Linux X11 Forwarding with SU Switch User

Smart Panda - Linux Console

Smart Panda - Linux Console

Linux X11 Forwarding with SU Switch User

Over the years access is often granted to one of the administrative users and then once we are on the server we have to switch user to another account to do the technical services work. This creates a problem with X11 Forwarding and so this is one work around to the problem. X authentication is based on cookies. So the secondary account needs to have access to the same cookies as the original login user.

Here is a nice easy way to do this.  This was done on an AIX 7.1 server:

Before you issue the su or sudo, request the xauth cookies and look for the current DISPLAY that’s connecting to your X server:

$ xauth list
You’ll get something like

somehost.somedomain:10 mit-magic-cookie-1 4d22408a71a55b41ccd1657d377923ae

Then, execute a switch user (su) and add the cookie to that user:

$ xauth add somehost.somedomain:10 MIT-MAGIC-COOKIE-1 4d22408a71a55b41ccd1657d377923ae

(just copy’n-paste the output of the above ‘xauth list’ onto ‘xauth add’) That’s it. Now, you _should_ be able to start any X application.

Oracle Database 12c: Installation Guide

Smart Panda - Oracle Development

Smart Panda - Oracle DevelopmentOracle Database 12c: Installation Guide

I was working on a new server the other day and I wanted to make sure that all the correct repositories were in place, this install guide was excellent.

>> Install Guide <<<

I was doing this in AWS, and found a nice guide to setting up an OEL 7 Image: >>> Install AWS Image Guide <<<

The primary element that I was looking for was the Repositories for Oracle Enterprise Linux 7:

binutils-2.23.52.0.1-12.el7.x86_64 
compat-libcap1-1.10-3.el7.x86_64 
compat-libstdc++-33-3.2.3-71.el7.i686
compat-libstdc++-33-3.2.3-71.el7.x86_64
gcc-4.8.2-3.el7.x86_64 
gcc-c++-4.8.2-3.el7.x86_64 
glibc-2.17-36.el7.i686 
glibc-2.17-36.el7.x86_64 
glibc-devel-2.17-36.el7.i686 
glibc-devel-2.17-36.el7.x86_64 
ksh
libaio-0.3.109-9.el7.i686 
libaio-0.3.109-9.el7.x86_64 
libaio-devel-0.3.109-9.el7.i686 
libaio-devel-0.3.109-9.el7.x86_64 
libgcc-4.8.2-3.el7.i686 
libgcc-4.8.2-3.el7.x86_64 
libstdc++-4.8.2-3.el7.i686 
libstdc++-4.8.2-3.el7.x86_64 
libstdc++-devel-4.8.2-3.el7.i686 
libstdc++-devel-4.8.2-3.el7.x86_64 
libXi-1.7.2-1.el7.i686 
libXi-1.7.2-1.el7.x86_64 
libXtst-1.2.2-1.el7.i686 
libXtst-1.2.2-1.el7.x86_64 
make-3.82-19.el7.x86_64 
sysstat-10.1.5-1.el7.x86_64 


UNIX – Curl with Proxy

Smart Panda - Linux Console

Smart Panda - Linux ConsoleLinux Curl with Proxy

What is Curl?  curl is a tool to transfer data from or to a server, using one of the supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP). The command is designed to work without user interaction.

So in the cloud you may find yourself on a server that needs to communicate to an external system but it isn’t allowed to go there directly.  In which case you will most likely have a proxy server to communicate through.  In PeopleSoft you can define a web gateway proxy server, however, to test to make sure that the server is working correctly with the proxy you will want to do a curl test.

Linux Command Prompt –> curl http://whatsmyip.com

This should return the external IP address of the system you are coming out of.  If this returns nothing you are likely blocked from going to that address.  So to push the request through the proxy server, you need to set the proxy in an environment variable:

Linux Command Prompt –> export http_proxy=http://myproxy.atmyserver.com:80

Linux Command Prompt –> curl http://whatsmyip.com

Now as long as the proxy is allowed to communicate to that address you should see the IP address of the system you are communicating from.

Smart Panda - Through The Proxy

mySQL: Collation Issue

For some reason I was looking at my wordpress site and found that my database collation was set incorrectly.  I have about 10 other word press sites and all of them are correct, but I had one stand out.  I found that I had about 15 tables in my database with the incorrect collation as well. So to fix this, I did the following:

Database Level:
ALTER DATABASE CHARACTER SET utf8 COLLATE utf8_general_ci

Table Level (including the existing columns):
alter table convert to character set utf8 collate utf8_general_ci;

SSH Digital Certificates not working

Okay, in PeopleTools 8.53 you can now specify a digital certificate for SSH, not sure if this was there in 8.52, but in the past I would put the SSH keys (private and public) out in the sshkeys folders of the application server and reference them in the URL properties for SFTP configurations.

Well, you can now store these in the digital certificates area and just reference it using the alias key.  In order to make this work you need to generate an ssh key pair.  On a Redhat system you should be able to run:

ssh-keygen

Just follow the prompts.  You will need to have the openssl rpm’s installed.  This should generate and id_rsa and id_rsa.pub file in the users home directory under the .ssh directory.  You will want to append the id_rsa.pub key to the authorized_keys file (create it if it does not exist).

cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

chmod 644 ~/.ssh/authorized_keys

You should be able to check you key by issuing the following:

openssl rsa -in ~/.ssh/id_rsa -check

Now here comes the trick, if you try to copy the public and private key from the SSH window on a windows machine and paste it into the digital store, I found that this would cause the certificate to fail.  I had to sftp the private and public key to my local machine and use my trusty UltraEdit to open the files in unix mode and copy and paste the contents into the digital certificates windows.  It appears that when copying in windows mode it uses the CR/LF versus if you have it in Linux mode it will just have the LF.  This appears to make a big difference.  No errors either way except it just won’t work with the windows format.

NOTE:  If you are copying the .ssh directory from one server to another (multiple application servers) make sure that the permissions on this folder are 700.  If you have a separate batch processing server you will want to ensure that it too has the .ssh folder and keys for the assignment user.