Friday, 26 February 2016

How To Use SSH to Connect to a Remote Server in Ubuntu VIA a BASTION


What Is SSH?


One essential tool to master as a system administrator is SSH.

SSH, or Secure Shell, is a protocol used to securely log onto remote systems. It is the most common way to access remote Linux and Unix-like servers, such as VPS instances.

In this guide, we will discuss how to use SSH to connect to a remote system.

It is often good practice to set up a Bastion server which is essentially a Gateway to other servers.
If you do this then you can configure your otheer servers to only allow SSH access from your Bastion ONLY.

This post is to help with that process...



SSH connection via the Bastion

SSH into any instance should be done via the Bastion server.

SSH-ing from the Bastion server into a different server generally requires the Bastion public key to be in the authorized_keys in the target server.

Connecting to a new instance, where the Bastion public key is not in authorized_keys

Ensure that the security group for the new instance allows connection from the Bastion.

You can use SSH agent forwarding. This technique allows you to use a keypair to connect from the Bastion, without the private key needing to be on the Bastion.

You should know the keypair the new instance is created with. Open Pageant (on your PC) and import the keypair corresponding to your new instance.

Note: You know Pageant is running if you check the Notification Icons on your PC's task bar.




The other way you know it isn't running is if your Linux server gives the following error following issuing the ssh-add -L command:
In putty, connect to the Bastion using its private key, but in ”Connection → ssh → auth” check the box for Allow agent forwarding.

On the Bastion server, you can check that the key is available by calling:
  ssh-add –L
Now from the Bastion server, ssh into the target instance:
  ssh [PRIVATE IP OF TARGET INSTANCE]
Once you are here, add the Bastion public key to authorized_keys so that agent forwarding won't be required for future connections from the Bastion.
Or leave it as is to make things easy.

Thursday, 25 February 2016

generatedata.com - Fake Your Data

Sometimes you need fake data for things like testing software, populating databases, creating realistic-looking mockups and so on. For text, we have lorem ipsum; but for everything else you have to do a bit of legwork. Human-data especially - like names, addresses, town names etc. - are particularly hard to fake because you need a semi-realistically looking data set.

Friday, 12 February 2016

Word of the Day: zombie server (comatose server)

A zombie server is a physical server that is running but has no external communications or visibility and contributes no compute resources; essentially, it consumes electricity but serves no useful purpose. Zombie servers are also referred to as comatose servers.
Zombie servers are often created because user-requested applications end up getting no use or almost no use (typically defined as under six percent). Other causes include redundant or legacy applications and services that have been replaced. An estimated one in three servers in North America falls into the "undead" category.
According to a study conducted by the consulting firm Anthesis Group and Jonathan Koomey, a research fellow at Stanford University, there are approximately 3.6 million zombie servers in the United States; worldwide, the total could be as high as 10 million.
AOL's five-year project to purge its sites of zombie servers netted the organization $10 million and in just one year resulted in a 35 percent reduction in its carbon footprint. Based on calculations by TSO Logic, a company with 1000 servers could achieve a net savings of $300,000 simply by pulling the plug on its comatose servers.

[Originaly published on http://whatis.techtarget.com/]