Here are a few notes I made when changing SSH acces for an ubuntu server over to using public/private key authentication. These instructions are for commands run on the server to generate keys which are then used to access that same server from elsewhere.

On the whole the process was exactly as straightforward as you’d think, which was nice. The users followed these steps:

1. Generate keys

The user access the server using SSH (still set up with passwords at this point) and runs the following command to generate keys:


ssh-keygen


We accepted the defaults for both the filename (id_rsa) and left the passphrase empty. Empty passphrases aren’t recommended but there will be automated processes using these keys.

2. Set up to accept

For an SSH server to authorise a user, it must havethe contents of that user’s public key in a file called authorized_keys. The user then comes along with their private key and can then gain access. We put the contents of the public key into the authorized_keys file (which doesn’t currently exist for these users).


cat id_rsa.pub > authorized_keys


3. Log in with public key

The users copied their private keys to their local machines and set up their various ssh clients to use these to gain access. For ssh-ing in from another server (and setting up with some of the clients), its the ssh command as usual but with the -i switch to denote the use of a specified identity file, e.g.:


ssh -i id_rsa user@host


4. Force this to be the only means of access

I had some trouble figuring out which line I needed to change in the openssh config file (at /etc/ssh/sshd_config for me running ubuntu edgy) but in the event, this did the trick:


PasswordAuthentication no


That’s it for today, hope this helps someone … including me next time I want to do something similar :)

Today I had a problem with a development server. A little, low-traffic thing that I was testing some PHP-sends-email pages on. The emails wouldn’t send although I could see them sat in the queue.

The story gets better but there’s a techie bit between here and the punchline – sorry

Exim commands

mailq – show the emails currently in the queue

sendmail -v -q – send the emails in the queue and give plenty of output with it.

The symptoms

Sending email just caused the screen to hang, I’d get something like this:


LOG: queue_run MAIN
  Start queue run: pid=12282
delivering 1HeAZY-0002YQ-J0 (queue run pid 12282)
R: dnslookup for ****************
T: remote_smtp for **********************
Connecting to **************** [000.000.000.000]:25 … connected
  SMTP<< 220 ********************** ESMTP
  SMTP>> EHLO ****
  SMTP<< 250-***********************

        250-AUTH=LOGIN CRAM-MD5
        250-AUTH LOGIN CRAM-MD5
        250-STARTTLS
        250-PIPELINING
        250 8BITMIME
  SMTP>> STARTTLS
  SMTP<< 220 ready for tls


Randomness!!

The problem was that we didn’t have enough entropy¹ to generate the security for the connection … and getting one of my colleagues to rummage in the rack for the server and wave its mouse continuously solved the problem. It was quite a scene :)

¹ For diagnosing randomness, I used: cat /proc/sys/kernel/random/entropy_avail

Tabs seem to be out of fashion in the programming world, there are perfectly valid arguments on both sides or the tabs vs. spaces flame war, illustrated with examples from every programming language and text editor combination ever made. You can read any or all of these if you are interested, but that isn’t the issue here.

I use tabs – all the time. My tab stopping is set to 4 spaces but my intention is to use actual tab characters. Its actually surprisingly hard to do this with vim. I’ve added the following lines to my .vimrc which allow me to see whether I have tabs or spaces at the start of the line.


set list listchars=tab:\|_,trail:.
highlight SpecialKey ctermfg=DarkGray


I fiddled with some other settings too, to try to stop everything ending up as spaces (I’m driving my colleagues mad) but to no avail. With these lines:


set shiftwidth=4
set softtabstop=4
set tabstop=4
set noexpandtab
set autoindent
set smartindent


I think those are all the relevant lines … it kind of works but I still need to type the set noexpandtab when I’m editing a file to stop auto-indented new lines from getting space instead.

Its all very exasperating so if anyone has suggestions other than “use spaces” I’d be interested to hear them!

Until recently I spent a lot of time working with Oracle from the command line (via ksh on AIX, in case you’re interested). A change of job means a change of platform and I find myself working with MySQL on a daily basis. I like MySQL – like most PHP programmers this is where I started learning about databases and I’ll always have a soft spot for it.

In Oracle most developers use SQLPlus to work with the database – its the standard command-line tool and the only thing you can guarantee being available in a new environment. It has a wonderful feature where you can type a query and then type ‘ed’ and pull up an editor window with the query still in it … so useful for debugging big statements.

I’ve been struggling to get to grips with MySQL – it has more tools and phpMyAdmin is readily available. However I don’t really use a mouse if I can help it so its not as fast or convenient as the SQLPlus + ‘ed’ combination. So here’s my discovery for this week:

Type \e

Most mysql command-line tools will launch your previous query, with line breaks, if you type \e at the prompt. Fantastically useful and I’m happy and settled once more :)

I’m just getting started with running a linux machine as my main computer at work (yay!), setting everything up today. My tip for installing linux the first time is to get the repositories of software added so you can install more things though “adept” (the program that runs when you choose the “Add/Remove Programs” option from the start menu). To add the repositories just edit this file:

  /etc/apt/sources.list

Then uncomment the lines as directed in the file. You will also need to get the list of available packages by running

  sudo aptitude update

Next time you go to “Add/Remove Programs” you’ll have a much bigger list to chose from, especially if you allow unsupported and proprietary software by ticking the boxes at the top right hand side.

Just a quick one, but something that confuses me often.

<input name="input_name" id="input_identifier ....

name is what the POST request will see the field called
id is what the label tag will use to figure out which field it belongs to.