A7731.COM


SSH Keys

SSH keys allow authentication between two hosts without the need of a password. SSH key authentication uses two keys, a private key and a public key. To generate the keys, from a terminal prompt enter:

# ssh-keygen -b 4096 -t rsa
# ssh-keygen -t ed25519

This will generate the keys using the Ron Rivest, Adi Shamir, and Leonard Adleman (RSA) method. During the process you will be prompted for a password. Simply hit Enter when prompted to create the key.

Now copy the id_dsa.pub file to the remote host and append it to ~/.ssh/authorized_keys by entering:

# ssh-copy-id username@remotehost

Finally, double check the permissions on the authorized_keys file, only the authenticated user should have read and write permissions. If the permissions are not correct change them with:

# chmod 600 ~/.ssh/authorized_keys

Netstat - Query Listening Ports

Use the following command to list all active listening ports on a Linux system:

# sudo netstat -lnptu

-l = Show only listening sockets. (These are omitted by default.)
-n = Show numerical addresses instead of trying to determine symbolic host, port or user names.
-p = Show the PID and name of the program to which each socket belongs.
-t = TCP
-u = UDP


Using Services - Ubuntu Server 14.04

Start a Service:

# sudo service servicename start

Stop a Service:

# sudo service servicename stop

List all Services:

# sudo service --status-all

Add Service to Default Runlevels:

# sudo update-rc.d servicename defaults

Remove Service from Default Runlevels:

# rm /etc/rc*/*servicename

** Be sure to replace 'servicename' with the actual name of the service. Also keep in mind that runlevels 2-5 are identical on Ubuntu. Runlevel 2 is Ubuntu's default. This is not the case with other Linux distros where runlevel 3 is the norm.

DNS Message Header Format

You've probably seen the 'flags:' field when using dig to query a nameserver. Curious to know what those flags actually mean? I know I was!

QR - Query/Response: This essentially indicates that a query was performed, and a response was given by the server.
AA - Authoritative Answer: The server responding to your query is letting you know that it's authoritative for the zone being queried.
RD - Recursion Desired: This is set because you've requested recursion as part of the initial query. The server responding does not alter this flag in its response. A non-authoritative server will respond recursively if it does in fact support recursion.
RA - Recursion Available: A server that supports recursion will respond with this flag indicating that it does support recursive queries.

** There are additional flags out there, but I've really only run across the 4 specified above. You can always do a Google search for "DNS Message Header Format" if you want more informaiton.

To Swap or not to Swap, That is the Question

So you've noticed that swap space is allocated in your system monitor (top, htop, etc...), but is the machine actively swapping in/out? Run the following command and pay attention to the si (swapin) and so (swapout) columns:

# vmstat 1

The machine is swapping if those numbers aren't continuously 0.


Delete Files Older Than 'n' Minutes/Hours/Days...

OK, there are a shit load of old files taking up space in some direcory on your Linux machine, and you want to do some housekeeping!

# sudo find /some/directory/ -type f -mmin +60 -exec rm {} \;

The above command will delete all files in /some/directory/ that were last modified over 60 minutes ago. There is also a -mtime option that will let you specifiy days as opposed to minutes.


Simple File Encryption Using OpenSSL

This simple method allows you to encrypt individual files using AES 256.

Encrypt:

# openssl aes-256-cbc -a -salt -in secrets.txt -out secrets.txt.enc

Decrypt:

# openssl aes-256-cbc -d -a -in secrets.txt.enc -out secrets.txt

Decrypt by piping the encrypted output to OpenSSL:

# echo U2FsdGVkX1+bGeaQYNAnqFPX6W3pwMjVrGAkMDDUeDQ= | openssl aes-256-cbc -d -a

New MySQL Database

One example of how to add a new MySQL Database and apply user privileges from the command line.

mysql> CREATE DATABASE supercooldatabasename;
Query OK, 1 row affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON supercooldatabasename.* TO 'supercoolusername'@'localhost'
-> IDENTIFIED BY 'supercoolpassword' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)