dotkam.com stats

linux

linux / shell / sysadmin2 Comments
22
Mar 09

VNC Into Remote Server Without Typing a Password

vnc without typing a password

I have a simple setup where one of my Ubuntu boxes is hooked up to the old Mitsubishi 50” TV via s-video. The box is hidden behind the TV, and is, of course, online. It has Mythbuntu installed, and functions as a full blown multi media center.

Besides all other goodies that are installed on the box, I recently installed rtGui (A web based front-end for rTorrent) on it. Hence anywhere I go, I can connect to it over the web, and throw a torrent link that will start the download right away – convenient. ( here is how to “install rtGui on Ubuntu” )

Currently, I control my media box the most straightforward way – from my laptop. There are many other options available: Gyration Remote (In-air cursor control using Patented Gyroscopic Motion-Sensing technology – 2.4GHz RF technology for up to 100 ft), mini wireless keyboard, and many others, but I don’t mind a semi-manual way to control the box by using my laptop. There is one little problem though – every time I am VNCing to the box, I have to enter a password – not convenient…

First thing I tried to find a “no typing password” solution was:

$ vncviewer remotehost.com -p dummypasswd
VNC server supports protocol version 3.8 (viewer 3.3)
Cannot read valid password from file "dummypasswd"

Here I just wanted to see what the error message would pop up, to get more clues on where to look. Now I’ve got the clue: “there should be a valid password file”. Next thing to do is to read about “vncviewer”:

$ man vncviewer
 
       -passwd passwd-file
              File from which to get the password (as generated by the vncpasswd(1) program).

Excellent – now it is official, just need to use “vncpasswd”:

$ vncpasswd
The program 'vncpasswd' can be found in the following packages:
 * tightvncserver
 * vnc4-common
Try: sudo apt-get install
<selected package>
bash: vncpasswd: command not found

Seems like its not installed, which is an easy problem to solve…

Step 1. Install “tightvncserver”.

$ sudo apt-get install tightvncserver

Check that “vncpasswd” is installed:

$ vnc [TAB][TAB]
vncconnect  vncpasswd   vncserver   vncviewer

Step 2. Create a vnc password file with “vncpassword”.

$ vncpasswd
Using password file /home/user/.vnc/passwd
VNC directory /home/user/.vnc does not exist, creating.
Password: [TYPE YOUR VNC PASSWORD HERE]
Verify: [TYPE YOUR VNC PASSWORD HERE]
Would you like to enter a view-only password (y/n)? n

Step 3. VNC into the remote system without typing the password.

$ vncviewer remotehost.com -p /home/user/.vnc/passwd

As you see the only thing I need to provide now is the password file – no need to type the password every time I need to watch a movie. And to make it even more convenient, I can now create a launcher that will launch “vncviewer remotehost.com -p /home/user/.vnc/passwd” on a simple mouse click:

media center launcher

Want to do something else simple and convenient? Try to “run commands remotely via SSH with no password“.

VNC away!

linux / shell / ssh / sysadmin2 Comments
10
Mar 09

Run Commands Remotely via SSH with No Password

Run Commands Remotely via SSH with No Password

Extremely useful for system administrators, very useful for application developers when testing with remote services, or how some buzz developers refer to it: Service Oriented Architecture (SOA). Also remote execution is widely used by web masters to sync/backup/create mirrors.

Below 5 simple steps will enable you to run any commands on the remote box/host/server via SSH without a need to provide a password. That is usually useful, if such remote calls need to be automated (work without manual/human intervention).

Step number 6 has an example on how to actually run a command on remote host via SSH.

from the local host

Step 1. Create a public/private keys with “ssh-keygen” (ENTER through everything):

      user@host:~/.ssh$ ssh-keygen -t rsa
 
      Generating public/private rsa key pair.
 
      Enter file in which to save the key (/home/toly/.ssh/id_rsa): 		[ENTER]
      Enter passphrase (empty for no passphrase): 				[ENTER]
      Enter same passphrase again: 							[ENTER]
 
      Your identification has been saved in /home/user/.ssh/id_rsa.
      Your public key has been saved in /home/user/.ssh/id_rsa.pub.
      The key fingerprint is:
      66:fd:11:ca:2d:21:b9:73:c1:b6:fa:1d:b2:2c:71:cd user@host
 
      The key's randomart image is:
      +--[ RSA 2048]----+
      |                         |
      |           .             |
      |          . o           |
      |         o + o         |
      |        E S.o o       |
      |       o. .+.o .       |
      |       . +o o.         |
      |        +. o...        |
      |       ... ..=.         |
      +-----------------+

At this point the public and private keys should be created and saved into “~/.ssh” directory:

      user@host:~/.ssh$ ls -l
      total 20
      -rw------- 1 user group 1675 2009-03-10 14:18 id_rsa
      -rw-r--r-- 1 user group 392 2009-03-10 14:18 id_rsa.pub
      -rw-r--r-- 1 user group 8642 2009-03-10 12:10 known_hosts

Step 2. Add identity to the local ssh authorizer with “ssh-add”.

If you “entered” through the “Enter file in which to save the key (/home/toly/.ssh/id_rsa)” in the previous step, then your identity file should be “id_rsa”:

      user@host:~/.ssh$ ssh-add id_rsa

Otherwise replace “id_rsa” with the file you chose to save your identity in.

In case of a friendly “Could not open a connection to your authentication agent.” error message, start “ssh-agent” as:

eval `ssh-agent`

and re-run “ssh-add”.

Step 3. Copy the public key to the remote host ( server ) under “~/.ssh”:

From the step above “id_rsa.pub” would be the public key that needs to be copied to the remote system you would like to run commands on.

      user@host:~/.ssh$ scp id_rsa.pub remoteuser@remotehost.com:~/.ssh/

from the remote host

Step 4. On remote host add this public key to “authorized_keys”:

      remoteuser@remotehost:~$ cd ~/.ssh
      remoteuser@remotehost:~/.ssh~$ cat id_rsa.pub >> authorized_keys

Step 5. Change “authorized_keys” permissions to allow only you to read/write it:

      remoteuser@remotehost:~/.ssh$ chmod 600 authorized_keys

from the local host

Step 6. Now you can run any command on the remote box from the local box with no password:

Let’s see what that remote box is running at:

       user@host:~$ ssh remoteuser@remotehost.com  uname -a
 
       Linux remotehost 2.6.27-01-generic #1 SMP Thu Mar 21 10:34:21 UTC 2009 i686 GNU/Linux

By runing “ssh remoteuser@remotehost.com uname -a” from the local box, you just ran “uname -a” command on the remote box without a need to enter the password.

Good Luck Remoting!

hardware / linux / ubuntu1 Comment
21
Jan 09

That Hardware RAID is FAKE!

Hardware RAIDUbuntu community is straight up about the fact that in the last few years, a number of hardware products have come onto the market claiming to be IDE or SATA RAID controllers. These have shown up in a number of desktop/workstation motherboards. Virtually none of these are true hardware RAID controllers. Instead, they are simply multi-channel disk controllers combined with special BIOS configuration options and software drivers to assist the OS in performing RAID operations. This gives the appearance of a hardware RAID, because the RAID configuration is done using a BIOS setup screen, and the operating system can be booted from the RAID.

If I read it in the news or just while browsing the net, I would not even pay attention, but…

Recently I had to setup a RAID5 on one of the P5 ASUS motherboard on Ubuntu Intrepid with 4 hard drives, 1 TB each . Let me tell you – it seems very “straight up” (like a shot of stoli), but it really is NOT..

Motherboards, like ASUS would claim to have a controller where you can configure a single RAID volume in the BIOS at the “Hardware” level. That is exactly what I tried at first, cause that just makes sense, right?

Well, it appears that this Asus RAID is not in any way “hardware”, therefore Ubuntu installation, sees all 4 drives instead of a single volume, as it should have, in case of a true hardware RAID controller.

So when Intrepid tries to create a Software RAID, out of these 4 drives, it fails, due to the reason that one layer of software RAID is already there – created by Asus.

To solve the problem Asus Raid configuration needed to be wiped out, and the “RAID” option in BIOS for SATA/SCSI should be disabled. Only then Software RAID can be manually created in Ubuntu. Manually, means answer “no” to “Activate Serial ATA RAID devices?” question, and go partition them away manually:

(just an example of a random Ubuntu install screen while configuring RAID1)

configure software raid in ubuntu

Then choose “Configure software RAID”, and create all the multidisk devices (”Create MD device”) from available volumes.

And watch out “that RAID is fake!”. Make sure you do enough research beforehand, to really make sure that the motherboard/controller that has a “Hardware RAID” support in specifications does in reality goes to the metal.

Good luck!

howto / linux / ubuntu / web 2.013 Comments
7
Jan 09

Install Adobe Flash Player Firefox Plugin

Flash Player on Ubuntu

Since I upgraded one box to Ubuntu 8.04 (Hardy Heron), and another box to Ubuntu 8.10 (Intrepid Ibex), it was quite irritating for some time to watch youtube videos with no or flaky sound along with skipping videos.

In Firefox, when I went to “Tools -> Add-ons -> Plugins”, or just typed “about:plugins” in the address bar, I saw that I do have “Shockwave Flash 9.0 r124″, however it just dis not want to work smoothly. The same was true for “”Shockwave Flash 9.0 r100″.

So you would think that the right thing to do was to go to the Adobe website: “http://get.adobe.com/flashplayer/“, choose “get the one for Ubuntu 8.04+” option, and download the latest (v10 / v11 / v12 / v13 / v14 / whatever…) flash player, right? Well, not really. After I did that, I saw both “Shockwave Flash 9.0 r124″ and “Shockwave Flash 10.0 r15″, so I disabled 9.0 one, and enabled 10.0 – should be good right? NOPE.

What appeared to be the solution for this mess of flash plugins was to do some “sudo apt-cache search flash…” searches, and figure out what needed to go from both systems.

There were two culprits that overruled the only enabled “Shockwave Flash 10.0 vr15″ plugin: “swfdec-mozilla” and “mozilla-plugin-gnash”. And hence they are going to be removed with all other potential inconsistencies:

sudo apt-get remove -y --purge flashplugin-nonfree gnash gnash-common mozilla-plugin-gnash swfdec-mozilla libflashsupport nspluginwrapper
sudo rm -f /usr/lib/mozilla/plugins/*flash*
sudo rm -f ~/.mozilla/plugins/*flash*
sudo rm -f /usr/lib/firefox/plugins/*flash*
sudo rm -f /usr/lib/firefox-addons/plugins/*flash*
sudo rm -rfd /usr/lib/nspluginwrapper

After this, I had a good feeling and went to http://get.adobe.com/flashplayer/ again, chose “get the one for Ubuntu 8.04+”, saved “install_flash_player_version_linux.deb” locally, and install it with my bare hands:

sudo dpkg -i install_flash_player_10_linux.deb

Restarted Firefox, and let me tell you – Quality of my Ubuntu life has improved significantly since then!
Want to improve the quality of your life significantly? Follow the two steps above :)

hacking / howto / linux / shell / ubuntu12 Comments
6
Jan 09

Find USB flash drive device in Linux

Find USB drive in Linux / Unix

Recently I have written a quick “how to” on restoring, formatting a USB flash drive. The “how to” had a lot of hits from different places since then, mostly from GOOGLE, of course, but some from independent bloggers, like my blogging self.

One of such places was www.newlinuxuser.com. Although the guide “saved them” (welcome :) ) they had a very constructive critique that one thing the guide missed was how to actually find which device to restore / format.

Hence I decided to write a new little 2 step “how to” that will teach you just that.

Step 1. System Log is your friend, listen to what it has to say…

Imagine you close your eyes, and someone puts an apple in your mouth – would you be able to identify what the heck was put into your mouth? For most people the answer would be “yes”. ( If you’d like to experiment, feel free :) . The thing is once you bite on that apple, your brain goes through many lines of code (given that we are written in C), finds that match, and reports: 

"The object in your mouth was identified as an Apple - we've had that before.
  I just talked to the stomach, it knows how to digest it."

You would think that your Linux/Unix system is any different? Well, not really.

Right after you insert a USB device into a slot, Linux/Unix will try to read, and identify it. While doing that, it will also assign it to a particular device as “/dev/particular-device”. This device is exactly the information we need, so we can talk to it, and mount it.

Although most people would approach it with running a dmesg, and look at the output, I prefer a more natural OS way to look at things – we’ll look directly in the eye of a System Log!

Let’s use “tail -f”, so we can see real time system log updates:

tail -f /var/log/messages

Now insert your USB drive into a slot and you should see the output similar to:

Dec  5 14:53:19 your-hostname kernel: [81585.308993] usb 4-1: new full speed USB device using uhci_hcd and address 3
Dec  5 14:53:19 your-hostname kernel: [81585.456757] usb 4-1: not running at top speed; connect to a high speed hub
Dec  5 14:53:19 your-hostname kernel: [81585.484884] usb 4-1: configuration #1 chosen from 1 choice
Dec  5 14:53:19 your-hostname kernel: [81585.498817] scsi6 : SCSI emulation for USB Mass Storage devices
Dec  5 14:53:24 your-hostname kernel: [81590.514870] scsi 6:0:0:0: Direct-Access     USB 2.0  USB Flash Drive  0.00 PQ: 0 ANSI: 2
Dec  5 14:53:24 your-hostname kernel: [81590.519874] sd 6:0:0:0: [sdb] 15794175 512-byte hardware sectors (8087 MB)
Dec  5 14:53:24 your-hostname kernel: [81590.522834] sd 6:0:0:0: [sdb] Write Protect is off
Dec  5 14:53:24 your-hostname kernel: [81590.534817] sd 6:0:0:0: [sdb] 15794175 512-byte hardware sectors (8087 MB)
Dec  5 14:53:24 your-hostname kernel: [81590.537814] sd 6:0:0:0: [sdb] Write Protect is off
 
>>>>  Dec  5 14:53:25 your-hostname kernel: [81590.537888]  sdb: sdb1  <---- GOT YOU!
 
Dec  5 14:53:25 your-hostname kernel: [81590.654848] sd 6:0:0:0: [sdb] Attached SCSI removable disk

Note that the USB drive was “connected”, or associated with sdb device

[81590.654848] sd 6:0:0:0: [sdb] 15794175 512-byte hardware sectors (8087 MB)

and more precisely, with sdb1 device

[81590.537888]  sdb: sdb1

And that means we can talk to it! The full name of the guy would be “/dev/sdb1″.

Now let’s greet our friend. Say: “Hi /dev/sdb1″! :)

Step 2. Mount USB drive’s device to the File System.

Just an extra step, in case you need to mount it. If you can’t, and would like to format it, so you can mount it afterwards, read this.

To mount the drive enter this:

sudo mount -t vfat /dev/sdb1 /media/usbdrive/

where “/dev/sdb1″ is the name of the device, we found in the step above. “/media/usbdrive/” is the directory that we are going to mount it to. Make sure this directory exists (otherwise create it “sudo mkdir /media/usbdrive/”). And “-t vfat” is asking your Linux/Unix OS to mount this device as a “vfat” (FAT16, FAT32) device.

Many, if not most, USB devices are VFAT, however if you have an NTFS USB hard drive, for example, you can mount it by entering:

sudo mount -t ntfs-3g /dev/sdb1 /media/usbdrive/ -o force

“sudo” in above couple commands comes from mostly Ubuntu way to “run command as a super user”. If you have any other flavor of Linux/Unix, you may want to just run it as a “root” user.

Eat more apples, and good luck!

howto / linux / network / tutorials / ubuntu1 Comment
17
Nov 08

Configure iwl3945 Driver on Ubuntu

It is quite frustrating when you have a wireless card built in, but you cannot use it – don’t you agree? That seems to be the case for wifi cards that are served by “iwl3945” driver. One of such examples can be “Intel Corporation PRO/Wireless 3945ABG” card.

Before, ( e.g. Feisty and earlier ) “ipw3945” driver was used instead, and worked beautifully with Intel cards. However the active development of this driver has stopped a couple of years ago, which means that security risks that were identified in the last couple of years were not patched. Therefore Ubuntu community switched to a more recent and supported “iwl3945” driver.

However that created a problem with NetworkManager that is used as a default network user interface in (Gnome) Ubuntu. It appears that in order “to be compatible with NetworkManager, a wireless driver must support both hardware and software scanning. Currently, hardware scanning is faster and more reliable and so is recommended for use with NetworkManager“. But unfortunately “iwl3945″ driver does not support hardware scanning very well, however it is a default behaviour that NetworkManager expects.

But usually, and that is what I love Ubuntu for, if there is a problem, there is 99.9999% a solution to this problem. So this how to will help you solve it, and enjoy your Intel Wireless card with Ubuntu, despite of inconsiderate (in this case) NetworkManager.

1. Remove the bad guy

sudo apt-get remove network-manager

2. Disable “iwl3945″ hardware scan

sudo vi /etc/modrobe.d/iwl3945

enter:

	alias wlan0 iwl3945
	options iwl3945 disable_hw_scan=1   # <-- enables software scanning

and save it (:wq).

At this you might want to restart or (optinal) just re-insert the module like this:

sudo modprobe -r iwl3945
sudo modprobe iwl3945

3. Install the good guy

Here you’ll install “the good guy” – his/her name is WICD:

Add wicd’s repository to Ubuntu sources:

sudo vi /etc/apt/sources.list
	 deb http://apt.wicd.net intrepid extras

(if you have Hardy Heron, then add “deb http://apt.wicd.net hardy extras” instead)

Update repositories

   sudo apt-get update

Install wicd “the normal Ubuntu way”:

   sudo apt-get install wicd

4. Run the good guy

   wicd-client

or restart, it should run automatically.

Happy wifying!

howto / interesting / linux / network / security / tutorials3 Comments
10
Nov 08

Configure Simp Server to Encrypt IM clients in Linux

Recently many companies started to inject their security policies with securing IM communication. It makes sense, since everything you type in that chat window to your buddy flies over the network in a clear text. That does not sound to bad, you think, but what it really means, is if anybody wanted to see what you are talking to your colleague, or even to your wife, about, s/he can see it easily by reading your network packets – which is a very easy thing to do now days.

Another example could be the client whose policy is to monitor all the incoming/outgoing network request, and you want to talk over IM to your colleague about something that you do not want your client to see.

Below I’ll show you how to secure you IM communication with SimpServer: http://www.secway.fr/us/products/simpserver/ on Unix client/server boxes. I am going to use Ubuntu here as an example, but it should work for most if not for all Unix flavours.

1. Get the SimpServer.

According to the liink above “SimpServer is currently beta software and is free for any use”, hence let’s get it for free from here:

wget http://download.secway.com/public/products/simpserver/simpserver-2.1.5c-linux-x86.tgz

2. Install the SimpServer.

Before untarring it, let’s make sure the standard C++ libraries that SimpServer uses are installed:

sudo apt-get install libstdc++5

Now let’s untar it and move to “/usr/local” – that is where it will search for its binary files, so make sure you do that:

tar -xvzf simpserver-2.1.5c-linux-x86.tgz
 
sudo mv simp/ /usr/local/

Go to “/usr/local/simp/bin/”, and run the SimpServer:

cd /usr/local/simp/bin/
 
./simpserver
 
----------------------------------------------------------------------------------
SimpServer Linux 2.2.1.5c - (c) Copyright Secway 2000-2005
All rights reserved
 
Visit http://www.secway.com/products/simpserver/ for updates.
Visit http://www.secway.com/support/ for support.
 
MSN Service on 0.0.0.0:11863, mode 1
MSN Service on 0.0.0.0:1863, mode 0
AIM Service on 0.0.0.0:15191, mode 1
ICQ Service on 0.0.0.0:15190, mode 1
YAHOO Service on 0.0.0.0:15050, mode 1
Admin Service on 127.0.0.1:10023, mode 0
 
----------------------------------------------------------------------------------

If there are any problems, grab the simpserver version that is offered here: http://www.secway.fr/us/products/simpserver/download.php

3. Configure the SimpServer.

While SimpServer is running, telnet to it (port 10023). Default “username/password” are “admin/admin”:

$ telnet localhost 10023
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SimpServer Linux 2.2.1.5c - (c) Copyright Secway 2000-2005
All rights reserved
 
Visit http://www.secway.com/products/simpserver/ for updates.
Visit http://www.secway.com/support/ for support.
 
Login: admin
Password: admin

Let’s see what it is capable of by asking for “help”:

> help
SimpServer Linux 2.2.1.5c - (c) Copyright Secway 2000-2005
All rights reserved
 
Visit http://www.secway.com/products/simpserver/ for updates.
Visit http://www.secway.com/support/ for support.
 
 ?,        help                  print this help
 list,     list_keys             [all, public, private]
 generate, generate_private_key  [-e<account>] [-s<service>] [-c<cipher>] [-b<size>] [-n<name>] [-p
<password>]
 load,     load_private_key      -i<keyid> [-e<account>] [-s<service>] [-c<cipher>] [-p
<password>]
 unload,   unload_private_key    -i<keyid> [-e<account>] [-s<service>] [-c<cipher>]
 change,   change_password       -i<keyid> [-e<account>] [-s<service>] [-c<cipher>] [-o
<old_password>] [-p<new_password>]
 delete,   delete_key            -i<keyid> [-e<account>] [-s<service>] [-c<cipher>] [-force] [-pendinf]
 accept,   accept_pending_key    -i<keyid> [-e<account>] [-s<service>] [-c<cipher>]
 quit,     exit                  exit

4. Create private/public certificates.

Notice that the “list” command, from the above help, shows all/public/private keys, including your public/private key, and all your IM buddies that you are talking to.

Let’s try to see what keys we have right away (without doing anything yet):

> list
Prv  Loaded KeyId             SHA-1 fingerprint                                   Date        Type         Srv  Name
--------------------------------------------------------------------------------------------------------------------

As you can see, we have no keys – because for now we have neither “secure/encrypted” IM buddies, nor our public/private key pair.

Hence start by by running a “generate” command that would create your the key pair (link to certificates article) that will be used:

> generate
generating the new key pair, please wait... done!
new key: 278dc025d92cdbc4  b14e 7b16 6415 e88f 2a67 2fe6 2e31 579b 580e 1a89   2008-10-16  RSA-2048  [admin] KeyPair

Now let’s “list” the keys again:

> list
Prv  Loaded KeyId             SHA-1 fingerprint                                   Date        Type         Srv  Name
--------------------------------------------------------------------------------------------------------------------
Yes  Yes    278dc025d92cdbc4  b14e 7b16 6415 e88f 2a67 2fe6 2e31 579b 580e 1a89   2008-10-16     RSA-2048    *  [admin] KeyPair

Perfect – you have your own “KeyPair”, that will be used to authenticate and encrypt communication from your IM buddies.

5. Connect IM clients to the SimpServer.

Next, let’s connect to our SimpPro / SimpLight / etc.. IM buddies. Here is an example on how to configure “Pidgin” to use a SimpServer:

For example you’d like your work AIM account to “follow the company standards” and use encryption via simp server. Here is what you should do

Go to "Accounts" -> (Choose your AIM account) "Edit Account" -> "Advanced"
 
Choose "SOCKS4" in "Proxy Options"
 
type "127.0.0.1" in Host
type "15191" in Port

Pidgin SOCKS4 settings

Why “127.0.0.1″? Because you have started the SimpServer on your local box. By the way, you can start the server on one box, and use it from many other PCs by entering IP address of that box to the “host” field for the proxy settings of the account in your IM client.

Why “15191″? Let’s look at the server output once again:

MSN Service on 0.0.0.0:11863, mode 1
MSN Service on 0.0.0.0:1863, mode 0
AIM Service on 0.0.0.0:15191, mode 1
ICQ Service on 0.0.0.0:15190, mode 1
YAHOO Service on 0.0.0.0:15050, mode 1
Admin Service on 127.0.0.1:10023, mode 0

We see that “AIM Service” listens on the port “15191″.

6. Start using the SimpServer with your IM client(s).

Now when you send an IM to anybody who runs SimpPro / SimpLight / or just a Simp Server, they would get a pop up asking them to accept your message. After they do accept it, your public key ( one of the keys that was generated by the “generate” command ) will be added to their Simp database. Same thing will happen when they ping you or respond to your IM encrypted message – their public key will be added to the simpserver:

Here is an example of what happens initially, when there is a new “Simp-Oriented” buddy pings you:

(2008-10-16 15:16:09) BuddyName: *** (*) SimpServer Linux 2.2.1.5c - Encrypted and Authenticated (*) ***
(2008-10-16 15:16:09) BuddyName: Hey, that is cool - so now our messages are encrypted...!

And now you can go back to your “telnet” session and “list” the keys again:

> list
Prv  Loaded KeyId             SHA-1 fingerprint                                   Date        Type         Srv  Name
--------------------------------------------------------------------------------------------------------------------
Yes  Yes    278dc025d92cdbc4  b14e 7b16 6415 e88f 2a67 2fe6 2e31 579b 580e 1a89   2008-10-16     RSA-2048    *  [admin] KeyPair
 No  N/A    0f2292a9d40c2f90  ab1d 6f78 6bff a03e 892a 34df 2b3a 26e7 16ff cbb9   2008-10-16     RSA-2048  AIM   <buddy1Name>
 No  N/A    62f02d7e858e0139  c315 616f 8518 d9c8 9827 e4c4 d8b4 2448 06f7 4278   2008-10-16     RSA-2048  AIM   <buddy2Name>

Notice that now you have your own “KeyPair”, a public key for “Buddy1Name”, and a public key for “Buddy2Name”.

Happy Secure IMing, and don’t abuse your secrecy :)

hardware / howto / linux / network / tutorials / ubuntuNo Comments
29
Sep 08

Sure Way to Restart a Wireless Network

linux penguin is watching windows fly

While wireless signal is good, the network is dead – why is that? Many reasons, of course. You can spend time to figure out the reason and then try to fix, which is a good approach, but requires some time. Or you can restart the network to see if it resolves the issue, and if it does – forget that the problem ever existed.

However the way to restart a wireless network is not always “black and white”. Sometimes it is possible using GUI, and sometimes by typing something that means “network service restart”. And yes these ways are “clean”, but have a drawback – they rely on operating system to do what it suppose to do and restart the network.

However, OS does not always behave (yes, Linux does not always behave, along with Mac, and Windows, and “any” OS.. ). But here is a sure way to restart it – you would need to get down to the driver level though – to be less OS (or distribution) specific. But I’ll guide you through, don’t worry..

So, the signal is full/good/strong:

wireless signal is good
but there is no network:

$ ping -c 4 google.com
ping: unknown host google.com

First thing to do is to see what wireless card you are using:

$ lspci | grep -i network
08:00.0 Network controller: Intel Corporation PRO/Wireless 3945ABG Network Connection (rev 02)

In my case it is Intel 3945ABG. Next, check what driver is used for this card. I did a simple google search, and saw that the driver is “ipw”something.

Let’s see what ipw-like modules/drivers are currently running/loaded:

$ modprobe -l | grep ipw
/lib/modules/2.6.20-17-generic/kernel/ubuntu/wireless/ipw3945/ipw3945.ko
/lib/modules/2.6.20-17-generic/kernel/drivers/usb/serial/ipw.ko
/lib/modules/2.6.20-17-generic/kernel/drivers/net/wireless/ipw2200.ko
/lib/modules/2.6.20-17-generic/kernel/drivers/net/wireless/ipw2100.ko

Here it is “ipw3945″. Let’s kill it (-r stands for “remove”):

$ sudo modprobe -r ipw3945

Let’s start it back up:

$ sudo modprobe ipw3945

Checking connectivity:

$ ping -c 4 google.com
 
PING google.com (64.233.187.99) 56(84) bytes of data.
64 bytes from jc-in-f99.google.com (64.233.187.99): icmp_seq=1 ttl=238 time=43.3 ms
64 bytes from jc-in-f99.google.com (64.233.187.99): icmp_seq=2 ttl=238 time=28.9 ms
64 bytes from jc-in-f99.google.com (64.233.187.99): icmp_seq=3 ttl=238 time=27.7 ms
64 bytes from jc-in-f99.google.com (64.233.187.99): icmp_seq=4 ttl=238 time=34.7 ms
 
--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 27.742/33.685/43.323/6.165 ms

Perfect!

eclipse / howto / java / linux / software / sun / technology3 Comments
15
Sep 08

Reset Lost Password in Sun Application Server

Sun Application Server Password ResetHappens to the best of us, less with system admins more with developers. But we are all human, and believe it or not we DO forget and loose passwords at least once every so often. Some time ago I wrote a tutorial on how to reset lost root password in mysql, and here is another similar tutorial on how to reset the lost domain password but this time for Sun Application Server.

Before going any further with this article, please first check “.asadminprefs” file:

cat /home/toly/.asadminprefs
 
AS_ADMIN_USER=admin
AS_ADMIN_PASSWORD=YourSecretPasswordInTextHere!

the admin password could be there

If it is not there, there are two ways to reset it:

  • Reinstall or recreate the affected domain.
  • Create a new dummy domain and copy its security key file over to the real domain to substitute the password.

Below is an explanation for the second approach (in case when “reinstall or recreate affected domain” is not an option):

Given:

 >   Sun App server is installed in                 "/opt/SUNWappserver"
 >   Domain to which the password is lost:   "domain1"

Step 1. Creating a new dummy domain

/opt/SUNWappserver/bin/asadmin create-domain --adminport 7070 --adminuser admin --instanceport 7071 dummy-domain
 
Please enter the admin password>password
Please enter the admin password again>password
Please enter the master password>password
Please enter the master password again>password
 
Domain dummy-domain created.

Step 2. Copy dummy-domain’s “admin-keyfile” to domain1’s “admin-keyfile”

cp /opt/SUNWappserver/domains/dummy-domain/config/admin-keyfile  /opt/SUNWappserver/domains/domain1/config/admin-keyfile

now the password for domain1 is “password” – DONE :)

Step 3. Deleting the dummy domain

/opt/SUNWappserver/bin/asadmin delete-domain dummy-domain
Domain dummy-domain deleted.

NOTES:

The above is true for Sun’s Application Server 8.x and later.

For Sun’s Application Server 9.x check out “change-admin-password

cool places / howto / java / linux / software / technology / tutorials / ubuntu4 Comments
11
Sep 08

Install Sun Application Server on Ubuntu

Sun Microsystems

On the client site when working on Java (or should I say JEE) projects, the application servers are most of the time “rotate” between these four: JBoss, Websphere, Weblogic, and someties Geronimo. However there are some clients who have pretty tight contracts with Sun, and in these cases the Sun Application Server is used.

I think now days in development world in general, well except maybe .NET part of it, Ubuntu and/or Mac OS slowly become OSs of choice for developers. Sun app server however is not the most used app server out there, and since its installation could be a bit non-straightforward, here are four simple steps on how to install it on Ubuntu box:

Step 1. Download the “.bin” form sun:

“Sun Java System Application Server”

http://java.sun.com/j2ee/1.4/download.html (I needed 8.2, but there are more recent ones)

Step 2. Change permissions, to make it runnable:

chmod 744 sjsas_pe-8_2-linux.bin

Step 3. If you just run it:

./sjsas_pe-8_2-linux.bin

It is going to complaint that it is missing a standard c++ library:

./sjsas_pe-8_2-linux.bin: error while loading shared libraries: libstdc++-libc6.2-2.so.3: cannot open shared object file: No such file or directory

Having done some “apt-cache” searches ( apt-cache search libstdc++ ), found that Ubuntu has “libstdc++.so.6″ in /usr/lib.
From /usr/lib run:

 sudo ln -s libstdc++.so.6 libstdc++-libc6.2-2.so.3

Step 4. Run it now, it will install Sun App Server successfully! * **


* Do not run installation as root – it will fail (for most sun app servers versions)

** If you use any form of Beryl (or some Compiz’es), disable it, or reload window manager as a “Gnome Manager”. This is due to the fact the the installer is written in Swing, and Swing does not get along too well with some display managers.

← Older Entries