ssh Archives

Fixing X11 Forwarding Over SSH and with Sudo

July 6, 2018 by Bob Plankers

X11 forwarding over SSH not working? Not setting $DISPLAY correctly in your shell? Having problems with X11 and sudo? Yeah, me too. Total pain in the duff. Here’s what I do to fix it. I’m thinking about Linux when I write stuff like this but a lot of this has worked on AIX and Solaris, too. Make sure your SSH client supports X11 Forwarding and that it’s turned on. I use SecureCRT but I know it works in PuTTY as well. Once you turn it on in your client & save the settings you will need to reconnect, the forwarding is established with the connection. Ensure xauth and xterm are installed. You need xauth for this to work, and xterm …

How to Install CrashPlan on Linux

January 25, 2015 by Bob Plankers

I like CrashPlan. They support a wider range of operating systems than some of their competitors, they have a simple pricing model, unlimited storage & retention, and a nice local, mobile, and web interfaces. I’ve been a customer for a few years now, and recently have switched a few of my clients’ businesses over to them, too. What I don’t like is that they don’t seem to support Linux very well, which is typical of companies when their installed base is mostly Windows & Mac. Most notably, their install instructions are sparse and they don’t tell you what packages you need to have installed, which is important because cloud VMs and whatnot are usually “minimal” installations. I’ve attempted to open …

VMware vCenter Server Appliance 5.5.0 Has An Insecure NTP Server

February 13, 2014 by Bob Plankers

Update: I have updated this article to reflect some new information provided by VMware. I have also published new notes and discussion as a separate blog post. On January 10, 2014 a vulnerability in ntpd, the Network Time Protocol daemon, was made public (US CERT VU#348126): UDP protocols such as NTP can be abused to amplify denial-of-service attack traffic. Servers running the network time protocol (NTP) based on implementations of ntpd prior to version 4.2.7p26 that use the default unrestricted query configuration are susceptible to a reflected denial-of-service (DRDoS) attack. Other proprietary NTP implementations may also be affected. I have encountered several vCenter Server Appliances, version 5.5.0 build 1476327 and older, that were exposed to the general Internet, and have …

Preparing Linux Template VMs

March 26, 2013 by Bob Plankers

Dan over at Bashing Linux has a good post on what he does to prep his template VMs for use with Puppet. He’s inspired me to share how I prepare my Linux VMs to become a template. He’s got a few steps I don’t have, mainly to prep for Puppet, and I have a few steps he doesn’t have. One big difference is that I don’t prepare my template images for a particular configuration management system, but instead bootstrap them once they’re deployed. Why? I use my templates for a variety of things, and sometimes the people who end up with the VMs don’t want my management systems on them. It also means I have to handle some of what …

On Using Alternate Ports for SSH

October 19, 2012 by Bob Plankers

There’s a post I read the other day that’s really been stuck in my craw (link is below). It was about the effects of moving SSH to an alternate port. The post starts out like this: Best practices state that you should run ssh on an non-standard port. Unfortunately some programs use port 22 by default and it isn’t obvious what the switch is to change this port. First, whose best practices say this? Some self-appointed security expert on the web? I ask because this sort of activity is known as “security through obscurity” and isn’t regarded well as a security tactic. The Wikipedia article on security through obscurity has a section called “Arguments For” which reads more like an …

SSH Escape Sequences (aka Kill Dead SSH Sessions)

November 8, 2011 by Bob Plankers

Did you know that when you’re using OpenSSH from the command line you have a variety of escape sequences available to you? SSH somewhere, then type “~” and “?” (tilde, then question mark) to see all the options. You should get something like: Supported escape sequences: ~. – terminate connection (and any multiplexed sessions) ~B – send a BREAK to the remote system ~C – open a command line ~R – Request rekey (SSH protocol 2 only) ~^Z – suspend ssh ~# – list forwarded connections ~& – background ssh (when waiting for connections to terminate) ~? – this message ~~ – send the escape character by typing it twice Most …

Keep SSH Sessions From Disconnecting

November 3, 2011 by Bob Plankers

With the installation of new firewalls at work I’ve been getting disconnected a lot from hosts I SSH to, due to changes in the inactivity timeouts. It’s particularly inconvenient when I’m tailing a log that hasn’t changed in a while… and then the connection dies, and I don’t notice. Oops. It also happens in various other situations, like NAT through a home router, too. Let the connection sit for a while and you’ll have to recreate it. I could ask our network guys to change the timeouts, but it turns out there’s a better fix from the client side. SSH protocol version 2 supports server keepalive, essentially NOOPs sent to the server to keep the connection up. You can do …