Linux.com

Community Blogs



SSH Tunnel between two machines (part two)

Here's a script for using SSH Tunnel between two machines discussed before, this script automates tunnel creation and if you add it in your cron you can even check for existence and restore it when broken, let's see the script first:

#!/bin/bash
# Description : SSH Tunnel between two machines for forwarding remote MySQL port
# Author: Andrea Benini (Ben)
# See configuration for details on ports

# Configuration
REMOTE_HOST=yellow
REMOTE_PORT=6033
LOCAL_HOST=green
LOCAL_PORT=3306

# No changes needed below this line
COMMAND_LINE="ssh -2 -f -q -T -N -R $REMOTE_PORT:$LOCAL_HOST:$LOCAL_PORT $REMOTE_HOST &"
COMMAND_SEARCH=`ps x -o args|grep "^$COMMAND_LINE"`

if [ "$COMMAND_SEARCH" == "" ]; then
echo "Restarting Tunnel to $REMOTE_HOST"
$COMMAND_LINE
exit
fi

The script restarts the tunnel by itself when broken, not active, shutdown or else
You can insert it into cron to check for it every 5 minutes or to enable it at the end of the day (you say "two db sync at 20pm" ? yes it is !)

Edit your cron by inserting:

# every 10 minutes
# check tunnel availability
*/10 * * * * $HOME/cmd/ssh.tunnel.support 1>/dev/null 2>&1

and here it is !

Hope it help someone

Andrea Ben Benini

 

SSH to server without password using RSA key

I came across a requirement for automatically logging into the server without entering password, This can done using the RSA

Simple Way (Better to try this)

1.Run the following command on the client (from where you want to access the
server)
#ssh-keygen -t rsa

2.id_rsa and id_rsa.pub files will be created inside $HOME/.ssh

3.Copy id_rsa.pub to the server's .ssh directory

#mkdir $HOME/.ssh
#scp $HOME/.ssh/id_rsa.pub user@server:/home/user/.ssh

4.Change to /root/.ssh and create file authorized_keys containing id_rsa content
#cd /home/user/.ssh
#cat id_rsa >> authorized_keys

5.You can try ssh to the server from the client and no password will be needed
#ssh user@server

6.enable rsa authentication in /etc/ssh/sshd_config in both the servers
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

7.Restart sshd service ( service sshd restart)

A much more complex way

In the server where you want to give access
#ssh-keygen -t rsa

Give password

This will create two files Private key and public key in $HOME/.ssh/id_rsa.pub and $HOME/.ssh/id_rsa

#scp /root/.ssh/id_rsa.pub This e-mail address is being protected from spambots. You need JavaScript enabled to view it .*.*:/home/test/.ssh/
# scp /root/.ssh/id_rsa This e-mail address is being protected from spambots. You need JavaScript enabled to view it .*.*:/home/test/.ssh/
#exec ssh-agent bash
#ssh-add /root/.ssh/id_rsa

Remote Side

Create a user
#Useradd test
#Passwd test
#su - test

$mkdir /home/test/.ssh
$chmod 700 .ssh
$cat /home/test/.ssh/id_rsa >> /home/test/.ssh/ authorized_keys (if ssh2 then use authorized_keys2)

$ exec ssh-agent bash
$ssh-add /root/.ssh/id_rsa

 

LVM to the rescue

Scenario. Have a system with a dying raid. 2 drives (R1), In  raid1, one drive has a device error, the other is listed as degraded. Rebuild halted at some 80%, won't continue due to the device error on drive 1. Can't rebuild from drive 2 because it contains a degraded raid image, and 3ware is picky about stuff like that.

 We can get the data off the raid, it's working for that for now. 

Now, the raid device is used in an LVM volume group, (vg00) and there's another raid (R2) on the box, using 8 drives, that has about 1TB of info on. All slots are full. What to do? 

 

Solution:

 Remove one of the second raid drives, (thus putting R2 into a degraded state) put spare drive for R1 in that slot. Remove the *degraded* drive from the first array, and create a new array with the new drive, and the degraded drive.

Now, add that new raid (R3) to vg00 by creating a physical volume on that raid, and adding it to vg00. Next is the cool bit, using pvmove, we push the data off of R1 onto R3, then we remove R1 from the volume group, and can delete that raid, and remove the drive, then replace the drive we pulled out from R2 above

All data migrated, no data loss, no service interruption. I love lvm

Couple of caveats, R3 has to be able to hold all the data that was on R1, if something happens to R1 during this time, you are in trouble (but you would be anyway, since the raid is degraded) and you have deliberately degraded R2, which could bite you in the nether regions if murphy hates you.  You could do this with an external USB drive, or any other datastore, a SAN, etc, but we didn't have that option in this case. 

 

 Probably other ways we could have handled this, but this worked well.

 

 

 

Installing Suhosin PHP 5 Protection Security Patch - Red Hat EL5 / CentOS EL5 Linux

Install Suhosin as extension

Download latest version of Suhosin, enter:

# cd /opt
# wget http://download.suhosin.org/suhosin-0.9.27.tgz

Make sure you have php-devel installed:

# yum install php-devel

Compile Suhosin under PHP 5 and RHEL / CentOS EL5 Linux

Type the following commands:

# tar -zxvf suhosin-0.9.27.tgz
# cd suhosin-0.9.27
# phpize
#./configure
# make
# make install

Configure Suhosin

Type the following command to create Suhosin configuration file:

# echo 'extension=suhosin.so' > /etc/php.d/suhosin.ini

Restart web server

Type the following command to restart httpd:

# service httpd restart

If you are using lighttpd, enter:

# service lighttpd restart

Verify Suhosin installation

Type the following command:

$ php -v

Sample output:

PHP 5.1.6 (cli) (built: Apr  7 2009 08:00:04)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins Gmb

More information can be found at http://www.hardened-php.net/suhosin/
 
Page 9 of 9

Upcoming Linux Foundation Courses

  1. LFD331 Developing Linux Device Drivers
    25 Aug » 29 Aug - Virtual
    Details
  2. LFD411 Embedded Linux Development
    25 Aug » 29 Aug - Santa Clara, CA
    Details
  3. LFS422 High Availability Linux Architecture
    08 Sep » 11 Sep - Raleigh, NC
    Details

View All Upcoming Courses


Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board