service --help
Usage: service < option > | --status-all | [ service_name [ command | --full-restart ] ]

chkconfig --help
chkconfig version 1.3.30.2 - Copyright (C) 1997-2000 Red Hat, Inc.
This may be freely redistributed under the terms of the GNU Public License.

usage:   chkconfig --list [name]
         chkconfig --add <name>
         chkconfig --del <name>
         chkconfig [--level <levels>] <name> <on|off|reset|resetpriorities>

Saturday, April 30, 2011

HOWTO tar

tar: An useful command that I'm always forgetting how to use it and which flags are the correct ones :P

uncompress/extract (-x) 
# tar -xf paquete.tar

verbose (-v)  
# tar -xvf paquete.tar

compress (-c)
# tar -cvf paquete.tar kernel/

compress with bzip2  (-j)
# tar -cjvf paquete.tar.bz2 kernel/

compress with lzma (-J)
# tar -cJvf paquete.tar.lzma kernel/

compress with gzip ( -z)
# tar -czvf paquete.tar.gz kernel/

compress with lzip (--lzip)
# tar -cvf paquete.tar.lz --lzip kernel/

compress with compress  (-Z)
# tar -cZvf paquete.tar.Z kernel/

Hope this going to be useful for you.
Cheers!!!

Monday, February 14, 2011

HOWTO change timezone on Solaris 10 - x86

First of all, check your current timezone:

root@anneke $: date
Mon Feb 14 13:13:20 CST 2011
root@anneke $: grep -i tz /etc/TIMEZONE
# TZ, LANG, CMASK, or any of the LC_* environment variables.
TZ=US/Central
root@anneke $:

If you still want to change your server timezone proceed as follow:
a) Edit /etc/TIMEZONE (NOTE: the man page incorrectly states this file is called /etc/timezone)
root@anneke $: vi /etc/TIMEZONE

# Examples:
US/Eastern
US/Central
US/Mountain
US/Pacific

For the full list, look in:
# /usr/share/lib/zoneinfo/

b) Reboot the system to effect the change
# [ "xxx" = `uname -n` ] && shutdown -rf now || echo "Wrong server" # (where xxx is the name of the server)

c) Verify the changes:
# date
# grep -i tz /etc/TIMEZONE

Monday, January 31, 2011

HOWTO change hostname on Ubuntu

If you want to change the hostname of your computer to take effects instantly, you just need to run:
sudo hostname <NEW_HOSTNAME>

If you want to make the change of the hostname permanent, make sure to change occurences of your old hostname to the new hostname in both /etc/hostname and /etc/hosts or else you'll mess up your ability to use sudo.

Saturday, January 22, 2011

Install VirtualBox 4.0.2 for Linux (Debian-based Linux distributions)

First of all, add the following line according to your distribution to your /etc/apt/sources.list using vi editor:

Example: deb http://download.virtualbox.org/virtualbox/debian [debian/ubuntu distribution] contrib

In my case, I'll add the following line to /etc/apt/sources.list:
deb http://download.virtualbox.org/virtualbox/debian maverick contrib

The Oracle public key for apt-secure can be downloaded here. You can add this key with

sudo apt-key add oracle_vbox.asc

or combine downloading and registering:

wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -

The key fingerprint is

7B0F AB3A 13B9 0743 5925  D9C9 5442 2A4B 98AB 5139
Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>

(As of VirtualBox 3.2, the signing key was changed. The old Sun public key for apt-secure can be downloaded here.)

To install VirtualBox, do

sudo apt-get update
sudo apt-get install virtualbox-4.0

If you want to install a previos VB release, replace virtualbox-4.0 by

virtualbox-3.2 to install VirtualBox 3.2.12
virtualbox-3.1 to install VirtualBox 3.1.8
virtualbox-3.0 to install VirtualBox 3.0.14
virtualbox-2.2 to install VirtualBox 2.2.4
virtualbox-2.1 to install VirtualBox 2.1.4
virtualbox-2.0 to install VirtualBox 2.0.12
virtualbox to install VirtualBox 1.6.6

Note: Ubuntu/Debian users might want to install the dkms package to ensure that the VirtualBox host kernel modules (vboxdrv, vboxnetflt and vboxnetadp) are properly updated if the linux kernel version changes during the next apt-get upgrade. For Debian it is available in Lenny backports and in the normal repository for Squeeze and later. The dkms package can be installed through the Synaptic Package manager or through the following command:

sudo apt-get install dkms

What to do when experiencing The following signatures were invalid: BADSIG ... when refreshing the packages from the repository?

# sudo -s -H
# apt-get clean
# rm /var/lib/apt/lists/*
# rm /var/lib/apt/lists/partial/*
# apt-get clean
# apt-get update


User Manual: here
Technical Docs: here

Setting up SSH keys

If you manage more than one or two hosts, you likely have to type the same password too often. SSH allows you to setup a public and private keypair. Using these keys, you can connect to any host which has the public key, from any host which has the private key, typing your password only once.

The first thing you must do is generate a keypair. You should be able to do this with the command ssh-keygen -t rsa. Example:

flaca@anneke:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/flaca/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/flaca/.ssh/id_rsa.
Your public key has been saved in /home/flaca/.ssh/id_rsa.pub.
The key fingerprint is:
95:40:8e:c4:ad:5e:a2:74:6d:5e:86:71:c7:91:d7:aa flaca@flaca-laptop
The key's randomart image is:
+--[ RSA 2048]----+
|     ..oo  ..o . |
|     ..oo...+ . .|
|      .o.+o. . . |
|    . + =.o   .  |
|   . + =So   .   |
|    . . .   E    |
|                 |
|                 |
|                 |
+-----------------+
flaca@anneke:~$ 

The private key is in a file named id_rsa, the public key is named id_rsa.pub. Both files are stored in the .ssh directory, inside the user home directory, or ~/.ssh

flaca@anneke:~$ ls -l ~/.ssh/
total 12
-rw------- 1 flaca flaca 1766 2011-01-22 13:11 id_rsa
-rw-r--r-- 1 flaca flaca  410 2011-01-22 13:11 id_rsa.pub
-rw-r--r-- 1 flaca flaca  442 2011-01-22 12:48 known_hosts
flaca@anneke:~$ 

Now all we have to do is install the public key. First, we going to install it on the host which we generated the key. (Its not installed automatically, even on the host you create it on.) All we need to do, is go into the ~/.ssh/ directory and create a file called authorized_keys, with the contents of the public key, id_rsa.pub.

flaca@anneke:~$ cd ~/.ssh/
flaca@anneke:~/.ssh$ cat id_rsa.pub > authorized_keys
flaca@anneke:~/.ssh$ chmod 600 authorized_keys
flaca@anneke:~/.ssh$

As you can see below, we'll now able to use the key. It asks for a passphrase every time we login. (NOTE: The passphrase is NOT the users password. The passphrase is whatever you entered when you generated the key.) We will eliminate down the page a few paragraphs.

flaca@anneke:~/.ssh$ ssh flaca@anneke
Enter passphrase for key '/home/flaca/.ssh/id_rsa':
Last login: Sat Jan 22 13:27:26 2011 from 192.168.1.103
flaca@anneke:~$ exit
logout
Connection to www closed.

If your comfortable installing the key, skip to the next paragraph. We'll now going to install the key on a remote host.

flaca@anneke:~/.ssh$ cat id_rsa.pub | ssh 192.168.1.100 'cd .ssh; cat >> authorized_keys; chmod 600 authorized_keys'
flaca@192.168.1.100's password: 
flaca@anneke:~/.ssh$ 

Note: if the .ssh directory does not exist, you may need to add “test -d .ssh || mkdir .ssh && chmod 700 .ssh” to your command.

You can use ssh-agent to startup a process which will store your key while logged in. This allows you to type the password to a key once, at login. After this, ssh will communicate with the ssh-agent to obtain the credentials needed. Below is a manual example.

flaca@anneke:~/.ssh$ eval `ssh-agent`
Agent pid 4334
flaca@anneke:~/.ssh$ ssh-add ~/.ssh/id_rsa
Enter passphrase for /home/flaca/.ssh/id_rsa: 
Identity added: /home/flaca/.ssh/id_rsa (/home/flaca/.ssh/id_rsa)
flaca@anneke:~/.ssh$ ssh 192.168.1.100
Linux anakin 2.6.31-22-generic #71-Ubuntu SMP Thu Jan 6 22:47:22 UTC 2011 i686


To access official Ubuntu documentation, please visit:
http://help.ubuntu.com/


Last login: Sat Jan 22 13:24:17 2011 from 192.168.1.103


flaca@anakin:~$ logout
Connection to 192.168.1.100 closed.
flaca@anneke:~/.ssh$ 

A more useful method is to have it startup when you login and die when you logout. The following code can be placed in your .bash_profile to achieve this:

if [ -z "$SSH_AUTH_SOCK" ]; then
 eval `ssh-agent`
 trap "kill $SSH_AGENT_PID" 0
fi

I hope this post will be useful for you! Stay Heavy, my tuxs friends.

Sunday, January 2, 2011

Simple and powerful: rsync

rsync is a software application for Unix systems which synchronizes files and directories from one location to another while minimizing data transfer using delta encoding when appropriate. An important feature of rsync not found in most similar programs/protocols is that the mirroring takes place with only one transmission in each direction. rsync can copy or display directory contents and copy files, optionally using compression and recursion.
In daemon mode, rsync listens on the default TCP port of 873, serving files in the native rsync protocol or via a remote shell such as RSH or SSH. In the latter case, the rsync client executable must be installed on both the local and the remote host.
Released under the GNU General Public License, rsync is free software. It is widely used.

rsync was originally written as a replacement for rcp and scp. As such, it has a similar syntax to its parent programs. Like its predecessors, it still requires a source and a destination to be specified, one of which may be remote. Because of the flexibility, speed and scriptability of rsync, it has become popular with many system administrators. As a result, rsync has been ported to Windows (via Cygwin), Mac OS and GNU/Linux.

Possible uses:
rsync [OPTION] … SRC [SRC] … [USER@]HOST:DEST
rsync [OPTION] … [USER@]HOST:SRC [DEST]

One of the earliest applications of rsync was to implement mirroring or backup for multiple Unix clients to a central Unix server using rsync/ssh and standard Unix accounts.
With a scheduling utility such as cron, one can schedule automated encrypted rsync-based mirroring between multiple hosts and a central server.

Examples:
The basic usage to synchronize two folders looks like:
rsync -rtv /source_folder /destination_folder

This overwrites existing files on the destination_folder having the same name as files in source_folder. The -r option allows for recursion into subfolders. If you want to preserve newer existing files from overwriting, you can type:
rsync -rtvu /source_folder /destination_folder

or if you want to backup existing files before overwriting them:
rsync -rtvb /source_folder /destination_folder

If you want more information, please open a terminal in your system and look at the rsync's man page: man rsync

Thanks wikipedia ;)