I have a mess of private and public certificate-files lying around. To gain some overview I named them differently. But when the private key created with
Terminal
1
ssh-keygen -t rsa -b 4096
is not named ‘id_rsa’ SSH won’t use it.
The simple solution is to point ssh to the private key it should use with the ‘-i’-option:
I thought I’d start my first post on how to get IPv6 working by putting the cart before the donkey. By that I mean I’ll first describe how to connect with aiccu - a smart little program - to the IPv6 provider SixXS before demonstrating how to subscribe to SixXS. Both is not a worldshaking task, but installing aiccu and using it is much more fun and easy peasy. After that I hope you won’t shy the hassle applying to SixXS for an address.
Let’s start!
Installing Aiccu
The nice thing about aiccu is it’s in most distro’s repositories.
Debian / Ubuntu / Mint:
Terminal
1
sudo apt-get install aiccu
Fedora / Red Hat / CentOS / Suse Linux:
Terminal
1
sudo yum install aiccu
Arch Linux:
Terminal
1
yaourt -S aiccu
That simple!
We’ll have a look at how it looks like in Linux Mint (it works the same in any other distribution except Arch where a little more work is needed).
So after you issued
Terminal
1
sudo apt-get install aiccu
your terminal will become blue and ask you for your SixXS username:
After you typed in your username it will ask you for your password for SixXS. Type that in too and hit enter.
The installation will finish and all is good and well. Aiccu is even started for you.
Aiccu is not started at boot from that moment on. It needs to be launched manually like this:
Terminal
1
sudo aiccu start
or stopped:
Terminal
1
sudo aiccu stop
Aiccu is installed. What now?
To check if you really have IPv6 up and running you can do the following things:
A) Check for a new network interface
Fire up a terminal. Hammer in ifconfig.
Terminal
1
ifconfig
Ifconfig should result in something like this (alongside your other interfaces like eth0/eth1 or wlan0/wlan1 and so on):
If you can see your virtual SixXS adapter this is a good sign.
B) Ping an IPv6 address
Now issue the following:
Terminal
1
ping6 ipv6.google.com
Let it run a while and hit Ctrl+c. You should see something like this:
The first time you used the IPv6 protocol! Nice hm?
C) Visit an IPv6 test site
Fire up your internet browser. Type into the address bar:
browser address bar
1
http://ipv6test.google.com/
Voila:
Superb! Next go to the Kame project and see the turtle swim and wag its head! (Without IPv6 you only have a static pic.)
browser address bar
1
http://www.kame.net/
Isn’t this amazing? And did I promise too much? With aiccu and SixXS it really is a piece of cake to get started with IPv6!
Now you can surf to
browser address bar
1
http://www.sixxs.net/misc/coolstuff/
and figure out what else you can do with IPv6.
Get your IPv6-address from SixXS
So. Now that you know how simple it is to install aiccu it is about time to know how to apply for an IPv6 address.
You will have to do two things:
1) Apply for a user account at SixXS.
2) Apply for getting a tunnel assigned (aka an IPv6 address).
Nr. 1) Apply for a user account
With your internet browser go to:
browser address bar
1
http://www.sixxs.net
Klick on ‘Signup for new users’. You’ll be presented with the following form:
As you can see you are supposed to give away personal information such as where you live, phone number and e-mail address. Beyond that you should be able to name a reason why you want to sign up. This information is mainly for SixXS making sure their network is not abused. After all they are your internet service provider (ISP) even if you don’t pay them.
Your name and address is also available on the whois-server. If you don’t want that this is nothing for you.
After you have submitted your input and confirmed that your e-mail address is verified (the usual: you get an e-mail from SixXS and have to klick a conformation link) you’ll have to wait some time. Sometimes several days. Eventually you get something along the lines of this:
Dear … … ,
You have successfully completed the user registration at SixXS. Your account has been verified and SixXS have approved the information you have supplied. You can now log in to the website with the following credentials:
Note that the secure version of our website requires one to install the CACert certificate. Follow the links on the website for more details on this subject.
You should change your password on a regular basis (now is a good time to change it). Please look carefully at your information supplied on the website, and change anything that seems out of order. You can contact us by replying to this email.
Regards, The SixXS tunnelrobot.
Nr. 2) Apply for a tunnel
Now, with your username and your password, you can log in to SixXS and apply for a tunnel (I know, a bit tedious). Applying for a tunnel means you apply for your IPv6 address so that you can install and use aiccu. Aiccu then creates an IPv6-tunnel to SixXS from where your IPv6 traffic is passed on to other IPV6-network-isles.
When your request for a tunnel is approved you get an e-mail like this:
Dear … … ,
SixXS have honored your request for a tunnel with the following specifications: ——- Tunnel Id : T123456 PoP Name : decgn01 (de.netcologne [AS8422]) TIC Server : tic.sixxs.net (which is the default in AICCU) Your Location : Berlin, de SixXS IPv6 : 2001:abcd:abcd:abcd::1/64 Your IPv6 : 2001:abcd:abcd:abcd::2/64 SixXS IPv4 : 123.123.123.123 Tunnel Type : Dynamic (ayiya) ——-
The SixXS PoP at AS8422 will set up the tunnel automatically in the next hour. Please be patient and do not be alarmed if the tunnel does not ping after you enabled it. Check the tunnelinfo pages for configuration examples.
Install the AICCU client software as per instructions on: http://www.sixxs.net/tools/aiccu/
Note: Keep your machine NTP synced, if the timestamp difference is bigger than 120 seconds the heartbeat will be silently dropped. The AICCU client will not work when it detects a large time difference.
Regards, The SixXS tunnelrobot.
After you received this e-mail you can finally install aiccu like shown above.
Arch Linux
A note on Arch Linux.
I first tried aiccu on Arch Linux which worked perfectly. But I had to manually configure the aiccu.conf file. You wont’t be asked for your credentials during installation.
This is how my /etc/aiccu.conf config file looks like:
# AICCU Configuration
# Login information (defaults: none)
username SOMETHING-SIXXS
password mypassword
# Protocol and server to use for setting up the tunnel (defaults: none)
protocol tic
server tic.sixxs.net
# Interface names to use (default: aiccu)
# ipv6_interface is the name of the interface that will be used as a tunnel interface.
# On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels
# or tunX (eg tun0) for AYIYA tunnels.
ipv6_interface aiccu
# The tunnel_id to use (default: none)
# (only required when there are multiple tunnels in the list)
tunnel_id T123456
# Be verbose? (default: false)
verbose true
# Daemonize? (default: true)
# Set to false if you want to see any output
# When true output goes to syslog
#
# WARNING: never run AICCU from DaemonTools or a similar automated
# 'restart' tool/script. When AICCU does not start, it has a reason
# not to start which it gives on either the stdout or in the (sys)log
# file. The TIC server *will* automatically disable accounts which
# are detected to run in this mode.
#
daemonize true
# Automatic Login and Tunnel activation?
automatic true
# Require TLS?
# When set to true, if TLS is not supported on the server
# the TIC transaction will fail.
# When set to false, it will try a starttls, when that is
# not supported it will continue.
# In any case if AICCU is build with TLS support it will
# try to do a 'starttls' to the TIC server to see if that
# is supported.
requiretls false
# PID File
pidfile /var/run/aiccu.pid
# Add a default route (default: true)
defaultroute true
# Script to run after setting up the interfaces (default: none)
#setupscript /usr/local/etc/aiccu-subnets.sh
# Make heartbeats (default true)
# In general you don't want to turn this off
# Of course only applies to AYIYA and heartbeat tunnels not to static ones
makebeats true
# Don't configure anything (default: false)
#noconfigure true
# Behind NAT (default: false)
# Notify the user that a NAT-kind network is detected
behindnat true
# Local IPv4 Override (default: none)
# Overrides the IPv4 parameter received from TIC
# This allows one to configure a NAT into "DMZ" mode and then
# forwarding the proto-41 packets to an internal host.
#
# This is only needed for static proto-41 tunnels!
# AYIYA and heartbeat tunnels don't require this.
#local_ipv4_override
It’s slightly different from when it is automatically configured on Mint/Ubuntu/Debian. It works though.
That’s it for now.
Next time we’ll have a look at Hurricane Electric. Another tunnelbroker (SixXS is a tunnelbroker too). With Hurricane Electric you have another provider from which you can get an IPv6 address. We’ll manually set up Ubuntu/Mint to connect to Hurricane Electric. The drawback is without aiccu you either have to configure port forwarding if your’e behind a NAT or you mustn’t be behind a NAT. Otherwise it won’t work.
I will only demonstrate how it works when you have a public IPv4-address though. This is more for servers or when you have the rare opportunity to get a public IP-address assigned as is the case at my working place.
Connect to remote machine:
ssh user@machine-ip Copy file from local to remote machine with Secure Copy - scp:
scp /path/to/file user@machine-ip:/path/to/destination Copy file from remote to local machine:
scp user@machine-ip:/path/to/file /path/to/destination Copy directory from local to remote machine:
scp -r /path/to/directory user@machine-ip:/path/to/destination
Users / Groups:
Users:
List users:
lastlog
cat /etc/passwd Add user:
adduser username Delete user:
deluser username delete files:
deluser -r username Change password:
passwd username List group membership:
groups username detailed:
id username
Groups:
List all groups:
id
cat /etc/group
(cat /etc/group |cut -d: -f1; cat /etc/passwd | cut -d: -f1) Add group:
addgroup groupname Delete group:
delgroup groupname Add user to group:
adduser username groupname
gpasswd -a user group e.g.:
gpasswd -a daniel kvm Delete user from group:
gpasswd -d user group Edit groups:
vim /etc/group
Manage rights:
Classic way (chmod, chown, chgrp) - a file/program can have only one owner/group:
Blacklist modules:
vim /etc/modprobe.d/module-name.conf e.g.:
vim /etc/modprobe.d/wlan.conf add:
blacklist module-name e.g.:
blacklist bcma
blacklist acer_wmi
Backups
Backup home with rsync (example):
rsync -arvu /home/user /run/media/user/external-drive/backups Backup / with tar (example):
sudo tar cvpzf /media/external-drive/backups/backup-name`date +%d%h%y-%H:%M`.tgz ––exclude=”/proc/*” ––exclude=”/lost+found/*” ––exclude=”/dev/*” ––exclude=”/mnt/*” ––exclude=”/media/*” ––exclude=”/run/media/user/*” ––exclude=”/sys/*” ––exclude=”/tmp/*” ––exclude=”/var/cache/pacman/*” ––exclude=”/home/user/*” ––exclude=”/root/.thumbnails/*” /
Storage / Partitions:
Available disk space:
df -h List drives:
fdisk -l Mount drive:
mkdir /media/drive
mount /dev/sdh /media/drive Unmount drive:
umount /media/drive Copy Image to USB:
sudo dd if=/path/to/image/imagename.iso of=/dev/sdx bs=4M;sync
(works similarly with partitions)
Samba
Mount a samba share:
mount -t smbfs //IP/shared_folder /folder-to-mount-shared-folder -o username=user,password=password-for-user or:
mount -t cifs //xyz.xyz.xyz.xyz/shared-folder /folder-to-mount-shared-folder -o username=user,password=password-for-user
Mysql
Login as root:
mysql -u root -p
Reset root password:
1) Stop mysql:
/etc/init.d/mysql stop
service mysql stop
rc.d stop mysql 2) Then (as root):
mysqld –skip-grant-tables &
mysql -u root mysql
UPDATE user SET Password=PASSWORD(‘YOURNEWPASSWORD’) WHERE User=’root’; FLUSH PRIVILEGES; exit;
This worked on Suse:
mysqladmin -u root password new password or:
mysqladmin -u root -h hostname password new-password
A while ago I had to install CentOS on a windows hyper drive. As CentOS does not support hyper drive out of the box like ubuntu does I had to configure the network card from scratch. Here’s what you have to do in such a case:
Then whenever you want to set the proxy variable you just type “proxy” at the command line. When prompted for your proxyserver user name you type it in (you may need to type domain\user if it’s a domain account) and then when prompted type your password (which isn’t echoed to the screen).
This will then set the environment variables, and they’ll be lost when you exit your session.
After I posted the Arch Linux distributions list I cannot resist to post a list with distributions dedicated to the openbox desktop environment.
Debian based:
Crunchbang
THE status quo openbox distro. Alien Section OS
Debian and Ubuntu editions. Only 32 bit. Semplice
Based on Debian Sid. Innovative. Zenix
Based on Debian Stable with a Buddhist touch.
Arch Linux based:
Archbang
Modeled after crunchbang. CTKArch
Minimalistic Arch Linux setup - not a distribution. Elegance
Sadly probably deprecated.
Since a new dawn is on the horizon with the unstoppable approach of IPv6 it might be a good idea to spend some time exploring this new technique.
The good thing here is if you are not interested in such matters and don’t even know what IPv6 is don’t worry. When it comes along you might not even notice as all current operating systems support it and in future surely will support it even better.
But for all who cant’t wait to play around with it (and a lot of system admins unfortunately will be forced to ‘play around’ with it) there is some neat stuff one can do.
In fact there’s no problem to be expected when IPv6 is finally here. But for system admins the transition will be kind a ruff as a lot of networks will be and already are maintained dual stack (IPv4 and IPv6). This involves a lot of tunneling and lets say hopping from one IPv6 network-isle to another. The problem here is IPv4 normally can’t transport IPv6-packets. To easy the transition from IPv4 to IPv6 some protocols were developped namely 6to4, 6over4, 6in4, teredo, isatap, IPv6 rapid deployment, ayiya (anything in anything). It all boils down to put an IPv6 packet into an IPv4 packet. The protocols are different in matters of security, ease of deployment and the way an IPv6 packet takes to reach another IPv6 network-isle. There’s a lot of info on Wikipedia!
My idea here is to start a little series on IPv6. Not so much about basic info as there already is a lot of out there. More about testing stuff like getting an IPv6-address, setting up a small IPv6-network. Getting OpenVPN to use IPv6. I know there are tutorials around too. But I wanted to see for myself how it works.
Next we will explore the aiccu-program from SIXxS, a service provider where you can get an IPv6-address free of charge. The only drawback with SIXxs is you have to apply for your address and you get kredit points for using IPv6. Without enough kredit points you cannot apply for an IPv6-subnet. That kinda sucks sometimes though the intention might be good.
A month or so ago someone posted a compilation of all Arch Linux based distributions he knew. I was amazed how many in fact exist. Naturally I copied the list. Today I sadly realized that the mentioned blog is down and swiftly decided to re-post the list on my own blog. So there’s no credit for me in this. I only added one distro.
The list was posted on http://archblog.de/arch-basierte-distributionen/. Could be there were some name conflicts. Anyway thanks unknown blogger for your work!
There’s some information on Linux specific topics and some links to interesting farming / farmers’ market projects.
I only abandoned it because of the layout I didn’t like any more. And because I thought good old fashioned HTML isn’t good enough any more. Though after experimenting with Wordpress I figured I don’t need no databases either to manage my homepage. It seemed a bit clumsy too. Logging in, writing, doing the editing in my browser. I know I could have done it in an editor on my computer an then copy and paste it but still I wasn’t satisfied.
Then I discovered Octopress. I was looking for a nice theme for Wordpress when I realized that the theme I was looking at was not applied on Wordpress but on Octopress. (The standard theme by the way which is just awesome!)
Not only has it a very nice theme but the way you write and deploy your posts is just perfect. Namely the posts are written with a text-editor of your choice, then saved and simply rsync-ed to your blog. Isn’t that elegant?
Here’s all you need to know - it applies to every distro: Octopress Setup
It worked on my Arch box without a hitch. Though I had to read the Arch wiki for some information on RVM.