Welcome to my website. I am always posting links to photo albums, art, technology and other creations. Everything that you will see on my numerous personal sites is powered by the formVistaTM Website Management Engine.

icon.linkedin.jpgicon.twitter.jpg

  • Subscribe to this RSS Feed
  • Setting Up Passwordless SSH Under CentOS 6 Running Selinux
    08/22/2013 8:52PM

    I am setting up a cluster of KVM virtual machines and want to be able to ssh to them as the root user on the vm without having to enter a password.

    The first thing that I did was create keys on the box from which I was going to make connections (A):

    [rchapin@A .ssh]$ ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/usr/local2/home/rchapin/.ssh/id_rsa):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /usr/local2/home/rchapin/.ssh/id_rsa.
    Your public key has been saved in /usr/local2/home/rchapin/.ssh/id_rsa.pub.
    The key fingerprint is:
    6a:ca:57:31:23:30:67:8c:9d:de:78:53:14:90:16:6e rchapin@A
    The key's randomart image is:
    +--[ RSA 2048]----+
    |     + .o=o.     |
    |    + *.o .      |
    |     * +E.       |
    |      +.B        |
    |       oS=       |
    |       ..        |
    |      o.         |
    |   . o.          |
    |    o.           |
    +-----------------+

    After which I scp the id_rsa.pub file to the remote box

    [rchapin@A ~]$ scp ./id_rsa.pub root@B:/root/

    Then ssh to the remote box, create the ~/.ssh directory, copy the contents of the id_rsa.pub file into ~/.ssh/authorized_keys and set the permissions on all of the files.

    [root@B ~]# mkdir .ssh
    [root@B ~]# chmod 700 .ssh
    [root@B ~]# cat ~/id_rsa.pub > authorized_keys
    [root@B ~]# chmod 600 authorized_keys

    The first problem was that it wasn't accepting the key and was giving me the password prompt.

    After a quick search regarding passwordless ssh and Selinux I did the following:

    [root@B .ssh]# restorecon -R -v /root/.ssh/
    restorecon reset /root/.ssh context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:ssh_home_t:s0
    restorecon reset /root/.ssh/authorized_keys2 context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:ssh_home_t:s0

    Now I received the error:

    [rchapin@A .ssh]$ ssh root@B
    Agent admitted failure to sign using the key.

    Another quick search and all I had to do was add the key on the A box and I was all set

    [rchapin@A.ssh]$ ssh-add
    [rchapin@A.ssh]$ ssh root@B
    Last login: Thu Aug 22 20:40:54 2013 from A
    [root@B ~]#


  • jsbeautifier.org: Beautify, unpack or deobfuscate JavaScript and HTML, make JSON/JSONP readable, etc.
    08/22/2013 2:24PM
    The title of this entry is straight from the http://jsbeautifier.org/ website and says it all.
  • Splitting a String into an Array with a Custom Delimiter in a Bash Shell Script
    08/20/2013 12:27PM

    Most high level languages have some sort of String.split([delimiter]) method to create an array of Strings tokenized by a user specified delimiter.  This is a simple way to convert a CSV into an array.

    Here is a quick way to do that in a bash shell script:

    #!/bin/bash

    SOURCE_STRING='foo|blah|moo'

    # Save the initial Interal Field Separator
    OIFS="$IFS"

    # Set the IFS to a custom delimiter
    IFS='|'

    read -a TOKENS <<< "${SOURCE_STRING}"

    for i in "${TOKENS[@]}"
    do
       echo "$i"
    done

    # Reset original IFS
    IFS="$OIFS"


  • Running VisualVM to Examine a JVM on a Remote Host Via an SSH Tunnel/Proxy Connection
    07/12/2013 11:21AM
    VisualVM is a great tool for peering into a running JVM.  In many cases, it won't be one that is running on your local box.

    The first thing to be done is to get jstatd running on the remote machine:

    Create a security policy file on the remote machine (this assumes that you have an additional layer of security and that the outside world cannot access these ports and/or you have a VPN set-up and you are operating in that enclave):

    $ cd ~

    $ more jstatd.all.policy

    grant codebase "file:${java.home}/../lib/tools.jar" {

       permission java.security.AllPermission;

    };

    Next run jstatd on the remote machine:

    $ jstatd -J-Djava.security.policy=/fully/qualified/path/to/jstatd.all.policy

    On the local machine set up an SSH connection through which you will tunnel your VisualVM connection:

    $ ssh -D localhost:9696 rchapin@remote.machine.to.proxy.to

    On the local machine fire up jvisualvm

    $ jvisualvm

    Go to:  Tools > Options > Network:

    Check 'Manual proxy settings':
    Add localhost and port 9696 to the SOCKS Proxy setting
    Under the Applications Tab, Right-click on 'Remote' and select 'Add Remote Host'

    Add the remote user name or ip (if you are running the RMI registry on a different port select Advanced and configure as necessary).

    Once added the remote JVMs that are running as the same user as your local user will be displayed and you can connect to them as normal
  • Setting up an HTTP Proxy over SSH in Chrome under Fedora Core 18 Linux
    07/12/2013 10:15AM

    At least under the FC 18 distro, there was no fancy GUI controls in the Advanced Settings for setting up an HTTP proxy over SSH for Chrome.

    To get it all set up:

    • Establish and ssh connection to the server to which you want to proxy:
      • $ ssh -D localhost:1234 username@remote.server,  where 1234 is the port number you want to use for the proxy
    • Run google-chrome from the command line passing it the proxy setting:
      • $ google-chrome --proxy-server=socks5://localhost:1234
Advanced Search

Categories

Archives