kb.hurricane-ridge.com » Daemons

Use a non-default port with ssh-copy-id

admin — Mon, 26 Dec 2011 13:57:18 +0000

Quote a “-p” flag specifying the port with the “user@machine” portion of the arguments; e.g. for port 2234:

ssh-copy-id -i ~/.ssh/id_rsa.pub '-p 2234 user@machine'

Hat tip to Mike Gerwitz for getting me looking in the right direction, although the solution described on his blog does not work with the version of ssh-copy-id I have. (Edit: Looks like the same solution that I arrived at was pointed out in the comments on the above blog post.)

Generate an SSH Public Key from a Private Key

admin — Thu, 08 Dec 2011 04:08:33 +0000

Use ssh-keygen:

ssh-keygen -y -f key.pem > key.pub

Converting SSH Key Formats

admin — Tue, 25 Jan 2011 17:39:36 +0000

To convert an SSH key from SSH2-compatible format to OpenSSH-compatible, use the “-i” flag to “ssh-keygen”:

-i This option will read an unencrypted private (or public) key file in SSH2-compatible format and print an OpenSSH compatible private (or public) key to stdout. ssh-keygen also reads the RFC 4716 SSH Public Key File Format. This option allows importing keys from several commercial SSH implementations.

e.g.:

ssh-keygen -i -f user.ssh2.pub > user.ossh.pub

Selecting Ciphers in Sendmail

admin — Thu, 20 Jan 2011 22:40:02 +0000

The best reference that I’m aware of for this used to be at http://sial.org/howto/sendmail/cipherlist/ – but DNS to that site is currently broken. The site can be reached by IP address, at least for the time being.

Distilled instructions:

Assuming you are building from source, add the following to your site.config.m4:
```
APPENDDEF(`confENVDEF', `-D_FFR_TLS_1')
```
Next, rebuild the Sendmail binary; when finished, add the following to your sendmail.mc and rebuild your sendmail.cf:
```
LOCAL_CONFIG
O CipherList=DH
```
(Assuming, for whatever reasons, you want to limit ciphers to Diffie-Hellman varieties. Adjust as necessary.)

You can verify your CipherList values using OpenSSL:

> openssl ciphers DH
ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ADH-DES-CBC3-SHA:ADH-DES-CBC-SHA:EXP-ADH-DES-CBC-SHA:ADH-RC4-MD5:EXP-ADH-RC4-MD5:EDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC3-SHA:EDH-DSS-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA

Tested against Sendmail 8.14.1.

Little-Known SSH Features and Tricks

admin — Sat, 27 Nov 2010 21:31:28 +0000

Many more at 25 BEST SSH COMMANDS / TRICKS; three I didn’t know:

Copy your SSH public key to your authorized_keys on another host:
```
ssh-copy-id [-i [identity_file]] [user@]machine
```
Login to a host you can’t directly reach, through an intermediary that can reach the host:
```
ssh -t reachable_host ssh unreachable_host
```
(The -t flag is necessary to allocate a pseudo-tty.)
Use a Wireshark running locally to inspect traffic that a remote host sees:
```
ssh root@example.com tshark -w - not tcp port 22 | wireshark -k -i -
```
or
```
ssh root@example.com tcpdump -U -w - not port 22 | wireshark -k -i -
```
(Of course, if you need to inspect SSH traffic, you’ll need to exclude the IP address of the local host running SSH from the remote tshark or tcpdump command. Also, the above assumes the use of SSH keypair authentication with the remote host – see Wireshark’s Pipes page for ideas if you need to enter a password on the command line.)

Send a page range of a PDF to the non-default CUPS Printer

admin — Sat, 27 Nov 2010 20:50:47 +0000

On the command line:

lpr -P printer-queue -o page-ranges=1-2 document.pdf

Reference: Command-Line Printing and Options

Regenerating an SSH Host Key

admin — Sat, 27 Feb 2010 00:45:23 +0000

Use ssh-keygen, just like you would with an account’s key pair:

# ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa # ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa

Flush Postfix’s Mail Queue

admin — Wed, 29 Apr 2009 14:06:39 +0000

Sendmail has:
sendmail -q

The Postfix equivalent is:
postqueue -f