«Dee.Dii»

Dengan metode authentikasi ini kita bisa mengenkripsi password login kita ke ssh,caranya yaitu :

Generate dulu public key untuk protocol ssh ato ketik perintah sbb berikut

[dedi@office-dedi ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/dedi/.ssh/id_dsa):
Created directory ‘/home/dedi/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/dedi/.ssh/id_dsa.
Your public key has been saved in /home/dedi/.ssh/id_dsa.pub.
The key fingerprint is:
81:3a:4f:f7:7b:9d:e5:11:6f:e6:4e:d8:09:b0:35:a6 dedi@office-dedi.ardhosting.com
Nah kalau sudah sampai di sini silahkan check di home dir mu, [dedi@office-dedi ~]$ ls -alh .ssh/id_*
-rw——- 1 dedi root 736 2008-05-13 13:54 .ssh/id_dsa

-rw-r–r– 1 dedi root 621 2008-05-13 13:54 .ssh/id_dsa.pub

id_dsa adalah private key ,dan id_dsa.pub adalah public key-nya, klo sudah ketemu ada file itu di atas brati sudah benar, langkah selanjutnya menuju meng copy public key ke remote server caranya dengan ketik perintah ini $cat .ssh/id_dsa.pub | ssh -l user remote_machine “cat >> .ssh/authorized_keys”

keterangan di atas ganti user = ganti dengan username mu untuk login ke server , dan remote machine isi dengan ip atau hostname servermu.

kemudian selanjutnya login ke servermu lewat shell/ssh periksa direktori .ssh/ apakah sudah benar permission nya menjadi read only ? atau bisa diketik perintah $chmod -R og= $HOME/ .ssh dengan perintah tersebut akan mereplace permission file yg ada di dalam direktory .ssh/ menjadi read only.

Ok welldone beres deh… tinggal coba praktek login menggunakan public key

[dedi@office-dedi ~]$ user@hostname server / ip server
Enter passphrase for key ‘/home/dedi/.ssh/id_dsa’:
Last login: Thu May 15 00:04:11 2008 from 124.15x.xxx.xx
[dedi@hostname-server ~]$

it works…hurray…hurray….hurray….hehe… so simply right ?

Sudah jalan semuanya dengan normal, nah sekarang coba akalin ahh…bikin bash script agar klo login ga perlu panjang lebar ngetik username@hostname-server hohoho ribet euyy

1. bikin file apa aja lalu edit caranya : [dedi@office-dedi ~]$ touch contoh | vi contoh
2. lalu sisipkan saja bash sekrip nya

#!/bin/bash
ssh dedi@hostnameserver-nya

3. save hasil pengeditan tadi, lalu ganti permission file nya agar bisa di eksekusi ketik command $chmod +x contoh

4. beres deh… klo mau jalanin itu file tinggal ketik ./contoh langsung deh dimintain passphrase untuk dsa tadi simple kan ? atau klo mo simple tinggal copy saja file contoh itu tadi ke direktori /usr/bin/ jadi lebih simple klo mo running/panggil file contoh tinggal ketik perintah contoh

hanya sedikit tips…saja…oh iya ada tambahan lagi, ketika tadi generate public key itu bisa tanpa diisikan passphrase atau tinggal ketik enter, namun itu tidak jadi masalah jika memasukkan passphrase lagi, supaya lebih aman tentunya nah sedikit tips tambahan lagi yg saya sebutkan tadi, ini bagi siapa aja yg udah terlanjur memasukkan passphrase waktu generate public key, bisa diakalin agar tidak memasukkan password dan passphrase lagi dengan cara :

$eval $(ssh-agent)
$ssh-add ~/.ssh/id_dsa
Enter passphrase for key ‘/home/user/.ssh/id_dsa’:
Identity added: /home/user/.ssh/id_dsa (/home/user/.ssh/id_dsa)
$
$ssh-add -l user hostnameserver
$ssh -v user@hostnameserver
….
$exit
$ssh user@hostnameserver
$
Well… thats enough for today…

On a cPanel server, if you need to import a SQL file into a database – here is the command to get this done:

mysql cpanelusername_database < sqlfilename.sql

And, if you want to export the database to a sql file – the command to do this is:

mysqldump cpanelusername_datbase > databasename.sql

That’s it!

The phpMyadmin errror “#2002 - The server is not responding (or the local MySQL server’s socket is not correctly configured)” occurs due to many reasons.

1. First check whether mysql is working in the server or not.

2, Check whether there is a symbolic link from mysql.sock to /tmp. If not, create a symlink between /var/lib/mysql/mysql.sock and /tmp/mysql.sock.
~~~~~~~~~
ln -s /var/lib/mysql/mysql.sock /tmp/mysql.sock
~~~~~~~~~

3. If this doesn’t fix the issue check the file: /usr/local/cpanel/base/3rdparty/phpMyAdmin/config.inc.php and make sure the entries are like this:
~~~~~~~~~~~~~~~~
$cfg['Servers'][$i]['socket'] = ‘/var/lib/mysql/mysql.sock’;
$cfg['Servers'][$i]['connect_type'] = ’socket’;
~~~~~~~~~~~~~~~~~

Hope these will help u……

Basic trouble shooting linux server.

1. Check how much is the load on your server.
==> You can check that by w command or by using
top -d2 command (-d2 means to updates the states in every 2 seconds).
If the load is above 5-10 then there is something wrong going on your server.
The load should not be more than 20 atleast. After Top -d2 command you can
Check which process utilizing more memory by pressing “SHIFT + M”
(It will sort all the process according to the memory each proccess utilizing),
Check which process utilizing more processors resources by pressing “SHIFT + P”
(It will sort all the process according to the Process each proccess utilizing),
check the path of the script that’s been used in top by “SHIFT + M”
(This will show the path of each files in top)
For more details you can check its help section but from these you will get
which process causing problem on server.
You will see the process ID of that process or atleast the name of the process
so you got which process using too much resources how from the observation of TOP.
kill that process by following command.

kill -9 PROCESS_ID_HERE
killall -9 httpd
killall -KILL httpd

If you didnt get which process causing problem you need to find out the culprit
process from ps -aux command.

2. Check how many connections there to your system of there is an attack on your server
==> Check that from “netstat -nap” or “netstat -nlp | more” Check which IP or the service
have maximmum connection to your server and block that IP from /etc/hosts.deny file or from
iptables by fllowing
#netstat -nap

tcp 0 0 Your_Server_IP_Will_Be_Here:80 Culprit_IPs_To_Check:8109 ESTABLISHED 30770/httpd
tcp 0 0 Your_Server_IP_Will_Be_Here:80 Culprit_IPs_To_Check:8109 ESTABLISHED 30808/httpd
tcp 0 0 Your_Server_IP_Will_Be_Here:80 Culprit_IPs_To_Check:8109 ESTABLISHED 30735/httpd
tcp 0 0 Your_Server_IP_Will_Be_Here:80 Culprit_IPs_To_Check:8109 ESTABLISHED 30808/httpd
tcp 0 0 Your_Server_IP_Will_Be_Here:80 Culprit_IPs_To_Check:8109 ESTABLISHED 30734/httpd
tcp 0 0 Your_Server_IP_Will_Be_Here:80 Culprit_IPs_To_Check:8109 ESTABLISHED 30732/httpd
tcp 0 0 Your_Server_IP_Will_Be_Here:80 Culprit_IPs_To_Check:8109 ESTABLISHED 31249/httpd

#iptables -A INPUT -p tcp –dport 80 -s CULPRIT_IP_HETR -j REJECT
If you want to remove that from the block IP list later on then you can remove it from /etc/sysconfig/iptables
file or by using following command.
#iptables -A INPUT -p tcp –dport 80 -s CULPRIT_IP_HETR -j ACCEPT.
Also you can use following command to block IPs by route command. (dont use below command if you are not familier with it)
#route add IP_HERE reject <== It will block the route for it.
#route del IP_HERE reject <== remove from the block list and allow for its connection.

3. Check if there is free disk space available on server?
==> YOu can check that by df -h command.

]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/hda1 4.0G 610M 3.2G 16% /

/dev/hda2 251M 24M 215M 10% /boot
none 16G 0 16G 0% /dev/shm

/dev/hda3 4.0G 688M 3.1G 18% /opt

/dev/hda4 4.0G 1.7G 2.1G 44% /usr

/dev/hda5 2.0G 41M 1.9G 3% /usr/local
/dev/hda6 4.0G 253M 3.5G 7% /var

/dev/hda7 38G 636M 36G 2% /appl
Check if there is enough space available for each partition. If there isn’t enough disk
space then remove the unwanted content from that partition.
(Usually you can remove the logs and .core files, some installation that you are not using
or ant big .tar, .tar.gz, .gz or .zip files.

4. If you are checking something for apache then make sure that http process is
running properly.
==> You can check that from /etc/init.d/httpd status or /etc/init.d/apache status.
That will show if thats running or not if its not running then you can restart it by usnig these commands.

/etc/init.d/httpd stop
/etc/init.d/httpd stop

/etc/init.d/httpd stop

/etc/init.d/httpd stop
killall -KILL http
killall -KILL http
killall -KILL http
Untill you see no process runnning
/etc/init.d/httpd startssl
/etc/init.d/httpd startssl
/etc/init.d/httpd startssl
Untill you see process already running.
If it do not restart then you need to trouble shoot it by
/etc/init.d/httpd configtest it wil show if there is any syntax error.
also check /etc/httpd/logs/error_logs
If require to changes in /etc/httpd/conf/httpd.conf file to start the process properly.

5. If the server load is due to tomcat process then
==> Same way kill all the process for tomcat as shown above in (1) and then go to the directory
where tomcat is installed (usually it will be /usr/local/jakarta5.1.0/tomcat or /appl/tomcat0 or /opt/tomcat)
#./bin/shutdown.sh (This will stop the tomcat service)
#./bin/startup.sh (This will start the tomcat service)
If its not starting then check the last logs for it in logs/catalina.out directoty.

6. Check if your sites resolves fine for the DNS
==> Check with dig and nslookup command if the name servers are properly set for your domain from registrar end
if its set properly as per DNS server setup then login to DNS server and check if that domain’s entry is there in
/etc/named.conf file and also check the zone file for it as per the path mentioned in /etc/named.conf file for that
domain.
also check if the named service is running or not and if the port or your client’s IP is not blocked on server.
#/etc/init.d/named status
#/etc/init.d/named restart
#/etc/init.d/named stop
#/etc/init.d/named start
Check /var/log/messages for the logs of DNS
If your client IP is blocked then remove it from the iptables as nentioned in (2) above.

7. Check for mysql process
==> Fire mysql command and if you get the mysql prompt then mysql is running fine on your server and if you
get any error then here you go..
service mysql stop
rm -f /var/lib/mysql/mysql.sock
service mysql start
ln -s /tmp/mysql.sock /var/lib/mysql/mysql.sock
if fails :
The the final solution is : following needed to be in the /etc/my.cnf file:

[mysqld]
set-variable = max_connections=500

[client]
port = 3306
socket = /tmp/mysql.sock
[mysqld]
port = 3306
socket = /tmp/mysql.sock

shut down mysql and chkservd with the following commands:
#service mysql stop
#/etc/rc.d/init.d/chkservd stop
Then I removed the following files:
#rm -rf /tmp/mysql.sock
#rm -rf /var/lib/mysql/mysql.sock
#service mysql start
Now create the softlink with this:
#ln -s /tmp/mysql.sock /var/lib/mysql/mysql.sock
There were a couple of variations in that last last command to create the softlink. I guess it depends on
where mysql creates the mysql.sock file when it starts. So if you are trouble shooting you might shut down
mysql as shown above, then remove the mysql.sock files. Then restart mysql as shown above and see where it
creates the mysql.sock file. If it creates it in the /tmp directory then you need the softlink command shown
above. If it creates the mysql.sock file in the /var/lib/mysql directory then you problaby need to use the
softlink command like this as shown in some of the other related posts:
ln -s /var/lib/mysql/mysql.sock /tmp/mysql.sock
If you want to make sure which should be the valid symlink among the two below used widely.
1. /tmp/mysql.sock
2. /var/tmp/mysql.sock
For the valid link used on the server among the above two, check the /etc/my.cnf file for follwoing line.
“socket=/var/tmp/mysql.sock ”
You need to create the symlink for the socket mentioned in above line.
Reply With Quote

8. Mail trouble shooting..
==> Check if the mail server is running fine or not
#/etc/init.d/exim status
#/etc/init.d/exim restart
Check the error message and error logs for it in /var/logs/exim_mainlog and for pop3 check /var/log/maillog
and do the require changes in /etc/exim.conf file as per requirement.

If you find is interesting then please put your commenr below.
Cheers.