Recently in Authentication Category

Automating SSH public key pushes to servers.

The code below uses Expect and SSH to create & permission the .ssh directory. Followed by SSH copying the local temp file as the authorized_keys file to the .ssh subdir on the target server .

Be sure to set StrictHostKeyChecking=no in the SSH client side config.

---

#!/usr/bin/perl

use strict;
use warnings;
use English;
use Expect;
use Net::Ping;

my $username = "USER";
my $password = "PASS";
my $homedir  = "\/export\/home\/$username";
my $ssh_dir  = "$homedir\/.ssh";
my $ssh_pub  = "
ssh-dss BLAH BLAH use your own public key file entry here.
";

if ( ! $ARGV[0] ) {
        print "$0  \n";
        exit
} 

my $host = "$ARGV[0]";
my $p 	 = Net::Ping->new();
if ( $p->ping($host) ) {
	print "Deploying public key to $host \n";
	create_ssh_dir();
	chmod_ssh_dir();
	push_ssh_key();
} else {
	print "Seems $host is not reachable \n";
}
$p->close();

sub create_ssh_dir {
my $ssh_cmd  = "/usr/bin/ssh $username\@$host 'mkdir $ssh_dir'";

my $timeout  = '5';
my $exp      = Expect->spawn($ssh_cmd) or die "Cannot spawn ssh command \n";
$exp->expect($timeout, ["Password:"]);
$exp->send("$password\n");
$exp->soft_close();
}

sub chmod_ssh_dir {
my $ssh_cmd  = "/usr/bin/ssh $username\@$host 'chmod 755 $ssh_dir'";

my $timeout  = '5';
my $exp      = Expect->spawn($ssh_cmd) or die "Cannot spawn ssh command \n";
$exp->expect($timeout, ["Password:"]);
$exp->send("$password\n");
$exp->soft_close();
}

sub push_ssh_key {
my $tmp_file  = "/tmp/authorized_keys.$$";
chomp $ssh_pub;

open  ( AUTHKEY, ">$tmp_file") || die ("Unable to create $tmp_file\n");
print AUTHKEY "$ssh_pub" . "\n";
close ( AUTHKEY );

my $scp_cmd  = "/usr/bin/scp $tmp_file $username\@$host:$ssh_dir/authorized_keys";

my $timeout = '5';
my $exp = Expect->spawn($scp_cmd) or die "Cannot spawn scp command \n";
$exp->expect($timeout, ["Password:"]);
$exp->send("$password\n");
$exp->soft_close();

unlink("$tmp_file");
}

Server: ldap.nyu.edu
Search Base: o=New York University, st=New York, c=US
Port: 389 
Scope: Subtree
        

http://docs.sun.com/source/816-6698-10/indexing.html

http://docs.sun.com/source/816-6697-10/indexing.html

http://docs.sun.com/source/816-6698-10/replicat.html

# mysql -u root -p SOMETHING
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 20
Server version: 5.0.77 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| movabletype        | 
| mysql              | 
+--------------------+
2 rows in set (0.01 sec)

mysql> use movabletype
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

mysql> select author_name, author_id from mt_author;
+-------------+-----------+
| author_name | author_id |
+-------------+-----------+
| admin       |         1 | 
+-------------+-----------+
1 row in set (0.00 sec)

mysql> update mt_author set author_password = encrypt('admin') where author_id = 1;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> quit
Bye

The following is from the Sun ONE Directory documentation. Syntax examples are below as well.

Sun ONE Directory Server 5.2 provides replication monitoring tools that allow you to monitor replication between servers. B eing able to monitor replication activity assists in identifying the causes of replication problems and troubleshooting. All of the Directory Server replication monitoring tools can be used when LDAPS is turned on.

The three replication monitoring tools are:
• insync
• entrycmp
• repldisc


For more information regarding these replication monitoring tools, refer to the Replication Monitoring Tools section of the Sun ONE Directory Server Reference Manual and for more information on the monitoring possibilities afforded to you by certain replication attributes, see the replication attributes in the Core Server Configuration Attributes chapter of the Sun ONE Directory Server Reference Manual.

entrycmp
The entrycmp tool compares the same entry on two or more different servers. An entry is retrieved from the master and the entry's nsuniqueid is used to retrieve the same entry from a specified consumer. All the attributes and values of the two entries are compared. If they are identical, the entries are considered to be the same.

cd /shared/bin
./entrycmp -s "cn=Directory Manager:PASSWORD@localhost:389" -c "cn=Directory Manager:PASSWORD@slave:389" "ou=people,dc=yada,dc=edu"

insync
The insync tool indicates the synchronization state between a master replica and one or more consumer replicas. insync compares the RUVs of replicas and displays the time difference or delay (in seconds) between the servers. Requesting the date of the last change and restricting the output data to the DN o=example.com:

cd /Sun/shared/bin
./insync -s "cn=Directory Manager:PASSWORD@localhost:389"

Dump the LDAP Schema using Perl

#!/usr/bin/perl

use strict;
use Net::LDAP;
use Net::LDAP::Schema;

my $ldap_host = "ldap-server.example.com";

my $ldap = Net::LDAP->new ( "$ldap_host", port =>389, version => 3 )
or die $!;

my $schema = $ldap->schema ( );

# dump to the screen
my $result = $schema->dump ();

# dump to a file
#my  $result = $schema->dump ( "/tmp/$ldap_host_schema.out" );

$ldap->unbind(  );

Sudoscript is a pair of Perl scripts (sudoscriptd/sudoshell) that provide an audited shell using sudo. SudoScript by Howard Owen can be found at http://www.egbok.com/sudoscript .

Here are my notes to configure SudoScript for Solaris 10.

1 - Update the setlogsock from "unix" to "stream" in sudoscriptd

#setlogsock 'unix';

setlogsock 'stream';

2 - /etc/shells does not exist on Solaris 10, create a /etc/shells file with the appropriate shells defined

/bin/sh

/bin/csh

/bin/ksh

/bin/bash

3 - Define the location of your sudo binary in Sudoscript.pm

#$self->{SUDO}="sudo";

$self->{SUDO}="/opt/sfw/bin/sudo";