oneliners.html
This is a short collection of my one line linux commands, scripts and knowledge that I find myself re-learning because I only use it on a few rare occasions per year.
CR then LF
As we all know \n is the line terminator of choice for Linux and other unix based systems but in certain protocols a \r\n is required by the specification. Oftentimes an \n will be accepted but in some cases (Microsoft Exchange and BincIMAP, I am talking to you) one is required to send a \r (CR) followed by an \n (LF). In a terminal under X you may press <Ctrl>+V followed by <Enter>, this will send the \r and to send the \n simply press enter again! Some tools may have the ability to send CRLF, openssl for example has a -crlf switch.
$ netcat mailserver.mydomain.com 220 mailserver.mydomain.com Microsoft ESMTP MAIL Service ready EHLO bengreen.eu^M 250-mailserver.mydomain.com Hello [192.168.0.28] 250-SIZE 250-PIPELINING 250-XRDST 250 XSHADOW QUIT^M 221 2.0.0 Service closing transmission channel
The ^m in red is the terminal telling me about my
<Ctrl>-V keycode.
$ openssl s_client -host 192.168.0.2 -port 25 -crlf -starttls smtp ...SNIP...
I am sure you can work out the bit in the SNIP section, dear reader. Reference: http://www.computerdefense.org/2007/11/netcat-and-lf-vs-crlf/.
Authorising yourself to a remote server
I often have to do this and I like to do it simply. This assumes you have already generated an RSA key in .ssh and that .ssh exists on your remote server.
cat .ssh/id_rsa.pub | ssh root@192.168.0.2 'cat >> \ .ssh/authorized_keys'
Need to generate an RSA key? no problem!
ssh-keygen -t rsa -b 2048
Kill some processes by name
I have spamd running on a machine that really should have more RAM or fewer processes running, it is quite heavily loaded for its spec. Anyway, I did not want to kill the spamd parent process, only the children once per day when they stop responding and use too much RAM.
ps ax | grep 'spamd child' | \
sed -n 's/ *\([0-9]*\) *. *. *[0-9]*:[0-9]* spamd child/\1/p' | \
xargs -I {} echo kill {}
Simple and quick... tabs might cause a problem here but that is a quick exercise for the reader.
SSH Fingerprint from command line
You know when you login to a box and it asks you to check that the supplied fingerprint matches? Well, for the first time how do you know? if all that is confusing, I mean this:
$ ssh ben@192.168.52.232 The authenticity of host '192.168.52.232 (192.168.52.232)' can't be established. ECDSA key fingerprint is SHA256:/y0X50w2hzMk1DOCufOWKqN+IysZG90WC2DLcLiYrcE. Are you sure you want to continue connecting (yes/no)?
On the machine you were trying to connect to you can verify this hash...
$ ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub 256 SHA256:/y0X50w2hzMk1DOCufOWKqN+IysZG90WC2DLcLiYrcE /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA)
If you have an old version of ssh on your machine you might see this:
$ ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub 256 a2:d4:4f:81:46:a6:64:30:af:be:cc:72:15:a0:9a:7b /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA)
Solution: upgrade! Or you could use the command line option on the newer version of ssh to show the old MD5 representation rather than the base64 SHA256 hash.
$ ssh -o FingerprintHash=md5 ben@192.168.52.232 The authenticity of host '192.168.52.232 (192.168.52.232)' can't be established. ECDSA key fingerprint is MD5:a2:d4:4f:81:46:a6:64:30:af:be:cc:72:15:a0:9a:7b. Are you sure you want to continue connecting (yes/no)?
Finally, you can also try the -E switch on your new version
of openssh:
$ ssh-keygen -E md5 -lf /etc/ssh/ssh_host_ecdsa_key.pub or $ ssh-keygen -E sha256 -lf /etc/ssh/ssh_host_ecdsa_key.pub