SSH – No Jumbo Frames for you!

Posted on May 2nd, 2014 in Internet & Networking, Linux/Unix | No Comments »

Ah Jumbo frames, the Power, the Speed, the pure goodness of MTU=9000 – well, not so fast if you want a stable SSH experience across the internet.

Here’s what I found; Debian + Jumbo Frames + AT&T Uverse = intermittent, hangs on terminal and SFTP sessions while remotely connected. Recently, I built a new Debian based (Actually, Linux Mint DE) system for the house that I plan to expose port 22 on for remote shell access. I know, pretty common stuff. During the setup of the OS, I started playing around with the MTU size, figuring like my FreeNAS box I should boost the value up from the base 1500 size. I made the config change, everything worked great – at least while I was on the LAN.

So the next week comes and I’m working down in Houston – I fire up an ssh session back to the Debian box, I connect without any problem, but then discover I can’t reliably issue even simple commands like “ls” without the session locking up, stalling, or just “hanging” there. But since the connection does not drop all together, I start troubleshooting other connection issues. It’s not till I SFTP to the box (also a port 22 action) that I begin to suspect something in the Debian side, rather then my client connectivity. My SFTP session, just like the terminal was able to connect and sustain a connection, but after maybe on directory refresh would “pause” or “hang” and exhibit the same type of behavior as the command line session.

Mulling all this over, I did the only logical thing an IT Pro would do…. Roll back my changes, setting the MTU back to the default 1500. And like-a-magic remote ssh traffic is back to normal.  So friends – learn from my greedy frame size experience.

Hey Apple – Where’s the stinkin’ .Profile?

Posted on March 12th, 2014 in Apple, Linux/Unix | No Comments »

So after a multi-year hiatus from living daily in the OSX world, I recently could resist the “Shinny” no longer; I broke down and purchased a MacBook Pro. Just as with every Apple product I’ve used through the years, this new rMBP 13” is a wonderful piece of hardware. But Apple’s consistently sublime hardware is not the subject of this post, but rather the software – OSX 10.9 Mavericks to be specific.

While I’ve been away form the Mac ecosystem (Snow Leopard days), many things have changed – The App Store, death of physical media, the hard drive displaying by default on the Finder’s desktop, I could go on. But one thing that has remained true as the north star is OSX’s Unix underpinnings, and where there is Unix – there is a Terminal.

As someone who’s idea of making a computer useful requires, regardless how pretty the GUI is, there is always a CMD.exe or Terminal shortcut overtly located on the desktop – you can be sure getting down to the command line on my new notebook was a top priority. With Terminal prominently situated on my dock I was ready to work – or so I thought until I started barking some of my favorite Linux/BSD commands at the window.

What the heck? No “ll” alias? And what about my other favorite behaviors? Ok, ok – surely I just need to modify the .profile (hidden file in the home folder of many *nix systems that defines the CLI’s operation.)  From the command line, I issue a “ls -al” to show me the hidden “.” files, and sure enough – no “.profile” – great, I’ll just grab one of my linux ones and be good to go. Right? Wrong!

Meet the .bash_profile file

After a little bit of digging online, I found some docs referring to the .bash_profile. Interestingly, on my fresh OSX 10.9 Mavericks build this file does not exist, not even an empty one.  So if you, like I, desire more customized control over your Terminal experience – feel free to create a .bash_profile and then use my template below to populate it. Consider it a soup starter, and you an mix in your favorite changes – Enjoy.

#     SET ENV
#   ------------------------------------------------------------
export PATH="/usr/local/:$PATH"
#
#   Set Default Editor (change 'Nano' to the editor of your choice)
#   ------------------------------------------------------------
export EDITOR=/usr/bin/nano
#
#   Set default blocksize for ls, df, du
#   ------------------------------------------------------------
export BLOCKSIZE=1k
#
#   Add color to terminal
#   ------------------------------------------------------------
export CLICOLOR=1
export LSCOLORS=ExFxBxDxCxegedabagacad
#
#   -----------------------------
#     TERMINAL
#   -----------------------------
#
alias shome='ssh eric@xxx.yyy.xxx'          # quick SSH shortcut
alias cp='cp -iv'                           # Preferred 'cp' implementation
alias mv='mv -iv'                           # Preferred 'mv' implementation
alias mkdir='mkdir -pv'                     # Preferred 'mkdir' implementation
alias ll='ls -FGlAhp'                       # Preferred 'ls' implementation
alias less='less -FSRXc'                    # Preferred 'less' implementation
cd() { builtin cd "$@"; ll; }               # Always list directory contents upon 'cd'
alias f='open -a Finder ./'                 # f:            Opens current directory in MacOS Finder
alias ~="cd ~"                              # ~:            Go Home
alias c='clear'                             # c:            Clear terminal display
alias path='echo -e ${PATH//:/\\n}'         # path:         Echo all executable Paths
alias show_options='shopt'                  # Show_options: display bash options settings
alias fix_stty='stty sane'                  # fix_stty:     Restore terminal settings when screwed up
alias cic='set completion-ignore-case On'   # cic:          Make tab-completion case-insensitive
mcd () { mkdir -p "$1" && cd "$1"; }        # mcd:          Makes new Dir and jumps inside
trash () { command mv "$@" ~/.Trash ; }     # trash:        Moves a file to the MacOS trash
ql () { qlmanage -p "$*" >& /dev/null; }    # ql:           Opens any file in MacOS Quicklook Preview
alias DT='tee ~/Desktop/terminalOut.txt'    # DT:           Pipe content to file on MacOS Desktop
#
#   lr:  Full Recursive Directory Listing
#   ------------------------------------------
alias lr='ls -R | grep ":$" | sed -e '\''s/:$//'\'' -e '\''s/[^-][^\/]*\//--/g'\'' -e '\''s/^/   /'\'' -e '\''s/-/|/'\'' | less'
#
#   ---------------------------
#     PROCESS MANAGEMENT
#   ---------------------------
#
#   findPid: find out the pid of a specified process
#   -----------------------------------------------------
#       Note that the command name can be specified via a regex
#       E.g. findPid '/d$/' finds pids of all processes with names ending in 'd'
#       Without the 'sudo' it will only find processes of the current user
#   -----------------------------------------------------
findPid () { lsof -t -c "$@" ; }
#
#     Find memory hogs
#   -----------------------------------------------------
alias memhogstop='top -l 1 -o rsize | head -20'
alias memhogsss='ps wwaxm -o pid,stat,vsize,rss,time,command | head -10'
#
#   cpuhogs:  Find CPU hogs
#   -----------------------------------------------------
alias cpu_hogs='ps wwaxr -o pid,stat,%cpu,time,command | head -10'
#
#   topforever:  Continual 'top' listing (every 10 seconds)
#   -----------------------------------------------------
alias topforever='top -l 9999999 -s 10 -o cpu'
#
#   ttop:  Recommended 'top' invocation to minimize resources
#   ------------------------------------------------------------
#       Taken from this macosxhints article
 #       http://www.macosxhints.com/article.php?story=20060816123853639
#   ------------------------------------------------------------
alias ttop="top -R -F -s 10 -o rsize"
#
#   my_ps: List processes owned by my user:
#   ------------------------------------------------------------
my_ps() { ps $@ -u $USER -o pid,%cpu,%mem,start,time,bsdtime,command ; }

#
#   ---------------------------
#     NETWORKING
#   ---------------------------
#
alias myip='curl ip.appspot.com'                    # myip:         Public facing IP Address
alias netcons='lsof -i'                             # netCons:      Show all open TCP/IP sockets
alias flushdns='dscacheutil -flushcache'            # flushDNS:     Flush out the DNS Cache
alias lsock='sudo /usr/sbin/lsof -i -P'             # lsock:        Display open sockets
alias lsocku='sudo /usr/sbin/lsof -nP | grep UDP'   # lsockU:       Display only open UDP sockets
alias lsockt='sudo /usr/sbin/lsof -nP | grep TCP'   # lsockT:       Display only open TCP sockets
alias ipinfo0='ipconfig getpacket en0'              # ipInfo0:      Get info on connections for en0
alias ipinfo1='ipconfig getpacket en1'              # ipInfo1:      Get info on connections for en1
alias openports='sudo lsof -i | grep LISTEN'        # openPorts:    All listening connections
alias showblocked='sudo ipfw list'                  # showBlocked:  All ipfw rules inc/ blocked IPs

Run-away Samba Logs from Hell!

Posted on January 5th, 2012 in Internet & Networking, Linux/Unix | No Comments »

I recently encountered a problem on a Linux/Samba server – A full root drive. Much to my surprise I found that a single file was consuming over 80 Gigs – Hu?! Turns out the culprit was a log.XXXX.old file generated by the Samba process.

These potentially high growth log files live in the /var/log/samba directory. While supposedly limited in size growth by the “max log size = XX” setting in the smb.conf file, I learned the hard way that this file size limitation does not apply to the .old archive of the live file. After the current active log file reaches the size determined by the max log size setting, the contents are appended onto an ever expanding log.XXXX.old file.

So what are the options to mitigate or manage these files? Of course as admins we should always be more proactive in managing and monitoring our systems logs and diagnostics – but there are only so many hours in a day. To that end I’m researching methods of log suppression. So far all my digging indicates that a “log level = 0” should cease all logging, but this does not appear to be the case as I see individual machine connection error logs continuing to generate.

So for now the symptom of a large log file has been identified, but the root cause as to why/how this file expanded remains a mystery.

Text is Best and other Remote Access Tricks

Posted on October 18th, 2011 in Linux/Unix, Windows | No Comments »

No no, that’s not “txt” as in OMG – LOL – BFD txting; but rather my return to the romance of the CLI. Don’t get me wrong – I never stopped appreciating the unadulterated power of the command line, it’s just taken my need to leverage outbound SSH from multiple locked down networks to fully embrace the simple elegance of my home server ala putty.

Challenge – IMAP access from a restricted network

As I’m increasingly, “taking my show on the road”, I sometimes find myself in work enviormnets with limited, blocked or proxy access to the outside world (DAMN you PROXY!! – but that is a topic for another day.) Solution, get connected to my home server and connect to fire-walled resources from there. On a recent engagement I found that while most outbound traffic was allowed, IMAP was not. Web and SSH were being passed however; so in concept, the solution is basic enough – make an SSH connection to my home server, and run an IMAP client from there.

Already having an Mint Linux server (loves me some Mint), setup primarily for file serving, I simply opened SSH port 22 to the outside world. After connecting via Putty I required a textual mail client that would support IMAP. I’ll be honest, it’s been years since I’ve used PINE, so I was a bit unaware of what other CLI email clients are out there – fortunately I discovered “MUTT” – http://mutt.sourceforge.net/

Mutt can be a bit intimidating. While easy to install, like most Debian packages (sudo apt-get install mutt), the “Devil in the details”, is the not included by default, .muttrc config file. Yes you can read the project wiki or grab a sample one from others, but I found a web based automated builder tool – http://www.muttrcbuilder.org/ – it does the trick quite nicely, just add your custom elements and bingo. Within a few minutes I was able to check and clear mail with no client side setup other then establishing an SSH session – pretty slick!

Challenge – Secure VNC access of the Internet

So let’s say you only have that same SSH connection, but you need more visual goodness then a CLI email client can provide? Sounds like a you want a VNC connection – but how unsafe would that be to run over the Internet? Enter VNC (Port 5900) Tunneling via Putty.

First, launch Putty and enter the address you would like to connect to via SSH. Before establishing a session, look on the left hand side, you will see various configuration options. Expand the categories -> Connection -> SSH -> Tunnels. Select Tunnels add the following information under add new forwarded port:

Source Port 5900
Destination Port 127.0.0.1:5900

Now establish your SSH connection (Login), once connected open your VNC client and point the host back at your local machine – 127.0.0.1 and Bonus you’re all set.

So regardless your UI preference there’s an SSH solution out there for you – Enjoy!

A Return to Consulting

Posted on October 10th, 2011 in General, News & Updates | No Comments »

As regular readers might know, this space has been a bit underutilized in the past couple of years – yes I did say YEARS. But I’m pleased to report that with a career change in the past month I again find myself back in the IT consulting field. And it is a welcome change indeed – there is nothing like the thrill of new customers, projects and technologies to keep the mind sharp and provide plenty to write about. I look forward to sharing more in the months to come – see you back on the road!

FOG you, Ghost

Posted on February 18th, 2009 in Internet & Networking, Linux/Unix, Windows | No Comments »

Some of you who follow my twitter ramblings know that I recently completed an evaluation of Ghost Solution Suite vs FOG for a major system cloning project we have at work. Below are my final findings and recommendation that lead our organization to select the Open Source package FOG over our existing Symantec product. Please note, that we were already using Ghost Solution Suite version 1.0 not the most recent 2.5. Therefore this evaluation is really weighing whether to upgrade to 2.5, stay on 1.0 or migrate to FOG.

To FOG or not to FOG, that is the question?

So I’ve spent most of the day evaluating Ghost Solution Suite to better understand just what capabilities it offers. I’m ready to report those findings, and I’ll say upfront, while I don’t want this to appear like a “bash fest” it might start to sound that way. None-the-less, here is what I’ve found in several key areas we should consider.

Manageability: Ghost uses a tried and true File Based Image management system, accessed behind an MMC plugin. The MMC does appear to offer remote capabilities, so once this tool is loaded on a third machine you can access the server remotely. This model is similar to the SAV 10 and below model (a model that has been discontinued in favor of a Java approach beginning with SAV 11. It is also worth pointing out that this MMC model precludes access from any clients other then Windows. FOG utilizes a Web browser access front end atop a database driven model, therefore any computer with a browser can manage the cloning server.

Manageability Advantage: Neither

Platform Support: Ghost really starts to show its age here, OS support only extends up to XP in the core product and only up to Windows 2000 for the accompanying 3Com PXE services (more about these below.) Since there are no patches for version 1.0 the only recourse for additional OS and File systems would be to purchase an upgrade to the a newer version. While Vista support is not key to us now, at some point we will need to migrate to Vista or Win 7, both of which use a newer version of NTFS than XP. FOG presently supports Vista, and has a track record of regular updates.

Platform Support Advantage: FOG

Hardware / Network Interoperability: Since Ghost 1.0 is already a few years old it suffers from a lack of current H/W and NIC support. This is compounded by the fact that it outsourced the PXE Network Boot tasks to an OEM software package from 3Com, which was even older then Ghost. 3Com Boot Services 1.02 is so old it does not officially support Windows XP, just up to 2000. On top of this, the built in Ghost method for adding network cards is NDIS driver based, meaning that if we are imaging a system with a new / different model NIC, the driver must be found for it and then a custom boot image must be loaded on a USB or DHCP/PXE server for each different NIC. Compared to the FOG methodology where a single generic Linux kernel is pushed out, that then has custom behavior on a system by system basis – there is no comparison.

Hardware / Network Interoperability Advantage: FOG

Inventory Functionality: Unlike FOG, Ghost has no H/W level inventorying system. Since FOG treats each piece of hardware it encounters as a unique record (ala the NICs MAC address) in a MySQL DB, it provides detailed hardware level reporting, independent of the image loaded on the system.

Inventory Functionality Advantage: FOG

Training and Learning Curve: Perhaps the strongest argument in favor of Ghost is its familiarity. It has been in place here for some time and running atop a consistent Windows interface makes it operator friendly. FOG is a Linux only application and therefore some training will be necessary. This should be minimal as all management is web based and with PXE Netbooting on clients, there is no requirement, once the server is operational, for any deep Linux knowledgebase.

Training and Learning Curve Advantage: Ghost

Licensing and Cost: Since it is possible that Ghost 2.5 (the current version) addresses many of the current versions shortcomings, price does come into the picture, as we would be required to get on support or worst case re-purchase the whole product. Comparatively FOG is bound by its GPL 3 license to always exist in a free and open form. FOG’s version history goes back 25 steps right now, and there is no indication that the project will soon be discontinued.

Licensing and Cost Advantage: FOG

Conclusion

Given the overwhelming feature superiority of the Open Source package, FOG, and it’s low barrier of entry, financially and in training, I’m confident in recommending we migrate from Ghost to FOG.

Revenge of the Windows 7 SKUs

Posted on February 3rd, 2009 in Business & Industry, Windows | No Comments »

Just when you thought it was safe to Install the greatly simplified Windows 7…. Oh not so fast! ZD Net is reporting there will be at least six flavors available:

Windows 7 Starter Edition (for emerging market and netbook users)
Windows 7 Home Premium (the main “Media Center” equivalent)
Windows 7 Home Basic (for emerging market customers only)
Windows 7 Professional (the business SKU for home users and non-enterprise licensees)
Windows 7 Enterprise (for volume licensees)
Windows 7 Ultimate (for consumers who want/need business features)

Additional reading on this subject can be found at….

Dwight Silverman’s reporting on Microsoft’s many SKU’s and his experience loading Windows 7 on Netbooks.

Story from Engadget, complete with Screen Shot.

Change is the name of the Game

Posted on November 11th, 2008 in Business & Industry, Tech & Science | No Comments »

While my blog postings tend to avoid anything political, I can not help but to mull over what the next four years of a new administration mean for the tech world.

Throughout the campaigns virtually all the candidates exploited the power and reach of technology, from Ron Paul to Hillary Clinton. Whether via SMS or Web 2.0, there is no doubt that this (finally) was the year that the Internet and mobile devices really played a part in the outcome of a national election.

President Elect Barack Obama’s campaign got this from the start. The web, with its host of social networking sites and viral videos, was a game changer for Obama. Barack Obama and his supporters found a direct and pointed way to connect with our fast paced cyber enabled lifestyles.

Truly remarkable is the way that people opted in for this digital content. Regardless of how you voted, there is an eagerness among citizens nationwide to see if this spirit of transparency, immediacy and connectedness will be a hallmark of the comming administration. Are we witnessing the perfect nexus of technology and politics? Has the Internet matured to the point where it is a reliable, and in some cases the primary from of communication for citizens of the United States of America? (read: reached critical mass of mainstream users.)

An encouraging indicator of this is the newly launched http://www.change.gov/ web site. If there was such a site back during the Clinton to Bush transition, I never saw it. And it’s not a partisan observation to say this has less to do with politics and more to do with evolving technologies and the mainstream adoption, no make that expectation, of web communication vehicles.

I for one am very hopeful that technology initiatives like this and others we saw during the campaigns are the beginning of a more interactive form of government – perhaps one by the people, for the people and of the people.

VMWare Goodness – no make that Greatness!

Posted on October 2nd, 2008 in Business & Industry, Internet & Networking, Linux/Unix, Windows | No Comments »

I’ve been an ardent VMWare user and proponent for some time. But only recently have I had the opportunity to work with the VMWare flagship product, ESX Server. Let me just say…. Oh Good Lord!

Disclaimer: ESX is not for everyone, it is first and foremost a dedicated server product; not something you are going to load and play around with on a desktop pc. And until more recently, it has been a rather expensive endeavor, recently however, with the introduction of a freeware option (ala VM Server and Player), that has changed. VMWare ESXi is now free to use, and boosts the same Core Hypervisor as its costly big brother ESX. There is even an upgrade path to the fully licensed version, should you require the full VI3 management suite. If you have the datacenter class gear, and are in need of a full time Virtualized platform I can not stress enough how wonderful a solution ESXi is. I’m presently deploying ESXi on Dell servers (on select new models it is even available as a flash based boot module – for no charge!)

If your needs do not necessitate full time data center VM operations, you still should look at the latest incarnation of VM Server. Version 2.0 just went golden, and after playing with it on both Linux and Windows platforms the last week, I am equally impressed. Be forewarned, if you are a current VM Server 1.X user you are in for a shock – the new web based interface can be a little disorienting at first, but new and better functionality awaits. Just as before this product is completely free and absolutely suitable for production use.

Virtualization is unquestionably the wave of the future, both in servers and even on the desktop. If you have been waiting to dip a toe into the VM waters, wait no longer – with these new offerings from VMware now is the time to Virtulize!

Is it Fall Yet?

Posted on September 13th, 2008 in News & Updates | No Comments »

As the rain pours down outside – the rennets of Hurricane Ike, sweeping north through Texas – I’m reminded of how desperately I long for a change in the temperature, some falling leafs, Football and a website redesign. Come’on doesn’t everyone associate all these things together?

It’s been a while since my last post, and yes, there have been BIG changes indeed. Headlining these  is  my new position with the Federal Courts, US Probation in Dallas. Its a Big and welcome change from the last ten years as a high-travel technology consultant. The projects are expansive, and will introduce new technologies to my daily experience.

Change is also coming to this site; after two years in its current form it’s about time for a redesign. Leading the list of new options is a move to a LAMPP based CMS like Drupal. I’ve also had lots of feedback requesting  more downloads, tech tips ad photos – I hear you all, and we’ll see what can be done.