May 19

Linux: Clearing journalctl logs to free up space

One of the fastest ways to create some free space especially if you have ran our of drive space is to vacuum your journalctl logs.

Vacuum by time:
journalctl --vacuum-time=1d

Vaccum by log size (log size after the command has completed):
journalctl --vacuum-size=250M

Category: Linux | Comments Off on Linux: Clearing journalctl logs to free up space
April 19

Linux: Disable SSH connection timeout

You need to set the Client and the Server to stop the automatic timeout of SSH non active connections.

Client:
/etc/ssh/ssh_config

Add the following to the bottom of the file:
# Client keep alive
ServerAliveInterval 60

Server:
/etc/ssh/sshd_config

Add the following to the bottom of the file:
# Server Keep Alive
ClientAliveInterval 120
TCPKeepAlive yes
ClientAliveCountMax 720

systemctl restart sshd

Note:
120 X 720 = 86400 seconds or 24 hours

Category: Linux | Comments Off on Linux: Disable SSH connection timeout
April 18

Linux: After changing ulimit settings the proc limits do not match

When changing the ulimit settings in /etc/security/limits.conf or in /etc/security/limits.d/filename for a specific user, you will only see the correct change in /proc/[pid]/limits if you are looking as the user the limit was set for. Looking at this setting in /proc as root or su will display the settings for root not the user you set within the file.

The command:
ulimit -a username
is the best way to tell if the limits config file change is active.

Category: Linux | Comments Off on Linux: After changing ulimit settings the proc limits do not match
March 25

Linux: Using ssh to run a script on multiple servers

To start, it will be more convenient if you have ssh keys setup on the servers. Otherwise you will be entering a password for each server you need to connect to.


To break this out create three files:
1. iplist.txt
2. checkservers
3. serverscript

* If your command is small enough you do not need to have a seperate serverscript file.  I find it easier to put more complex scripts in their own file which is what the following example reflects.

Add your server IPs to iplist.txt:
192.168.1.10
192.168.1.22
192.168.1.45
192.168.1.100

Add you loop connection syntax in checkservers:
#!/bin/bash
for server in $(cat iplist.txt); do

ssh username@$server -i usernameprivatekeyfile 'bash -s'  < serverscript  >> server-results.txt

done

Add your script to serverscript:
#!/bin/bash

sudo -i

hostname

your
script
here

Final steps:
chmod 744 checkservers
chmod 744 serverscript

Finally run ./checkservers

Category: Linux | Comments Off on Linux: Using ssh to run a script on multiple servers
March 23

Linux: reverse ssh simplified

If you are tired of reading long blog posts of using reverse ssh you came to the right place.

Scenario:
You want to connect from your workstation to a server.
Both are on their own networks and are behind NAT.

Target: Server behind firewall
Jump: Server on the internet that you have control of the firewall
Source: Your Workstation behind firewall

Steps (Target connects to Jump, Source connects to Jump, From Jump you connect to Target):

  1. Target:
    ssh -fN -R 45000:localhost:22 username@Jumpserverip
  2. Source:
    ssh username@jumpserverip
  3. Jump:
    ssh useronTarget@localhost -p 45000

Category: Linux | Comments Off on Linux: reverse ssh simplified