pages tagged ssh http://meng6net.localhost/tag/ssh/ <p><small>Copyright © 2005-2020 by <code>Meng Lu &lt;lumeng3@gmail.com&gt;</code></small></p> Meng Lu's home page ikiwiki Tue, 29 Aug 2017 18:50:07 +0000 Examples of using ssh http://meng6net.localhost/computing/example/examples_of_using_ssh/ http://meng6net.localhost/computing/example/examples_of_using_ssh/ computing example ssh Tue, 16 May 2017 23:59:39 +0000 2017-05-16T23:59:39Z <h2>Connect to host via intermediate host</h2> <p>To connect to destination <code>host1</code> via intermediate <code>host2</code>:</p> <pre><code>$ ssh -t user2@host2 ssh user1@host1 </code></pre> <h2>References</h2> <ul> <li><a href= "http://unix.stackexchange.com/questions/41493/how-to-ssh-to-a-server-using-another-server"> stackexchange thread: How to ssh to a server using another server?</a></li> </ul> <h2>External links</h2> Installing and configuring OpenSSH http://meng6net.localhost/computing/installing_and_configuring/installing_and_configuring_openssh/ http://meng6net.localhost/computing/installing_and_configuring/installing_and_configuring_openssh/ computing configuration documentation installation note software ssh Tue, 16 May 2017 23:59:39 +0000 2017-05-16T23:59:39Z <h2>Installing</h2> <h3>macOS</h3> <ul> <li>Install MacPorts</li> <li> <p>Install OpenSSH</p> <pre><code> $ sudo port install OpenSSH </code></pre></li> </ul> <h2>Set up password-less <code>ssh</code> to remote machines</h2> <ul> <li> <p>Create a key if you don't have <code>~/.ssh/id_rsa.pub</code></p> <pre><code> $ ssh-keygen -t rsa </code></pre></li> <li> <p>Download portable OpenSSH from <a href= "http://www.openssh.com/portable.html">here</a> if you don't have a <code>ssh-copy-id</code>, then</p> <pre> <code> $ ssh-copy-id -i ~/.ssh/id_rsa.pub username@remoteserver </code></pre></li> <li> <p>Test password-less ssh</p> <pre><code> $ssh remoteserver whoami </code></pre></li> </ul> <h2>References</h2> <ul> <li><a href= "http://www.debian-administration.org/articles/152">Debian Administration: Password-less logins with OpenSSH</a></li> </ul> Installing and configuring pkgsrc http://meng6net.localhost/computing/installing_and_configuring/installing_and_configuring_pkgsrc/ http://meng6net.localhost/computing/installing_and_configuring/installing_and_configuring_pkgsrc/ computing configuration documentation homebrew installation macOS note pkgsrc software ssh to-do Sat, 08 Apr 2017 21:30:47 +0000 2017-08-29T18:50:07Z <h2>Intro to pkgsrc</h2> <p><a href="https://www.pkgsrc.org"><code>pkgsrc</code></a> is a package management system for Unix-like operating systems. It supports OS X. Therefore, it's an viable alternative to Homebrew and Macports, which are the most widely used package management systems on Mac computers. I originally became interested in trying pkgsrc because some softwares I would like to install are not available via Homebrew.</p> <h2>Install, configure, manage pkgsrc and software packages in it</h2> <h3>Installing and configuring pkgsrc on macOS (64-bit, version 10.9 or later)</h3> <p>The following is based on https://pkgsrc.joyent.com/install-on-osx/.</p> <ul> <li> <p>Copy and paste the lines below to install the 64-bit 10.9+ set.</p> <pre><code> BOOTSTRAP_TAR="bootstrap-trunk-x86_64-20170205.tar.gz" BOOTSTRAP_SHA="177e0be390b57ef9d7f61511a8169268000693df" </code></pre></li> <li> <p>Download the bootstrap kit to the current directory.</p> <pre> <code> curl -O https://pkgsrc.joyent.com/packages/Darwin/bootstrap/${BOOTSTRAP_TAR} </code></pre></li> <li> <p>Verify the SHA1 checksum.</p> <pre> <code> echo "${BOOTSTRAP_SHA} ${BOOTSTRAP_TAR}" &gt;check-shasum shasum -c check-shasum </code></pre></li> <li> <p>Verify PGP signature. This step is optional, and requires gpg.</p> <pre> <code> curl -O https://pkgsrc.joyent.com/packages/Darwin/bootstrap/${BOOTSTRAP_TAR}.asc gpg --recv-keys 0x1F32A9AD gpg --verify ${BOOTSTRAP_TAR}{.asc,} </code></pre></li> <li> <p>Install bootstrap kit to <code>/opt/pkg</code></p> <pre><code> sudo tar -zxpf ${BOOTSTRAP_TAR} -C / </code></pre></li> <li> <p>Reload <code>PATH/MANPATH</code> (pkgsrc installs <code>/etc/paths.d/10-pkgsrc</code> for new sessions)</p> <pre><code> eval $(/usr/libexec/path_helper) </code></pre></li> </ul> <h3>Installing pkgsrc on Ubuntu Linux</h3> <p>TODO</p> <h3>Installing softwares</h3> <p>There are three ways of installing softwares using pkgsrc:</p> <ol> <li>The most typical method is to build a software from source files, a.k.a. "bootstrapping";</li> <li>Another possibly easier method is to install and uninstall pre-built softwares using commands <code>pkg_add</code> and <code>pkg_delete</code>, respectively;</li> <li>Install softwares using the high-level tool <code>pkgin</code>. It's the facsimile of Ubuntu and Debian Linux's <code>apt-get</code> in pkgsrc.</li> </ol> <h3>Use pkgsrc to install softwares</h3> <p>Use pkgsrc to install some softwares that Homebrew can't.</p> <ul> <li> <p>Refresh the pkgin database with the latest version</p> <pre><code> $ sudo pkgin -y update </code></pre></li> <li> <p>Search for a package. Regular expressions are supported.</p> <pre><code> $ pkgin search "^ffmpeg[0-9]$" ffmpeg3-3.0.1 Decoding, encoding and streaming software (v3.x) ffmpeg2-2.8.6 Decoding, encoding and streaming software (v2.x) ffmpeg1-1.2.12 Decoding, encoding and streaming software (v1.x) </code></pre></li> <li> <p>Install a package without prompting</p> <pre><code> $ sudo pkgin -y install ffmpeg3 </code></pre></li> <li> <p>List all available packages</p> <pre><code> $ pkgin avail </code></pre></li> <li> <p>Upgrade all out-of-date packages</p> <pre><code> $ sudo pkgin -y full-upgrade </code></pre></li> <li> <p>Remove a package</p> <pre><code> $ sudo pkgin -y remove ffmpeg2 </code></pre></li> <li> <p>Automatically remove orphaned dependencies</p> <pre><code> $ sudo pkgin -y autoremove </code></pre></li> </ul> <h3>Use pkg_* tools to manage packages</h3> <ul> <li> <p>See what packages are installed.</p> <pre><code> $ pkg_info </code></pre></li> <li> <p>See what package a file belongs to.</p> <pre><code> $ pkg_info -Fe /opt/pkg/bin/node nodejs-4.4.3 </code></pre></li> <li> <p>List the contents of a package.</p> <pre><code> $ pkg_info -qL nodejs /opt/pkg/bin/node /opt/pkg/bin/npm [...] </code></pre></li> <li> <p>Perform an audit of all currently installed packages.</p> <pre><code> $ sudo pkg_admin fetch-pkg-vulnerabilities $ pkg_admin audit Package jasper-1.900.1nb11 has a integer-overflow vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520 Package samba-3.6.25nb3 has a privilege-escalation vulnerability, see https://www.samba.org/samba/security/CVE-2015-5299.html Package tiff-4.0.6 has a arbitrary-memory-access vulnerability, see http://www.securityfocus.com/archive/1/537205 [...] </code></pre></li> <li> <p>Create a binary package from some metadata files and package directory.</p> <pre> <code> $ pkg_create -B build-info -c comment -d description -f packlist -I /opt/pkg -p files/ -U foo-1.0.tgz </code></pre></li> </ul> <h2>Configuration file <code>mk.conf</code> for "bootstrapping"</h2> <p>After running</p> <pre><code>pkgsrc/bootstrap </code></pre> <p>it creates a example configuration file <code>../pkgsrc/bootstrap/work/mk.conf.example</code>:</p> <pre> <code># Example /usr/pkg/etc/mk.conf file produced by bootstrap-pkgsrc # Sat Feb 7 20:20:18 PST 2015 .ifdef BSD_PKG_MK # begin pkgsrc settings PKGSRC_COMPILER= clang CC= clang CXX= clang++ CPP= ${CC} -E CLANGBASE= /usr PKG_DBDIR= /var/db/pkg LOCALBASE= /usr/pkg VARBASE= /var PKG_TOOLS_BIN= /usr/pkg/sbin PKGINFODIR= info PKGMANDIR= man TOOLS_PLATFORM.awk?= /usr/pkg/bin/nawk TOOLS_PLATFORM.sed?= /usr/pkg/bin/nbsed .endif # end pkgsrc settings </code></pre> <p>Here is a version that is customized and installed at <code>/usr/pkg/etc/mk.conf</code>:</p> <pre><code>.ifdef BSD_PKG_MK # begin pkgsrc settings ABI= 64 PKGSRC_COMPILER= clang CC= clang CXX= clang++ CPP= ${CC} -E CLANGBASE= /usr PKG_DBDIR= /usr/pkg/.pkgdb LOCALBASE= /usr/pkg VARBASE= /var PKG_TOOLS_BIN= /usr/pkg/sbin PKGINFODIR= info PKGMANDIR= man TOOLS_PLATFORM.awk?= /usr/pkg/bin/nawk TOOLS_PLATFORM.sed?= /usr/pkg/bin/nbsed MULTILIB_SUPPORTED= no PREFER.openssl= pkgsrc X11_TYPE= native X11BASE= /opt/X11 .if !empty(PKGPATH:Mmail/mutt-devel) PKG_OPTIONS.mutt+= mutt-hcache mutt-smtp ncursesw sasl .endif .endif # end pkgsrc settings </code></pre> <h2>Uninstalling pkgsrc and softwares installed by it</h2> <p>Delete the following directories:</p> <pre><code>sudo rm -rf /usr/pkg sudo rm -rf /var/db/pkg* </code></pre> <p>and possibly also the source files if you used the first method:</p> <pre><code>sudo rm -rf /path/to/pkgsrc </code></pre> <h2>References</h2> <ul> <li> <p>Wikipedia, <a href= "https://en.wikipedia.org/wiki/Pkgsrc">Pkgsrc</a>.</p> </li> <li> <p>Tony Fischetti, <a href= "http://www.onthelambda.com/2013/10/14/the-state-of-package-management-on-mac-os-x/"> The state of package management on macOS</a>, Oct. 14, 2013</p> </li> <li> <p>pkgsrc: http://pkgsrc.org/</p> </li> <li> <p>pkgsrc.se: http://pkgsrc.se/</p> </li> <li> <p>pkgin: http://pkgin.net/</p> </li> <li> <p> http://www.perkin.org.uk/pages/pkgsrc-binary-packages-for-osx.html</p> </li> <li> <p> http://www.onthelambda.com/2013/10/14/the-state-of-package-management-on-mac-os-x/</p> </li> <li> <p><a href= "http://www.perkin.org.uk/pages/pkgsrc-binary-packages-for-osx.html"> <em>pkgsrc binary packages for Mac OSX</em></a>.</p> </li> </ul> Permission of .ssh files http://meng6net.localhost/blog/permission_of_.ssh_files/ http://meng6net.localhost/blog/permission_of_.ssh_files/ computing journal note permission ssh tool Thu, 26 Feb 2015 00:32:53 +0000 2017-05-16T23:59:39Z <p>A brief note about the file permissions of <code>$HOME/.ssh</code> files:</p> <pre><code>$ ls -la ~/.ssh total 136 drwx------ 17 meng _lpoperator 578 Feb 8 11:54 . drwxr-xr-x+ 115 meng _lpoperator 3910 Feb 25 16:10 .. -rw------- 1 meng _lpoperator 1671 Feb 8 11:54 config -rw------- 1 meng _lpoperator 1631 Jan 28 21:55 config~ drwxr-xr-x 4 meng _lpoperator 136 Oct 27 15:16 git-annex -rw------- 1 meng _lpoperator 3243 Jan 28 20:47 id_rsa_work -rw-r--r-- 1 meng _lpoperator 748 Jan 28 20:47 id_rsa_work.pub -rw------- 1 meng _lpoperator 1743 Jan 15 2012 id_rsa_lumengdev -rw-r--r-- 1 meng _lpoperator 402 Jan 15 2012 id_rsa_lumengdev.pub -rw-r--r-- 1 meng _lpoperator 10174 Feb 19 10:37 known_hosts -rw-r--r-- 1 meng _lpoperator 7577 Oct 9 15:29 known_hosts~ </code></pre> <ul> <li><code>$HOME/.ssh</code> folder should have permission <code>700</code>.</li> <li><code>config</code> and private/secret key files <code>id_rsa_XXX</code> should have <code>600</code>.</li> <li><code>known_hosts</code> and public/shared key files <code>id_rsa_XXX.public</code> should have <code>644</code>. And it's fine to have serveral pairs of private/secret and public/shared key files.</li> </ul> <h2>Check the default permissions of <code>.ssh</code></h2> <p>Run <code>ssh &lt;host&gt;</code> will create <code>$HOME/.ssh</code> and <code>$HOME/.ssh/known_hosts</code> file and add an entry for the <code>&lt;host&gt;</code> in it. Running <code>ssh-keygen</code> will create the public/shared and private/secret key pair files: <code>$HOME/.ssh/id_rsa.pub</code> and <code>$HOME/.ssh/id_rsa</code>. Their default permissions are</p> <pre><code>16:24:06 meng@mycomputer:~/.ssh$ ls -la total 24 drwx------ 5 meng _lpoperator 170 Feb 25 16:24 . drwxr-xr-x+ 116 meng _lpoperator 3944 Feb 25 16:23 .. -rw------- 1 meng _lpoperator 1766 Feb 25 16:24 id_rsa -rw-r--r-- 1 meng _lpoperator 404 Feb 25 16:24 id_rsa.pub -rw-r--r-- 1 meng _lpoperator 414 Feb 25 16:23 known_hosts 16:24:11 meng@mycomputer:~/.ssh$ ssh -version OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 </code></pre> <h2>References</h2> <ul> <li> http://superuser.com/questions/488718/permissions-on-ssh-causing-problems</li> </ul> /blog/permission_of_.ssh_files/#comments