How To Log-in To Linux Server From Windows Machine Without Password


Many a time, there is a need to access Linux server remotely from a Windows host. Of course we use putty (also MobaXterm for GUI) for that. But there are times when we need to access our Linux servers without needing to enter passwords. I had showed you how to setup password-less SSH for Linux. But that that is from Linux to Linux. Here we want to access Linux from Windows ๐Ÿ™‚ Sounds interesting, right? ๐Ÿ˜‰

Before I explain you we do this, I would like to describe the basics of SSH login. It is made possible by usage of encrypted key-pairs. One is private key & other is public key. Private key is what we store on the server/host we want to connect from (which is Windows machine here) & public key which is given out to any host we want to connect to (Linux here). It means any host that has public key can be accessed from any machine that has private key. Now that we have some understanding of SSH keys, lets jump to its implementation. Follow the steps as below.

Download puttygen from its official site on your Windows computer.

Run puttygen. It will display a window like this.

puttygen

Then click “Generate” button to generate the key-pair. Keep moving your mouse so as to increase randomness in key. Once its done, it will display the public key in its window like below.

puttygen1

Click “Save private key” button & accept when it prompts to continue without passphrase. Its password-less anyway ๐Ÿ˜‰ Save it to some safe location.

puttygen2

Now select the public key that is shown in the puttygen window & copy it.

Now open putty on your Windows computer & on the left side, you will see “SSH” under Connection. Expand it & you will see “Auth”. There you will see a “Browse” button on the right. Click it & locate your private key that you saved in 3rd step.

putty

Now login to your Linux server (open a new putty window for this) using the user-name you want password-less SSH for. Go to .ssh directory & create a file calledย authorized_keys

[shashank@vhedtdspfs02 ~]$ cd .ssh
[shashank@server .ssh]$ vi authorized_keys

Paste the copied public key (the one you copied from puttygen) in authorized_keys file. Make sure only you can read this file. chmod 700 it.

Now go back to putty window (already open in previous steps) & move to “Session”. In “Host Name or IP address” text-box, enter user@IP address or host-name & press enter. Remember to use the same user for which you created authorized_key.

You will be successfully logged-in using the SSH key pair ๐Ÿ™‚

Using username "shashank".
Authenticating with public key "rsa-key-20151028"
Last login: Tue Oct 27 05:45:06 2015 from 10.16.66.196
[shashank@server ~]$

Hope this was easy & useful ๐Ÿ™‚

Advertisements

Reset Apache HTTP User Passwords Using Expect In Linux


There are times when we need to reset HTTP user passwords. One of the common examples is Subversion (that uses Apache web front-end) users. There can be very many users who want to have their passwords reset. This can be very boring & tedious ๐Ÿ˜‰ So, below is how I simplified it by writing a shell script using expect ๐Ÿ™‚ If you recall, I had used expect earlier as well for this & this. Please read the script carefully. Its pretty self-explanatory ๐Ÿ™‚

#Subversion password reset script
#Author : Shashank Srivastava
while read user; do
{
/usr/bin/expect << EOF
#/etc/svn-users is a flat-file that stores users & their encrypted passwords.
spawn htpasswd -m /etc/svn-users $user
puts "$user added"
expect "?New password: \r"
send "PASSWORD\r"
expect "?Re-type new password: \r"
send "PASSWORD\r"
expect eof
EOF
}
#/home/shashank/svn-users.txt is a text-file that stores the user-names
done</home/shashank/svn-users.txt

So, here is the output of my script ๐Ÿ™‚

[root@server tcs_admin]# sh scripts/svnusers_pw_reset.sh
spawn htpasswd -m /etc/svn-users user1
user1 added
New password:
Re-type new password:
Updating password for user user1
spawn htpasswd -m /etc/svn-users user2
user2 added
New password:
Re-type new password:
Updating password for user user2

How To See Contents Of A Stored Procedure In Oracle?


Ever found yourself in a situation when you need to see the code/content of a Stored Procedure in Oracle? We need to check it for troubleshooting & database optimisation.

So, below is how to do it? ๐Ÿ˜‰ Make sure to use set lines 500 & set pages 500 before executing this query, so as to fit the output in a more readable format.

SELECT line, text FROM dba_source WHERE owner = 'SHASHANK' AND name = 'MY_SP' AND type = 'PROCEDURE' ORDER BY line;

Setup Load-balancer On Linux (RHEL/CentOS) Using HAProxy


Hello There! Long time no see ๐Ÿ˜ฆ After a long time, I am writing a post here on this blog (this was in draft for long). Hope you have all been well ๐Ÿ™‚

In this post, I will demonstrate how we can setup a Load-balancer onย Linux (RHEL/CentOS) Using HAProxy. What is aย Load-balancer, you may ask ๐Ÿ˜‰ Well,ย Load-balancer or LB is a device (could be a dedicated network device like F5 or a server) that distributes network/application traffic among multiple nodes. Suppose, we have 2 Apache web-servers both serving the same web-site. Without an LB, all traffic will go to 1 web-server only & it will create a lot of traffic on that server. With an LB in action, we can distribute the incoming traffic between our 2 web-servers. This way, each server will have lesser load & more efficiency. This is Active/Active load-balancing. Both the nodes are active. I won’t be discussing it in detail here. You can refer to Wikipedia article for more info.

What is HAProxy, you may again ask ๐Ÿ˜‰ HAProxy is an open-source load-balancing solution for Unix like servers. Its an application that can be installed on a server & that server will act as a Load-balancer.

Enough introduction ๐Ÿ˜‰ Lets start with this demo ๐Ÿ™‚

Lab Description : –

Load-balancer : – ย hostname – server, IP – 10.134.39.234

Web-server1 : – ย hostname – node1, IP – 10.134.39.235

Web-server2 : – ย hostname – node2, IP – 10.134.39.236

Download HAProxy installer. Download the installer from official website.

Unpack the installer. Unpack the installer tarball. ย We are using the source code to install it.

[root@server tmp]# tar -xf haproxy-1.5.14.tar.gz

Build the installer & Run it.ย Make sure to install openssl-devel & pcre-devel packages before you compile the source code or else it will throw build errors.

[root@server tmp]# yum install openssl-devel pcre-devel
[root@server haproxy-1.5.14]# make TARGET=linux2632 ARCH=native USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1
gcc -Iinclude -Iebtree -Wall  -O2 -g -fno-strict-aliasing       -DENABLE_POLL  -DCONFIG_HAPROXY_VERSION=\"1.5.14\" -DCONFIG_HAPROXY_DATE=\"2015/07/02\" \
              -DBUILD_TARGET='"linux2632"' \
              -DBUILD_ARCH='"native"' \
              -DBUILD_CPU='"generic"' \
              -DBUILD_CC='"gcc"' \
              -DBUILD_CFLAGS='"-O2 -g -fno-strict-aliasing"' \
              -DBUILD_OPTIONS='"USE_POLL=default"' \
               -c -o src/haproxy.o src/haproxy.c
make: gcc: Command not found
make: *** [src/haproxy.o] Error 127

You can see the it still threw an error ๐Ÿ˜‰ Because it couldn’t find the GCC compiler ๐Ÿ™‚ So we will install gcc first & re-build the installer.

[root@server haproxy-1.5.14]# make TARGET=linux2632 ARCH=native USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1
[root@server haproxy-1.5.14]# make install
gcc -Iinclude -Iebtree -Wall  -O2 -g -fno-strict-aliasing       -DENABLE_POLL  -DCONFIG_HAPROXY_VERSION=\"1.5.14\" -DCONFIG_HAPROXY_DATE=\"2015/07/02\" \
              -DSBINDIR='"/usr/local/sbin"' \
               -c -o src/haproxy-systemd-wrapper.o src/haproxy-systemd-wrapper.c
gcc  -g -o haproxy-systemd-wrapper src/haproxy-systemd-wrapper.o
install -d "/usr/local/sbin"
install haproxy "/usr/local/sbin"
install haproxy-systemd-wrapper "/usr/local/sbin"
install -d "/usr/local/share/man"/man1
install -m 644 doc/haproxy.1 "/usr/local/share/man"/man1
install -d "/usr/local/doc/haproxy"
for x in configuration architecture haproxy-en haproxy-fr; do \
                install -m 644 doc/$x.txt "/usr/local/doc/haproxy" ; \
        done

HAProxy has now been installed.

Create Configuration file. Create a new file at below location with the contents shown.

[root@server haproxy-1.5.14]# vi /etc/rsyslog.d/haproxy.conf
local0.* /var/log/haproxy.log

Edit rsyslog.conf file. Now we will edit rsyslog.conf file to include below lines. Ignore if already present.

[root@server haproxy-1.5.14]# vi /etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

Restart rsyslog daemon to reload configuration.

[root@server haproxy-1.5.14]# service rsyslog restart
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]

Configure HAProxy’s configuration settings. Since HAProxy was installed from source code, it won’t be running as an OS defined process. We will have to create its configuration directories & files alongwith its start/stop init.d scripts. Our installation provided us with sample config file & we will be using that.
Carefully follow below steps.

[root@server haproxy-1.5.14]# find / -name haproxy.cfg
/tmp/haproxy-1.5.14/examples/haproxy.cfg
[root@server haproxy-1.5.14]# mkdir -p /etc/haproxy
[root@server haproxy-1.5.14]# cp -p /tmp/haproxy-1.5.14/examples/haproxy.cfg /etc/haproxy/haproxy.cfg
[root@server haproxy-1.5.14]# cp /usr/local/sbin/haproxy /usr/sbin/
[root@server haproxy-1.5.14]# find / -name haproxy.init
/tmp/haproxy-1.5.14/examples/haproxy.init
[root@server haproxy-1.5.14]# cp /tmp/haproxy-1.5.14/examples/haproxy.init /etc/init.d/haproxy
[root@server haproxy-1.5.14]# chmod 755 /etc/init.d/haproxy
[root@server haproxy-1.5.14]# useradd --system haproxy
[root@server haproxy-1.5.14]# service haproxy status
haproxy is stopped

At this point, the general configurations have been made. But if I try to start HAProxy service, it will fail ๐Ÿ˜‰

[root@server haproxy-1.5.14]# service haproxy start
[ALERT] 223/055712 (12426) : parsing [/etc/haproxy/haproxy.cfg:105] : error opening file  for custom error message .
[ALERT] 223/055712 (12426) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 223/055712 (12426) : Fatal errors found in configuration.
Errors found in configuration file, check it with 'haproxy check'.

If you closely take a look at the error message, you will find that HAProxy was unable to locate the error file that it uses to diplay error messages. So, we will create the custom error file that HAProxy will use to show error messages, if there are any ๐Ÿ™‚

[root@server haproxy-1.5.14]# mkdir -p /etc/haproxy/errors/
[root@server haproxy-1.5.14]# cp /tmp/haproxy-1.5.14/examples/errorfiles/503.http /etc/haproxy/errors/503.http

Lets start HAProxy service now.

[root@server haproxy-1.5.14]# service haproxy start
Starting haproxy: [WARNING] 223/060737 (12706) : parsing [/etc/haproxy/haproxy.cfg:24]: keyword 'redispatch' is deprecated in favor of 'option redispatch', and will not be supported by future versions.
[WARNING] 223/060737 (12706) : parsing [/etc/haproxy/haproxy.cfg:26] : the 'contimeout' directive is now deprecated in favor of 'timeout connect', and will not be supported in future versions.
[WARNING] 223/060737 (12706) : parsing [/etc/haproxy/haproxy.cfg:27] : the 'clitimeout' directive is now deprecated in favor of 'timeout client', and will not be supported in future versions.
[WARNING] 223/060737 (12706) : parsing [/etc/haproxy/haproxy.cfg:28] : the 'srvtimeout' directive is now deprecated in favor of 'timeout server', and will not be supported in future versions.
[WARNING] 223/060737 (12706) : parsing [/etc/haproxy/haproxy.cfg:60] : 'capture' ignored because backend 'LB' has no frontend capability.

So it started with a few obvious warnings ๐Ÿ˜‰ We still haven’t made any modifications to HAProxy configuration file /etc/haproxy/haproxy.cfg Lets edit it with below contents. I am putting the details in the comments itself.

[root@server haproxy-1.5.14]# vi /etc/haproxy/haproxy.cfg
# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
#chroot /usr/share/haproxy
uid 99
gid 99
daemon
#debug
#quiet
defaults
log global
mode http
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
timeout http-request 20
timeout queue 86400
timeout connect 86400
timeout client 86400
timeout server 86400
timeout http-keep-alive 30
timeout check 20

#Defining the details of our front-end i.e. Load-balancer. This is IP of our LB. 
frontend LB
bind 10.134.39.234:80
reqadd X-Forwarded-Proto:\ http
#frontend LBS #bind 10.134.39.234:443 ssl crt /etc/ssl/shashank.pem #reqadd X-Forwarded-Proto:\ https
#default_backend LB Here we will define LB alongwith our 2 web-servers.
backend LB 10.134.39.234:80
#redirect scheme https if !{ ssl_fc }
mode http
stats enable
stats hide-version
stats uri /stats
stats realm Haproxy\ Statistics
stats auth haproxy:shashank
balance roundrobin
option httpchk
option httpclose
option forwardfor
cookie LB insert
server node1 10.134.39.235:80 cookie node1 check
server node2 10.134.39.236:80 check backup

capture cookie vgnvisitor= len 32

rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address

errorloc 502 http://10.134.39.234/error502.html
errorfile 503 /etc/haproxy/errors/503.http

If you carefully read the above configuration file, you will see that there is a directive stats auth haproxy:shashank There are your credentials to login to HAProxy web front end. HAProxy provides with a web-console to administer its tasks & show the status. So, haproxy is the user-name (it was created earlier) & shashank is password. You will also see web-server details in the file above ๐Ÿ™‚ Remember that node1 & node2 are hostnames to our web-servers. So, after editing the config file, restart HAProxy service & you will see this ๐Ÿ˜‰

[root@server haproxy-1.5.14]#
Message from syslogd@localhost at Aug 12 06:10:47 ...
haproxy[12804]: backend LB has no server available!

Message from syslogd@localhost at Aug 12 06:10:47 ...
haproxy[12804]: backend LB has no server available!

Create a simple webpage to demonstrate Load-balancer. We will now create a simple page to be served by our webservers. You may use any webpage. Otherwise just paste the following text into a file called index.html under your DocumentRoot on both the web-servers. Make sure to change node1 to node2 on other node ๐Ÿ˜‰

Shashank Srivastava HAProxy Load-balancer Demo Page

Demonstrating HAProxy Load-balancing Our Web-servers!

Welcome to WatILearnd2day.wordpress.com! Here is our Load-balancer in action!

It is serving our Apache web-server from node1.shashank.com.

Test Load-balancer. If everything has been correctly setup, open your browser & type in IP address of your load-balancer. It will show you from which web-server its serving the web-page. Keep on refreshing the page & you will see web-page being served from both web-servers.

HAProxy

HAProxy3

Now try stopping Apache service on any web-server & then refresh the web-page. HAProxy will server the page from other web-server.

[root@node1 ~]# service httpd stop
Stopping httpd: [ OK ]

As I told you HAProxy has a web-based console for its administration, you can go to IP_address_of_LB/stats page to see that. Credentials are mentioned in your HAProxy config file.

HAProxy1

Now stop Apache on both the servers. Then refresh the web-page. It will show you an error ๐Ÿ™‚

HAProxy2

That’s all from today ๐Ÿ™‚ Hope this post was easy to understand & follow.

How To Clone An Oracle User


At times we need to add a new Oracle database user with just the same roles/rights on an existing user. There can be any number of reasons to add this user ๐Ÿ˜‰ Most common use is to give the same role/rights/privileges to other user(s) from production database to a test database. Anyway, below are the steps that we take to clone an Oracle user ๐Ÿ™‚

I don’t just write down the steps. My aim is to explain the things in an easy to understand language so that it doesn’t become a “just-another-copy-paste” blog.

Our first task will be to identify which user we want to clone. Its done by issuing below query. Make sure to issue set long 99999 before running any query. This will enable full output on your screen.

SELECT DBMS_METADATA.GET_GRANTED_DDL('USER', 'SHASHANK') FROM DUAL;

It will show you how my existing ID was created.

CREATE USER "SHASHANK" IDENTIFIED BY password;

Now we will run a few queries to see what all roles have been assigned to my ID SHASHANK.

SELECT DBMS_METADATA.GET_GRANTED_DDL('ROLE_GRANT','SHASHANK') FROM DUAL;
SELECT DBMS_METADATA.GET_GRANTED_DDL('SYSTEM_GRANT','SHASHANK') FROM DUAL;
SELECT DBMS_METADATA.GET_GRANTED_DDL('OBJECT_GRANT','SHASHANK') FROM DUAL;

Now that we have all the roles & privileges for the user that we have to clone, lets start with creating a clone user SHASHANK_ADM. We will create a script called user_clone.sql & execute it. Just make sure to follow the correct / or \ depending upon your OS. Windows uses \ & Nix* uses /.

Below are the contents of my script. You can see that this is nothing but the output of above queries ๐Ÿ˜‰ I have just replaced the user name with the new user.

CREATE USER "SHASHANK_ADM" IDENTIFIED BY password
GRANT CREATE TRIGGER TO "SHASHANK_ADM";
GRANT CREATE PROCEDURE TO "SHASHANK_ADM";
GRANT CREATE DATABASE LINK TO "SHASHANK_ADM";
GRANT CREATE SEQUENCE TO "SHASHANK_ADM";
GRANT CREATE VIEW TO "SHASHANK_ADM";
GRANT CREATE TABLE TO "SHASHANK_ADM";
GRANT UNLIMITED TABLESPACE TO "SHASHANK_ADM";
GRANT CREATE SESSION TO "SHASHANK_ADM";
GRANT "CONNECT" TO "SHASHANK_ADM";
GRANT "RESOURCE" TO "SHASHANK_ADM";
GRANT "SELECT_CATALOG_ROLE" TO "SHASHANK_ADM";
ALTER USER "SHASHANK_ADM" DEFAULT ROLE ALL;

Then execute this script : –

@/path_to_user_clone.sql

or

@\path_to_user_clone.sql

That’s it ๐Ÿ™‚ We now have a clone user SHASHANK_ADM with just the same rights as user SHASHANK. Hope, this was useful & easy to understand.