Expat-IT Tech Bits

Home

Contact

Links

Search this site:

Categories:

/ (287)
  Admin/ (122)
    Apache/ (10)
      HTTPS-SSL/ (4)
      PHP/ (3)
      performance/ (2)
    Cherokee/ (1)
    LAN/ (4)
    LVM/ (6)
    Monitoring/ (2)
      munin/ (2)
    SSH/ (6)
    SSL/ (1)
    Samba/ (1)
    VPN-options/ (6)
      OpenVPN/ (1)
      SSH-Proxy/ (3)
      Tinc/ (1)
      sshuttle/ (1)
    backups/ (17)
      SpiderOak/ (1)
      backuppc/ (5)
      dirvish/ (1)
      misc/ (6)
      rdiff-backup/ (1)
      rsync/ (1)
      unison/ (2)
    commandLine/ (24)
      files/ (8)
      misc/ (10)
      network/ (6)
    crontab/ (1)
    databases/ (15)
      MSSQL/ (2)
      MySQL/ (8)
      Oracle/ (3)
      PostgreSQL/ (1)
    dynamicDNS/ (2)
    email/ (11)
      Dovecot/ (1)
      deliverability/ (1)
      misc/ (1)
      postfix/ (7)
      puppet/ (1)
    iptables/ (3)
    tripwire/ (1)
    virtualization/ (9)
      VMware/ (1)
      virtualBox/ (8)
  Coding/ (14)
    bash/ (1)
    gdb/ (1)
    git/ (3)
    php/ (5)
    python/ (4)
      Django/ (2)
  Education/ (1)
  Hosting/ (27)
    Amazon/ (18)
      EBS/ (3)
      EC2/ (10)
      S3/ (1)
      commandline/ (4)
    Godaddy/ (2)
    NearlyFreeSpeech/ (3)
    Rackspace/ (1)
    vpslink/ (3)
  Linux/ (30)
    Android/ (1)
    Awesome/ (3)
    CPUfreq/ (1)
    China/ (2)
    Debian/ (8)
      APT/ (3)
      WPA/ (1)
    audio/ (1)
    encryption/ (3)
    fonts/ (1)
    misc/ (6)
    remoteDesktop/ (1)
    router-bridge/ (3)
  SW/ (45)
    Micro$soft/ (1)
    browser/ (2)
      Chrome/ (1)
      Firefox/ (1)
    business/ (28)
      Drupal/ (9)
      KnowledgeTree/ (6)
      Redmine/ (2)
      SugarCRM/ (7)
      WebERP/ (2)
      WordPress/ (1)
      eGroupware/ (1)
    chat/ (1)
    email/ (1)
    fileSharing/ (2)
      btsync/ (1)
      mldonkey/ (1)
    graphics/ (2)
    research/ (2)
    website/ (6)
      blog/ (6)
        blosxom/ (3)
        rss2email/ (1)
        webgen/ (1)
  Security/ (15)
    IMchat/ (2)
    circumvention/ (2)
    cryptoCurrency/ (1)
    e-mail/ (4)
    greatFirewall/ (1)
    hacking/ (1)
    password/ (1)
    privacy/ (2)
    skype/ (1)
  Services/ (1)
    fileSharing/ (1)
  TechWriting/ (1)
  xHW/ (14)
    Lenovo/ (1)
    Motorola_A1200/ (2)
    Thinkpad_600e/ (1)
    Thinkpad_a21m/ (3)
    Thinkpad_i1300/ (1)
    Thinkpad_x24/ (1)
    USB_audio/ (1)
    scanner/ (1)
    wirelessCards/ (2)
  xLife/ (17)
    China/ (9)
      Beijing/ (5)
        OpenSource/ (3)
    Expatriation/ (1)
    Vietnam/ (7)

Archives:

  • 2016/07
  • 2016/05
  • 2016/02
  • 2016/01
  • 2015/12
  • 2015/11
  • 2015/06
  • 2015/01
  • 2014/12
  • 2014/11
  • 2014/10
  • 2014/09
  • 2014/07
  • 2014/04
  • 2014/02
  • 2014/01
  • 2013/12
  • 2013/10
  • 2013/08
  • 2013/07
  • 2013/06
  • 2013/05
  • 2013/04
  • 2013/02
  • 2013/01
  • 2012/12
  • 2012/10
  • 2012/09
  • 2012/08
  • 2012/07
  • 2012/06
  • 2012/05
  • 2012/04
  • 2012/03
  • 2012/01
  • 2011/12
  • 2011/11
  • 2011/10
  • 2011/09
  • 2011/08
  • 2011/07
  • 2011/06
  • 2011/05
  • 2011/04
  • 2011/02
  • 2010/12
  • 2010/11
  • 2010/10
  • 2010/09
  • 2010/08
  • 2010/07
  • 2010/06
  • 2010/05
  • 2010/04
  • 2010/03
  • 2010/02
  • 2010/01
  • 2009/12
  • 2009/11
  • 2009/10
  • 2009/09
  • 2009/08
  • 2009/07
  • 2009/06
  • 2009/05
  • 2009/04
  • 2009/03
  • 2009/02
  • 2009/01
  • 2008/12
  • 2008/11
  • 2008/10
  • 2008/09
  • Subscribe XML RSS Feed

    Creative Commons License
    This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
    PyBlosxom

    This site has no ads. To help with hosting, crypto donations are accepted:
    Bitcoin: 1JErV8ga9UY7wE8Bbf1KYsA5bkdh8n1Bxc
    Zcash: zcLYqtXYFEWHFtEfM6wg5eCV8frxWtZYkT8WyxvevzNC6SBgmqPS3tkg6nBarmzRzWYAurgs4ThkpkD5QgiSwxqoB7xrCxs

    Fri, 28 Sep 2012


    /Linux/encryption: Whole Disk Encryption with Debian

    Being a standard option in the Debian installer, whole disk encryption is actually remarkably easy. If you understand LVM. Because the way the Debian installer does it is to configure LVM over the encrypted disk. So for me, a pre-requisite for going down this road was to first go through a couple of desktops with just LVM on them, to get solid with LVM.

    Now that that is done, this install is LVM over encrypted disk. So easy with the Debian installer. Just one thing so far has been a little non-obvious, and that is how to find the encrypted device and manage passwords.

    /etc/crypttab gives a great clue:

    sda5_crypt UUID=ea1b9a5a-88f3-42f8-861e-666c7dd37350 none luks
    Then
    cryptsetup isLuks -v /dev/sda5
    Command successful.
    confirms that I have the location correct.
    cryptsetup luksDump /dev/sda5
    shows which key slots are occupied.
    cryptsetup luksAddKey /dev/sda5
    adds a new key to the list. Done.

    posted at: 10:11 | path: /Linux/encryption | permanent link to this entry

    Sat, 08 Sep 2012


    /Admin/SSH: One-Step Multihop SSH

    (Well, at least two hops is reliably working for me....)

    A common headache, particularly for those of us who live in China: the necessity of ssh'ing first into an intermediate machine, thence to the final destination machine. Even with SSH keys, this gets ugly to setup, and uglier to maintain in the face of frequent disconnections. Unless we can find a way to login from destop through intermediate machine to destination machine, all in one entirely passwordless step.

    The secret is to leverage SSH agent. First add AT LEAST any keys you will need after the first hop to your local desktop ssh agent, ie.

    ssh-add /home/myuser/clients/clientname/id_rsa
    Then chain two or more ssh logins together as follows:
    autossh -A -t user@intermediate-server.com ssh ubuntu@10.130.2.78

    (In this case, the 10.130.2.78 is on a private network behind a router without a public IP. intermediate-server.com is on the same private network, with a public IP.)

    autossh will automatically reconnect an disconnected SSH session. (Works best with login via SSH key.)
    -A forwards your desktop SSH agent through the first hop to the second hop.
    -t forces pseudo-tty allocation

    All hops before the destination need both -A and -t.

    In my ~/.bashrc I put this:

    alias ssh-tszz1="ssh-add /home/myuser/clients/clientname/id_rsa && autossh -A -t user@intermediate-server.com ssh ubuntu@10.130.2.78"

    so that I can login to ubuntu@10.130.2.78 in any terminal, by simply invoking:

    ssh-tszz1

    It would be more elegant to have everything configured in ~/.ssh/config, perhaps with the ProxyCommand directive and nc, but so far no success with this.

    Note that I have found the second ssh fails for some reason if there is a port number, which I found an extra pair of quotes to fix. Ie. the above, with port number 1212 added, becomes:

    alias ssh-tszz1="ssh-add /home/myuser/clients/clientname/id_rsa && autossh -A -t user@intermediate-server.com 'ssh -p 1212 ubuntu@10.130.2.78'"

    To add a third SSH hop:

    alias ssh-tszz1="ssh-add /home/myuser/clients/clientname/id_rsa && autossh -A -t user@im-server1.com 'ssh -A -t user@im-server2.com ssh ubuntu@10.130.2.78'"

    Note the second use of the "-A -t" switches, on the second ssh hop. Of course, one can make succeeding hops simpler by populating the .ssh/config file on intermediate servers, and using a alias Host from .ssh/config instead of fully specifying the ssh parameters in the original invocation, as I am doing here.

    [1] http://sshmenu.sourceforge.net/articles/transparent-mulithop.html
    [2] http://apple.stackexchange.com/questions/37184/ssh-a-doesnt-properly-enable-forwarding-of-authentication-agent-connection

    posted at: 08:07 | path: /Admin/SSH | permanent link to this entry

    Mon, 03 Sep 2012


    /Admin/commandLine/files: How to Assemble a Multi-Page PDF from the Command Line

    Note that libreoffice / openoffice will save any document as a PDF by clicking the PDF icon in the tool bar.

    To convert an image file to PDF:

    convert filename.jpg filename.pdf

    To merge all PDF's in the current directory into one:

    pdftk *.pdf cat output file.pdf

    Note that when using the '*' above, files are added to the PDF in alphabetical order.

    posted at: 01:23 | path: /Admin/commandLine/files | permanent link to this entry