Linux.com

Home Linux Community Community Blogs

Community Blogs



SSH Tunnel between two machines

Here's another nice and short post about SSH and tunnels

Here's something I did in the past for working through DMZ machines, let me explain this scenario:
Immagine you've an UNIX machine inside a DMZ and you'd like to get some data from another host located inside the dmz green area, you've two options for it:

  1. Make a pinhole in the firewall (bad bad bad)
  2. Create a tunnel from the green area to the host inside the DMZ so the dmz machine can use that tunnel to remote forwarding ports from green machine

Obviously we'll discuss option number two :-)

Let's place an example for a quick and dirty explaination

Protected machine inside the dmz green area (protected) : lets' call it "green"
Machine inside dmz yellow area, used for web services from outside/inside: let's call it "yellow"
Service port to tunnel: 3306 from green to 6033 to yellow.
Yes, I'd like to transport MySQL (everything else works as well) from green to yellow so applications on yellow can normally open the database located on green.
Green also decides when and how to handle and keep the connection in order to preserve its data.

So, what's next ?
Let me assume you can ssh from green to yellow without passwords, you've already exported ssh rsa public/private keys from a machine to another (or maybe it could be a good argument for the next post :-) ), so all you have to do is open a tunnel in this way:

REMOTE_HOST=yellow
REMOTE_PORT=6033
LOCAL_HOST=green
LOCAL_PORT=3306

ssh -2 -f -q -T -N -R $REMOTE_PORT:$LOCAL_HOST:$LOCAL_PORT$REMOTE_HOST &

Issue this command on green machine and you'll have 6033 port opened on yellow, try to use mysql command line utility to open a database on green and see what happens.

Hope it helps someone, I've used it in the past to transport data from a db to another but you can even use for something else: JSON on HTTPD (80) and so on

 

**** UPDATE ****
See SSH Tunnel between two machines (part two) for an automatic script and use it easily
**** ****

 

Cheers

Andrea (Ben) Benini

 

SSH Tunnel between two machines (part two)

Here's a script for using SSH Tunnel between two machines discussed before, this script automates tunnel creation and if you add it in your cron you can even check for existence and restore it when broken, let's see the script first:

#!/bin/bash
# Description : SSH Tunnel between two machines for forwarding remote MySQL port
# Author: Andrea Benini (Ben)
# See configuration for details on ports

# Configuration
REMOTE_HOST=yellow
REMOTE_PORT=6033
LOCAL_HOST=green
LOCAL_PORT=3306

# No changes needed below this line
COMMAND_LINE="ssh -2 -f -q -T -N -R $REMOTE_PORT:$LOCAL_HOST:$LOCAL_PORT $REMOTE_HOST &"
COMMAND_SEARCH=`ps x -o args|grep "^$COMMAND_LINE"`

if [ "$COMMAND_SEARCH" == "" ]; then
echo "Restarting Tunnel to $REMOTE_HOST"
$COMMAND_LINE
exit
fi

The script restarts the tunnel by itself when broken, not active, shutdown or else
You can insert it into cron to check for it every 5 minutes or to enable it at the end of the day (you say "two db sync at 20pm" ? yes it is !)

Edit your cron by inserting:

# every 10 minutes
# check tunnel availability
*/10 * * * * $HOME/cmd/ssh.tunnel.support 1>/dev/null 2>&1

and here it is !

Hope it help someone

Andrea Ben Benini

 

Welcome to my blog

Helllo everebody from far far Russia where wild bears walks onthe street.

I`m glad this site opened and based on Joomla.

And.. I found a bug - I cant write to blog in Opera (almost favourite browser in Russia actually) 

 

testing

i need some space for testing,

while () { print; }

 

no linebreaks, no spaces :-(

does  anybody know how to format code here?

 try this:

while () {

    print;

}

 

 

Optimize Web server with 1 IP Public for many web server IP local By Tukang Nggame

If we have one Ip Public, but our web server more then one. How to configuration with apache webserver ? Tukang Nggame have tips. Follow example network topology :

wbsvr-1,wbsvr-2,etc -----main-server(public)--------client-browser

wbsvr-1 is a local webserver 1, example http://192.168.1.1/tukang-nggame/
wbsvr-2 is a local webserver 2, example http://192.168.1.2/tukangnggame/
main-server(public) is main web server, exh http://www.example.com


In Main Server use Apache web server and Isntall mod proxy-html. This command at console :

#apt-get install libapache2-mod-proxy-html

Enable that module (make link module) with command at console :
 
 #ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enabled/proxy_html.load
 #ln -s /etc/apache2/mods-available/proxy_http.conf /etc/apache2/mods-enabled/proxy_html.conf

Edit configuration /etc/apache2/apache2.conf (main server)


Order Deny,Allow
Allow from All
ProxyPass http://192.168.1.1/tukang-nggame/
ProxyPassReverse   http://192.168.1.1/tukang-nggame/
< /Location >


Order Deny,Allow
Allow from All
ProxyPass http://192.168.1.2/tukangnggame/
ProxyPassReverse   http://192.168.1.2/tukangnggame/
< /Location >

Restart apache server in main server with command at console.
 #/etc/init.d/apache2 restart

 Then browse from client-browser
 http://192.168.1.1/tukang-nggame/ with url http://www.example.com/tukang-nggame/
 http://192.168.1.1/tukangnggame/ with url http://www.example.com/tukangnggame/

Don't forget last url with slash (/).

Bingo !

 

Deleting NewFolder .exe virus

Windows has been evolving over time but what remains is their dedicated support to viruses. Out of the many famous viruses, the NewFolder.exe virus has been there for a very long time and pathetically no antivirus company is able to detect and remove this virus.

 NewFolder.exe is a notorious virus that creeps into your pendrive every time you plug into some public system. This virus can be very tedious to manually delete that too if you have a lot of nested directories. One quick solution to this problem is to plug in the pendrive on a Linux machine and run the following code.

Before I give you the code, I'll explain you how it works. Newfolder.exe virus generally creates an executable with the same name as your parent folder followed by a space and the extension .exe ie. If you have a folder named foo, then the virus creates an executable with the name foo .exe. People do not name normal executables with any space before their file extension. The following command will look for all executables that are having a space followed by .exe and delete them.

NOTE: If you have any valid executable having a space preceding the file extension, this command will delete it too. So make sure that executables of such format are not present in your pendrive.

To delete the virus:

  1. Open Terminal
  2. Navigate to the location where your pendrive is mounted.
  3. Type the following command and press enter

sudo find -iwholename *\ .exe -delete

PS: sudo is required if you have any files with no rw permissions. Most of the files will not require sudo.

 

My Beowulf Cluster - Performance Stats

I recently ran into the idea of building a small beowulf cluster in my home. After some googling and after reading some articles from blogs, I was in a position to create my own beowulf cluster. I clustered my Desktop(Intel Dual Core - 1.6 GHz) and my Laptop(Intel Core 2 Duo 1.83GHz). I spent almost 15 hours figuring how to make my desktop and laptop communicate. After three or four futile attempts, I made these two machines talk to each other and execute programs on them parallelly :D. I'm using MPICH-1 to run parallel programs on both the machines. Both the machines run Ubuntu operating system but the cluster can be configured easily on any other distribution very easily.

I've written a HowTo here - 

I ran a program to calculate the value of PI and find the error of PI from the actual value. The follow are its summary.
Performance Statistics:

---------*Run 1: Laptop alone* ----------

pi is approximately 3.1415926535898224, Error is 0.0000000000000293
wall clock time = 3.753598

-------*Run 2: Laptop + Desktop but with only 1 core enabled in my Desktop*------

pi is approximately 3.1415926535898047, Error is 0.0000000000000115
wall clock time = 2.172729

-------*Run 3: Laptop + Two Cores in Desktop* ----

pi is approximately 3.1415926535898047, Error is 0.0000000000000115
wall clock time = 2.167609

-------------------------------------------------------------

 

Setting Static IP address in Linux

To assign a static IP address, just open the terminal and type the following
sudo ifconfig eth0 your_ip_adddress

Here eth0 is the name of your NIC(Network Interface Card). You need super user privileges to do static IP assignment. Its recommended that the IP you assign is in the range 10.xx.xx.xx or in the range 192.168.xx.xx.


 

Building a Beowulf Cluster in just 13 steps


What are Clusters

A computer cluster is a group of linked computers, working together closely so that in many respects they form a single computer. Clusters are generally connected by a fast Local Area Network. Parallel programs that run on one of the nodes uses the processing power of all the nodes and produces the result. Generally clusters are tightly coupled ie. All the motherboards will be stacked into a single cabinet and connected using some interconnection network. They'll share RAM, Hard Disk and other peripherals. Operating System runs on one of the nodes and controls the activities of other nodes. For more on Clusters, refer the Wiki Page.

What is a Beowulf Cluster

Beowulf Clusters are cheap clusters created using off the shelf components. You can create a Beowulf cluster with just a few crap computers and an ethernet segment in your backyard. Although they don't give you top-notch performance, their performance is many-fold better than a single computer. A variant of Beowulf Clusters allows OS to run on every node and still allow parallel processing. And this is what exactly we're going to do here.

Kick Start Your Cluster
Prerequisites
  1. Atleast Two Computers with a Linux Distribution installed in it(I'll use Ubuntu 8.04 here).  Make sure that your system has GCC installed in it.
  2. A network connection between them. If you have just two computers, you can connect them using an ethernet wire. Make sure that IP addresses are assigned to them. If you dont have a router to assign IP, you can statically assign them IP addresses. Click Here to know how to assign static IP addresses.
  3. Eagerness to learn(I'm sure you have it!!!)

Rest of the document will assume that we are having two computers having host names node0 and node1. Let node0 be the master node.

  1. The following steps are to be done for every node
  2. Add the nodes to the /etc/hosts file. Open this file using your favourite text editor and add your node's IP address followed by its host name. Give one node information per line. For example,

    node0 10.1.1.1
    node1 10.1.1.2
  3. Create a new user in both the nodes. Let us call this new user as mpiuser. You can create a new user through GUI by going to System->Administration->Users and Groups and click "Add User". Create a new user called mpiuser and give it a password. Give administrative privileges to that user. Make sure that you create the same user on all nodes. Although same password on all the nodes is not necessary, it is recommended that you do so because it'll eliminate the need to remember passwords for every node.
  4. Now download and install ssh-server in every node. Execute the command sudo apt­-get install openssh­server in every machine.
  5. Now logout from your session and log in as mpiuser.
  6. Open terminal and type the following ssh-keygen -t dsa. This command will generate a new ssh key. On executing this command, it'll ask for a paraphrase. Leave it blank as we want to create a passwordless ssh (Assuming that you've a trusted LAN with no security issues).
  7. A folder called .ssh will be created in your home directory. Its a hidden folder. This folder will contain a file id_dsa.pub that contains your public key. Now copy this key to another file called authorized_keys in the same directory. Execute the command in the terminal cd /home/mpiuser/.ssh; cat id_dsa.pub >> authorized_keys;.
  8. Now download MPICH from the following website(MPICH1). Please download the MPICH 1.xx version from the website. Do not download MPICH 2 version. I was unable to get MPICH 2 to work in the cluster.
  9. Untar the archive and navigate into the directory in the terminal. Execute the following commands:
    mkdir /home/mpiuser/mpich1
    ./configure --prefix=/home/mpiuser/mpich1
    make
    make install
  10. Open the file .bashrc in your home directory. If file does not exist, create one. Copy the following code into that file
    export PATH=/home/mpiuser/mpich1/bin:$PATH
    export PATH
    LD_LIBRARY_PATH="/home/mpiuser/mpich1/lib:$LD_LIBRARY_PATH"
    export LD_LIBRARY_PATH
  11. Now we'll define the path to MPICH for SSH. Run the following command: sudo echo /home/mpiuser/mpich1/bin >> /etc/environment
  12. Now logout and login back into the user mpiuser.
  13. In the folder mpich1, within the sub-directory share or util/machines/ a file called machines.LINUX will be found. Open that file and add the hostnames of all nodes except the home node ie. If you're editing the machines.LINUX file of node0, then that file will contain host names of all nodes except node0. By default MPICH executes a copy of the program in the home node. The machines.LINUX file for the machine node0 is as follows

    node1 : 2

    The number after : indicates number of cores available in each of the nodes.
Cluster is Ready!!

Your cluster is ready!!! You can test run your programs by compiling the code available in the examples directory within mpich1 directory. Since example files have a MakeFile associated with them, you can compile the code by simply typing make command in the terminal after navigating to the corresponding directory.

To execute your code, make sure that the executable is at the same path in all nodes ie. If "foo" is your executable present in the path /home/mpiuser/mpich1/example/foo in node0, then that executable must be present in the same path in all other nodes.

To execute the code foo, type the following command in terminal after navigating to the location of the executable: mpirun -np 2 foo. Its enough to run the command in any one of the nodes, but make sure that the executable file is present in the same path in all the nodes. Here mpirun is the command that will run our program in all the nodes specified in the machines.LINUX file. "-np 2" flag indicates the number of processes to be spawned. Here we spawn two processes. By default one process will be spawned in the home node. Since here we used "-np 2", two processes will be spawned, one in the host machine and other in the node listed in the machines.LINUX file. If the machines.LINUX file has 10 nodes listed and "-np 2" flag is used, only the node represented by the first entry in the file is attached to the cluster.

Fallacies and Pitfalls
  • Usually RSH is used in place of SSH. But since SSH is so easily configurable, we stick with SSH. Moreover SSH is secure than RSH
  • Do not use MPICH2. I was unable to get MPICH2 to work properly
  • Make sure that your executable is there in same location in all the nodes

The whole process can be further simplified, if we could set up a Network File System and mount that directory in all the nodes. Thus changes made in the directory in one node will reflect to all the other nodes. Instructions on how to get this working are available in the following references.

 

References

This tutorial can be expanded to add more features such as NFS etc. Please refer to the following links for comprehensive tutorials.

- MPICH Ubuntu Cluster
https://help.ubuntu.com/community/MpichCluster
- Using MPICH to build a small beowulf cluster

http://www.linuxjournal.com/article/5690
http://www.mcs.anl.gov/research/projects/mpi/mpich1/
__________________________________________________
The whole document is a verbatim reproduction of my own earlier article at ceglug.org -  http://www.ceglug.org/articles/tutorials/cluster/cluster.php
 

Let's see, whats going on....

This is obviousely my first article.
 

Restoring Ubuntu Settings from Old Installation

If you are a hard-core Ubuntu fan and keep customizing ubuntu, you're sure be a victim of the loss of customization after a fresh install. You can always recustomize it but its boring and irritating. To solve this problem, you can use YourGnome, a software that can backup your Gnome settings and restore them in ONE SINGLE CLICK. YourGnome is actually a shell script that does all the magic. Its a fantastic project and you can find its home page here - http://code.google.com/p/yourgnome/.

Firefox and Pidgin's settings are yet another important softwares which one would want to have their settings restored. This is again very simple.

Firefox Restore:

To restore firefox settings, just copy the .mozilla folder in home folder of your old installation to the home folder of your new installation. Just replace the existing .mozilla folder. This will do all good and no harm :D

Pidgin Restore:

Pidgin configuration restoration is also as simple as for Firefox. Just copy the .purple folder from old install's home folder to the new installation's home folder.


 
Page 135 of 142

Upcoming Linux Foundation Courses

  1. LFS230 Linux Network Management
    06 Oct » 09 Oct - Virtual
    Details
  2. LFD331 Developing Linux Device Drivers
    13 Oct » 17 Oct - Virtual
    Details
  3. LFS430 Linux Enterprise Automation
    13 Oct » 16 Oct - Virtual
    Details

View All Upcoming Courses


Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board