I came across another great Unix Support site that I thought I would share with you. Brandon Hutchinson is a Senior Unix Engineer who started to document his work for reference by himself and coworkers. The site is http://www.brandonhutchinson.com/ and he has also started to wiki to better manage changes and allow others to contribute. His wiki is here http://brandonhutchinson.com/wiki/index.php5?title=Main_Page and is well worth checking out.
Since starting at MIT my support focus has been on the Linux and Solaris environments as opposed to Microsoft environments from my last position. Getting reacquainted with SSH, SSL and Apache has been fun and picking up Kerberos, PGP, GPG, and Oracle Application Server has been great. I wanted to share an SCP problem that I was having that had me stumped for a couple of days.
Our environments are locked down and for the most part individual accounts are restricted. We use Kerberos authentication for access to restricted accounts and because of this SCP is not a good solution to use directly between servers, as we do not have a full username and password access. What we do is push and pull files to a staging server, and then push or pull the files to the default location. I built a desktop running RedHat Enterprise Server 5.0 and was using this new environment as my staging server. I ran into a problem on the RedHat Enterprise Server when attempting to SCP to and from Solaris environments. I would receive the following error:
"scp bad packet length problem"
I could scp between all of my RedHat servers and all of my Ubuntu desktops however I could not push or pull to a Solaris server. After some research, the error appeared to be caused by different versions of ssh. I found a link on the openbsd.org site explaining all all ssh parameters . Here is the reference to the Protocol Parameter:
Protocol
Specifies the protocol versions ssh(1) should support in order of
preference. The possible values are `1' and `2'. Multiple ver-
sions must be comma-separated. The default is ``2,1''. This
means that ssh tries version 2 and falls back to version 1 if
version 2 is not available.
I looked at the ssh config files located in /etc/ssh and found the Protocol parameter in sshd_config. "Protocol 2,1" was commented out and "Protocol 2" was uncommented. I commented out the "Protocol 2", uncommented "Protocol 2,1" and restarted ssh "/etc/init.d/sshd restart".
This solved the problem.
I am sorry for the lack of posts here, I recently changed positions which has kept me fairly busy. I just started at MIT in their application infrastructure services group and have been focusing on my new position more than my blogs. This weekend I started reading and came across a post from Kris at Geekbits3 that was relevant to me and I am sure will be relevant to all admins that manage a large number of UNIX hosts.
On most Corporate networks, telnet is disabled and ssh is required for connectivity between Unix hosts. SSH requires a password and depending on how it is configure, could also require a key phrase.
Kris outlines a secure configuration of connecting to your hosts with SSH that eliminates the need for a password or an SSH key phrase. This process needs to be followed on all of your servers, however once in place will increase your efficiency and provide you with extend remote support on all of your servers.
Here is an overview of Kris's post ......
Passwordless Login For SSH
I've recently set-up a new backup server, I wanted to be able to automate backups from my workstations to the server. I will be using OpenSSH
(scp) as the transfer agent between the workstations and the server. By default the OpenSSH server asks for a password every time you login, therefore automation is impossible, without a bit of tweaking.
Creating an environment where passwords are unnecessary can be achieved using public-key cryptography
There are a number of steps that need to be completed, on both workstation and server, to achieve password-less logins. I have written the required server commands within the `ssh' command, to simplify the process. You will need to have a working OpenSSH server, and user login before beginning.
I have had a couple inquiries and suggestions after my last post however I have had no real written contributions. The one bright spot is a note that I received from Kris at Geekbits3. Kris is a system administrator and blogger from Australia that publishes a great blog that focuses on Unix and Linux management. Kris is passionate about technology, system administration and sharing her tips, tricks and documentation.
She has written many posts on FreeBSD, OpenBSD VMWare on Ubuntu and a couple on windows support. If you are currently supporting a Linux community, I would encourage you to check out her blog at http://geekybits.blogspot.com/
I started this blog in April with the intent of providing additional resources to Linux, Unix, Windows and Network community. After taking inventory of all of my posts since April, most posts are Link related as opposed to content and discussion related. I have been focusing more on links as opposed to writing about How-To's or in depth configuration discussions. To better understand the difference that I am referring to, please look at my blog and compare it to any of the following System Admin Blogs:
Linux Screw, My SysAd Blog, The ITidiots, Ed's System Admin Blog, Bowulf Network Admin Blog
My Syadmin.net blog does not come close to these guys when it comes to in depth discussions, explanations and configuration information, and I would like to try and make up for some of that. However, I have certain time constraints and a couple of other blogs that I am contributing to, so I would like to ask for help from my readers, or others in the System Admin community that may want to write a post or discussion. I am willing post contributions and distribute id's on my blog to all those that would like to contribute. I would like to try and tap into the system admin community and especially the folks that have not posted or penned their own blogs.
This could be a great way to start writing and sharing what you know, and if you are like me, once you get the feel for writing and expressing your thoughts, you will probably want to start your own blog.
So to summarize, I am looking for contributors to help share discussions and thoughts about System Management Topics via my blog, and I will give each contributor full credit for each post and access to publish your own posts on my blog. I feel confident that this could work and point to a couple of examples like Friends in Tech and FastForward Blog as two successful blogs, with multiple contributers that manage content very well.
Please feel free to comment or send your thought to me at kevin@kmmm.net .
I came across a great little Linux/Unix blog that is worth checking out. It's called the Linux Screw and there is plenty of great Linux and Unix content, presented in a nice clean looking blog, with plenty of graphics.
Check it out ......
One tool that we often use is Acronis True Image with Universal Restore. Acronis True Image allows us to easily migrate off of older hardware onto new hardware with it support of dissimilar hardware types. You can take and Image of an application running on an older outdated piece of hardware and restore that image onto newer hardware. It does not matter if the seed or target servers have a Raid configuration, you simply re-apply the appropriate drivers and it works.We have done this many times and it is worth checking out.
This functionality is very similar to Ghost and although I have never used Ghost, here is a comparison of Ghost vs True Image.
I wanted to share my thoughts with you on a couple of sites. One site I have mentioned before the other is new to me. The sites are The ITIDIOTS and The Daily Cup of Tech. Both sites have a tremendous amount of content for folks looking to refine their technical skills.
The ITIDIOTS is a great podcast/videocast with many training videos and screencasts for people working in IT or studying for their MCSE exams. They also touch on pc, mac, ipod and zune topics.
The Daily Cup of Tech has a great series on server failures that they labeled the Server Failure Lesson. The Daily Cup of Tech blog also had a contest for the best tool and resource ideas for a small 32 MB USB drive. Here is the link to their USB Contest and a great list of PC Repair tools that fit on a 32mb USB Drive.
I came upon a great list of System Administration tools for all environments this evening after reading a recent Friends in Tech (FIT) post. The site is www.tlbox.com and they have a section of many System Admin Tools.
Check it out ...
Windows Server 2003 SP2 became available at the beginning of the 2007 and now Microsoft is ready to distribute via Automatic Updates. If you have not fully tested SP2 in you environment you need to complete testing and possibly stop automatic updates or block SP2. Here is Mary Jo Foley's post about this on ZDNet ....
Microsoft to push Windows Server 2003 SP2 via Automatic Updates on Patch Tuesday by ZDNet's Mary Jo Foley -- On June 12, this month's Patch Tuesday, Microsoft will be delivering more than its usual bundle of security fixes and patches for Windows, Office and other products. The company also will be starting to push Windows Server 2003 Service Pack (SP) 2 to customers via its Automatic Updates patching mechanism -- unless admins opt to block it.
