Friday, March 26, 2010

Enabling ssh-agent for password-less ssh login on KDE/Gnome

So one of the things that had been bothering me was ssh'ing into remote machines with keys that had passwords. I wanted to use ssh-agent so that I would not have to type in my password. Trouble was that I couldn't figure out how to do it on my KDE desktop so that every time I opened a new shell the ssh-agent would be active. Everything I'd previously read talked about executing the command:
  ssh-agent bash
...but this only starts the agent for the shell started and any child processes of that shell. Consequently, every shell opened has its own ssh-agent and you have to do a ssh-add on each shell, typing in your password each time.

Well here is how to do it

start-ssh-agent script

#!/bin/bash
if [ -f ~/.ssh/ssh-agent.env ]; then
  #echo "Agent already started"
  i=1
  #I just needed something above so the then was a valid statement
  #...is there a noop in bash?
else
  ssh-agent > ~/.ssh/ssh-agent.env
  #we need to delete the echo from the source script since some
  #commands like scp and ssh hate it when .cshrc echos stuff out
  sed -e '/echo/d' ~/.ssh/ssh-agent.env > ~/.ssh/ssh-agent2.env
  mv ~/.ssh/ssh-agent2.env ~/.ssh/ssh-agent.env
  . ~/.ssh/ssh-agent.env
  #echo "Agent started"
  ssh-add
fi

Basically this script executes ssh-agent, captures the output that specifies the environment variables and writes them to a file for future reference from future shells. It then executes ssh-add to prompt you to enter the passwords for the private keys.


stop-ssh-agent script

#!/bin/bash
if [ -f ~/.ssh/ssh-agent.env ]; then
  . ~/.ssh/ssh-agent.env > /dev/null
  kill $SSH_AGENT_PID
  rm ~/.ssh/ssh-agent.env
  echo "Agent stopped"
else
  echo "Agent is not running"
fi

Then in ~/.bashrc file you add the following:

if [ -f ~/.ssh/ssh-agent.env ]; then
        . ~/.ssh/ssh-agent.env
else
        ~/bin/start-ssh-agent
fi

...this basically means...
if the ssh-agent.env file exists
  source it so that the environment vars point to the ssh-agent process running.
else
  run the script to start the ssh-agent and prompt for the passwords for any keys

This is not perfect and you need to be careful if you are doing agent forwarding into the box but for most general cases this works.
Posted by at 4 comments:

Sunday, February 21, 2010

Good and bad: NUFC promotion to Premiership

Over the past year my Newcastle United RSS feed has been very different to the year before. We've only lost 4 times away and the results have often been 3-0, 4-1, etc Its been a joy to read the news. However, that good feeling that I get on a Monday morning is going to change with promotion back into the Premiership. Honestly, I've got mixed feelings about promotion now that I am so used to hearing good news and the most we can seem to hope for is solid middle table performance in the Premier League.
Posted by at No comments:

Tuesday, December 01, 2009

Book Review - Wicket In Action by Manning

I just finished reading Wicket in Action by Manning. The book is well laid out; I particularly liked how the simple example web site (cheesr) is grown through the book in line with the topics of the chapter. In addition to the stuff that you expect (such as how to work with/customize components, models, etc) there is also good coverage of important topics like I18N, testing, integration with frameworks like hibernate and spring, and integration with JavaScript engines (other than the wicket JavaScript engine).

Regarding Wicket itself: I really like this framework (we use it in my current team and it produces nice UIs that are pretty easy to maintain and change). Why do I like Wicket? Well for the following reasons:
  1. Its Java based, and since I'm strongest in Java it suites me. 
  2. There is a nice separation between the UI in HTML/CSS/JS and the java code that backs it. This clear separation between the presentation/design aspect and the coding is useful because it separates along the common skill groups. JavaFX (can you say "designer/developer workflow") may change my opinion on this but right now I see advantages over say the JSP approach. 
  3. Testing is well covered (with WicketTester) over and above just using something like Selenium (also mentioned in the book). 
  4. The AJAX support seems solid and flexible. It even leaves you open to using other 3p JavaScript frameworks for your fancy UI components. In particular there is lots of support for request/response queues and falling back to full page refreshing that is particularly attractive.     
I suspect (but cannot confirm) that Swing programmers will really like Wicket.

BTW...I love manning books. The fact that you can get a free ebook when you purchase the print copy is excellent and in general everything I read from the publisher is superb.
Posted by at 4 comments:

Checkpoint VPN Client Tray Icon Disappears...how to get back

One of the issues I sometimes have is that the Checkpoint VPN Client Tray Icon (the yellow key) sometimes disappears from my windows xp start bar. If I try to re-run checkpoint it says its already started. I just found out how to get it back without restarting my laptop - kill the SR_GUI.exe process. Things will automatically restart and the tray icon re-appears again.
BTW...I hate Checkpoint VPN...compared to Cisco VPN its an unstable horrific piece of software. I guess you get what you pay for.
Posted by at 5 comments:

Thursday, October 15, 2009

nxserver incompatibility with jboss ports

nxserver (see www.nomachine.com) is an amazing replacement for vncserver. I REALLY like it. It comes with great support like:
  1. clipboard copy/paste between your machine and the remote host that always works
  2. screen resolutions that adapt to your machine with zero headaches
  3. many more things...check it out!
However, I had some trouble when I installed it on a new Linux machine and then I tried to get my JBoss AS working. The problem is basically that the X Windows traffic ports for nxserver start at 7000. JBoss by default starts there too e.g. 7001.

The solution that in the end worked best for me was to just shutdown the nxserver sessions and running JBoss first. Then while JBoss is running start up the nxserver and connect. nxserver will skip over the ports being used by JBoss and use unused ports further up the 7000 range. 

NOTE: Even if nxserver is stopped there can be persistent sessions. You can check by running:
  • ps -ef | grep nxagent 
  • netstat -ap | grep nxagent 
Make sure they return no results. If there are results, shutdown the current sessions by logging in and logging out of the sessions manually. There is probably another way of killing the sessions but that is what I did.  
Posted by at No comments:

Wednesday, October 14, 2009

Changing linux kernel params for Oracle Enterprise Install

One of the things that Oracle needs on Linux is some specific kernel parmeters setting. These I changed in:
/etc/sysctl.conf
The settings I used were:
# Oracle XE Recommended Values
kernel.sem = 250 32000 100 128
kernel.shmmax = 536870912
# Oracle Enterprise Recommended Values
net.core.rmem_default=262144
net.core.rmem_max=262144
net.core.wmem_default=262144
net.core.wmem_max=262144
net.ipv4.ip_local_port_range = 1024 65000
Posted by at No comments:

Changing your linux hostname (RedHat)

Recently I tripped up when I got another linux box and move my old machine to a new hostname. This actually manifested itself as an error when I installed oracle and oracle could not find the localhost machine since the old machine name that was still configured. The oracle error was:
Enterprise Manager Config failed due to Invalid value null for parameter PORT
Yeah...not exactly a great error message, but when I ran emctl the error was clearer. The steps to making sure you change your host name are simply:
  1. edit /etc/sysconfig/network. Change the line HOSTNAME=[hostname of machine]
  2. edit /etc/hosts. On the loop back adapter add in your new hostname. If you use static IP add in the IP address mapping too. 
  3. run: service network restart, to restart the network with the new settings
Then just exit out of any terminal window that might have cached the network settings before executing your required task.
Posted by at No comments:

Friday, October 09, 2009

Getting wireshark/tcpdump to capture all HTTP traffic and not truncate

One issue I saw today was that when running tcpdump to analyse some http traffic it was initially saying that the http traffic was truncated. We fixed this by making sure there was no limit on the slice based on maximum packet size. We did this by using parameter "-s0" e.g.


tcpdump -i eth0 -w outputfile.tcp -s0

Posted by at 1 comment:

Wednesday, October 07, 2009

Eclipse and Linux...lesson 1: workspace in use message

With my new job (Nokia Interactive Advertising) I am now using Eclipse on Linux (and my traditional NetBeans but that's more work since we are really an eclipse shop). One issue I had to resolve was around Eclipse refusing to start and reporting "workspace in use". Apparently this is more common to see on Linux (which I can relate to since I never saw it on Windows). I resolved this by deleting the file:

$workspace_dir/.metadata/.lock


Thanks to http://episteme.arstechnica.com/eve/forums/a/tpc/f/96509133/m/885009595731 for that posting.
Posted by at No comments:

Sunday, February 26, 2006

First Entry

I'm not sure what to write in my blog at this point, or indeed why I signed up for a blog while I was watching the movie 'Proof'.
Posted by at No comments:
Subscribe to: Posts (Atom)