Utah Open Source Planet

I overhead an exchange between two friends that I thought was interesting. One needed help from the other and asked him to SSH into a machine. The place where the second friend works blocks outgoing port 22, the port SSH lives on. Don't ask me why. The solution? Friend one does a screenshare to friend two who uses the shared machine to SSH. First time I've seen screensharing being used to tunnel SSH.

Tags: osx screenshare leopard ssh networking

As Linux tools sometimes do, this little script was born out of frustration from the repetitive. And the meniality of the task is directly proportional to one’s desire to replace it with anything that will automate the process. If I have to do something twice on my Linux box, it gets automated.

So a few days ago I put together a bash script which I named “What’s Up?” The abbreviation for this is ’sup’ which is the command used to invoke the script. I use it to tell me which server I’m on, who I’m logged in as, the memory status of the box, and some other crazy junk.

Originally, this fool was 110 lines of code to display 13 lines of output. Fortunately, an altruistic and knowledgeable Lonnie Olson brought to my attention the fact that there was room for some nice optimizations. Of such coolness were these optimizations that they brought the line count from 110 to a mere 21, not including comments and empty lines.

If you’re just tuning in, the script looks like this:

#!/bin/bash

# ORIGINALLY WRITTEN BY SCOTT MORRIS (http://www.suseblog.com/) on 2008-05-28
# UPDATED AS SUGGESTED BY LONNIE OLSON on 2008-05-30

# COLLECT SOME INFO
IFS=$'\n'
UPTIME=`uptime`
D_UP=${UPTIME:1}
MYGROUPS=`groups`
DATE=`date`
KERNEL=`uname -a`

CPWD=`pwd`

# OUTPUT THE DATA
printf "  user:\t\t"$USER" (uid:"$UID")\n"
printf "  groups:\t"$MYGROUPS"\n"
printf "  working dir:\t"$CPWD"\n"
printf "  home dir:\t"$HOME"\n"
printf "  hostname:\t"$HOSTNAME"\n"
ip -o addr | awk '/inet /{print "  IP (" $2 "):\t" $4}'
printf "  date:\t\t"$DATE"\n"
printf "  uptime:\t"$D_UP"\n"
printf "  kernel:\t"$KERNEL"\n"
printf "  cpu:\t\t"$CPU"\n"
free -mot | awk '
/Mem/{print "  Memory:\tTotal: " $2 "Mb\tUsed: " $3 "Mb\tFree: " $4 "Mb"}
/Swap/{print "  Swap:\t\tTotal: " $2 "Mb\tUsed: " $3 "Mb\tFree: " $4 "Mb"}'

NOTE: If you copy and paste the above code and it does not work, just download it from the link provided above.

And its output looks like this:

[0137][scott@tomahawk:~]$ sup
  user:         scott (uid:1000)
  groups:       users dialout video
  working dir:  /home/scott
  home dir:     /home/scott
  hostname:     tomahawk
  IP (lo):      127.0.0.1/8
  IP (eth0):    192.168.0.110/24
  date:         Sat May 31 01:57:54 MDT 2008
  uptime:        1:57am  up 2 days 21:53,  5 users,  load average: 0.27, 0.23, 0.18
  kernel:       Linux tomahawk 2.6.24-default #1 SMP Sat Jan 26 21:54:20 MST 2008 x86_64 x86_64 x86_64 GNU/Linux
  cpu:          x86_64
  Memory:       Total: 940Mb    Used: 925Mb     Free: 14Mb
  Swap:         Total: 1913Mb   Used: 349Mb     Free: 1564Mb
[0157][scott@tomahawk:~]$

Logging into and out of many Linux servers per day with many different users can cause you to develop aggravated multiple personality disorders unless of course you use a cool script like this to cue the gray matter. I’m thinking about writing another one called ‘whoami’. Oh wait, someone already did that.

If you use Linux for day-to-day computing, you likely use the secure shell, or ssh. If you are like me, you may grow weary of constantly having to type in passwords to access remote machines. Or maybe you have the perfect backup system, except that it uses ssh to transfer files, and requires you to type in a password (such as rsync or rdiff-backup). There is a way to access those machines without using a password. This technique should be used with care. I’d use it only on machines that I have access to, for example. You don’t want to set up passwordless access from a public machine to your production server, in other words. Use with caution.

The principle is that you generate a public and private key on the local machine. This will be whatever machine you are connecting from. You then transfer the public key to the remote machine. Then, when you ssh into the remote machine, it uses the keys to authenticate. You don’t type in a password, it just takes you straight to the shell prompt. How do we set this up?

Log into the machine you are going to connect from. Let’s say that your account is called ‘user’ and you are going to connect from a machine called ‘desktop’. Log in as ‘user’ on the ‘desktop’ machine and pull up a shell. Run this command. The stuff in red is what you do,not what you type:

[0218][user@desktop:~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa): [JUST PRESS ENTER HERE]
Enter passphrase (empty for no passphrase): [JUST PRESS ENTER HERE]
Enter same passphrase again: [JUST PRESS ENTER HERE]
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
The key fingerprint is:
a5:25:c0:aa:fe:f3:9f:46:7a:23:e3:6e:10:ec:6f:d3 user@desktop
[0218][user@desktop:~]$

Your keys are generated. On that machine, view /home/user/.ssh/id_dsa.pub. You will see something like this:

ssh-dss AAAAA3NzAC1kc3MAAACAANfnr9xkAks2u8Xd5I9nozzsXLKCYA8o9h3cMwL5QMcZGxz84Dyl3IyRwozv3I2xGwJAYyAHvJAS7AQmtFXtfmQts3dt2ZnlAmKj0TkC8pwDgvXJYzARJpCP2Zx7iwD/OCO3sTgT0wGwYtQrAcTeW5Tt6sSmQjEJ2rJj+Q5XA1xvAAAAFQDWcQ+OJRnk+jCYqESWqxHcyw74DwAAAIA9qAQyZrOJkjpzMSWAcliHvvuyCN8RInlgq+IwWynukOX7zYXcE2dJPopgpG3Aiiq/fxAQX5dUzXfSrL3KYftQOd/RNkAzMHAAzAJeQAA0wEt4uAjhGRwCOSg6wKMYJPYfVghnwIKARuSTUS8NjRXVKteHg7frOOHZwRGIm36pxgAAAIA8/CKLLn5QRctsvvvmvpOn2Xhek02z8K0YukYcXJOQ1FMTYWoHujA39sEAFsdx6Nq1t58lI2dsj6fpf7LOOvoYWtKQnTNRUptlOx27LTO9Q6DhKPV/93nLI/xFOFo/8twZ1TmpAgpAI3SQ9YCnX2A8H686OUwUPmY0kA+H8GKnug== user@desktop

What you need to do now, is determine the remote machine you are going to log into. Then, decide what user you are going to log in as on that machine. We are going to log in as a user called ‘admin’ on a server called ’server’. First, we will ssh into ’server’ as ‘admin’. Then, edit the file located at ~/.ssh/authorized_keys2. If it is not there, create it. All you need to do is paste the contents of the id_dsa.pub file from the ‘user’ account on the ‘desktop’ machine into the ~/.ssh/authorized_keys file for ‘admin’ on ’server’.

For example:

I go to my desktop, log in as ‘user’. I run ’ssh-keygen -t dsa’. It generates a ~/.ssh/id_dsa.pub file in my home directory.

I want to connect as ‘admin’ on a box called ’server’. I ssh in normally as ‘admin’ into the ’server’ machine. I edit the ~/.ssh/authorized_keys2 using my favorite text editor. I add the contents of the ~/.ssh/id_dsa.pub file from my desktop machine into the authorized_keys2 file on ’server’. I then save and quit. I then close all connections to ’server’. Then, I type ’ssh admin@server’, and hit ENTER. It drops me straight to a shell prompt.

This is a nice way to access a machine without having to type in the password every time. Only do this from machines that only you or authorized personnel have access to. Otherwise, you could have a li’l security problem.

Like most of us I have certain things on my home machine that I don't have on the laptop, maybe a file, or I just like to manage things remotely so I can stay logged into chat. SSH with a Screen session has been awesome, and something that I have really liked. But, sometimes, editing a spreadsheet for example, it is really nice to just have a gui and use OOo.

Now I have used Vino (or VNC), and NX Machine, but those are insecure and have some slowdown to them. So, my brother-in-law sent me the following link: http://infectedproject.com/2007/07/09/forwarding-gnome-via-ssh/

It took me 4 minutes to set up because I already had SSH installed. I had to modify 6 characters and I was done! It only uses the SSH port and the standard X11 port (port 6000) to work. (That is one issue I had with NX Machine is it uses ports in the 1000 range to transfer session information in addition to ports 22 and 6000. )

So after the short modifications and a restart of the ssh deamon I ssh'd into my home machine with the laptop and then typed 'gnome-session' and away that we ran! It was quick, and didn't pop up another window, was just exactly like I was at my desktop. Now, There are some draw backs that I haven't overcome, and some things I haven't tested. The sound is not brought to the remote machine. Also, it starts a new session. I have not figured out yet how to attach to a current running session, but I am sure that it would use the --choose-session parameter somehow. If anyone has anymore info there please feel free to leave a comment.

I decided to change the blog a little bit. I felt that the scope of the blog was too narrow, and I wasn't really taking time with some of the subject matter (FreeBSD, I'm sorry). So, because I am always trying out new programs that I hear about I thought that I would share my experience on those also.

So todays subject: screen. This has got to be one of the coolest programs that I have run across in the open source world. Most will know what screens is, so I won't take the time to go through it entirely. Just the brief: you can have multiple command lines each on their own "window"; or you can split that window into various "regions" to have a very interactive shell. So what you say, you can do that now with tabs. Here is the supper thing. You can then detach this screen session and re-attach it to a different machine. It is like you never left. You can also use it to have two computers hooked to the same shell. Great for tutorials and stuff. Also, ever run a server were you want a gui just for xterm so you can have the tabs. This is the way to go!

Now another cool thing, it is probably already installed on your system. It came by default on my ubuntu, Fedora 7, and openSUSE 10.3 machines.

For practical uses I have been playing around with irssi and centericq (thoughts pending on those) and while at work I ssh into my home box and us my chat/irc clients, run updates, download what I need, etc. Then at the end of the work day, I can disconnect the screen session, come home, reattach it on my home computer, and not miss a thing. Everything still running, downloads still going, nothing missed. Very cool.

In short, screen is awesome! To learn more use "man screen"

If you’ve ever been shelled into a server when your connection drops, you would have noticed that your terminal is completely locked up, you can’t even CTRL+C to get out of it. If you would like to save your terminal you can with the key sequence “<ENTER> ~ .”

SSH has a few more key strokes you can use too! To find out which ones are available type “<ENTER> ~?”

it’ll bring up this:

Supported escape sequences:
~. - terminate connection
~B - send a BREAK to the remote system
~C - open a command line
~R - Request rekey (SSH protocol 2 only)
~^Z - suspend ssh
~# - list forwarded connections
~& - background ssh (when waiting for connections to terminate)
~? - this message
~~ - send the escape character by typing it twice
(Note that escapes are only recognized immediately after newline.)

Thanks to Herlo for this tip.

If your download got cut off using scp, stop and read this before using scp again! Telecommuting has it's perks. But one of the downsides can be the network issues. Especially if you have to download large amounts of data often. Having been bit b