sshd[419]: error: Failed to allocate internet-domain X11 display socket.

If you cannot get ssh X11 forwarding to work even when you configured your sshd_config properly, and you get the
message “sshd[419]: error: Failed to allocate internet-domain X11 display socket.” in your console… you need to disable
openssh’s ipv6 mode.
add this to your sshd_config file:
ListenAddress 0.0.0.0
And change your init script to pass the “-4” option to sshd, as:
case $1 in
‘start’)
create_key $SSHDIR/ssh_host_rsa_key rsa
create_key $SSHDIR/ssh_host_dsa_key dsa
/opt/acs/sbin/sshd -4 &
;;
Restart sshd and you’ll have X11Forwarding working
86/433

no java console option on Dell DRAC 5

If your dell DRAC 5 card does not give you the option of a Java Console, you might have an old DRAC firmware, older
than 1.40 perhaps.
You should check in the properties tab the firmware version. If it is older than 1.40, you can get 1.45 from
dell’s page
62/433
63/433
http://support.dell.com/support/downloads/download.aspx?c=us&l=en&s=gen&releaseid=R209365&System ID=PWE_2950&servicetag=&os=LIN4&osl=en&deviceid=8735&devlib=0&typecnt=0&vercnt=6&catid=-1&impid=-1&formatcnt=5&libid=36&fileid=293703
that will be an .exe file, so download it into a windoze PC and run it. It will uncompress and give you a file
called “firmimg.d5”
You will use that file to upgrade your drac firmware.
64/433
transfer it to the server in question. if you have linux and all the OM tools installed, you just need to run this
command while you are in the directory where you put the “firmimg.d5” file.
# racadm fwupdate -p -u -d .
That will upgrade your DRAC5 firmware to level 1.45, which includes the java console feature. Now enjoy
your console.
65/433

quick and dirty script to obtain info from your server before you reboot

Use the outputs of this script to compare basic health before and after you reboot, transfer the results to another host
just in case the one you reboot doesn’t come up 🙂
B=`uname -n`
mkdir $B
cd $B
df -h > df-h.txt
metastat -p > metastat-p.txt
metastat -t > metastat-t.txt
netstat -nrv > netsat-nrv.txt
ifconfig -a > ifconfig-a.txt
zpool status -v > zpool-status-v.txt
zfs list > zfs-list.txt
format < /dev/null > format.txt
prtconf -vp | grep -i wwn > wwns.txt
zoneadm list > zoneadm.txt
zoneadm list | while read z;do zonecfg -z $z info> ${z}.txt; done
cd ..
chmod 777 $B
cp -fR $B /var/tmp
56/433

root rsh on redhat linux

DO NOT DO THIS AT HOME, it is highly insecure.
After the rude warning, just had to let you know that if you ever need to have a passwordless root login with
rsh on redhat you have to do this…
Add these lines to /etc/securetty
rexec
rsh
rlogin
pts/0
pts/1
Activate the services by issuing
chkconfig rexec on
chkconfig rlogin on
chkconfig rsh on
add a /root/.rhosts file with the name of the host you want to trust to enter as root
In my case it contains only
otherpc
Change the permissions of the file to 600
chmod 600 /root/.rhosts
Add “otherpc” to your /etc/hosts file
10.10.10.1 otherpc
You’re all set, you can rsh from “otherpc” without having to type the root password.
I REPEAT, do not do this for daily production servers, or any server you take seriously, it is foolish.
226/433

NX+freenx server binary tarball for Solaris 10 x86

UPDATED NOTE: for OPENSOLARIS use this link: http://www.opensolaris.org/os/project/awards/awards_land/Entries
I compiled and built this ready to use nx+freenx server tarball for solaris10 x86 (not opensolaris). This is both freenx
0.7.0 and the nomachine NX libraries version 2.1.0-2.
Tested on a fresh solaris 10 x86 u4 8/07
gnome
CDE
on sol10x86, for the non-believers.
nx_freenx_sol10x86.tar.gz
place it in your server at /, and uncompress.
# cd /
# gunzip nx_freenx_sol10x 86.tar.gz
# tar xvf nx_freenx_sol10x86.tar
Then run the nxinstall script, which will check for the required packages. all of them from blastwave.org.
VERY IMPORTANT: if these are missing, install them!!!! nx+freenx won’t work without ggetopt, expect,
gmd5sum, gfind, ggetopt,netcat from blastwave at /opt/csw/bin! !!
# nxinstall
this
After this, you’ll be ready to use any nx client on another computer to connect to your Solaris 10 x86 freenx
server!
ENJOY!
155/433

jailing a user in ssh without a patch for openssh

You can use a combination of “jailkit” and pam’s chroot module for this, we’ll jail user “rdpm” in this example.
First, get jailkit from http://olivier.sessink.nl/jailkit/ , build it and install it
Now, create a generic jail
jk_init -v /home/jail sftp scp ssh jk_lsh basicshell
let’s now create the user “rdpm”
useradd -m -d /home/rdpm -g 10 rdpm
passwd rdpm
We want this to work only for ssh, so let’s add a line to /etc/pam.d/sshd to load the chroot module
session required pam_chroot.so debug
so, now let’s make rdpm’s home inside the jail directory
mkdir /home/jail/home/rdpm
chown rdpm /home/jail/home/rdpm
You may, if you want so, mount loopback his real home dir into the jail:
mount –bind /home/rdpm /home/jail/home/rdpm
And you may also make that bind mount permanent:
69/433
echo “/home/rdpm /home/jail/home/rdpm bind defaults,bind 0 0” >> /etc/fstab
let’s copy rdpm’s auth info into the jail
grep rdpm /etc/passwd >> /home/jail/etc/passwd
grep rdpm /etc/shadow >> /home/jail/etc/shadow
Let’s configure the chroot pam module
echo “rdpm /home/jail” >> /etc/security/chroot.conf
and that’s all, now “ssh rdpm@yourserver” and you’ll find urself in a jail
70/433