SSH Cookbook: Temporarily Disable Security Message on Connection to a Remote Server

First off, DO NOT do this all the time. ONLY do this when you have evaluated the risks and decided to risk a security breach anyways. I usually do this in my testing environment where I get to work with a lot of new or changing VMs.

When you connect for the first time to a server you are prompted to verify its fingerprint. It is then added to your ~/.ssh/known_hosts file so when you connect the next time and the fingerprint matches you are not prompted again. For example:

The authenticity of host '192.168.1.22 (192.168.1.22)' can't be established.
RSA key fingerprint is 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00.
Are you sure you want to continue connecting (yes/no)?

This can be annoying when you connect to a lot of “new” SSH servers. It also doesn’t work in test environments where scripts need to continously connect to machines they have not connected to before and may not ever connect again. This can be even more annoying when the same IP is recycled between various test machines and your client machine does not connect because a known host’s fingerprint changed.

You can temporarily fingerprint matching at the time you are connecting:

ssh myuser@192.168.1.22 -o CheckHostIP=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null

You can also put this config in your ~/.ssh/config file so that you don’t need to provide these extra flags all the time:

Host myhost
    HostName 192.168.1.22
    Port 22
    User myuser
    AddressFamily inet
    CheckHostIP no
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null

Now when you connect to the server you will see a message similar to this one:

Warning: Permanently added '192.168.1.22' (RSA) to the list of known hosts.

It hasn’t actually added it to the known hosts file and that’s the beauty of it.

One last thing: DO NOT do this when connecting to machines you absolutely must trust. It’s alright to use this technique when connecting within a test lab environment, for example.

zypper Cookbook: Autoremove Packages and Remove Orphaned Packages

As I learned how to autoremove unnecessary packages as you remove a package and also how to identify orphaned packages, I marveled at the beauty of zypper and the excellent work of all its contributors. Not only does zypper have the functionality to do just about anything related to repos and packages, it has sensible online help right at your fingertips.

Before I show how to perform these two tasks this post is primarily about, let me show you two easy ways to figure out whether zypper can do what you want to do.

The first thing is global help on what is available with zypper.

zypper help

  Usage:
	zypper [--global-options]  [--command-options] [arguments]

  Global Options:
	--help, -h		Help.
	--version, -V		Output the version number.
	--promptids		Output a list of zypper's user prompts.
	--config, -c 	Use specified config file instead of the default.
	--userdata 	User defined transaction id used in history and plugins.
	--quiet, -q		Suppress normal output, print only error
				messages.
	--verbose, -v		Increase verbosity.
	--no-abbrev, -A		Do not abbreviate text in tables.
	--table-style, -s	Table style (integer).
	--rug-compatible, -r	Turn on rug compatibility.
	--non-interactive, -n	Do not ask anything, use default answers
				automatically.
	--non-interactive-include-reboot-patches
				Do not treat patches as interactive, which have
				the rebootSuggested-flag set.
	--xmlout, -x		Switch to XML output.
	--ignore-unknown, -i	Ignore unknown packages.

	--reposd-dir, -D 	Use alternative repository definition file
				directory.
	--cache-dir, -C 	Use alternative directory for all caches.
	--raw-cache-dir 	Use alternative raw meta-data cache directory.
	--solv-cache-dir 	Use alternative solv file cache directory.
	--pkg-cache-dir 	Use alternative package cache directory.

     Repository Options:
	--no-gpg-checks		Ignore GPG check failures and continue.
	--gpg-auto-import-keys	Automatically trust and import new repository
				signing keys.
	--plus-repo, -p 	Use an additional repository.
	--disable-repositories	Do not read meta-data from repositories.
	--no-refresh		Do not refresh the repositories.
	--no-cd			Ignore CD/DVD repositories.
	--no-remote		Ignore remote repositories.

     Target Options:
	--root, -R 	Operate on a different root directory.
	--disable-system-resolvables
				Do not read installed packages.

  Commands:
	help, ?			Print help.
	shell, sh		Accept multiple commands at once.

     Repository Management:
	repos, lr		List all defined repositories.
	addrepo, ar		Add a new repository.
	removerepo, rr		Remove specified repository.
	renamerepo, nr		Rename specified repository.
	modifyrepo, mr		Modify specified repository.
	refresh, ref		Refresh all repositories.
	clean			Clean local caches.

     Service Management:
	services, ls		List all defined services.
	addservice, as		Add a new service.
	modifyservice, ms	Modify specified service.
	removeservice, rs	Remove specified service.
	refresh-services, refs	Refresh all services.

     Software Management:
	install, in		Install packages.
	remove, rm		Remove packages.
	verify, ve		Verify integrity of package dependencies.
	source-install, si	Install source packages and their build
				dependencies.
	install-new-recommends, inr
				Install newly added packages recommended
				by installed packages.

     Update Management:
	update, up		Update installed packages with newer versions.
	list-updates, lu	List available updates.
	patch			Install needed patches.
	list-patches, lp	List needed patches.
	dist-upgrade, dup	Perform a distribution upgrade.
	patch-check, pchk	Check for patches.

     Querying:
	search, se		Search for packages matching a pattern.
	info, if		Show full information for specified packages.
	patch-info		Show full information for specified patches.
	pattern-info		Show full information for specified patterns.
	product-info		Show full information for specified products.
	patches, pch		List all available patches.
	packages, pa		List all available packages.
	patterns, pt		List all available patterns.
	products, pd		List all available products.
	what-provides, wp	List packages providing specified capability.

     Package Locks:
	addlock, al		Add a package lock.
	removelock, rl		Remove a package lock.
	locks, ll		List current package locks.
	cleanlocks, cl		Remove unused locks.

     Other Commands:
	versioncmp, vcmp	Compare two version strings.
	targetos, tos		Print the target operating system ID string.
	licenses		Print report about licenses and EULAs of
				installed packages.
	download		Download rpms specified on the commandline to a local directory.
	source-download		Download source rpms for all installed packages
				to a local directory.

Type 'zypper help ' to get command-specific help.

The second thing is the last line in the output of zypper help: how to get help on the commands available with zypper. For example, let’s lookup help for packages command.

zypper help packages

packages (pa) [options] [repository] ...

List all packages available in specified repositories.

  Command options:

-r, --repo   Just another means to specify repository.
-i, --installed-only      Show only installed packages.
-u, --uninstalled-only    Show only packages which are not installed.
    --orphaned            Show packages which are orphaned (without repository).
    --suggested           Show packages which are suggested.
    --recommended         Show packages which are recommended.
    --unneeded            Show packages which are unneeded.
-N, --sort-by-name        Sort the list by package name.
-R, --sort-by-repo        Sort the list by repository.

Lookie here now, we found a way to identify orphaned packages.

zypper packages --orphaned

Loading repository data...
Reading installed packages...
S | Repository | Name                          | Version   | Arch  
--+------------+-------------------------------+-----------+-------
i | @System    | openSUSE-release-livecd-gnome | 13.1-1.10 | x86_64

Go right ahead and remove the orphaned packages that offend you so.

We can go one step further and make sure any packages that only depend on the package you’re removing are also removed.

zypper help remove

remove (rm) [options]  ...

Remove packages with specified capabilities.
A capability is NAME[.ARCH][OP], where OP is one
of <, =, >.

  Command options:
-r, --repo     Load only the specified repository.
-t, --type            Type of package (package, patch, pattern, product).
                            Default: package.
-n, --name                  Select packages by plain name, not by capability.
-C, --capability            Select packages by capability.
    --debug-solver          Create solver test case for debugging.
-R, --no-force-resolution   Do not force the solver to find solution,
                            let it ask.
    --force-resolution      Force the solver to find a solution (even
                            an aggressive one).
-u, --clean-deps            Automatically remove unneeded dependencies.
-U, --no-clean-deps         No automatic removal of unneeded dependencies.
-D, --dry-run               Test the removal, do not actually remove.

We can remove, for example nodejs, and all its dependencies (that are not dependencies for any other package) this way:

sudo zypper remove --clean-deps nodejs

I hope by now you are as convinced as I am that zypper is not only functional but (gasp!) beautiful as well.

Transform GNOME Shell to behave like Unity

You can make GNOME Shell 3.10 look and behave sort of like Unity (Ubuntu 14.04). It’s not difficult but requires you to gather things from a lot of places. This in turn means you have yo trust a lot of individuals or teams to have done their part well for the whole to function well.

Here’s a checklist of modifications you may need to make and how to do them in openSUSE 13.1.

GNOME Shell Extensions

You’ll want to install these GNOME Shell extensions.

AppKeys – Use Super+number to activate applications.

Alt Tab Workspace – Configure Alt+Tab to work only on the windows in the current desktop.

Dash to Dock – Show the dock you see in the overview screen (when you hit the Super key) on your desktop.

Font

To get fonts working better than they do out of the box in openSUSE you need to install Infinality. You’ll need to log out and log back in for it to start working for you.

You may also want to install the Ubuntu Fonts. I prefer it over other Monospace fonts, although DejaVu Sans Mono is a close second for me.

Terminal

You need to do two things: (1) use Ubuntu Mono font at size 13; (2) use #3D0029 as your background color (it’s dark aubergine).

I use this for my PS1.

PS1='\n\n\u @ \[33[01;32m\]\h\[33[00m\] \[33[01;34m\][\w]\[33[00m\] $ '

Tweak Tool

You should install Tweak Tool. It’ll help you to configure many things in GNOME Shell that you otherwise won’t be able to. I have used it to configure the system-wide fonts thusly.

  • Window Titles – Ubuntu Medium 11
  • Interface – Ubuntu Light 11
  • Documents – Ubuntu Light 11
  • Monospace – Ubuntu Mono 11
  • Hinting – None
  • Antialiasing – Grayscale
  • Scaling Factor – 1.0

Thanks, too, to these resources: Dark Aubergine, Comment on reddit by zman0900, How to quickly configure superb subpixel hinted smooth fonts for openSUSE 12.3.

pkgsrc on Linux – Quickstart Guide

Do you want to try out pkgsrc on Linux? Here’s a quickstart guide (tested on Ubuntu 14.04). Of course, always refer to the pkgsrc guide for accurate information.

Get pkgsrc

Install prerequisities.

user@host [~] $ sudo apt-get install build-essential libncurses-dev

Create directory structure in your home directory.

user@host [~] $ mkdir ~/opt

user@host [~] $ cd ~/opt

You have two options for getting pkgsrc: (1) the official ways: by downloading a tar file and extracting it, or by using CVS; (2) by using git. The first way, by using a tar file, is this:

Download pkgsrc and extract.

user@host [~/opt] $ curl -O http://ftp.netbsd.org/pub/pkgsrc/stable/pkgsrc.tar.gz

user@host [~/opt] $ tar xvzf pkgsrc.tar.gz

The second way, to use git, is also easy. Jörg Sonnenberger has created a GitHub repo that automatically syncs with pkgsrc source.

user@host [~/opt] $ git clone https://github.com/jsonn/pkgsrc.git

I think I would prefer using git.

Install and Setup pkgsrc

Install pkgsrc.

user@host [~/opt] $ cd ~/opt/pkgsrc/bootstrap/

user@host [~/opt/pkgsrc/bootstrap] $ export SH=/bin/bash

user@host [~/opt/pkgsrc/bootstrap] $ ./bootstrap --unprivileged

Post install steps.

user@host [~/opt/pkgsrc/bootstrap] $ cat >> ~/pkg/etc/security.local << EOF
    if [ -x $HOME/pkg/sbin/pkg_admin ]; then
            $HOME/pkg/sbin/pkg_admin audit
    fi
    EOF

user@host [~/opt/pkgsrc/bootstrap] $ echo "export PATH=\$PATH:\$HOME/pkg/bin:\$HOME/pkg/sbin" >> ~/.bashrc

user@host [~/opt/pkgsrc/bootstrap] $ source ~/.bashrc

user@host [~/opt/pkgsrc/bootstrap] $ pkg_admin -K ~/pkg/var/db/pkg fetch-pkg-vulnerabilities

user@host [~/opt/pkgsrc/bootstrap] $ echo 'alias pkgupvuln="\$HOME/pkg/sbin/pkg_admin -K ~/pkg/var/db/pkg fetch-pkg-vulnerabilities >/dev/null 2>&1"' >> ~/.bash_aliases

If you used git to get pkgsrc then move on to the next section.

If you did not use git to get pkgsrc then this is the best way going forward. Install CVS and update pkgsrc.

user@host [~/opt/pkgsrc/bootstrap] $ cd ~/opt/pkgsrc/devel/scmcvs/

user@host [~/opt/pkgsrc/devel/scmcvs] $ echo "export CVSEDITOR=vim" >> ~/.bashrc

user@host [~/opt/pkgsrc/devel/scmcvs] $ echo "export CVS_RSH=ssh" >> ~/.bashrc

user@host [~/opt/pkgsrc/devel/scmcvs] $ source ~/.bashrc

user@host [~/opt/pkgsrc/devel/scmcvs] $ bmake install clean clean-depends

user@host [~/opt/pkgsrc/devel/scmcvs] $ cd ~/opt/pkgsrc

user@host [~/opt/pkgsrc] $ cvs up -dP

user@host [~/opt/pkgsrc] $ cd ~/opt/pkgsrc/devel/scmcvs/

user@host [~/opt/pkgsrc/devel/scmcvs] $ bmake update

user@host [~/opt/pkgsrc/devel/scmcvs] $ bmake clean clean-depends

Install Package

Let’s install golang.

user@host [~/opt/pkgsrc] $ cd ~/opt/pkgsrc/lang/go

user@host [~/opt/pkgsrc/lang/go] $ bmake install clean clean-depends

Update Package

Follow these steps when you want to update a package, say golang.

user@host [~] $ pkg_admin -K ~/pkg/var/db/pkg fetch-pkg-vulnerabilities

user@host [~] $ cd ~/opt/pkgsrc

If you used git:
user@host [~/opt/pkgsrc] $ git pull

If you didn’t use git: user@host [~/opt/pkgsrc] $ cvs up -dP

user@host [~/opt/pkgsrc] $ cd ~/opt/pkgsrc/lang/go

user@host [~/opt/pkgsrc/lang/go] $ bmake update

user@host [~/opt/pkgsrc/lang/go] $ bmake clean clean-depends

Delete Package

You can uninstall a package and all its dependencies that are not needed by any other package.

user@host [~] $ pkg_delete -R go

Blending Linux with BSD

The past 24 hours have been a revelation: there’s no need to be entrenched in one camp of free software. There’s a much wider world outside of any one camp. For example, if you think Ubuntu is Linux, think again. If you think Linux is the bastion of free software, think harder. Free software is all around us and it’s only us who choose not to see it.

I’ve been re-introduced (with a new perspective) to MacPorts. It’s a fascinating and remarkable way to install and use free software on your Mac OS X. I had tried it some years ago but it was just too slow on a spinning hard drive. On my MacBook Air it runs much better (some slowness still because of the nature of compiling source). But the world of possibility it opens is fantastic.

Today I re-remembered pkgsrc from NetBSD and looked into it a bit more. It, too, provides fantastic opportunity to blend (Net)BSD with your favorite Linux distro or even Mac OS X. Go ahead and read pkgsrc: my favorite non-root package manager on linux” and see how simple it can make someone’s life. This article seeded this notion of blending Linux with BSD to benefit any user.

Take this theoretical possibility. There’s a user who wants a Linux-based desktop/notebook OS with great hardware support, wide application availability, cheap-ish or free of cost, great community support, in-depth documentation, etc. Some distros that come to mind immediately include your favorite distro as well. Now let’s say this user chose Ubuntu 14.04 LTS. It is promised to be version-stable with support for 5 years. The user can stick with it for 5 years or can migrate to 16.06 in two years. But for the foreseeable future the user is stuck on the same version of some software unless the distro is upgraded as a whole or by using third-party packages. Although PPAs are available for a variety of software, including updated versions of programming languages like Python, they can be hit and miss in terms of packaging quality and support. An upstream developer cannot be expected to be well-versed in the nuances of Ubuntu packaging. So the overall experience may not be ideal.

A possible workaround is to use something like pkgsrc to obtain and use updated software on a distro meant to provide stability above all else. This distro could be CentOS or Debian or whatever. Turn the concept of a Linux distro on its head to be a more FreeBSD-like “core v apps” architecture. Continue to use your Linux distro and all its great features and packages. And when you need to move beyond its supplied packages to something newer or different use something like pksrc.

May your blending be fruitful.

Install Atom Editor in openSUSE

You’re better served if you read the official documentation: Linux build instructions. Then you should proceed with this post to get an idea of my experience installing Atom in openSUSE 13.1.

Install Prerequisites

Build stuff: sudo zypper install make gcc gcc-c++ glibc-devel libgnome-keyring-devel

node.js from Tumbleweed (to keep up with updates):

sudo zypper addrepo http://download.opensuse.org/repositories/devel:languages:nodejs/openSUSE_Tumbleweed/devel:languages:nodejs.repo

sudo zypper refresh

sudo zypper install nodejs

Configure npm to use Python 2: sudo npm config set python /usr/bin/python2 -g

Install git: sudo zypper install git

Get Source, Build, Install

mkdir ~/src && cd ~/src

Get the source: git clone https://github.com/atom/atom

cd ~/src/atom

For some reason you need to re-configure npm to use Python 2. Don’t ask why; it just worked for me and failed if I didn’t: sudo npm config set python /usr/bin/python2 -g

Build: script/build

Install: sudo script/grunt install

Create an atom.desktop file with the following contents: vim ~/.local/share/applications/atom.desktop

[Desktop Entry]
Type=Application
Encoding=UTF-8
Name=Atom
Comment=Atom editor by GitHub
Exec=/usr/local/bin/atom
Icon=/home/cg/.atom/atom.png
Terminal=false

Copy the icon image file to be used in the atom.desktop file: cp ~/src/atom/resources/atom.png ~/.atom

Now you are ready to start using Atom.

Install Sublime Text in openSUSE

I’ve been trying out the Sublime Text 3 Beta on openSUSE and Mac OS X and I like it so far. There are a few bugs, as expected, but it’s a great editor.

Head over to Sublime Text 3 Beta and download the 64-bit tarball (or 32-bit if that’s your environment).

Untar the file: tar xvjf sublime_text_3_*.tar.bz2

Since I’m the only user on the machine and a local install was fine for me I didn’t install it to /opt. Instead, I installed it to ~/bin. This meant I had to customize the install steps a little bit.

mv sublime_text_3/ ~/bin/

You also want to be able to run Sublime using your desktop environment’s menus and such. Copy the .desktop file to your local directory, changing paths as needed.

sed -e 's!Exec=/opt/sublime_text/sublime_text!Exec=$HOME/bin/sublime_text_3/sublime_text!g' -e 's!Icon=sublime-text!Icon=$HOME/bin/sublime_text_3/Icon/256x256/sublime-text.png!g' sublime_text.desktop > ~/.local/share/applications/sublime_text.desktop

I tried this successfully with Sublime Text 3 build 3059 on openSUSE 13.1.

Follow

Get every new post delivered to your Inbox.

Join 31 other followers