SSH allows secure connections from one host to another. All traffic is encrypted. Authentication is usually by means of a key pair, where the private key resides on your local machine, and the public key is imported to the remote system. SSH keys have become particularly important for cloud computing, where users need to access cloud servers over a potentially hostile Internet.
Sometimes, the requirement is to access one system via another. You “hop” through the first system to reach the second. The following article shows how to do that, in a secure way, without having to place a private SSH key onto the middle system. Continue reading →
Bitbucket is a paid-for version of Github. Along with Jira and Confluence, it forms the Atlassian framework, a suite of devops tools in widespread use.
Using the Bitbucket web interface, a repository can easily be renamed. However, this causes a change in the URL, which breaks the link from existing clones of the repo. They can be deleted and re-cloned, or renamed. This post explains how to do the rename. Continue reading →
Iptables is the name of the firewall built into the Linux kernel. It is also the tool used for firewall configuration. This post explains how to use iptables with a range of IP addresses and/or ports. It could be used, for example, to allow SSH traffic from a number of systems. Or to open up a range of ports with a single firewall rule.
The Linux firewall (part of the Netfilter project) is important on Internet facing systems, “edge” servers and “jump” boxes. Particularly when they do not sit behind another protective network element such as a load balancer or discrete firewall. For example, standaline cloud instances that are not part of a protected VPC infrastructure. Continue reading →
“Link shortening” happens when a short URL, such as http://bit.ly/2bo3XYY, points to the same web page as a longer link, such as https://en.wikipedia.org/wiki/BBC. Short links are often used where there are a limited number of characters available, such as an SMS text or a Twitter post. Short links are also quicker to type and neater than the associated full length links.
Two of the main providers of short links are Bitly and Google (Goo.gl). For example, I used Bitly to create the short link in the above paragraph. However, if you have a Raspberry Pi (or any kind of Linux server), you don’t need to use a provider. You can create your own short links. This article explains how. Continue reading →
In Perl, hash (associative array) sorting is a common and easy practice. Sorting values by key is easy. And so is sorting by value. But how do you sort the values of a hash by key? One answer is to use a hash slice. Continue reading →
The Raspberry Pi’s low power consumption makes it well suited to the role of always-on web server. This post describes how to use a domain name with your Pi-based web site. Setting up a web site on the Pi is very easy and was explained in an earlier post of mine, just here.
This article explains how to set up a domain name with your web site, so that you can surf to http://your.domain.name instead of http://your.ip.address. It assumes that you have already have an Apache web site running. If not, please read the above post, before coming back here. Continue reading →
Upgrading a Red Hat or CentOS system isn’t difficult. Just type yum update, it’s easy. So easy, in fact, that is quite possible to upgrade a system you didn’t intend to, or to upgrade a system further than was wanted, which is the subject of this post.
Yum update, used on a system which has not been updated for months or years, will cause hundreds of packages to be upgraded. It will also result in a point release upgrade. For example, a system running Red Hat/CentOS 6.2 might change to 6.5 after the update, or even to 6.7 or 6.9. Continue reading →
“Dirty Cow” is the common name given to Linux vulnerability CVE-2016-5195. It is a “privilege escalation” that allows a non-root user to gain root access on a system. An attacker must have system access first, as a normal user. Then they use the bug to obtain root rights. It is dangerous and should be patched.
The Linux kernel itself was fixed in October 2016. Since then, Linux vendors have all released patches. Many Internet articles suggest addressing the bug by doing a general system update. While that might be fine for a test machine or Linux desktop, it isn’t ideal for a production server. This article describes how to fix the bug in the least invasive way possible – by updating the kernel only. Continue reading →
*UPDATED November 2017 for Raspbian Stretch*. The Raspberry Pi’s low power consumption makes it well suited to the role of always-on web server. This post describes how to install Nextcloud onto the Pi. Nextcloud is an open source software package providing remote file sharing services, similar to Dropbox. But with Nextcloud, you retain ownership, security and control of the shared data. Nextcloud works well on a Pi 2 and Pi 3 but will run very slowly on a Pi 1.
The below procedure describes how to install Nextcloud version 12.0.0, the latest stable version at the time of writing (27th May 2017), but it should work for later/future versions too. Continue reading →