ssh-copy-id behavior

Keep an eye out for this one. When using ssh-copy-id to copy my public key to a remote host, I found that it had not properly appended my id to the remote ~/.ssh/authorized_keys file. It concatenated it on to the end, with no linefeed. Just be sure to check for that!

Original remote ~/.ssh/authorized_keys

ssh-dss AAA...== forest@machine

After ssh-copy-id did its work:

ssh-dss AAA...== forest@machinessh-dss AAAAB...gdA== forest@laptop

Ubuntu batch photo processing

Way-cool batch photo processing on Ubuntu, GNU/Linux, Windows, and Mac with Phatch.

SSH public RSA key errors

Seen these before when trying to login via SSH with your new RSA public key?

Nov 2 12:09:17 hostname sshd[12712]: error: buffer_get_ret: trying to get more bytes 257 than in buffer 73
Nov 2 12:09:17 hostname sshd[12712]: error: buffer_get_string_ret: buffer_get failed
Nov 2 12:09:17 hostname sshd[12712]: error: buffer_get_bignum2_ret: invalid bignum
Nov 2 12:09:17 hostname sshd[12712]: error: key_from_blob: can't read rsa key
Nov 2 12:09:17 hostname sshd[12712]: error: key_read: key_from_blob AAAAB3N[...] failed

In my case these were the result of copying a public key from e-mail, which tends to mangle long text lines. I usually don’t have this problem because I use the ssh-copy-id script to copy my keys to a remote host before attempting to log in.

mysqldump: dump rows matching certain criteria, or limit number of dumped rows

To limit the number of rows dumped by mysqldump, you can do:

mysqldump -u [user] -p[password] --where="true LIMIT 5" [database] [tablename] > outputfilename.sql

You could select other criteria as well:

mysqldump -u [user] -p[password] --where="userid > 24" [database] [tablename] > outputfilename.sql

Which directories were archived? Command-line

I archived a directory. It took two hours, then exited with a non-zero exit status (that means an error). Hmm — I was just testing something; I only cared if certain specific subdirectories were present in the archive. So I needed a way to look deep inside, quickly, and find those particular directories.

GNU tar will let you “test” an archive with -t, but I only wanted a list of the directories archived. Then I wanted that sorted. So…

$ nice tar -tjvf data.tar.bz2 | tr -s ' ' | cut -d' ' -f 6- | cut -d / -f -2 > tardirs.txt
$ uniq tardirs.txt > tardirs_uniq.txt
$ sort tardirs_uniq.txt > tardirs_uniq_sorted.txt

The -tjvf arguments to tar let you look inside, the “tr” command collapses adjacent spaces so that the first “cut” command will output only the sixth (file) field, and the second “cut” command will reduce a directory like “folder/folder/folder/fun.txt” to “folder/folder.” Then “uniq” will remove non-unique names.

Split a file across multiple CDs or DVDs on Linux

Okay, so you very likely have the ‘split’ utility installed (it’s in the GNU coreutils package, so… very likely). If you want to burn a file to multiple media, but you don’t have kdar installed on your desktop… don’t worry about it. Just open a terminal and do:
$ split --bytes=600MB --numeric-suffixes filename_part_
In my case, I have a 2.8GB file, but I only have 700MB CDs on hand for my burner. So this command will ensure that I get several 600 “megabyte” (1000 bytes * 1000) pieces, named “filename_part_00,” “filename_part_01,” and “filename_part_02,” et cetera.

Bash pipe fun

How about “recursively look at a log of hostnames used to request my site content. Sort them and ensure that only unique ip address and hostname combinations are counted. Find how many use my ‘.biz’ hostname to land on my site”:

find . -iname '*ecommerce-host_log*' | nice cat | nice xargs cut --delimiter=' ' -f 1,4 | nice sort | nice uniq | nice grep \.biz | nice wc -l

I wasn’t sure which commands would be most processor-intensive, so I used “nice” liberally.

Apache custom logging

Aren’t you interested in seeing what requests users, bots, or script kiddies make of your site, especially those things that client-side JavaScript-based analytics packages don’t tell you?

Under Apache, custom logging can give you lots of information you might not have seen otherwise. I’ll let the documentation for Apache’s mod_log_config say most of this, but as a quick preview, you could try defining a custom log format up near the top of your httpd.conf with

LogFormat "%a %t %{Host}i \"%r\"" hostlog

for example, then in all of your Directory containers, you could do

CustomLog logs/forest-monsen-site-host-log hostlog

Then, in my case, /var/log/httpd/forest-monsen-site-host-log would contain lines like [31/Aug/2010:08:53:24 -0500] "GET /aggregator/sources/2 HTTP/1.0" [31/Aug/2010:08:53:24 -0500] "GET /images/house.gif HTTP/1.1"

And I’d be able to tell which hostname was originally requested by the user — before any of my mod_rewrite rules got to it. Good stuff.

Remove user list from Ubuntu 9.10 Karmic Koala login screen

Problem: You want to login to your Ubuntu laptop without letting others shoulder surf your full name. You’d like to introduce yourself to them personally instead.

Solution: In a terminal (Applications -> Accessories -> Terminal), enter

sudo -u gdm gconftool-2 --set --type boolean /apps/gdm/simple-greeter/disable_user_list true

Type in your password when requested. You’re done.

sftp chroot jail in Ubuntu

(Update 16 Mar 2011: Since writing this post, I’ve learned of an easier way to create this chroot jail. Newer versions of OpenSSH enable the “ChrootDirectory” configuration directive. I recommend that you take a look at George Ornbo’s tutorial on chrooting sftp users in Intrepid for the details.)

(Updated 08 Feb 2011 to reflect xplicit’s experience on Ubuntu 10.04.)

I wanted to give a buddy access to a website hosted on my box. So I tried scponly, since I only wanted to provide SFTP access to that particular directory, using a chroot jail. The steps are as follows.

  1. Install the scponly package using Ubuntu’s APT package management system.
  2. Use the script provided to set up your first jail and your user’s home directory. For the location of the user’s jail, give the path of the directory you want to share.
  3. Provide a password for the new user.
  4. Ensure that the new user has permissions to read and write all the necessary directories in your Web site.

$ sudo apt-get install scponly
$ gzip -dc /usr/share/doc/scponly/setup_chroot/ > /tmp/
$ cp /usr/share/doc/scponly/setup_chroot/config.h /tmp

The previous step copies the “config.h” file to help things go more smoothly, as Luke found.

$ chmod +x /tmp/
$ cd /tmp
$ sudo ./

Next we need to set the home directory for this scponly user.
please note that the user's home directory MUST NOT be writeable
by the scponly user. this is important so that the scponly user
cannot subvert the .ssh configuration parameters.
For this reason, a writeable subdirectory will be created that
the scponly user can write into.

Note that I removed the /incoming subdirectory created by this script. There was no need for a separate directory for my buddy to upload files. He could have permissions over the whole site tree.

-en Username to install [scponly]
-en home directory you wish to set for this user [/home/bob]
-en name of the writeable subdirectory [incoming]

creating /var/www/sites/bobsite/htdocs/incoming directory for uploading files

Your platform (Linux) does not have a platform specific setup script.
This install script will attempt a best guess.
If you perform customizations, please consider sending me your changes.
Look to the templates in build_extras/arch.
- joe at sublimation dot org

please set the password for bob:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
if you experience a warning with winscp regarding groups, please install
the provided hacked out fake groups program into your chroot, like so:
cp groups /var/www/sites/bobsite/htdocs/bin/groups

This script added certain directories to the site root (/var/www/sites/bobsite/htdocs). Every other directory needed to be writable by Bob. So let’s add Bob to a special group, and allow that group write access on all the website’s files.

$ sudo adduser bob www-data

We can ignore /bin, /etc, /lib and other directories added to the chroot jail (the website filesystem):

$ sudo find . \! -user root -exec chgrp www-data \{\} \;
$ sudo find . \! -user root -exec chmod g+w \{\} \;

Good to go!