Scenario; set up ssh keys to machine so that you do not require a password for use with something like scp.
First you need a slave user. If you ‘adduser’ on both machines and pick a user name. Make sure they have a shell account but do not require authentication using a password.
On the remote machine you need to run ssh-keygen when you have logged in as that user. You can do something like – su username. Once you run that you will see in /home/username/.ssh/id_rsa.pub you now have a public key, which you need to copy onto the following file on the remote machine –
You then need to ensure permissions are set properly on all the files to the user you created. chmod -R username /home/username/.ssh
Do this on both machines.
You can then – su username on the local machine and try a scp command and it should not prompt you for the password.
You can either then run a script via the crontab as that user, or if you like something like this should work –
su username -c “scp -B remotehost:/etc/somefile /tmp”
Scenario: scp using ssh keys to a machine on my network, but received the error –
protocol error: mtime.sec not present
On creating the user on the remote machine I used nologin, instead of a shell. Simply changing the user via vipw to a shell fixed the issue.
Editing iptables on a Centos machine?
Firstly you can check your rules like so –
iptables-save > 08-05-2015.rules
(add your rules)
iptables-restore < 08-05-2015.rules
services iptables save
iptables -L – You should now see your new rules.
I had to move a mysql datadir to a new partition as it was stored in /var/lib/mysql but df -h showed the main partition being /data and the / partition was now full up. This was a Centos machine.
I stopped mysql –
I copied the mysql databases over to the new directory I created –
mkdir /data/mysql && cp -R /var/lib/mysql/* /data/mysql/
Changed the owndership –
chown -R mysql:mysql /data/mysql
I ensured the permissions were set properly and matched on both old and new directories by checking them with ls -l on the folder and inside them. They are usually 700 I believe on mysql.
I then edited the startup script –
I changed the datadir line to the new directory.
I then changed the /etc/my.cnf file to use the new directory (it was hard set here too, so you should check that).
I tried starting mysql and checking it was using the new datadir –
ps ax | grep sql
I then stopped mysql and removed the old databases in /var/lib/mysql (to free up the space)
I started mysql again – /etc/init.d/mysql but when looking at the logs I saw it was crashed, so I ran mysqlcheck -A (but with -u myuser -p -A). Once this finished I restarted mysqld and it started without any errors in the logs.
I also needed to change the socket file directory, which I defined in the my.cnf file accordingly –
I installed a certificate for apache to enable SSL on a website. To create the CSR for the authority it asks for a passphrase.
When you install the certificate and restart the httpd service it asks for the passphrase, so it needs to be removed from the private key.
To do this use the following command:
openssl rsa -in securesite.domain.net.uk.key -out securesite.domain.net.uk.nopass.key
It should ask for the pass phrase again but it will save it as the nopass version.
Make sure you change your ssl.conf file to use the new file: