Open up multiple ssh sessions while entering password only once (ssh multiplexing)

In this quick tutorial I describe how to open up multiple ssh connections to the same host while entering the password for only the first session.

To do this, create a file named config in the .ssh sub-directory under the home directory of the user & populate it with the following contents:

Here's the breakdown of the text in the file:

Host * (let this be valid for all hosts to which connections are initiated. You can specify a single host or domain or a network).

ControlMaster auto (set the control master to auto)

ControlPath ~/.ssh/master-%r@%h:%p (This specifies the path to the control socket used for connection sharing. %r denotes the remote login name, %h denotes the destination hostname & %p denotes the port number used which is port 22 by default).

To test it out, open up a ssh connection to a host. You'll be prompted for a password. Now open up another connection to the same host. This time there won't be any password prompt:

The answer to how a passwordless authentication works after the first login lies in the socket file in ~/.ssh directory.

When we did the first login a socket file got created which stored the credentials of the user. So for subsequent logins to the same host the credentials get picked from the socket file.

do note that the passwordless authentication lasts only until the first session or the master session is open.

To check if the master connection is open type:

This type of multiplexed connection set up can be very useful in situations when we need to access a system over & over but we don't have passwordless authentication set up.

Use SSH/SCP to access a remote server through an intermediate server using tunneling & port forwarding

I know the title of the post is long but I wanted the title to be accurate.
So, I have a situation wherein there are 3 servers serverA, serverB & serverC.
ServerA & ServerC can both connect to serverB but not to each other.
But if we required to access serverC from serverA or copy a file from serverC to serverA.

We can accomplish this using ssh tunneling & port forwarding.

To get the setup in place the following 2 directives must be set to yes in /etc/ssh/sshd_config file:

• AllowTcpForwarding (Specifies whether TCP forwarding is permitted.  The available options are “yes” or “all” to allow TCP forwarding, “no” to prevent all TCP forwarding, “local” to allow local forwarding only or “remote” to allow remote forwarding only. )

• GatewayPorts (Specifies whether remote hosts are allowed to connect to ports forwarded for the client.  By default, sshd binds remote port forwardings to the loopback address.  This prevents other remote hosts from connecting to forwarded ports.  GatewayPorts can be used to specify that sshd should allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to connect. The argument may be “no” to force remote port forwardingsto be available to the local host only, “yes” to force remote port forwardings to bind to the wildcard address, or“clientspecified” to allow the client to select the address to which the forwarding is bound.  The default is “no”.)

On the source server i.e. serverA in our case run the following command:

ssh -L <local port>:serverC:22 serverB

The above command will establish a tunnel from serverA to serverC through serverB.

So, now if you want to connect to serverC from serverA type:

ssh localhost -p <local port>

If you want to copy a file from serverC to serverA type:

scp -P <local port> localhost:/path/to/file /path/to/save/file

Here is a cool demonstration on 3 centOS 7 machines:

From my source machine I create a tunnel to 192.168.44.131 via 192.168.44.132 using port forwarding at my local port 9191:

Now with the above command we are logged in to 192.168.44.132 & the tunnel has been established.

To check if port forwarding is working, look for the port 9191 in netstat output:

We can infer from the above output that the ssh service is listening on the local port 9191.

Now, to connect to 192.168.44.131 which is our serverC in this example:

That's it & we're logged in!

To test the scp transfer through the tunnel, lets copy a file:

SSH to a Linux machine from chrome browser

Yes, it's possible. We can in fact login to a linux server from a browser using ssh.

Open up a chrome browser & in the chrome web store search for secure shell.

Click on 'add to chrome' this will download the app.
Once the download completes it'll open up a new tab in the browser & you'll be to see the ssh app in the apps section.

Now just click on the secure shell icon & it will launch a window where you can enter your username & hostname of the system you'd like to log in to.

And that's it! Press enter you'll be prompted for the password & you are logged in !

Updating kernel package in Linux

In case of kernel upgrade in Linux, we do not need to mount the RHEL ISO on the server as we would not be performing patching of the entire package structure available on the server.

In kernel upgrade, we only install the following packages:

·         kernel-2.6.32-504.8.1.el6.x86_64.rpm

·         kernel-firmware-2.6.32-504.8.1.el6.x86_64.rpm

·         bfa-firmware-2.6.32-504.8.1.el6.x86_64.rpm

The main package is kernel-2.6.32-504.8.1.el6.x86_64.rpm & the remaining two are dependent packages.

To install the packages use the following command:

# yum localinstall kernel-2.6.32-504.8.1.el6.x86_64.rpm kernel-firmware-2.6.32-504.8.1.el6.x86_64.rpm bfa-firmware-2.6.32-504.8.1.el6.x86_64.rpm

After this reboot the server via ‘init 6’.

Linux interview questions

This is a post that is in its infancy & will undergo some updates from time to time.

But for now here are a few interview questions that I've been asked in recent years:

1.  How to configure check which package provides a particular file?
2. What are system calls & how do we check them?
3. How to register a client with RHN?
4. Explain steps to configure NIC bonding.
5. What are kernel modules? How to list them & load them?
6. How to update the OS without the use of RHN?
7. When is "yum localinstall" useful?
8. How to configure multipathing?
9. How to roll back an OS update like RHEL 6.7 to 6.5?
10. Can you rename network interface cards from the OS.
11. Explain about performance monitoring tools available in Linux.
12. How would you configure generation of a crash dump if a kernel panic occurs?
13. How can you run a command every 10 seconds without using cron or at?
14. Explain various RAID levels available in Linux.
15. How can you migrate data residing in a file system from one storage vendor to another while utilizing LVM?
16. What is the difference between INIT & systemd systems for OS initiallization?
17. What are the major differences between RHEL 6 & RHEL 7?

Using screen to run commands on multiple servers.

In a previous tutorial I talked about how screen can be used to share a terminal display remotely.
In this tutorial we'll be seeing how screen can be used to run commands across multiple servers.

First make sure screen is installed on the system. If not install it via yum.

Next create the first screen by running screen command.

You'll see the word "screen 0" above the terminal window.

Now create a second screen by typing the key sequence ctrl+a c.

You'll see the word "screen 1" above the terminal window.

Now, while in screen 1 ssh to another server.

I had already set up passwordless ssh so there was no password prompt.

So, we have two screens now. To move between the screens use the key combinations ctrl+a n & ctrl+a p to go the next & previous screens respectively.

If we have multiple screens open we can return to the original screen by typing the key sequence ctrl+a ".
This will give us a list of open screens. From the list select 0 which is our original screen.

From our original screen i.e. screen 0 we'll now launch a command which we want to be run on all screens.
To do this first type the key combination ctrl+a :.
This will give us a prompt. On the prompt type the following sequence:

at "#" stuff "uname -a^M"

Here's a breakdown of what we just did:

at means on the screen
# specifies that we want to run the command on all screens. If we want to run a command on a specific screen we can just type the screen number.
stuff means to stuff the screen buffer with the command or sequence of commands that follow.
^M is equivalent to the user pressing enter key after typing the command.

To close the screens type exit on the command prompt on the screen you want to close.
You can verify if any screens are open with screen -ls command.

Fixing RECORDROUTINGINFO: UNABLE TO COLLECT IPV4 ROUTING TABLE”.

Today I created a new Linux virtual machine & as soon as I logged in to the console to configure it I was bombarded with the error “RECORDROUTINGINFO: UNABLE TO COLLECT IPV4 ROUTING TABLE”.

The guestInfo plugin is for use with the VMware Tools daemon (vmtoolsd). This plugin collects guest configuration and state information (eg. storage capacity, networking state) and makes this information available via the vSphere SDK.
The /proc/net/route file contains the routing table with the addresses in hexadecimal notation.

So the kernel was unable to display the routing table & the netstat -rn command presented with a single route to destination 169.254.0.0 culminating in a APIPA situation.

The cause of this error is that the iputils package causes a delay in the boot process and a warning message appears when the guestinfo plug-in tool fails to parse the content from the /proc/net/route file.

I went through a couple to forums & some mentioned the issue to be fixed after a vmotion. I wanted to keep vmotion as a last option.
A few Vmware KB articles mentioned adding the line rtc.diffFromUTC=0 in the VM configuration & I did it.

This change can be done in two ways:

• First is that you manually edit the .vmx file of the VM which can be found in the VM folder in the data store housing the virtual machine.
• Second is that if you are using Vsphere web client in Vpshere 5.5 you can go to edit settings > VM options > Configuration Parameters > Edit Configuration & add the parameter rtc.diffFromUTC & set its value to zero.

The next thing I did was reinstalled VMware tools & reboot the VM a couple of times.

I then set the gateway in /etc/sysconfig/network file & IP address & netmask in /etc/sysconfig/network-scripts/ifcfg-eth0 & restarted the network service.

With that I was finally able to bring the VM in the network.