Latest Updates: admin RSS

  • Distributed tools 

    ajdiaz 7:29 pm on 3 April 2009 Permalink | Reply
    Tags: admin, , , config, gentoo

    For last months I needed to maintain a number of heterogeneous servers for mi work, I need to do some usually actions, like update a config file, restart a service, create local users etc.

    For this purposes there are a lot of applications, like dsh (or full csm), pysh, shmux and many others (only need to perform a search in google using phrase “distributed shell”). Unfortunately for me, I want a easy-to-parse solution, because I’ve a big (really big) number of servers, and I want a single cut-based/awk parsing, and also I need to do some actions as other users (like root, for example) via sudo. Althought many of the existants solutions offers me a subset of this features, I cannot found a complete solution. So I decided to create one :D

    You can find the code, and some packages in the dtools development site. I was use this solution in production environment from months with excelent results, and you can feel free to use.

    Of course, its free (of freedom) software, distributed under MIT license.

    Enjoy and remember: feedback are welcome ;)

     

  • ajdiaz 10:28 pm on 1 February 2008 Permalink | Reply
    Tags: admin, ,

    tcptraceroute was another friend of the network administrator. Probably you known classical traceroute, which use the TTL field in IP header to determinate the hops in the route to a specific destination. In each hop the TTL value is decreasing (according to internet protocol), and when TTL is equal to cero, a ICMP is returned to sender IP. So, the classical traceroute technique, send a UDP packet with TTL field setted to 1, and get the IP address of the first hop from returned ICMP, and likewise for other hops.

    Unfortunately, today many host are firewalled and ICMPs are blocking. The classical traceroute design fails, and we only obtain a list of useless “*”. The tcptraceroute use TCP packets instead of UDP packets, and try to connect to usual port enabling the SYN flag. If port is closed, a RST flag is returned, and if port is open then return an ACK flag. So we don’t need ICMPs anymore.

     

  • ssh-keysend: a tool to distribute ssh keys 

    ajdiaz 5:23 pm on 30 January 2008 Permalink | Reply
    Tags: admin,

    ssh-keysend is a tiny script written in bash which read a number of ssh public keys from a file (according to search pattern) and send these keys to remote hosts (taken from another file, also filtered by specified pattern). The remote host add these keys into authorized_keys file for specified user. Here are an example of use:

    $ ssh-keysend bill@gates 10.1.10.*

    This example send the key for user bill@gates and send the key to any known_host which match with the pattern 10.1.10.* (yes, it’s a regexp). The key is taken from *.pub files in ~/.ssh/ directory.

    You can get the code from launchpad ssh-keysend project page, or get the repository code with bzr:

    $ bzr get lp:ssh-keysend
     

  • ssh socket 

    ajdiaz 5:11 pm on 30 January 2008 Permalink | Reply
    Tags: admin,

    When work using a “cheap” wireless network (yes, I still have kind neighbours), each new ssh connection takes a lot of time, because a new authentication is required from the peer, but what happens if I already connected? In theory no new re-authentication is necessary, you can use existing socket to send data over the same channel of the previous connection. To enable socket manager, put the following lines in your ~/.ssh/config file:

    Host *
  ControlMaster auto
  ControlPath ~/.ssh/socket-%r@%h:%p

    Some situations may freeze your ssh connection, for example when the network goes down before close connection and timeout is reached, in this case the socket will also be frozen, and new connections to the same destination are no possible. Only need to remove the socket file in ~/.ssh/ directory and kill the previous session.

     

    • hario 11:08 pm on 31 January 2008 Permalink | Reply

      Great tip! I wonder why this does not come preconfigured with OpenSSH… it is savaing me a lot of time at home :D

    • Quatro por Quatro 10:21 am on 4 April 2008 Permalink | Reply

      Use a command to terminate an active ssh connection:

      ssh -S “${control_socket}” -O exit
      “${REMOTE_HOST}”

c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
l
go to login
h
show/hide help
esc
cancel