SSH known_hosts issues

IntroductonWhen a domain has been moved from one server to another an issue with SSH logins may occur. The warning dialog that most SSH programs give looks something like this:@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!Someone could be eavesdropping on you right now (man-in-the-middle attack)!It is also possible that the RSA host key has just been changed.The fingerprint for the RSA key sent by the remote host is06:ea:f1:f8:db:75:5c:0c:af:15:d7:99:2d:ef:08:2a.Please contact your system administrator.Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.Offending key in /home/user/.ssh/known_hosts:4RSA host key for domain.com has changed and you have requested strict checking.Host key verification failed.

The SSH program will print this message and often exit, prohibiting the user from connecting to the suspicious site. This problem arises when a site has changed servers, and the new server RSA key which is transmitted when authenticating is different from the old server.

Solution

In the case of a migration, you can be reasonably sure that the RSA key change is not an accident, but to connect to the new server you must remove the line in .ssh/known_hosts that corresponds to your domain name. This can be done by editing 'known_hosts' by hand or if your machine has Perl installed you can use this one liner:

perl -p -i -e 's/^example.com.*n//;' ~/.ssh/known_hosts

Substitute your actual domain for example.com making sure to include a backslash before the dot. If you have several domains that have moved you must repeat this step for each one.

Common NFS errors & solutions

Common NFS errors & solutions:

1."Server Not Responding" Message
2.  "Access Denied" Message
3."Permission Denied" Message
4.  "Device Busy" Message

Error 1: If You Receive an NFS "Server Not Responding" Message

ping the nfs server from client

1.ping "nfs serer name or ip"

2./usr/bin/rpcinfo -p servername

The rpcinfo command should display the following processes:

    * portmap
    * nfs
    * mountd
    * status
    * nlockmgr
    * llockmgr

If any of these processes is not running, follow the below steps:


a.Make sure the /etc/rc.config.d/nfsconf file on the NFS server contains the following lines:

NFS_SERVER=1
START_MOUNTD=1

b.Make sure that the /etc/inetd.conf file on the NFS server does not contain a line to start rpc.mountd. 
If it does, make sure the START_MOUNTD variable in /etc/rc.config.d/nfsconf is set to 0.

c.Issue the following command on the NFS server to start all the necessary NFS processes:

#/sbin/init.d/nfs.server start

Error 2: If You Receive an "Access Denied" Message

a.check the FS is exported or not

#/usr/sbin/showmount -e server_name

(If it is not exported means u have to edit /etc/exports file in NFS server and put the necessary entry and 
then run the command
/usr/sbin/exportfs -a)

Error 3 :If You Receive a "Permission Denied" Message

a.Check the mount options in the /etc/fstab file on the NFS client. A directory you are attempting to write to may have 
been mounted read-only.

b.Issue the ls -l command to check the HP-UX permissions on the server directory and on the client directory 
that is the mount point. You may not be allowed access to the directory.

c.Issue the following command on the NFS server:

/usr/sbin/exportfs

Or, issue the following command on the NFS client:

/usr/sbin/showmount -e server_name

d. Check the export permissions on the exported directory. The directory may have been exported read-only to your client.
The system administrator of the NFS server can use the remount mount 
option to mount the directory read/write without unmounting it

Error 4 : If You Receive a "Device Busy" Message

a.If you received the "device busy" message while attempting to mount a directory, try to access the mounted directory. 
  If you can access it, then it is already mounted.
  
b.If you received the "device busy" message while attempting to unmount a directory, a user or process is currently using the directory. Wait until the process completes, or follow these steps:
 
 1.Issue the following command to determine who is using the mounted directory:

       /usr/sbin/fuser -cu local_mount_point

   The fuser(1M) command will return a list of process IDs and user names that are currently using the directory 
   mounted under local_mount_point. This will help you decide whether to kill the processes or wait for them to complete.

 2. To kill all processes using the mounted directory, issue the following command:

            /usr/sbin/fuser -ck local_mount_point

 3. Try again to unmount the directory

NTP-Server install in RHEL 6.0

 

***Server ip is= 192.168.122.45***

# yum install ntp ntpdate

#vim /etc/ntp.conf

restrict 127.0.0.1

restrict default ignore

server 0.rhel.pool.ntp.org

server 1.rhel.pool.ntp.org

server 2.rhel.pool.ntp.org

restrict 0.rhel.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery

restrict 1.rhel.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery

restrict 2.rhel.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery

restrict 192.168.122.0 mask 255.255.254.0 nomodify notrap

ntp server synchronization test

# ntpq –p

Output comes like below working fine!

remote           refid      st t when poll reach   delay   offset  jitter

===============================================================

+59.90.134.67    116.193.83.174   3 u   17   64  377   73.294   -8.165  24.050

*segment-119-226 193.79.237.14    2 u   15   64  377   23.212  -75.646  28.411

+ns3.net4india.c 199.167.198.163  3 u    6   64  377   38.989   -9.105  15.379

 LOCAL(0)        .LOCL.          10 l   12   64  377    0.000    0.000   0.001

-----------------------------------------------------------------------------------------------------------

NTP-Client install

# yum install ntp ntpdate

#vim /etc/ntp.conf

restrict default ignore

server 192.168.122.45

restrict 192.168.122.0 mask 255.255.254.0 nomodify notrap

ntp server synchronization test

# ntpq –p

Output comes like below works fine!

remote           refid      st t when poll reach   delay   offset  jitter

===========================================================

*akt-dbtest-svr. 119.226.101.130  3 u   46   64  377    0.191  -36.591  30.653

To synchronize manually with server

#ntpdate –u ntpserverip

Firewall setup

Update your firewall settings, open /etc/sysconfig/iptables.

vim /etc/sysconfig/iptables

-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 123 -j ACCEPT

Save and close the file. Finally, start ntpd:
# service ntpd start
# service iptables restart
# netstat -tulpn

Disk quota

#rpm –qa quota

#vim /etc/fstab

Add the below line in the corresponding disk quota required partition after defaults.

usrquota,grpquota

Example: LABLE=/home                 /home    ext4        defaults,usrquota,grpquota               1 2

#save and close

Or

#mount –o remount,usrquota,grpquota,rw /home

#mount | grep home – checking for usrquota,grpquota successfully added or not.

#mount -o remount /home – use only if you use the fstab entry method mentioned above

#quotacheck -cugm /home

The options for quotacheck are 

• -c Performs a new scan.
• -v Performs a verbose scan.
• -u Scans for user quotas.
• -g Scans for group quotas.
• -m Remounts the scanned filesystem

This will check the current quota information for all users, groups, and partitions. It stores this information in the appropriate quota partitions. Once the command is run, you should be able to find the aquota.user and aquota.group files in the configured directory.

or you can create these files manually

#touch /home/aquota.group

#touch /home/aquota.user

#quotaon –avug          - turn on the quota

#useradd Vinita

#passwd Vinita

#edquota Vinita – this # will open the vim editior

#set soft link to 50 ( is = 50 kB)

#hard link to 100 (is = 100 kb)

!so now the user Vinita can able to create the file or use the space only for  100Kb

Blocks : The amount of space in 1k blocks the user is currently usinginodes : The number of files the user is currently using.Soft Limit : The maximum blocks/inodes a quota user may have on a partition. The role of a soft limit changes if grace periods are used. When this occurs, the user is only warned that their soft limit has been exceeded. When the grace period expires, the user is barred from using additional disk space or files. When set to zero, limits are disabled.Hard Limit : The maximum blocks/inodes a quota user may have on a partition when a grace period is set.Users may exceed a soft limit, but they can never exceed their hard limit.

#edquota –T Vinita – to set the grace period of user

#in block grace type 10 days

#mount –o remount,rw /home

#repquota –a – check the quota is implemented successfully or not.

Now login from Vinita and create the blank file with specified size

#dd if=/dev/zero of=/home/vinita/test bs=1024 count=50

#dd if=/dev/zero of=/home/vinita/test1 bs=1024 count=100

home# du –h tes*

When user vinita run dd command first time to create a blank file more then 50 Mb she got an warning and the file was created. As she is allowed to exceed her soft limit for 10 days.

Second time she tried to create a file of 500 Mb. As you can see in image she was able only to create a file of 20 Mb. As she can not exceed her hard limit that is set to 100 inode.

In third time she is denied to use any more space as she have already crossed her hard limit.

You can verify the space of created file by du command with -h options.

After successfully completing your practical remove quota entry /etc/fstab

#quotaoff –auvg     - turn off the quota

Soft Limit	Disk space a user can use
Hard limit	Absolute limit a user can use
Grace Periods	Time duration till user can use hard limit space
1 inode	1 KB
dd	used to create a blank file of specific size
required RPM	quota-3.13-1.2.3.2.el5
/etc/fstab options	usrquota, grpquota
Quota files	aquota.user, aquota.group
Necessary command	mount, quotaon, quotacheck, edquota, quotaoff

LVM

LVM advantages:

Through these different types of logical-to-physical mappings, LVM can achieve four important advantages over raw physical partitions:

1. Logical volumes can be resized while they are mounted and accessible by the database or file system, removing the downtime associated with adding or deleting storage from a Linux server
2. Data from one (potentially faulty or damaged) physical device may be relocated to another device that is newer, faster or more resilient, while the original volume remains online and accessible
3. Logical volumes can be constructed by aggregating physical devices to increase performance (via disk striping) or redundancy (via disk mirroring and I/O multipathing)
4. Logical volume snapshots can be created to represent the exact state of the volume at a certain point-in-time, allowing accurate backups to proceed simultaneously with regular system operation

Basic LVM commands

Initializing disks or disk partitions

To use LVM, partitions and whole disks must first be converted into physical volumes (PVs) using the pvcreatecommand. For example, to convert /dev/hda and /dev/hdb into PVs use the following commands:

pvcreate /dev/hda

pvcreate /dev/hdb

If a Linux partition is to be converted make sure that it is given partition type 0x8E using fdisk, then use pvcreate:

pvcreate /dev/hda1

Creating a volume group

Once you have one or more physical volumes created, you can create a volume group from these PVs using thevgcreate command. The following command:

vgcreate  volume_group_one /dev/hda /dev/hdb

creates a new VG called volume_group_one with two disks, /dev/hda and /dev/hdb, and 4 MB PEs. If both/dev/hda and /dev/hdb are 128 GB in size, then the VG volume_group_one will have a total of 2**16 physical extents that can be allocated to logical volumes.

Additional PVs can be added to this volume group using the vgextend command. The following commands convert/dev/hdc into a PV and then adds that PV to volume_group_one:

pvcreate /dev/hdc

vgextend volume_group_one /dev/hdc

This same PV can be removed from volume_group_one by the vgreduce command:

vgreduce volume_group_one /dev/hdc

Note that any logical volumes using physical extents from PV /dev/hdc will be removed as well. This raises the issue of how we create an LV within a volume group in the first place.

Creating a logical volume

We use the lvcreate command to create a new logical volume using the free physical extents in the VG pool. Continuing our example using VG volume_group_one (with two PVs /dev/hda and /dev/hdb and a total capacity of 256 GB), we could allocate nearly all the PEs in the volume group to a single linear LV called logical_volume_onewith the following LVM command:

lvcreate -n logical_volume_one   --size 255G volume_group_one

Instead of specifying the LV size in GB we could also specify it in terms of logical extents. First we use vgdisplay to determine the number of PEs in the volume_group_one:

vgdisplay volume_group_one | grep "Total PE"

which returns

Total PE   65536

Then the following lvcreate command will create a logical volume with 65536 logical extents and fill the volume group completely:

lvcreate -n logical_volume_one  -l 65536 volume_group_one

To create a 1500MB linear LV named logical_volume_one and its block device special file/dev/volume_group_one/logical_volume_one use the following command:

lvcreate -L1500 -n logical_volume_one volume_group_one

The lvcreate command uses linear mappings by default.

Striped mappings can also be created with lvcreate. For example, to create a 255 GB large logical volume with two stripes and stripe size of 4 KB the following command can be used:

lvcreate -i2 -I4 --size 255G -n logical_volume_one_striped volume_group_one

It is possible to allocate a logical volume from a specific physical volume in the VG by specifying the PV or PVs at the end of the lvcreate command. If you want the logical volume to be allocated from a specific physical volume in the volume group, specify the PV or PVs at the end of the lvcreate command line. For example, this command:

lvcreate -i2 -I4 -L128G -n logical_volume_one_striped volume_group_one /dev/hda /dev/hdb

creates a striped LV named logical_volume_one that is striped across two PVs (/dev/hda and /dev/hdb) with stripe size 4 KB and 128 GB in size.

An LV can be removed from a VG through the lvremove command, but first the LV must be unmounted:

umount /dev/volume_group_one/logical_volume_one

lvremove /dev/volume_group_one/logical_volume_one

Note that LVM volume groups and underlying logical volumes are included in the device special file directory tree in the /dev directory with the following layout:

/dev/<volume_group_name>/<logical_volume_name>

so that if we had two volume groups myvg1 and myvg2 and each with three logical volumes named lv01, lv02,lv03, six device special files would be created:

/dev/myvg1/lv01

/dev/myvg1/lv02

/dev/myvg1/lv03

/dev/myvg2/lv01

/dev/myvg2/lv02

/dev/myvg2/lv03

Extending a logical volume

An LV can be extended by using the lvextend command. You can specify either an absolute size for the extended LV or how much additional storage you want to add to the LVM. For example:

lvextend -L120G /dev/myvg/homevol

will extend LV /dev/myvg/homevol to 12 GB, while

lvextend -L+10G /dev/myvg/homevol

will extend LV /dev/myvg/homevol by an additional 10 GB. Once a logical volume has been extended, the underlying file system can be expanded to exploit the additional storage now available on the LV. With Red Hat Enterprise Linux 4, it is possible to expand both the ext3fs and GFS file systems online, without bringing the system down. (The ext3 file system can be shrunk or expanded offline using the ext2resize command.) To resize ext3fs, the following command

ext2online /dev/myvg/homevol

After using lvextend command the file system also to be resized using below (umount is not neccessary)

   # resize2fs /dev/myvg/homevol

After using lvreduce command the file system also to be resized using below (umount is not neccessary)

#umount the lvm

# lvm vgchange -a y
# e2fsck -f /dev/VolGroup00/LogVol00
# resize2fs -f /dev/VolGroup00/LogVol00 10G
# lvreduce -L10G /dev/VolGroup00/LogVol00

(LVM size will be 10G)

CRON

Login form root and check system date, and run crontab command to schedule job

#date

#crontab –e

Field                                        Value

minute                                     0–59

hour                                         Based on a 24-hour clock; for example, 23 = 11 P.M.

day of month                          1–31

month                                      1–12, or jan, feb, mar, etc.

day of week                            0–7; where 0 and 7 are both Sunday; or sun, mon, tue, etc.

command                                The command you want to run

11  5  3  5  *  ls

This above line runs the ls command every May 3 at 5:11 A.M. The asterisk in the day of week column simply means that it does not matter what day of the week it is; crontab still runs the ls command at the specified time.

#crontab –e

50 21 14 02 * ls > /dev/tty2

In real life you do not have to restart cron every time you make a change because cron always checks for changes, But so far exams concern we suggest you to restart cron whenever you made change.

#service crond restart

Example:#

# Minute   Hour   Day of Month       Month          Day of Week        Command    

# (0-59)  (0-23)     (1-31)    (1-12 or Jan-Dec)  (0-6 or Sun-Sat)                

    0        2          12             *               0,6           /usr/bin/find

This line executes the "find" command at 2AM on the 12th of every month that a Sunday or Saturday falls on.

2.0         Examples

3.0             Setting Up cron for Users

Each user can use the crontab command to create and manage cron jobs for their own accounts. There are four switches associated with the crontab command:

• -u user Allows the root user to edit the crontab of another specific user.
• -l Lists the current entries in the crontab file.
• -r Removes cron entries.
• -e Edits an existing crontab entry. By default, crontab uses vi.

If you want to set up cron entries on your own account, start with the crontab -e command.

Two files are used to control the behavior of crond daemons

• /etc/cron.allow If present then only users those name are in this file can use crond daemons
• /etc/cron.deny If present then only user those name are in this file will not be able to use crond daemons apart from these user all other can use cron daemons
• If both files are not present then only root can access cron daemons