I was faced with a firewall denying access to the outside world using ssh. All I had was http/https access via a proxy server which required authentication. I had an Ubuntu jump host outside the network connected to the internet with a free 443 port. I tried accessing that with httptunnel and proxytunnel, but could get neither to work with this proxy server.
The solution that worked in this particular case was stunnel. It can wrap any TCP connection into an https session which was not rejected by the proxy server I was facing.
Continue reading Tunneling SSH over HTTPS with stunnel
To keep an ssh connection with a tunnel for port forwarding up reliably we can use the autossh command by Carson Harding. If the connection drops, autossh will restart it. Here’s a quick recipe to forward local port 33306 to a remote MySQL host listening on port 3306: Continue reading Keeping SSH Tunnels Up With Autossh
In a post a couple of years ago I gave an example on how to configure an Ubuntu 12.04 server to authenticate to Active Directory. Things used to be hard back then. Now we have the realmd realm enrollment manager to do the hard work of joining the host to an Active Directory domain, and the System Security Services Daemon or SSSD to do the actual authentication and authorization work whenever it is needed. And things are much easier to configure and get running. Continue reading Ubuntu 14.04 Active Directory Authentication
Here’s how to install the OpenStreetMap Nominatim service on your own server. It can be used to geocode and reverse geocode addresses and map coordinates. You will also get a web interface which loads map tiles from openstreetmap.org while doing geocoding requests using your own server. Continue reading OpenStreetMap Nominatim Server for Geocoding
Smbclient which works with BackupPC on Ubuntu 12.04:
SMB and BackupPC on Ubuntu 12.04
Unlike IPv4, which uses DHCP for configuration, IPv6 uses the Neighbor Discovery Protocol to configure addresses and gateways. Unfortunately, originally the protocol had no means of providing addresses of DNS servers to clients, making it necessary to use DHCPv6 for that purpose. Modern Linux and Mac OS X machines are able to use the IPv6 Router Advertisement Options for DNS Configuration (RFC 6106), but to my knowledge, Windows clients are not able at the moment. Here’s how to configure a Linux router using radvd and the ISC DHCP daemon. Continue reading Linux IPv6 Router: RADVD + DHCPv6
HP seems to have set up a package repository for Ubuntu 12.04, which is an improvement since I last checked a few years ago. To use the repo, add the following line to /etc/apt/sources.list:
deb http://downloads.linux.hp.com/downloads/ManagementComponentPack/ubuntu precise current/non-free
Run “sudo apt-get update”.
You can install a number of software packages from the repository:
- hpsmh: HP System Management Homepage
- hp-smh-template: HP System Management Homepage Templates
- cpqacuxe: HP Array Configuration Utility, web-based
- hp-snmp-agents: Insight Management SNMP Agents for HP ProLiant Systems
- hponcfg: RILOE II/iLO online configuration utility
- hp-health: HP System Health Application and Command line Utility Package
- hpacucli: HP Command Line Array Configuration Utility
- ams: Agentless Monitoring Service for HP ProLiant Gen8 Systems Continue reading HP ProLiant Management Component Pack on Ubuntu
First, make sure you can use public key authentication or similar means to connect to ssh servers without typing in your password all the time.
Install sshfs for mounting remote filesystems over ssh, and afuse for automounting FUSE filesystems (sshfs uses fuse). Continue reading Automount Anything over SSH
Update 2015-06-16: Ubuntu 14.04 Active Directory Authentication
Authenticating Linux users against Active Directory has traditionally been hard. There’s a multitude of HOWTOs on how to do it, and every one of them seems to do it a bit differently. This is because environments and goals vary, and there are many ways to achieve a particular goal. I will add my version to the mix. This one fetches users and groups from Active Directory LDAP using a machine account added using the Samba tools, and authenticates users to the Active Directory Key Distribution Center using Kerberos. Continue reading Ubuntu 12.04 Active Directory Authentication
The stock mod_auth_mysql package in Ubuntu is not able to authenticate against the phpass password hashes stored in the WordPress database.
There seems to be a patch lying around to enable phpass authentication in mod_auth_mysql. Its inclusion in mod_auth_mysql has been requested a long time ago, and again more recently, but for one reason or another it has been declined. Inclusion of the patch into the Debian package has also been requested.
Thanks to Peter Lamberg, there are good instructions around on how to apply the patch and enable it. I’ve made available a pre-compiled 64-bit package here: Continue reading Apache HTTP authentication against WordPress password database
In part I, we learned how to configure Apache to server any .py file as a web application using mod_wsgi. I promised to tell you more about WebOb and multiprocessing and multithreading, and exception handling. I’ll save those topics for later articles. Instead, in this part I will talk about using mod_rewrite – if, why and how to get rid of the .py extension. You will need the test apps from part I to try these out. Continue reading Serving Python scripts with Apache mod_wsgi, part II – mod_rewrite