옥탑방람보

WARNING! The remote SSH server rejected X11 forwarding request.

 

SSH 접속시 위와 같은 경고 메시지가 발생되고 x11 이 실행되지 않을 때,

 

$> yum install xauth

1. Change to root User
   su -
   ## OR ##
   sudo -i

2. Install Fedora or RHEL Repo Files
   cd /etc/yum.repos.d/
 
   ## Fedora 18/17/16/15/14/13/12 users
   wget http://download.virtualbox.org/virtualbox/rpm/fedora/virtualbox.repo
 
   ## CentOS 6.3/6.2/6.1/6/5.8 and Red Hat (RHEL) 6.3/6.2/6.1/6/5.8 users
   wget http://download.virtualbox.org/virtualbox/rpm/rhel/virtualbox.repo

3. Update latest packages and check your kernel version
   Update packages

   yum update

   Check that that you are running latest installed kernel version
   Output of following commands version numbers should match:

   rpm -qa kernel |sort |tail -n 1
 
   uname -r

   Note: If you got kernel update or run older kernel than newest installed then reboot:

   reboot

4. Install following dependency packages
   CentOS 6/5 and Red Hat (RHEL) 6/5 needs EPEL repository, install it with following command:

   ## CentOS 6 and RHEL 6 ##
   rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
 
   ## CentOS 5 and RHEL 5 ##
   rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
   yum install binutils gcc make patch libgomp glibc-headers glibc-devel kernel-headers kernel-devel dkms
 
   ## PAE kernel users install ##
   yum install binutils gcc make patch libgomp glibc-headers glibc-devel kernel-headers kernel-PAE-devel dkms

5. Install VirtualBox Latest Version 4.2 (currently 4.2.6)
   yum install VirtualBox-4.2

   Note:
   This command create automatically vboxusers group and VirtualBox user must be member of that group.
   This command also build needed kernel modules.

   Rebuild kernel modules with following command:

   /etc/init.d/vboxdrv setup
   ## OR ##
   service vboxdrv setup

6. Add VirtualBox User(s) to vboxusers Group
   Replace user_name with your own user name or some another real user name.

   usermod -a -G vboxusers user_name

7. Start VirtualBox
   Use launcher from menu or simply run:

   VirtualBox

Troubleshooting
   If you have problems with KERN_DIR parameter or your kernel directory is not automatically detected then set KERN_DIR environment variable manually, using following method:

   ## Current running kernel on Fedora ##
   KERN_DIR=/usr/src/kernels/`uname -r`
 
   ## Current running kernel on CentOS and Red Hat (RHEL) ##
   KERN_DIR=/usr/src/kernels/`uname -r`-`uname -m`
 
   ## Fedora example ##
   KERN_DIR=/usr/src/kernels/2.6.33.5-124.fc13.i686
 
   ## CentOS and Red Hat (RHEL) example ##
   KERN_DIR=/usr/src/kernels/2.6.18-194.11.1.el5-x86_64
 
   ## Export KERN_DIR ##
   export KERN_DIR

 

C class에 아이피를 모두 사용할때에는

서브넷마스크는 255.255.255.0 가 된다.

즉 11111111.11111111.11111111.00000000 이 되어 마지막 자리에 올 수 있는 254(256-2)개 만큼 모두 사용할 수 있다.

만약 두개로 나누어 사용하고자 한다면

서브넷마스크는 255.255.255.128 가 된다.

즉 1111111.11111111.11111111.1000000 이 되어 마지막 자리수의 첫번째 비트가 0인 경우와 1인 경우로 나뉘게 되어 네트워크당 124(126-2)개를 사용할 수 있게 된다.

만약 네개로 나누어 사용하고자 한다면

서브넷마스크는 255.255.255.192 가 된다.

192.168.1.0000 0000 -> 192.168.1.0 ~ 192.168.1.63

              01           -> 192.168.1.64 ~ 192.168.1.127

              10           -> 192.168.1.128 ~ 192.168.1.191

              11           -> 192.168.1.192 ~ 192.168.1.255

이렇게 되면 각 네트워크당 64개가 되고, 각 네트워크 IP의 제일 처음과 끝 값은 각각 넷ID, 브로드캐스트로 할당되므로 결과 네트워크당 62개의 IP 사용이 가능해진다.

 

* 한 네트워크당 가장 앞자리는 넷ID값이 되고 뒤에 오는 수는 브로드캐스트 값이 되므로 이 두개의 IP는 사용할 수 없다.

 

IP주소가 192.168.98.28 이라면 이것은 실제 2진수로 되어 있다.

즉 1100 0000.1010 1000.0110 0010.0001 1100 이렇게 된다.

 

IP주소는 class로 구분된다.

A class는 첫번째 자리가 1~126 사이값으로 한 네트워크 안에 최대 호스트수 16,777,214 개가 된다.

(첫번째 자리가 1일 경우 나머지 세자리에 올수 있는 경우 256*256*256-2)

B class는 첫번째 자리가 127~191 사이값이 되고 두번째 자리까지 정해져 할당되어 한 네트워크 안에 최대 호스트수 65534

(256*256-2)

C class는 192~223 으로 세번째 자리까지 정해져 할당되어 254개

(256-2)

D class는 224~239

E class는 240~255

 

C class가 가지고 있는 254개 호스트에 ip주소를 모두 부여했다고 했을 ‹š는

서브넷마스크는 255.255.255.0

B class 는 255.255.0.0

A class 는 255.0.0.0

이 된다.

192.168.10.1/24

192.168.10.1/25

 

서브넷 마스크를 보면 보통 255.255.255.0 이런식으로 표시된다.

255를 2진수로 변화시키면 11111111 이 된다.

그래서 255.255.255.255.0 를 2진수로 표시하면

11111111.11111111.11111111.0 이렇게 된다.

따라서 1의 개수가 총 24개가 되고 마지막 자리에서 0~255까지의 아이피를 모두 사용할 수 잇게 된다.

이럴때 IP뒤에 /24 라고 표시한다.

즉 /24 라고 되어 있으면 IP 255개 모두를 사용할 수 있는 것이다.

 

만약 255개의 IP를 두개로 나누게 되면

255.255.255.128 은

11111111.11111111.11111111.10000000 이 된다.

이렇게 되면 아이피를 255개의 반밖에 사용할 수 없게 된다. (128까지)

/25 라고 되어 있으면 128개의 아이피를 사용할 수 있다고 보면 된다.

 

/26 이면 아이피를 1/4로 나눈것이다. 즉 64개가 사용가능하다.

<CentOS 5 에서 jailkit 설치 방법>

 

1. jailkit 다운로드 - http://olivier.sessink.nl   

2. jailkit 설치 (root 계정)

$> yum install jailkit.x86_64

또는

$> tar jxvf jailkit-2.11.tar.bz2

$> cd jailkit

$> ./configure

$> make

$> su -

$> make install

3. jailkit init 파일 수정

$> vi /etc/jailkit/jk_init.ini

paths=/usr/libexec/openssh/sftp-server  #CentOS5 에서의 sftp-server 위치임.

4. chroot jail 생성

$> jk_init -v -j /var/jail basicshell ssh sftp   # http://olivier.sessink.nl/jailkit/jailkit.8.html

5. 계정 생성

$> adduser juser

$> passwd juser

6. jail 로 계정 정보 이동

$> jk_cp -j /var/jail /usr/sbin/jk_lsh

$> jk_jailuser -m -j /var/jail/ juser

7. sftp/scp only (기타사항 허용시 paths, executables에서 관련 실행파일을 , 단위로 나열하면 된다. *테스트필요)

$> mkdir -p /jail/etc/jailkit

$> vi /var/jail/etc/jailkit/jk_lsh.ini

[juser]

paths = /usr/libexec/openssh/

executables = /usr/libexec/openssh/sftp-server

allow_word_expansion = 0

8. 확인

$> cat /etc/passwd

juser:x:505:506::/var/jail/./home/juser:/usr/sbin/jk_chrootsh

$> sftp juser@localhost

sftp> 라고 나타나면 성공

이후 juser 계정으로 sftp를 접속하면 juser의 / 는 서버상의 /var/jail 이 되므로 상위 디렉토리를 볼 수 없게 된다.

 

<rocks clusters>

계정생성시 /export/home 과 같은 심볼릭링크로 걸면 되지 않는다.

그렇기 때문에,

adduser -d /state/partition1/home/juser juser

로 계정을 생성해야 하고,

$> cat /etc/passwd 시

juser:x:505:506::/var/jail/./state/partition1/home/juser:/usr/sbin/jk_chrootsh

으로 구성되어야 한다.

jail로 묶인 계정은 cluster 분석 계정으로 사용할 수 없다. (automount 문제)

How do I work with multiple files at the same time?


vi allows for multiple files to be open at the same time. Unlike many editors, you only see one file at a time. If you start vi with multiple files on the command line they'll all be opened up.
You'll start out in the first file, and you can move to the next file by typing :n.
If you've made changes to the current file that you don't want to keep, you can go on by using :n!. Note that this will discard any changes that you've made.
If you want to save, you need to use :w first.

 

Regular expressions appear to be rapidly gaining in popularity among VIM users as they discover the sheer programming power that regular expressions can provide. Historically, regular expressions have been associated with the UNIX platform and scripting languages like Perl (Practical Extraction and Report Language).

The syntax in VIM is slightly different then in Perl, but is pretty close. This makes Perl regular expression examples relevant to VIM users.

Softpanorama RegEx page contain basic information about regular expressions. I would like to stress that Vim's regexp implementation is reasonably close to Perl's and skills are transferable. Among the differences between Perl and Vim we can note:

Some meta characters are different (in yellow)

# Matching # Matching
. any character except new line
\s whitespace character \S non-whitespace character
\d digit \D non-digit
\x hex digit \X non-hex digit
\o octal digit \O non-octal digit
\h head of word character (a,b,c...z,A,B,C...Z and _) \H non-head of word character
\p printable character \P like \p, but excluding digits
\w word character \W non-word character
\a alphabetic character \A non-alphabetic character
\l lowercase character \L non-lowercase character
\u uppercase character \U non-uppercase character

Many special characters need to be escaped. For example:
\+ matches 1 or more of the preceding characters...
\{n,m} matches from n to m of the preceding characters...
\= is used instead of \? (matches 0 or 1 more of the preceding characters)

Quantifier Description

* matches 0 or more of the preceding characters, ranges or metacharacters .* matches everything including empty line
\+ matches 1 or more of the preceding characters...
\= matches 0 or 1 more of the preceding characters...
\{n,m} matches from n to m of the preceding characters...
\{n} matches exactly n times of the preceding characters...
\{,m} matches at most m (from 0 to m) of the preceding characters...
\{n,} matches at least n of of the preceding characters...


Alternatives (OR) need to be escaped

Using "\
" you can combine several expressions into one which matches any of its components. The first one matched will be used.

\(Date:\
Subject:\
From:\)\(\s.*\)

will parse various mail headings and their contents into \1 and \2, respectively. The thing to remember about VIM alternation that it is not greedy. It won't search for the longest possible match, it will use the first that matched. That means that the order of the items in the alternation is important!

Tip 3: Quick mapping to put \(\) in your pattern string
cmap ;\ \(\)

Non-greed modifiers are different and more obscure then in Perl. Perl allows you to convert any quantifier into a non-greedy version by adding an extra ? after it. So *? is a non-greedy version of a special character *


Quantifier Description
\{-} matches 0 or more of the preceding atom, as few as possible
\{-n,m} matches 1 or more of the preceding characters...
\{-n,} matches at lease or more of the preceding characters...
\{-,m} matches 1 or more of the preceding characters...

Replacement rules are different

You can group parts of the pattern expression enclosing them with "\(" and "\)" and refer to them inside the replacement pattern by their special number \1, \2 ... \9. Typical example is swapping first two words of the line:

s:\(\w\+\)\(\s\+\)\(\w\+\):\3\2\1:


where \1 holds the first word, \2 - any number of spaces or tabs in between and \3 - the second word. How to decide what number holds what pair of \(\) ? - count opening "\(" from the left.

Replacement part of the S&R has its own special characters which we are going to use to fix grammar:



# Meaning # Meaning
& the whole matched pattern \L the following characters are made lowercase
\0 the whole matched pattern \U the following characters are made uppercase
\1 the matched pattern in the first pair of \(\) \E end of \U and \L
\2 the matched pattern in the second pair of \(\) \e end of \U and \L
... ... \r split line in two at this point
\9 the matched pattern in the ninth pair of \(\) \l next character made lowercase
~ the previous substitute string \u next character made uppercase


Now the full S&R to correct non-capital words at the beginning of the sentences looks like

s:\([.!?]\)\s\+\([a-z]\):\1 \u\2:g

We have corrected our grammar and as an extra job we replaced variable number of spaces between punctuation and the first letter of the next sentence with exactly two spaces.

Perl supports a more options that can be appended to the regexp, or even embedded in it.

You can also embed variable names in a Perl regular expression. Perl replaces the name with its value; this is called "variable interpolation".

The most common task is to make replacements in a text following some certain rules using VIM search and replace command (S&R) :s(substitute). For example here is how globally replace all occurrences of vi with VIM.


%s/1999/2003/g

This is a very common idiom in vi/vim. Like in Perl you can also use several modifiers

c Confirm each substitution
g Replace all occurrences in the line (without g - only first).
i Ignore case for the pattern.
I Don't ignore case for the pattern

 

sudo apt-get install ssh
sudo apt-get install openssh-server
sudo update-rc ssh defaults

 

> vi /etc/ssh/ssh_config    (or  ~/.ssh/config)

Host *
    ServerAliveInterval 60

On Client machine,
The 'ServerAliveInterval 60' indicates that it should send a little bit of data over the connection every 60 seconds. You can avoid disconnection by many firewalls. Available on SSH protocol 2 version only.



Possible on server machine as an another solution,

> vi /etc/ssh/ssh_config

ClientAliveInterval 600
ClientAliveCountMax 3