Saturday, December 18, 2010

Easy ssh

Another note-to-self post. This time how to set up ssh in order to connect easily to many computers.

Instead of doing:

[user@localhost ~]$: ssh remotename@remote.subdomain.domain.tld
remotename@remote.subdomain.domain.tld's password: ************
[remoteusername@remote ~]$:


We can do just:
[user@localhost ~]$: ssh remote
[remoteusername@remote ~]$:

And still have all the security provided by ssh. This is how:

First, create an asymmetric key pair.

[user@localhost ~]$: ssh-keygen -b 4096


That's right, 4096 bit key. Just because we can. The we create a configuration file for the destination server (the one we want to log to):

[user@localhost ~]$: $EDITOR ~/.ssh/config
Host SHORT_NAME_FOR_REMOTE_HOST*
User USERNAME_ON_REMOTE_HOST
Hostname FULL_NAME_OF_REMOTE_HOST.DOMAIN.TLD


Then we copy the public portion of the key to the remote host.

[user@localhost ~]$: scp ~/.ssh/id_rsa.pub SHORT_NAME:~/.ssh/authorized_keys


Of course, if the file already exists on the remote host we should copy our file to a temporal place, then log in the host and append it to the original with 'cat tempfile >> ~/.ssh/authorized_keys'.

Last step: log in without effort!

Friday, December 10, 2010

Ok, seriously?

Something must be wrong: karma, a disturbance in the force, the economic crisis or something similar. There really is no distribution out there that would be easy and work out of the box without giving headaches?

Someone could say: Ubuntu! Is great! I love it! Ok, let's give it a try.

Download iso, start a VM, install, configure, reboot, update...


Wait... what? Well, at least it gives a solution. They COULD HAVE said that you need to run it as f*ckin' admin (it's for 'human beings", remember?), but let's add the 'sudo' for free. And...



O, rly? How am I supposed to recommend Ubuntu to my non-technical friends? Is this their concept of "user-friendly"?

Thanks for watching.

UPDATE:
Ok, I deleted the mentioned file in cache and updated again. It seemed to work. I installed Yakuake and virtualbox-guest-modules, rebooted, and...



No comments.

Thursday, December 9, 2010

Plane Prank

This is a nice "how to" if you want to scare the crap out of that annoying person sitting next to you on a plane.
1. Take your laptop out of the bag
2. Open it veeery slowly
3. Turn it on
4. Make sure the person is looking at your screen
5. Start your favourite browser
6. Close your eyes and turn your head up
7. Take a deep breath and open this website:
8. Look at the person's face.

I would add:
6.5: start mumbling something that sounds arabic.
9: LOL :D
10 (if you are flying to/in the states): get arrested by the TSA ;)


Source

Tuesday, December 7, 2010

Note to self: why I use Arch.

Long time no see! It's been a long time since I posted last time. Facebook and twitter usually are enough for the occasional rant, but this deserved a special mention.

So, I leave this here in case at some point in the future I doubt why, oh why, I use Arch when it takes so long to install. When you need to use the console for stuff. This is the reason:



Steps to reproduce: Install Fedora. Click System. Click Administration. Click Software update.

Well, it's just a bug, I should update... oh wait!

Thanks for watching.

Monday, March 1, 2010

PPPoE with German 1&1 (1und1)

Boring alert: I'm leaving this here just in case it's useful for someone. If you don't {live in Germany, have a 1und1 connection, want to use the Fritz!Box as a modem} you probably don't want to read this

Germany has very nice network coverage (at least compared to Spain). At home, I have a VDSL2 connection, 50Mbps downstream, 10Mbps upstream with 1&1. It includes some online movie rental, online storage, VoIP landline flatrate and a very fancy router to manage it all (FritzBox!Fon 7390), with Phone<->VoIP converter, dual radio WiFi, and lots of other stuff (even console access to the linux underneath, but you need to dial some stuff on a phone to get there, and I have no phone...)

The problem is that the bandwidth is a bit too much for this thing to handle. It manages very well web browsing, ftp upload and downloads and all sorts of usual navigation, but it chokes on BitTorrent usage. Even with just 400 connections it freezes after a few hours, requiring a reboot.

Solution? The web interface allows to use it just as a modem, with a very handy option just in the menu! I have the "advanced options" (Einstellungen>Ansicht>Expertenansicht) active, maybe it's not possible without it. Kudos to Fritz, the firmware might have some bugs / stability problems but their attitude is great. They give the user complete control over the hardware and it looks like they really care about the customer (when I reported another bug I got to talk with a technician after just one email exchange with some operator).

Problem? Of course there is one! It wouldn't be funny without it! After following the super-easy PPPoE guide it wouldn't work. Looking at /var/log/errors.log it said something about an authentication error, and the PAP protocol error was "profile not sufficient". Weird, huh? After some googling it turns out that the credentials 1&1 gives you to connect are not complete. They are in the form 1und1/USERNAME@online.de but the real PPPoE username is ONELETTER1und1/(SOMESTUFF)USERNAME@online.de.

How to find out the first letter and the stuff inside the parens? Maybe you could call 1&1 but if your german is not that... well, german, you can find it out with a packet capture. Yes, a packet capture, of the original PPPoE handshake. No, I'm no kidding. No, you don't need and specialized DSL-sniffing gizmo. Just go to http://ROUTER_IP/html/capture.html, force a reconnect from the main webpage and you just captured the handshake on the DSL interface.

Really really nice job, Fritz, I am impressed. Arguably "lucky for us", the PAP authentication is in clear text, so just get the full username, and put it in the peer file, in the pap-secrets, and you are good to go! The linux box will have a public IP so don't forget a firewall and turning everything you don't need off.

Sunday, February 7, 2010

Cold Fusion? Not yet, but Cold Welding....

I just read about a very cool fact: If two pieces of metal touch in vacuum (for instance, in space) the stick together and can become permanently welded.

Usually it doesn't happen because any metal that has been in earth's atmosphere has a thin layer of oxide that prevents the effect. Even those that we send to space, since they already been to earth.

More info, as always, at https://secure.wikimedia.org/wikipedia/en/wiki/Cold_welding.

Thursday, January 28, 2010

Happy new year! (+ OVH DynDNS)

Starting this year I'll try to write this blog in English as far as it can be useful or relevant. Rants about Spain will be in Spanish ;)

The first post of 2010 will be about dyndns with ovh. Ovh (www.ohv.es / www.ovh.fr) is a very cheap DNS registrar / hosting / whatever company with datacenters in Europe. Recently I got a DNS domain (for now just for fun, in the future maybe for profit...) and they offer a Dyndns service to update the IP, since my connection is not static. They explain how to change the IP automatically using different programs on different OS's. This, however, is not a easy task if you want to do it "your way".

On debian there are two nice programs to do so, ez-update and ddclient. AFAIK, ez-ipupdate doesn't support NATed machines, so it was out of the question. But ddclient is also not so easy to get to work, because of the sub-prime ovh service. After a lot of trial and error, and thanks to the dyndns.org API page I got the update-url:
https://DYNDNS-USER:OVH-PASSWORD@www.ovh.es/nic/update?system=dyndns&hostname=DOMAIN&myip=IP

Now all the caveats:
- DYNDNS-USER is NOT your ovh user. It's the username created when you activate the DynDNS service at the ovh web interface. In my case is my.particular.domain.com-dyndns.
- PASSWORD is your regular ovh password.
- DOMAIN is the subdomain that you have activated as dyndns-capable at the ovh web.
- IP is... well, guess what...

Here half the work is done, but stil we need to get ddclient working. The proper configuration file is:
protocol=dyndns2
use=web
server=members.dyndns.org
login=some-dyndns.org-user
password='dyndns.org-password'
something-something.dyndyns-dot-org-domain.com

protocol=dyndns
use=web
server=www.ovh.es
login=MYDOMAIN-dyndns
password='MYPASSWORD'
HOSTNAME
The first section is about some other dynamic dns account that we may or may not have. We should at the second section here.
The program complaints about "dyndns" not being a valid protocol string, but both "dyndns1" and "dyndns2" don't work properly with ovh. The rest, I think is already quite clear. In case of doubt just leave a comment :) I hope it will be useful!