How To Upgrade Debian 8,9,10 to Debian 12 Bookworm
Step 1.) Upgrade to Debian 11 first
The process to go to Debian 12 is not as smooth as 11, when trying to upgrade from Debian 10. In fact, it doesn't work directly, so you'll first need to follow this guide to update to Debian 11, reboot and come back here if successful.
Step 2.) Update sources.list
Update your /etc/apt/sources.list like this:
deb http://........
How to use the FTDI USB serial cable to RJ45 adapter to connect to the console on Cisco/Juniper Switch Router Firewall in Linux Ubuntu Debian Redhat
This should work for most console ports of other manufacturers too. It is a quick and simple method for emegencies or deploying a few appliances/devices in a non-standard environment or small environment.
However, if this is a route thing, or the equipment is not physically close to you, it would be best to use some sort of "Terminal" server which is an IP connected switch with several serial ports built-in for this purpose. Normally they accessible by web/........
Linux how to keep command line bash process running if you are disconnected or need to logout of SSH remotely
So you started a process or other important task that is remote but it is in the foreground and on a pts. This means if you background with Ctrl + Z or otherwise logout or get disconnected that the process will be stopped.
Here is how you can solve the problem:
1.) Hit Ctrl + Z to suspend the process.
2.) Type bg to restore the process into the background. If you do a ps aux on the process you will see it was restored with the & at the end, which puts........
How To Add Multiple SSH Keys Ubuntu Mint Linux Debian Redhat
By default if you create a private key for SSH, it will create something like .ssh/id_rsa
Linux will always search for and offer this key when connecting to servers.
If you put extra keys in your .ssh directory like id_rsa_realtechtalk.com, they will be ignored by default and NOT used or offered (you can verify this with ssh -v) and see it is not being offered.
Here is how you add the extra SSH keys so they are all offered:
#this gives........
ssh Too many authentication failures not prompting for password
If you get this error when trying to SSHto a device or machine and you never even got a password prompt:
Too many authentication failures
This means that either the remote side is configured for key auth only, OR your client side may be attempting to auth using mulitple keys, and that exceeds the amount of attempted authorizations on the remote ssh server.
If the issue is trying to auth too many times which ssh defaults to sending the keys to, you ca........
How To Startup and Open Remote/Local Folder/Directory in Ubuntu Linux Mint automatically upon login
Just click on the Start Menu and go to "Startup Applications"
Then click on the "Add"Button
Now enter the command we need to open the folder/directory automatically using the filemanager
For remote SSH host (you need pub key auth for it to open without a pa........
ssh-keygen id_rsa private key howto remove the passphrase so no password is required and no encryption is used
The key is that you need to know the passphrase to do it, if you don't know the password for the key then you can't remove the key since it cannot be decrypted.
ssh-keygen is the easiest method and openssl can be used to manually remove the key and output it to a new file, which you can then copy back over top of the encrypted file.
After that your public key authentication will work without any password prompt because it is no longer encrypted. Make sure you understand........
How to allow SSH root user access in Linux/Debian/Mint/RHEL/Ubuntu/CentOS
A lot of newer installs will automatically prohibit the root user from logging in directly, for security reasons or they will only allow key based access.
If you know what you are doing/don't care about security or have an incredibly secure password for testing, then you can enable it.
Edit this file: /etc/ssh/sshd_config
Find the following line: PermitRootLogin
Set it like this:
PermitRootLogin yes
Now rest........
Ansible Tutorial - Playbook How To Install From Scratch and Deploy LAMP + Wordpress on Remote Server
1. Let's work from an environment where we can install Ansible on.
If you are using an older version of Linux based on Mint 18 or Ubuntu 16, you may want to get the PPA and get the latest version of Ansible that way:
sudo apt install gpg
sudo add-apt-repository ppa:ansible/ansible
sudo apt update........
SSH cannot connect to old servers/devices/switches/routers/Cisco/Juniper Unable to negotiate with 192.168.20.2 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hell
A lot of older devices either support telnet or very old SSH keyx algorithms which are insecure and disabled by all newer/modern SSH clients for security reasons. However, sometimes you may be on a LAN via VPNor some other secured network or for whatever reason, absolutely, need to connect to this device and sometimes old/embedded devices may not be possible to update to a newer SSH server.
If you run into this you may be using a modern/newer SSH client and get thi........
Debian, Mint Ubuntu how to remove package and associated config files
If you want to start fresh a lot of people falsely assume that an apt remove and then reinstall or apt --reinstall install package will start you off fresh. To be sure and remove all associated config files do the below with the example of ssh server (don't remove it though if you actually use it!)
The key below is using the --purge flag or apt-get purge proftpd (eg sudo apt --purge remove packagename)
apt purge proftpd; apt install proftpd........
How To Replace Audio Track of Video using ffmpeg
A very common use case is that you don't want to waste time using a video editor that requires you to open it up and manually import the video clip and audio clip, then manually delete the old audio track and import the video and new audio. That's too much work and time since we don't want to go through the hassle.
ffmpeg is our solution, all we have to do is specify 3 variables and we're done!
-i Windows2019-Server-Noaudio.mp4 is our in........
using Xvfb on virtual remote ssh server to have X graphical programs work
The scenario here is that you have some sort of remote headless Linux server but would like to run some programs on them and get graphical access to them. The problem is that the remote server may be an image or VMwithout any virtual GPU and even if so, it is likely without KDE or Gnome, so there's no real way to do this, unless you follow our guide.
Install xvfb
apt install xvfb
Reading package lists... D........
ssh Received disconnect from port 22:2: Too many authentication failures
If you are getting this error it is usually caused by having more than 5 keys in your ".ssh" directory. It is a bit of a bug and this is how it manifests itself.
You will find at this point that you are not given any chance to enter a password, or if you are using key based auth that the same thing happens. You'll also find that this is happening with ALLservers you try connecting to.
The solution is to move away key pairs from .ssh so that there ar........
SSH and sshfs timeout settings keepalive
A big problem over ssh and especially sshfs is that your connection will often timeout and disconnect after inactivity.
To fix this you can modify the server but it may not be practical or you may not have access. Why not send keep alives fom your end (client side)?
Just edit /etc/ssh/ssh_config (not to be confused with sshd_config as that is the server side):
Find the line that says "Host *" and change it like this:........
SSH How To Create Public/Private Key Pair and with a Larger Keysize than 2048 bits
The problem is that by default ssh-keygen loves to generate an easy to crack 2048 bit key (RSA). Supposedly having a larger keysize helps such as 4096 or 8096 but it is thought to be useless still against Quantum computing.
How can I check my existing keysize and type?
ssh-keygen -lf /path/to/your/id_rsa.pub
The output will be something like below followed by the hash. The first number is the key size and the second part will b........
ssh how to connect using a SOCKS 5 proxy with nc and proxycommand
This is not about using ssh as a proxy, but rather, using a proxy when you are SSHing to another host and using ProxyCommand (where we normally use nc as our proxy tool).
In newer versions of nc the syntax has changed to the following:
ssh -o ProxyCommand="nc -x 127.0.0.1:1234" %h %p user@host
The format must be like above in newer nc versions.
Just be sure to change the 1234 to the port of your SOC........
How To Restore Windows MBR Bootsector from Linux using syslinux
There are many ways but a favorite way is to boot any Linux LiveCD and to use the syslinux package like so:
Just change the "sdx" to your sd for example /dev/sda or whatever the drive is that is supposed to boot Windows.
sudo dd if=/usr/lib/syslinux/mbr/mbr.bin of=/dev/sdx
0+1 records in
0+1 records out
440 bytes copied, 0.0197808 s, 22.2 kB/s........
Linux Ubuntu Debian Missing privilege separation directory: /var/run/sshd
service sshd status
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: failed (Result: start-limit-hit) since Wed 2019-10-02 11:07:54 EDT; 36s ago
Process: 476 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=255)
Oct 02 11:07:54 box systemd[1]: Failed to start OpenBSD Secure Shell server.
Oct 02 11:07:54 box sys........
ssh how to verify your host key / avoid MIM attacks
SSH helps keep us secure in many ways, one of those is the host-key fingerprint which is unique. If you have been connecting to an SSH server that you've made no changes to and suddenly ssh warns that the key doesn't match then you have a problem.
But how about connecting to an existing server for the first time on a new machine or client?
A lot of new clients calculate it using an SHA256 hash but it is not as easy on your host machine to produce the sam........
How to encrypt your SSH private key file id_rsa
ssh-keygen -p -f /path/to/your/id_rsa
Enter new passphrase (empty for no passphrase):
After that your rsa private key will be encrypted which is a layer of protection and security in the event that somehow someone acquires your key and tries to access servers that the key is authorized on.........
Ubuntu Debian Mint Linux SSHD OpenSSH Server Not Starting After Reboot Solution
If you get error messages like this it is usually because /var/run/sshd does not exist.
root@userbox:/# service sshd status
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enab
Active: failed (Result: start-limit-hit) since Wed 2019-04-10 02:24:44 EDT; 1
Process: 511 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=255)........
SSH Keep Alive To stop Disconnections
Are you tired of coming back to your computer only to find your SSH connections have been broken? Even worse are the ones that hang where it appears to be connected but it is really not.
The one option you have is an SSHclient side modification to send KeepAlive packets, sometimes this can also keep up your WiFi connection and stop it from disconnecting you as well.
To make the keep alive changes for your just yourself (not system wide)........
Cisco CUCM Unified Communication Manager Howto Guide and Tutorials
Install Issues:
How to Make CUCM iso /modify to work on non-VMWare machines like QEMU/Xen/OpenStack
If you get kernel panic errors in VBOX usually disabling Nested Paging will fix the issue (thanks to Mark).
ks_pre.sh error is caused by having the wrong VDX pattern (change it do sd per guide link above) and/or the wrong VMSpecs (Cisco req........
SSH persistent and automatic login script for proxy
#!/bin/bash
sshcommand="ssh -N -R 20000:localhost:22 user@8.8.8.8"
result=`ps aux|grep $sshcommand"|grep -v grep`
if [ -z "$result" ]; then
echo "we are going to connect"
$sshcommand
else
echo "we are already connected"
fi
This is a handy script you can use and then add it to cron.
Save........
SSH proxy/command in the background or from cron script
If you have an SSHproxy that you need to run automatically from cron you will need it in the background to work.
ssh -N -D 22000 user@domain.com
Basically the -N let's it continue running in the background.........
ssh reverse proxy to enable remote access behind a LAN and firewall
So say you are behind a typical NAT/LAN setup whether at home, work or while travelling. What if you have a computer or server that you need to connect to from the outside?
Yes you could use a VPN but a quick and dirty, temporary and secure way is to use SSH's Reverse Tunneling Proxy feature.
Requirements
On the remote ssh server host you need the GatewayPorts option enabled in sshd_config (be........
Cisco Router Setup Guide and Tutorial Howto With Commands and Examples
In most of the Cisco router IOS I find the ports like ge0/0 ge0/1 and ge0/2 or whatever your ports are down. They will not even give you a link light. So one of the first tasks should be getting the port you are working with up.
In my case the first goal is often connectivity with the LAN and WAN.
LAN = your local area network (eg. in the office/home )
WAN= your ISP/public internet (eg. fiber/cable/dsl/ethernet).........
VBOX VirtualBox How To Import Raw .img Disk File
What you need to do if you have taken a dd or real raw image dump of a hard disk:
VBoxManage convertdd windows2019-eval-template.img windows2019.vdi --format VDI
The .img is the raw dd dump and the .vdi is the output file.
--format VDIspecifies to output to .vdi format
If you are in a pinch you can always use qemu-kvm binary and manually specify the .img as your disk and i........
SSH error cannot Forward or Listen "bind: Cannot assign requested address"
debug1: Local connections to LOCALHOST:18006 forwarded to remote address 192.168.1.93:8006
debug1: Local forwarding listening on 127.0.0.1 port 18006.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on ::1 port 18006.
bind: Cannot assign requested address
What we are seeing is that we can't listen on an IPV6 address of ::1. We need to tell SSH to stop using IPV6 so we'll edit ssh_config to take care of this issue........
X11 SSH Linux Forwarding Error
Jan 30 17:16:10 localhost sshd[25385]: error: Failed to allocate internet-domain X11 display socket.
The solution for me on the server side was the following in sshd_config:
AddressFamily inet
*Remember to restart sshd and also reconnect from the client side.
Ihad all the normal X11 settings on the server but it just stopped........
iptables linux firewall recommended rules for public computing
Whether you are at work, at the coffee shop or on the public internet here are some basic but effective rules for iptables that lock things down (eg. no one can SMB or SSH to you or really anything):
# Generated by iptables-save v1.4.21 on Fri Dec 14 14:00:08 2018
*nat
:PREROUTING ACCEPT [160:19844]
:INPUT ACCEPT [4:357]
:OUTPUT ACCEPT [2955:182236]
:POSTROUTING ACCEPT [2955:182236]
COMMIT
# Completed on Fri Dec 14........
Debian 9 SSH root password authentication failure password not working problem / solution
In Debian a lot of times SSH disables the root user to login by password by default. This means you will get an authentication failure as if you typed in the wrong password.
The logs also indicate the password is wrong but what is often the case is in the config file
Check /etc/ssh/sshd_config
cat /etc/ssh/sshd_config|grep -i permitrootlogin
Make sure it says:
PermitRootLogin yes
If not change it and restart SSH........
systemd management using systemctl and journalctl to check systemd logs
systemd is like the service manager for your Centos and other modern Linux distributions (including Debian/Mint/Ubuntu) allows you to enable services, stop them, restart them, check their status and even reboot your system.
The key commands or arguments you will use with systemctl are the following:
Unit Commands:
list-units [PATTERN...] List loaded units
&nbs........
What is /dev/pts and why do we need it in Linux?
A quick check in /dev/pts shows a lot of entries but what are they for?:
ls /dev/pts
0 10 12 14 16 18 2 21 23 25 27 29 30 32 4 6 8 ptmx
1 11 13 15 17 19 20 22 24 26 28 3 31 33 5 7 9
Basically they are pseudo-termi........
zenity popup messages, windows, dialogs, error messages calendars and more howto on Gnome Linux including Ubuntu, Linux Mint, Centos and more
zenity is a nice utility as part of the gnome window manager that allows you to script from bash and retrieve the input from the user. It could also be helpful in just notifying a user when they login with a popup window.
I'll give an overview of what's available with zenity:
Application Options:
--calendar Display calendar dialog
--entry Display tex........
VMWare ESXi 6.7 SSH/PowerShell CLI Commands
[root@localhost:~]
BootModuleConfig.sh echo host-ind nfcd........
Linux Mint 18 Screen Goes Dark or Black After Screensaver or even when using the Desktop Solution
You can search for this bug and it seems like it may be related to ecryptfs and is many years old.
The symptoms are that you return to the computer and the screensaver was active or the screen was asleep/black and it doesn't seem to come back. But you check by SSH the computer is running fine and are frustrated you'll lose your running programs and have to reboot.
There is a simple solution:
Ctrl + Alt + F1
Ctrl +Alt + F8
Ba........
Relocating modules and starting up the kernel - VMWare ESXi 6.7 Error and Solution
I had this error in an unsupported CPUon VMWare 6.7 and apparently this sometimes works especially on older VMWare versions like 6.5 5.5 etc (but in my case it did not).
To make sure it proceed when you see "Loading VMWare"
Hit "Shift+O"
Then add "ignoreHeadless=TRUE"
See an example below:........
VMWare 6.7 VCSA VSphere ESXi Management SSO Install Guide on Linux using the CLI
#mount the VCSA DVD
mount /dev/sr0 /mnt/cd
#alternatively you could mount the iso directly
mount -o loop vcsa.iso /your/mount/path
#for this purpose we are using the CLI installer on Linux
cd /mnt/cd/vcsa-cli-installer/lin64
#no it's not going to be that easy you can't just run vcsa-deploy like that you need to use a template or configured .json file
./vcsa-deploy
Usage: vcsa-deploy [-h] [--version] [--supported-deploymen........
not allowed to execute '/usr/bin/apt-get install eclipse' as root linux sudo user permisson issue and solution
This is most likely to happen on a normal GUI system like Ubuntu or Linux Mint. If you or the user is meant to have sudo / root privileges it is as simple as editing the following files:
Now assume your username is "iamtheuser"
vi /etc/group
adm:x:4:syslog,iamtheuser
sudo:x:27:anotheruser,iamtheuser
Find the above lines and add a comma and "ia........
sign_and_send_pubkey: signing failed: agent refused operation - SSH Solution
sign_and_send_pubkey: signing failed: agent refused operation
This happens when you don't manually add your ssh key with ssh-add it is some weird new feature in SSH or Ubuntu/Debian that causes this weird problem.
Solution:
ssh-add
Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)........
Prevent SSH Bruteforce and Hacks By Disabling Password Authentication
One simple way to keep your server public but almost impossible to hack via SSHis to disable password authentication over SSH. This means the only way in is via your own private key that only you should have.
Edit your /etc/ssh/sshd.conf file
Set this option
PasswordAuthentication no
Restart your SSH server.
service sshd restart
........
Linux How To Clone One System Harddrive to another remote system
The easiest way is to use SSHand DD or a combination of netcat. SSHwill be a little slower due to encryption but is the most secure way (on two older systems the average clone speed is about 40-50MB/s). This is also OS independent as it doesn't matter what the source OS is because you are literallly cloning the drive so you retain the partition table and settings.
Clone HDD using SSH and DD........
Unable to negotiate with 192.168.1.99 port 22: no matching host key type found. Their offer: ssh-dss Solution
ssh rtt@192.168.1.199
Unable to negotiate with 192.168.1.99 port 22: no matching host key type found. Their offer: ssh-dss
It looks like the DSS option is not considered secure so when connecting from newer Linux systems to an older one you will get the above error.
It can be fixed (but you should consider upgrading your SSH daemon):
ssh -oHostKeyAlgorithms=+ssh-dss rtt@192.168.1.199........
Authentication refused: bad ownership or modes for directory /home/user SSH Public Key Authentication Failed Solution
First of all I got this error after accidentally messing up my usergroup by using usermod -G user group
When I would login using SSHkeys it would fail:
sshd[2020]: Authentication refused: bad ownership or modes for directory /home/one
No worries, the fix is simple!
chmod g-w /home/use........
kdenlive - No LADSPA plugins were found! Check your LADSPA_PATH environment variable. [producer_xml] failed to load transition "qtblend"
This happens if you are running a kdenlive script from the shell of a remote machine without using SSH "-X" forwarding and it will also cause any areas where you write text to be a white screen for that duration.
melt FusionFestival.kdenlive
No LADSPA plugins were found!
Check your LADSPA_PATH environment variable.
[producer_xml] failed to load transition "qtblend"
[producer_xml] failed to load transition &q........
Disable SSH Password Authentication to Increase Security and Harden SSH Linux Unix Server Ubuntu Mint Centos Debian
Just a note before you do this you should have a sure, guaranteed way into the system such as local, KVMor preferably publickey making bruteforce SSH absolutely impossible since there is no password to bruteforce and even if someone knew the password they wouldn't be able to login except from the local console (presumably you should make sure no one unauthorized has physical access).
1. Edit /etc/ssh/sshd_config
Find the section like this:........
rsync specify alternate port non-standard port than 22
It is not obvious but the rsync --help
rsync --help|grep port
--port=PORT specify double-colon alternate port number
--port does not do anything at all actually for some strange reason it still uses 22
You have to specify a manual ssh command to make it work:
-e 'ssh -........
[1035724.274610] [drm:intel_pipe_update_end [i915_bpo]] *ERROR* Atomic update failure on pipe A (start=62076478 end=62076479) time 102 us, min 894, max 899, scanline start 893, end 900 W: Possible missing firmware /lib/firmware/i915/kbl_dmc_ver1.bin
[1035724.274610] [drm:intel_pipe_update_end [i915_bpo]] *ERROR* Atomic update failure on pipe A (start=62076478 end=62076479) time 102 us, min 894, max 899, scanline start 893, end 900
W: Possible missing firmware /lib/firmware/i915/kbl_dmc_ver1.bin for module i915_bpo
I've been getting those errors on a J3455 NUC box with the latest kernel on Linux Mint 18.2. When updating the initramfs I also got the error about the firmware........
rsync run as root sudo without password
This is a common issue, what if a issue shouldn't have root but you want to use that user to make a full backup of a system? They of course need root access.
You can actually just give them passwordless sudo access to rsync in /etc/sudoers:
sudo vi /etc/sudoers
yourusername ALL = NOPASSWD: /usr/bin/rsync
Here is how you would execute rsync:
The key thing for the remote host is to........
ssh forward multiple ports in the same connection and command even works with NAT!
You can actually just pass multiple "-L" statements to achieve this.
An example is as below:
ssl -L 80:192.168.10.5:80 -L443:192.168.10.5:443 -L2068:192.168.10.5:2068 -L 8192:192.168.10.5:8192 user@remotehost.com
The above essentially is saying forward ports 80,443,2068,8192 to the remote IPof 192.168.10.5 (even though it is behind NAT). Essentially SSH will do the NAT part even if the........
Avocent DSR8020 KVM/IP - Network Connect Error - Solution
This error is commonly due to Java security or TLS settings but there is a second issue with forwarded ports that also causes it.
1. Java Security/TLS Settings issue:
This article has the solution to change them all in Linux automatically
2. Port Forwarding Issue if your Avocent DSR is behind NAT/private IP........
sshd[10470]: Authentication refused: bad ownership or modes for directory /root
This can be a case of bad permissions or modes as the error says. Normally one would assume permissions but often a script may change ownership of /root to something else.
This was the case half the time I've encountered this.
So in short make sure ownership is correct
chown -R root.root /root........
Ubuntu/Debian OpenVZ Template Problems No Networking and SSH not starting
It all comes down to a bug essentially where you are running an older kernel that doesn't support the newer Debian templates. The solution is to update your OpenVZ kernel.
Here are some symptoms of the problem/lack of kernel support:
Ubuntu Template 12.04 requires a manual network start:
service networking start
sshd will not start:
/usr/sbin/sshd
PRNG is not seeded
mknod /dev/random c 1 8........
cp copy all contents of directory to another one including hidden files and folders howto
cp -a /your/source/. /your/dest/
-a preserves all file atributes and symlinks
the "." at the end of /source/ includes all hidden files such as .htacess, .bash_history, .ssh etc..
The / in /dest/ makes sure the contents go into it instead of replacing /dest itself (eg. if you did not have the / at the end).........
vi Debian Linux Ubuntu Mint arrow key problem linux ssh bash shell terminal
Debian/Ubuntu vi keyboard problem, up and down arrows do not work and instead make an A (Up), B (Down), C (Right) or D(Left).
The working solution
(you could also add the set nocompatible to /etc/vim/vimrc to make it system wide-will not be applied until reboot I believe):
echo "set nocompatible" > ~/.vimr........
How to manually save bash history
This is useful in the case you are not properly logged in via an OpenVZ session or even a normal SSH session that you fear may go down(if the connection is broken the history is not saved).
Save your bash_history like this:
history -w ~/.bash_history
You can always change the above to another file eg /tm........
Centos cannot login by console or ssh session closed immediately
In my case I could login with the initial install but I rsync'd everything over while preserving ownership and permissions to another RAID partition and booted from that.was fine before. The problem is that you are kicked out the second you login and the problem was SELINUX for some reason (perhaps it noticed something strange when it was moved to the new partition)
login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
login: ROOT LOG........
Installing zoneminder on Ubuntu/Debian Linux Howto
sudo apt-get install zoneminder
[sudo] password for one:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libuser-perl python-evince kdebase-apps kwrite unixodbc
libgnomeprint2.2-data python-soappy vgabios python-metacity hddtemp
python-mediaprof........
ssh session and port forward or reverse port matching or assocation howto
Use netstat with the -anpe option. The e option shows the inodes and I do not know if it will always work or if it was by fluke but I was dealing with dozens of SSHsessions and needed to know which session was related to which forward (the PIDs of the SSHand SSHD did not match etc...)
Notice the "59560675" and "59560762" those are almost identical, if you find two sets that are nearly identical except for the last 3 digits they may match (in my ca........
Centos scp or sftp program missing solution/what rpm provides them
You need the "openssh-clients" package which contains sftp and scp.
yum -y install openssh-clients........
CPanel Link to all of the command line options
CPanel says you can access 98% of the functions through CLI which experienced Unix/Linux admins prefer for simplicity and for scripting. I've never found CPanel easy to use from the admin panel, it seems everything is hard to find and a simple task becomes a series of hunts.
So for people like me here's the list: http://cpanel.net/system-administrators/command-line-scrip........
Ubuntu Linux Slow/Delayed SSH ping response Solution
I've only ever seen this in Ubuntu for some reason and it is because of the /etc/nsswitch.conf settings.
So the issue is that if the hostname's reverse DNS cannot be found that you need to go back to DNS which was not the default in this nsswitch.conf file for some strange reason.
Edit /etc/nsswitch.conf and replace your "hosts" line with this:
#hosts: files dns mdns4_minimal [NOTFOUND=return] mdns........
yum error installing php solution - exclude php from being installed from third party repos
Error: Package: php-Monolog-dynamo-1.7.0-1.el6.noarch (epel)
Requires: php-aws-sdk
Error: php-pecl-zendopcache conflicts with 1:php-eaccelerator-0.9.6.1-1.el6.x86_64
Error: php-xcache conflicts with php-pecl-apc-3.1.9-2.el6.x86_64
Error: php-pecl-zendopcache conflicts with php-pecl-apc-3.1.9-2.el6.x86_64
Error: Package: php-horde-Horde-Vfs-2.1.2-2.el6.noarch (epel)
&n........
cPanel VPS Server Cannot Login as root
I was worried the server was hacked, I was logged in already as root but couldn't login to CPanel or a new SSHsession. I even reset the password from the shell and it did not work still.
The reason is CPanel Hulk, it detected a brute-force attack so it locked down the root account entirely even from the correct password. According to cPanel the best way around this is to whitelist your IP.........
SSH HowTo Create Port Forwards
ssh -L 5905:localhost:5900 root@yourserver.com
The "-L" means to create a port forward to a port on your server.
The 5905 means the port on your computer that will be used to access the port 5900 on the remote server.
localhost is the IP that you use to access the port forward (you can change it to 0.0.0.0 which will be all IPs on your system/computer but localhost is good for security and privacy unless a whole network of people need access).........
openssh-server has no installation candidate Debian/Ubuntu Solution
Idon't know why but some installations don't have this in the database by default.
To fix it to an:
sudo apt-get update;sudo apt-get install openssh-server
and then it will work........
Android how to copy rsync binary to main system for use in shell/ssh
Install rsync4randroid and in the shell/ssh do this:
ln -s /data/data/eu.kowalczuk.rsync4android/files/rsync /system/xbin/rsync........
pxe-32 tftp open timeout
pxe-32 tftp open timeout
The solution was to enable tftp in xinetd with "chkconfig tftp on".
See the troubleshooting below:
chkconfig --list
NetworkManager 0:off 1:off 2:off 3:off 4:off 5:off 6:off
acpid 0:off&n........
Execute Local Bash Scripts remotely by SSH
for ip in `cat fixlist.txt`; do
sudo -u apache ssh root@$ip "`cat iptablesrules.sh`"
done
In the above example we are going to execute the commands within the local file "iptablesrules.sh" on all the machines in "fixlist.txt". This is a great way of performing server maintenance in a clustered or cloud environment.........
iptables redirect ports to a different host and port + NAT Masquerade howto/solution
This is important if you need public access to internal IPs such as at your office and don't want to use a VPN just to SSHinto different servers:
Below forwards the port "10001" to the IP192.200.5.53 on port 22 (of course adjust it to your needs).
iptables -t nat -A PREROUTING -p tcp --dport 10001 -j DNAT --to-destination 192.200.5.53:22
Remember to enable MASQUERADE on your NAT IPs or they won't be able to talk to the outside world (........
Ubuntu Download Packages/Updates for EOL Unsupported Old Releases
I installed Ubuntu 11.04 for testing purposes but I couldn't even download SSH server:
sudo sed -i -e 's/us.archive.ubuntu.com/old-releases.ubuntu.com/g' /etc/apt/sources.list
After running the above make sure you do a "apt-get update"
Note with the above that Ihave the search string of "us.archive.ubuntu.com" change it to whatever is in your sources.list
The above does not fix all repositories either, I haven't had a chance t........
SSH Can't Login/Hang
Client Log
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.1.253 [192.168.1.253] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_d........
Disable SELinux How To Tutorial Solution
Here is a quick script that works on most Centos versions to disable the virus/SELinux from blocking basic functionality.
The first echo 0 statement disables SELinux instantly but it will still be enabled on reboot.
The second line disables it permanently.
#!/bin/bash
#disable SELinux Immediately
echo 0 > /selinux/enforce
#disable SELinux Permanently
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config........
Linux/Centos how to block SSH bruteforce/dictionary attacks automatically with denyhosts
A lot of people become nervous (and understandably so) when checking their auth or security logs, in Centos /var/log/secure and see dozens, hundreds of even thousands of attempted logins to various services, especially SSH.
Of course you could manually block these people/IPs but no one has time to read the logs like that, what if some program or script could do it for you?
This is what denyhosts does for you, it checks the logs and based on a certain number of failed SSH attem........
HowTo Migrate and Import iPhone/Outlook Contacts into Android without using GMail using .vcf files
I searched for days after getting my Galaxy Note and couldn't find a way to do this (at least not without buying programs for either Android/Windows). All I read was ways to sync and import the contacts to GMail but I don't want to use GMail for privacy reasons. GMail/Google steal all of your personal information and use it for whatever purposes they want to and may sell or release it to who knows where (I don't care what their policy says but this stuff happens), just like the default........
SSH error slow login debug1: An invalid name was supplied Cannot determine realm for numeric host address - Solution
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-9etch3
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: An invalid name was supplied
A parameter was malformed
Validation error
Solution, disable auth from the ssh client (this is a client side error)........
OpenVPN don't use bridgestart.sh or bridge at all use iptables
I used the suggested script to bridge from OpenVPN and it took my client's server off-line! Don't ever use their "sample" scripts if you don't have another way of accessing the server than SSH.
I actually found it easier to use iptables to tell it to route IPs based on a certain subnet to route through eth0:
iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o eth0 -j MASQUERADE
Replace "192.168.200.0/24" with your subnet of cour........
iPhone Restore/Backup Location of Notes and Contact/Address Book
*Make sure that the ownership is 501.501 or mobile.mobile when copying back (especially if using ssh or sftp as root on the iPhone) otherwise things will break. Eg. the contacts will be blank even after trying to update due to incorrect ownership/permissions.
iPhone Notes Location/Restore:
/private/var/mobile/Library/AddressBook
AddressBookImages.sqlitedb AddressBook.sqlitedb
Once you restore the contacts and restar........
scp not found - solution
Some minimal installs of Centos may be missing the scp command, which is actually part of the "openssh-clients" package.
scp not found
yum install openssh-clients........
Linux Out of Memory OOM Object Killer Solution "Out of memory: kill process 1955 (sshd) score 81 or a child"
I had a system running a 128MB live CD image with 2.8 gigs of available RAM and the OOM kernel killer went crazy when using dd for more than 8 minutes and kept killing everything. I've read that this is due to a low-memory issue and paging in the kernel and 32-bit systems with lots of RAM.
I even enabled swapspace on my LiveCD and the issue happened 25 minutes into dd rather than 8 minutes, so what gives?
Also no swap space was ever used!
cat /proc/s........
iPhone 3G/3GS/4 Undelete Photos/Videos Datarecovery
I found this technique listed in many places which shows you how to use a common Linux tool "dd" to dump the raw partition of your iPhone.
I give credit to this site for showing me the correct way to dd from the iPhone, I never thought to try it in the other direction:http://log.ijulien.com/post/182804914/iphone-3gs-data-recovery
Requirements
1.) Jailbreak your........
ls: error while loading shared libraries: libtermcap.so.2: cannot open shared object file: No such file or directory solution
ls
ls: error while loading shared libraries: libtermcap.so.2: cannot open shared object file: No such file or directory
This is not an ldd problem or case of anything missing, this only happened after I upradedUbuntu.
declare -x PATH="/home/user/bin:/usr/local/bin:/usr/bin:/bin:/usr/games"
"/home/user/bin" is the problem! It's weird because I have no idea how it happened.........
SSH Tunnel Dynamic Proxy Stops Working Right Away even with Root and High Port
I keep getting messages like this shortly after using the proxy (it works for a few seconds/page loads and then stops):
channel 12: open failed: administratively prohibited: open failed
I'm not sure what the issue is unless there's some kind of hardware firewall on the other end. I've used this exact configuration on multiple servers with no issue and even disabled iptables etc..........
sshfs cannot unmount error: device is busy. (In some cases useful info about processes that use the device is found by lsof(8) or fuser(1))
umount: /home/diret/mount: device is busy.
(In some cases useful info about processes that use
the device is found by lsof(8) or fuser(1))
I tried everything (fusermount -u) to unmount it but the only thing that worked was actually doing this:
ps aux|grep sshfs
Then I identified the sshfs connection and did:
kill -kill pid........
sshd[9217]: Authentication refused: bad ownership or modes for file /root/.ssh/authorized_keys
sshd[9217]: Authentication refused: bad ownership or modes for file /root/.ssh/authorized_keys
I made sure the entire .ssh subdir is owned by the user root (this is root's account);
chown -R root.root .ssh
chmod 600 .ssh/authorized_keys
but it still doesn't work and gives me the same message
sshd[7339]: Authentication refused: bad ownership or modes for directory /root
chmod 700 /root........
SSH delay problem UseDNS and disabling GSSAPI does not help
The normal solution doesn't help or apply here:
ssh -v user@192.168.5.41
OpenSSH_4.3p2 Debian-9etch3, OpenSSL 0.9.8c 05 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.5.41 [192.168.5.41] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: i........
Cygwin and crontab backups via ssh/scp/rsync
Install the "Editors" and "Net" groups that will give you rsync, ssh, ssh-keygen and cron.
The trickiest thing that I keep forgetting about each time is you have to run "cron-config" which adds the cron service to Windows, and without doing that obviously no cron jobs will be run thus making automatic backups impossible.
Warning about rsync/cygwin and using the -a archive switch.
It's a good thing I caught this because it doesn't work ri........
yum in Centos 5/Xen halts and exits suddenly
yum exits in the middle
The problem is this VPS seems to be an OpenVZ template from HyperVM. The only way to make it work was to disable i386 packages since this was an x64 kernel. That shouldn't be necessary but it was the only way to make yum stop quitting after the first package or two. I couldn't find any issue by checking the logs either.
echo y|yum install vim-minimal telnet expect jwhois net-tools slocate iptables elinks gawk
L........
NotifyByPopup::slotDBusNotificationClosed: 465 -> 0 knotify(31135) NotifyByPopup::slotDBusNotificationClosed: failed to find knotify id for dbus_id 465
I keep getting this in my SSH/Bash console:
NotifyByPopup::slotDBusNotificationClosed: 465 -> 0
........
Ubuntu 10.04 Linux is still not ready for the Desktop world
I am a huge fan of Linux and the idea of OpenSource but I've said it many times, there are still hurdles in today in 2010 for Linux as a Desktop. Linux is still intended for servers at its very core. This can be changed succesfully though, as Apple has shown us with Mac OS X based on FreeBSD.
Half of the issue is lack of driver support and the other half is the Linux Kernel and Window Manages, KDE and GNome still both don't cut it (but they're getting closer).
I'll........
jailkit for chroot ssh account security tutorial and fix for error
This was done on Centos butI think it's easier on Debian machines, the paths that it is set to use are tailored towards Debian, so there is some fiddling that needs to be done on Centos.
This is for chrooting ssh, but jailkit has other uses than just SSH jails but I won't cover them in this writeup.
1. Install jailkit
yum install jailkit
2. Setup Jail Home
mkdir /home/jail
chown root:root /home/ja........
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
The easiest way is if you have a secure way to connect and verify the hostkey of the remote host by using this guide.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOME........
CPanel OpenVZ VPS Error - *** Notice *** No working loopback device files found. Try running `modprobe loop` as root via ssh and running this script again.
Ihave no idea how to get the loopback device working in OpenVZ, but what's more frustrating is that I purchased a CPanel license for my VPS and clearly it is not "VPS Optimized". Although everything does seem to work at this point despite that error.
The suggestions here: http://forum.openvz.org/index.php?t=msg&goto=1339 don't seem to work at all. This is an OpenVZ issue, but also a CPanel isue, why on earth would loopback support be expected in a VPS a........
SSH Automatic/Passwordless Logon - Setup Public Key Encryption In Single Command
This is a very simple solution, but most guides out there make you login twice (once to scp the key) and once to put the key in authorized_keys. There's no need for that.
If you don't already have a ~/.ssh/id_rsa.pub just type "ssh-keygen -t rsa" and keep hitting enter until it's done :)
Just use this code to easily enable passwordless login with SSHD
key=`cat ~/.ssh/id_rsa.pub`;ssh user@192.168.5.25 "echo $key >> ~/.ssh/auth........
Picking an FTPD (vsftpd) Server in Linux Centos/Debian
I decided on using yum to help me decide even though I normaly use proftpd I decided to see what else I could find.
yum search ftp
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* rpmforge: ftp-stud.fht-esslingen.de
* base: mirrors.netdna.com
* updates: updates.interworx.info
* addons: yum.singlehop.com
* extras: mirrors.netdna.com
rpmforge........
PHP cannot access /usr/bin/openssl
PHP cannot access /usr/bin/opensslI have verified the username that runs the process is able to access /usr/bin/openssl and it does exist but the PHP script is saying it doesn't exist:
[code:1:1fd0f3abbe]
if (!file_exists($OPENSSL)) {
//echo "ERROR: OPENSSL $OPENSSL not foundn";
}[/code:1:1fd0f3abbe]
I don't get itI can clearly see the contents of /usr/bin by using the PHP system fu........
SSH automatic login without password
SSH automatic login without passwordlocal> ssh-keygen -t rsa -f .ssh/id_rsa
-t is the encryption type
-f tells where to store the public/private key pairs. In this case, the .ssh directory on home is being used
A password will be asked; leave this part blank, just pressing
Now, go the .ssh directory, and you will find two new files: id_dsa and id_dsa.pub. The last one is the public part. Now, copy the public key to the serv........
Updated to Version 3.8 and can't login
Updated to Version 3.8 and can't loginSSHD accepts my password but then hangs at "Last login: Wed Sep 13 21:30:02 2006 from"
This occurred during a yum update after upgrading my release, installing the new kernel and rebooting.
I got kicked out of sshd after seeing the following during yum update:
telnet 100 % done 85/476
tux 100 % done 86/476
ntsysv 100 % done 87/476
rpmdb-redhat 94 % done 88/476........
Telus + 2Wire 2700 Router Horrible
Telus + 2Wire 2700 Router HorribleWell first of all let me say this is the only router/switch that sometimes seems to crash/disconnect computers on the local network.
This device also thought it would be smart to block VOIP packets coming from my Sipura ATA VOIP adapters so I disabled the [quote:cb89ba7bff]"Invalid TCP Flag Attacks (NULL/XMAS/Other)"[/quote:cb89ba7bff] option
Then all of a sudden I couldn't get onto any web pages, the wireless........
SSH Public Key Authentication (Login Without Passwords)
SSH Public Key Authentication (Login Without Passwords)I've gone over this before but just a quick note!
the "authorized_keys" file in ~/.ssh
must be chmodded to "600" or public key authentication won't work.
I guess it's kind of a security/failsafe feature that I've
seen on all Linux and Unix OS's........
Basic Port Listing
Basic Port ListingHopefully someone finds this useful or at least interesting.
http://www.sans.org/top20/#u9
Name Port Protocol Description
Small services ........
iPhone Enable Tethering Manually Update ipcc Carrier Settings/Update via SSH
Everyone says there is a "manual" way of doing it and then they tell you to use iTunes, but if you're like me, you're travelling on business in a foreign country and your laptop does not have iTunes and you don't have a way of getting it and/or don't want it.
For this example I'm using the provider "du" in Dubai, UAE (United Arab Emirates) but this method works for virtually all providers.
The requirements in this case to truly "manually update........
Unixbench Score with Glusterfs/Openvz & Quad Core Xeon
This is very disappointing since GlusterFS markets itself as a solution to deploy VPS servers on. On the HNitself I get a Unixbench of about 360.
I'm also using an SSH tunnel to secure the communications, but even before that, things seemed very slow.
# # # # # # # #####&n........
Linux/Unix Open SSH Login Without Password Key Exchange including Debian, Redhat, Fedora, Ubuntu, BSD etc..
In those 4 simple commands you can setup mutual key exchange between two sshservers by using a single login shell session and single window.
*Just change the IP address examples of (10.10.0.2) to the target of your mutual key exchange. It doesn't matter if the server is on a LANor WAN(well unless the server is behind a firewall and you cannot SSHinto it).........
Why Apple should thank the jailbreakers and not patch/stop the jailbreaking exploits
First of all, the iPhone is crippled in many ways, but most of my complaints about functionality have been addressed through the jailbreak, Ican run apps in the background of my choosing, I can install a terminal, acccess my phone through SSH and SCP and so much more.
It even addresses the 15 minute e-mail problem, I installed a program called "PushMod" and now set the checking time to just 1 minute.
Apple should really thank the developers for this gift, it ma........
iPhone Backgrounder Adds True and Real iPhone multitasking on jailbroken phones
Apple crippled the iPhone by not allowing multi-tasking of the non-primary apps. I use SSH a lot and I don't want to close my session just to check my e-mail, etc, now an app found in Cydia called "Backgrounder" allows just that.
Although it's not perfect, we installed the correct one for "3.x" iPhones and hit "Reload SpringBoard" and the hour/circle glass has just been going for minutes.
It seems like it installed fine even with the crash t........
iPhone 3GS Jailbreak Information & Benefits
Truly, the only way to unleash the capabilities and customization abilities of iPhone are to jailbreak, it's not just for hackers anymore.
A few days ago someone by the named of "geohot" released a single click application called "purplera1n", which does the entire operation smoothly and seamlessly.
In our case, the first time it went as far as "done, wait for reboot" on our Windows machine and for minutes we waited and saw the pic on the iPhone w........
iPhone 3GS 32GB "Harsh Review"
Yes, Iadmit I finally got bitten by the hype as much as I can usually see through it all. Keep in mind this review is of the "stock" phone, no jailbreaking yet which is what really unleashes the customizability and whyI bought iPhone.
I had better things to say about this phone before buying it, and it is a great phone, perhaps the best on the market by far, if not because of the Mac OS port onto the iPhone and all the apps, etc, etc.
With that said........
SSH Slow Login even with SSHD UseDNS no parameter
Icouldn't understand why on one system it took a few minutes to get the SSHlogin prompt when connecting to other systems. The other systems all had the UseDNS parameter set to no, which almost always resolves the login prompt delay.
The reason is Ubuntu and perhaps Debian and other distributions /etc/nsswitch.conf file
Edit yours to have the "hosts" line like so (notice that files and dns are the primary resolution choice........
SSH Server Slow/Lagged/Delayed Login Response
This is really something the SSHServer developers should consider. The cause of this annoyance is because of failed DNS lookups on your IPaddress, which is especially common for many dedicated/col-located servers and also computers on internal NAT/private networks.
The chances are this is the cause of your SSHSlow/Delayed Login problems.
The easy solution to SSH Login Problems
Edit /etc/ssh/sshd_config
Add this line to disable r........
SSH Problem User username from 127.0.0.1 not allowed because not listed in AllowUsers
User username from 127.0.0.1 not allowed because not listed in AllowUsers
What's going on? The user was created properly, it has been defined as having a shell entry and the entry for /etc/passwd and /etc/shadow is set just fine.
This is a new and very smart/secure feature of SSHD. It is simple and yet effective, but also very annoying if you didn't know about it being implemented and that hand editing of /etc/ssh/sshd_config is required to allow a newly add........