Could not open a connection to your authentication agent

Sometimes when you try to use ssh client remotely you get this problem “Could not open a connection to your authentication agent”, to solve this:

 

eval `ssh-agent -s`
ssh-add

Leave a comment

Using Linux SysRq

On x86   - You press the key combo 'ALT-SysRq-<command key>'. Note - Some
           keyboards may not have a key labeled 'SysRq'. The 'SysRq' key is
           also known as the 'Print Screen' key. Also some keyboards cannot
	   handle so many keys being pressed at the same time, so you might
	   have better luck with "press Alt", "press SysRq", "release SysRq",
	   "press <command key>", release everything.

*  What are the 'command' keys?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'b'     - Will immediately reboot the system without syncing or unmounting
          your disks.

'c'	- Will perform a system crash by a NULL pointer dereference.
          A crashdump will be taken if configured.

'd'	- Shows all locks that are held.

'e'     - Send a SIGTERM to all processes, except for init.

'f'	- Will call the oom killer to kill a memory hog process, but do not
	  panic if nothing can be killed.

'g'	- Used by kgdb (kernel debugger)

'h'     - Will display help (actually any other key than those listed
          here will display help. but 'h' is easy to remember :-)

'i'     - Send a SIGKILL to all processes, except for init.

'j'     - Forcibly "Just thaw it" - filesystems frozen by the FIFREEZE ioctl.

'k'     - Secure Access Key (SAK) Kills all programs on the current virtual
          console. NOTE: See important comments below in SAK section.

'l'     - Shows a stack backtrace for all active CPUs.

'm'     - Will dump current memory info to your console.

'n'	- Used to make RT tasks nice-able

'o'     - Will shut your system off (if configured and supported).

'p'     - Will dump the current registers and flags to your console.

'q'     - Will dump per CPU lists of all armed hrtimers (but NOT regular
          timer_list timers) and detailed information about all
          clockevent devices.

'r'     - Turns off keyboard raw mode and sets it to XLATE.

's'     - Will attempt to sync all mounted filesystems.

't'     - Will dump a list of current tasks and their information to your
          console.

'u'     - Will attempt to remount all mounted filesystems read-only.

'v'	- Forcefully restores framebuffer console
'v'	- Causes ETM buffer dump [ARM-specific]

'w'	- Dumps tasks that are in uninterruptable (blocked) state.

'x'	- Used by xmon interface on ppc/powerpc platforms.
          Show global PMU Registers on sparc64.
          Dump all TLB entries on MIPS.

'y'	- Show global CPU Registers [SPARC-64 specific]

'z'	- Dump the ftrace buffer

'0'-'9' - Sets the console log level, controlling which kernel messages
          will be printed to your console. ('0', for example would make
          it so that only emergency messages like PANICs or OOPSes would
          make it to your console.)

More info :
https://www.kernel.org/doc/Documentation/sysrq.txt

Leave a comment

NGINX redirect 404 and 403

location / {
error_page 404 = @foo;
error_page 403 = @foo;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
#Redirect to root
location @foo {
rewrite .* / permanent;
}

Leave a comment

Discover MySQL database size

 

SELECT table_schema “DATABASE_NAME”,
sum( data_length + index_length ) / 1024 / 1024 “Data Base Size in MB”,
sum( data_free )/ 1024 / 1024 “Free Space in MB”
FROM information_schema.TABLES
GROUP BY table_schema ;

Leave a comment

Adding 2 Elastic IPS in a EC2

  • Create a routing table, I am using the name  eth1_route

echo ‘2 eth1_route’ >> /etc/iproute2/rt_tables

  • Create the interface configuration /etc/network/interfaces

vi /etc/network/interfaces

auto eth1
iface eth1 inet static
address 172.31.100.5
netmask 255.255.255.0
network 172.31.100.0
broadcast 172.31.100.255
up ip route add default via 172.31.100.1 dev eth1 table eth1_route
up ip rule add from 172.31.100.0/24 lookup eth1_route prio 1000

Done!

Leave a comment

Reducing TIME_WAIT sockets in Nginx and Apache

Edit /etc/sysctl.conf and add

# Enables fast recycling of TIME_WAIT sockets.
# (Use with caution according to the kernel documentation!)
net.ipv4.tcp_tw_recycle = 1

# Allow reuse of sockets in TIME_WAIT state for new connections
# only when it is safe from the network stack’s perspective.
net.ipv4.tcp_tw_reuse = 1

After this run in terminal

sysctl -p

 

PS: DO NOT USE THIS IF YOUR CLIENTS ARE BEHIND A NAT (Thanks Jero).

,

1 Comment

Reverse SSH, using SSH tunnel to bypass NAT

If you want to connect using SSH in a machine that is behind a NAT and have no wait to configure a port forward, here goes the way to do it.

#Execute this in machine behind NAT

ssh -o StrictHostKeyChecking=no -C -N -f -R 2222:127.0.0.1:22 user@remote_host_with_public_ip

#Execute this in server with public IP

ssh -p 2222 localhost -l root

Leave a comment

Clear iptables rules

To clear all iptables rules you can simple execute this in your terminal ( using root user)

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Leave a comment

“Running” wireshark in remote machinne

Sometimes tcpdump is not that friendly to check network.

In this example we are running tcpdump in the remote machine and showing data in wireshark.

ssh root@HOST tcpdump -iany -U -s0 -w – ‘not port 22’ | wireshark -k -i –

Leave a comment

Unable to locally verify the issuer’s authority (Verisign) problem with Nginx

In some browsers like konqueror and old firefox verions we were getting this problem.

                          Unable to locally verify the issuer’s authority

To solve this you must use an intermediate certificate, to download this intermediate certificate you must contatct your provider, in our case was Verising https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR1735 

Inspect your certificate to check the version you are using.

With this new cwertificate in hands create a “bundle” certificate; cat your_domain_certificate.crt intermediate_certifica.crt >> bundle.crt .

Configure your nginx with this new certificate

# SSL configuration
ssl on;
ssl_certificate /PATH/bundle.crt;
ssl_certificate_key /PATH/server_valid.key;
ssl_session_timeout 30m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
 

Leave a comment