Fedora – 6 things to do after fresh install

Here is my list of things to do after installing Fedora 23:

1. Install alternative desktop
Mate Desktop:

# dnf install @mate-desktop

KDE Desktop:

# dnf install @kde-desktop

Install Cinnamon Desktop:

# dnf install @cinnamon-desktop

2. Install Chrome Browser
https://www.google.com/chrome/browser/desktop
3. Install RPM Fusion Repo

# rpm -ivh http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm

4. Install EPEL Repo

# rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

https://fedoraproject.org/wiki/EPEL

5. Install Gnome Tweak Tool

# dnf install gnome-tweak-tool

6. Install tmux and mc

# dnf install tmux mc

 

SSH and Secure Access with RSA certificate

Prerequisites:
1. Two linux systems
2. Someone who is fed up of constantly entering ssh username and password

There comes a time when you had enough of constantly entering your username and password:

user@server1:~/.ssh$ ssh user@172.31.27.99
user@172.31.27.99's password:
Linux 3.2.0-4-amd64 #1 SMP Debian 3.2.78-1 x86_64
Last login: Sat Apr 23 09:52:10 2016 from 172.31.100.158
user@server2:~$

Luckily there is another way using RSA certs. Here is a quick way of setting it all up:
1. On you normal/daily workstation generate pair of certificates:

user@server1:~/.ssh$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): [ENTER]
Enter passphrase (empty for no passphrase): yourpass_phrase [ENTER]
Enter same passphrase again: yourpass_phrase [ENTER]
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
da:fe:08:91:5f:63:89:8f:27:74:59:c1:19:d6:9f:2c user@server1
The key's randomart image is:
+--[ RSA 2048]----+
|           .++   |
|           .o..  |
|            . ...|
|       . . + E o.|
|      o S B   .  |
|       * * .     |
|      o = o      |
|       o +       |
|        o..      |
+-----------------+
user@server1:~/.ssh$

This will generate two files id_rsa and id_rsa.pub –> those are your private and public keys.

2. Copy your public key to the destination server

user@server1:~/.ssh$ ssh-copy-id user@172.31.27.99
user@172.31.27.99's password: 
Now try logging into the machine, with "ssh 'user@172.31.27.99'", and check in:

  ~/.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

if you go to your destination server and check the ~/.ssh/authorized_keys you will find that it has exactly the same content as your id_rsa.pub key:

root@server2:/home/user/.ssh# ls -al
total 12
drwx------ 2 user user 4096 Apr 23 10:03 .
drwxr-xr-x 3 user user 4096 Apr 23 09:13 ..
-rw------- 1 user user  394 Apr 23 10:03 authorized_keys
root@server2:/home/user/.ssh# cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyN1oh1L9dVBOGgb5QVSoJ4Cls/l+uCSjwUeH7Jr2NYyTz/0VeLQSDmvAOlyhy/S26KY8wT41z9coT+O8TDWo4F+Wvz1M27fYvscaAQO3cY5iIIEHTV0BpORDHTKvHd/YnP0CVitE65sbTssUGApG9iHyE/yTDpl+g7xe/9NwSxjPYSn2ZGxcG0vWkIUPLFProDK5VPSYo4FI27s5F+uqsWK60Ey+SuotPp6BDIKqe6jnNWjmxYbPnVWyU4Qb0DiQNWX1HmmaxehknnJM7NZWIIOzY8kSsTC8hdxcZu1IGHO6N9IDn+bQUUz7OSzfzPwDvadchScD3vzUuRdGq10d1 user@server1
root@server2:/home/user/.ssh#
user@server1:~/.ssh$ cat id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyN1oh1L9dVBOGgb5QVSoJ4Cls/l+uCSjwUeH7Jr2NYyTz/0VeLQSDmvAOlyhy/S26KY8wT41z9coT+O8TDWo4F+Wvz1M27fYvscaAQO3cY5iIIEHTV0BpORDHTKvHd/YnP0CVitE65sbTssUGApG9iHyE/yTDpl+g7xe/9NwSxjPYSn2ZGxcG0vWkIUPLFProDK5VPSYo4FI27s5F+uqsWK60Ey+SuotPp6BDIKqe6jnNWjmxYbPnVWyU4Qb0DiQNWX1HmmaxehknnJM7NZWIIOzY8kSsTC8hdxcZu1IGHO6N9IDn+bQUUz7OSzfzPwDvadchScD3vzUuRdGq10d1 user@server1
user@server1:~/.ssh$

No to test that this bit is working fine:

user@server1:~/.ssh$ ssh user@172.31.27.99
Enter passphrase for key '/home/user/.ssh/id_rsa': yourpass_phrase [ENTER]
Linux 3.2.0-4-amd64 #1 SMP Debian 3.2.78-1 x86_64
Last login: Sat Apr 23 09:52:56 2016 from 172.31.100.158
user@server2:~$

You can of course leave the passphrase empty and on this stage you are all done. However if you have set the passphrase do not despair as there is a way of telling your machine to remember it for you.

3. Using ssh-agent to remember the passphrase
DESCRIPTION
ssh-agent is a program to hold private keys used for public key authentication
(RSA, DSA, ECDSA). The idea is that ssh-agent is started in the beginning of
an X-session or a login session, and all other windows or programs are started
as clients to the ssh-agent program. Through use of environment variables the
agent can be located and automatically used for authentication when logging in
to other machines using ssh(1).

I tend to add this line to .bashrc file under my user profile:
eval `ssh-agent -s`

then check that it is running:

user@server1:~$ ps aux | grep ssh-agent
user      6088  0.0  0.0  12480   332 ?        Ss   10:22   0:00 ssh-agent -s
user      6090  0.0  0.0   7812   608 pts/0    S+   10:22   0:00 grep ssh-agent

Now that the authentication agent is running last remaining thing to do is to add the private key identities to the agent:

user@server1:~$ ssh-add
Enter passphrase for /home/user/.ssh/id_rsa: yourpass_phrase [ENTER]
Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)
user@server1:~$ 

Now for the rest of the time that we remain log in to our normal/daily workstation passphrases that we might have setup on hundreds of servers will be forwarded so we no longer need to type them in. To verify/list the added fingerprints of all identities currently represented by the agent just run:

user@server1:~$ ssh-add -l
2048 da:fe:08:91:5f:63:89:8f:27:74:59:c1:19:d6:9f:2c /home/user/.ssh/id_rsa (RSA)
user@server1:~$ ssh user@172.31.27.99
Linux 3.2.0-4-amd64 #1 SMP Debian 3.2.78-1 x86_64
Last login: Sat Apr 23 10:07:14 2016 from 172.31.100.158
user@server2:~$

if you are using the same username on both ends, you can skip the user name:

user@server1:~$ ssh 172.31.27.99
Linux 3.2.0-4-amd64 #1 SMP Debian 3.2.78-1 x86_64
Last login: Sat Apr 23 10:07:14 2016 from 172.31.100.158
user@server2:~$

4.Troubleshooting

If you get stuck and something isn’t working the way it should be connect using the verbose switch -v (or if you want to go nuts go extra verbose -vvv):

user@server1:~$ ssh 172.31.27.99 -v
OpenSSH_6.0p1 Debian-4+deb7u4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 172.31.27.99 [172.31.27.99] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u4
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA f9:c4:2a:ee:20:5e:66:c2:fc:76:12:63:53:13:9e:dc
debug1: Host '172.31.27.99' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to 172.31.27.99 ([172.31.27.99]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_GB.UTF-8
Linux 3.2.0-4-amd64 #1 SMP Debian 3.2.78-1 x86_64
Last login: Sat Apr 23 10:34:20 2016 from 172.31.100.158
user@server2:~$ 

Automate MySQL login

When scripting MySQL from bash or when frequently accessing mysql command prompt it is useful not to have to enter the login credentials all the time. This however can be automated so you don’t have to do it.

In your home folder create .my.cnf file with the following content:

[client]
username=mysql_username
password=myslq_password

and that’s it. Now to access MySQL console just type in: myslq

So for example to see databases from bash we just run:

~$ echo show databases | mysql
Database
information_schema
dbCustomerInfo
mydb1
mydb2
mydb3
mysql
performance_schema
store

Linux – Console Traffic Monitor

Sometimes when working from console I need to have a look at the IP traffic. In those situations I use handy tool called IPtraff.
To install it run

yum install iptraf-ng #rpm based distros

or

apt-get install iptraf #Debian based distros

iptraf is an ncurses-based IP LAN monitor that generates various network statistics including TCP info, UDP counts, ICMP and OSPF information, Ethernet load info, node stats, IP checksum errors, and others.
If the iptraf command is issued without any command-line options, the program comes up in interactive mode, with the various facilities accessed through the main menu:

iptraf1

iptraf2

Linux – CentOS – disable/enable SELinux

From  CentOS 7 SELinux is enabled and set to enforcing by default.

To disable it pernamently open and edit /etc/selinux/config
and set the SELINUX=enforcing to permissive or disabled

After that change is made it is necessary to restart the system.

There is another way to disable it right away by running this command:

#setenforce 0

than to check the status run:

#sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28