Uncategorized

OpenSSH Shortcut: Escaping a Session Without Disconnecting

One thing you may not know about SSH is that it has an escape character: ~. To try it out, hit return (the escape character is only picked up at he start of a line, so you must make sure you are) at the console in an active SSH session, then enter ~. Nothing will show on screen; so far so good. Next, hit Ctrl-Z and the session will be suspended — handy if you want to check something on your local box without logging all the way out of SSH. This trick will also work from within screen, and even from within mutt. To return to your SSH session, type fg and hit return.

This isn’t the only use for ~. For a full list of escape sequences, type ~?. This one doesn’t work within mutt; however, only from a console, although screen is fine.

Git on the Server – Setting Up the Server

 Setting Up the Server

Let’s walk through setting up SSH access on the server side. In this example, you’ll use theauthorized_keys method for authenticating your users. We also assume you’re running a standard Linux distribution like Ubuntu. First, you create a ‘git’ user and a .ssh directory for that user.
$ sudo adduser git
$ su git
$ cd
$ mkdir .ssh
Next, you need to add some developer SSH public keys to the authorized_keys file for that user. Let’s assume you’ve received a few keys by e-mail and saved them to temporary files. Again, the public keys look something like this:
$ cat /tmp/id_rsa.john.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCB007n/ww+ouN4gSLKssMxXnBOvf9LGt4L
ojG6rs6hPB09j9R/T17/x4lhJA0F3FR1rP6kYBRsWj2aThGw6HXLm9/5zytK6Ztg3RPKK+4k
Yjh6541NYsnEAZuXz0jTTyAUfrtU3Z5E003C4oxOj6H0rfIF1kKI9MAQLMdpGW1GYEIgS9Ez
Sdfd8AcCIicTDWbqLAcU4UpkaX8KyGlLwsNuuGztobF8m72ALC/nLF6JLtPofwFBlgc+myiv
O7TCUSBdLQlgMVOFq1I2uPWQOkOWQAHukEOmfjy2jctxSDBQ220ymjaNsHT4kgtZg2AYYgPq
dAv8JggJICUvax2T9va5 gsg-keypair
You just append them to your authorized_keys file:
$ cat /tmp/id_rsa.john.pub >> ~/.ssh/authorized_keys
$ cat /tmp/id_rsa.josie.pub >> ~/.ssh/authorized_keys
$ cat /tmp/id_rsa.jessica.pub >> ~/.ssh/authorized_keys
Now, you can set up an empty repository for them by running git init with the --bare option, which initializes the repository without a working directory:
$ cd /opt/git
$ mkdir project.git
$ cd project.git
$ git --bare init
Then, John, Josie, or Jessica can push the first version of their project into that repository by adding it as a remote and pushing up a branch. Note that someone must shell onto the machine and create a bare repository every time you want to add a project. Let’s use gitserver as the hostname of the server on which you’ve set up your ‘git’ user and repository. If you’re running it internally, and you set up DNS forgitserver to point to that server, then you can use the commands pretty much as is:
# on Johns computer
$ cd myproject
$ git init
$ git add .
$ git commit -m 'initial commit'
$ git remote add origin [email protected]:/opt/git/project.git
$ git push origin master
At this point, the others can clone it down and push changes back up just as easily:
$ git clone [email protected]:/opt/git/project.git
$ cd project
$ vim README
$ git commit -am 'fix for the README file'
$ git push origin master
With this method, you can quickly get a read/write Git server up and running for a handful of developers.
As an extra precaution, you can easily restrict the ‘git’ user to only doing Git activities with a limited shell tool called git-shell that comes with Git. If you set this as your ‘git’ user’s login shell, then the ‘git’ user can’t have normal shell access to your server. To use this, specify git-shell instead of bash or csh for your user’s login shell. To do so, you’ll likely have to edit your /etc/passwd file:
$ sudo vim /etc/passwd
At the bottom, you should find a line that looks something like this:
git:x:1000:1000::/home/git:/bin/sh
Change /bin/sh to /usr/bin/git-shell (or run which git-shell to see where it’s installed). The line should look something like this:
git:x:1000:1000::/home/git:/usr/bin/git-shell
Now, the ‘git’ user can only use the SSH connection to push and pull Git repositories and can’t shell onto the machine. If you try, you’ll see a login rejection like this:
$ ssh [email protected]
fatal: What do you think I am? A shell?
Connection to gitserver closed.

HowTo: Use cat Command In Linux / UNIX

How do I use cat command in Linux? How do I use cat command in UNIX? How can I use cat command in UNIX or Linux shell scripts?

The cat command is considered as one of the most frequently used commands on Linux or UNIX like operating systems.
It can be used for the following purposes under UNIX or Linux:
  • Display text files on screen.
  • Copy text files.
  • Combine text files.
  • Create new text files.

cat command Syntax

The syntax is as follows:
 
cat filename
cat options filename
cat file1 file2
cat file1 file2 > newcombinedfile
 

Displaying The Contents of Files

To read or read the contents of files, enter:
$ cat /etc/passwd
The above command will display the contents of a file named /etc/passwd. By default cat will send output to the monitor screen. But, you can redirect from the screen to another command or file using redirection operator as follows:
$ cat /etc/passwd > /tmp/test.txt
In the above example, the output from cat command is written to /tmp/text.txt file instead of being displayed on the monitor screen. You can view /tmp/text.txt using cat command itself:
$ cat /tmp/test.txt

Concatenate files

Concatenation means putting multiple file contents together. The original file or files are not modified or deleted. In this example, cat will concatenate copies of the contents of the three files /etc/hosts, /etc/resolv.conf, and /etc/fstab:
$ cat /etc/hosts /etc/resolv.conf /etc/fstab
You can redirect the output as follows using shell standard output redirection:
$ cat /etc/hosts /etc/resolv.conf /etc/fstab > /tmp/outputs.txt
$ cat /tmp/outputs.txt

You can also use a pipe to filter data. In this example send output of cat to the less command using a shell pipe as the file is too large for all of the text to fit on the screen at a time:
$ cat /etc/passwd | less

How Do I Create a File?

You can use cat command for file creation. To create a file called foo.txt, enter:
$ cat > foo.txt
Sample outputs:
This is a test.
To save and exit press the CONTROL and d keys (CTRL+D). Please note that if a file named foo.txt already exists, it will be overwritten. You can append the output to the same file using >> operator:
$ cat >> bar.txt
The existing bar.txt file is preserved, and any new text is added to the end of the existing file called bar.txt. To save and exit press the CONTROL and d keys (CTRL+D).

How Do I Copy File?

The cat command can also be used to create a new file and transfer to it the data from an existing file. To make copy of
$ cat oldfile.txt > newfile.txt
To output file1’s contents, then standard input, then file2’s contents, enter:
$ cat file1 - file2
A hyphen indicates that input is taken from the keyboard. In this example, to create a new file file2 that consists of text typed in from the keyboard followed by the contents of file1, enter:
$ cat - file1 > file2

cat command options

To number non-blank output lines, enter (only works with GNU cat command version):
$ cat -b /etc/passwd
Sample outputs:
     1 root:x:0:0:root:/root:/bin/bash
2 daemon:x:1:1:daemon:/usr/sbin:/bin/sh
3 bin:x:2:2:bin:/bin:/bin/sh
4 sys:x:3:3:sys:/dev:/bin/sh
5 sync:x:4:65534:sync:/bin:/bin/sync
6 games:x:5:60:games:/usr/games:/bin/sh
7 man:x:6:12:man:/var/cache/man:/bin/sh
8 lp:x:7:7:lp:/var/spool/lpd:/bin/sh
9 mail:x:8:8:mail:/var/mail:/bin/sh
10 news:x:9:9:news:/var/spool/news:/bin/sh
To number all output lines, enter (GNU cat version only):
$ cat -n /etc/passwd
To squeeze multiple adjacent blank lines, enter (GNU cat version only):
$ cat -s /etc/passwd
To display all nonprinting characters as if they were visible, except for tabs and the end of line character, enter (GNU cat version only):
$ cat -v filename

cat Command Abuse

The main purpose of cat is to catenate files. If it’s only one file, concatenating it with nothing at all is a waste of time, and costs you a process. For example,
$ cat /proc/cpuinfo | grep model
Can be used as follows:
$ grep model /proc/cpuinfo
Another example,
cat filename | sed -e 'commands' -e 'commands2'
Can be used as follows which is cheaper:
sed sed -e 'commands' -e 'commands2' filename
See useless use of cat command for more information.

Transparent Multi-hop SSH

It is often necessary to SSH through one host to get to another host. This article will walk you through configuring SSH so that the intermediate step is transparent.

Example Network

For our example, we’re going to use the network pictured below:
Example network diagram
From your computer at home you wish to log in to the host called ‘tongariro’ on the LAN at your office. All connections into the office LAN must pass through the firewall host ‘aoraki’. The firewall host will only accept connections from the bastion host ‘ruapehu’.

Doing It Manually

These are the steps we plan to automate:
To connect to ‘tongariro’ you must first ssh to ‘ruapehu’. Because you’re connecting over the internet, you’ll need to specify the full domain name when you connect. You’ll also want to use ‘-A’ to enable ‘agent forwarding’ (discussed below):
ssh -A ruapehu.example.com
Now that you’re logged in to a shell prompt on ‘ruapehu’, you’ll need to connect to ‘aoraki’. To allow password-less logins you’ll have installed the public key from your home computer into the ~/.ssh/authorized_keys of each host along the way. When you execute the following command, the SSH server on ‘aoraki’ will request a key, this request will be forwarded back through ‘ruapehu’ to the agent running on your home computer and access will be granted:
ssh -A aoraki
Finally, you can connect to the target host ‘tongariro’:
ssh -A tongariro

Quick and Dirty Automation

The manual steps outlined above use three chained SSH connections to pass through two intermediate hosts. You can chain the three commands together into one monster command-line (perhaps in a shell script or a shell alias):
ssh -A -t ruapehu.example.com ssh -A -t aoraki ssh -A tongariro
In addition to the -A to enable agent forwarding, I’ve added -t to force a pseudo-tty to be allocated. Normally when your ssh command specifies a command to be run on the target host, no pseudo-tty will be allocated. That’s fine if you want the command to run and then exit, but if you want an interactive shell session then you’ll need a pseudo-tty.

Quick and Dirty Automation with SSHMenu

You could assign that same monster command-line to a host connection on your SSHMenu:
SSHMenu host dialog

A Better Way

Another way to automate the connections through the intermediate hosts is to add a ‘ProxyCommand’ setting to your SSH config file. For this to work, you must have the ‘netcat’ package installed on the intermediate hosts.
Start by editing your SSH config file (which might not exist yet):
gedit ~/.ssh/config
And add the following lines:
Host ruapehu
HostName ruapehu.example.com

Host aoraki
ProxyCommand ssh -q ruapehu nc -q0 aoraki 22

Host tongariro
ProxyCommand ssh -q aoraki nc -q0 %h 22
The first entry defines a hostname alias so that you can ssh to ‘ruapehu’ instead of having to type ‘ruapehu.example.com’.
The second entry sets up a proxy command that will be used to connect to the ‘aoraki’ host. Normally ssh establishes its own TCP connection to port 22 on the target host, but with this setting in place it will use the proxy command to establish the connection. The proxy command in the example will establish a normal SSH connection to the intermediate host (‘ruapehu’) and then use the ‘nc’ command to extend the connection to port 22 on ‘aoraki’.
Now that the proxy command is set up, you can connect to the ‘aoraki’ host simply by typing:
ssh aoraki
The third entry builds on this by using the newly accessible ‘aoraki’ host in a proxy command which extends the connection to our ultimate target ‘tongariro’. Note that in this command, ‘%h’ was used for the hostname. This is simply a shorthand that tells SSH to insert the target hostname (from the line above) in place of the %h. If you want to connect to other hosts on the office LAN you can duplicate the last two lines and just change the hostname in one place.

So Why is this Better?

With the above configuration in place, you can now SSH directly to the ‘tongariro’ host with this command:
ssh tongariro
You can copy files directly to (or from) ‘tongariro’ without having to worry about intermediate steps:
scp path/to/local/file tongariro:path/to/remote/file
You can enable X-forwarding which means that any GUI program you start on ‘tongariro’ will display on your workstation:
ssh -X tongariro xclock
GUI application performance will be sluggish over slow network connections but some GUI apps on your local machine will now be able to use SSH to talk to the remote host. For example if you’re running GNOME, you can use an ‘ssh’ URL in Nautilus to browse files on the remote host. (KDE provides equivalent functionality):
SSHMenu host dialog
If you right click a file and select “Open with Text Editor”, the GNOME Text Editor program will run on your local machine but will use SSH to read/write the file to the remote host.
For an even more powerful approach to editing files over an SSH connection, you might like to look into bcvi.
Many other familiar tools will also be able to use the transparent SSH connections. For example you can access version control repositories (CVS, Subversion, Git etc) over SSH. You can also use port-forwarding on the SSH conection to access intranet servers or HTTP proxies on the office LAN from your workstation.

Reusing Connections

The transparent multi-hop connections can be very useful but you may find that it takes a second or two to establish each connection. This delay can become annoying if it happens a lot (e.g.: every time you save a file from the text editor).
The good news is that if you can configure SSH to reuse an existing connection. This means that for example if you have an SSH shell session running then a new connection for SCP can skip the connection setup phase. Two steps are required:
First, you must create a directory (or ‘folder’) which SSH will use to keep track of established connections:
mkdir ~/.ssh/tmp
Next, add these two lines at the start of your ~/.ssh/config (make sure to use your username in place of ‘YOUR-NAME‘):
ControlMaster auto
ControlPath /home/YOUR-NAME/.ssh/tmp/%h_%p_%r
As you can see, a small investment in time setting up your SSH configuration can pay back dividends in convenience.

How to set up SSH (for the beginner)

Last modified $Date: 2013/01/30 05:18:43 $, $Revision: 1.19 $.

Some folks have offered links to translations; these may be useful, but note that I have not verified them.

This is a minimal set of instructions to get a beginner going with ssh2, in particular the client version of OpenSSH which comes on Linux distributions or on Windows viaCygwin. I’ve included a section to help you connect to machines which are not running OpenSSH but some commercial ssh. Since it covers both Linux and Windows it reflects the author’s bias and takes a command line approach: it assumes some knowledge of typing things at a command prompt (e.g., the “cd” command). If you are not familiar with that sort of thing you will need to seek help.
If you want to enable ssh clients to connect to your computer (i.e., make it an ssh server, then on Linux this is usually just a matter of installing the ssh server package, which may be called “sshd” or “ssh-server”. On Cygwin it is a little more involved and you should consult the web.
Note that these explanations make reference to your “home” directory (written “HOME” or “~”). On UNIX machines (including Linux) this is the directory you land in when you login, and where you keep your files; this location is stored in the environment variable “HOME”. Note that “HOME” is the name of the variable, and that $HOME is the value, e.g. HOME’s value may be “C:nifty”. The natural HOME for the Windows user Nifty is the existing folder “Documents and SettingsNifty” but Cygwin and other UNIX related applications are not necessarily happy with pathnames that include blanks, so you may want to create your own HOME directory for Cygwin as described below.

Windows only

SSH can give you authenticated and encrypted connections to remote computers. If you set up keys you can make these connections without passwords. Installing Cygwin is pretty easy but the home directory and public/private key business, on Cygwin, is something of a pain; it’s going to push the “beginner” envelope but is doable. If you don’t mind typing passwords with every connection, you can skip all the Windows HOME business below after installing and running Cygwin. If for some reason you do not wish to install Cygwin on Windows you may want to consider putty. I do not cover how to use putty here.
Installing Cygwin on Windows: This is pretty straightforward. Download the Cygwin installation wizard setup.exe from the Cygwin site and double-click on it. Most of the default selections in the wizard are fine. Select a place to install Cygwin (recommended: C:cygwin, although on Windows 7 it seems to work fine in C:, despite the warning) and select a place to put the installation files (I use C:cygwininstallation-files). Choose an ftp or http site from the list and then review the additional packages you want installed. You must select at least the openssh package from the Net section. You do not need the sources.
Running Cygwin on Windows: You start a Cygwin console (which I may call a “terminal” as well) from the Start menu, and type the commands in that window. (If the shell does not open in the HOME directory, see below). The ls command lists files and folders (“directories” in UNIX lingo). The cd command enables you to change directories, “cd ..” moves you up a directory. The Cygwin console is much like a regular UNIX terminal and may be customized on startup with .bash_profile and .bashrc files in your HOME directory. Search the web for more about UNIX for beginners. You can see the (terse) documentation for any command by using the “man” command, for example, “man ls” or “man ssh-keygen“.
By the way, Cygwin comes with a small program to set up ssh for you. The command is ssh-user-config, which will create keys and a .ssh directory in your HOME directory. However, it will not create a non-default HOME directory, nor fix your /etc/passwd/file, nor put the public key on the remote computer, all of which may be necessary and are described below. I’ve never used it.
A proper Cygwin installation will have, in the installation directory, a folder “home” with a subfolder with the same name as your user name, but in the past this has sometimes not happened for me. If one of these folders is missing see the Troubleshooting section below. Note that your home directory does not have to be in Cygwin’s “/home” (mine is not), you can put it anywhere, e.g., C:nifty. (I do this so that my home directory C:nifty is at the top the C: drive tree instead of in C:cygwinhomenifty). To do this, rename the existing C:cygwinhomenifty directory to niftyTMP, create the C:nifty directory, open a Cygwin console, and run

        $ cd /home
$ ln -s /cygdrive/c/nifty nifty
$ mv niftyTMP/*.* nifty
$ rmdir niftyTMP

The “ln” command is making a symbolic link, like a Windows shortcut, from Cygwin’s /home/nifty to your C:nifty. Note that “/cygdrive/c/nifty” is Cygwin’s way of saying “C:nifty”. If your HOME is on another drive, say D:, use the cygwin prefix /cygdrive/d. The next two commands will move all the files from niftyTMP to C:nifty and delete niftyTMP.

Setting the HOME environment variable on Windows: For Win2K/XP right click on “My Computer”, click on “Advanced” and “Environment variables”. Add a personal environment variable HOME with value, e.g., C:cygwinhomenifty (or if you did the linking business above, C:nifty). You shouldn’t need to reboot, buy you may need to login again for the changes to take affect.
For Win9x/Me, you must put a line in your autoexec.bat file (usually C:autoexec.bat) which sets it, e.g.,

      set HOME=C:cygwinhomenifty     

or, if you have the link as described above,

      set HOME=C:nifty    

and reboot. Be sure to edit the autoexec.bat with a text editor (like Notepad) and not a word processor (like Word). You can see the value of the environment variable from the command line with the command “echo $HOME” in Cygwin, or “echo %HOME%” in DOS. Your Linux environment variables are set in your ~/.bashrc and ~/.bash_profile files.

By the way, environment variables are useful for a variety of programs; this is how you would set CVS_RSH, ANT_HOME, JAVA_HOME, and JIKESPATH if you were a Java programmer using CVS with SSH. If you wanted Cygwin commands available from DOS prompts you would append “;C:cygwinbin” to your PATH variable.
Troubleshooting: Creating a missing Cygwin home directory: The Cygwin installation folder contains folders “usr” and “bin”. If it is missing, add a folder called “home” and in that folder add a folder with some name, typically your user name, e.g., “nifty”. This will be the folder where ssh.exe will look for the .ssh folder containing your keys. (Cygwin thinks your home is where the line in /etc/passwd says it is, see below).
Troubleshooting: Checking the home in the /etc/passwd file on Windows: In your Cygwin root install folder (C:cygwin) there is a directory etc/ containing a file “passwd” (if this file is missing it can be created with the cygwin command “makepasswd”). The lines in this file contain fields separated by colons (:). In a new Cygwin installation the last line will be for your Cygwin user name. The last field will be “/bin/bash”. Make sure the next-to-last field in the line for your user name is “/home/nifty”, (it’s OK if “nifty” is a link, as above). Do not use Windows “C:” notation. Be sure to edit the /etc/passwd file with a text editor (like Notepad or Wordpad) and not a word processor (like Word).
Troubleshooting: If the Cygwin shell doesn’t open in $HOME: On some some of my installations the Cygwin Bash shell did not open in $HOME but in /usr/bin (the prompt was “/usr/bin $”, not, e.g., “nifty/ $”). See the troubleshooting note above.

Linux and Windows

OpenSSH to OpenSSH (ssh2)

Check that ssh functions at all: SSH can replace telnet even without keys. Suppose you are connecting to the remote computer remote.edu. as user “dude”. Run

 $ ssh [email protected] 

and ssh will ask if you want to keep connecting, type “yes”, and then it should ask for your password and open a shell in dude’s home directory on remote.edu, just like telnet. If this fails, there is a problem somewhere. Make sure ssh is installed on your end, and also make sure that remote.edu is accepting ssh connections. If it’s not, you’re wasting your time.

Once ssh is functioning we will set up the keys so that it will no longer be necessary to send passwords. If you are curious about the theory of this then read up on “public key cryptography”.
Create your keys: You need to create private and public ssh keys and put them in the proper place with the proper permissions. In your home directory create a folder .ssh ($ mkdir .ssh), if there is none. Note that Windows may make it difficult for you to create a file starting with “.” if you try to do it with their tools; e.g. Windows Explorer. Next, create the keys with the command

 $ ssh-keygen -t dsa  

The ssh-keygen program will ask for a passphrase, just hit the “Enter” key unless for some reason you know you want a passphrase. This creates the keys id_dsa and id_dsa.pub and puts them in .ssh/. The private key id_dsa must be readable only by you; change its permissions with

 $ chmod 600 .ssh/id_dsa 

Put the public key on the remote computer: In this section we are assuming the remote computer is also running OpenSSH. Somehow, you must get the .ssh/id_dsa.pub key onto the remote computer, whether by email, ftp, carrying it over on a floppy (sneakernet), etc.; the cool way to do it is to use scp, which was installed along with ssh. Suppose the remote computer is named remote.edu, and your account there is “dude”. To copy the file to remote, run

 $ scp .ssh/id_dsa.pub [email protected]:  

Don’t forget the trailing colon (:). You will be asked for dude’s password on remote before the copying commences. The file will be copied to dude’s home directory on remote.

Install the public key on the remote computer: (We assume the remote computer is running OpenSSH on Linux or UNIX!) Once id_dsa.pub is on the remote computer, login into the remote computer (you can use ssh to login with your password as described above). From your home directory (where you should see your newly arrived id_dsa.pub) create a .ssh folder if none exists. Then append your id_dsa.pub to a file in .ssh with

 $ cat id_dsa.pub >> .ssh/authorized_keys 

This will create the file authorized_keys if none exists. The id_dsa.pub key may be removed from the remote computer’s home directory, if you like. The .ssh folder on the remote computer must have the correct permissions, you may set them with

 $ chmod 700 .ssh     

Checking the password-less connection: Now the command

 $ ssh [email protected] 

should give you a password-less connection to remote.edu. Likewise, scp should be password-free.

By the way, all the commands you do by first logging into the remote computer can be done remotely, one at a time, using ssh. For example, you can run run “$ ssh [email protected] ls” and get a listing of your home directory files on the remote computer. See the documentation for details.

OpenSSH to Commercial SSH

This is very similar to the connection described above and only some differences are described here. If you don’t mind using passwords you can use ssh and scp as described above. For password-less connections read on.
Changes to the keys: OpenSSH’s ssh-keygen command has the options “-i” to import commercial keys and “-e” to export them. If you have created your keys using OpenSSH, then you should be able to export the key id_dsa.pub to a commercial version, and put that on the remote machine instead of the OpenSSH version.
If “-e” does not work for you (and it did not for me), you can generate commercial keys on the remote machine using ssh-keygen2, and then on your local machine use OpenSSH’s ssh-keygen with the “-i” flag to create a new private key id_dsa (This worked for me, or was it vice-versa?).
Installing the commercial public key: This is like the OpenSSH installation above except for minor differences. The directory on the remote machine is called .ssh2, and the public key file’s name (not the file itself) is appended to .ssh2/authorization. The public key file itself can be stored in .ssh2/. From the home directory:

        $ mv id_dsa.pub .ssh2
$ echo "id_dsa.pub" | cat - >> .ssh2/authorization

SSH Tunnelling

We’ll move right out of beginner stuff into ssh tunnelling now. The idea here is to connect to a remote computer via an intermediate computer, all with ssh. This situation arises at organizations that have one computer facing the internet, but you want to connect to another computer behind the internet-facing computer. Of course the intermediate computer and the remote computer must accept ssh connections. I’ll assume that you are “dude” sitting at “localhost”, with account “intdude” on the intermediate computer “intermediate.edu”, and account “remotedude” on the remote computer “remote.edu”. I’ll assume further that you have set up ssh keys for access to intermediate.edu.

Basic SSH Tunnelling

On localhost, in a terminal, run

 $ ssh -L 2022:remote.edu:22 [email protected] 

This creates an “ssh tunnel” starting at localhost:2022 through intermediate.edu (which has the default ssh port of 22) to remote.edu:22. As a byproduct it gives you a shell on intermediate.edu. The idea is that you can use ssh to connect to remote.edu from localhost through the tunnel.

Leave this terminal open, and in another terminal run

 $ ssh -l remotedude -p 2022 localhost 

If you do not have your id_dsa.pub key in remote.edu’s .ssh/authorized_keys, then you will get:

 [email protected]'s password:  

Enter the remotedude password at this prompt and you will have a shell on remote.edu. Of course if you have set up ssh keys for connecting from intermediate.edu to remote.edu, then you will need no passwords at all.
You can use the same key pair for both ssh connections, but maybe you don’t want to; for example you may want to use one private/public pair for your computers at work and another pair for your computers at home. In this case the work computer only needs the public ida_dsa.pub key from your home pair.
Remark: It is not quite intuitive to use “localhost” in your commands and mean “remote.edu”. You can change this so that “ssh [email protected]” works by adding a HostKeyAlias to your config file, as described below.

CVS Tunnel to remote.edu

Assume you want to check out the module mycvsmodule on remote.edu which has CVS root “/cvsroot”. Create with or add to your localhost ~/.ssh/config file the following stanza (note the optional wildcard “*”, too):

      Host remote*
HostName localhost
Port 2022
User remotedude
HostKeyAlias remote
CheckHostIP no
ForwardAgent yes

Then (after you set up the tunnel in another terminal with the “ssh -L” command as described above) run something like

 $ cvs -d:ext:remote.edu:/cvsroot co mycvsmodule 

which will check out the “mycvsmodule” module. You can now cd into the mycvsmodule/ directory where CVS commands will work as expected (as long as the tunnel is open).

Browser Tunnel to remote.edu

Tunnelling may help in situations where you want to access web pages from a site behind a firewall. If remote.edu is running a web server then it can be accessed via ssh through intermediate.edu. Suppose there is a page which you can access from inside the firewall at http://remote.edu/mypage.html. Assuming you have set up ssh as described above, from outside the firewall you can set up a tunnel:

 $ ssh -L 2022:remote.edu:80 [email protected] 

and then browse to http://localhost:2022/mypage.html.


Copyright 2006 by Glenn Murray

Remove/Delete All files from Directory and Remove all Subdirectories From Linux

To remove everything in a directory use:
rm /path/to/directory/*

If you also want to remove all subdirectories and the directory itself, you can use rm -rf /path/to/directory. But always double-check your line before pressing return, rm -rf can cause lots of havock as well, e.g. if you accidentally insert a space after the first slash while having superuser permissions...

Windows command line SSH

Openssh for windows  is a freely downloadable command line ssh client for windows operating system. This can be downloaded from http://sshwindows.sourceforge.net/

A snapshot with the options is given below. (Click on the image to see the options more clearly).
Installation instructions:
  1. Open the above download link and click on Binary Installer Releases
  2. Download the zip file
  3. Unzip the file and run the setupssh.exe file
  4. Select the options based on your requirement. Unselect server component if you just need the client version.
  5. After completing installation, open command window and then run ssh
If you want a GUI ssh client you can use Putty.exe.  Use Putty connection manager in combination with Putty to have tabbed ssh sessions like the Terminal on Linux.

Run as root so you dont have to type sudo

sudo su root

sudo -s runs a shell with root privileges. 



sudo lets you run commands in your own user account with root privileges. su lets you switch user so that you're actually logged in as root.


sudo -s runs a shell with root privileges. sudo -i also acquires the root user's environment.


To see the difference between su and sudo -s, do cd ~ and then pwd after each of them. In the first case, you'll be in root's home directory, because you're root. In the second case, you'll be in your own home directory, because you're yourself with root privileges.

eNOM Help with Host Records

DNS records translate meaningful domain names into IP addresses used to identify the actual location of devices on the Internet. These host records can be used to direct your domain name to your web server’s IP address (via A or AAAA records) or specify which servers handle email delivery for your domain (via MX records) for example. See below for a full list of supported record types:
A (Address) Record
An A record tells a DNS server what specific IP address to map for a host name. It is the most common type of DNS record. An A record is typically used to direct your domain name, for example www.yourname.com, to a web server.
Example A record format: 98.124.253.253
AAAA (IPv6 Address) Record
An AAAA (or “quad-A”) record is similar to an A record, except that it maps a hostname to an IPv6 address. An A record specifies an IPv4 address, which is currently the dominant Internet Protocol version. In 1998 the IETF designated IPv6 as the successor to version 4 mainly for its much larger amount of available addresses, which provides flexibility in allocated addresses and routing traffic and prevents address exhaustion as more and more hosts are connecting to the Internet and available IPv4 addresses are running out.
IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon.
Example IPv6 format: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
To shorted the writing and presentation of addresses, several simplifications to the notation are permitted.
  • Any leading zeros in a group may be omitted; thus, the example becomes:2001:db8:85a3:0:0:8a2e:370:7334
  • One or any number of consecutive groups of 0 value may be replaced with two colons (::):2001:db8:85a3::8a2e:370:7334

Optional section
  • This substitution with double-colon may be performed only once in an address, because multiple occurrences would lead to ambiguity. For example, the illegal address notation 2001::FFD3::57ab, could represent any of the following:

    2001:0:0:0:0:FFD3:0:57ab

    2001:0:0:0:FFD3:0:0:57ab

    2001:0:0:FFD3:0:0:0:57ab

    2001:0:FFD3:0:0:0:0:57ab

  • Using the double-colon reduction the localhost (loopback) address, fully written as 0000:0000:0000:0000:0000:0000:0000:0001, may be reduced to ::1 and the undetermined IPv6 address (zero value), i.e., all bits are zero, is simply ::.

    For example, the addresses below are all valid and equivalent:

    2001:0db8:0000:0000:0000:0000:1428:57ab

    2001:0db8:0000:0000:0000::1428:57ab

    2001:0db8:0:0:0:0:1428:57ab

    2001:0db8:0:0::1428:57ab

    2001:0db8::1428:57ab

    2001:db8::1428:57ab

CNAME (Alias) Record
A CNAME (or Cononical Name) record tells DNS that this hostname is an alias of another domain name. This hostname then ends up resolving to the same IP address as the target domain name.
This helps if you manage multiple hostnames on the same or even different domain names that will allways point to the same IP address. If you specify all of these hostnames as CNAME records that point to one host with an A record, then if you need to update that IP address the master A record is all that needs to be updated, and all hostnames referring to it via a CNAME will automatically resolve to the new address.
Restrictions
  • A CNAME must have no other records of other types (MX, A, etc). This is very important especially with the @ record. If you specify a CNAME record type for the @ hostname, then email will not route properly for this domain name.
  • CNAME records that point to other CNAME records should be avoided. It is possible to create infinite loops and other error conditions.
  • Other DNS record types that point to other names, such as NS, MX, PTR, and SRV should never point to a CNAME.
Example CNAME record format: www    CNAME    www.myothername.com
URL Redirect record
URL Redirect is not a native DNS record type. Specifying URL Redirect for a hostname creates an underlying A record that directs the name to our URL Forwarding servers. These servers then perform an HTTP 301 redirect to the URL you specify in the address field. You can specify only the domain name to go to, or a full path to a specific file.
Example URL Redirect record formats:
www    URL Redirect    http://www.someotherdomainname.com/
blog    URL Redirect    http://weblogs.asp.net/pwilson/
Note that after redirecting, the target URL will show in the browser’s URL text box.
If a user specifies a path or filename after the domain name when requesting a host that is URL Redirected, that path information is intelligently appended to the destination URL. In the example above, if a user had entered “www.myname.com/someotherpage.html” in a browser, this would redirect to “http://www.someotherdomainname.com/someotherpage.html”.
Advanced users: The default HTTP code returned for the redirect is 302 (“HTTP 302 Found”). To change the code to 301 (“HTTP 301 Moved Permanently”), add the parameter “redir_mode=301” to your redirect address. To change the example above to use a 301 code instead of the default, you would use: http://www.someotherdomainname.com/?redir_mode=301. If the destination URL already has querystring parameters, use the ampersand (“&”) instead of question mark (“?”).
URL Frame record
URL Frame is not a native DNS record type. Specifying URL Redirect for a hostname creates an underlying A record that directs the name to our URL Forwarding servers. These servers then output an HTML page using a frame to fill the page. The contents of the destination URL are then loaded into that frame. The advantage of this over URL Redirect is that the original URL entered by the user remains displayed in the browser’s URL text box.
Example URL Frame record formats:
www    URL Frame    http://www.someotherdomainname.com/
blog    URL Frame    http://weblogs.asp.net/pwilson/
Note that after redirecting, the target URL will show in the browser’s URL text box.
If a user specifies a path or filename after the domain name when requesting a host that is URL Redirected, that path information is intelligently appended to the destination URL. In the example above, if a user had entered “www.myname.com/someotherpage.html” in a browser, this would redirect to “http://www.someotherdomainname.com/someotherpage.html”.
TXT Record
TXT records were originally intended for human-readable text in a DNS record. This record type is now used as machine-readable data for several services, such as Opportunistic encryption, Sender Policy Framework (SPF), DomainKeys Identified Email (DKIM), DNS-SD, etc.
Our system will accept any text in the address field of a TXT record. If you are setting up a data string intended for use with a specific service, such as SPF, you should use a utility to generate a string for you so there are no errors (for example www.openspf.org has an SPF builder tool).

Setup URL Forwarding in eNom Control Panel

Below are the steps to forward (point) your domain name to your website, by setting up URL forwarding.

1. Login to eNom Control Panel at http://manage.exabytes.com/ .

2. Choose menu option “DOMAINS”.

3. Click on your domains.

4. Click on the domain name you wish to edit.

5. Click on “Host Records”.

6. Select the desirable “Record Type”.

 URL Redirect : Forward the domain name to a website, and display that website address in the address bar.

URL Redirect
– URL Frame : Forward the domain name to a website, but continue to display your domain name in the address bar.
URL Frame
– A (Address) : Forward (point) to an I.P. Address (i.e., 123.456.56.6)
A (Address)
7. “Host Name” explanation.
www: This forwards your domain if you enter the www’s into the address bar of the browser. Example:www.exabytes.com
@ (none): This forwards your domain if they forget to enter the www’s into the address bar of the browser. Example: exabytes.com
NOTE: If you do not see the Host Records link this could mean that your domain is not currently set to use eNom DNS Service. To change this you’ll need to click the DNS Server Settings link and select to use the eNom Nameservers. Once you save this change you can select Host Records from the drop down menu.
DNS Information