scp

scp or secure copy is probably the easiest of all the methods, its is designed as a replacement for rcp, which was a quick copy of cp with network funcationability.

scp syntax

scp [-Cr] /some/file [ more ... ] host.name:/destination/file

-or-

scp [-Cr] [[user@]host1:]file1 [ more ... ] [[user@]host2:]file2

Before scp does any copying it first connects via ssh. Unless proper keys are in place, then you will be asked for usernames. You can test if this is working by using ssh -v hostname

The -r switch is used when you want to recursively go through directories. Please note you must specify the source file as a directory for this to work.

scp encrypts data over your network connection, but by using the -C switch you can compress the data before it goes over the network. This can significantly decrease the time it takes to copy large files.

Tip: By default scp uses 3DES encryption algorithm, all encryption algorithms are slow, but some are faster than others. Using -c blowfish can speed things up.

What scp shouldn’t be used for:
1. When you are copying more than a few files, as scp spawns a new process for each file and can be quite slow and resource intensive when copying a large number of files.
2. When using the -r switch, scp does not know about symbolic links and will blindly follow them, even if it has already made a copy of the file. The can lead to scp copying an infinite amount of data and can easily fill up your hard disk, so be careful.

rsync

rsync has very similar syntax to scp:

rsync -e ssh [-avz] /some/file [ more ... ] host.name:/destination/file

-or-

rsync -ave ssh source.server:/path/to/source /destination/dir

rsync’s speciality lies in its ability to analyse files and only copy the changes made to files rather than all files. This can lead to enormous improvements when copying a directory tree a second time.

Switches:

-a Archive mode, most likely you should always keep this on. Preserves file permissions and does not follow symlinks.

-v Verbose, lists files being copied

-z Enable compression, this will compress each file as it gets sent over the pipe. This can greatly decrease time depending on what sort files you are copying.

-e ssh Uses ssh as the transport, this should always be specified.

Disadvantages of using rsync:
1. Picky syntax, use of trailing slashes can be confusing.
2. Have to remember that you are using ssh.
3. rsync is not installed on all computers.

tar

tar is usually used for achiving applications, but what we are going to do in this case is tar it then pipe it over an ssh connection. tar handles large file trees quite well and preserves all file permissions, etc, including those UNIX systems which use ACLs, and works quite well with symlinks.

the syntax is slightly different as we are piping it to ssh:

tar -cf – /some/file | ssh host.name tar -xf – -C /destination

-or with compression-

tar -czf – /some/file | ssh host.name tar -xzf – -C /destination

Switch -c for tar creates an archive and -f which tells tar to send the new archive to stdout.

The second tar command uses the -C switch which changes directory on the target host. It takes the input from stdin. The -x switch extracts the archive.

The second way of doing the transfer over a network is with the -z option, which compresses the stream, decreasing time it will take to transfer over the network.

Some people may ask why tar is used, this is great for large file trees, as it is just streaming the data from one host to another and not having to do intense operations with file trees.

If using the -v (verbose) switch, be sure only to include it on the second tar command, otherwise you will see double output.

Using tar and piping can also be a great way to transfer files locally to be sure that file permissions are kept correctly:

tar cf – /some/file | (cd /some/file; tar xf -)

This may seem like a long command, but it is great for making sure all file permissions are kept in tact. What it is doing is streaming the files in a sub-shell and then untarring them in the target directory. Please note that the -z command should not be used for local files and no perfomance increase will be visible as overhead processing (CPU) will be evident, and will slow down the copy.

Why tar shouldn’t be used:
1. The syntax can be hard to remember
2. It’s not as quick as to type scp for a small number of files
3. rsync will beat it hands down for a tree of files that already exist in the destination.

Remarque très constructive de Ludovic L.

« Le message Cirpack n’est pas un bug, mais un message de keepalive pour
le nat upd des routeurs des internautes (maintien de l’entrée nat entre
votre poste et le serveur free).
Bref … pour asterisk le patch est ceci :

éditer le fichier :  ./channels/chan_sip.c


e = ast_skip_nonblanks(e);
if (*e)
*e++ = ‘\0′;
e = ast_skip_blanks(e);
+               if (!strcasecmp(req->rlPart1, « Cirpack ») &&
+                   !strcasecmp(req->rlPart2, « KeepAlive ») &&
+                   !strcasecmp(e, « Packet »)) {
+                       /* Silently drop bogus Cirpack keepalive packets */
+                       return -1;
+               }
if (strcasecmp(e, « SIP/2.0″) ) {
ast_log(LOG_WARNING, « Bad request protocol
%s\n », e);
return -1;
…..

le signe (+) c’est les lignes à ajouter. »

en effet c’est bcp plus propre que la regle du parefeu

K, problem fixed with the help of our Internet Provider. Some steps where missing.

Here are what needs to be done in order to deactivate NAT on our speedtouch.

For example:

Public IP addess of our Router: 12.34.56.78

Public IP addresses availables for our company: 12.34.56.70 to 12.23.56.77

I will set the router address to 12.34.56.78 and our Linux server (Https, mail etc..) to 12.34.56.70 (mask 255.255.255.248 or /28)

- set Up the router like the usual way. Make sure it works.

- unplug DSL cable

- ppp ifdetach intf=Internet

- nat ifconfig intf=Internet translation=disabled

- ppp ifconfig intf=Internet unnumbered=enabled

- ip ipadd intf=LocalNetwork addr=12.34.56.78@28 addroute=enabled

- ppp ifattach intf=Internet

- saveall

- exit than reboot speedtouch.

On our Linux Server:

ifconfig eth2 12.34.56.70 netmask 255.255.255.248

route add default gw 12.34.56.78

Then, it works.

All Internet requests will be directly assigned to our public ip address 12.34.56.70 (for example extranet.mycompany.com), and it will directly go to our linux server.

Thanks for your forum. Informations here are incredibly interesting.

regards,

Laurent Blin

viaSpeedtouch Support Forum NZ – Open DMZ or disable NAT on 546 v6.

IPv6 met een SpeedTouch 516/546 (firmware v6)

Heb je net een mooie SixXS IPV6-in-IPv4 tunnel aangevraagd, werkt het niet (of alleen maar uitgaand)…

Zo werkt het wel (in dit voorbeeld is de IPv6 router 192.168.4.4):

:expr add name=ipv6 type=serv proto=41

:firewall rule add chain=forward_host_service name=SixXS serv=ipv6 state=enabled action=accept

:nat tmpladd intf=Internet type=nat outside_addr=0.0.0.1 inside_addr=192.168.4.4 protocol=6to4

:saveall

Klaar ben je!

viablog.keesmeijs.nl » Blog Archive » IPv6 met een SpeedTouch 516/546 (firmware v6).

Après quelques tâtonnements, voici la configuration contenue dans /etc/asterisk/sip.conf permettant à Asterisk d’accéder au service SIP offert par Freephonie :

[general]

defaultexpiry=1800

register => 0951727841:monsecret9@freephonie.net

dtmfmode=auto

[freephonie-out]

type=peer

host=freephonie.net

qualify=yes

username=0951727841

fromuser=0951727841

secret=monsecret

disallow=all

allow=alaw

Le codec G711 alaw est ma préférence personnelle : la qualité sonore avant tout en attendant G722. D’autes préférerons le libre et moderne speex ou l’universel gsm dont le rapport qualité/débit est meilleur.

Je parle de tâtonnements parce que j’ai au départ omis le contenu de la section [general] sus-citée. Le ‘register =>’ est toujours indispensable, mais dans le cas de Freephonie il faut également allonger le délai d’expiration par défaut pour accommoder les lenteurs de l’enregistrement auprès du serveur freephonie.net. Résultat lors d’une initiation de session SIP sans ces éléments de configuration, /var/log/asterisk/messages m’affichait ceci :

[Jun 2 23:10:30] NOTICE[13456] chan_sip.c: Peer ‘freephonie-out’ is now Reachable. (46ms / 2000ms)

[Jun 2 23:11:18] WARNING[13456] chan_sip.c: Received response: “Forbidden” from ‘”Jean-Marc Liotier” <sip:0951727841@81.57.93.188>;tag=as66e575c5′

Et vue par le salvateur Wireshark, la session SIP était comme suit :

81.57.93.188 212.27.52.5 Request: INVITE sip:0493498229@freephonie.net, with session description

212.27.52.5 81.57.93.188 Status: 100 Trying

212.27.52.5 81.57.93.188 Status: 403 not registered

81.57.93.188 212.27.52.5 Request: ACK sip:0493498229@freephonie.net

Avec la configuration ci-dessus, ces problèmes ont disparu. Il ne reste plus qu’à ajouter une route au contexte général dans /etc/asterisk/extensions.conf et vous pouvez émettre des appels. Un exemple simpliste mais fonctionnel qui routera vers Free tous les numéros commençant par zéro :

exten => _0.,1,Dial(SIP/freephonie-out/${EXTEN})

Seule mouche persistante dans le potage : les keepalives moisis transmis toutes les trois secondes par le Cirpack de Free – un bug de leur part connu depuis plus de deux ans. Free et/ou Cirpack ne font apparemment rien pour corriger ce défaut et le projet Asterisk a pour doctrine de ne pas accomoder les comportements déviants de ses pairs – les standards il n’y a que ça de vrai.

La solution pour ne plus entendre ce bavardage aussi déplorable qu’inoffensif à travers un lien de 17 Mb/s est probablement une simple règle iptablesque je publierai dès que je l’aurais mise au point. D’ici que les logs retrouvent la plénitude de leur silence originel il faudra se contenter de ‘grep -v’. Du côté de Wireshark le filtre d’affichage “!(data.data == 43:69:72:70:61:63:6b:20:4b:65:65:70:41:6c:69:76:65:20:50:61:63:6b:65:74:00:00:00:00:00:00:00:00)” restitue la lisibilité du dialogue.

via» Configuration Asterisk pour Freephonie en SIP – Le Comptoir de Sinhaladweepa.

error writing /proc/self/oom_adj: Operation not permitted

05.05.10 | G33keries, Tips

Si vous rencontrez cette erreur dans vos logs (auth.log) à l’intérieur d’un Container OpenVZ

1 auth.log: leela sshd[17009]: error writing /proc/self/oom_adj: Operation not permitted

Voici comment vous « débarasser » de cette erreur

Je l’ai rencontré sur la configuration suivante :

1 root@Leela:~# dpkg -l | grep openssh-server

2 ii openssh-server 1:5.1p1-5 secure shell server, an rshd replacement

1 root@Leela:~# cat /etc/issue.net

2 Debian GNU/Linux 5.0 (Lenny)

Il s’agit d’un bug, qui a été corrigé à partir de la version 1:5.4p1-1 par la communauté

En effet, il a été ajouté l’option SSHD_OOM_ADJUST, dans /etc/default/ssh

Cette option, lorsqu’on lui donne la valeur -17, permet de dire à oom de ne pas killer les processus SSH

Ce qui effectivement est bien utile

Sauf que dans le cas d’un Container OpenVZ, cela pose problème

Il vous reste donc 2 possibilités :

1. Modifier /etc/default/ssh ainsi :

1 root@Leela:~# cat /etc/default/ssh

2 # Default settings for openssh-server. This file is sourced by /bin/sh from

3 # /etc/init.d/ssh.

4

5 # Options to pass to sshd

6 SSHD_OPTS=

7

8 # OOM-killer adjustment for sshd (see

9 # linux/Documentation/filesystems/proc.txt; lower values reduce likelihood

10 # of being killed, while -17 means the OOM-killer will ignore sshd; set to

11 # the empty string to skip adjustment)

12 SSHD_OOM_ADJUST=

En laissant le paramètre vide, il n’y a plus de message d’erreur dans auth.log

2. Upgrader la version de openssh-server afin d’être >= 1:5.4p1-1

(J’ai choisi l’option 1)

That’all folks !

viaLord’s Lair » error writing /proc/self/oom_adj: Operation not permitted.

La dernière mise à jour de openssl corrompt Parallels Panel

ID article : 8338

Dernière vérification : Avr., 27 2010

Views:

S’APPLIQUE A:

Plesk 9.3 for Linux/Unix

Symptômes

La dernière mise à jour du pack openssl à partir de CentOS corrompt Parallels Panel 9.x. Les erreurs suivantes s’affichent dans le fichier /var/log/sw-cp-server/error_log lorsque le Panel essaie de démarrer :

2010-03-29 11:21:22: (log.c.75) server started

2010-03-29 11:21:22: (network.c.336) SSL: error:00000000:lib(0):func(0):reason(0)

2010-03-29 11:24:33: (log.c.75) server started

2010-03-29 11:24:33: (network.c.336) SSL: error:00000000:lib(0):func(0):reason(0)

2010-03-29 11:24:33: (log.c.75) server started

2010-03-29 11:24:33: (network.c.336) SSL: error:00000000:lib(0):func(0):reason(0)

2010-03-29 11:31:29: (log.c.75) server started

2010-03-29 11:31:29: (network.c.336) SSL: error:00000000:lib(0):func(0):reason(0)

2010-03-29 11:31:29: (log.c.75) server started

2010-03-29 11:31:29: (network.c.336) SSL: error:00000000:lib(0):func(0):reason(0)

Résultat : le Panel ne fonctionne pas.

Résolution

Il faut mettre à jour le moteur Web de Parallels Panel :

1. Téléchargez le pack approprié à l’aide de l’utilitaire wget. Exemple pour CentOS 5 x86 :

#wget -c http://kb.parallels.com/Attachments/12669/Attachments/sw-cp-server-1.0-6.201004011105.centos5.i386.rpm

Liste des packs résolus :

CentOS 5 x86

CentOS 5 x86_64

CentOS 4 x86

CentOS 4 x86_64

RHEL 4 x86

RHEL 4 x86_64

RHEL 5 x86

RHEL 5 x86_64

Fedora 11 x86

Fedora 11 x86_64

2. Installez le pack téléchargé. Exemple pour CentOS 5 x86 :

#rpm -Uhv sw-cp-server-1.0-6.201004011105.centos5.i386.rpm

Pièces jointes:

sw-cp-server-1.0-6.201004011137.rhel4.i386.rpm (405Ko)

sw-cp-server-1.0-6.201004011105.centos5.i386.rpm (419Ko)

sw-cp-server-1.0-6.201004011432.rhel5.i386.rpm (419Ko)

sw-cp-server-1.0-6.201004011137.centos43.x86_64.rpm (416Ko)

sw-cp-server-1.0-6.201004011432.rhel5.x86_64.rpm (424Ko)

sw-cp-server-1.0-6.201004011432.fc11.i386.rpm (427Ko)

sw-cp-server-1.0-6.201004011433.fc11.x86_64.rpm (433Ko)

sw-cp-server-1.0-6.201004011130.centos5.x86_64.rpm (425Ko)

sw-cp-server-1.0-6.201004011235.rhel4.x86_64.rpm (416Ko)

sw-cp-server-1.0-6.201004011137.centos42.i386.rpm (405Ko)

viaKB Parallels : La dernière mise à jour de openssl corrompt Parallels Panel.

install

apt-get install alien fakeroot

fakeroot alien -k kernel-2.6.27-chistyakov.1.x86_64.rpm

sudo dpkg -i kernel_2.6.27-chistyakov.1_amd64.deb

sudo update-initramfs -c -k 2.6.27-chistyakov.1

sudo update-grub


uninstall

sudo dpkg -r kernel

sudo rm -fr /lib/modules/2.6.27-chistyakov.1

sudo update-initramfs -d -k 2.6.27-chistyakov.1

sudo update-grub


viaInstall kernel from rpm on debian - OpenVZ Wiki.

MySQL: “Table ‘mysql.plugin’ doesn’t exist” after MySQL Upgrade

Posted on Wednesday, December 1, 2010 by Matti

After running a MySQL upgrade, you can run into the following problem which prevents you from starting MySQL successfully.

101126 10:29:53 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql

101126 10:29:53 [Note] Plugin ‘ndbcluster’ is disabled.

/usr/libexec/mysqld: Table ‘mysql.plugin’ doesn’t exist

101126 10:29:53 [ERROR] Can’t open the mysql.plugin table. Please run mysql_upgrade to create it.

101126 10:29:53 InnoDB: Started; log sequence number 1 3337694676

101126 10:29:53 [ERROR] Can’t open and lock privilege tables: Table ‘mysql.servers’ doesn’t exist

101126 10:29:53 [ERROR] Column count of mysql.db is wrong. Expected 22, found 20. Created with MySQL 50045, now running 50153. Please use mysql_upgrade to fix this error.

101126 10:29:41 InnoDB: Shutdown completed; log sequence number 1 3337694676

This is a real chicken and egg problem. To fix the problem, we need to run mysql_upgrade, but in order to run that command, MySQL needs to be functioning. And it won’t do that, until mysql_upgrade is run. Humpf.

It’s most commonly caused by an old my.cnf config file, which could be solved like this.

# cp /etc/my.cnf /etc/my.cnf_backup

# cp /etc/my.cnf.rpmnew /etc/my.cnf

# /etc/init.d/mysqld start

The reason is because in MySQL 5.0, a config variable named “skip-bdb” would exist in the my.cnf, which was removed in MySQL 5.1. Alternatively, you could comment out the “skip-bdb” parameter in the my.cnf, and try restarting MySQL. A bugreport has already been filed.

After which you need to run the mysql_upgrade.

# mysql_upgrade -u <user> -p

Alternatives to check, if the above does not work, is:

Are all files in /var/lib/mysql (or whatever your MySQL datadir is), owned by mysql?

Are there old logfiles in /var/lib/mysql named “ib_logfile0″ or “ib_logfile1″? If so; rename them, and try restarting MyS

viaMySQL: “Table ‘mysql.plugin’ doesn’t exist” after MySQL Upgrade ~ Mattias Geniar.