Ryan – Page 21 – Ryan Schulze

Script of the day – clean up stale .ssh/known_hosts

August 19, 2010May 13, 2013Ryanbash

This little script takes an IP or hostname as a parameter, and if there is an offending key in the .ssh/known_hosts it removes it and replaces it with the current valid one useful if you are moving/reinstalling a large amount of servers …

#!/bin/bash
#===============================================================================
# FILE: ssh-cleankey.sh
# USAGE: ./ssh-cleankey.sh 
#
# DESCRIPTION: deletes stale ssh known_hosts entries
#===============================================================================

# true or fasle
VERBOSE=false

#=== Exit codes ================================================================
# 1 - Not a valid IP or not reachable
#===============================================================================

#=== FUNCTION ================================================================
# NAME: print_help
# DESCRIPTION: Prints help and exits
#===============================================================================
print_help() { #{{{
echo "Usage: `basename $0` "
echo ""
echo "e.g. ./`basename $0` 1.2.3.4"
echo ""
exit 0
} #}}}

if [[ $# -eq 1 ]]
then
HOST="${1}"
else
print_help
fi

ping -w1 -c1 $HOST &gt;/dev/null 2&gt;&amp;1
if [[ $? != 0 ]]
then
$VERBOSE &amp;&amp; echo "ERROR: $HOST is either not a valid IP/hostname, or is not reachable via ping"
exit 1
fi

Check=$(ssh -o connecttimeout=10 -o stricthostkeychecking=no $HOST true 2&gt;&amp;1|grep -c "Offending key")
if [[ $Check -gt 0 ]]
then
$VERBOSE &amp;&amp; echo "$HOST is stale, updating known_hosts"
ssh-keygen -R $HOST &gt;/dev/null 2&gt;&amp;1
ssh -o connecttimeout=10 -o stricthostkeychecking=no $HOST true &gt;/dev/null 2&gt;&amp;1
else
$VERBOSE &amp;&amp; echo "$HOST is OK"
fi

exit 0

#!/bin/bash

#===============================================================================

# FILE: ssh-cleankey.sh

# USAGE: ./ssh-cleankey.sh

# DESCRIPTION: deletes stale ssh known_hosts entries

#===============================================================================

# true or fasle

VERBOSE=false

#=== Exit codes ================================================================

# 1 - Not a valid IP or not reachable

#===============================================================================

#=== FUNCTION ================================================================

# NAME: print_help

# DESCRIPTION: Prints help and exits

#===============================================================================

print_help() { #{{{

echo "Usage: `basename $0` "

echo ""

echo "e.g. ./`basename $0` 1.2.3.4"

echo ""

exit 0

} #}}}

if [[ $# -eq 1 ]]

then

HOST="${1}"

else

print_help

ping -w1 -c1 $HOST >/dev/null 2>&1

if [[ $? != 0 ]]

then

$VERBOSE && echo "ERROR: $HOST is either not a valid IP/hostname, or is not reachable via ping"

exit 1

Check=$(ssh -o connecttimeout=10 -o stricthostkeychecking=no $HOST true 2>&1|grep -c "Offending key")

if [[ $Check -gt 0 ]]

then

$VERBOSE && echo "$HOST is stale, updating known_hosts"

ssh-keygen -R $HOST >/dev/null 2>&1

ssh -o connecttimeout=10 -o stricthostkeychecking=no $HOST true >/dev/null 2>&1

else

$VERBOSE && echo "$HOST is OK"

exit 0

Checking a list of IPs against RBL

August 10, 2010March 12, 2011Ryanbash

This is more a reminder to myself than anything else … this is small snippet that takes a list of IPs and does a whois on all that aren’t in a RBL

Lets say we have al list of IPs in a file “iplist.txt”:
12.172.121.171 24.149.208.68 38.105.100.9 58.185.207.86 61.201.51.66 64.78.164.169

Snippet that checks the IPs (can of course be easily changed to check IPs that are IN a RBL)

for ip in $(cat iplist.txt)
do
test $(/usr/bin/rblcheck -qm ${ip}) &amp;&amp; continue || clear
whois $ip
printf "###########################\n##### %15s #####\n###########################\n" "${ip}"
read
done

for ip in $(cat iplist.txt)

test $(/usr/bin/rblcheck -qm ${ip}) && continue || clear

whois $ip

printf "###########################\n##### %15s #####\n###########################\n" "${ip}"

read

done

Hiking & castle ruins

August 8, 2010May 18, 2011Ryancastle ruins, hiking, photography

We did a bit of hiking through the forest to castle ruins yesterday, here are the pictures …

[album=19,compact]

bash: using the content of a variable as variable name

August 5, 2010March 12, 2011Ryanbash

Since the implementation of Arrays in Bash is somewhat lacking compared to higher level programming languages (only one-dimensional), and hash lists require a bit of work to set up, you may run into a situation where you have a small list of key/value pairs that are both variable and you need to store.
There are various solutions for the problem, e.g. creating two arrays (one for the keys, one for the values, and combining them by using the same index values for the entries), or using the functions from the link above to build a hash list. For me the easiest way to solve the problem, if I only have a few variables and don’t want to bloat the code, is to (mis)use declare. declare is intended for setting the type of a variable (constant, array, integer,…), but has the nice side affect that you can use variables in the key name, and you can set the value of the variable.

usage:
declare ${Key}=${Value}

Example:
$File_Config is variable holding the name of a configfile, the content of the file could look like this:
foo:one bar:three foobar:bignumber

Snippet:

if [[ -e "${File_Config}" ]]
then
while read line
do
Key="${line%%:*}" # chop off everything after the first :
Value="${line#*:}" # chop off everything before the first :
Value="$(echo ${Value}|sed 's#^ +##g;s# +$##g')" # chop off any excess whitespace
if [[ "${Key}" != "" &amp;&amp; "${Value}" != "" ]] # only continue if we have something to do
then
declare Configuration_${Key}="${Value}"
fi
done &lt; "${File_Config}"
fi

if [[ -e "${File_Config}" ]]

then

while read line

Key="${line%%:*}" # chop off everything after the first :

Value="${line#*:}" # chop off everything before the first :

Value="$(echo ${Value}|sed 's#^ +##g;s# +$##g')" # chop off any excess whitespace

if [[ "${Key}" != "" && "${Value}" != "" ]] # only continue if we have something to do

then

declare Configuration_${Key}="${Value}"

done < "${File_Config}"

after the snippet has read the configfile, you can use $Configuration_foo, $Configuration_bar and $Configuration_foobar in your script. The keynames could also have came from a mysql query, array, command line args, …

back online

August 4, 2010May 13, 2013Ryanacpi, linux, md, raid, xen

The hard drive crash threw me offline a few days due to strange problems with software raids, Xen and acpi. Turns out that using the latest Xen kernel from debian testing branch on a software raid only works of you don’t set “acpi=off” as a kernel parameter. If acpi is turned off, the script “scripts/local-top/mdadm” in the initrd can’t find the devices needed to mount the software raid … causing the whole boot process to come to a grinding halt.

If I find some time I’ll do some more tests, untill then my server will be running with acpi turned on

btw. the hard disk replacement was easy. after the new drive was popped in it was just a copy the partition table and add the partitions of the new disk to the raid