Category Archives: vi

ssh-keygen

Scenario; set up ssh keys to machine so that you do not require a password for use with something like scp.

First you need a slave user. If you ‘adduser’ on both machines and pick a user name. Make sure they have a shell account but do not require authentication using a password.

On the remote machine you need to run ssh-keygen when you have logged in as that user. You can do something like – su username. Once you run that you will see in /home/username/.ssh/id_rsa.pub you now have a public key, which you need to copy onto the following file on the remote machine –

/home/username/.ssh/authorized_keys

You then need to ensure permissions are set properly on all the files to the user you created. chmod -R username /home/username/.ssh

Do this on both machines.

You can then – su username on the local machine and try a scp command and it should not prompt you for the password.

 

You can either then run a script via the crontab as that user, or if you like something like this should work –

su username -c “scp -B remotehost:/etc/somefile /tmp”

Free website SSL for my NAS

I own a couple of NAS boxes and I’m using 1 of them right now. My StartCom certificate was nearly about to expire, so I had to generate another CSR for the new certificate. In fact on Apache you can just use the same one I believe, but I wanted to ensure I used the newer 2048 encryption type. In order to do this on a ReadyNAS, you need to generate the CSR and I like to keep things neat, so firstly let’s create a directory for the year –

mkdir /etc/ssl/2016 && cd /etc/ssl/2016

We should the export the private key and generate the certificate signing request –

openssl genrsa -des3 -out mynas.mydomain.com.key 2048

openssl req -new -key mynas.mydomain.com.key -out mynas.mydomain.com.csr

You then use the CSR to create your free certificate, or any authority you like. I used the free one with StartCom and I got mine for a 3 year expiry, which is handy!

Once we get the pem file back, we need to remove the password you set on the private key –

openssl rsa -in mynas.mydomain.com.key -out NOPASS.mynas.mydomain.key

You can then upload it to the nas or copy and paste the certificate and then add it into the same directory to file mynas.mydomain.com.pem. You need to edit a few settings in the /etc/ssl/openssl.cnf file. I changed –

dir = /etc/ssl

certificate = $dir/2016/mynas.mydomain.pem    # The CA certificate

private = = $dir/2016/NOPASS.mynas.mydomain.key # The private key

I’m not sure of a good way to link the apache config to use this new certificate, so what I did was just edit file – /etc/frontview/apache/apache.pem (copy it to /etc/frontview/apache/apache.pem.old first) and then delete the contents and paste in the private key and also the certificate pem file. You could do this –

cp /etc/frontview/apache/apache.pem /etc/frontview/apache/apache.pem.old && cat /etc/ssl/2016/NOPASS.mynas.mydomain.key > /etc/frontview/apache/apache.pem && cat /etc/ssl/2016/mynas.mydomain.pem >> /etc/frontview/apache/apache.pem

You need to also ensure the files are owned by root:root and security is set properly –

chown root:root /etc/ssl/2016/*

chmod 600 /etc/ssl/2016/*

Once that’s all done, just kill apache and start it again.

killall apache-ssl
/usr/sbin/apache-ssl -f /etc/frontview/apache/httpd.conf

 

Vi – Useful tricks

I use vi a lot on nix machines and there’s a lot of useful tricks you can do to edit files.

 

A good trick to get rid of those annoying ^M characters from a dos file is –

 

:%s/(ctrl-v)(ctrl-m)//g

 

So you want to type :%s/  and then ctrl & v and without spaces ctrl & m//g

 

What you are doing here is just a regular expression, changing ^m for // (nothing – basically removing them from the entire file (g).