Numerous times i have met the expression SASL/GSSAPI. I have searched Google many times, but i simply do no understand what it is and how it relate to Kerberos.
Anybody that have a simple explanation on this?
Does ssh-keygen -t rsa work if only set for root user
i.e, if the username on local system is sodium and i generate the key using the above said command and on the remote system if i place the key in /root/.ssh authorized_keys ,this works.
But on the remote system if the key is placed in /home/natrium/.ssh authorized_keys
This still prompts for a password.Is this the expected behavior or is that some thing wrong in the above procedure
Thanks..
How to configure ntop so I can get the amount of upload traffic sent through a certain port ?
I've added port in ntop/protocol.list, restarted ntop and after some time I've checked Summary - Traffic - TCP/UDP Traffic Port Distribution: Last Minute View, but data from that table is not too relevant.
I think there is much more about this ntop that I don't know (configuration, usage).
I have tried this case by using the NAT function in iptables but fail
example.
PC A IP is 1.1.1.1 (Win7)
My Server IP is 2.2.2.2 (CentOS 6.2)
target Server B is 3.3.3.3 (Windows server 2003)
Flow: PC A WanIP -- My Server A -- Server B (WanIP)
My iptables rules:
1. iptables -t nat -A PREROUTING -d 2.2.2.2 -p tcp --dport 80 -j DNAT --to-destination 3.3.3.3:80
2. iptables -t nat -A POSTROUTING -d 2.2.2.2 -j MASQUERADE
finally, i can access server B website by enter 2.2.2.2:80
but when i checked the access log at Server B
i found it's source address had been changed to src:2.2.2.2 dst:3.3.3.3
please help me to do how to get the real address is src:1.1.1.1 dst:3.3.3.3
I'm using Debian Lenny and I want to tunnel rtorrent only through a OpenVPN tunnel.
I have a tunnel running, the config file looks like this:
client
dev tun
proto udp
remote openvpn.xxx.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/xxx/keys/ca.crt
cert /etc/openvpn/xxx/keys/client.crt
key /etc/openvpn/xxx/keys/client.key
tls-auth /etc/openvpn/xxx/keys/tls.key 1
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
script-security 3
reneg-sec 0
My idea is that I could run a sockd proxy internally that redirects traffic to the openvpn tunnel. I could use the *nix "proxifier" application "tsocks" to make it possible for rtorrent to connect through that proxy (as rtorrent doesn't support proxies).
I have trouble configuring sockd as my IP inside the VPN changes every time I connect. This is a config file someone said would help:
http://ircpimps.org/sockd.conf
As my IP changes at each connect I don't know what to put in that config file. I have no control over the host side config file.
Any help wanted. Any other method is very welcome.
I have create a script to start a server(my first question). Now I want it to run on the system boot and start the defined server. What should I do to get this done?
My findings tell me put this file in /etc/init.d location and it will execute when the system will boot. But I am not able to understand how the first argument on the startup will be start? Is this predefined somewhere to use start as $1? If I want to have a case startall that will start all the servers in the script, then what are the options I can manage.
My Script is like this:
#!/bin/bash
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
$0 stop
$0 start
;;
*)
echo "usage: $0 (start|stop|restart)"
;;
esac
Does anyone know the best way to configure Ubuntu to use a SOCKS5 proxy for all network traffic? Server is ubuntu server - all cli. So I cannot set via the Proxy Settings GUI. We want to push all outbound traffic through the proxy (apt-get, http, https, etc). I do need to separate ssh traffic so it stays locally. Everything else should hit the proxy server. not that it matters, but I'm using Squid for the proxy server.
I know this is easy on Mac and Windows as you can set a proxy on the actual network interface. Can you do the same on Ubuntu?
I have Virtualbox running on Windows Vista, and Debian running inside Virtualbox. Everything's running great, for the most part. Everything looks correct.
But when I'm in full-screen mode, the top edge seems to act (to the mouse) like it's the bottom edge, and the left edge seems to act like the right edge. For example, if I click in the middle of the desktop and drag left, as if to select some icons, when I hit the very leftmost pixel of the screen, the selection (but not the mouse pointer) jumps to the far right edge of the screen).
For the left edge, it's not such a big deal, but not having the top edge is kind of annoying: it means I can't select things from the menu in my top panel by slamming the mouse against the top of the screen.
Anyone seen this before? Is there some way to make this work?
Thanks!
I've setup a git-svn repo with cron to fetch from the svn repo daily. I have a script to do the fetching, and this is what is invoked by cron. Everything is fine with the repo, and the script works fine when executed manually.
However, when it runs under cron, empty files get dropped into the .git directory. The files have names that look like they are some base64 output, e.g. juTrvjP6m8 and kcKf3hu3b4. Two of these files show up for every cron run. I thought these might be commit hashes, but they're not, git-show says it's an unknown revision.
I set-up the repo as follows:
git svn init http://svn.ip.addr/repo
git svn fetch svn-remote
My script looks like this:
cd /gitsvn/dir
git svn fetch svn-remote
git svn push pub
The last line pushes the repo to a separate (bare) public repo from which others can clone.
I'm piping the output from the cron job to a file, which looks like this:
fatal: unable to run 'git-svn'
Counting objects: 21, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (10/10), done.
Writing objects: 100% (11/11), 59.08 KiB, done.
Total 11 (delta 8), reused 0 (delta 0)
To /gitpub/repo.git
360faf5..a153b0d trunk -> trunk
The line "fatal: unable to run 'git-svn'" is alarming, but the fetch seems to go ahead anyway. Any suggestions? Where are these empty garbage files coming from, and how to stop them? Am I in for bigger problems in the future?
BTW, I'm using git 1.6.3.3.
I don't know much about ruby, much less how or what is involved with hosting a ruby on rails web app.
BUT, I recall hearing someone saying that they have to run multiple mongrels b/c of a limit of 50 threads?
Is this true (or something similiar)?
Why does it have this limitation?
I have an older version already installed.
I have upraded the package using setup.py install command. But the path is not correctly set. When I type "s3cmd" is shows the older version of software.
# s3cmd
s3cmd [options] <command> [arg(s)] version 1.2.6
--help -h --verbose -v --dryrun -n
# which s3cmd
/usr/local/bin/s3cmd
The correct version is in different folder and I will like that to be used whenever I type the command.
# /usr/bin/s3cmd
Consider using --configure parameter to create one.
How do I set path?
I have added path to .bash_profile file but it does not work.
PATH=$PATH:/usr/bin/s3cmd
I'm going to be moving about 7-10 websites (5-8 with Databases - MySQL) onto our new Virtual Private Server. I'm curious what the best way to host many sites on a single server is though. Do I create a directory for each site immediately within my root directory, and then point the domain names for each site to http://123.123.123.123/siteDirectory - or is there a more appropriate way to do this?
I'm very interested in maintining control over how many concurent connections each site can have at any given time - would I be able to do that on the directory-level, or am I required to limit the concurrent-connections to the VPS itself?
I need to send a request to CUPS server with the specific request-user parameter - remote_user instead of local_user. How should I set the local CUPS server?
There is a script which calls other scripts and they call others... I don't know exactly which scripts are called and how many of them. I only know that some of them are adding iptables rules and I get this error when I call root script.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
My problem is that I can not find which script outputs this errors. Is there any way or tool to learn that?
i've got some questions about how it works:
so ubuntu server comes with postfix installed.
if i want my php script to send a mail to lets say [email protected], how does it work?
do i have to specify any ip to another MTA (my ISP's MTA?) in postfix's configuration file?
and if someone sends back, will it get to my ip? is it postfix that receives it? or has it to do with fetchmail?
We have a cyrus 2.4.12 on Debian, we use packages, rather than building each software ourselves.
I am getting the this "log" constantly, a lot of, various users, and 8-10 times per user request:
fetching user_deny.db entry for 'user123'
I have searched for it, but haven't found a real solution, there were some patches for 2.3.xx, but we don't want ot build it, we prefer to use packages.
Is there any solution to disable the user_deny.db at all. We don't need this feature. It wastes the CPU as disk.
How to configure ntop so I can get the amount of upload traffic sent through a certain port ?
I've added port in ntop/protocol.list, restarted ntop and after some time I've checked Summary - Traffic - TCP/UDP Traffic Port Distribution: Last Minute View, but data from that table is not too relevant.
I think there is much more about this ntop that I don't know (configuration, usage).
I'm trying to figure out how to operate a rather large Java program, 'prog'. If I go to its /bin/ dir and configure its setenv.sh and prog.sh to use local directories and my current user account. Then I try to run it via "./prog.sh start". Here are all the relevant bits of prog.sh:
USER=(my current account)
_CMD="/opt/jdk/bin/java -server -Xmx768m -classpath "${CLASSPATH}" -jar "${DIR}/prog.jar""
case "${ACTION}" in
start)
nohup su ${USER} -c "exec ${_CMD} >>${_LOGFILE} 2>&1" >/dev/null &
echo $! >${_PID}
echo "Prog running. PID="`cat ${_PID}`
;;
stop)
PID=`cat ${_PID} 2>/dev/null`
echo "Shutting down prog: ${PID}
kill -QUIT ${PID} 2>/dev/null
kill ${PID} 2>/dev/null
kill -KILL ${PID} 2>/dev/null
rm -f ${_PID}
echo "STOPPED `date`" >>${_LOGFILE}
;;
When I actually do ./prog.sh start, it starts. But I can't find it at all on the process list. Nor can I kill it manually, using the same command the shell script uses. But I can tell it's running, because if I do ./prog.sh stop, it stops (and some temporary files elsewhere clean themselves out).
./prog.sh start
Prog running. PID=1234
ps eaux | grep 1234
ps eaux | grep -i prog.jar
ps eaux >> pslist.txt
(It's not there either by PID or any clear name I can find: prog, java or jar.)
cd /proc/1234/
-bash: cd: /proc/1234/: No such file or directory
kill -QUIT 1234
kill 1234
kill -KILL 1234
-bash: kill: (1234) - No such process
./prog.sh stop
Shutting down prog: 1234
As far as I can tell, the process is running yet not in any way listed by the system. I can't find it in ps or /proc/, nor can I kill it. But the shell script can still stop it properly. So my question is, how can something like this happen? Is the process supremely hidden, actually unlisted, or am I just missing it in some fashion? I'm trying to figure out what makes this program tick, and I can barely prove that it's ticking!
Edit:
ps eu | grep prog.sh (after having restarted; so random PID)
50038 19381 0.0 0.0 4412 632 pts/3 S+ 16:09 0:00 grep prog.sh HOSTNAME=machine.server.com TERM=vt100 SHELL=/bin/bash HISTSIZE=1000 SSH_CLIENT=::[STUFF] 1754 22 CVSROOT=:[DIR] SSH_TTY=/dev/pts/3 ANT_HOME=/opt/apache-ant-1.7.1 USER=[USER] LS_COLORS=[COLORS] SSH_AUTH_SOCK=[DIR] KDEDIR=/usr MAIL=[DIR] PATH=[DIRS] INPUTRC=/etc/inputrc PWD=[PWD] JAVA_HOME=/opt/jdk1.6.0_21 LANG=en_US.UTF-8 SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass M2_HOME=/opt/apache-maven-2.2.1 SHLVL=1 HOME=[~] LOGNAME=[USER] SSH_CONNECTION=::[STUFF] LESSOPEN=|/usr/bin/lesspipe.sh %s G_BROKEN_FILENAMES=1 _=/bin/grep OLDPWD=[DIR]
I just realized that the stop) part of prog.sh isn't actually a guarantee that the process it claims to be stopping is running -- it just tries to kill the PID and suppresses all output then deletes the temporary file and manually inserts STOPPED into the log file. So I'm no longer so certain that the process is always running when I ps for it, although the code sample above indicates that it at least runs erratically. I'll continue looking into this undocumented behemoth when I return to work tomorrow.
Is it possible to edit the sudoers file so a user can use sudo for any command except for a specified one? I reverse is true, I believe, that the sudoers file can be setup so that a user can only execute a given list of commands.
EDIT:
the commands I really want to take away are halt and reboot... this makes me think there are special system calls for halt and reboot. Can you take system calls away from a user? If not, is it because the unix permission system abstracts over system calls neglecting this?
Has anyone else come across this?
After about as much of a fresh install as i can muster without buying new drives, and after walking through the amd64 alternate install with ease, and after a little 'pre-splash' screen where the orange dots under the (very sexy) new ubuntu logo blink away, I'm left with a vista of purple hues and logo plonked in the middle, with the dots not going anywhere.
I was at this same position last night at 3 in the morning, left it lying overnight, and nothing had changed, so I'm pretty sure its frozen, but when i go in and inspect /var/log/* in the recovery console, no errors, no complaints, no problems.
I'm at my wits end and am just about ready to try anything. If this was on SO I'd be bountying, but if anyone can help you'll just have to cope with my thanks!
Additional Details on my blog and my first attempt at asking for help
We have a collocated server on which we run some OpenVZ hosts. Recently, we have had to pay a lot extra we keep exceeding our bandwidth quota. Our quota is 5 Mb/s but we have spike to almost 50. I looked at the graphs and there are some spikes happening at some intervals. I want to know which process is causing this so I need a tool that monitors the processes and gives me the one with the maximum instant traffic (It doesn't matter how much traffic we have as long as we don't exceed the 5Mb/s quota). Does anyone have a recommendation for this? My hosts are CentOS 5 with OpenVZ so I can see all the containter processes from the host, if that helps in any way.
I've been trying to solve this for a while, but I'm admittedly quite stumped.
I just started up a new server and was setting up OpenSSH to use key-based SSH logins, but I've run into quite a dilemma. All the guides are relatively similar, and I was following them closely (despite having done this once before). I triple checked my work to see if I would notice some obvious screw up - but nothing is apparent. As far as I can tell, I haven't done anything wrong (and I've checked very closely).
If it's any help, on my end I'm using Cygwin and the server is running Ubuntu 12.04.1 LTS.
Anyways, here is the output (I've removed/censored some parts for privacy (primarily anything with my name, website, or its IP address), but I can assure you that nothing is wrong there):
$ ssh user@host -v
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Connecting to host [ipaddress] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 24:68:c3:d8:13:f8:61:94:f2:95:34:d1:e2:6d:e7:d7
debug1: Host 'host' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:2
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).
What can I do to resolve my problem?
USB drive is in read only state and I can't repair it.
First of all I tried erase it using dd:
root@yurko-laptop:/home/yurko-laptop# ls -l /dev/disk/by-id | grep usb
lrwxrwxrwx 1 root root 9 ??? 18 23:45 usb-Generic_Flash_Disk_C173828A-0:0 -> ../../sdb
lrwxrwxrwx 1 root root 10 ??? 18 23:45 usb-Generic_Flash_Disk_C173828A-0:0-part1 -> ../../sdb1
root@yurko-laptop:/home/yurko-laptop# dd if=/dev/zero of=/dev/sdb
dd: ?????? ? «/dev/sdb»: ?? ?????????? ????????? ?????
8257537+0 ??????? ???????
8257536+0 ??????? ????????
??????????? 4227858432 ????? (4,2 GB), 942,633 c, 4,5 MB/c
After that I wanted to create new filesystem using fdisk:
root@yurko-laptop:/home/yurko-laptop# fdisk /dev/sdb
You will not be able to write the partition table.
WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
switch off the mode (command 'c') and change display units to
sectors (command 'u').
Command (m for help): p
Disk /dev/sdb: 4227 MB, 4227858432 bytes
4 heads, 63 sectors/track, 32768 cylinders
Units = cylinders of 252 * 512 = 129024 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
/dev/sdb1 18 32768 4126596 b W95 FAT32
Command (m for help):
fdisk showed that the partition still exists and I can't write the partition table.
I tried to delete the existing partition:
Command (m for help): d
Selected partition 1
Command (m for help): w
Unable to write /dev/sdb
root@yurko-laptop:/home/yurko-laptop#
Why am I not be able to write the partition table?
Does it mean that some hardware failure occurred?
And is it possible to repair the current USB drive?
I've tried to use hdparm and it showed that the readonly flag is on:
root@yurko-laptop:/home/yurko-laptop# hdparm /dev/sdb
/dev/sdb:
SG_IO: bad/missing sense data, sb[]: f0 00 05 00 00 00 00 0a 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
multcount = 0 (off)
readonly = 1 (on)
readahead = 256 (on)
geometry = 1016/131/62, sectors = 8257536, start = 0