Chris just created a channel for web developers in Portland, OR on Freenode, so if you’re a web developer (or sysadmin or dba or designer or manager forced to deal with us webdevs) come on in!
#webdevpdx on irc.freenode.net
New to IRC? Try one of these clients:
Update: I should have mentioned I’m schmichael on IRC.
My Linode has been experiencing a huge number of brute force login attempts in the past week. I don’t keep detailed statistics, but I would guess there have been 300 attempts in the past week as opposed to the usual rate of about 500 attempts over 200 days (2-3 attempts per day).
Denyhosts has been doing its job perfectly. It should be illegal to run a Internet exposed SSH server without it or a similar tool.*
Thanks to HoopyCat in #linode for pointing me to a SANS Internet Storm Center article explaining the Summer of Hacks phenomenon.
* Unless of course you only accept key based logins.
Rsync is an excellent file transfer utility thats especially well suited for backing up files over the Internet because it only transfers the data that has changed. A friend asked me how to set it up, so I thought I’d post what I sent him here.
Goal: Backup a directory from computer Zim to computer Ark
Details:
Zim and Ark are subdomains of example.comArk which receives the backup files is named backupuserZim with access to the files you want to backup is named stevePrerequisites:
Zim via ssh:
ssh steve@zim.example.com
ssh key pair using:
ssh-keygen -t rsa <press enter when prompted where to save the key> <press enter twice when asked for a passphrase>
Ark remotely without manually entering a password you need to copy the public key from Zim to Ark using:
ssh-copy-id -i .ssh/id_rsa.pub backupuser@ark.example.com
If you don’t have ssh-copy-id on your system, get a new system. 
If thats not possible you can download the script with:
wget -O ssh-copy-id http://cvsweb.mindrot.org/index.cgi/~checkout~/openssh/contrib/ssh-copy-id?rev=1.6;content-type=text%2Fplain && chmod +x ssh-copy-id
Then retry the above command only you’ll need to prepend a “./”:
./ssh-copy-id -i .ssh/id_rsa.pub backupuser@ark.example.com
Ark. You should not be prompted for a password:
ssh backupuser@ark.example.com
Ark. The key is setup, so you’re now ready to rsync files without having to manually enter a password.rsync -tP /some/small/testfile backupuser@ark.example.com:/tmp
A nice little progress bar should be displayed as the file is transferred. Confirm that “testfile” is now in /tmp on Ark.
rsync -t /directory/to/backup/* backupuser@ark.example.com:/existing/backup/directory
Note: There are several useful options for rsync. Check man rsync to find out more.
-p — preserve permissions (useful for backups, use -E if you only care about the executable bit)-r — recursively backup directories.-z — compressed uncompressed files-t tells rsync to use the last modified timestamp to determine whether or not to transfer files. It makes rsync a lot faster at determining whether or not files have changed.crontab -e and insert the following line:
13 1 * * * rsync -qt /directory/to/backup/* backupuser@ark.example.com:/existing/backup/directory
Caveats:
Zim to Ark. There’s no reason why Ark couldn’t pull files from Zim. In fact, this is often more secure if Zim is a web server with a larger attack surface than Ark. Mea culpa.Ark is dynamic, use a service like dyndns.com. Otherwise SSH will give you errors.Zim, they can also delete all of your backups on Ark. Never ever ever use the root user for backups on Ark. You can use the root user on Zim to send the backups, but its best to have a special backup user setup on Ark to receive the backup.The little recipe I posted for a dedicated Linux firewall with a CherryPy powered administrative interface finally has a permanent home over at Google Code.
Many thanks to Kyle Waremburg for creating the project page and helping me develop firewall-admin! I hope other people find it useful.
I use OpenSSH daily. In fact the only app I probably use more is vim. However, until yesterday I was typing out the full username and hostname when using ssh:
ssh username@ridiculouslylong.domain.com
Ugh
Using the same username makes life a bit simpler:
ssh ridiculouslylong.domain.com
Meh, better, but I’m really lazy!
I’d heard about tab-completion for hostnames from various blogs, but never knew how to do it. I hopped into #debian and thirty seconds later someone had kindly told me about ~/.ssh/config
Not only is any host listed in your ~/.ssh/config auto-completed on the command line by hitting tab, but you can also specify what username to connect as! So my .ssh/config file looks something like:
Host host1.domain.com
User randomuser
Host www.somewhereelse.com
User someotheruser
Host mail.domain2.com
Host domain3.com
Now I can just type:
ssh h<TAB><ENTER>
to connect to host1.domain.com as randomuser.
Beautiful.
Check out man ssh_config for details and other options.
Also, if you’re not using ssh keys instead of passwords, you’re doing too much work. Seahorse makes SSH keys simple.
Disclaimer: I am not a hardware guy. The days when I enjoyed cracking open a computer case and poking around are long since past. These days if I can’t fix something via keyboard, I want no part of it.
Unfortunately, for a client I needed to extend a LAN from Building A across 30 feet of asphalt to Building B. Time to don my Net Admin hat to install a nice straightforward WiFi bridge.
Despite already owning a Linksys WRT54G series router, I decided to just pickup 2 Linksys WET54G wireless bridges (version 3.1). The bridges are actually more expensive than routers. But that just means they’re better suited for their simple task, right? Wrong…
The 2 WET54Gs have been nothing but trouble for me. Their web interface sometimes redirects to the hardcoded IP address. They drop their connection and require resetting a lot. They just don’t work reliably.
So I flashed the WRT54G with Tomato firmware to replace one of the WET54Gs, and so far things are working much better.
If I’ve never mentioned it before: I love Tomato firmware. I’ve been using it at home for ages and never have to reset it. The features are outstanding (QoS with ACK Prioritization is a lifesaver when working over SSH).
From now on anytime I need a WiFi router, access point, or bridge, I’m going to buy a WRT54G and put Tomato on it. Its cheaper than buying specialized Access Points or Bridges and has lots more features.
Did I mention Tomato generates sexy real-time graphs in SVG? Have a screenshot:
