SSH tunnel to use other mailserver than localhost

Because I have a lot of virtual machines, laptops, work environments, and so on, I never seem to find the time to setup SMTP authentication everywhere. I typically use Linux for everything except hardcore gaming, so it’s only natural that I have some sort of mail server installed like Postfix. The problem in using that mail server to send e-mail is that I also quite often have dynamic IP addresses on these machines, which doesn’t work well with “e-mail protection” (well..) like SPF.

So instead of making my life very complicated, I have a trusted server on the Internet through which I send e-mail.

If you were looking for something fancy in this article, you can move along now, there’s nothing to see 🙂

To make all my Linux work instances believe they’re talking to an SMTP server locally, I simply setup a tunnel from the given Linux instance to this trusted server on the Internet using the ever so versatile OpenSSH / SSH. I know there are a lot of ways to do this, but this is what works for me:

Local machine or “where I work”

I have a private/public key keypair on all of these machines. The public key is placed in the /root/.ssh/authorized_keys file on the trusted server that is running the mail server.

On this machine, as root, I setup a tunnel that looks like this:

ssh -N -L 25:localhost:25 root@mail.example.org -p 2222

This will create a tunnel from “localhost” port 25 (where I work) to “localhost” port 25 on mail.example.org. It will connect the end point of the tunnel to mail.example.org on port 2222. If the mail.example.org server is running an SSH server on its standard port (22), you can remove the “-p 2222” part.

Mail server

On this server, I only need to put the public key from the local machine “where I work” into /root/.ssh/authorized_keys to allow the tunnel to come up.

When I access port 25 on my local machine “where I work”, it will be sent through the tunnel and then attempt to access “localhost” port 25 on the mail server. The mail server software, Postfix in my case, will never know this connection did not actually originate from “inside” the machine, but rather through the tunnel.

Closing thoughts

You can (obviously) make this somewhat more automated with tools like AutoSSH, init scripts, and what not. The above only intends to show how uncomplicated it is to create useful SSH/SMTP tunnels 🙂

 

When your DHCP client has lease renewal issues, Sendmail may be at fault

On one of our VPS instances, I noticed some seriously erratic behavior with the DHCP client taking a long time to renew its leases when the machine was booting up, or failing to renew at all.

It took some time before I noticed this output from dhclient:

/sbin/dhclient-script: 28: .: Can't open /usr/share/sendmail/dynamic

This didn’t make any sense as we never have and never will install sendmail on any VPS. So using apt, I was able to see that one or more of the sendmail packages had “incomplete” status (displayed as ‘c’ in aptitude if you’re using that), i.e. it was not installed but some configuration files remain. After purging those packages, dhclient had no problems whatsoever in renewing the leases.

Who knew sendmail could even trash DHCP 🙂

 

 

Fixing some keyboard shortcuts in XFCE (Ctrl+F5 and Ctrl+Alt+T)

Old habits die hard, or something like that 🙂 Cloning one of my Ubuntu Desktop set-ups to a VirtualBox environment, I switched to using XFCE4 for my desktop (“xubuntu”). This works very well and the transition is minor. Most of the applications I use work very well in both Gnome and XFCE, apart from two keyboard shortcuts I use very often.

Ctrl+F5

Ctrl+F5 to force a page/cache re-load in many browsers is attached to workspace switching in XFCE. I only have four workspaces (and rarely use more than two), so I don’t need this shortcut.

To make Ctrl+F5 work as expected (for me) in the browsers, simply go to the Application Menu or “Start” menu (upper left corner in XFCE by default), scroll down to Settings and choose “Settings Manager”. In there, select “Window Manager”. Move to the “Keyboard” tab and scroll the list until you find something with Ctrl+F5 in the “shortcut” column. For me, this was defined as “Woprkspace 5”. Choose to Clear the shortcut when the selection bar is in the right place. Click “Close” and voila, your Ctrl+F5 reload shortcut now works again.

Ctrl+Alt+T

I don’t know how people survive without a shortcut for opening a Terminal, but I guess they do. From Gnome, I’ve been used to being able to open up a new Terminal quickly by pressing Ctrl+Alt+T. This does not work in XFCE by default, but is easily remedied using a method similar to that of Ctrl+F5 above.

To assign Ctrl+Alt+T to open a new Terminal in XFCE, go to the Application Menu or “Start” menu (same upper left corner as before), scroll down to Settings and choose “Settings Manager”. In there, select “Keyboard”. Move to the “Application Shortcuts” tab and click the “Add” button. Now specify the application you want to open for your shortcut, in my case xfce4-terminal, and click OK. XFCE will now ask you for the desired keyboard shortcut, in my case Ctrl+Alt+T. And we’re done!

If you want to open the “preferred application” for “Terminal” in XFCE, instead of a specific terminal application, go and lookup how to use “exo-open”, which is a way to say “Please open my preferred application for …” in XFCE.

Enjoy your shortcuts!

ttf-mscorefonts-installer and Ubuntu 16

As has been confirmed in a number of posts on the Internet, there’s a problem with the ttf-mscorefonts-installer package on Ubuntu 16.

There are a number of solutions, and as odd as it might sound, solutions that work for some will fail for others.

I had to mix a number of suggested solutions to get it working on Ubuntu 16.04.LTS. This is what worked for me, your mileage may vary:

sudo rm -rf /var/lib/update-notifier/package-data-downloads/partial/*
sudo dpkg -P ttf-mscorefonts-installer

After which I went to this page to get an updated version of the ttf-mscorefonts-installer:

https://packages.debian.org/en/sid/all/ttf-mscorefonts-installer/download

And from the directory to where you downloaded the .deb file to:

sudo dpkg --install ttf-mscorefonts-installer_3.6_all.deb

Good luck!

SSH keys are no longer working after upgrading to Ubuntu 16.04.LTS – Help!

I recently upgraded one of my laptops to Ubuntu 16.04.LTS (going from 14.04.LTS). The upgrade went very smooth and I have no issues with the resulting operating environment 🙂 Having said that, I quickly discovered a quite serious issue for me when I attempted connecting to one of many servers I need to get into. All of a sudden, my SSH key was no longer accepted by the server, and I was prompted for a password! WTF!?

I immediately feared the worst and started looking at the server(s), tailing log files, enabling debugging, etc. No trace was to be found other than that no key was presented by the client. The servers were intact, the authorized_keys had not been compromised, and vanilla ice cream was still the number one flavor. The problem is not with Ubuntu 16.04.LTS. The problem is with my SSH key, as well as a recent change in “acceptable keys” by OpenSSH, version 7.

Doing “ssh -vvv user@server.com” told me that the SSH client couldn’t find an acceptable key to present to the server. After having figured that out, and facepalming for a few seconds, I added this to my /etc/ssh/ssh_config file:

PubkeyAcceptedKeyTypes=+ssh-dss

Saved the file and tried again. Voila! One could say many things about using this type of SSH key, but rest assured I will change mine. You should too if you run into this problem. This is a workaround, not a fix or a solution. So sit down with some vanilla ice cream (with actual vanilla) and something nice to drink and go through the process of replacing your public SSH keys everywhere.

wget segfault | wget segmentation fault

We mirror the Webmin website to bring it somewhat closer to Sweden, and recently I had to move the hosted mirror to another of our servers running Debian 8. All of a sudden, a cron job that had been working for many years went tits up with a segmentation fault.

Odd, to say the least. It became even more strange when I turned on “verbose” (-v) output and wget told me that “UTF8 cannot be converted to UTF8”. This is a truly silly error message, imho. wget apparently knows the local encoding, and it apparently knows the remote encoding, so why is it attempting a conversion when there’s non conversion needed?#stupid

Hello?

Adding –no-iri to the wget command-line solves this issue.

Using Shared Resources from your Linux workstation in your RemoteDesktop (RDP) environment and Windows Server

remminaIf you, like me, are using Ubuntu – or similar – for your daily stuff and need to connect to a Windows Server by using RemoteDesktop (RDP) / TerminalServer, you may find that local (Linux) resources are not made available to you on the Windows side.

The Remmina client on at least Ubuntu 14.04.LTS is very outdated. Go grab the latest version directly from their site. Installs without issues and gives you a “somewhat” more up-to-date RemoteDesktop Client for Ubuntu Linux.

sudo apt-add-repository ppa:remmina-ppa-team/remmina-next
sudo apt-get update
sudo apt-get install libfreerdp-plugins-standard remmina remmina-plugin-rdp

#remmina #linux #rdp #remotedesktop

 

rsyslogd eats CPU on OpenVZ

All of a sudden, rsyslogd on an Ubuntu installation running under OpenVZ is using 100% CPU. One alternative is to replace rsyslogd for syslog-ng, but if you want to “fix” rsyslogd instead, here’s how:

service rsyslog stop
sed -i -e 's/^$ModLoad imklog/#$ModLoad imklog/g' /etc/rsyslog.conf
service rsyslog start

Credits: www.ramnode.com

Locating older version of MySQL 4, MySQL 5, source code, binaries, rpm, etc.

Quite some time ago, we needed to move a customer’s MySQL 4 server from one location to another. In the process, we figured we’d update the server to use some moderately modern version like MySQL 5.0 at least. Also, if we were to have any chance of virtualizing and upgrading the actual server environment to something more modern like Ubuntu 10.04.LTS or 12.04.LTS, or Debian 6.0, we’d have to re-compile the sources regardless. Not taking other incompatibilities into account, that line of thinking ran into Chuck Norris because the Windows DLLs supplied with the application using the database were not compatible with anything but MySQL 4.

The particular version of MySQL 4 running on the customer’s server was self-compiled (by us), so I figured I’d at least locate the “most recent” version of MySQL 4. To my surprise, this turned out to be harder than I could possibly imagine. In a world where “nobody” forgets anything, I could not find a single trace of a source distribution for MySQL 4. Google, Facebook, Microsoft, and Apple probably know the size of shoes I wear, but they don’t know where MySQL 4 sources are located. This struck me as very odd as MySQL 4 was a) very popular, b) open source, and c) should at least reside on half a dozen servers on the Internet, or so I thought.

Like a core dump out of the blue skies, someone Skyped me a link today. The person had ran into a mirror archive and remembered that I was looking for this “eons ago”. I have now mirrored most of that archive into/onto my own cloud store. I’ll go through that in a few days and remove the things I don’t need, but this may very well turn out to he a lifesaver.

I wonder if Sun and/or Oracle decided that keeping old MySQL versions around was a bad idea …

If you, like me, need to find some odd version of MySQL, for whatever reason, here are two links that may be of good use to you:

http://www.mirrorservice.org/sites/ftp.mysql.com/Downloads/
http://mirror.provenscaling.com/mysql/