Educating the world

Our blog has over 10,000 readers a month

Logging into a unix box without a password

August 10th, 2012

From time to time I need to allow one user to log into another machine without being prompted for a password. This is extremely useful for anything that is automated for example doing the nightly backup which copies files across the network or running commands on the other machines. ssh is the program that allows one to login over and encrypted channel but it doesn’t allow you to specify the password on the command line as it would be a huge security risk.

We are going to set up a relationship between 2 computers using a public/private pass key. For the example below we’ll use 2 machines called william and catherine.

  1. Ensure you have OpenSSH installed:

    yum install openssh

  2. Open a command line session on william.
  3. To make life a little easier for ourselves login to catherine using ssh, accept the key fingerprint and then exit straight away.

    [root@william ~]# ssh root@catherine
    The authenticity of host 'catherine (10.0.0.69)' can't be established.
    RSA key fingerprint is 3b:4f:1f:cb:44:56:9b:7f:96:a6:6a:c2:d6:bc:a6:df.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'catherine' (RSA) to the list of known hosts.
    root@catherine 's password:
    Last login: Thu Aug  9 16:18:35 2012 from catherine
    [root@catherine ~]# exit
    logout
    Connection to catherine closed.
    [root@william ~]#

    This will set up the ~/.ssh folder with the correct permissions and also will create a file in there called known_hosts. This file contains the key fingerprints for catherine. If we talk to other hosts later, then they will get added here too.
    Do the same from catherine to make sure all the folders are set up correctly on that side too.

  4. Generate a public and private key pair and save them to william.pub and william respectively.

    ssh-keygen -t dsa -f william -N ""

    giving the result:

    Generating public/private dsa key pair.
    Your identification has been saved in william.
    Your public key has been saved in william.pub.
    The key fingerprint is:
    48:2f:e6:bf:02:7e:2e:d2:b0:9a:1f:c6:7f:99:92:93 root@william
    
    The key's randomart image is:
    +--[ DSA 1024]----+
    |                 |
    |         .       |
    |        o +      |
    |       . =       |
    |        S .      |
    |     o. .  .     |
    |   o  == .  .    |
    |  E  *o.o +  .   |
    |   o*o...o o.    |
    +-----------------+
    

    Note: The -N option allows you to specify a passphrase. If you do then each time you need to use the public key you’ll have to enter the passphrase in order to decrypt it for use. Using an extra passphrase here will mean we won’t be able to make it automatic and our dreams of automating our backups will be gone :(

  5. Now that we have the keys for william we’ll transfer the public key over to catherine.

    scp william.pub root@catherine:~/.ssh/

    when william.pub arrives on catherine it’ll look something like:

    ssh-dss AAAAB3N……f1Jew== root@william

    make sure that the last part (root@william) is accessible i.e. can you ping william from catherine. If you can’t then you can edit the william.pub file and change it to root@10.0.0.1 where 10.0.0.1 is the IP address or name of william.

  6. catherine must have a file containing all the public keys that it is authorised to use. This file is called ~root/.ssh/authorized_keys so add william.pub to the end of it.

    cat william.pub >> authorized_keys

    or if you have lots to do:

    cat *.pub > authorized_keys

  7. Now you can log into catherine from william without entering a password, you just need to specify your local private key identity file:

    ssh -i william root@catherine

    If you don’t want to specify the local private file on the command line all the time you can rename william to the default name of id_dsa:

    mv william id_dsa

    then try to login:

    ssh root@cathrine

Here’s a tip if you are using virtual machines. If you set it all up so that you can log into yourself. Then make a clone. Both machines will have the same keys. They will be able to log into each other because, due to the same public and private keys, they think they are logging into themselves.

This is excellent if you are creating lots of clones for test or development environments because they can all log into each other without passwords without any extra work from you.

The 5 Stages of Love

July 19th, 2012

From the series Quantum Leap season 3 episode A Hunting Will We Go, first aired on 18 June 1976. Good old ITV4 is rerunning them early weekday evenings.

Sam leaps into a bounty hunter who is handcuffed to a female fugitive with a bounty on her head, who’ll do anything to get away. During the episode Al is explaining how he knows that Sam is falling in love with the fugitive played by Jane Sibbett (who you’ll probably recognise from something).

It’s a textbook example of love and you are in the first stage. There are five stages of love. The first is denial, then the second is sex, then there’s acceptance, then there’s divorce …and then more sex, if you’re lucky.

Taking control of someone's PC using TeamViewer

July 17th, 2012

Taking control of someone’s PC is a pretty straightforward affair these days and the people at TeamViewer have made it even easier. Basically there are 2 sides: the student (who has their computer controlled) and the master (who does the controlling). There’s also a bit of security because the communications channel is the internet and it’s a wild frontier out there!

Student

  1. Go to: http://www.teamviewer.com/
  2. Click the Download navigation tab at the top of the screen.
  3. Download the All-In-One: TeamViewer full version and save it somewhere sensible.
  4. Run the downloaded program.
  5. The first window to pop up asks if you would like to Install or Run, so select Run and click Next.
  6. Accept the terms and click Next.
  7. A second later, a window will pop up.
  8. On the left hand side, make a note of Your ID and Password.
  9. When asked for them hand them over to the master.
  10. When you want to deny the master from controlling your PC, just close the TeamViewer application.

Master

  1. Go to: http://www.teamviewer.com/
  2. Click the Download navigation tab at the top of the screen.
  3. Download the All-In-One: TeamViewer full version and save it somewhere sensible.
  4. Run the downloaded program.
  5. The first window to pop up asks if you would like to Install or Run, so select Run and click Next.
  6. Accept the terms and click Next.
  7. A second later, a window will pop up.
  8. Speak to your student and ask them for their User ID and Password.
  9. Enter their User ID in the box marked Partner ID and click Connect to partner.
  10. When the connection has been made, you will be asked for the password.
  11. Enter the password and the application will open up to reveal their remote screen.
  12. To end your control of their PC, just close the application.

That’s it, told you it was easy!

Creating a unique backup file name under Unix

July 16th, 2012

Before updating a system file I’ll take a backup copy of it. The less imaginative of you will choose a backup name like file.bak or file2. Some of you will use your initials, especially if you work in an environment where you might run into your colleagues working on the same platform. Some of you who are a bit cleverer will incorporate the date in the backup file name. Sure you can see the date from the timestamp on the file but that information can be lost when you copy the file or restore it from an archive.

For files that I might be testing configuration, I might make lots of copies as I try different things. I use a full date time stamp e.g. httpd.conf-2012-07-16--13-03-00. It takes a bit of time to read the clock and write the full backup file name. I started doing it using the date command to generate the time and date string like so:

cp httpd.conf `date '+%Y-%m-%d–%H-%M-%S'`-httpd.conf

But then I thought why remember the magic percent sequence of the date? So if you edit your ~/.bash_profile and add the following line:

export d="date +%Y-%m-%d–%H-%M-%S”

Now you can create a backup file name really easily:

cp httpd.conf `$d`-httpd.conf

or if you prefer the date at the end of the file:

cp httpd.conf httpd.conf-`$d`

Rerunning the above command line creates different file names which are guaranteed not to overwrite each other. You also might want to add a reason for the backup

cp httpd.conf httpd.conf-`$d`-before-add-bigsoft-virtual-host

Movie releases in your GMail Calendar

July 3rd, 2012

If you have a GMail account you can get new movie releases to appear in your calendar. It’s really easy too!

  1. Log into your GMail account.
  2. Go to: http://www.hollywoodchicago.com/forums/3266/automatically-updating-google-calendar-of-upcoming-movie-dvd-releases
  3. When the page loads you will see an example of the calendar in the centre of the page.
  4. At the bottom of the calender panel there is a (+) Google Calendar icon. Click it.
  5. Your web browser will open a new window taking you to your Google calendar page.
  6. A dialogue box will appear asking you to confirm the addition of the new calendar so click Yes, add this calendar.
  7. It took a brief moment and the calendar updated with all the new movie releases.

I can’t wait for Dark Knight Rises in a couple of weeks!