SSH Tools :: Keychain

If you are a sysadmin that manages Linux systems, you’ve probably found that using ssh keys and keychain a must have.  If not, here are ways you can get setup.

CentOS/RHEL users can use rpmforge’s software repository to yum install keychain as opposed to building it themselves.  The CentOS wiki has very easy to follow documentation on how to do this.

For OSX, this is a pretty straight forward install from Funtoo’s keychain wiki page, with a .bash_profile update to make life easier for you.

After you leverage rpmforge’s software repo and install keychain, you will notice a .keychain directory in your home directory.  Generate a key for yourself via ssh-keygen.  You can specify key types as well (e.g. ssh-keygen -t dsa, the default generates rsa).

Next, you will need to copy your .ssh/id_rsa.pub key values over to a host you want to leverage ssh keys, and keychain with.

Manual edit/OSX solution:

Edit .ssh/authorized_keys on the remote host with your id_rsa.pub key (e.g. rsync -av –progress id_rsa.pub remotehost.fqdn:/home/user/.ssh/, then cat id_rsa.pub >> authorized_keys in the your .ssh directory)

On Linux simply utilize ssh-copy-id remotehost.fqdn.

OSX users can edit as noted above, or can create their own ssh-copy-id script.  You can also try trusting bastardized OSX ssh-copy-id scripts from the web.  Be sure to scour the code at your own risk if you decide to go this route.

Once your keys are setup, we can go ahead and start utilizing keychain.

keychain -Q –ignore-missing –nogui –timeout  ~/.ssh/id_rsa

  • –ignore-missing doesn’t warn if some keys can’t be found.  This is useful if you have a shared .bash_profile and your keys aren’t available on every machine keychain is run against.  
  • –nogui doesn’t honor SSH_ASKPASS, if it is set, it will cause the ssh-add to prompt on the terminal instead of any graphical program.  
  • -Q/–quick will take any existing ssh-agent process and use it.  

You can explore additional options in the keychain man pages.

Personally, I prefer using an alias in my .bashrc/.bash_profile:

alias keychain=’keychain -Q –ignore-missing –nogui –timeout 86400 ~/.ssh/id_dsa ; . ~/.keychain/myhostname.fqdn-sh’.

The funtoo keychain wiki page suggests updating your .bashrc/.bash_profile with eval:

eval `keychain –eval –agents ssh id_dsa`

For OSX:

eval `keychain –eval –agents ssh –inherit any id_dsa`

Make sure to reference id_rsa if it is the key type you generated.

Now that you’re all setup, source your .bashrc or .bash_profile to finalize everything.  You can now start ssh’ing to hosts you have your keys setup on without a password or passphrase.

Advertisements

Linux Disk Usage Commands

So as a sysadmin we should already be pretty familiar with the du command.  It’s a command that allows us to see file and directory sizes, as well as view both decreasing or increasing from the smallest or biggest file.

Here are a few basic du command arguments that have helped me over the years.

du -a

du -all shows all files and directories included in the directory you’re currently in

du -h

du -human-readable shows all files and directories in a format that’s better than just bytes.  So we’ll see listings in KB, MB, and GB.

du -s

du -summarize displays only a total of everything in a directory in bytes.  A better way to do this is (du -hs).

du -S

du -separate-directories does not include sub directory sizes.  Sometimes you just want to see files.

du –time

This shows the last modification time for each file, directory, and sub-directory.

Here are some more intermediate to advanced du commands that might be useful:

find -type f -exec du -sh {} +  | sort -r | head

Search the current directory you are in, as well as sub-directories in it for the biggest files.  Great for auditing.

du -skh .[!.]* *| sort -n

Shows file, directory, and sub-directory sizes including hidden with increase sorting.

du -skh .[!.]* *| sort -nr

Shows file, directory, and sub-directory sizes including hidden files with decrease sorting.

du –max-depth 1 -xh / or du -msh * | sort -n | tail -5

Shows file, directory, and sub-directory sizes including hidden at a max depth of a directory.  The second command is just another way to do that.  Sometimes you don’t need everything within everything.

Linux-Fu Part 1

I’ll do this from time to time when I come across some tidbits of information that I find useful to me.

  • pgrep and pkill – The first command will return the pid (process id) based on a name or other attribute.  pkill will signal a process with a patching name or attribute.  So if you want to kill processes being run by a user per say, you would execute a pkill -U USERNAME.
  • lsof – This command is usually pretty well known to most SysAdmins.  It allows us to see any files that are currently open on a particular filesystem.  It’s great for tracking down files that are locked open by processes or users, or finding files that have been deleted, but still alive for reasons I just mentioned.
  • iptraf – If you ever wanted to know where your traffic goes to and comes from, yum/apt-get install this sucker.  While you don’t get packet break down like you would from an app like WireShark, it’s still a pretty cool tool to track network traffic.
  • htop – This is like top on steroids.  Great tool that can be yum installed if you have rpmforge repos setup.

Win Learn Change

Three years ago I made it a personal goal to start playing my favorite sport basketball on a regular basis instead of just watching it.  Keep in mind that I had not played since Junior High school.  Over the past three years, I had to deal with confidence, stamina, health, learning my limitations, and minor injuries that would keep me out of any action for a month or so at times.  Since complete perfection in basketball (or anything) is unattainable, I sought to become better instead.  I would win, lose, and learn how and why.  This in turn would allow me to implement appropriate changes to be better moving forward.

The concept of Win Learn Change is one of the most important life mantras I have come across thus far.  By practicing this with basketball, it has taught me to apply it to all aspects of my life.  Professionally, personally, and even with relationships on all levels.  A simple example of this in practice would be the action of shooting a basketball.  When I first started playing basketball again, I initially shot from my hip or chin inconsistently, my shooting elbow was not straight, and I had little to nil knee movement to elevate my shot properly.  Over time, I learned to shoot over my head with a straight elbow, and used my knees to elevate my shot properly.  As a result, my shot has become more consistent to help me win.  You can easily take this example and apply it to your life at work, or to accomplish anything in life.

While I am not officially versed on what Thomas Orths has formalized in practice with Win Learn Change, it is still a concept that I strive to live by.  At some point I plan to attend Orths’ endorsed/certified class or seminar on this leadership concept.