Sunday, June 28, 2015

How to listen on 2 or more ports for SSH daemon

SSH daemon (open SSH) can easily be configured to listen on 2 or more / multiple ports simultaneously.

To do so all you have to do is add another Port #### line in the configuration file.

For example:

Usually you will have something like this in your sshd_config file:

Port 22

Lets say you want to "also" listen on port 8822, so you should add:

Port 8822

the end result, you will have two lines of Port #### which will look like this:

Port 22
Port 8822

I have added as many as 3 ports, I am not sure what is the limit of how many ports you can listen to for SSH simultaneously.

Then you simply need to restart the SSH daemon by executing:

service ssh restart

or 

/etc/init.d/ssh restart


How to check to make sure it is working?

The easiest is just to try out if the new port is working. :-)

but you can also execute this statement in command line:

netstat -nap | grep ssh

You should see something like this:

tcp        0      0 0.0.0.0:58251           0.0.0.0:*               LISTEN      7977/sshd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      7977/sshd
tcp6       0      0 :::58251                :::*                    LISTEN      7977/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      7977/sshd

The above output shows that server is listening for SSH on port 22 and 58251.


Posted by at No comments:

Thursday, February 12, 2015

How to replace broken hard drive from Linux software mirror software raid (RAID0)

Check current status:

 cat /proc/mdstat

You should see something like this:

976758841 blocks super 1.2 [2/1] [U_]

The underscore ( _ ) means you have a bad hard drive.
Inside the square bracket there are 2 characters which means the raid have 2 members.
And in the example above the 2nd member is not up.


Identify which drive is bad:
In this example, we will assume that your server uses SATA drive and the RAID array members are /dev/sdb and dev/sdc. Since this instruction is about mirrored software raid, both hard drives must be the same size or at least one of them is larger.

Since the current status is [U_] this means that /dev/sdc is bad.


Replace the bad drive:
If your server / computer does not support hot-swap, you have to shutdown the computer and replace the bad hard drive with a good hard drive.


Use fdisk to make sure the good drive has been detected:

fdisk -l

Make sure /dev/sdc has been detected.


Copy partition table from good drive (/dev/sdb) to replaced drive (/dev/sdc):

dd if=/dev/zero of=/dev/sdc bs=512 count=1
sfdisk -d /dev/sdb | sfdisk --force /dev/sdc


Add the replaced drive to RAID array:

mdadm --manage /dev/md0 --add /dev/sdc1


Check the status of the recovery progress:

cat /proc/mdstat


You should see something like this:

md0 : active raid1 sdc1[3] sdb1[2]
      976758841 blocks super 1.2 [2/1] [U_]
      [==============>......]  recovery = 70.0% (683798720/976758841) finish=67.0min speed=72872K/sec


My rebuild has been running for about 1 hour, so your progress should be less.

Obviously the larger your hard drive capacity the slower this recovery progress will be, however you can keep executing 'cat /proc/mdstat' to keep checking.
Posted by at No comments:

Sunday, February 8, 2015

Install ElasticSearch with Java JDK on Debian Wheezy

How to install ElasticSearch with Java JDK on Debian Wheezy server



aptitude update
aptitude full-upgrade
aptitude update

apt-get -y install openjdk-7-jre-headless

wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.90.0.deb
dpkg -i elasticsearch-0.90.0.deb
rm elasticsearch-0.90.0.deb


Note: Please visit Elasticsearch.org, go to Download, and check which version is the latest. Then you can change the version 0.90.0 from my instruction above to the latest / any version you want.
Posted by at No comments:

Install gdisk on debian squeeze

How to install gdisk on Debian Squeeze


nano /etc/apt/sources.list

# squeeze backports
deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free

apt-get update

apt-get -y install gdisk
Posted by at No comments:

Sending email via MailGun SMTP from Debian / Ubuntu Server

The following guide is a quick easy how-to use Postfix SMTP server to send outgoing mails from your Debian / Ubuntu server via Mailgun (Rackspace)
INSTALL POSTFIX AND LIBSASL

apt-get update
apt-get install postfix libsasl2-modules


DISABLE EXIM4 FROM BOOT

insserv -r exim4   (remove exim4 for boot)


CONFIGURE POSTFIX

nano /etc/postfix/main.cf

remark the 'relayhost = '

add the following:

smtp_sasl_auth_enable = yes
relayhost = smtp.mailgun.org            
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd


SET SMTP LOGIN CREDENTIALS

echo 'smtp.mailgun.org username@domain.com:yourMGPassword' > /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd


RESTART POSTFIX

service postfix restart


TEST FROM CLI

echo "My message body" | mail -s "Test Email" <your@emailaddress.com>
Posted by at 1 comment:

Saturday, January 24, 2015

Upgrading Ubuntu 12.04.x LTS (precise pangolin) cURL and libcurl from 7.22.0 to 7.39.0

Upgrading Ubuntu 12.04.x LTS (precise pangolin) cURL and libcurl from 7.22.0 to 7.39.0

Upgrading 12.04 curl to 7.39.0 can not be done using package system. In this how-to I will show how to upgrade by manually compiling and binding PHP.

[STEP 1] Download new version 7.39.0 from cURL website:

cd /usr/local/src
wget http://curl.haxx.se/download/curl-7.39.0.tar.gz
tar -zxvf curl-7.39.0.tar.gz
cd curl-7.39.0

[STEP 2] Configure, make and install:

./configure --enable-optimize --enable-warnings --disable-ares --enable-shared --enable-static=no --enable-http --enable-ftp --disable-ldap --disable-ldaps --disable-rtsp --enable-proxy --disable-dict --disable-telnet --disable-tftp --enable-pop3 --enable-imap --enable-smtp --disable-gopher --disable-ipv6 --enable-threaded-resolver --enable-verbose --disable-sspi --enable-crypto-auth --disable-ntlm-wb --disable-tls-srp --enable-cookies --disable-soname-bump --without-librtmp

make
make install

[STEP 3] Remove existing installation (if installed via apt-get):

apt-get remove curl
apt-get autoremove


[STEP 4] Confirm cURL got installed:

ls -lsa /usr/local/bin
ls -lsa /usr/local/lib

Note: you should see curl binary executable with today's date.


[STEP 5] CREATE SOFT LINK FOR 'curl' EXECUTABLE IN /usr/bin

ln -s /usr/local/bin/curl /usr/bin/curl


[STEP 6] VERIFY DEFAULT CURL is now using new version:

curl -V


Step 6 completes the upgrade of cURL and libcurl. You can stop here if you do not need to upgrade other softwares using the cURL on your computer / server.

If you are using PHP, you have to continue with the steps below to rebind PHP with your new cURL binaries.


---------------  [PHP BINDING]  ----------------------------------

The instructions below will rebind your PHP to your newly upgraded cURL and libcurl.  I am using PHP-FPM. However this how-to guide should work similarly for mod-php.  The steps below are optional if you are not using PHP.

[STEP 7] UPGRADE PHP cURL BINDING

(mine was version 7.22.0)

apt-get install php5-curl


( this may also upgrade your PHP from 5.4.x to newest 5.4.x - at the time of this writing, I was upgraded to PHP 5.4.36-1 )

curl -V

should show:

curl 7.39.0 (x86_64-unknown-linux-gnu) libcurl/7.39.0 OpenSSL/1.0.1 zlib/1.2.3.4
Protocols: file ftp ftps http https imap imaps pop3 pop3s smtp smtps
Features: AsynchDNS Largefile NTLM SSL libz


[STEP 8[ RESTART PHP5-FPM + WEBSERVER

service php5-fpm restart
service nginx restart

------------------------------------------------------------

CHANGES NEEDED IN PHP CODE

If you are using curl option CURLOPT_SSLVERSION, it is recommended comment this out (do not use this option).
By default (leaving unset), PHP's curl extension should automatically negotiate with remote server the best protocol to use.

I have tried to set CURLOPT_SSLVERSION to CURL_SSLVERSION_TLSv1 and got error about CURL_SSLVERSION_TLSv1 not defined.

This is because CURL_SSLVERSION_TLSv1 was not defined before PHP 5.5. Since I am not going to upgrade to 5.5+ just because of this issue, I decided to just NOT set the  CURLOPT_SSLVERSION option.

In case you still want to set CURLOPT_SSLVERSION to whatever value you want, here are the define values:

Tip: the value in the parentheses is the constant's value.

CURL_SSLVERSION_DEFAULT (0)
CURL_SSLVERSION_TLSv1 (1)
CURL_SSLVERSION_SSLv2 (2)
CURL_SSLVERSION_SSLv3 (3)
CURL_SSLVERSION_TLSv1_0(4)
CURL_SSLVERSION_TLSv1_1 (5) 
CURL_SSLVERSION_TLSv1_2 (6)
Posted by at No comments:
Subscribe to: Posts (Atom)