Syndicate content
LinuxInsight - aggregated feeds
Updated: 1 hour 16 min ago

Reddit: ssh-agent Forwarding (Or How To Easily Forget Your Password To Everything)

Thu, 27/03/2014 - 1:44am

If you have to use bastion hosts (say to get at a DMZ or HA) or do a lot of scping between multiple linux machines something that can be really useful to setup is ssh-agent forwarding. This will basically take your ssh-agent session from your client computer and forward the keys to a server you connect to so on THAT server you can use the same keys to connect to another one. You can also chain this multiple times if you need to (I go from my client, to a bastion host, to one HA, to another HA behind that one on a regular basis).

You need to have ssh keys and an agent setup already. You could do something like this:

client> ssh-keygen # follow the prompts client> ssh-copy-id # copy your generated keys to two hosts client> ssh-copy-id client> ssh-agent > ~/agent # starts an agent and creates a file with the needed environmental variables client> . ~/agent # load the variables so you can get at the agent, I have this line in my .bash_login client> ssh-add # add your new keys to the agent, the password is the one you put on the keys above

So you have keys, an agent you can talk to, and two hosts those keys should work with. To setup forwarding you would create ~/.ssh/config and add these options:

Host * # entire domain ForwardAgent yes Host # specific host ForwardAgent yes Host 192.168.1.* # subnet ForwardAgent yes

Any of these will work, obviously you have to set them up for your environment. Now, as long as everything worked you should be able to do the following...

client> ssh user@host1 host1> ssh user@host2 host2>

...and nowhere in that process should you have been asked for a password. Word of warning, don't do this:

Host * ForwardAgent Yes # no no no

Reason being, any host you connect to will get your keys. If you connect to a sketchy one a malicious admin could theoretically access your private key as long as you were connected. Save this for trusted hosts. If you wanted to disable this option on a host you would set "AllowAgentForwarding no" in /etc/ssh/sshd_config and recycle the ssh service (you'll have to reconnect to the host to test it).

If you have sudo setup (setup sudo, seriously) and are okay with the security implications (you probably aren't) you can combine this with the NOPASSWD option and as long as your accounts don't age (another bad idea) you'll never need to type in a password again. That'd be a line in /etc/sudoers like this...


Which would apply to members of the 'wheel' group. Might be useful for test and development machines, terrible idea for production.

Shameless plug, I write about this stuff on my tech blog though for this little blurb I actually cover more here than on the article. Thanks for playing!

submitted by itripovermyownfeet
[link] [1 comment]

Reddit: Can someone explain to me my i should even bother setting up a normal user ?

Thu, 27/03/2014 - 1:11am

I installed Debian (no - x system) - I have my user i set up.

  • I cant do anything with it * If i want to change shit i have to SU/SUDO shit
    • Lets edit .profile - need to su
    • lets edit /var/www/index.html - nope no privs
    • lets do anything - nope no privs

Please tell me i am missing something ?

Everyone says not to log in as root, but i cant do shit unless im root. I have to SU/SUDO everything. Why not have user privs, that allow you to do shit ?

Please teach me, it just baffles my ming that there is like 2 user types.

submitted by gr1
[link] [8 comments]

LXer: What a Layperson Can Gain From an Enterprise Open Source Conference

Thu, 27/03/2014 - 1:06am
The thing to remember if you should find yourself at a workshop hosted by a person who’s “open source” company really wants to be Microsoft or Oracle is that the open source community, especially at the enterprise level, is a microcosm of the greater community from which it sprung. Don’t be disheartened by a presenter whose message is that “it’s all about the money” and that open source is nothing but another way of doing business. I promise you that two or three workshops down the road you’ll realize that person represents the minority — and that’ll make you feel very good.

Reddit: HTTPS webserver and SSHD to listen on port 443

Thu, 27/03/2014 - 12:31am

Is it possible in anyway to configure SSHD to listen on port 443 & at the same time run a HTTPS webserver?

I've found that when I reboot the server I cannot start HTTPD as I've configured SSHD to listen on port 443.

Ive found that if I bring the httpd service up first before sshd, I can still connect via ssh on port 443 and the webserver works as intended.

Would this be true, and can somebody explain why this is the case?

submitted by CronkDocker
[link] [1 comment]

Reddit: Ubuntu and the Unspoken Rules

Thu, 27/03/2014 - 12:21am
submitted by q5sys
[link] [comment]

LXer: It’s Document Freedom Day 2014: What Does that Mean for You?

Thu, 27/03/2014 - 12:19am
The answer to that question is "more than you may think" Panel: How to Enable Large-Scale Collaboration

Wed, 26/03/2014 - 11:55pm

Open source directors from Intel, Citrix and the OpenDaylight Foundation shared some of their secrets of collaborative development in an afternoon panel discussion, moderated by Linux Foundation Executive Director Jim Zemlin. 

Reddit: best linux client

Wed, 26/03/2014 - 11:36pm

best for what??? being lite or features or console based or which distro. Im using vuse. it brings the java runtime which is a bit heavy but most already have it. Vuse is open source and free as in freedom. It has a ton of plugins so you can design it for your picky needs, many features and bells and particularly switches. Im using vuse-extreme-mod from it soars. also like ktorrent and rtorrent but use vuse. I refuse to use Deluge as its piggish and buggy. pleeez seed.

submitted by bloonoise
[link] [comment]

LXer: LVM, Demystified

Wed, 26/03/2014 - 11:31pm
I've been a sysadmin for a long time, and part of being a sysadminis doing more than is humanly possible. Sometimes that means writingwicked cool scripts, sometimes it means working late, and sometimesit means learning to say no. Unfortunately, it also sometimes meanscutting corners. I confess, I've been "that guy" more than once. A goodexample is SELinux.

LXer: It takes an open-source village to make commercial software

Wed, 26/03/2014 - 10:44pm
Looking ahead, the Linux Foundation sees 80 percent of all commercial software development being based on open source.

Reddit: I mistakenly managed to install a 32bit version

Wed, 26/03/2014 - 10:08pm

Of ubunto on my system (first time linux user). Should I bother to reinstall a 64 bit version?

Thanks. If there are any benefits I will do it.

submitted by sourd1esel
[link] [9 comments]

LXer: OpenMandriva Beta out now

Wed, 26/03/2014 - 9:57pm
The first beta of the upcoming OpenMandriva 2014 has been released, improving on the alpha and on course for release in two month's time

Reddit: Intermittent fault on wireless broadcom BCM4313 after upgrading (clean install) from Linux Mint 14 to 15 and 16

Wed, 26/03/2014 - 9:55pm

My wife got a Dell M5040 a couple of years ago and I installed Mint 14 on it and she's had no problems with the network ever. Now to try and fix a problem with her audio (looks like the jack sensor problem) I tried to update the laptop with a clean OS install to mint 16 but she found it was too slow so I downgraded to 15 and she's having an intermittent problem where the wifi is still showing as connected but she completely looses connectivity to the internet. I've ran pings in the terminal and when this happens they show destination unreachable. Looking in the syslog, I see this message happening when connection drops :

Kernel: [xxxxx.xxxxxx]: wlan0: deauthenticated from xx:xx:xx:xx:xx (Reason: 7)

wpa_supplicatn[xxx]: wlan0: CTRL-EVENT-DISCONNECTED bssid xx:xx:xx:xx:xx (reason=7)

Any ideas on how to debug and fix this?

submitted by Raath
[link] [3 comments]

Reddit: Free game repositories?

Wed, 26/03/2014 - 9:34pm

I came across the command to install a great RTS called 0A.D. It was really simple:

sudo add-apt-repository ppa:wfg/0ad

sudo apt-get update

sudo apt-get install 0ad

I was wondering, are there any others like this? If so, is there a directory of them?

submitted by lugger99
[link] [1 comment]

LXer: Short Stack: Cisco's billion dollar bet and the latest version of OpenStack

Wed, 26/03/2014 - 8:59pm
This week, we look at Cisco's billion dollar cloud bet, get a look at IceHouse, the latest version of OpenStack and define Database as a Service.

LinuxInsider: Is Google Thwarting Android-x86 Development?

Wed, 26/03/2014 - 8:56pm
Has Google been spreading FUD to discourage computer makers from using an Android OS retooled to run on legacy computers? The maintainer of the Android-x86 Project has suggested that the Justice Department should investigate whether Google has been interfering with adoption of the open source code his community is developing. The release of the latest version of an open source Android OS to run as an alternative Linux distro may stall without Google's support. From Internet of Things to SDN, Open Source Collaboration Key to Tech Innovation

Wed, 26/03/2014 - 8:55pm

Open source and collaborative software development has evolved in recent years to become an essential part of technology industry innovation, said Linux Foundation Executive Director Jim Zemlin in his opening keynote at Collaboration Summit today.

Phoronix: Fedora 21 Picks Up More Features, KDE Plasma To Be A Product In F22

Wed, 26/03/2014 - 8:54pm
There were more features approved for inclusion into Fedora 21 and already talk of making a KDE Plasma Fedora product for the Fedora 22 release given its popularity...