sudo sed -i 's/jaunty/karmic/g' /etc/apt/sources.list
Thursday, 27 August 2009
Find and replace with sed
I use this when switching distributions, and I need to add the new distro name to sources.list
Wednesday, 19 August 2009
DNS Hijacking, filtering and OpenDNS
With witless clowns like Senator Stephen Conroy pushing for draconian mandatory net filtering these days smart people should consider using a service such as OpenDNS rather than the DNS service provided by their ISP.
Simply put 208.67.222.222 and 208.67.220.220 in your /etc/hosts file and you are good to go.
However you should note that OpenDNS use "services" such as redirecting "domain not found" errors to a search page to fund their operations rather than letting your browser display the appropriate error as it should do. This also effects things such as ping. If I ping a domain name that does not exist I should get a response "unknown host", whereas with OpenDNS it will resolve to the OpenDNS page and the ping will receive a reply as if the nonexistent domain actually exists.
Even if you don't use OpenDNS, more and more ISP's these days have also taken to hijacking invalid domain requests and sending the standard "domain not found" error to their own (partner) advertisment pages.
There are a few ways to mitigate this behaviour. The easiest is to put the following line in your /etc/hosts file
This will cause the redirection to go to your locahost adaptor. If you are running a service (ie web server) on port 80 then it will resolve to its default page and it won't solve the successful ping to bogus domain problem described above. This is a less than perfect solution.
The best solution is to use dnsmasq on your gateway. Dnsmasq is a combined DHCP and DNS server and is easy to set up.
Once you have it set up, simply put the ipaddress that is returned from a bogus ping into your /etc/dnsmasq.conf file. In my case I have;
and normal service will be resumed!
Simply put 208.67.222.222 and 208.67.220.220 in your /etc/hosts file and you are good to go.
However you should note that OpenDNS use "services" such as redirecting "domain not found" errors to a search page to fund their operations rather than letting your browser display the appropriate error as it should do. This also effects things such as ping. If I ping a domain name that does not exist I should get a response "unknown host", whereas with OpenDNS it will resolve to the OpenDNS page and the ping will receive a reply as if the nonexistent domain actually exists.
Even if you don't use OpenDNS, more and more ISP's these days have also taken to hijacking invalid domain requests and sending the standard "domain not found" error to their own (partner) advertisment pages.
There are a few ways to mitigate this behaviour. The easiest is to put the following line in your /etc/hosts file
127.0.0.1 hit-nxdomain.opendns.comThis will cause the redirection to go to your locahost adaptor. If you are running a service (ie web server) on port 80 then it will resolve to its default page and it won't solve the successful ping to bogus domain problem described above. This is a less than perfect solution.
The best solution is to use dnsmasq on your gateway. Dnsmasq is a combined DHCP and DNS server and is easy to set up.
Once you have it set up, simply put the ipaddress that is returned from a bogus ping into your /etc/dnsmasq.conf file. In my case I have;
bogus-nxdomain=208.67.216.132
bogus-nxdomain=208.67.219.132and normal service will be resumed!
Wednesday, 12 August 2009
HOWTO: Passwordless SSH using a public key
If you find yourself logging in to machines regularly or you want to include ssh commands in a script, for example using rsync to backup then you don't want to have to enter a password every time. In such cases you can use a public key.
The first thing we need to do is create a ssh key pair on the client host. Make sure that you login as the user who will be connecting to the server. In this case I am using the root user.
First, we should check whether there is already a keypair for our user;
If there are files
Creating an ssh key pair (press [enter] for each question asked);
You can check your new keys by looking in the .ssh folder
The one we are interested in here is the public key which ends with
On the server, we will need to login as the root user;
Now, we should have the public key file that we copied earlier in our root directory. Let's double check that;
Great, it is there! We need to add this key to the root users authorized_keys file;
We can test that this worked by going back to our client PC and logging into the server via ssh;
If it didn't ask you to enter a password then you are cooking with gas!
The first thing we need to do is create a ssh key pair on the client host. Make sure that you login as the user who will be connecting to the server. In this case I am using the root user.
Warning: If your user already has a key pair then you should skip this step otherwise you may overwrite your existing key and potentially cause problems for other services that may already rely on them.
First, we should check whether there is already a keypair for our user;
ls -al ~/.ssh/
known_hostsIf there are files
id_rsa and id_rsa.pub (or similar) listed then you already have a keypair and you should skip this step.Creating an ssh key pair (press [enter] for each question asked);
ssh-keygenNote: It is important that you don't enter a passphrase when asked to! If you did just run the command again, it will overwrite the key you just created.
You can check your new keys by looking in the .ssh folder
root@client:~# ls .ssh/
id_rsa id_rsa.pub known_hostsThe one we are interested in here is the public key which ends with
.pub. We need to copy this file to /root on the server. Note: You can do this via scp or copy it onto a thumbdrive or even type it in from a printout if you like! I will leave it up to you to decide the best method in your situation.
On the server, we will need to login as the root user;
Now, we should have the public key file that we copied earlier in our root directory. Let's double check that;
root@server:~# ls -al *.pub
-rw-r--r-- 1 root root 392 2010-08-02 08:22 id_rsa.pubGreat, it is there! We need to add this key to the root users authorized_keys file;
cat id_rsa.pub >> .ssh/authorized_keysWe can test that this worked by going back to our client PC and logging into the server via ssh;
root@client:~# ssh root@server
Linux server 2.6.32-25-generic-pae #44-Ubuntu SMP Fri Sep 17 21:57:48 UTC 2010 i686 GNU/Linux
Ubuntu 10.04.1 LTS
Welcome to Ubuntu!
* Documentation: https://help.ubuntu.com/
Last login: Thu Oct 14 15:38:57 2010 from client
root@server:~# If it didn't ask you to enter a password then you are cooking with gas!
Tuesday, 4 August 2009
Virtualbox3 Headless with Bridged Networking
Note: This howto is now outdated due to changes introduced in Virtualbox 3.1x
See this post for an updated version.
As of karmic koala, Vbox 3 is provided via the standard Ubuntu repos. Unfortunately, this is the OSE version and it does not appear to work headless.
So, we have to download the "free" version from the Sun (soon to be Oracle?) website, which is currently here
At the time of writing there was no Karmic build, so I used the Jaunty package (virtualbox-3.0_3.0.4-50677_Ubuntu_jaunty_i386.deb)
Before we can install the deb, we will also need to install some dependencies.
Now we can install the virtualbox deb that we downloaded earlier.
NOTE: When I installed this for the nth time I received the following error:
Next, add your user account to the vboxusers group
Virtualbox machines that you create will by default go in your home directory
Ensure vboxusers have appropriate permissions to the kernel
/etc/udev/rules.d/40-permissions.rules
Creating a virtual machine
Create a machine named "io"
Configure it with a nic bridged to eth0
Create a virtual DVD link called "dvd" to an ISO image on the server
Connect the DVD to the virtual machine
Assign "io" 128Mb RAM, enable acpi and set to boot from DVD
Create an 8Gb virtual HDD named "io-sda.vdi"
Assign that Virtual Drive Image to "io"
Because we are installing Ubuntu Server as a guest we need to enable PAE
Using the virtual machine
Start the machine
On a GUI workstation, establish a remote desktop connection to the machine
Congratulations, you are now up and running!
After you have installed the OS, you need to remove the DVD and instruct the machine to boot from the hdd.
You can also deregister the dvd image if you don't intend to use it again.
Note: When I installed Ubuntu Server the network autodetection didn't work. After installation was completed there was no eth0 present. I simply added the following to /etc/network/interfaces
and was then up and running
Other useful commands;
See this post for an updated version.
As of karmic koala, Vbox 3 is provided via the standard Ubuntu repos. Unfortunately, this is the OSE version and it does not appear to work headless.
So, we have to download the "free" version from the Sun (soon to be Oracle?) website, which is currently here
At the time of writing there was no Karmic build, so I used the Jaunty package (virtualbox-3.0_3.0.4-50677_Ubuntu_jaunty_i386.deb)
Before we can install the deb, we will also need to install some dependencies.
sudo apt-get install python2.5 libcurl3 dkms libqt4-network libqtgui4 libxslt1.1
Now we can install the virtualbox deb that we downloaded earlier.
sudo dpkg -i virtualbox-3.0_3.0.4-50677_Ubuntu_jaunty_i386.deb
NOTE: When I installed this for the nth time I received the following error:
virtualbox-3.0.postinst: 118: /etc/init.d/vboxdrv: not found
Next, add your user account to the vboxusers group
sudo adduser brettg vboxusers
Virtualbox machines that you create will by default go in your home directory
/home/brettg/.VirtualBox/
Ensure vboxusers have appropriate permissions to the kernel
sudo vi /etc/udev/rules.d/40-permissions.rules
/etc/udev/rules.d/40-permissions.rules
KERNEL=="vboxdrv", GROUP="vboxusers", MODE="0660"
Creating a virtual machine
Create a machine named "io"
VBoxManage createvm -name io -register
Configure it with a nic bridged to eth0
VBoxManage modifyvm io --nic1 bridged --bridgeadapter1 eth0
Create a virtual DVD link called "dvd" to an ISO image on the server
VBoxManage registerimage dvd /store/archive/ISO/ubuntu-8.04-server-i386.iso
Connect the DVD to the virtual machine
VBoxManage modifyvm io -dvd /store/archive/ISO/ubuntu-8.04-server-i386.iso
Assign "io" 128Mb RAM, enable acpi and set to boot from DVD
VBoxManage modifyvm io -memory 128MB -acpi on -boot1 dvd
Create an 8Gb virtual HDD named "io-sda.vdi"
VBoxManage createvdi -filename io-sda.vdi -size 8000 -register
Assign that Virtual Drive Image to "io"
VBoxManage modifyvm io -hda io-sda.vdi
Because we are installing Ubuntu Server as a guest we need to enable PAE
VBoxManage modifyvm io -pae on
Using the virtual machine
Start the machine
VBoxHeadless -startvm "io" &
On a GUI workstation, establish a remote desktop connection to the machine
rdesktop -a 16 io:3389
Congratulations, you are now up and running!
After you have installed the OS, you need to remove the DVD and instruct the machine to boot from the hdd.
VBoxManage modifyvm "io" -dvd none
You can also deregister the dvd image if you don't intend to use it again.
VBoxManage unregisterimage dvd /store/archive/ISO/ubuntu-8.04-server-i386.iso
Note: When I installed Ubuntu Server the network autodetection didn't work. After installation was completed there was no eth0 present. I simply added the following to /etc/network/interfaces
auto eth0
iface eth0 inet dhcp
and was then up and running
Other useful commands;
VBoxManage showvminfo io
VBoxManage list hdds
VBoxManage list runningvms
VBoxManage controlvm io poweroff
VBoxManage controlvm "io" savestate
Monday, 3 August 2009
Problems adding permissions in vmware server
Stop the web management service
Edit the authorisation file
locate this line;
Change it to read;
Restart the management service
sudo /etc/init.d/vmware-mgmt stopEdit the authorisation file
vi /etc/vmware/hostd/authorization.xmllocate this line;
"11 "Change it to read;
"12 "Restart the management service
/etc/init.d/vmware-mgmt start
Subscribe to:
Posts (Atom)