Posts

ssh public key logging fails to work on centos

after doing a ssh-copy-id to a server I am still unable to logon to the server the following did fix this on the destination server:

ldapsearch with openldap

So I was recently working with openldap to provide a developer details for an application ability to provide different levels of auth based on the group, the below helped me achieve this and some things I ran into:

ldap_bind: Confidentiality required (13)

We have ldaps setup with SSL, when you setup ldaps with private certificates and you want to ignore them below is your best bet:

Free OpenLDAP Browsers

Linux 2 NIC with different networks routing problem

We ran out of host addresses in network 10.231.210.0/25 therefore needed to add additional IP space on our avocent console switch. We have two NICs (eth0 and eth1) on the server which and have an ip from a different subnet assigned which was non-contiguous IP space, therefore it was a different network 10.231.213.0/25. So in this scenario my team had configured the VLAN with an additional IP address on the Juniper EX switch, as each NIC was connected to the same switch and VLAN:

So now the issue was that we were unable to reach the address 10.231.213.4 which was configured on the avocent (linux server) therefore on NIC1:

As we know having 2 static default gateways on the server isn’t going to go down well, the reason we were not able to get through to the address 10.231.213.4, was due to the static default route sending us through eth0, therefore we followed this guide:

http://lartc.org/howto/lartc.rpdb.multiple-links.html

and made the following change:

having done that it resolved our issues yay!!

References:
http://serverfault.com/questions/460364/centos-two-nics-eth0-eth1-with-different-subnets-arent-reachable-outside-vlan
http://lartc.org/howto/lartc.rpdb.multiple-links.html

Fix Error opening terminal: screen-256color error

How to fix “Error opening terminal: screen-256color” error on your terminal, see the problem below:

To fix this error you can run the following commands in your bash shell:

To fix this more permanently for your profile add the above to you bash profile:

close and open your terminal again and it should be working as expected.

ftp passive tcpdump unreachable – admin prohibited

If you are seeing this message “unreachable – admin prohibited” on a tcpdump it is most likely suggesting that the host 10.65.14.10 is blocking your request via iptables or some other type of firewall, this was seen when FTP login was successful but on a active or passive connection was failing:

query ntp server command line

quick how to query an NTP server in case you need to test it:

Linux CLI Cheat Sheet Wallpaper

Linux CLI Cheat Sheet Wallpaper

Linux CLI Cheat Sheet Wallpaper

Enable tab completion using bash-completion on ubuntu

If you find that bash tab completion is not working, you can run through the below steps which should help you get back up and running, also works with sudo apt-get install

1. Install the package for bash completion

2. Then edit /etc/bash.bashrc file and uncommented the following bit:

Setup SFTP access for users

This will allow the user sftp access and bind that user only to their directory:

create a group for sftp users:

Now open the file /etc/ssh/sshd_config in your editor

Look for the line near the bottom of this file that looks like this.

And change it to this.

At the very bottom of this file you will need to add the following lines which restrict the “sftponly” user groups access when logging in via SSH.

Once you have added these lines save the file and restart the SSH process.

Next we will create the home directory for the user we are about to add where they will be allowed file access to as well as where they will be chrooted or jailed. This directory can be located wherever but for the sake of this tutorial I will use the following directory.

Now we will need to add a user as we normally would under Linux. At this time we will also specify the users home directory which we just created using the “-d” flag. Remember to replace “sally” with the login name for the user you wish to add.

Then we will need to change the group which the user we just added will belong to.

Next we will set our new user’s shell to /bin/false which will not allowing our new user shell login.

Set a password this user will use.

We will now need to give ownership to any files and folders within the new users home directory which may exist such as folders brought over from a skel or created by an administrator setting up the users home directory manually.

Now comes an important part the newly created users home directory MUST be owned by root. If this directory is not owned by root then the newly created user may not be chooted or jailed within their home directory possibly allowing them access to other directories under theirs.

if you get the following message:

apply the below to the dir:

How to fix “xterm-256color unknown terminal type”

How to fix: “xterm-256color unknown terminal type”

When using tmux, screen, vi or mtr you may sometimes get the above message, in order to resolve this you can do the below: