The ClientAliveInterval and ClientAliveMaxCount settings in “/etc/sshd/sshd_config” work together to control the timeout value of an ssh session on the server side. But under BASH, to keep idle client sessions from timing out, you also need to set the ‘TMOUT’ variable or you will see messages like below when disconnected. timed out waiting for input: … Bash: extend timeout for idle ssh sessions using TMOUT
Since the announcement of CVE-2022-24765, newer git clients from the Ubuntu security and archive package repositories may throw errors about “unsafe repository … is owned by someone else” if directories are not owned by your personal user id. First, try to resolve the issue by running the command suggested in the error message. # attempt … Ubuntu: install latest git client from PPA to fix ‘unsafe repository’ errors
Shared infrastructure services for a datacenter are usually deployed on Virtual Machines, but there is a growing opportunity to run these services as containers in a highly-available Kubernetes cluster. I have built a custom image which has a Chrony NTP daemon on a lightweight Alpine image and exposed it as a Service at port 123/udp. … Kubernetes: container for offering NTP as a Service
WireGuard aims to be the successor to IPsec and more performant than OpenVPN. It is a general purpose VPN that is secure enough for servers, yet light enough to run on embedded devices. In a previous article I described the installation of a WireGuard server with a Windows VPN client. I will extend those instructions … Ubuntu: WireGuard VPN for Ubuntu server, with an iPhone client
WireGuard aims to be the successor to IPsec and more performant than OpenVPN. It is a general purpose VPN that is secure enough for servers, yet light enough to run on embedded devices. In this article, I will show how to install WireGuard on an Ubuntu server and then access it using a Windows client. … Ubuntu: WireGuard VPN for Ubuntu servers, with a Windows client
Enabling NFS on a server and client allows the client to mount a remote filesystem. Below are the steps for an Ubuntu host server and Ubuntu remote client.
Although server hosts typically have no graphical desktop and only serve console-based clients, these machines still have the ability to serve a GUI display screen to a remote desktop if necessary. The X11 protocol makes it possible to send the graphical display to a remote graphical desktop. Beyond the ability to run GUI utilities on … Ubuntu: X11 forwarding to view GUI applications running on server hosts
In order to communicate with MongoDB using its default TCP protocol on port 27017, you will need a MongoDB client. There are many language bindings available, but in this article we’ll focus on the client available from the “mongodb-org-shell” Debian package.
Having your production servers go through a proxy like Squid for internet access can be an architectural best practice that provides network security as well as caching efficiencies. In a previous article, I showed how you can enforce whitelists for specific domains when using HTTP/HTTPS. Now let’s do the same thing for FTP connections, proxying … Squid: Enabling whitelisted FTP proxying using Squid
SMTP mail relays exposed to the internet typically use a combination of SSL and authenticated SMTP to avoid abuse by malicious actors. This is an excellent choice from a security perspective, but makes smoke testing a bit more complex than just opening telnet.
Ansible is an agentless configuration management tool that helps operations teams manage installation, patching, and command execution across a set of servers. Ansible was started as a Linux only solution, leveraging ssh to provide a management channel to a target server. However, starting at Ansible 1.7, support for Windows hosts was added by using Powershell … Ansible: Managing a Windows host using Ansible
ElasticSearch very often serves as a repository for monitoring, logging, and business data. As such, integrations with external system are a requirement. The Go programming language with its convenient deployment binary and rich set of packages can easily serve as a bridge between these systems and the ElasticSearch server. We will use the olivere/elastic package for this purpose, it is … ELK: Connecting to ElasticSearch with a Go client
The open-source Zabbix monitoring solution has a REST API that provides the ability for deep integrations with your existing monitoring, logging, and alerting systems. This fosters development of community-driven modules like Ryan Day’s zabbix Go language package, which is an easy way to automate Zabbix tasks like creating hosts and manipulating other back end structures. One of the nice things … Zabbix: Zabbix REST API using a Go client
The ELK stack (ElasticSearch-Logstash-Kibana), is a horizontally scalable solution with multiple tiers and points of extension and scalability. Because so many companies have adopted the platform and tuned it for their specific use cases, it would be impossible to enumerate all the novel ways in which scalability and availability had been enhanced by load balancers, … ELK: Architectural points of extension and scalability for the ELK stack
Kibana is the end user web application that allows us to query Elasticsearch data and create dashboards that can be used for analysis and decision making. Although Kibana can be pointed to any of the nodes in your Elasticsearch cluster, the best way to distribute requests across the nodes is to use a non-master, non-data … ELK: Pointing Kibana to a Client Node