ssh

Bash: fixing “Too many authentication failures” for ssh with private key authentication

If you are using ssh private/public keypair authentication, and get an almost immediate error like below: $ ssh -i id_rsa.pub myuser@a.b.c.d -p 22 Received disconnect from a.b.c.d port 22:2: Too many authentication failures Disconnected from a.b.c.d port 22 Then try again using the ‘IdentitiesOnly‘ option. ssh -o ‘IdentitiesOnly yes’ -i id_rsa.pub myuser@a.b.c.d -p 22 The Bash: fixing “Too many authentication failures” for ssh with private key authentication

Bash: fixing SSH authentication error “bad ownership or modes for file/directory”

If ssh private/public keypair authentication is failing, check the logs on the server side for permission errors.  On Debian/Ubuntu check for these errors in “/var/log/auth.log”. # error if authorized_keys file has too wide a permission for others Authentication refused: bad ownership or modes for file /home/myuser/.ssh/authorized_keys # error if .ssh directory has too wide a Bash: fixing SSH authentication error “bad ownership or modes for file/directory”

Bash: extend timeout for idle ssh sessions using TMOUT

The ClientAliveInterval and ClientAliveMaxCount settings in “/etc/sshd/sshd_config” work together to control the timeout value of an ssh session on the server side.  But under BASH, to keep idle client sessions from timing out, you also need to set the ‘TMOUT’ variable or you will see messages like below when disconnected. timed out waiting for input: Bash: extend timeout for idle ssh sessions using TMOUT

Ansible: orchestrating ssh access through a bastion host

Ansible uses ssh to configure its target host inventory, but for on-premise datacenters as well as hyperscalers like EC2/GCP/Azure, the target hosts are often purposely located in deeper private subnets that cannot be reached from the Ansible orchestrator host. One solution is to enable a bastion/jumpbox host that serves as the forwarding host.  It sits Ansible: orchestrating ssh access through a bastion host

Ubuntu: X2Go on Ubuntu bionic for remote desktop access

Updated April 2023: Tested on Ubuntu 22.04 LTS with X2GO sever 4.1.0 X2Go provides remote desktop access for Linux, similar to VNC or xRDP.  It tunnels over ssh which can provide SSH public key authentication for security and is easily understood when opening firewall rules. Additionally, it is optimized for narrow bandwidth requirements, making it Ubuntu: X2Go on Ubuntu bionic for remote desktop access

Ubuntu: X11 forwarding to view GUI applications running on server hosts

Although server hosts typically have no graphical desktop and only serve console-based clients, these machines still have the ability to serve a GUI display screen to a remote desktop if necessary. The X11 protocol makes it possible to send the graphical display to a remote graphical desktop. Beyond the ability to run GUI utilities on Ubuntu: X11 forwarding to view GUI applications running on server hosts

SaltStack: salt-ssh for agentless automation on Ubuntu

Configuration Management tools like SaltStack are invaluable for managing infrastructure at scale.  Even in the growing world of containerization, there is the need for bulk automation. This article will detail installation of  Salt SSH which leverages the power of SaltStack without the requirements for an agent install.

CloudFoundry: Deploy Cloud Foundry locally using BOSH Lite on Ubuntu

Update Jan 2019: Now using CredHub instead of ‘–vars-store’ (which will be deprecated in CF 3) Even if you are developing a service or application that will ultimately be deployed to a private Cloud Foundry instance, having a local CF instance for development work is still an ideal development workflow. There is a local CF CloudFoundry: Deploy Cloud Foundry locally using BOSH Lite on Ubuntu

CloudFoundry: Enabling Java JMX/RMI access for remote containers

Enabling the use of real-time JVM monitoring tools like jconsole and VisualVM can be extremely beneficial when troubleshooting issues.  These tools work by enabling a JMX/RMI communication channel to the JVM. These are typically thought of as local development tools, but they can also be used on remote CF containers running Java.  In this article, CloudFoundry: Enabling Java JMX/RMI access for remote containers

CloudFoundry: Java thread and heap dump analysis on remote containers

Java thread and heap dumps are valuable tools for troubleshooting local development,  but they can also be used on remote CF containers running a JVM.  In this article, we’ll go through various method of gathering this data from a Cloud Foundry container and then tools for analyzing this data. Now matter how uniform your environments, CloudFoundry: Java thread and heap dump analysis on remote containers

Windows: Windows 2012 Sysprep for Vagrant readiness

Many developers like to use Vagrant from HashiCorp to standardize the workflow of virtual machines: creation, running, destroying, taking snapshots, etc.. Usually Vagrant is used for Linux hosts, but it also works with Windows as long as you prepare the template properly. In a previous article I went over the detailed steps to create a template image for Windows: Windows 2012 Sysprep for Vagrant readiness

Ansible: Installing Ansible on Ubuntu 16.04

Ansible is an agentless configuration management tool that helps operations teams manage installation, patching, and command execution across a set of servers. In this article I’ll describe how to deploy the latest release of Ansible using pip on Ubuntu 16.04, and then perform a quick validation against a client.

Ansible: Installing Ansible on Ubuntu 14.04

Ansible is an agentless configuration management tool that helps operations teams manage installation, patching, and command execution across a set of servers. In this article I’ll describe how to deploy the latest release of Ansible using pip on Ubuntu 14.04, and then perform a quick validation against a client.