Posts Tagged “command”

Sometimes it becomes necassary to test a link from a particular referrer. This is easily done with the following curl statement:

curl -I -H “Referer: http://your_referrer_here” http://lwww.somewhere.com/link/to/file

The ‘-I’ is used to display header information and the ‘-H’ is used to specify other header information. Lets take a look at the header information of a normal curl:

[user@8bitpipe.com ~]$ curl -I http://www.magicdeckvortex.com/images/article_images/sarpadian_empires/MindstabThrull3.jpg
HTTP/1.1 200 OK
Date: Mon, 03 Jan 2011 14:17:13 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
Last-Modified: Mon, 18 May 2009 06:30:44 GMT
ETag: “40003d-1060c-46a29ef124d00″
Accept-Ranges: bytes
Content-Length: 67084
Content-Type: image/jpeg

As you can see, this is returning an image file as it should. Now lets specify a referrer (basically making it look like some other website is hotlinking their image).


[user@8bitpipe.com ~]$ curl -I -H “Referer: http://www.8bitpipe.com”

http://www.magicdeckvortex.com/images/article_images/sarpadian_empires/MindstabThrull3.jpg

HTTP/1.1 403 Forbidden
Date: Mon, 03 Jan 2011 14:32:24 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
Content-Type: text/html; charset=iso-8859-1

As you can see, the server has denied our request. Hopefully this will help trouble shoot issues.

Comments No Comments »

The command for this week is SSH. There are a lot of neat things you can do with SSH. Here’s a nice one liner if you get in a pickle.

Background: You are working on remote server HOST_B when you realize that the file your trying to figure out how to configure properly is already working on remote server HOST_A. Unfortunately, you do not have direct access between HOST_A and HOST_B. Now you can easily SSH into HOST_A, SCP the file frpm HOST_A down to your local computer. SCP the file from your local computer to HOST_B and then SSH into HOST_B to put the file in the correct place. Well that takes a bit if time. You can pass information through SSH in order to transfer a file with a pipe.

Below is a one liner that not only transfers the file in this manner, but compresses in one format on HOST_A for faster downlaod, changes the compression type on the local computer so it can be decompressed on HOST_B.

ssh USER@HOST_A ‘cat FILENAME | bzip2′ | bunzip2 | gzip | ssh USER@HOST_B ‘gunzip | cat > FILENAME’

Try it out and let me know what you think.

Comments 1 Comment »

SSH keys are the most effective way to securely shell into your server. In this article we are going to cover creating a SSH key pair. There are a plethora of articles on the net the cover this subject. I suggest reading two or three of them to help understand the process. Creating a SSH key pair is very easy in itself.

Instructions on creating SSH Key pairs are fairly general, so I will explain how I configured the keys for a server.

1. Create the user account on the server and create the same user on the remote system you want to SSH from.

2. On the remote system switch to the user you just created

# su – USERNAME

3. Create the SSH Key pair. You can do this from any directory. Unless otherwise stated, it will default to the /etc/USERNAME/.ssh directory. The are discussions on the differences between RSA keys and DSA keys. They are about the same when it comes to protection, but I like to use DSA keys. RSA is the default so you have to specify DSA if you want to use it.

$ ssh-keygen -t dsa

You will get output such as the following. Some people choose not to use a password, this allows you to ssh into the server without a password, but if someone gets a hold of your ssh key, they can log in to your server without challenge. I suggest using a password, you won’t know any difference than if you used a regular password login.

[vinsane@8bitpipe ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/vinsane/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/vinsane/.ssh/id_dsa.
Your public key has been saved in /home/vinsane/.ssh/id_dsa.pub.
The key fingerprint is:
89:15:93:b8:e5:3e:6e:c8:55:8d:32:d9:8a:d8:87:20 vinsane@8bitpipe.com

4. Copy the public key to the server and rename the public key to authorized_keys in the users .ssh directory.

5. On the local machine change the permissions of the private key to 600; it should be located in the /home/USERNAME/.ssh/ Directory. I’ve found that if you don’t have the home directory for the user open for others to view it, you do not have to do this. The system should tell you if the key is not secure.

And there you have it. A more secure login. You can also go into the servers sshd.conf file and disable password logins, but you will need to bring your key with you if you want to login from other computers. I would suggest a small encrypted usb key used only for you ssh key. Keep it on your key chain in the event you need to login to your server when you are out and about and can’t get back to your main system.

Further reading:

Comments No Comments »

In my perusing of the system I came across the following command: getent. Now most my searches on the system produced the following results.

# whatis getent
getent: nothing appropriate

I was able to use a –help and find the usage of the command. I further looked on the web and found the following manpage at die.net.

getent(1) – Linux man page

Name

getent – get entries from administrative database

Synopsis

getent database [key ...]

Description

The getent program gathers entries from the specified administrative database using the specified search keys. Where database is one of aliases, ethers, group, hosts, netgroup, networks, passwd, protocols, rpc, services or shadow.

Author

getent is written by Thorsten Kukuk for the GNU C Library.

This man page is written by Joel Klecker <espy@debian.org> for the Debian GNU/Linux system, updated by Jakub Jelinek <jakub@redhat.com> for GNU C Library 2.2.2 getent changes.

Well, it would appear that this little gem does not do anything spectacular, but to the contrary a fluid use of this command will save sow command line foo when cutting down the searches in the appropriate file.

For example, lets say you cam across a reference to a port number and wanted to know what it did. Who still uses port 70? So you grep 70 out of the /etc/services directory and get a slew of results, 231 on my system. Sure you can work linjitsu to find only the line you wanted, but using getint you get the following result:

# getent services 70
gopher                70/tcp

It even removes the comment at the end of the line. This is a handy tool in my opinion. Hopefully, you will find a good use for this.

Comments 1 Comment »

Often times we need to add a user to a new group to give them permissions to certain directories. This is easily accomplished with the following command:

# usermod -G GROUP USERNAME

Well this is a double edged sword as this command will strip any group the user is already in. A little less well known is the ‘-a’ switch that will allow you to append the user to the new group while leaving any previous memberships intact.

# usermod -aG GROUP USERNAME

Of course, most of the people I discussed this with, just modify the /etc/group file and maybe a safer practice for you.

Comments 1 Comment »