-
ssh to remote servers via a proxy server 20 Apr 2017
In some strictly controlled hosts, ssh access is limitted from only a few hosts. For example, Server1 is not allowed to ssh to Server2, while Server0 does not has that limit. If we want to ssh to Server2 from Server1, we will have to use Server0 as a proxy server.
In newer SSH versions, we could use
-J
option as below: -
ansible playbook retry a task until success 20 Apr 2017
When writing ansible playbook, there is a scene when a task should be delayed for seconds to run. But you do not know how long it should be. In this case, we want to delay this task for seconds, and retry it for several times.
Here is an example to archive that.
-
set user password none-interactively in unix 18 Apr 2017
For system administrators, it’s a common task to set user’s password. Often we hope that we could do that without user interaction. In Linux or AIX, typically, we would write a shell script like this:
However, if you were in a HPUX system, you will find neither
chpasswd
norpasswd --stdin
is available. So, how can we set user password in HPUX shell script? -
Say we have a file as below, we want to split this file by empty line.
-
Back to my blog 04 Dec 2016
It has been a really long long time since I wrote a blog last time. I know, it’s probably because of my laziness. But plagiarism by some domestic websites did blow off some of my motivation to write.These days, I figure out I better promote myself and continue blogging, otherwise I’d be out of date.
So I made a decision, from now on, I shall write blog in English. On one hand, I kind of love English. On the other hand, I think that should stop some websites from plagiarizing my blog.
Hope I can stick on, make it a habit. Good luck to me!
-
ssh相关的selinux安全上下文小记一则 19 Jul 2014
在配置使用pgssh,建立多主机信任关系过程中,遇到无法通过ssh验证的问题。追查多时,才发现机器居然,居然开启了selinux,将selinux关闭后再试,问题果然不再复现了。
继续追查selinux的具体原因,一开始以为是selinux布尔值的原因,尝试后无果;后来发现是安全上下文的问题,是家目录下的.ssh目录及其文件的安全上下文不对,执行
restorecon -R -v .ssh
命令恢复其安全上下文后,问题即解决。 -
记一个rsh报错的解决办法 19 Jul 2014
问题现象:执行到
rsh -l user1 192.168.0.2 "pwd"
命令时报错,报错提示“poll: protocol failure in circuit setup”,但是只有在大并发执行的情况下才会发生。分析及解决办法:
-
Linux中pam_cracklib.so的minlen和credit参数 11 Jun 2014
Linux中的PAM(Pluggable Authentication Modules)包含很多有用的模块,其中pam_cracklib.so模块可以配置密码长度复杂度的需求。一般需要同时配置/etc/pam.d/目录中的system-auth和password-auth文件,例如下面
-
ssh端口转发 27 Apr 2014
我们知道
ssh -X server
可以将远程服务器的GUI画面转发到本地,实际上除了转发X协议之外,ssh还可以建立任意的端口转发。 -
不使用ftp或scp传输文件 30 Mar 2014
通常我们通过ftp或ssh服务来在机器之间传输文件,然而ftp和ssh服务并不是在所有机器都是开启的,也有可能被限制或禁止了。这时候,使用强大的nc命令(netcat),是一个非常方便的选择: