by Pedro M. S. Oliveira | Jul 13, 2010 | Linux
Linux is not Windows and if reboot fail you usually still connect by SSH and do something. This commands will show you how to remotely hard reboot machine.
Hard reboot mean that shutdown scripts will not run and machine reboot immediately without syncing hard disk drives, shutdown applications etc, it’s like hitting the reset button on your server.
echo 1 > /proc/sys/kernel/sysrq
echo b > /proc/sysrq-trigger
This commands enable sysrq and after this calls fast reboot. If you want to force shutdown machine try this.
echo 1 > /proc/sys/kernel/sysrq
echo o > /proc/sysrq-trigger
This came handy, when I had a server that had some IO error and it can no longer read from disk, only few cached binaries into memory kept it running (kernel, SSHD, bash), I could still access the machine via SSH but can no longer do anything, forcing the reboot as mentioned above was my only resort, and it worked like charm…
by Pedro M. S. Oliveira | Jun 28, 2010 | Linux
After a long time without posting on the blog here I come again with a tiny command line that can speed up the usual method of copying large amounts of data.
Sometime ago a college gave me a DVD that I would like to keep to myself but that other 2 colleges wanted too. I used dd, cat and ssh for the task. Taking less that 5 minutes to do it all.
First I started the .iso creation with dd:
dd if=/dev/cdrom of=/home/pedro/my_new_iso.iso
In other console you may start the copy of the iso file even if the iso it’s fully copied to the hard drive (just give a few seconds to have some data copied to the drive):
(cat /home/pedro/my_new_iso.iso | ssh email@example.com dd of=~/my_new_iso.iso) ; (cat /home/pedro/my_new_iso.iso | ssh firstname.lastname@example.org dd of=~/my_new_iso.iso)
The only thing you need to guarantee is that the first command ends before the second one.
See you all next time
by Pedro M. S. Oliveira | Feb 5, 2010 | Daily life, Linux, Solaris
It’s been a while since I last wrote about ssh, one of my favorite applications.
SSH is extremely versatile and although the use of tunnels is a well know feature of ssh the reverse tunnel is not.
First where can you use a reverse tunnel? Imagine that you need to service a server/desktop that is behind a firewall and the only communication available is must be started on the host behind the firewall.
Look at the diagram bellow:
Now you are sitting on PC B and your mother in law is sitting on PC A (familiar story?? And yes my mother in law uses Linux), I don’t have direct access to her laptop (PC A) but I still need to install her skype to talk to the family.
First on PC B I create a dummy user for the connection:
useradd -m motherinlaw
Then tell someone on PC A to do the following (or create you own script to do it automatically, I’m also assuming that both PCs have sshd running)
ssh motherinlaw@PC-IP-B -R 2000:localhost:22
Let me explain it, the -R sets a remote tunnel, the 2000 is the port to be opened on the remote computer and the 22 is the port where the communication is going to on the local computer (PC A)
So after a successful ssh login from PC A to PC B (you may check it for instance with who), you will be able to login in PC A from PC B issuing:
ssh root@localhost -p2000
Hope this helped someone out there.
by Pedro M. S. Oliveira | Aug 11, 2009 | Linux, Solaris
My last post was quite controversial as I wrote about an authentication form using the password on the command line. Today I’ll be writing about how to login without password prompting but also about ssh-agent, secure RSA keys and how to execute remote commands with ssh.
First of all you need to generate a RSA key:
ssh-keygen -t rsa
accept the default location, and then protect the certificate with a password.
By now in your $HOME/.ssh folder you have at least these two files id_rsa.pub and id_rsa. The .pub file is the file that contains your public RSA key part, as the name says it’s public and you can use it to authenticate with remote hosts, the id_rsa file is the private part of your key and no1 else besides you should have access to it. Nevertheless we also protect the key with a password so if someone access it it won’t be a big problem.
Now, to use the “passwordless” authentication you need to copy the content of id_rsa.pub to the $HOME/.ssh/authorized_keys on the remote machine, if the file doesn’t exists please create it before.
If you want do this in a simple command line just type the following:
cat $HOME/.ssh/id_rsa.pub | ssh YOUR_USER@REMOTE_SERVER “cat >> ./ssh/authorized_keys”
It will ask you the password just the first time. And your done.
But now every time you use the certificate it will ask you for the certificate password not the user at server one (and this because you protected your certificate, if you didn’t protect it you would be logged in by now).
If you want a totally automated process you can use ssh-agent. This way you’ll be able to put your certificate password only one time (for instance at session start) and use it when logged in.
To use ssh-agent just do the following:
cp /etc/X11/xdm/sys.xsession ~/.xsession
edit the .xsession file so some variables look like the following:
now you need to reset your X (just logout and login).
Now to use ssh-agent and having your certificate available just type:
This will ask you for your certificate password and now you may use it for login into remote servers without using passwords anymore (until the next logout or shutdown).
by Pedro M. S. Oliveira | Jul 30, 2009 | Daily life, Linux
Today I’ve had a problem in one of the servers we support, no web access, no ssh, and no console just a bunch of sentences passing so fast I couldn’t read it on the terminal. The solution a simple hard reset and the system came online, it was a hard disk failure but the system online without trouble because we were using a raid configuration. One of the disks didn’t show up in the RAID array, a few tests later and declared the hardware fault the cause of the downtime.
But why did the system came down because of a disk failure if there was a RAID system available, simple the swap was spread among the disks but not in a raid system so no redundant swap partitions, when the need for data in the swap of that file system came there wasn’t any data available and the system came to a stop.
From now on we’ll create a redundant swap partition using a RAID volume so this doesn’t happen again as a server should never stop because of a disk problem, living and learning.
Pedro M. S. Oliveira
BTW – to reassemble the array I used mdadm, bellow there is a simple usage if you want to reassemble a previous build array:
mdadm –manage /dev/md0 –add /dev/sda1
this command will add the partition /dev/sda1 to the raid array /dev/md0
if you want to learn more about RAID in linux just type man mdadm or mdadm –help