I don’t really use much the GUI and always the command line so I don’t really use the Cloud File plugin I created for nautilus.
So here is a shell script to upload to Rackspace Cloud Files and give you back a shortened URL of the public URL file. Great for quick sharing… You have to install the zenity binary first..
[Update: this is now available here https://github.com/chmouel/upcs]
Quick conversion from shell :
It seems that there is no much documentation about how to do rsync like backup with duplicty so here it is :
#!/bin/bash UPLOAD_TO_CONTAINER="backup" #adjust it as you like export CLOUDFILES_USERNAME=Your Username export CLOUDFILES_APIKEY=API_KEY_YOU_GOT export PASSPHRASE=The Passphrase for your encrypted backup duplicity /full/path cf+http://${UPLOAD_TO_CONTAINER} |
This should take care to upload the backup files to the backup container. It does that incrementally and detect the changes to your file system to upload. There is much more option for duplicity look at the manpage for more info.
After seeing this script http://overhrd.com/?p=106 which allow to upload files with the file manager (finder) of MacosX to Rackspace Cloud Files, I have made a nautilus script that doe the same for us Gnome/Unix users.
Available here :
http://github.com/chmouel/nautilus-rackspace-cloud-file/tree/master
So at work we have to use a bastion host for all our connections to servers to be able to get called PCI compliant. This kind of stuff could be a pain to use when you have to use another host to do RSYNC/SCP or other stuff that need direct transfer to workstation.
Thankfully OpenSSH is very flexible and have multiple options to easy the pain. If you add this to your ~/.ssh/config :
Host bastion
Hostname IP_ADDRESS_OF_BASTION_SERVER
User YOUR_USERNAME
ProxyCommand none
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%pHost *
ProxyCommand ssh -qax bastion ‘nc -w 600 %h %p’
This will allow you to pass all SSH requests to the bastion server.
I have experimented with different options and this seems to be most efficient way. The ControlMaster ControlPath is to speed up the connections by not reopening a tcp socket all the time to the bastion server. This seems to cause problems with the OpenSSH version shipped with some distros (ie: Fedora) so you may want to remove it if you experience problems. For the ProxyCommand there is way to use cat like this :
ProxyCommand ssh bastion ‘exec 3<>/dev/tcp/%h/22;(cat <&3 & );cat >&3′
but the cat processes seems to hang in memory on the bastion server so netcat seems a better option. I heard that tcpconnect from the tcputils package should make things smoother but I haven’t tried that.
I have other options in my SSH configuration to allow to be less verbose see ssh_config(5) manpage for detailed description of each of these options :
Host *
ForwardAgent yes
GSSAPIAuthentication no
VerifyHostKeyDNS no
StrictHostKeyChecking no
HashKnownHosts no
TCPKeepAlive yes
ServerAliveInterval 600
By the way forgot to mention you would need to have SSH key exchange configured with the bastion server with a SSH agent runing (these days all distros should do that by default) to don’t have to type the password of your username on bastion server.
I have heard there is way to do that on Windows with putty and plink but I haven’t tried that see this post here about it.
If you want to generate properly encrypted password to feed to chpasswd, the most easier and proper way is to do that from command line :
[code lang="bash"]
echo "encryptedpassword"|openssl passwd -1 -stdin
[/code]
If you want to generate in pure python you can do it like that :
[code lang="python"]
def md5crypt(password, salt, magic='$1$'):
import md5
m = md5.new()
m.update(password + magic + salt)
# /* Then just as many characters of the MD5(pw,salt,pw) */
mixin = md5.md5(password + salt + password).digest()
for i in range(0, len(password)):
m.update(mixin[i % 16])
# /* Then something really weird... */
# Also really broken, as far as I can tell. -m
i = len(password)
while i:
if i & 1:
m.update('x00')
else:
m.update(password[0])
i >>= 1
final = m.digest()
# /* and now, just to make sure things don't run too fast */
for i in range(1000):
m2 = md5.md5()
if i & 1:
m2.update(password)
else:
m2.update(final)
if i % 3:
m2.update(salt)
if i % 7:
m2.update(password)
if i & 1:
m2.update(final)
else:
m2.update(password)
final = m2.digest()
# This is the bit that uses to64() in the original code.
itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
rearranged = ''
for a, b, c in ((0, 6, 12), (1, 7, 13), (2, 8, 14), (3, 9, 15), (4, 10, 5)):
v = ord(final[a]) < < 16 | ord(final[b]) << 8 | ord(final[c])
for i in range(4):
rearranged += itoa64[v & 0x3f]; v >>= 6
v = ord(final[11])
for i in range(2):
rearranged += itoa64[v & 0x3f]; v >>= 6
return magic + salt + '$' + rearranged
[/code]
You need to feed it up with a salt, like this :
[code lang="python"]
def generate_salt(count):
import random, string
char = string.ascii_letters + string.digits + string.punctuation.replace(':', '')
return string.join(map(lambda x,v=char: random.choice(v), range(count)), '')
[/code]
If you like me you have a big screen with your laptop and wants to automate when your X session start to get the best resolution, you can use that script :
[code lang="bash"]
#!/bin/bash
function get_resolutions() {
xrandr|while read -a line;do
RES="${line[1]}x${line[3]} "
[[ ${RES} != [0-9]* ]] && continue
echo ${RES}
done
}
_BEST_RES=0
BEST_RES=
for res in $(get_resolutions);do
_res=${res/x/}
[[ $_res -ge ${_BEST_RES} ]] && {
BEST_RES=${res}
_BEST_RES=${_res}
}
done
xrandr -s ${BEST_RES}
[/code]
If you like me, you have to do a lot of installs[1] of the same test machine with the same IP and have to ssh it you will notice this annoying message :
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 54:9d:c0:37:3a:80:48:6c:82:ec:d1:84:93:61:24. Please contact your system administrator. Add correct host key in /home/cboudjnah/.ssh/known_hosts to get rid of this message. Offending key in /home/cboudjnah/.ssh/known_hosts:595 Password authentication is disabled to avoid man-in-the-middle attacks. Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks. Agent forwarding is disabled to avoid man-in-the-middle attacks.
I have automated the cleanup by a script :
[code lang="bash"]
#!/bin/bash
H=$1
[[ -z ${H} ]] && { echo "Need a host as argument"; exit 1 ;}
LINE=$(ssh -o StrictHostKeyChecking=yes $1 'exit' 2>&1 | sed -n '/Offending key/ { s/.*://;s/r//;p }')
[[ -z ${LINE} ]] && { echo "Nothing to clean"; exit; }
sed -i -n "$LINE!p" ~/.ssh/known_hosts[/code]
[1] Like having to tests bunch of FAI.
A useful svn wrapper scripts. Get a diff of your local repostitory against the upstream repository changes. I wonder why it is not builtins though like a svn status -u but for dif.
#!/bin/bash IFS=" " for line in `svn status -u`;do [[ $line != " "* ]] && continue rev=`echo $line|awk '{print $2}'` ff=`echo $line|awk '{print $3}'` svn diff -r${rev}:HEAD $ff done |
I better to keep that somewhere since i always forget that thing, to do a search and replace from the command line in zsh. you just have to do the :s^FOO^BAR after your expansion
For example you just have typed the long command line :
blah bar FOO=1 FOO=3 FOO=6 cnt=1
you can just type :
!blah:s^FOO^VALUE^:G
and it will be expanded to :
blah bar VALUE=1 VALUE=3 VALUE=6 cnt=1