Setup password-less SSH and SCP with public/private keys

Want to scp a file to another server without having to enter the password?  Want to just make your security even stronger?  Public/private keys to the rescue!  Of course, if you don’t know what I’m talking about or why you would want to do this, feel free to google it or just go visit another site.

For those still with me, you need access to both the local and remote servers (duh).  I’m going to refer to the server/host you are logged into as the local machine, and the one you want to connect to as the remote machine.

First, on the local machine you need to generate your public and private keys.  To do so, enter this command…

ssh-keygen -t rsa

Be sure to just hit enter to the questions you’re prompted with (otherwise you will have to enter a password when connecting with the keys – which goes against the whole point of this post).  This will create a couple of files in your .ssh directory (something like id_rsa and id_rsa.pub – your private and public keys respectively). Your public key (the file you want to distribute) ends in “.pub”. Assuming you have that file, send it over to the remote machine (perhaps with scp, yes?)…

scp ./id_rsa.pub user@server.com:/home/user/.ssh/id_rsa.pub

Of course password authentication isn’t enabled yet so you’ll have to enter the password. Next up, you need to login to the remote machine and visit your .ssh directory, and cat the .pub file into your “authorized_keys” file (don’t worry, the command below will create the file if it doesn’t exist. I leave it to you to know how to create the .ssh directory if needed)…

cat id_rsa.pub >> authorized_keys

It’s then a good idea to secure your file and delete the temporary public key on the remote machine…

chmod 600 authorized_keys
rm id_rsa.pub

Once you’ve done all this, you should now be able to connect without a password! Just use your private key…

ssh -i ./id_rsa user@server.com

Have fun!

Like this? Consider joining my mailing list, or at least using my affiliate link when buying from Amazon 🙂

You or someone you know looking to buy or sell?
Disclaimer: Thoughts and opinions are my own, and do not reflect the views of any employer, family member, friend, or anyone else. Some links may be affiliate links, but I don't link to anything I don't use myself. You would think this should be self evident these days, but apparently not...

SSH, SFTP, and SCP on non-standard ports

One common suggestion for securing a secure shell connection on Linux is to change the port that ssh runs on.  But how exactly do you connect to a server on one of these non-standard ports?

Naturally, the syntax is different for each so here goes:

ssh

ssh -p 33432 user@server.com

Yes, ssh uses a lower case p command line argument. Just wait until we get to scp.

sftp

sftp -o "Port 33432" user@server.com

Of course sftp uses a plain English option parameter of “Port XXXX”

scp

scp -P 33432 /home/user/file.txt user@server.com:/home/user

And naturally scp uses a capital P

Gotta love consistency!

Like this? Consider joining my mailing list, or at least using my affiliate link when buying from Amazon 🙂

You or someone you know looking to buy or sell?
Disclaimer: Thoughts and opinions are my own, and do not reflect the views of any employer, family member, friend, or anyone else. Some links may be affiliate links, but I don't link to anything I don't use myself. You would think this should be self evident these days, but apparently not...

Mount a Windows Share in Linux

So you want to access a Windows UNC share in Linux?  No problem if you know the magic commands and have root access.  This can be a great alternative to running cygwin if you are able to access a linux box (directly or via a virtual machine).

First, start by creating your mount point…

sudo mkdir /mnt/share1

Then, actually mount your UNC share to the mount point…

sudo mount -t cifs "//server/share1" /mnt/share -o username=my,password=secret

This would make \\server\share1 available to you on the Linux box as /mnt/share. Note the use of the options parameter (-o) to specify username and password.

Like this? Consider joining my mailing list, or at least using my affiliate link when buying from Amazon 🙂

You or someone you know looking to buy or sell?
Disclaimer: Thoughts and opinions are my own, and do not reflect the views of any employer, family member, friend, or anyone else. Some links may be affiliate links, but I don't link to anything I don't use myself. You would think this should be self evident these days, but apparently not...

Find DB2 Nicknames

Want to see the nickname setup for a DB2 database?  Here’s a handy query…

SELECT 
        NICK.TABSCHEMA,
        NICK.TABNAME,
        NICK.SERVERNAME,
        NICK.OWNER,
        NICK.REMOTE_SCHEMA,
        NICK.REMOTE_TABLE,
        SRV.SERVERTYPE
FROM    SYSCAT.NICKNAMES NICK
        INNER JOIN SYSCAT.SERVERS SRV
            ON (NICK.SERVERNAME = SRV.SERVERNAME);
Like this? Consider joining my mailing list, or at least using my affiliate link when buying from Amazon 🙂

You or someone you know looking to buy or sell?
Disclaimer: Thoughts and opinions are my own, and do not reflect the views of any employer, family member, friend, or anyone else. Some links may be affiliate links, but I don't link to anything I don't use myself. You would think this should be self evident these days, but apparently not...

Start ColdFusion8 on Ubuntu Server Start

Ok, so this is not the most bleeding edge post, but hopefully useful if you need it.  Here’s what you need to do if you need to get ColdFusion8 to start on server reboot (since it doesn’t appear to install itself as a service) using Ubuntu server.

First, create a service script and make sure it’s executable like so…

sudo touch /etc/init.d/coldfusion
sudo chmod 755 /etc/init.d/coldfusion

Next, you need to actually put something in the script…

sudo nano /etc/init.d/coldfusion

Here’s what to put in the file…

#! /bin/sh

### BEGIN INIT INFO
# Short-Description: ColdFusion8 service
### END INIT INFO

file=/opt/coldfusion8/bin/coldfusion

case "$1" in
stop)
$file stop
;;
status)
$file status
;;
restart)
$file restart
;;
*)
$file start
;;
esac

exit 0

Finally, you need to tell Ubuntu to use your service and make it available

sudo update-rc.d coldfusion defaults
Like this? Consider joining my mailing list, or at least using my affiliate link when buying from Amazon 🙂

You or someone you know looking to buy or sell?
Disclaimer: Thoughts and opinions are my own, and do not reflect the views of any employer, family member, friend, or anyone else. Some links may be affiliate links, but I don't link to anything I don't use myself. You would think this should be self evident these days, but apparently not...

New Essential WordPress Plugins Page

Curious what WordPress plugins you should bother to install?  I’ve created a resource page with the ones I find most useful.

Visit the Essential WordPress Plugins page now.

If there are any I missed that you find useful, please add them to the comments.

Like this? Consider joining my mailing list, or at least using my affiliate link when buying from Amazon 🙂

You or someone you know looking to buy or sell?
Disclaimer: Thoughts and opinions are my own, and do not reflect the views of any employer, family member, friend, or anyone else. Some links may be affiliate links, but I don't link to anything I don't use myself. You would think this should be self evident these days, but apparently not...

Seven commands developers can run to resolve issues in DB2 AIX development

Now here’s a super geeky one for you, but also super helpful when doing DB2 dev on AIX. Thanks to one of our App DBAs for providing this!

Please note that you will need DBADM rights to do some of these things so your mileage may vary.

First you need to determine what command(s) to run…

  • REORG(#1), RUNSTAT(#5), REBIND (#6) as a first step when performance is suffering
  • REORG(#1) when you recieve a SQL0668N reason code 7 or any other SQL message indicating a REORG is required
  • REORG(#1) after table alters or deleting lots of rows when you want to reclaim space.
  • REORG(#2) when you recieve a ADM6044E or a SQL2216N SQL error “-289” on a REORG (#1)
  • CLEAR LOAD PENDING (#3) when you recieve a SQL0668N reason code 3
  • RUNSTAT(#5) after REORGs(#1 or #2), data volume changes(+10%), and/or adding indexes
  • EMPTY A TABLE WITH A LOAD REPLACE(#4) when you want to empty a medium or larger sized table
  • REBIND(#6) after every RUNSTAT(#5) if you are using stored procedures
  • SET INTEGRITY(#7) to fix SQL0668N reason code 1

Then change the command syntax to match the required objects. All parameters starting with a dollar sign($) e.g. $TABSCHEMA, $TABNAME, $ROUTINESCHEMA, $ROUTINENAME, and/or $STEMP_TBSPACE must be replaced with valid table schema/name, stored procedure schema/name, system temporary tablespace.

Note: RAPID SQL 7.7.5 Issue: Add cast syntax (CAST(‘command-syntax’ AS CLOB)) if your version of Rapid SQL returns an error
Example: CALL SYSPROC.ADMIN_CMD (CAST(‘REORG TABLE $TABSCHEMA.$TABNAME ALLOW READ ACCESS’ AS CLOB));

Finally, run the commands via any interface that can call stored procedures including RAPID SQL

Other resources for troubleshoot messages or research other options for the commands supplied below by searching these

1. REORG A TABLE

CALL SYSPROC.ADMIN_CMD ('REORG TABLE $TABSCHEMA.$TABNAME ALLOW READ ACCESS');

2. REORG A LARGE TABLE

CALL SYSPROC.ADMIN_CMD('REORG TABLE $TABSCHEMA.$TABNAME ALLOW READ ACCESS USE $STEMP_TBSPACE');

Note: To find $STEMP_TBSPACE:

SELECT TBSPACE AS $STEMP_TBSPACE, PAGESIZE FROM SYSCAT.TABLESPACES WHERE DATATYPE = 'T' WITH UR;

3. CLEAR A LOAD PENDING **This leaves the table empty**

CALL SYSPROC.ADMIN_CMD('LOAD FROM /dev/null OF DEL TERMINATE INTO $TABSCHEMA.$TABNAME NONRECOVERABLE');

4. EMPTY A TABLE WITH LOAD REPLACE

CALL SYSPROC.ADMIN_CMD ('LOAD FROM /dev/null OF DEL REPLACE INTO $TABSCHEMA.$TABNAME NONRECOVERABLE');

5. RUNSTAT A TABLE

CALL SYSPROC.ADMIN_CMD('RUNSTATS ON TABLE $TABSCHEMA.$TABNAME ON ALL COLUMNS AND SAMPLED DETAILED INDEX ALL ALLOW WRITE ACCESS');

6. REBIND A STORED PROCEDURE

CALL SYSPROC.REBIND_ROUTINE_PACKAGE('P','$ROUTINESCHEMA.$ROUTINENAME','ANY');

7. SET INTEGRITY

SET INTEGRITY FOR $TABSCHEMA.$TABNAME IMMEDIATE CHECKED;
Like this? Consider joining my mailing list, or at least using my affiliate link when buying from Amazon 🙂

You or someone you know looking to buy or sell?
Disclaimer: Thoughts and opinions are my own, and do not reflect the views of any employer, family member, friend, or anyone else. Some links may be affiliate links, but I don't link to anything I don't use myself. You would think this should be self evident these days, but apparently not...

Execute a SQL file via the MySQL command line in one line

Have a large script (like a DB dump) you want to execute from the command line in one line so you can just drop it in a batch/shell script and run with it?  Assuming MySql is on your system path, here’s the command…

mysql -u user -ppass < C:\temp\myscript.sql

Where "user" is the username, and "pass" is the password (note, there's no space or other delimiter between the "-p" and the password)

Like this? Consider joining my mailing list, or at least using my affiliate link when buying from Amazon 🙂

You or someone you know looking to buy or sell?
Disclaimer: Thoughts and opinions are my own, and do not reflect the views of any employer, family member, friend, or anyone else. Some links may be affiliate links, but I don't link to anything I don't use myself. You would think this should be self evident these days, but apparently not...

Add a SSL Cert to Your Java Keystore

If you’ve ever had to add a SSL certificate to a java keystore, you know that the command is a little convoluted.  Here for your and my reference is the command…

 "D:\Program Files\Java\jre1.5.0_22\bin\keytool" -import -trustcacerts -alias MyCA2 -file C:\MyCA2.crt -keystore "D:\Program Files\Java\jre1.5.0_22\lib\security\cacerts" 

When promoted for the password, the default is “changeit”, and make sure to choose/type “yes” when asked if you want to trust the cert.

Like this? Consider joining my mailing list, or at least using my affiliate link when buying from Amazon 🙂

You or someone you know looking to buy or sell?
Disclaimer: Thoughts and opinions are my own, and do not reflect the views of any employer, family member, friend, or anyone else. Some links may be affiliate links, but I don't link to anything I don't use myself. You would think this should be self evident these days, but apparently not...

How I manage my social media intake

Every now and then, people ask how I knew something or how I can keep up on the things I do.  Rather than go over it a bunch of times I’d like to try and share it once.

First and foremost, the most important thing is managing the “noise” you do listen to.  Specifically, I do not watch or read the “news” unless an event somewhere else triggers the need/desire to check things out.  Second, in social media you need to learn how the tools work, and by that I mean using things like lists, or hiding individual noise makers (for example, if less than 1 in 3 of your posts has anything useful and you’re not immediate family there’s a good chance you’re getting blocked).

So on to the specifics…  The way I make this work is with a few tools:

  • Feedly – For subscribing to RSS feeds
  • Social Media – Take your choice.  Mine are LinkedIn, Facebook, Twitter, Google+
  • Flipboard – For viewing social media and RSS feeds
  • Pocket – For reading the things that may actually be useful
  • Evernote – For storing the things that actually were useful

Step 1 – Setup your Inputs

In this step, you would subscribe to the feeds you’re interested in via Google Reader, setup social media profiles on the network(s) of your choice, connect with the people you want to on those networks, and create your VIP lists.

On Twitter I have a private “VIP” list I maintain of people I most respect and that post useful content.  This list has less than 20 members.

On Facebook, because of their ridiculous “news feed”, I don’t pay attention to most posts and a lot of people wind up getting hidden.  I also have a VIP list for immediate family.

No matter what network I strongly recommend setting up a “VIP” list (actually call it that) so you can easily get at the people and content you’re most interested in without all the other noise.

Step 2 – Setup Flipboard

This is my platform of choice for being able to quickly scan inputs at a glance and decide which things may be worth my time.  For example, you can have a board for your Google Reader feed, social media feeds, or even specific lists on Twitter, Facebook, or Google+.

You’ll also want to setup the “read it later” service of your choice, which for me is Pocket.  Once you’ve done this, as you’re flipping through the posts on any “board” you can simply long press and choose “Read Later” to have the article saved without all the ads and garbage for easy reading later.

This is where the “triage” is done multiple times a day. When I have a spare minute I’ll flip through a given board or boards marking articles of interest to read later.

Step 3 – Read

After things have been saved to Pocket, when I have more than a quick minute I’ll read the articles I’m interested in.  Pocket is great because it has apps for iPhone and Android as well as a web app for reading on a larger screen.

Step 4 – Archive

If I find something I really like, Pocket makes it very easy to save the article to Evernote for future reference (except for on the web platform).  Once in Evernote I can get at any article from anywhere since they have an app for just about every platform under the sun.  Personally, I have an “Article Ref” notebook that everything gets shoved into.

So there you have it.  My personal method for managing my social media intake.  Hope you find it useful and learned something you hadn’t known before.

Like this? Consider joining my mailing list, or at least using my affiliate link when buying from Amazon 🙂

You or someone you know looking to buy or sell?
Disclaimer: Thoughts and opinions are my own, and do not reflect the views of any employer, family member, friend, or anyone else. Some links may be affiliate links, but I don't link to anything I don't use myself. You would think this should be self evident these days, but apparently not...
%d bloggers like this: