Kommentare für Screenage

Kommentar zu removing outdated ssh fingerprints from known_hosts with sed or … ssh-keygen von Chan

Chan — Thu, 22 Oct 2015 22:23:33 +0000

I have this file on the remote host as ~/bin/log#!/bin/bash -LOGFILE=“~/repo/log“if [ „$1“ ]; then grep „$1″ $LOGFILEelse echo -n ‚make entry ‚ read case $REPLY in “) cat $LOGFILE;; *) echo $(date ‚+%F %T‘) $REPLY >> $LOGFILE;; esfixieact 0Then, on each host I sit at, I havealias log=’ssh remote_host_address „bin/log“‚So if I don’t enter any text, I get the file’s contentsand if I do enter text it is time stamped and saved.If I type log „searchterm“ I get all the lines containing searchtermP.S. Too bad code can’t be offset to retain indentation

Kommentar zu The dilemma of ssh authorized_keys key files and its comments von Matts

Matts — Thu, 22 Oct 2015 19:35:44 +0000

This is where configuration management (Chef, Puppet, Ansible, etc) comes in handy.
In Chef, you store the keys in encrypted databags and if you need to remove a key, you remove it from the databag and run the recipe that updates authorized_keys. Problem solved.

Kommentar zu removing outdated ssh fingerprints from known_hosts with sed or … ssh-keygen von removing outdated ssh-keys | dannyn08

removing outdated ssh-keys | dannyn08 — Tue, 19 May 2015 23:48:18 +0000

[…] http://www.screenage.de/blog/2008/05/28/removing-outdated-ssh-fingerprints-from-known_hosts-with-sed… […]

Kommentar zu A quick note on MySQL troubleshooting and MySQL replication von Brian Kinney

Brian Kinney — Fri, 17 Apr 2015 22:52:37 +0000

I have a crippled slave which keeps sending off Error ‚Duplicate entry ‚2725211674‘ for key ‚PRIMARY“ on query. Default database: ‚xyz‘

I have no idea how many duplicates we will run into, and I think your instructions above to create fresh replication of data will „wipe“ all existing data, which is not what I want.

I’d like to simply get the slave re synchronized to the Master, without interruption to the Master. Is this possible?

Kommentar zu How to log history and logins from multiple ssh-keys under one user account von Reiner030

Reiner030 — Thu, 29 Jan 2015 21:26:51 +0000

ah 2nd…
SSH_USER can make problems when ssh login to another server is made because this ENV is used as remote username when connecting.

=> Rename the variable to LC_SSH_USER and you have no problems… AND… it’s accepted by package default:

# grep LC /etc/ssh/sshd_config
AcceptEnv LANG LC_*

Bests 😉

Kommentar zu How to log history and logins from multiple ssh-keys under one user account von Reiner030

Reiner030 — Tue, 20 Jan 2015 11:12:22 +0000

This works fine and cannot be modified by users (files must be executable):

/etc/profile.d/ssh.csh:
if [ „$SSH_USER“ != „“ ]; then
logger -ip auth.notice -t sshd „Accepted publickey for $SSH_USER“
setenv HISTFILE „$HOME/.history_$SSH_USER“
fi

/etc/profile.d/ssh.sh:
if [ „$SSH_USER“ != „“ ]; then
logger -ip auth.notice -t sshd „Accepted publickey for $SSH_USER“
export HISTFILE=“$HOME/.bash_history_$SSH_USER“
fi

Bests

Kommentar zu Using netcat and tar for network file transfer von Using netcat and tar for network file transfer | pdasite

Using netcat and tar for network file transfer | pdasite — Mon, 01 Sep 2014 12:06:31 +0000

[…] am 30. Dezember 2007 von […]

Kommentar zu my package of the day: weather-util (weather report and forecast for the console) von Dennis

Dennis — Fri, 23 May 2014 16:58:16 +0000

I use a simple program I made for getting weather info via CLI, you can see it at https://github.com/dideler/simple-weather. It’s not very friendly for setting up, since you need to edit the source. Maybe this weekend I’ll improve it so it’s friendlier for others and then put it on PyPI.

Kommentar zu Using netcat and tar for network file transfer von OpenWrt Sysupgrade | Gotoif.com

OpenWrt Sysupgrade | Gotoif.com — Sun, 13 Apr 2014 14:17:55 +0000

[…] http://www.screenage.de/blog/2007/12/30/using-netcat-and-tar-for-network-file-transfer/ […]

Kommentar zu The dilemma of ssh authorized_keys key files and its comments von chetpot

chetpot — Tue, 25 Mar 2014 18:09:53 +0000

I know its been quite some time since this post, but another solution is to use certificate authentication. This will allow you to have one trusted CA server with strict access that will generate user certificates. By doing this you have the option to give different users specified certificate lifespans via cert expiration, and any users that need to be removed before the cert expiration can have their cert placed on revokation list. For more info check out the CERTIFICATES section of ssh-keygen(1).