This is a simple VPN for those times when you want the ease of use of a VPN but only have a ssh server available. Both servers need to have ssh configured to allow tunnels. You need to change the configs for ssh under /etc/ssh Remote server sshd_config: PermitTunnel yes Local server ssh_config: Tunnel yes Remote server Setting up the tunnels requires you to use root when sshing. Since I don’t open my servers up to remote root logins I work around it by first creating a reverse tunnel from the remote server back to my home machine. You will need to forward your external ssh port on your broadband router to the ssh on your local machine. Then create the reverse tunnel like this.

I recently signed up for a small dedicated server at Kimsufi.co.uk for the grand price of £14 a month which I think is pretty good price for what you get. Brand Intel Model Celeron / Atom Frequency 1.20+ GHz Architecture 64 bits NIC FastEthernet Memory 2 GB Hard disk 1 TB FTP Backup 100 GB Bandwidth Heaps more than I need :-) The machine itself is nothing special but they do have remote management and you can install a variety of Linux and Windows operating systems. I am quite happy with their service and management tools but I wasn't happy with the fact that they run their own custom kernels on them. The kernel that they install is a 'grsec' hardened 3.2 kernel but this caused a variety of issues when doing 'yum update', mainly dependency issues. I Googled around and found a few different solutions on remotely installing CentOS which were all basically variations on the way I describe in a previous post using [grub to re-install](http://www.thegoldfish.org/2009/12/reinstall-centos-using-grub/). Whatever I tried with this including [using VNC](http://forum.ovh.co.uk/showthread.php?t=4991) and attempting a fully automated install with a tested kickstart file it would become unresponsive when rebooting into the OS the first time. Instead of all these methods I should have been thinking inside the box instead of outside it :-(

This is quite handy to know if you need to create a new network bond on a live system without disrupting traffic. First of all create your bond configs in the normal way so that in the event of a reboot it will come back up working. See the Redhat documentation for how to do it in RHEL6. Now because we cannot just restart the networking to bring that up we need to construct it by hand. Let’s say our 2 interfaces we wish to bond are eth3 and eth4 and the bond we are going to create is bond1

This is just a quick note to save this useful bit of information. I may make it into a script one day or use it in something else. echo ''|openssl s_client -connect localhost:636 2>/dev/null | openssl x509 -noout -enddate | sed 's/^not.*\=//'

Have you ever needed to run a bunch of long running processes from a bash script and get their return codes ? I come across this issue quite frequently in my line of work. The most common one is where I need to run rsync to collect files from many machines then if successful run some other task. Depending on the number of servers and data this can take several hours to run sequentially and I don’t really like waiting around to check the output so that I can run the next task.

Stunnel is a quick way of taking a non ssl connection and being able to wrap it in ssl for security stunnel version 4 - Fedora 12/RHEL 5.3 /Centos 5.3 vim /etc/stunnel/stunnel.conf add in client=yes [gmail] accept = 127.0.0.1:50000 connect = mail.google.com:443 then run stunnel stunnel version 3 - Ubuntu 8.10 (I haven’t used newer versions) Ubuntu 8.10 has 2 versions of stunnel: stunnel3 and stunnel4. They have created a symbolic link from /usr/bin/stunnel -> /usr/bin/stunnel3

I quite often need to remove a single line from a file by its line number. The most common use case for me is the known_hosts file when I have reinstalled a system, I have in the past used vim and navigated to the line then removed it. This is all well and good but it gets to be a pain having to do it repeatedly, especially when you manage around 1000 servers and they get rebuilt frequently. Finally today I had had enough so wrote a little script to do this task easily. Hopefully someone else finds this useful

This post is here mainly because I always forget how to do it. This is one of the simplest ways to reinstall a Centos (will probably work for RHEL and maybe even Fedora) system without needing PXE or physical access to the machine. Make sure that you have tested your kickstart before you use it and don’t blame me if anything goes wrong. Save the following script and make it executable then run it. It will ask some questions about networking and hostname and then write a new grub stanza to your grub.conf. It will also download the correct kernel and initrd from the information you have given it and put them in the correct position for grub to find them when it boots.