• ssh to remote servers via a proxy server 20 Apr 2017

    In some strictly controlled hosts, ssh access is limitted from only a few hosts. For example, Server1 is not allowed to ssh to Server2, while Server0 does not has that limit. If we want to ssh to Server2 from Server1, we will have to use Server0 as a proxy server.

    In newer SSH versions, we could use -J option as below:

    阅读全文..


  • ansible playbook retry a task until success 20 Apr 2017

    When writing ansible playbook, there is a scene when a task should be delayed for seconds to run. But you do not know how long it should be. In this case, we want to delay this task for seconds, and retry it for several times.

    Here is an example to archive that.

    阅读全文..


  • set user password none-interactively in unix 18 Apr 2017

    For system administrators, it’s a common task to set user’s password. Often we hope that we could do that without user interaction. In Linux or AIX, typically, we would write a shell script like this:

    $ echo 'username:password' | chpasswd 
    $
    $ echo 'password' | passwd --stdin username

    However, if you were in a HPUX system, you will find neither chpasswd nor passwd --stdin is available. So, how can we set user password in HPUX shell script?

    阅读全文..


  • Split a text file by empty line or string pattern 16 Feb 2017

    Say we have a file as below, we want to split this file by empty line.

    $ cat infile.txt
    hello
    hello world
    
    quick fox
    runs
    away
    
    hello again

    阅读全文..


  • Back to my blog 04 Dec 2016

    It has been a really long long time since I wrote a blog last time. I know, it’s probably because of my laziness. But plagiarism by some domestic websites did blow off some of my motivation to write.These days, I figure out I better promote myself and continue blogging, otherwise I’d be out of date.

    So I made a decision, from now on, I shall write blog in English. On one hand, I kind of love English. On the other hand, I think that should stop some websites from plagiarizing my blog.

    Hope I can stick on, make it a habit. Good luck to me!

    阅读全文..


  • ssh相关的selinux安全上下文小记一则 19 Jul 2014

    在配置使用pgssh,建立多主机信任关系过程中,遇到无法通过ssh验证的问题。追查多时,才发现机器居然,居然开启了selinux,将selinux关闭后再试,问题果然不再复现了。

    继续追查selinux的具体原因,一开始以为是selinux布尔值的原因,尝试后无果;后来发现是安全上下文的问题,是家目录下的.ssh目录及其文件的安全上下文不对,执行restorecon -R -v .ssh命令恢复其安全上下文后,问题即解决。

    阅读全文..


  • 记一个rsh报错的解决办法 19 Jul 2014

    问题现象:执行到rsh -l user1 192.168.0.2 "pwd"命令时报错,报错提示“poll: protocol failure in circuit setup”,但是只有在大并发执行的情况下才会发生。

    分析及解决办法:

    阅读全文..


  • Linux中pam_cracklib.so的minlen和credit参数 11 Jun 2014

    Linux中的PAM(Pluggable Authentication Modules)包含很多有用的模块,其中pam_cracklib.so模块可以配置密码长度复杂度的需求。一般需要同时配置/etc/pam.d/目录中的system-auth和password-auth文件,例如下面

    阅读全文..


  • ssh端口转发 27 Apr 2014

    我们知道ssh -X server可以将远程服务器的GUI画面转发到本地,实际上除了转发X协议之外,ssh还可以建立任意的端口转发。

    阅读全文..


  • 不使用ftp或scp传输文件 30 Mar 2014

    通常我们通过ftp或ssh服务来在机器之间传输文件,然而ftp和ssh服务并不是在所有机器都是开启的,也有可能被限制或禁止了。这时候,使用强大的nc命令(netcat),是一个非常方便的选择:

    阅读全文..