All posts by blak111

Public Key Authentication with Putty


Windows = Still Exists

Administration from Windows of Linux = Putty

Key-based authentication from Putty = Puttygen

Launch the key generator included with Putty called PuTTYgen.

Click Generate. Move the mouse around for some good ol random numbers.

Stick a passphrase on it if you’re feeling insecure about yourself.

Save the public key somewhere and save the private key somewhere too. (Both are required for a good time.)

Before you close the program, copy the prepared public key to the clipboard from the box in PuTTYgen that has been prepared for the authorized_keys file.

Open an ssh session to the machine you’re administering.

~$ cat >> ~./ssh/authorized_keys

Then paste your key in there, hit enter, and press CTRL-C.

Now create a new session in PuTTY.

Go to Connection > Data and put in your Auto-login username that you just appended the public key to.

Then go to Connection > SSH > Auth and put the path of your private key in the box.

Then go back up to Session. Put the address or host name of your machine in the Host Name box, stick a name in Saved Sessions and hit Save.

Now you can double-click on it for instant satisfaction of authentication.

Script telnet for device changes

So you just kicked your roommate out and you need to change the username and password on 250 switches.

You can do it with a quick bash loop and pipe it into telnet. (ssh is way better, but isn’t enabled by default on most network devices)

Make a new file named credentials.txt and put the username on the first line and the password on the second.

Then make a new file named devicelist.txt and place the IP address or hostname of all of the switches in this file. (each on it’s own line)

username=`head -n 1 credentials.txt`
password=`tail -n 1 credentials.txt`
for device in `cat devicelist.txt`
echo open $device
sleep 1

echo ” “
(only required for devices with a banner before username prompt)
sleep 1

echo $username
sleep .5
echo $password
sleep .5
echo “command to execute on device”
sleep 1
echo “another command to execute on device”
) | telnet

If some of the devices have longer delays between prompts you can adjust the sleep values. (telnet isn’t smart enough to know when the device is ready for a command)

This script will obviously need to be modified depending on the device you’re connecting to. It will get all of those passwords changed automatically for you. You should be using a RADIUS or TACACS+ server for authentication with that many switches. 🙂

It does work well to invoke backups to tftp servers, etc.

Mount stuff over ssh quickly with sshfs

This little program allows you to mount a folder on a remote system to a local folder using ssh.

Install sshfs.

$ sudo apt-get install sshfs

Use the following command to mount a folder.

$ sshfs user@remotehostname:/path/to/remote/folder  /path/to/local/folder

You don’t even have to be root to mount.

You can speed the process up with key-based access.

See here.

Repurpose power button on Linux

The power button is pretty boring just turning the computer off.

Time to make it special for those headless Linux machines that play music but don’t have a keyboard.

Make sure ACPI is installed.

~$ sudo apt-get install acpi

Backup the old script.

~$ sudo cp /etc/acpi/  /etc/acpi/

Clear all of that nonsense out of the old script and start with a fresh slate.

~$ sudo cat > /etc/acpi/



Hit ctrl-c to finish

But that only lets you do one thing with your button!

Lets fix that with a little evil and trickery. The following will wait for repeated presses after the first for different results.

Replace /etc/acpi/ with this.

/root/ &

Now create /root/ and place this in it.


echo “i’ve been touched” >> /root/scriptisrunning

sleep 3

if [ `cat /root/scriptisrunning | wc -l` -eq 1 ]; then



if [ `cat /root/scriptisrunning | wc -l` -eq 2 ]; then



if [ `cat /root/scriptisrunning | wc -l` -eq 3 ]; then



rm /root/scriptisrunning


This allows you to press the button multiple times with different results for each press. The sleep timer will reset with each press so this can be expanded to any number of button presses. Just copy the if statement and change the -eq to the number of presses. Then put the path to the program or script you want to run on the next line. Make sure the if statement has a corresponding fi to end it.

Bash Guessing Game

Here is a game that is worth your time. You even get to code it yourself.

Lolz. Needs a bash interpreter.

~$ nano

Paste this in there.

echo “Please pick an integer between 1 and 10.”
read guess
while [ “$number” -le 1 ]
let “number %= 11 ”

if [ $guess -eq $number ]
echo “You win!”
echo “You suck. The number was $number.”


Then make it executable.

~$ chmod +x

Now you have yourself a dandy.

Run it like so.

~$ ./

This game does not have any input validation. If you try to guess a letter or special character, you will get an error. Guessing out of the bounds of 1 to 10 will also greatly reduce your odds of winning.

One-line to add public ssh key to authorized keys file on remote system

Sometimes I feel like Linux hasn’t been accepted publicly because people are concerned about getting their public ssh key appended to the authorized_keys file on the servers they are trying to administer. They think they have to scp it over, then ssh in, and finally append it to the correct file.

It’s such a shame because it can easily be accomplished with this one command.

ssh me@somespecialserver.local “cat >> ~/.ssh/authorized_keys” < ~/.ssh/

This executes the cat command on the remote server and takes the input from the local ~/.ssh/ file.

If you don’t have an file, run the following command and follow the instructions.

ssh-keygen -t rsa

Once you’re authorized, you wont have to type a password to log on to that server anymore. However, you will still need it for sudo commands.

Use MRTG to graph traffic

So there you are, sitting there watching TV and looking at the blinking lights on your router.

Suddenly you think, “Man, if only there were a way I could record how many octets have flown across each managed interface. Then I could record those same numbers at a later time to determine the average traffic rate during that time-span.”

Luckily there is a simple tool called MRTG or Multi Router Traffic Grapher that will do just that.

First, you have to prepare the device(s) you want to monitor.

Whatever the device is, it needs to have SNMP capability. If it doesn’t, stop here because the rest of this tutorial will produce less than desirable results.

Set the SNMP read-only community string to something complicated. You can always copy and paste. Make sure SNMP is enabled and you should be good to go.

Now install MRTG.

Lets pretend you are on a Debian-based system and can install it from a repository.

sudo apt-get install mrtg

Now, you need to make sure the /etc/mrtg.conf file is owned by the user that will run the cronjob.

sudo chown user-name /etc/mrtg.conf

The config file itself can be quite cumbersome to edit by hand.

Good thing you wont have to. A special tool called cfgmaker is included to make the process easier.

Open up a blank text document that you can prepare this command in and save it for later modification.

Paste this in there:

cfgmaker –global ‘WorkDir: /var/www/mrtg’  \
–global ‘Options[_]: bits’ \
–show-op-down \
–no-down \
–noreversedns \
–zero-speed=100000000 \
–subdirs=HOSTNAME \
–output ‘/etc/mrtg.cfg’ \
–community=somecomplexcommunitystring \ \ \ \ \

(Each option is explained at the end of this post.)

Modify the last lines with IP addresses of devices that you want to pull information from.

Then copy all of it and paste it into a terminal. Save the text file for later in case you want to add a device and need to generate a new configuration. Each time it runs, it overwrites the previous file. If you need to remove a device, just pull it from the list and rerun the commands.

The commands should run successfully without and error. If there is an error, it is generally because it cannot communicate with your device using SNMP.

A quick way to verify that SNMP is giving information is with the following command. [SNMP must be installed (sudo apt-get install snmp)].

snmpwalk -v 2c -c communitystring IP)

This should start spitting out a bunch of information. If it doesn’t, you either can’t communicate with your device, or SNMP isn’t enabled on it.

If everything ran without error, you should have an /etc/mrtg.conf file that’s ready to go. Make sure the same user that is going to run the program has rights to the /var/www/mrtg  as well. This is where all of the html pages and images will be created.

sudo mkdir /var/www/mrtg

sudo chown user-name /var/www/mrtg

Everything should be ready to go. Now you can add an entry to the user’s crontab for MRTG to run every 5 minutes.

crontab -e -u user-name

Choose an editor if you have to. Nano is easiest. Paste the following line in. Then save and quit.

*/5 * * * * env LANG=C /usr/bin/mrtg

After 5 minutes, you should start to see files in /var/www/mrtg.

If you don’t see anything, there is probably a permission error. Run the command manually to see what errors come back and adjust the permissions on the problem directories.

env LANG=C /usr/bin/mrtg

Once, you see html and png files, you are ready to rock. It will take at least two runs for statistics since it it measuring the difference in octet counters.

These files are obviously best viewed with a browser. They are just basic html files so a web server doesn’t need much configuration to serve them. Just set the home directory to /var/www/mrtg and make yourself a nice little index.html page that links to the interesting interfaces.

The WorkDir option tells it where the html and image files will be created.

The –global ‘Options[_]: bits’ option uses bits instead of bytes. All link-speeds are measured in bits, and file-sizes are generally measured in bytes.

The –show-op-down option tells it to include interfaces that are operationally down. That way, if an interface comes online, cfgmaker doesn’t need to be executed again.
The –no-down option covers more than operationally down. All interfaces will be graphed regardless of their status.
The –noreversedns option tells it not to bother with attempting a reverse look-up of the IP addresses of your network equipment.
The –zero-speed=100000000 option tells it to assume the speed is 100mbit/s if the device returns a rate of 0.
The –subdirs=HOSTNAME option determines how the html and image files will be organized. Each device will have it’s own folder based on it’s hostname or IP address if no hostname is given.
The –output ‘/etc/mrtg.cfg’ option tells it where to save the mrtg config file. This is the default location mrtg checks when it is ran.
The –community=somecomplexcommunitystring option tells it what SNMP community string to use when attempting to contact the device.

All of the options are available here.

Here are a couple example shots. They are both from a relatively fresh install. One is from an access point running dd-wrt and one is from a firewall running pfSense.


Using wget to grab multiple files over ftp using multiple connections

Lets say you have a nice Linux server with a nice connection you want to grab a whole bunch of files from an FTP server using multiple connections to utilize all of the available bandwidth. Graphical based utilities are the work of the devil, so we can use wget.

First change to your directory that you want to download all of the files to.

cd  /drive/with/lots/o/storage

Here is a nice wget command that you can spawn multiple instances of to get the job done:
wget -r -nc -b –ftp-user=user –ftp-password=password

The -r tells wget to recursively download so it grabs everything in that directory and beneath it.

The -nc tells wget to skip a file if it already exists locally to prevent all of your instances from replacing the same file over and over.

The -b tells wget to work in the background and send output to a log file. This is necessary to run 20 instances at once.

The –ftp-user= and –ftp-password= are only required if the FTP server doesn’t allow anonymous access.

Just run the command as many times as you want for the desired number of threads.

A quick killall wget will put all of the action to a halt if the fun is getting out of control.