Monday, August 15, 2016


SSH Client

Common client files in the ~/.ssh/ directory

known_hosts => ip/hostname and fingerprints of servers that have been seen before
authorized_keys => concatenated list of public keys that can login as this user without a password

To generate a public/private RSA key pair (id_rsa and

ssh-keygen -t rsa -b 4096 Private keys must be readable only by the user or SSH will ignore it for safety. Also, the .ssh directory must be readable only by the user.

To copy the public key to a server

ssh-copy-id -i user@server
After completion, make sure the key was appended to the .ssh/authorized_keys file on the server.

SSHd server

The config file is /etc/ssh/sshd_config

Best practice security settings

  • On public facing servers, always disable root logins with PermitRootLogin no
  • For extra security, specifically limit the users that can login with AllowUsers neo trinity
  • Allow login via keys with AuthorizedKeysFile .ssh/authorized_keys
  • You can change the port that SSH listens on, but a good port scanner will find it wherever it is

Friday, September 25, 2015

Pulling single tables out of a large MySQL dump file

This is a problem I run into occasionally when I need to restore only one or two tables from a large database dump file in text format.

It can be done with many scripting languages, but I found a nice awk command on the T-sheets blog. To use the awk command, you need to know the names and order of the tables in the dump file. First, grep for "CREATE TABLE" to find the names and order of tables in the dump:

grep -n "CREATE TABLE" dumpfile.sql

The -n switch adds the line number which is not really needed. Next, plug in the name of the table you want to extract and the name of the table immediately following it:

awk ‘/Table structure for table .table-to-extract./,/Table structure for table .table-after./{print}’ dumpfile.sql > /tmp/extracted_table.sql

Next, I usually go in and add a "use my_database_name" command at the top and remove any unnecessary commands added by the mysqldump program. The last step is to feed the extracted table SQL to mysql.

Sunday, September 13, 2015

Netgear Nighthawk R7000 wireless router

After trying various tweaks to improve our home wireless network performance, I did some online research and decided to replace my organic patchwork of access points and extenders with a Netgear Nighthawk R7000 wireless router. I have AT&T DSL so needed to use the provided 2Wire modem, but turned off the wifi on it. The Netgear genie setup program let me use the same SSID and password that the 2Wire was using so I didn't need to reconfigure any of my devices.

The Nighthawk created two networks, one at 2.4 Ghz and the other at 5 Ghz. Performance was immediately improved on both levels of my house and in all corners. We can now stream 3 videos at a time without a hiccup on an 18 Mbps down (advertised) circuit. It was worth every penny.

Saturday, June 20, 2015

Printing from Android Phones to Epson printers

The problem of printing from mobile devices is somewhat involved. The main problem is that standards like WiFi Direct or bluetooth printing are still in early stages of deployment. Some vendors have their own solutions that work pretty well with their devices, but they tend to be islands. Google has cloud print, but that requires a dedicated print server on the local network running headless Chrome to route the print jobs. I don't know the details of Apple Cloud Print, but it probably works in a similar way, with some local device acting as the print server.

On my Samsung Galaxy S6, I decided to download the Epson Print Enabler from the Play Store. Once it was installed and enabled, I took the phone to close proximity of my printer, and Epson WF-3520 multi-purpose wireless inkjet and tried to print a web page from Chrome. Chrome defaults to printing to a PDF document, but I was able to select the Epson from a drop down list, deselect the pages I did not want to print and send a single page of the web site to the printer. It worked like magic.

This is one of the island solutions that might only work with Android phones and Epson wireless printers, but it does work without any print server set up or routing through the Internet. The Epson printer is the best wireless inkjet I've owned and is highly recommended whether you want to use the Android printing features or not.

Saturday, June 6, 2015

Limiting connections to port 80

The Linux software firewall, iptables, has the ability to limit the number of concurrent connections on a specific port. This could be used as a crude DDOS defense. It won't save a web site, but it might save the server from becoming overwhelmed and unresponsive. Here is an example of limiting the number of connections on port 80 to 25. After 25 open connections, the next connection is dropped.

iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 25 -j REJECT --reject-with tcp-reset

Wednesday, March 25, 2015

Simple routing in Linux

The Linux kernel has pretty capable network routing capabilities.

To see the current routing table:
route -n

The default gateway will have the "UG" flags shown in the output. Red Hat and CentOS systems usually have the routing table stored in /etc/sysconfig/network-scripts/ by network device (e.g., route-eth1, route-eno1). To change or modify the routing table, you must be root.

To add a default gateway from the command line:
/sbin/route add default gw ip-address eth0

To add a static route, use the ip command and specify the destination and interface:
/sbin/ip route add via dev eno1

To see how packets will be routed to an ip address:
/sbin/ip route get ip-address

Saturday, January 3, 2015

Chromebook keyboard shortcuts

Last year, I replaced my Android tablet with an Acer i3 Chromebook. It was one of my best technology moves of the year. I love the form factor, keyboard, built-in SSH, screen, external ports, and ability to run a native Linux distro in paravirtual machine. The only thing I didn't like about the keyboard was that is was missing a DELETE key. The fix for that is a keyboard shortcut:

Take a screenshot with Ctrl+[show windows].

The show windows button looks like a window with two vertical bars after it. Screenshots are saved to your Downloads directory with the date and time as PNG files.

Here are more keyboard shortcuts from OMG Chrome.