Andrés J. Díaz

Latest Updates: admin RSS

• 

  ajdiaz 07:29:22 pm on April 3, 2009 | 0 | # |
  Tags: admin, bash, code, config, gentoo

  For last months I needed to maintain a number of heterogeneous servers for mi work, I need to do some usually actions, like update a config file, restart a service, create local users etc.

  For this purposes there are a lot of applications, like dsh (or full csm), pysh, shmux and many others (only need to perform a search in google using phrase “distributed shell”). Unfortunately for me, I want a easy-to-parse solution, because I’ve a big (really big) number of servers, and I want a single cut-based/awk parsing, and also I need to do some actions as other users (like root, for example) via sudo. Althought many of the existants solutions offers me a subset of this features, I cannot found a complete solution. So I decided to create one

  You can find the code, and some packages in the dtools development site. I was use this solution in production environment from months with excelent results, and you can feel free to use.

  Of course, its free (of freedom) software, distributed under MIT license.

  Enjoy and remember: feedback are welcome

   

• ajdiaz 10:28:30 pm on February 1, 2008 | 0 | # |
  Tags: admin, network, tips

  tcptraceroute was another friend of the network administrator. Probably you known classical traceroute, which use the TTL field in IP header to determinate the hops in the route to a specific destination. In each hop the TTL value is decreasing (according to internet protocol), and when TTL is equal to cero, a ICMP is returned to sender IP. So, the classical traceroute technique, send a UDP packet with TTL field setted to 1, and get the IP address of the first hop from returned ICMP, and likewise for other hops.

  Unfortunately, today many host are firewalled and ICMPs are blocking. The classical traceroute design fails, and we only obtain a list of useless “*”. The tcptraceroute use TCP packets instead of UDP packets, and try to connect to usual port enabling the SYN flag. If port is closed, a RST flag is returned, and if port is open then return an ACK flag. So we don’t need ICMPs anymore.

   

• ajdiaz 05:23:58 pm on January 30, 2008 | 0 | # |
  Tags: admin, code

  ssh-keysend is a tiny script written in bash which read a number of ssh public keys from a file (according to search pattern) and send these keys to remote hosts (taken from another file, also filtered by specified pattern). The remote host add these keys into authorized_keys file for specified user. Here are an example of use:

  $ ssh-keysend bill@gates 10.1.10.*
  

  This example send the key for user bill@gates and send the key to any known_host which match with the pattern 10.1.10.* (yes, it’s a regexp). The key is taken from *.pub files in ~/.ssh/ directory.

  You can get the code from launchpad ssh-keysend project page, or get the repository code with bzr:

  $ bzr get lp:ssh-keysend
  

   

• ajdiaz 05:11:33 pm on January 30, 2008 | 2 | # |
  Tags: admin, tips

  When work using a “cheap” wireless network (yes, I still have kind neighbours), each new ssh connection takes a lot of time, because a new authentication is required from the peer, but what happens if I already connected? In theory no new re-authentication is necessary, you can use existing socket to send data over the same channel of the previous connection. To enable socket manager, put the following lines in your ~/.ssh/config file:

  Host *
    ControlMaster auto
    ControlPath ~/.ssh/socket-%r@%h:%p
  

  Some situations may freeze your ssh connection, for example when the network goes down before close connection and timeout is reached, in this case the socket will also be frozen, and new connections to the same destination are no possible. Only need to remove the socket file in ~/.ssh/ directory and kill the previous session.

   

• Tags

  admin bash book code code systems nss security distributed cloud config education floss gentoo gentoo systems pkgcore config network physics quantum scripts tips university

• Boxes

  • About
  • Code
  • Contact
  • Literatura

• Blogroll

  • Connectical Planet
  • El rincón oscuro
  • Entropía
  • Hario no kai
  • Noe’s world
  • Permuy’s Blog
  • Volvoretas en mi cabeza
  • Zepelin de Chumbo

• Blog at WordPress.com
  Prologue theme by Automattic