Show which process/program is listening to what port using netstat and lsof

lsof -Pnl +M -i4
lsof -Pnl +M -i6

or

netstat -tulpn
netstat -npl

There are obviously a number of ways to accomplish this, but these variations will cover a lot of ground. You can also combine this with grep to filter out things you don’t need to see, or to only include specific processes and/or ports.

See post from @geek1968 on Instagram

SSH tunnel to use other mailserver than localhost

Because I have a lot of virtual machines, laptops, work environments, and so on, I never seem to find the time to setup SMTP authentication everywhere. I typically use Linux for everything except hardcore gaming, so it’s only natural that I have some sort of mail server installed like Postfix. The problem in using that mail server to send e-mail is that I also quite often have dynamic IP addresses on these machines, which doesn’t work well with “e-mail protection” (well..) like SPF.

So instead of making my life very complicated, I have a trusted server on the Internet through which I send e-mail.

If you were looking for something fancy in this article, you can move along now, there’s nothing to see 🙂

To make all my Linux work instances believe they’re talking to an SMTP server locally, I simply setup a tunnel from the given Linux instance to this trusted server on the Internet using the ever so versatile OpenSSH / SSH. I know there are a lot of ways to do this, but this is what works for me:

Local machine or “where I work”

I have a private/public key keypair on all of these machines. The public key is placed in the /root/.ssh/authorized_keys file on the trusted server that is running the mail server.

On this machine, as root, I setup a tunnel that looks like this:

ssh -N -L 25:localhost:25 root@mail.example.org -p 2222

This will create a tunnel from “localhost” port 25 (where I work) to “localhost” port 25 on mail.example.org. It will connect the end point of the tunnel to mail.example.org on port 2222. If the mail.example.org server is running an SSH server on its standard port (22), you can remove the “-p 2222” part.

Mail server

On this server, I only need to put the public key from the local machine “where I work” into /root/.ssh/authorized_keys to allow the tunnel to come up.

When I access port 25 on my local machine “where I work”, it will be sent through the tunnel and then attempt to access “localhost” port 25 on the mail server. The mail server software, Postfix in my case, will never know this connection did not actually originate from “inside” the machine, but rather through the tunnel.

Closing thoughts

You can (obviously) make this somewhat more automated with tools like AutoSSH, init scripts, and what not. The above only intends to show how uncomplicated it is to create useful SSH/SMTP tunnels 🙂

 

When your DHCP client has lease renewal issues, Sendmail may be at fault

On one of our VPS instances, I noticed some seriously erratic behavior with the DHCP client taking a long time to renew its leases when the machine was booting up, or failing to renew at all.

It took some time before I noticed this output from dhclient:

/sbin/dhclient-script: 28: .: Can't open /usr/share/sendmail/dynamic

This didn’t make any sense as we never have and never will install sendmail on any VPS. So using apt, I was able to see that one or more of the sendmail packages had “incomplete” status (displayed as ‘c’ in aptitude if you’re using that), i.e. it was not installed but some configuration files remain. After purging those packages, dhclient had no problems whatsoever in renewing the leases.

Who knew sendmail could even trash DHCP 🙂

 

 

Fixing some keyboard shortcuts in XFCE (Ctrl+F5 and Ctrl+Alt+T)

Old habits die hard, or something like that 🙂 Cloning one of my Ubuntu Desktop set-ups to a VirtualBox environment, I switched to using XFCE4 for my desktop (“xubuntu”). This works very well and the transition is minor. Most of the applications I use work very well in both Gnome and XFCE, apart from two keyboard shortcuts I use very often.

Ctrl+F5

Ctrl+F5 to force a page/cache re-load in many browsers is attached to workspace switching in XFCE. I only have four workspaces (and rarely use more than two), so I don’t need this shortcut.

To make Ctrl+F5 work as expected (for me) in the browsers, simply go to the Application Menu or “Start” menu (upper left corner in XFCE by default), scroll down to Settings and choose “Settings Manager”. In there, select “Window Manager”. Move to the “Keyboard” tab and scroll the list until you find something with Ctrl+F5 in the “shortcut” column. For me, this was defined as “Woprkspace 5”. Choose to Clear the shortcut when the selection bar is in the right place. Click “Close” and voila, your Ctrl+F5 reload shortcut now works again.

Ctrl+Alt+T

I don’t know how people survive without a shortcut for opening a Terminal, but I guess they do. From Gnome, I’ve been used to being able to open up a new Terminal quickly by pressing Ctrl+Alt+T. This does not work in XFCE by default, but is easily remedied using a method similar to that of Ctrl+F5 above.

To assign Ctrl+Alt+T to open a new Terminal in XFCE, go to the Application Menu or “Start” menu (same upper left corner as before), scroll down to Settings and choose “Settings Manager”. In there, select “Keyboard”. Move to the “Application Shortcuts” tab and click the “Add” button. Now specify the application you want to open for your shortcut, in my case xfce4-terminal, and click OK. XFCE will now ask you for the desired keyboard shortcut, in my case Ctrl+Alt+T. And we’re done!

If you want to open the “preferred application” for “Terminal” in XFCE, instead of a specific terminal application, go and lookup how to use “exo-open”, which is a way to say “Please open my preferred application for …” in XFCE.

Enjoy your shortcuts!

ttf-mscorefonts-installer and Ubuntu 16

As has been confirmed in a number of posts on the Internet, there’s a problem with the ttf-mscorefonts-installer package on Ubuntu 16.

There are a number of solutions, and as odd as it might sound, solutions that work for some will fail for others.

I had to mix a number of suggested solutions to get it working on Ubuntu 16.04.LTS. This is what worked for me, your mileage may vary:

sudo rm -rf /var/lib/update-notifier/package-data-downloads/partial/*
sudo dpkg -P ttf-mscorefonts-installer

After which I went to this page to get an updated version of the ttf-mscorefonts-installer:

https://packages.debian.org/en/sid/all/ttf-mscorefonts-installer/download

And from the directory to where you downloaded the .deb file to:

sudo dpkg --install ttf-mscorefonts-installer_3.6_all.deb

Good luck!

SSH keys are no longer working after upgrading to Ubuntu 16.04.LTS – Help!

I recently upgraded one of my laptops to Ubuntu 16.04.LTS (going from 14.04.LTS). The upgrade went very smooth and I have no issues with the resulting operating environment 🙂 Having said that, I quickly discovered a quite serious issue for me when I attempted connecting to one of many servers I need to get into. All of a sudden, my SSH key was no longer accepted by the server, and I was prompted for a password! WTF!?

I immediately feared the worst and started looking at the server(s), tailing log files, enabling debugging, etc. No trace was to be found other than that no key was presented by the client. The servers were intact, the authorized_keys had not been compromised, and vanilla ice cream was still the number one flavor. The problem is not with Ubuntu 16.04.LTS. The problem is with my SSH key, as well as a recent change in “acceptable keys” by OpenSSH, version 7.

Doing “ssh -vvv user@server.com” told me that the SSH client couldn’t find an acceptable key to present to the server. After having figured that out, and facepalming for a few seconds, I added this to my /etc/ssh/ssh_config file:

PubkeyAcceptedKeyTypes=+ssh-dss

Saved the file and tried again. Voila! One could say many things about using this type of SSH key, but rest assured I will change mine. You should too if you run into this problem. This is a workaround, not a fix or a solution. So sit down with some vanilla ice cream (with actual vanilla) and something nice to drink and go through the process of replacing your public SSH keys everywhere.

wget segfault | wget segmentation fault

We mirror the Webmin website to bring it somewhat closer to Sweden, and recently I had to move the hosted mirror to another of our servers running Debian 8. All of a sudden, a cron job that had been working for many years went tits up with a segmentation fault.

Odd, to say the least. It became even more strange when I turned on “verbose” (-v) output and wget told me that “UTF8 cannot be converted to UTF8”. This is a truly silly error message, imho. wget apparently knows the local encoding, and it apparently knows the remote encoding, so why is it attempting a conversion when there’s non conversion needed?#stupid

Hello?

Adding –no-iri to the wget command-line solves this issue.