Community Blogs

Qwiki : Ping an IP Address in HEX

Did you know you can ping an IP Address in HEX?

Read more... Comment (0)

Deploying a Linux based vm from VMware template

Deploying a Linux based virtual machine from a VMware template can be a bit difficult when you don't know the ins and outs, the tiny tweaks. 

In this blog post I'll explain how you can get past the problems that might occur.

Read more... Comment (0)

SSH Tunnel between two machines

Here's another nice and short post about SSH and tunnels

Here's something I did in the past for working through DMZ machines, let me explain this scenario:
Immagine you've an UNIX machine inside a DMZ and you'd like to get some data from another host located inside the dmz green area, you've two options for it:

  1. Make a pinhole in the firewall (bad bad bad)
  2. Create a tunnel from the green area to the host inside the DMZ so the dmz machine can use that tunnel to remote forwarding ports from green machine

Obviously we'll discuss option number two :-)

Let's place an example for a quick and dirty explaination

Protected machine inside the dmz green area (protected) : lets' call it "green"
Machine inside dmz yellow area, used for web services from outside/inside: let's call it "yellow"
Service port to tunnel: 3306 from green to 6033 to yellow.
Yes, I'd like to transport MySQL (everything else works as well) from green to yellow so applications on yellow can normally open the database located on green.
Green also decides when and how to handle and keep the connection in order to preserve its data.

So, what's next ?
Let me assume you can ssh from green to yellow without passwords, you've already exported ssh rsa public/private keys from a machine to another (or maybe it could be a good argument for the next post :-) ), so all you have to do is open a tunnel in this way:



Issue this command on green machine and you'll have 6033 port opened on yellow, try to use mysql command line utility to open a database on green and see what happens.

Hope it helps someone, I've used it in the past to transport data from a db to another but you can even use for something else: JSON on HTTPD (80) and so on


**** UPDATE ****
See SSH Tunnel between two machines (part two) for an automatic script and use it easily
**** ****



Andrea (Ben) Benini


SSH Tunnel between two machines (part two)

Here's a script for using SSH Tunnel between two machines discussed before, this script automates tunnel creation and if you add it in your cron you can even check for existence and restore it when broken, let's see the script first:

# Description : SSH Tunnel between two machines for forwarding remote MySQL port
# Author: Andrea Benini (Ben)
# See configuration for details on ports

# Configuration

# No changes needed below this line
COMMAND_SEARCH=`ps x -o args|grep "^$COMMAND_LINE"`

if [ "$COMMAND_SEARCH" == "" ]; then
echo "Restarting Tunnel to $REMOTE_HOST"

The script restarts the tunnel by itself when broken, not active, shutdown or else
You can insert it into cron to check for it every 5 minutes or to enable it at the end of the day (you say "two db sync at 20pm" ? yes it is !)

Edit your cron by inserting:

# every 10 minutes
# check tunnel availability
*/10 * * * * $HOME/cmd/ 1>/dev/null 2>&1

and here it is !

Hope it help someone

Andrea Ben Benini


SSH to server without password using RSA key

I came across a requirement for automatically logging into the server without entering password, This can done using the RSA

Simple Way (Better to try this)

1.Run the following command on the client (from where you want to access the
#ssh-keygen -t rsa

2.id_rsa and files will be created inside $HOME/.ssh

3.Copy to the server's .ssh directory

#mkdir $HOME/.ssh
#scp $HOME/.ssh/ user@server:/home/user/.ssh

4.Change to /root/.ssh and create file authorized_keys containing id_rsa content
#cd /home/user/.ssh
#cat id_rsa >> authorized_keys

5.You can try ssh to the server from the client and no password will be needed
#ssh user@server

6.enable rsa authentication in /etc/ssh/sshd_config in both the servers
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

7.Restart sshd service ( service sshd restart)

A much more complex way

In the server where you want to give access
#ssh-keygen -t rsa

Give password

This will create two files Private key and public key in $HOME/.ssh/ and $HOME/.ssh/id_rsa

#scp /root/.ssh/ This e-mail address is being protected from spambots. You need JavaScript enabled to view it .*.*:/home/test/.ssh/
# scp /root/.ssh/id_rsa This e-mail address is being protected from spambots. You need JavaScript enabled to view it .*.*:/home/test/.ssh/
#exec ssh-agent bash
#ssh-add /root/.ssh/id_rsa

Remote Side

Create a user
#Useradd test
#Passwd test
#su - test

$mkdir /home/test/.ssh
$chmod 700 .ssh
$cat /home/test/.ssh/id_rsa >> /home/test/.ssh/ authorized_keys (if ssh2 then use authorized_keys2)

$ exec ssh-agent bash
$ssh-add /root/.ssh/id_rsa


LVM to the rescue

Scenario. Have a system with a dying raid. 2 drives (R1), In  raid1, one drive has a device error, the other is listed as degraded. Rebuild halted at some 80%, won't continue due to the device error on drive 1. Can't rebuild from drive 2 because it contains a degraded raid image, and 3ware is picky about stuff like that.

 We can get the data off the raid, it's working for that for now. 

Now, the raid device is used in an LVM volume group, (vg00) and there's another raid (R2) on the box, using 8 drives, that has about 1TB of info on. All slots are full. What to do? 



 Remove one of the second raid drives, (thus putting R2 into a degraded state) put spare drive for R1 in that slot. Remove the *degraded* drive from the first array, and create a new array with the new drive, and the degraded drive.

Now, add that new raid (R3) to vg00 by creating a physical volume on that raid, and adding it to vg00. Next is the cool bit, using pvmove, we push the data off of R1 onto R3, then we remove R1 from the volume group, and can delete that raid, and remove the drive, then replace the drive we pulled out from R2 above

All data migrated, no data loss, no service interruption. I love lvm

Couple of caveats, R3 has to be able to hold all the data that was on R1, if something happens to R1 during this time, you are in trouble (but you would be anyway, since the raid is degraded) and you have deliberately degraded R2, which could bite you in the nether regions if murphy hates you.  You could do this with an external USB drive, or any other datastore, a SAN, etc, but we didn't have that option in this case. 


 Probably other ways we could have handled this, but this worked well.




Installing Suhosin PHP 5 Protection Security Patch - Red Hat EL5 / CentOS EL5 Linux

Install Suhosin as extension

Download latest version of Suhosin, enter:

# cd /opt
# wget

Make sure you have php-devel installed:

# yum install php-devel

Compile Suhosin under PHP 5 and RHEL / CentOS EL5 Linux

Type the following commands:

# tar -zxvf suhosin-0.9.27.tgz
# cd suhosin-0.9.27
# phpize
# make
# make install

Configure Suhosin

Type the following command to create Suhosin configuration file:

# echo '' > /etc/php.d/suhosin.ini

Restart web server

Type the following command to restart httpd:

# service httpd restart

If you are using lighttpd, enter:

# service lighttpd restart

Verify Suhosin installation

Type the following command:

$ php -v

Sample output:

PHP 5.1.6 (cli) (built: Apr  7 2009 08:00:04)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins Gmb

More information can be found at
Page 9 of 9

Upcoming Linux Foundation Courses

  1. LFS230 Linux Network Management
    06 Oct » 09 Oct - Virtual
  2. LFD331 Developing Linux Device Drivers
    13 Oct » 17 Oct - Virtual
  3. LFS430 Linux Enterprise Automation
    13 Oct » 16 Oct - Virtual

View All Upcoming Courses

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board