Hack and / - Lightning Hacks Strike Twice
It was exactly one year ago when I wrote my first Lightning Hacks column. The column was inspired by lightning talks that often occur at conferences. In a lightning talk, instead of one speaker giving a presentation for an hour, different people give 5–10-minute presentations. The idea is that many people are working on cool projects but may not have an hour's worth of material to present. And, the audience gets a rapid-fire presentation of a few different topics instead of one long lecture.
The idea behind lightning hacks is similar—I can cover some quick hacks I think are interesting but that don't warrant a full column. For example, in the first Lightning Hacks column [June 2008], I talked about an expanded wmctrl script that reset all of my windows to default locations and sizes, another script that toggled my laptop output for when I connect to a projector, and finally, I discussed how to use rdiff to create small diff files for large binaries. Now that a year has passed, I think it's time for lightning to strike twice.
Here's a quick one. I've mentioned this trick to a number of people, and I get one of two responses. This is one of those tricks (like Ctrl-R shell expansion in bash) that you either already know about and seems obvious to you, or one that you can't believe took so long to discover.
If you have spent a lot of time on the command line, you probably have heard about the pushd and popd scripts. These scripts let you create a stack that you can push directories on to and later pop them when you want to return to a previous directory. This script is cool, except you have to know in advance you want to save a directory and push it, so you can pop it later—I never seem to remember. Generally speaking, what I need is some quick way to go back to my previous directory. Lucky for me, bash's cd has this feature built in. All I do is type:
$ cd -
Bash keeps track of your current working directory in the $CWD variable and your previous directory in $OLDPWD. If you type cd -, bash substitutes - with $OLDPWD. Although you certainly could just type cd $OLDPWD, cd - is faster and easier to remember.
If you have to manage a lot of servers or run remote scripts in cron, SSH keys are a lifesaver. It's so nice to be able to ssh to a machine and instantly log in without typing a password. Of course, one of the more annoying parts of the process can be setting up the SSH keys on the remote host. Typically, the process goes something like this: run ssh-keygen locally, scp the ~/.ssh/id_rsa.pub to the remote server, then ssh to the remote server and append that key to your remote ~/.ssh/authorized_keys file.
The above method works, but if you can do the entire thing with a one-liner, why wouldn't you? Here's the SSH one-liner that will copy your local SSH key to the remote host, so you have to type the password only once in the whole process:
$ ssh email@example.com "cat >> ~/.ssh/authorized_keys" ↪< ~/.ssh/id_rsa.pub
Many great imaging tools are available, but for me, it's still hard to beat dd (unless your drive is dying, in which case you should use ddrescue). It is such a powerful, blunt, ancient UNIX tool, it's hard not to love it. These days, I don't image too many drives. I use kickstart for server deployments and rsync when I want to migrate files. That said, I still do image drives when I want to perform forensics on the host.
One problem you often have when you image drives is that your server might be in a data center hundreds or thousands of miles away. Even if the server is close by, you might not be able to add an extra drive on the fly. In either case, most sysadmins end up imaging the drive over the network. Traditionally, this was done via netcat, but these days, you always have to figure out some port you can use that won't be blocked by the firewall. Another problem is that netcat will transmit potentially sensitive data over the network in plain text. The modern solution to this problem is to use SSH. Many servers now have SSH running and available out of the box, and with modern processor speeds, the encryption overhead shouldn't be too bad either.
The one-liner to image drives over SSH works much like the one I used for SSH keys above. It takes advantage of the fact that if you pipe data or redirect input to SSH on the command line, it will forward it to the remote connection. So, if I wanted to image /dev/sda on my local machine to a file called /media/disk1/sda-image.img on server.example.net, I would type the following:
$ sudo dd if=/dev/sda | ssh firstname.lastname@example.org "cat ↪> /media/disk1/sda-image.img"
If I didn't want to image to a file and instead wanted to image directly to a drive on server.example.net, I simply could replace /media/disk1/sda-image.img with that device file (I just would need to log in as root).
Because you can image a drive over SSH, it makes sense that you can use a variation on the command to restore your image back to a drive. Here's the inverted version of the above command that I would use if I wanted to restore the /media/disk1/sda-image.img image I created back to /dev/sda:
$ ssh email@example.com "cat /media/disk1/sda-image.img" ↪| sudo dd of=/dev/sda
Kyle Rankin is a VP of engineering operations at Final, Inc., the author of a number of books including DevOps Troubleshooting and The Official Ubuntu Server Book, and is a columnist for Linux Journal. Follow him @kylerankin.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- The US Government and Open-Source Software
- May 2016 Issue of Linux Journal
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- BitTorrent Inc.'s Sync
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide