public/private key SSH on ubuntu

Here are a few notes I made when changing SSH acces for an ubuntu server over to using public/private key authentication. These instructions are for commands run on the server to generate keys which are then used to access that same server from elsewhere.

On the whole the process was exactly as straightforward as you’d think, which was nice. The users followed these steps:

1. Generate keys

The user access the server using SSH (still set up with passwords at this point) and runs the following command to generate keys:


ssh-keygen

We accepted the defaults for both the filename (id_rsa) and left the passphrase empty. Empty passphrases aren’t recommended but there will be automated processes using these keys.

2. Set up to accept

For an SSH server to authorise a user, it must havethe contents of that user’s public key in a file called authorized_keys. The user then comes along with their private key and can then gain access. We put the contents of the public key into the authorized_keys file (which doesn’t currently exist for these users).


cat id_rsa.pub > authorized_keys

3. Log in with public key

The users copied their private keys to their local machines and set up their various ssh clients to use these to gain access. For ssh-ing in from another server (and setting up with some of the clients), its the ssh command as usual but with the -i switch to denote the use of a specified identity file, e.g.:


ssh -i id_rsa user@host

4. Force this to be the only means of access

I had some trouble figuring out which line I needed to change in the openssh config file (at /etc/ssh/sshd_config for me running ubuntu edgy) but in the event, this did the trick:


PasswordAuthentication no

That’s it for today, hope this helps someone … including me next time I want to do something similar :)

Baby Booties

The first installment of knitting for a new arrival due into the extended family this summer. They are actually green but I didn’t fiddle with the camera before I took the photo!

The pattern is from a supplement that came with Simply Knitting magazine a while ago – but as they are 4-ply they did take a while although they are tiny. Next up, are these

Process Email Queue by Waving Mouse

Today I had a problem with a development server. A little, low-traffic thing that I was testing some PHP-sends-email pages on. The emails wouldn’t send although I could see them sat in the queue.

The story gets better but there’s a techie bit between here and the punchline – sorry

Exim commands

mailq – show the emails currently in the queue

sendmail -v -q – send the emails in the queue and give plenty of output with it.

The symptoms

Sending email just caused the screen to hang, I’d get something like this:


LOG: queue_run MAIN
  Start queue run: pid=12282
delivering 1HeAZY-0002YQ-J0 (queue run pid 12282)
R: dnslookup for ****************
T: remote_smtp for **********************
Connecting to **************** [000.000.000.000]:25 … connected
  SMTP<< 220 ********************** ESMTP
  SMTP>> EHLO ****
  SMTP<< 250-***********************

        250-AUTH=LOGIN CRAM-MD5
        250-AUTH LOGIN CRAM-MD5
        250-STARTTLS
        250-PIPELINING
        250 8BITMIME
  SMTP>> STARTTLS
  SMTP<< 220 ready for tls

Randomness!!

The problem was that we didn’t have enough entropy1 to generate the security for the connection … and getting one of my colleagues to rummage in the rack for the server and wave its mouse continuously solved the problem. It was quite a scene :)

1 For diagnosing randomness, I used: cat /proc/sys/kernel/random/entropy_avail

Tabs in Vim

Tabs seem to be out of fashion in the programming world, there are perfectly valid arguments on both sides or the tabs vs. spaces flame war, illustrated with examples from every programming language and text editor combination ever made. You can read any or all of these if you are interested, but that isn’t the issue here.

I use tabs – all the time. My tab stopping is set to 4 spaces but my intention is to use actual tab characters. Its actually surprisingly hard to do this with vim. I’ve added the following lines to my .vimrc which allow me to see whether I have tabs or spaces at the start of the line.


set list listchars=tab:\|_,trail:.
highlight SpecialKey ctermfg=DarkGray

I fiddled with some other settings too, to try to stop everything ending up as spaces (I’m driving my colleagues mad) but to no avail. With these lines:


set shiftwidth=4
set softtabstop=4
set tabstop=4
set noexpandtab
set autoindent
set smartindent

I think those are all the relevant lines … it kind of works but I still need to type the set noexpandtab when I’m editing a file to stop auto-indented new lines from getting space instead.

Its all very exasperating so if anyone has suggestions other than “use spaces” I’d be interested to hear them!

SQLPlus for MySQL

Until recently I spent a lot of time working with Oracle from the command line (via ksh on AIX, in case you’re interested). A change of job means a change of platform and I find myself working with MySQL on a daily basis. I like MySQL – like most PHP programmers this is where I started learning about databases and I’ll always have a soft spot for it.

In Oracle most developers use SQLPlus to work with the database – its the standard command-line tool and the only thing you can guarantee being available in a new environment. It has a wonderful feature where you can type a query and then type ‘ed’ and pull up an editor window with the query still in it … so useful for debugging big statements.

I’ve been struggling to get to grips with MySQL – it has more tools and phpMyAdmin is readily available. However I don’t really use a mouse if I can help it so its not as fast or convenient as the SQLPlus + ‘ed’ combination. So here’s my discovery for this week:

Type \e

Most mysql command-line tools will launch your previous query, with line breaks, if you type \e at the prompt. Fantastically useful and I’m happy and settled once more :)

Easter Chick

Happy Easter! I’m away for a long weekend but this post was pre-recorded. I handmade my mum’s easter gift and wrote about it, but can’t publish until she’ll have got it!

Its a duckling from this pattern – knitted with fluffy wool on four needles. I used Snowflake DK and 5mm needles but I suspect it would have been better with 4mm ones as stated in the pattern however I only have one set of double-pointed needles.

Here he is anyway:

His beak and feet are made from orange pipe-cleaners. The beak was bent into shape and then the excess clipped off. The feet were shaped and then just pushed into the chicken through his woolly exterior and into the toy stuffing inside.

Happy Easter, mum :)

Kbuntu Add Programs

I’m just getting started with running a linux machine as my main computer at work (yay!), setting everything up today. My tip for installing linux the first time is to get the repositories of software added so you can install more things though “adept” (the program that runs when you choose the “Add/Remove Programs” option from the start menu). To add the repositories just edit this file:

  /etc/apt/sources.list

Then uncomment the lines as directed in the file. You will also need to get the list of available packages by running

  sudo aptitude update

Next time you go to “Add/Remove Programs” you’ll have a much bigger list to chose from, especially if you allow unsupported and proprietary software by ticking the boxes at the top right hand side.

9 Steps to PHP Documentation Heaven

  1. Download PHPDocumentor and uncompress it into a directory inside your web root.
  2. Access the web interface by going to phpdoc.php in the newly extracted directory
  3. Enter the directory you would like to document
  4. Enter the directory the output should appear in (this needs to exist and be writable by the user your web server runs as)
  5. Choose a template! My favourite is the HandS one, but there are others and you can create your own later on
  6. Press the create button
  7. If your code wasn’t already documented correctly then there might not be a lot to see at this point. Go to the PHPDocumentor tutorial to find out how your commented code can become shiny documentation you can use to blind your manager with science to empower knowledge-sharing within your team
  8. Regenerate the documentation
  9. Get the rest of your team to comment their code correctly

Now repeat steps 8 and 9 many times until you have beautiful documentation.

Form Name ID and Label Tags

Just a quick one, but something that confuses me often.

<input name="input_name" id="input_identifier ....

name is what the POST request will see the field called
id is what the label tag will use to figure out which field it belongs to.