WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED

For all those command line ssh users out there who have encountered WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED when they know they are connecting to the correct device/server, here is a way to prevent this error from appearing so you can get your work done quickly.

First, there are options in ssh to ignore host key checking to suppress this warning. You can do use the following options when making starting an ssh session.

ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no [user]@[ipAddress]

However, that is a bit cumbersome to type every time when we are all used to just typing

ssh [user]@[ipAddress]

So to ease the pain, you can add a new command via .bashrc to do this automatically. In Ubuntu, you can edit your /home/[user]/.bashrc and add

sshignore() {
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no $1
}
alias sshi=sshignore

After you save the changes to .bashrc, reload it by doing

source /home/[user]/.bashrc

Now you can just do the following when starting an ssh session and suppress the warning.

sshi [user]@[ipAddress]

NOTE: Obviously, ssh defaults to showing you this warning for security reasons and you should know why are want to circumvent the warning. So only use it in situations such as reconfiguring ipAddresses for many devices over and over again where the warnings are just annoying.

Auto start Sphinx searchd after reboot on Linux

By default, after you install and configure Sphinx, you will find that once your OS restarts, search will not be working. That is because searchd is not setup to auto start. The following will solve that problem.

Create file /etc/init.d/searchd.
sudo vi /etc/init.d/searchd

Copy the following into searchd.
#!/bin/bash

case “${1:-”}” in
‘start’)
/usr/local/bin/searchd
;;
‘stop’)
/usr/local/bin/searchd –stop
;;
‘restart’)
/usr/local/bin/searchd –stop && /usr/local/bin/searchd
;;
*)
echo “Usage: $SELF start|stop|restart”
exit 1
;;
esac

Add execute to the file
sudo chmod -x /etc/init.d/searchd

Register with auto start
sudo update-rc.d searchd defaults

Scaling down from MS to open source

We just moved a service that was running on the Microsoft stack (Windows Server 2008, .NET, MSSql Server, IIS) to an open source stack (Ubuntu Server, php, Codeigniter framework, apache2, postgres).

We now run the service on a cloud server with dual cpu and 256MB ram (Yes, that’s megabytes).

The old server ran on dual core with 2GB of ram.

A four letter word can ruin your day

halt + Amazon EC2 + Instance Store = A bad day

I did a stupid thing while on vacation. Decided to clone an EC2 server and executed halt from commandline without checking to see if the server was using Instance Store. Whoops, Amazon showed the server as terminating…terminated… ahhhhh.

After having to rebuild the server while on vacation, I have learned a valuable lesson.

sendmail[2525]: My unqualified host name (servername) unknown

If you see these messages in your syslog, your sendmail is not configured correctly with the domain name. If you are sending from a fully qualified domain, add it to the local-host-names file. In Ubuntu, it would be /etc/mail/local-host-names. Make sure it reads something like this.

localhost
[domain.com]
[server name]

Now in the /etc/hosts, make sure it reads the following.

127.0.0.1 [domain.com] [server name] localhost

Then

sudo /etc/init.d/sendmail restart

and the error should not continue filling the syslog.

Fail2ban does not start after reboot

This problem was identified with the following configuration:
Ubuntu 8.04
fail2ban

Problem: After fail2ban install, everything works fine, but after reboot fail2ban does not start. Manual /etc/init.d/fail2ban restart fails also.

Cause: Fail2ban looks for fail2ban.sock in
/var/run/fail2ban/
During reboot, that directory is removed. Fail2ban assumes it is there and fails on restart.

Solution: Make sure the directory exists during start of fail2ban. Edit the init.d for fail2ban to fix this.
sudo vi /etc/init.d/fail2ban
Find the do_start option.

do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
do_status && return 1

if [ -e "$SOCKFILE" ]; then
log_failure_msg "Socket file $SOCKFILE is present"
[ "$1" = "force-start" ] \
&& log_success_msg "Starting anyway as requested" \
|| return 2
DAEMON_ARGS="$DAEMON_ARGS -x"
fi

start-stop-daemon --start --quiet --chuid root --exec $DAEMON -- \
$DAEMON_ARGS start > /dev/null\
|| return 2

return 0
}

Add the following after the if statement.

# Assure that /var/run/fail2ban exists
[ -d /var/run/fail2ban ] || mkdir -p /var/run/fail2ban


Finally, it should look like this

do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
do_status && return 1

if [ -e "$SOCKFILE" ]; then
log_failure_msg "Socket file $SOCKFILE is present"
[ "$1" = "force-start" ] \
&& log_success_msg "Starting anyway as requested" \
|| return 2
DAEMON_ARGS="$DAEMON_ARGS -x"
fi

# Assure that /var/run/fail2ban exists
[ -d /var/run/fail2ban ] || mkdir -p /var/run/fail2ban

start-stop-daemon --start --quiet --chuid root --exec $DAEMON -- \
$DAEMON_ARGS start > /dev/null\
|| return 2

return 0
}

Now restart and it should work.

sudo /etc/init.d/fail2ban restart

Just for kicks, see how /var/run has the newly created fail2ban directory.

sudo ls /var/run

Ubuntu apache2 virtualhost setup problems

If you are getting error messages when starting apache2 like

“Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1 for ServerName”
or
“[warn] _default_ VirtualHost overlap on port 80, the first has precedence”

you need to make sure a couple of lines are in your /etc/apache2/httpd.conf  file.

ServerName localhost

VMware bridged network Ubuntu and Windows

Setting up a Windows guest to serve to the LAN that the host Ubuntu is on is simple but a few gotchas to look out for.

My Setup:
1. Host VM Ubuntu withd 2 NICs
2. Guest VM XP Pro serving http through IIS
3. Lan with DHCP exist at Host VM level
4. Host VM uses eth0
5. VMware Server

Getting it to work:

  • For the Network Adapter config for the guest VM select the Bridged Network created during install of VMware server (eth1 in my case since eth0 is assigned to host VM)
  • On host VM Ubuntu, goto System>Preferences>Network Connections
  • Edit eth1
  • Uncheck Available to all users
  • Goto IPv4 Settings tab
  • Change method to Link-Local Only
  • Apply and close
  • Refresh NICs
  • Make sure ifconfig does not show an IP address from the subnet of your LAN on eth1
  • Since guest VM XP is to serve http, it should have a static IP
  • Goto guest VM
  • Set TCP/IP for the Local Area Connection to a static IP within the subnet of the LAN
  • Run ipconfig /refresh in command line
  • Make sure ipconfig shows the correct IP info just set
  • Make sure it can connect to internet
  • Make sure Windows Firewall is not blocking http or port 80 (obvious step but it threw me for a loop for a little while)
  • Now just check from host VM to see if a test webpage shows up