2019. november 9., szombat

LFTP job management

It is a bit different than default linux job management

Send job to background

putting a job into a background:

  • start in background mode, i.e. pget remotefile.big & OR
  • start normal mode, then press ctrl + Z

exit - detaches terminal from the session, disconnects from the server
exit - again, exits lftp and sends the job to background

... and get back to it later

ps aux | grep -v grep | grep lftp | awk '{print $1}'  - find the PID for the main lft session
lftp - start lftp
attach <PID> - attach to the terminal of the background session

some more useful commands

jobs - check the status of the running jobs
wait, fg - bring the job to the foreground
kill - kills a bg job, or all of them

2019. november 8., péntek

Manage SSH public keys with github

This is just another note-to-self post.

Wouldn't be nice to have your publickey stored in someplace where you can import it to .ssh/authorized_keys? Apparently github is a very convenient place for exactly that.

Generate your digital identity (source)

Luckily you only need to do this once.
  1. In Git Bash (or your linux machine)
    1. ssh-keygen -t rsa -b 4096 -C "your_github_email@example.com
  2. Add the public key to github (source):
    1. Find your public key file. The default location is ~\.ssh\id_rsa.pub
    2. Go to https://github.com/settings/keys and add it ot your keys
  3. (optional, Windows & Putty only) Convert public key to putty format (source):
    1. Open puttygen, and:
      1. Click Conversions/Import key.
      2. Navigate to the OpenSSH private key and click Open.
      3. Under Actions / Save the generated key, select Save private key.
      4. Choose an optional passphrase to protect the private key.
      5. Save the private key as id_rsa.ppk.
    2. Open putty, and:
      1. In Session tab, load the config you want to change
      2. Open SSH/Auth, tab, Browse the id_rsa.ppk
      3. Back in the session tab, Save the config


Import the key on the server you are connecting

Yes, on all of them
  1. On your remote server, you can add the public key like this (tested on ubuntu server): ssh-import-id gh:<github_user_id>

Troubleshooting

(Putty only): make sure your client actually sends in the key. The ky file location stored with the saved session
On the remote server side:
chmod 700 ~/.ssh - to fix permission errors on the folder
chmod 600 ~/.ssh/authorized_keys - to fix permission errors on the file

2017. szeptember 19., kedd

Alpine Linux install

If you start working on Docker these days it is inevitable to run into Alpine Linux at certain point. It offers 1/10 of the size of a Debian based container (5 mb vs 50 mb), and many application stacks already offer Alpine based image to derive your micro services from. Debian can be slimmed down pretty well and there is a loyal following using it for containers and servers as well.
To try it out I decided to build a VM based on Alpine so I can evaluate it as a container image base.
Adventures in the Alpines so far:
  1. There is a pretty good starting guide, with some caveats:
    1. use bridged connection instead of nat if you want to see your vm from your host/other machines in the network, and performs better too
    2. use the latest-stable url to enable community repository, otherwise you could get some ugly kernel incompatibility errors
  2. Minimalist samba install (loosely based on this wiki page)
    1. apk add samba
    2. mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
    3. nano /etc/samba/smb.conf
    4. Enter the above to the text editor, save and exit
[global]
workgroup = WORKGROUP
netbios name = server1
security = user
map to guest = Bad User
dns proxy = no
  1. Start/enable service
    1. rc-update add samba
    2. rc-service samba start
  2. Enable ssh access
    1. nano /etc/ssh/sshd_config
    2. #PermitRootLogin prohibit-password => PermitRootLogin yes
    3. rc-service sshd restart
  3. Docker install is fairly simple
    1. apk add docker
    2. rc-update add docker boot
    3. rc-service docker start
  4. Some other utilities to install:
    1. apk add git
    2. apk add nodejs

2017. szeptember 16., szombat

CentOS howto V - Custom systemd service

  1. nano /etc/systemd/system/cloning-vat.service
[Service]
WorkingDirectory=/home/shared/cloning-vat/
ExecStart=/usr/bin/npm start
Restart=always
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=cloning-vat
User=nodejs
Group=nodejs
Environment=NODE_ENV=development

[Install]
WantedBy=multi-user.target
  1. systemctl daemon-reload
  2. systemctl enable cloning-vat
  3. systemctl start cloning-vat

CentOS howto IV - Poking holes in security (in a meaningful way)


  1. Add an existing service
    1. firewall-cmd --permanent --zone=public --add-service=https
    2. firewall-cmd --reload
  2. Create a new service (to be added as above). In this example we will be using livereload default port 35729
    1. firewall-cmd --permanent --new-service=live-reload
    2. firewall-cmd --permanent --service=live-reload --set-description="live reload"
    3. firewall-cmd --permanent --service=live-reload --set-short="live reload"
    4. firewall-cmd --permanent --service=live-reload --add-port=35729/tcp
  3. Enabling an application (node.js in this example) to bind ports <1024
    1. setcap 'cap_net_bind_service=+ep'/ usr/bin/node

CentOS howto III - Advanced samba

  1. Create shared folder and grant permissions
    1. mkdir /home/shared/
    2. chmod -R 0777 /home/shared/
    3. chown -R nobody:nobody /home/shared/
    4. chcon -t samba_share_t /home/shared/
  2. add the text below to the /etc/samba/smb.conf
[shared]
path = /home/shared
browsable = yes
guest ok = yes
read only = no
  1. Restart samba
    1. systemctl restart smb.service
    2. systemctl restart nmb.service
  2. Test samba
    1. testparm /etc/samba/smb.conf

CentOS howto II - Shared folders

  1. Install Guest additions on the guest
    1. Prerequisites on the guest OS side:
      1. yum install dkms kernel-devel
      2. yum groupinstall "Development Tools"
    2. and now the additions themselves:
      1. Devices / Insert Guest Additions CD image...
      2. mount /dev/sr0 /mnt
      3. cd /mnt
      4. ./VBoxLinuxAdditions.run
    3. Create a shared folder:
      1. Devices / Shared Folders / Shared folder settings
      2. Add new..
      3. Select "Auto mount" and "Permanent" options
      4. you can find the shared folder in /media/sf_{SHARE_NAME}
  2. Install guest additions on the host
    1. {VBoxManage} setextradata {VM_NAME} VBoxInternal2/SharedFoldersEnableSymlinksCreate/{SHARE_NAME} 1
      1. {VBoxManage} executable (ususally in C:\Program Files\Oracle\VirtualBox)
      2. {VM_NAME} is the name of the VM
      3. {SHARE_NAME} name of the share as in shared folders settings on in /media/sf_{SHARE_NAME}
    2. Run the VM as administrator. Simplest way to get that going is:
        1. In VirtualBox UI, right click on the VM and "Create Desktop shortcut"
        2. Right click on the desktop icon, properties, advanced, check "Run as administrator"
    3. Start the VM
    4. Watcher configuration: The Guest OS have 0 idea about any changes outside of its jurisdiction. In this setup this pretty much makes watching files from the Linux guest side nearly impossible - except if you use polling. This is an example take from my project's browsersync configuration, something similar must work for any other chokidar based frameworks as well.
    var sync = require("browser-sync").create();
    sync.init({
      server: 'dist',
      port: 80,
      watchOptions: {
        usePolling: true
      }
    });