Linux thoughts from a linux Geek (aka GEEX)

MENTAL NOTE from http://moze.koze.net/?p=81 Converting SSL-certificates from CRT format to PEM

Dovecot, for example, seems to expect pem-files, while RapidSSL only issues crt-files. The solution? Use OpenSSL to convert (via the DER-format) to pem:

openssl x509 -in input.crt -out input.der -outform DER

then

openssl x509 -in input.der -inform DER -out output.pem -outform PEM

Today Oracle launched a paper that focus the gains of Oracle solutions over Solaris VS IBM solutions over AIX.

You can find the paper here.

After reading the entire paper I find it quite tendentious.

I’m not a Oracle/SPARC fan nor a IBM/Aix fan, although I’ve worked with both for years, my favorite OS is Linux, and well i also Solaris a bit. So why do I find it tendentious:

1 – The way it’s written, for every user comment they say a slightly positive thing about IBM, but the really good thing is Oracle/Solaris.

2 – I don’t doubt that the interviews were conducted I’m almost sure the people were selected. As I told before I like Linux, if i want i can manage to get 20 sys admins that will focus that Linux is better than Solaris, I just have to select the right ones. Although I know it’s not the case in many issues, it is others. Everyone likes to defend it’s favorite technology.

SSH is extremely versatile and although the use of tunnels is a well know feature of ssh the reverse tunnel is not. First where can you use a reverse tunnel? Imagine that you need to service a server/desktop that is behind a firewall and the only communication available is must be started on the host behind the firewall.

Usually I write about technical stuff, or my rc cars, but this time I’m going to write about cloud computing, which isn’t that technical.

While reading two magazines today one had in the cover “Cloud computing you can’t afford to leave this one out” and the other “Cloud computing a must for every company”.

So, if your in IT certainly heard about cloud computing, but lets start by defining cloud computing; cloud computing is is a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or control over the technology infrastructure in the “cloud” that supports them (Wikipedia definition).

Having said this you probably are using the cloud, if you use gmail,hotmail, or something like that, apart from the mail service you may be using picasa storage, dropbox, or even HI5 or Facebook to share photos and if you use a blog is probable that’s on the cloud too.  But the cloud concept is wider. Imagine that your company as all the info on the cloud, all the applications that support your business, and that your systems are on the cloud too. You just leave your cheap PC clients, or thin clients, or whatever equipment you use to connect to the Internet and your piece of the cloud.

In theory this is a great tool, you won’t have to worry about uptime, backups, system maintenance, sys admins, power failures,air conditioning, but on the other end you’ll be dependent on your providers and your ISP. You won’t be free to change and you won’t be so versatile, your choices will be your providers choices and in the end applications and systems won’t be made to suit your needs but they’ll suit part of your needs and all your provider needs. Apart from that you’ll probably end spending more than you would if you had your own IT.

Sometime ago I was thinking in using amazon S3 for backing up my personal  data, photos, personal movies, my documents, as well as my family ones. Right now I’ve a BackupPC on a server to do it all and backing up about 3.5TB of info. With my usage profile amazon would cost me about 350€ a month, so as fast as I though in using amazon I lost the idea of using it, with 2 month of service I could buy a new server to do all the backup and with another month of service I could pay electric bill,space, and man work hour for a year.

Then a client that happily uses Sugar CRM, heard about “the cloud” and thought that easily could migrate sugar to SalesForce and all the applications on the company to Google Apps. So we asked for prices and the price of the cloud was about 960% more than the regular prices of applications and Sugar licenses, and this including all the system maintenance, space and electric costs.

So I started wondering, in the end I don’t see people pay less for the cloud usage, I see people having a smaller initial cost that in the end will be much greater than the original one.

I’m sure many of you had already made your own investigations about the cloud? Are you getting to the same conclusions?

Till now I’ve been writing  about costs, now lets get to  flexibility and limitations.

Usually when talking about the cloud everyone sells you that the cloud is flexible, that the cloud will suit your needs and that it will grow when your business grow and get smaller when your business is going through a bad time.

In the end your cloud won’t be that flexible, most of “cloud providers” will have well established limits on amount of CPU usage/time, there will be limits on bandwidth, limits on connections per second and if you need to pass those limits you’ll be paying a lot for it. Then the small letter of the contract, sometimes you can have more processor power because you needed it but then you have to keep it for the minimum period, sometimes a year or even more.

But well the cloud is cutting edge innovation so this is something worth paying for. Once again this isn’t totally true, IBM as a cloud scheme running for decades, corporate clients may pay for processor, MIPs, processor time and memory usage. Apart from IBM, other companies worked like this for ages, companies like HP, SUN, and others.

So what’s new? In my opinion the news are the way you interact with the cloud, making the browser the central part and unification point. The larger bandwidth available today also made this possible and the content is much richer.

I can see a really good usage for the home user who don’t want to worry with tech things, I see youtube, twitter, hi5, facebook and others growing and companies using those with a business mind, honestly I don’t see companies putting their secrets, their know how, their experience, and their core on the hand of a cloud, I may be wrong but right now I don’t see it moving that way (maybe I need glasses). I see a big fuss on the cloud as I’ve seen the .com bubble and IT recession, I’ve seen the thin-client revolution and the virtualization boom, now I see the cloud hype and in a few months or years something new will come up and all this will be forgotten. I’ll see companies moving towards a new hype and I investors spending they bucks on something else.

So to conclude; I don’t think the cloud is a must, I think it’s something that you already had with a different name, and  it became an hype because of a lot of marketing and publicity. If you think a little bit you’ll see who wins  with all the hypes, usually isn’t your company nor mine.

Cheers,

Pedro Oliveira

My last post was quite controversial as I wrote about an authentication form using the password on the command line. Today I’ll be writing about how to login without password prompting but also about ssh-agent, secure RSA keys and how to execute remote commands with ssh.

First of all you need to generate a RSA key:

ssh-keygen -t rsa

accept the default location, and then protect the certificate with a password.

By now in your $HOME/.ssh folder you have at least these two files id_rsa.pub and id_rsa. The .pub file is the file that contains your public RSA key part, as the name says it’s public and you can use it to authenticate with remote hosts, the id_rsa file is the private part of your key and no1 else besides you should have access to it. Nevertheless we also protect the key with a password so if someone access it it won’t be a big problem.

Now, to use the “passwordless” authentication you need to copy the content of id_rsa.pub to the $HOME/.ssh/authorized_keys on the remote machine, if the file doesn’t exists please create it before. If you want do this in a simple command line just type the following:

cat $HOME/.ssh/id_rsa.pub | ssh YOUR_USER@REMOTE_SERVER “cat >> ./ssh/authorized_keys”

It will ask you the password just the first time. And your done.

But now every time you use the certificate it will ask you for the certificate password not the user at server one (and this because you protected your certificate, if you didn’t protect it you would be logged in by now).

If you want a totally automated process you can use ssh-agent. This way you’ll be able to put your certificate password only one time (for instance at session start) and use it when logged in. To use ssh-agent just do the following:

cp /etc/X11/xdm/sys.xsession ~/.xsession

edit the .xsession file so some variables look like the following:

usessh=”yes” sshagent=”yes”

now you need to reset your X (just logout and login).

Now to use ssh-agent and having your certificate available just type: ssh-add This will ask you for your certificate password and now you may use it for login into remote servers without using passwords anymore (until the next logout or shutdown). Cheers, Pedro Oliveira

Sometimes theres a need to use ssh with the password as a command line parameter, I know keys do exist and may be used for a “passwordless” login, I know you may use expect to create a script to type the password for you. But if you just want a plain simple tool to do it you may use plink.

That was the question posed on linkedin: Rsync or Bacula? A short answer and a middle point:

My name is Pedro Oliveira, I’m a Linux fan and enthusiast for the last 10 years. Apart from that I’m also a Sys. Admin for the same time.

Right now I’m working in a Portuguese open source company called DRI.

With this blog I expect to share some of my experiences while working it and heterogeneous environment (MS, Linux, Solaris, etc) and some other skills and visions I had over time. This may include thoughts about football, hobbies (like radio controlled stuff), traveling and so on.

Have fun, as SuSE guys say…