Wednesday, 23 May 2012

Set up password-less SSH login using ssh-keygen and ssh-copy-id

Logging in remote systems without password is very useful in system administration. It can be used for executing command on remote systems, copying files to other systems using rsync/rdist.

For the past few years, I have been manually setting up the key trust between systems. Here are the steps I followed.

Suppose I need to login to localserver from remoteserver using account scripter without password.

1. generate public-private key pair on localserver
$ ssh-keygen -t dsa
    you can use either dsa or rsa.

2. copy scripter's public key to remoteserver
$ scp id_dsa.pub remoteserver:
3. on remoteserver, append the public key copied in step 2 to ~scripter/.ssh/authorized_keys
$ cat id_dsa.pub >> ~scripter/.ssh/authorized_keys
    if ~scripter/.ssh doesn't exist, manually create it

4. on localserver the directory and files are auto-generated, so the permissions are correct, on remoteserver, as we manually created the directories, we need to make the permissions are correct.
$ chmod 700 ~scripter/.ssh
$ chmod 600 ~scripter/.ssh/authorized_keys

After all these steps, we can login from localserver to remoteserver without entering password:
$ ssh remoteserver hostname
remoteserver

The steps are quite easy, but can it be easier?
Yes! recently I learned the script ssh-copy-id from a forum post, to set up key trust from localserver to remoteserver using ssh-keygen and ssh-copy-id
1. generate public-private key pair on localserver
$ ssh-keygen -t dsa
2. copy the public key from localserver to remoteserver, and set up the key trust
$ ssh-copy-id -i ~scripter/.ssh/id_dsa.pub \
scripter@remoteserver
After you entering the password, everything is set up for you, you can log in remotely without password
$ ssh remoteserver hostname
remoteserver
ssh-copy-id saves us all the troubles of creating files and setting up the proper permission :)

Friday, 18 May 2012

Use telnet to test SMTP server

Besides testing HTTP server, telnet can also be used to test SMTP server

below is the testing I did on my linux box

$ telnet localhost 25
220 redhat.localdomain ESMTP Postfix
ehlo abc.com
250-redhat.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: scripter@linux.com
250 2.1.0 OK
rcpt to: nonexsit
550 5.1.1 <nonexist>: Recipient address rejected: User unknown in local recipient table
rcpt to:tom
250 2.1.5 OK
data
354 End data with <CR><LF>.<CR><LF>
Subject: hi this is subject
this is email body

more chars
.
250 2.0.0 OK: queued as 25AE12AD1
quit
221 2.0.0 Bye

in /var/spool/mail/tom will see the email we just sent

please note the lines starting with numbers are the output returned by SMTP server, the numbers are the status code, search "smtp status code" for more details.
"ehlo", "mail from:", "rcpt to:", "data", "quit" are the commands sent to SMTP server.


Tuesday, 8 May 2012

Use telnet to test HTTP server

A few year ago, I managed a few hundred of servers, they provide HTTP service using Apache.
I often need to test the HTTP service on these servers.

I used telnet for my testing

C:\>telnet www.redhat.com 80
GET /robots.txt HTTP/1.1
host: www.redhat.com


HTTP/1.1 200 OK
Server: Apache
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Last-Modified: Fri, 27 Jan 2012 23:35:31 GMT
Accept-Ranges: bytes
Content-Length: 484
Content-Type: text/plain; charset=UTF-8
Cache-Control: no-cache
Date: Tue, 08 May 2012 12:20:11 GMT
Connection: keep-alive

User-agent: *
Disallow: /apps/download/results.html
Disallow: /apps/search/results.html
Disallow: /apps/user/
Disallow: /apps/user/*
Disallow: /WebX/*
Disallow: /webx/*
Disallow: /WebX/*
Disallow: /test_community/
Disallow: /test_community/*
Disallow: /network
Disallow: /archives/redhat-install-list/2000-September/msg00588.html
Disallow: /search
Disallow: /search*
Disallow: /mailman/listinfo/ceylon-core
Disallow: /mailman/private/ceylon-core/
Disallow: /mailman/admin/ceylon-core

Friday, 4 May 2012

Copy files from one server to another

In my work, I often need to copy files or whole directories between different servers. These are the ways I used often:

1. scp
scp -r directory remote:/path/to/directory

2. tar + ssh
tar -zcpf - directory | ssh remote tar -zxpf \
-C /path/to/directory
in Solaris, there is no -C -z flag, so I use:
tar -cpf - directory | ssh remote \
"(cd /path/to/directory; tar -xpf -)"

3. rsync over ssh
I have a central server, everyday there are some new files generated in one directory. I need to push this directory to remote servers everyday.
It's possible to schedule some cronjob to scp or tar + ssh this directory, But it will copy the whole directory everyday. To use rsync, we only need to copy the changes to this directory.
rync -e ssh -az --delete directory \
remote:/path/to/directory

4. nc + tar
A few years ago, I need to copy huge amount of data to a remote data center in another country, while exploring ways to copy the data, I found this utility nc.
But nc doesn't encrypt the data, I only tested it within the same data center.

on remote server:
cd /path/to/directory
nc -l -p 8888 | tar -zxvf -

on source server:
tar -czf - directory | nc remote 8888

on the remote server, I used -v flag, so I could monitor the copying progress.