Open Source Operations

Whenever I start a new gig I have to key all the boxes – it’s tedious at best. Here’s a bash function to put a key on a far box. I always make sure I have an “eval `ssh-agent`” and “ssh-add” in my shell before running ‘keybox’.

Usage:
keybox [user@]box
Example:
keybox root@hammerforge

Warnings:
Uses ‘mktemp’ which might not be on every OS. Assumes a POSIXy shell at both ends. Tested with bash and zsh.


##############################
##########
# Thu May 28 13:57:25 2009
# will key a box for you
# use like "keybox foobar" OR "keybox user@foobar" it will take
# ~/.ssh/id_dsa.pub (change for your keytype) and write it to the far
# $USER/.ssh/authorized_keys file. Assumes you are using ssh-agent, ssh-add
# for passwdless logins.
#-Tony Thu May 28 16:59:22 2009

function keybox () {

# correct for your keytype
SSH_PUB_KEY=~/.ssh/id_dsa.pub
#SSH_PUB_KEY=~/.ssh/id_rsa.pub
###

# see is we got user@box, key the 'user' (ie root@hammerforge will
# have your key added to ~root/.ssh/authorized_Keys)
if (echo $1|grep -q @)
then
USER_TO_KEY=`echo $1|cut -f1 -d'@'`
MACHINE_TO_KEY=`echo $1|cut -f2 -d'@'`
else
USER_TO_KEY=$USER
MACHINE_TO_KEY=$1
fi

AUTH_KEYS=.ssh/authorized_keys
if [ -f ${SSH_PUB_KEY} ]
then
echo found ${SSH_PUB_KEY}
else
echo "did not file a public key, generating a new dsa key"
ssh-keygen -t dsa
echo
echo "continuing to keybox $MACHINE_TO_KEY"

fi
LOCAL_KEY=`cat ${SSH_PUB_KEY}`

TEMP_FILE=`mktemp -u`
# use some ssh options so it doesn't complain about known_hosts.
ssh -o StrictHostKeyChecking=no ${USER_TO_KEY}@${MACHINE_TO_KEY} "cp ~${USER_TO_KEY}/${AUTH_KEYS} ~${USER_TO_KEY}/.ssh/hold_authorized_keys ;echo \"$LOCAL_KEY\" > $TEMP_FILE ; cat $TEMP_FILE >> ~${USER_TO_KEY}/${AUTH_KEYS}"
# do another ssh to confirm you can get back to the box
# Batchmode causes ssh it quit if the autologin doesn't work
ssh -o BatchMode=yes ${USER_TO_KEY}@${MACHINE_TO_KEY} "hostname; date ; rm -v $TEMP_FILE"

}

written by admin \\ tags: Add new tag

I setup dhcpd and tfpt just infrequently enough to forget the details. I’m putting my gottchas here so I don’t forget them.

syslinux package ‘pxelinux’:
pxelinux loads and gets the right IP, then it fails trying to
getting the error “tftp server does not support tsize option”

Fix:

in file /etc/dhcpd.conf:

# absolutly critical to have the next-server line for tftp booting
# when you get "tftp server does not support tsize option" error,
#it's because your missing the config line, Double check with:
#          grep next-server     /etc/dhcpd.conf
#    - Tony 10/17/08
next-server 192.168.0.50;

Troubleshooting:

1] for setting up tftpd you have to make sure there are not entries like
this in /etc/hosts file

127.0.1.1      joust.famemobile.com joust

if so you have to change them to this.

192.168.1.155   joust.famemobile.com joust

2] Using tcpdump for tftp trouble shooting

The fact that loading pxelinux.0 succeeds made me think everything else should work.

The pxelinux.0 loads fine, but the config file ‘pxelinux.cfg/01-00-0c-29-c4-b0-5a’ does not.

05:27:20.882329 IP (tos 0×0, ttl 20, id 2, offset 0, flags [none], proto: UDP (17), length: 55) 192.168.0.51.ah-esp-encap > 192.168.0.50.tftp: [udp sum ok] 27 RRQ “pxelinux.0″ octet tsize 0
05:27:20.893400 IP (tos 0×0, ttl 20, id 4, offset 0, flags [none], proto: UDP (17), length: 60) 192.168.0.51.acp-port > 192.168.0.50.tftp: [udp sum ok] 32 RRQ “pxelinux.0″ octet blksize 1456
05:27:20.953322 IP (tos 0×0, ttl 20, id 29, offset 0, flags [none], proto: UDP (17), length: 91) 192.168.0.51.57089 > 0.0.0.0.tftp: 63 RRQ “pxelinux.cfg/01-00-0c-29-c4-b0-5a” octet tsize 0 blks
… stuff cut out…
05:27:20.972168 IP (tos 0×0, ttl 18, id 44911, offset 0, flags [none], proto: UDP (17), length: 54) 0.0.0.0.tftp > 192.168.0.51.57089: [udp sum ok] 26 ERROR tftp-err-#8 ” tsize option required”

The “0.0.0.0.tftp” is the indicator there is something wrong.

written by admin \\ tags: Add new tag