There are many articles about privileged SSH port forwarding but not much about properly using SSH keys and config files.
The problem is that upon typing:
ssh dakara -L 80:localhost:80
the response is:
Privileged ports can only be forwarded by root.
The obvious solution is to just use sudo:
sudo ssh dakara -L 80:localhost:80
but this produces:
ssh: Could not resolve hostname dakara: Name or service not known
Unfortunately, “dakara” is a host configured in ~/.ssh/config and not available to root. This can be fixed with:
sudo ssh -F ~/.ssh/config dakara -L 80:localhost:80
but this tries to connect as root and prompts for a password. Adding “-l $USER” sets the user name to my user name (This could also be set in the SSH config file.), and adding “-E” to sudo preserves the environment allowing my SSH agent to be used.
sudo -E ssh -F ~/.ssh/config -l $USER dakara -L 80:localhost:80
Now everything connects, and I am not prompted for a password.
I have been using FreeNX on Ubuntu Linux as a terminal server for remote graphical access. (It’s similar to Remote Desktop on Windows.) It’s fast and works quite well on slow Internet connections. NoMachine provides clients for Mac OS X, Windows, and Linux, which means I can connect to my machine from anywhere.
Most of the instructions are available in Ubuntu’s documentation for FreeNX. First, add the repository, update the package listings, and install the FreeNX package:
aptitude install --quiet --assume-yes freenx
Finally, set up FreeNX. I opt to use the default SSH key pairs (“–setup-nomachine-key”) because it doesn’t require additional configuration for the client to connect. I added the “–clean –purge” to fix authentication errors that I began having after I upgraded to Ubuntu 9.10.
/usr/lib/nx/nxsetup --install --setup-nomachine-key --clean --purge
After I install a client, I can connect to my computer from anywhere and use it as though I were sitting in front of it.
I have an HP ScanJet 5300C scanner and have had no luck getting it to run on Mac OS X after 10.3 Panther, Windows Server 2003, and Ubuntu Hardy Heron. After I upgraded to Ubuntu Karmic Koala, the XSane Image Scanner applications would scan a preview but would not actually save the image. (That’s more progress than I have had for a few years.) Next, I installed Simple Scan, which scanned and saved the image nicely. The program is a little simpler than I would like, but it beats the complexity of XSane. More importantly, it worked.
I recently purchased an HP Color LaserJet 2550 Fuser from Lake Erie Systems. It was a little pricey, but it arrived quickly and functioned as promised. Apparently I was not particularly observant when I purchased a new fuser because I did not see that they also had an exchange program for refurbished fusers. I inquired via email as to options to return my old (empty) fuser and possibly receive some sort of credit. The representative that I worked with explained that credit is only available for refurbished fusers but that he would refund me $10 regardless. I informed him that I had not received a shipping label to return the current fuser. He apologized and sent out a shipping label, which arrived promptly. I mailed the fuser back and received my $10 credit.
Bottom line: Lake Erie Systems delivers their products promptly and as advertised. Their customer service is attentive and accommodating.
I finally upgraded my brother’s desktop computer and my desktop computer to Ubuntu 9.10 Karmic Koala. Prior, both had been running Ubuntu 8.04 Hardy Heron, which was stable but was starting to show its age. I’ve always found that bleeding edge works well for desktops and tried and true works better for servers.
Ubuntu 9.10 works well, but I have discovered a few unresolved bugs that have proven to be annoyances. I’ve resigned myself to not being able to burn optical discs under Karmic because of a bug. This extends beyond Brasero to include the Wodim command line burning tool. After I upgraded, I switched from Rhythmbox to Banshee because it has better iPod syncing capabilities. However, those capabilities are a bit flaky, and I had to use this hack to make things work.
Regardless, it was a helpful and necessary upgrade. I look forward to the Ubuntu 10.04 Lucid Lynx update in April.
I finally jumped on the bandwagon and created a Google Profile for myself. I keep telling myself that it is information that I should not be posting, but let’s face it, that information is readily available to anyone who knows how to use a search engine. Google Profiles just allows me to better present the information.
After four and a half years, I am turning LFS2 off for good.
According to the “/var/log/OSInstall.custom” log, “Native install completed 2005-08-14 18:55:58 -0700,” which is just under four and a half years ago. I have finally migrated all of the data and functionality (print, file, and LDAP) from Lund File Server 2 (LFS2) to Athos. LFS2 held up surprisingly well considering it was only a 533 MHz G4 with 768 MB RAM. When I set it up, I installed three used 120 GB Western Digital hard drives. After four and a half years of running continuously, all three drives still appear operational.
Ars Technica has a nice writeup about “Dropped DSL and missing e-mail: two tales of moving woes.” I think one of the authors sums up technical support for any company perfectly:
If there were any doubts that Verizon has helpful dedicated people, this experience put them to rest. Unfortunately, I know that I’ll never encounter any of them the next time that I have a problem that requires me to dial in to the standard tech support line.
I rarely encounter competent technical support, whether it is at Embarq/CenturyLink, AT&T, Comcast, Time Warner, or Apple. What should take five minutes regularly takes multiple calls and even more tech support agents. On occasion, I do get someone helpful, but it is unfortunately not the norm.
Because I use Mutt, any mailbox that has new mail tends to get my attention when I check my email. This became particularly annoying because I kept opening my spam mailbox to check a single spam message. Therefore, I decided to come up with a way to delay the delivery of my spam to once per day.
I started by changing my “.procmailrc” to deliver spam messages to a different mailbox that Mutt does not check.
* ^X-Spam-Status: Yes
Then I created a new procmailrc file called “spam.procmailrc” that would deliver mail to my checked spam mailbox.
Next, I wrote a short Bash script to use Formail and Procmail to deliver all of the messages in the delayed delivery spam mailbox to the normal spam mailbox.
# Make sure there is delayed mail and we can get the lock (retry once)
if ( test -s $DELAY && lockfile -r 1 $LOCK 2>/dev/null ); then
# Add the delayed mail to the temp mailbox and empty the delayed mailbox
cat $DELAY >> $TEMP && cat /dev/null > $DELAY
# Process each delayed message
$FORMAIL -s $PROCMAIL $PROCMAILRC < $TEMP && rm -f $TEMP
# Delete the lock now that we are done
rm -f $LOCK
Finally, I set the script to run daily using Cron. Now I am only interrupted by spam when I choose to be instead of every time a new message arrives. I have used the same technique to delay the delivery of emails to unimportant mailing lists so I only read them hourly instead of every time a message arrives.
I run two Private MediaWiki which do not allow unauthenticated users to create accounts, edit pages, or read pages. I have whitelisted a few special pages including the login page. An example configuration is displayed below.
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['edit'] = false;
$wgWhitelistRead = array (
The problem with this is that I want to be able to monitor these private wikis in my RSS client. Therefore, I added another two lines to the configuration to allow my desktop unauthenticated access to the recent changes RSS feed on my wikis. This could be changed to make it easy to punch a hole for multiple clients. The additions are shown below.
if ($_SERVER['REMOTE_ADDR'] == "192.168.1.42")
$wgWhitelistRead = "Special:RecentChanges";
Now I can monitor both of my private wikis from my RSS client on my desktop computer. However, all other machines will still require authentication to get to the wiki.