Remote server SSH login without password

SSH login without password

You want to use Linux and OpenSSH to automate your tasks.

Therefore you need an automatic login from host 172.19.7.xyz / user root (user of first server) to Host 172.19.7.acb / user root(user of second server). We don't want to enter any passwords, because we want to call ssh from a within a shell script.

How to do it

First log in on172.19.7.xyz as user root and generate a pair of authentication keys. Do not enter a passphrase:

Server01:~> ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/a/.ssh/id_rsa):

Created directory '/home/a/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/a/.ssh/id_rsa.

Your public key has been saved in /home/a/.ssh/id_rsa.pub.

The key fingerprint is:

3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A

Now use ssh to create a directory ~/.ssh as user root on 172.19.7.abc. (The directory may already exist, which is fine):

Server01:~> ssh root@172.19.7.abc mkdir -p .ssh

Server02's password:

Finally append a's new public key to root@172.19.7.abc:.ssh/authorized_keys and enter Sever02's password one last time:

Server01:~> cat .ssh/id_rsa.pub | ssh root@172.19.7.abc 'cat >> .ssh/authorized_keys'

Server02's password:

From now on you can log into 172.19.7.abc as root from 172.19.7.xyz as a without password:

Server01:~> ssh root@172.19.7.abc

A note from one of our readers: Depending on your version of SSH you might also have to do the following changes:

Put the public key in .ssh/authorized_keys2

Change the permissions of .ssh to 700

Change the permissions of .ssh/authorized_keys2 to 640

how to set Disk Quota:- This example shows to set it at /home.

[root@localhost ~]# vi /etc/fstab

 [root@localhost ~]# cat /etc/fstab

#

# /etc/fstab

# Created by anaconda on Wed Aug  6 22:20:17 2014

#

# Accessible filesystems, by reference, are maintained under '/dev/disk'

# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info

#

UUID=0bb45273-d0fc-4329-95cf-e3570ccfd7f3 /                       ext4    defaults        1 1

UUID=6f7c1a9e-2c79-473d-b0ed-ca2bd1e32157 /boot                   ext4    defaults        1 2

UUID=9d064cb9-23f2-4e37-9224-0355159f1fc4 /home                   ext4    defaults,usrquota    1 2

UUID=dfdb72be-04a8-4d35-aa70-1716ef66fb50 swap                    swap    defaults        0 0

tmpfs                   /dev/shm                tmpfs   defaults        0 0

devpts                  /dev/pts                devpts  gid=5,mode=620  0 0

sysfs                   /sys                    sysfs   defaults        0 0

proc                    /proc                   proc    defaults        0 0

 [root@localhost ~]#  rpm -qa | grep quota

quota-3.17-18.el6.x86_64

Ø  Although Red Hat supports quotas in the kernel by default but you can verify quota support from the kernel with the following command:

 [root@localhost ~]# grep -i config_quota /boot/config-`uname -r`

CONFIG_QUOTA=y

CONFIG_QUOTA_NETLINK_INTERFACE=y

# CONFIG_QUOTA_DEBUG is not set

CONFIG_QUOTA_TREE=y

CONFIG_QUOTACTL=y

Ø  You now need to remount the /home file system before the changes take effect.

[root@localhost ~]# mount -o remount /home/

 [root@localhost ~]# mount

/dev/vda2 on / type ext4 (rw)

proc on /proc type proc (rw)

sysfs on /sys type sysfs (rw)

devpts on /dev/pts type devpts (rw,gid=5,mode=620)

tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0")

/dev/vda1 on /boot type ext4 (rw)

/dev/vda5 on /home type ext4 (rw)

none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)

/tmp on /tmp type none (rw,bind)

/var/tmp on /var/tmp type none (rw,bind)

/home on /home type none (rw,usrquota)

none on /sys/kernel/config type configfs (rw)

sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)

gvfs-fuse-daemon on /root/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev)

[root@localhost ~]# quotacheck -um /home  # create quota file

[root@localhost ~]# quotaon -uv /home         # enable disk quota

/dev/vda5 [/home]: user quotas turned on

[root@localhost ~]# quotaon -p –a          #  show status

group quota on /home (/dev/vda5) is off

user quota on /home (/dev/vda5) is on

[root@localhost ~]# useradd ashwini

[root@localhost ~]# passwd ashwini

Changing password for user ashwini.

New password:

BAD PASSWORD: it is based on a dictionary word

BAD PASSWORD: is too simple

Retype new password:

passwd: all authentication tokens updated successfully.

[root@localhost ~]# edquota ashwini                     # set user quota to a user 'ashwini'

 [root@localhost ~]# repquota –a                            # show status

*** Report for user quotas on device /dev/vda5

Block grace time: 7days; Inode grace time: 7days

                        Block limits                File limits

User            used    soft    hard  grace    used  soft  hard  grace

----------------------------------------------------------------------

root      --      20       0       0              2     0     0

xguest    --      36       0       0              9     0     0

ashwini   --    1024   12000000 15000000             20     0     0

 [root@localhost ~]# useradd desiree

[root@localhost ~]# passwd desiree

Changing password for user desiree.

New password:

BAD PASSWORD: it is based on a dictionary word

BAD PASSWORD: is too simple

Retype new password:

passwd: all authentication tokens updated successfully.

[root@localhost ~]# edquota desiree     # set user quota to a user 'ashwini'

[root@localhost ~]# repquota –a             # show status

*** Report for user quotas on device /dev/vda5

Block grace time: 7days; Inode grace time: 7days

                        Block limits                File limits

User            used    soft    hard  grace    used  soft  hard  grace

----------------------------------------------------------------------

root      --      20       0       0              2     0     0

xguest    --      36       0       0              9     0     0

ashwini   --    5148   12000000 15000000             20     0     0

desiree   --      48   12000000 15000000             12     0     0

[root@localhost ~]# useradd mohan

[root@localhost ~]# passwd mohan

Changing password for user mohan.

New password:

BAD PASSWORD: it is based on a dictionary word

BAD PASSWORD: is too simple

Retype new password:

passwd: all authentication tokens updated successfully.

[root@localhost ~]# edquota mohan      # set user quota to a user ' mohan '

[root@localhost ~]# repquota –a             # show status

*** Report for user quotas on device /dev/vda5

Block grace time: 7days; Inode grace time: 7days

                        Block limits                File limits

User            used    soft    hard  grace    used  soft  hard  grace

----------------------------------------------------------------------

root      --      20       0       0              2     0     0

xguest    --      36       0       0              9     0     0

ashwini   --    5148  12000000 15000000            20     0     0

desiree   --      48  12000000 15000000             12     0     0

mohan     --      48   12000000 15000000            12     0     0

[root@localhost ~]# useradd devraj

 [root@localhost ~]# passwd devraj

Changing password for user devraj.

New password:

BAD PASSWORD: it is based on a dictionary word

BAD PASSWORD: is too simple

Retype new password:

passwd: all authentication tokens updated successfully.

[root@localhost ~]# edquota devraj       # set user quota to a user ' devraj '

[root@localhost ~]# repquota –a             # show status

*** Report for user quotas on device /dev/vda5

Block grace time: 7days; Inode grace time: 7days

                        Block limits                File limits

User            used    soft    hard  grace    used  soft  hard  grace

----------------------------------------------------------------------

root      --      20       0       0              2     0     0

xguest    --      36       0       0              9     0     0

ashwini   --    5148   12000000 15000000            20     0     0

desiree   --      48   12000000 15000000           12     0     0

mohan     --      48   12000000 15000000             12     0     0

devraj    --      48   12000000 15000000             12     0     0

[root@localhost ~]# useradd sriram

[root@localhost ~]# passwd sriram

Changing password for user sriram.

New password:

BAD PASSWORD: it is based on a dictionary word

BAD PASSWORD: is too simple

Retype new password:

passwd: all authentication tokens updated successfully.

[root@localhost ~]# edquota sriram                       # set user quota to a user ' sriram  '

[root@localhost ~]# repquota –a                             # show status

*** Report for user quotas on device /dev/vda5

Block grace time: 7days; Inode grace time: 7days

                        Block limits                File limits

User            used    soft    hard  grace    used  soft  hard  grace

----------------------------------------------------------------------

root      --      20       0       0              2     0     0

xguest    --      36       0       0              9     0     0

ashwini   --    5148  12000000 15000000            20     0     0

desiree   --      48  12000000 15000000             12     0     0

mohan     --      48   12000000 15000000            12     0     0

devraj    --      48   12000000 15000000             12     0     0

sriram    --      48   12000000 15000000             12     0     0





Note: 1 Block size is 4kb(4096) it's depends on file system size. 

Here 15000000 KB is 15GB and 12000000KB= 12GB

Linux Problem and Solution

Not Ablr to Do WInscp in /home folder.

Cannot create remote file '/home/DBD-Oracle-1.58.tar.gz.filepart'. 
Error message from server: 
Failure Request code: 3 
Abort Retry Skip Skip all Help

Here,  Inode table was full due to maximum number of file creation/rename/modification ( in terms of date, time) inside folder /home/MSDP_B25/csms/queue ( this folder which creating file)  after that /home does not have permission to go beyond  4122212 no of file.

Hence we have recreated /home file system and increased Inode tables from 4122212 to 30000820.

Now will not face any kind of problem which you were facing earlier.

Old Inode Table value for HOME partitions was.

[root@MSDP81 spool]# df -i

Filesystem            Inodes   IUsed   IFree IUse% Mounted on

/dev/mapper/VolGroup-lv_root

                     3276800  329997 2946803   11% /

tmpfs                 490370       3  490367    1% /dev/shm

/dev/vda1             128016      39  127977    1% /boot

/dev/mapper/VolGroup-lv_home

                     4177920 4177920       0  100% /home

New Inode Table value for HOME partitions

[root@MSDP81 ~]# df -i

Filesystem            Inodes   IUsed   IFree IUse% Mounted on

/dev/mapper/VolGroup-lv_root

                     3276800  330373 2946427   11% /

tmpfs                 490370       3  490367    1% /dev/shm

/dev/vda1             128016      39  127977    1% /boot

/dev/mapper/VolGroup-lv_home

                     30000832      12 30000820    1% /home

You have new mail in /var/spool/mail/root

Command to increase inodes.

mkfs -t ext4 -N <Number of INodes value which you want to increase> /dev/mapper/VolGroup-lv_home

Exmp:

1.  1.      First umount /home partition from file system.

2.    2.     mkfs -t ext4 -N 30000820 /dev/mapper/VolGroup-lv_home

Zombie Processes? Orphan process?

What are the Zombie Processes?

Note : Here number of Zombie Process is Zero.

On Unix and Linux systems, the zombie (or defunct) processes are dead processes that still apear in the process table, usually because of bugs and coding errors. A zombie process remains in the operating system and does nothing until the parent process determines that the exit status is no longer needed.

When does a process turn into a zombie?

Normally, when a process finishes execution, it reports the execution status to its parent process. Until the parent process decides that the child processes exit status is not needed anymore, the child process turns into a defunct or zombie process. It does not use resources and it cannot be schuduled for execution. Sometimes the parent process keeps the child in the zombie stateto ensure that the future children processes will not receive the same PID.

How to find and kill a zombie process:

You can find the zombie processes with ps aux | grep Z. The processes with Z in the STATE field are zombie processes:

$ ps aux | grep Z

How to kill a zombie process:

To kill a zombie process, find the zombie’s parent PID (PPID) and send him the SIGCHLD (17) signal: kill -17 ppid
I use this command to find a PPID: ps -p PID -o ppid

$  ps -p 20736 -o ppid

PPID

20735

$ kill -17 20735

Note: If you kill the parent of a zombie proceess, also the zombie process dies.

What are the Orphan Processes?

An Orphan Process is a process whose parent is dead (terminated). A process with dead parents is adopted by the init process.
When does a process become an orphan process?
Sometimes, when a process crashes, it leaves the children processes alive, transforming them into orphan processes. A user can also create a orphan process, by detaching it from the terminal.

How to find orphaned processes:
This command will not display only the orphaned processes, but all the processes having the PPID 1 (having the init process as it’s parent).

$ ps -elf | awk '{if ($5 == 1){print $4" "$5" "$15}}'

298 1 upstart-udev-bridge

302 1 udevd

438 1 /usr/sbin/sshd

[...]

Orphan processes use a lot of resources, so they can be easily found with top or htop. To kill an orphaned process, use kill -9 PID.

What are PID and PPID? / Child and Parent Process

What are PID and PPID?

If you have ever opened System Monitor or top you no doubt noticed a column named ID or PID containing a list of numbers. You might even see a value called PPID. What do these numbers mean?

Here is a short explanation of these Linux terms.

In Linux, an executable stored on disk is called a program, and a program loaded into memory and running is called a process. When a process is started, it is given a unique number called process ID (PID) that identifies that process to the system. If you ever need to kill a process, for example, you can refer to it by its PID. Since each PID is unique, there is no ambiguity or risk of accidentally killing the wrong process (unless you enter the wrong PID).

If you open top (in a terminal, type top and press enter), the PID column lists the process IDs of all processes currently loaded into memory regardless of state (sleeping, zombie, etc.). Both daemons (system processes) and user processes (processes you started either automatically or manually) have their own process IDs. The PIDs are not always assigned in numerical order, so it’s normal to see what appears to be a random selection of numbers.

init

One very important process is called init. init is the grandfather of all processes on the system because all other processes run under it. Every process can be traced back to init, and it always has a PID of 1. The kernel itself has a PID of 0.

What is the PPID?

In addition to a unique process ID, each process is assigned a parent process ID (PPID) that tells which process started it. The PPID is the PID of the process’s parent.

For example, if process1 with a PID of 101 starts a process named process2, then process2 will be given a unique PID, such as 3240, but it will be given the PPID of 101. It’s a parent-child relationship. A single parent process may spawn several child processes, each with a unique PID but all sharing the same PPID.

Why is the PPID Important?

Occasionally, processes go bad. You might try to quit a program only to find that it has other intentions. The process might continue to run or use up resources even though its interface closed. Sometimes, this leads to what is called a zombie process, a process that is still running, but dead.

One effective way to kill a zombie process is to kill its parent process. This involves using the ps command to discover the PPID of the zombie process and then sending a kill signal to the parent. Of course, any other children of the parent process will be killed as well.

pstree

pstree is a useful program that shows the relationship of all processes in a tree-like structure.

Give it a try to see how processes are arranged on your system. Processes do not float by themselves somewhere in memory. Each one has a reason for its existence, and a tree view helps show how it relates to others.

pstree supports options to adjust the output, so check man pstree for more details. Entering the following command lists the PID with each process and organizes processes by their ancestors (numerically) to show their relationship with each other.

pstree -pn

htop

For simpler process management and a better way to see how processes are organized, have a look at the program htop, which displays PID, optional PPID, process tree view, and much more information in glorious color!

Htop showing processes arranged in tree view along with PID and PPID.

RHVM Hypervisors Installation, Configuration and Administration

I  am Coming Very Soon.....................!!!!! On your Screen  :) :)

FTP server configuration in Linux

In this tutorial my ftp server ip and hostname are 192.168.1.200 and barunkumar88.com  respectively. I have already configured a local repository and i am gonna to install FTP from my local repository

Before proceed, stop the firewall.

[root@mainserver ~]# service iptables stop

iptables: Flushing firewall rules:                         [  OK  ]

iptables: Setting chains to policy ACCEPT: filter          [  OK  ]

iptables: Unloading modules:                               [  OK  ]

[root@mainserver ~]# service ip6tables stop

ip6tables: Flushing firewall rules:                        [  OK  ]

ip6tables: Setting chains to policy ACCEPT: filter         [  OK  ]

ip6tables: Unloading modules:                              [  OK  ]

[root@mainserver ~]# chkconfig iptables off

[root@mainserver ~]# chkconfig ip6tables off

[root@mainserver ~]#

Now let us install FTP service.

[root@mainserver ~]# yum install -y vsftpd

[root@mainserver ~]# Start vsftpd service.

[root@mainserver ~]# service vsftpd start

Starting vsftpd for vsftpd:                                [  OK  ]

[root@mainserver ~]#

Enable vsftpd in multi-user levels.

[root@mainserver ~]# chkconfig vsftpd on

Now edit the /etc/vsftpd/vsftpd.conf file. Uncomment and edit the lines in the vsftpd.conf file which are shown in bold.

[root@mainserver ~]# cat /etc/vsftpd/vsftpd.conf

# Example config file /etc/vsftpd/vsftpd.conf

#

# The default compiled in settings are fairly paranoid. This sample file

# loosens things up a bit, to make the ftp daemon more usable.

# Please see vsftpd.conf.5 for all compiled in defaults.

#

# READ THIS: This example file is NOT an exhaustive list of vsftpd options.

# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's

# capabilities.

#

# Allow anonymous FTP? (Beware - allowed by default if you comment this out).

anonymous_enable=NO

#

# Uncomment this to allow local users to log in.

local_enable=YES

#

# Uncomment this to enable any form of FTP write command.

write_enable=YES

#

# Default umask for local users is 077. You may wish to change this to 022,

# if your users expect that (022 is used by most other ftpd's)

local_umask=022

#

# Uncomment this to allow the anonymous FTP user to upload files. This only

# has an effect if the above global write enable is activated. Also, you will

# obviously need to create a directory writable by the FTP user.

#anon_upload_enable=YES

#

# Uncomment this if you want the anonymous FTP user to be able to create

# new directories.

#anon_mkdir_write_enable=YES

#

# Activate directory messages - messages given to remote users when they

# go into a certain directory.

dirmessage_enable=YES

#

# The target log file can be vsftpd_log_file or xferlog_file.

# This depends on setting xferlog_std_format parameter

xferlog_enable=YES

#

# Make sure PORT transfer connections originate from port 20 (ftp-data).

connect_from_port_20=YES

#

# If you want, you can arrange for uploaded anonymous files to be owned by

# a different user. Note! Using "root" for uploaded files is not

# recommended!

#chown_uploads=YES

#chown_username=whoever

#

# The name of log file when xferlog_enable=YES and xferlog_std_format=YES

# WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log

#xferlog_file=/var/log/xferlog

#

# Switches between logging into vsftpd_log_file and xferlog_file files.

# NO writes to vsftpd_log_file, YES to xferlog_file

xferlog_std_format=YES

#

# You may change the default value for timing out an idle session.

#idle_session_timeout=600

#

# You may change the default value for timing out a data connection.

#data_connection_timeout=120

#

# It is recommended that you define on your system a unique user which the

# ftp server can use as a totally isolated and unprivileged user.

#nopriv_user=ftpsecure

#

# Enable this and the server will recognise asynchronous ABOR requests. Not

# recommended for security (the code is non-trivial). Not enabling it,

# however, may confuse older FTP clients.

#async_abor_enable=YES

#

# By default the server will pretend to allow ASCII mode but in fact ignore

# the request. Turn on the below options to have the server actually do ASCII

# mangling on files when in ASCII mode.

# Beware that on some FTP servers, ASCII support allows a denial of service

# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd

# predicted this attack and has always been safe, reporting the size of the

# raw file.

# ASCII mangling is a horrible feature of the protocol.

ascii_upload_enable=YES

ascii_download_enable=YES

#

# You may fully customise the login banner string:

ftpd_banner=Welcome tobarunkumar88 FTP service.

#

# You may specify a file of disallowed anonymous e-mail addresses. Apparently

# useful for combatting certain DoS attacks.

#deny_email_enable=YES

# (default follows)

#banned_email_file=/etc/vsftpd/banned_emails

#

# You may specify an explicit list of local users to chroot() to their home

# directory. If chroot_local_user is YES, then this list becomes a list of

# users to NOT chroot().

#chroot_local_user=YES

#chroot_list_enable=YES

# (default follows)

#chroot_list_file=/etc/vsftpd/chroot_list

#

# You may activate the "-R" option to the builtin ls. This is disabled by

# default to avoid remote users being able to cause excessive I/O on large

# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume

# the presence of the "-R" option, so there is a strong case for enabling it.

ls_recurse_enable=YES

#

# When "listen" directive is enabled, vsftpd runs in standalone mode and

# listens on IPv4 sockets. This directive cannot be used in conjunction

# with the listen_ipv6 directive.

listen=YES

#

# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6

# sockets, you must run two copies of vsftpd with two configuration files.

# Make sure, that one of the listen options is commented !!

#listen_ipv6=YES

pam_service_name=vsftpd

userlist_enable=YES

tcp_wrappers=YES

use_localtime=YES

Now let us restart the vsftpd service and try to connect to ftp server.

[root@mainserver ~]# service vsftpd restart

Shutting down vsftpd:                                      [  OK  ]

Starting vsftpd for vsftpd:                                [  OK  ]

Connect to the ftp server.

Note: Root is not allowed to connect to ftp server by default for security purpose. So lets us create a new user calledbarunkumar88.

[root@mainserver ~]# useraddbarunkumar88

[root@mainserver ~]# passwdbarunkumar88

Changing password for userbarunkumar88.

New password:

BAD PASSWORD: it is based on a dictionary word

Retype new password:

passwd: all authentication tokens updated successfully.

Connet to FTP server using the new userbarunkumar88.

[root@mainserver ~]# ftp 192.168.1.200

-bash: ftp: command not found

[root@mainserver ~]#

Oops! ftp package is not installed. So let us install ftp package first.

[root@mainserver ~]# yum install -y ftp

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

Setting up Install Process

Resolving Dependencies

--> Running transaction check

---> Package ftp.i686 0:0.17-51.1.el6 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

================================================================================

 Package       Arch           Version                 Repository           Size

================================================================================

Installing:

 ftp           i686           0.17-51.1.el6           localrepo            55 k

Transaction Summary

================================================================================

Install       1 Package(s)

Total download size: 55 k

Installed size: 91 k

Downloading Packages:

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Warning: RPMDB altered outside of yum.

  Installing : ftp-0.17-51.1.el6.i686                                       1/1

  Verifying  : ftp-0.17-51.1.el6.i686                                       1/1

Installed:

  ftp.i686 0:0.17-51.1.el6                                                     

Complete!

[root@mainserver ~]#

Again connect to the FTP server.

[root@mainserver ~]# ftp 192.168.1.200

Connected to 192.168.1.200 (192.168.1.200).

220 Welcome tobarunkumar88 FTP service.

Name (192.168.1.200:root):barunkumar88

331 Please specify the password.

Password:

500 OOPS: cannot change directory:/home/barunkumar88

Login failed.

ftp>

It shows a error that the user cannot change to his $HOME directory. Type exit to return back from the ftp console and allow vsftpd daemon to change users into their $HOME directories. To do that update SELinux configuration using the command below.

[root@mainserver ~]# setsebool -P ftp_home_dir on

And finally connect to the FTP server.

[root@mainserver ~]# ftp 192.168.1.200

Connected to 192.168.1.200 (192.168.1.200).

220 Welcome to barunkumar88 FTP service.

Name (192.168.1.200:root):barunkumar88

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> pwd

257 "/home/barunkumar88"

ftp>

Its working now. You can use your FTP server.

Connect to FTP server using Filezilla from Client:

Download and install Filezilla client software to any one of the client systems. Open the Filezilla client and enter the username and password which we have created earlier and click connect.

Connect to FTP server via browser from the client:

Open the browser and navigate to ftp://192.1168.1.200. Enter the username and password which we created earlier.