How to disable SSH host key checking

Original link

http://linuxcommando.blogspot.com/2008/10/how-to-disable-ssh-host-key-checking.html

Remote login using the SSH protocol is a frequent activity in today's internet world. With the SSH protocol, the onus is on the SSH client to verify the identity of the host to which it is connecting. The host identify is established by its SSH host key. Typically, the host key is auto-created during initial SSH installation setup.

By default, the SSH client verifies the host key against a local file containing known, rustworthy machines. This provides protection against possible Man-In-The-Middle attacks. However, there are situations in which you want to bypass this verification step. This article explains how to disable host key checking using OpenSSH, a popular Free and Open-Source implementation of SSH.

When you login to a remote host for the first time, the remote host's host key is most likely unknown to the SSH client. The default behavior is to ask the user to confirm the fingerprint of the host key.
$ ssh peter@192.168.0.100
The authenticity of host '192.168.0.100 (192.168.0.100)' can't be established.
RSA key fingerprint is 3f:1b:f4:bd:c5:aa:c1:1f:bf:4e:2e:cf:53:fa:d8:59.
Are you sure you want to continue connecting (yes/no)? 

If your answer is yes, the SSH client continues login, and stores the host key locally in the file ~/.ssh/known_hosts. You only need to validate the host key the first time around: in subsequent logins, you will not be prompted to confirm it again.

Yet, from time to time, when you try to remote login to the same host from the same origin, you may be refused with the following warning message:
$ ssh peter@192.168.0.100
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
3f:1b:f4:bd:c5:aa:c1:1f:bf:4e:2e:cf:53:fa:d8:59.
Please contact your system administrator.
Add correct host key in /home/peter/.ssh/known_hosts to get rid of this message.
Offending key in /home/peter/.ssh/known_hosts:3
RSA host key for 192.168.0.100 has changed and you have requested strict checking.
Host key verification failed.$

There are multiple possible reasons why the remote host key changed. A Man-in-the-Middle attack is only one possible reason. Other possible reasons include:
OpenSSH was re-installed on the remote host but, for whatever reason, the original host key was not restored.
The remote host was replaced legitimately by another machine. 

If you are sure that this is harmless, you can use either 1 of 2 methods below to trick openSSH to let you login. But be warned that you have become vulnerable to man-in-the-middle attacks. 

The first method is to remove the remote host from the ~/.ssh/known_hosts file. Note that the warning message already tells you the line number in the known_hosts file that corresponds to the target remote host. The offending line in the above example is line 3("Offending key in /home/peter/.ssh/known_hosts:3")

You can use the following one liner to remove that one line (line 3) from the file.
$ sed -i 3d ~/.ssh/known_hosts

Note that with the above method, you will be prompted to confirm the host key fingerprint when you run ssh to login.

The second method uses two openSSH parameters:
StrictHostKeyCheckin, and

UserKnownHostsFile.

This method tricks SSH by configuring it to use an empty known_hosts file, and NOT to ask you to confirm the remote host identity key.
$ ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no peter@192.168.0.100
Warning: Permanently added '192.168.0.100' (RSA) to the list of known hosts.
peter@192.168.0.100's password:

The UserKnownHostsFile parameter specifies the database file to use for storing the user host keys (default is ~/.ssh/known_hosts).

The /dev/null file is a special system device file that discards anything and everything written to it, and when used as the input file, returns End Of File immediately.

By configuring the null device file as the host key database, SSH is fooled into thinking that the SSH client has never connected to any SSH server before, and so will never run into a mismatched host key.

The parameter StrictHostKeyChecking specifies if SSH will automatically add new host keys to the host key database file. By setting it to no, the host key is automatically added, without user confirmation, for all first-time connection. Because of the null key database file, all connection is viewed as the first-time for any SSH server host. Therefore, the host key is automatically added to the host key database with no user confirmation. Writing the key to the /dev/null file discards the key and reports success.

Please refer to this excellent article about host keys and key checking.

By specifying the above 2 SSH options on the command line, you can bypass host key checking for that particular SSH login. If you want to bypass host key checking on a permanent basis, you need to specify those same options in the SSH configuration file.

You can edit the global SSH configuration file (/etc/ssh/ssh_config) if you want to make the changes permanent for all users.

If you want to target a particular user, modify the user-specific SSH configuration file (~/.ssh/config). The instructions below apply to both files.

Suppose you want to bypass key checking for a particular subnet (192.168.0.0/24).

Add the following lines to the beginning of the SSH configuration file.
Host 192.168.0.*
  StrictHostKeyChecking no
  UserKnownHostsFile=/dev/null

Note that the configuration file should have a line like Host * followed by one or more parameter-value pairs. Host *means that it will match any host. Essentially, the parameters following Host * are the general defaults. Because the first matched value for each SSH parameter is used, you want to add the host-specific or subnet-specific parameters to the beginning of the file.

As a final word of caution, unless you know what you are doing, it is probably best to bypass key checking on a case by case basis, rather than making blanket permanent changes to the SSH configuration files.

file manipulation

1) output total number of input file
awk 'END {print NR}' input_file

2) output #3 line Number of Field(NF)
awk 'NR==3 {print NF}' input_file

3) output lines that contains "INFO"
awk '/INFO/ {print}' input_file
less input_file | grep INFO

4) output lines that doesn't contain "INFO"
awk '!/INFO/ {print}' input_file
less input_file | grep -v INFO

5) output the second colum
awk -F "delimter" '{print $2}' input_file
cut -d "delimiter" -f2 input_file

6) output the first and the third colum
awk -F "delimter" '{print $1 $3}' input_file
cut -d "delimiter" -f1,3 input_file

Install Apache and PHP on Window XP

Apache: 2.2.16
httpd-2.2.16-win32-x86-openssl-0.9.8o.msi
http://www.apache.org/dist/httpd/binaries/win32/httpd-2.2.16-win32-x86-openssl-0.9.8o.msi

PHP: 5.2.14
php-5.2.14-Win32-VC6-x86.zip
http://windows.php.net/downloads/releases/php-5.2.14-Win32-VC6-x86.zip

Mysql: 5.1.50
mysql-essential-5.1.50-win32

---------------------------------------------------------------------------------------------

Apache:
1) Download and unpack
I used httpd-2.2.16-win32-x86-openssl-0.9.8o.msi
http://www.apache.org/dist/httpd/binaries/win32/httpd-2.2.16-win32-x86-openssl-0.9.8o.msi


2) Install
When you install Apache, you'll get a prompt for "Server Information." Here is the settings I used:
Network Domain: localhost
Server Name: localhost
Admin Email: (any email. real or fake)

[checked]: for All Users, on Port 80, as a Service


3) Starting/Stop Apache
After installing, Apache2 automatically starts. The GREEN icon in the System Tray means it started. The RED icon means the "Monitor Apache Servers" is running, but Apache2 isn't started.

You can easily start/stop/restart Apache and Apache2 via that icon in your System Tray. If you get "The requested operation has failed!" error while starting apache use the "Test Configuration" shortcut in the Start Menu to find the error (if the text window pops up then closes before you can read it, your config file is fine).

4) Testing
Now the ultimate test. To see if it's serving. Open your browser and head to: http://127.0.0.1/ or http://localhost/
If it shows the It works! you have your server software installed and running.

5) Configuration:
Making Apache point to your files, using Notepad open C:/Program Files/Apache Software Foundation/Apache2.2/conf/httpd.conf (in the start-menu there should also be a "Apache HTTP Server 2.2 > Configure Apache Server > Edit the Apache httpd.conf Configuration File" shortcut) and search for DocumentRoot.

Change it from something like

DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs"
DocumentRoot "C:/public_html"


it will locate where your HTML files and site are located, then scroll down about one page and change

Directory "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs" >
Directory "C:/public_html >


PHP:
http://www.php.net/manual/en/install.windows.manual.php

1) Download and unzip
I select to install PHP manually, php-5.2.14-Win32-VC6-x86.zip
http://windows.php.net/downloads/releases/php-5.2.14-Win32-VC6-x86.zip

Unzip the file to C:\php

2) Configuration
Rename C:\php\php.ini-dist to php.ini and edit php.ini file for parameters:

doc_root = "C:\public_html"
extension_dir = "C:\php\ext"

Edit Apache Conf File in
C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd

add following at the begin of apache configuration file
 
LoadModule php5_module "C:/php/php5apache2_2.dll"
AddType application/x-httpd-php .php
AddHandler application/x-httpd-php .php
PHPIniDir "C:/php"

Then Reboot Microsoft Windows system(very important)

3) Testing
Restart Apache if it is already running (if it doesn't start or you get errors, use your Apache "Test Configuration" shortcut in the Start Menu to see why).

To test your PHP simply create a test.php file in your Apache "DocumentRoot" folder (C:\public_html\ in my case). In your test.php file, type these 3 lines and then load the file in your browser like http://localhost/test.php (you should get a whole long list of php variables, settings, etc):

Mysql:
1) Download and installation for mysql-essential-5.1.50-win32
Install path is in
C:\Program Files\Mysql\mysql server5.1\

log files, databases is installed in
C:\public_html\mysql_data

start mysql using
C:\Program Files\Mysql\mysql server5.1\bin\mysqld --console

stop mysql using
C:\Program Files\Mysql\mysql server5.1\bin\mysqladmin -u root shutdown

2) Mysql server instance configuration wizard and keep use default

Hint: if you reinstall Mysql, you have to delete mysql data 1) C:\public_html\mysql_data; 2) Ran RegEdit, searched for every instance of MySQL, and deleted it from the registry.

then install again

Amarok

su -c 'rpm -Uvh http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm
http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm'

OS: fedora 9
Installation: sudo yum amarok libtunepimp-extras-nonfree xine-lib-extras-nonfree

English names for the characters in keyboard

~	tilde (sounds like til-da); be prepared to explain to computer-illiterate people saying "you know, the wave-shaped thingy"
!	exclamation; commonly read as bang in case of #!/bin/sh
@	at
#	pound; but commonly read as shee in case of #!/bin/sh, not sure why
$	dollar
%	percent
^	caret; not many people know this word so be prepared to say "no, not carrot; it's the character above 6, an arrow pointing up"
&	ampersand
*	star; some read asterisk
(	opening parenthesis (some may shorten it saying paren)
)	closing parenthesis
_	underscore; once I heard people say underbar
+	plus
-	minus; as symbol before arguments in commands, some people including me read dash, easier to say one syllable
=	equals
`	backtick or backquote
{	opening brace
}	closing brace
[	opening bracket
]	closing bracket
|	pipe or vertical bar
\	backslash; be prepared to explain to some computer-illiterate people
:	colon
;	semicolon
"	double quote
'	single quote
<	less than; some may read left angle bracket
>	greater than
,	comma
.	dot; period if in English text
?	question mark
/	slash or forward slash; some computer-illiterate people may be confused about / and \
	space
(), [] and {}	may also be called brackets in general. In that case, they specifically call [] square brackets and {} curly brackets. I never like this. Open and Closing may also be called left and right.

Emacs (Auctex) Window XP installation instruction

Installation instruction:
This article describes the installation of emacs including Auctex for Window XP. Since most of these files have be precompiled, what you need just download the precompiled file and configurate them.

1) Download Emacs(including Auctex) for Window XP. The download page as follow:

http://www.gnu.org/software/auctex/download-for-windows.html

And here we use the version emacs+auctex-w32-2007-07-07.zip, you can download from
ftp://alpha.gnu.org/gnu/auctex/emacs+auctex-w32-2007-07-07.zip

Please read the README file before downloading, and in this manual, which included all lisp code and documentation. We put the unzipped file Emacs to the directory C:\Program Files\Emacs. Then we need to setup environmental variable:

HOME=C:\Program Files\Emacs

Afterwards, .emacs.d and .emacs are under the directory $HOME(C:\Program Files\Emacs)

Note: the configuration of the $HOME is very important, please set if first before the following configuration.

2) Configuration

Generally speaking, the main purpose of configuration to Emacs is to set up .emacs file, which was located in the $HOME directory. Here we take into account an example of how to set Aspell that could check spelling.

**********************************************************************************************************************
Configuration for Aspell:

(1) First, download full installer from
http://aspell.net/win32/
and then worldlist setup. Be aware of they are two separately installations.

(2) In my configuration, I installed them into the C:\Program Files\Emacs\Aspell. Then add the path C:\Program Files\Emacs\Aspell\bin to the environmental variable PATH.

(3) Download the ispell.el from
http://kdstevens.com/~stevens/ispell-page.html
and then put ispell.el to directory $HOME/site-lisp

(4) add to the .emacs as
(setq-default ispell-program-name "aspell")
(setq-default ispell-local-dictionary "american")
(global-set-key (kbd "") 'ispell-complete-word)
*********************************************************************************************************************
Configuration for Latex

Thought this emacs version includes Auctex, but we need to download latex for windown XP, you can find more information here:

http://www.hi.is/~tpr/latex/index.html

Here we use Miktex, a latex compiler. Generally set up and the installation will set latex command to the environmental variable PATH.

There is problem for preview functionality, what is resolution here is enter the Miktex installed directory, in my case is
C:\Program Files\MiKTeX 2.6\miktex\bin
change the yap to xdvi.
The reason for this operation is preview functionaliy here is "xdvi file.dvi", however, can not find xdvi in miktex, we just change the command name as xdvi here.
To produce PDF file:
dvipdft file.dvi
To produce PS file:
dvips file.dvi
***********************************************************************************
;my .emacs file
;------------------------------------------------------------------------------
; Basic set up
;------------------------------------------------------------------------------

(setq default-major-mode 'text-mode); set defalut mode as text-mode
(setq inhibit-startup-message t) ; Don't want any startup message
(setq auto-save-default nil) ; Don't want any auto saving
(setq auto-save-list-file-name nil) ; Don't want any .saves files
(show-paren-mode t) ;parathesis mathcing
;; the following setups are for color style, since here I used color.el, not necessary to set anything
;(setq make-backup-files nil) ; Don't want any backup files
;(set-cursor-color "blue") ; Set cursor and mouse-pointer colours
;(set-background-color "white") ; Set emacs bg color


(mouse-avoidance-mode 'jump) ;when cursor close to mouse, mouse avoid automatically, funny ^_^
(tool-bar-mode nil) ; disappear tool-bar
;(menu-bar-mode nil) ; disappear menu-bar
(global-set-key [f9] 'tool-bar-mode) ;keybindings for tool-bar
;(global-set-key [f10] 'menu-bar-mode) ;keybindings for menu-bar
(setq default-line-spacing 10)


;---------------------------------------------------------------------------
;Some (keybindings)keyboard shortcuts for instance copy f5, cut f6, paste f7
;---------------------------------------------------------------------------

;(global-set-key [f5] 'copy-region-as-kill) ; Copy
(global-set-key [f6] 'kill-region) ; Cut
(global-set-key [f7] 'yank) ; Paste


;-------------------------
;color package
;-------------------------
;(load-file "/home/wason/myemacs/color-theme-6.5.0.el")
;(load-file "C:\Program Files\emacs-22.1\site-lisp/color-theme.el")
;(load-file "/home/wason/myemacs/color-theme-6.6.0.el")
;(load-file "/home/wason/myemacs/color-theme-6.6.0/color-theme.el")
(require 'color-theme)
(color-theme-arjen)
;(color-theme-dark-blue2)

;-------------------------
;setup for aspell
;----------------------------
(setq-default ispell-program-name "Aspell")
(setq-default ispell-local-dictionary "american")
(global-set-key (kbd "") 'ispell-complete-word)


;(load "auctex.el" nil t t)
;(load "preview-latex.el" nil t t)

;(setq TeX-parse-self t)
;(setq-default TeX-master nil)
;(add-hook 'LaTeX-mode-hook 'turn-on-reftex)
;(setq reftex-plug-into-AUCTeX t)

***********************************************************************************

Similar, we can configurate any other features in emacs. Enjoy it.

MBR恢复

今天电脑出现一个非常奇怪的事情，我的本本上装了双系统，XP和Ubuntu， 我的移动硬盘也是双系统，XP和Ubuntu， 然后我在我的本本上用magic对移动硬盘格式化等操作。等操作弄完，重新启动电脑， grub 居然出错， 显示error 17。在网上查了查，17的错误是不能认识引导区。 后来在网上查了查，原来是MBR在格式化硬盘的时候损坏了，真是想不通，对不同的硬盘操作，为什么会相互影响。废话少说，现在来恢复。

恢复MBR的办法，直接用XP安装盘启动，进入控制台，然后执行fixmbr。 XP可以恢复了。 Ubuntu仍然进不了。现在的情形几乎是原来双系统，重装xp后linux恢复不了，原因是MBR重写了，这里介绍两个方法来恢复：

1）一种方法是下载grldr, 放在C盘，然后修改boot.int, 在最后一行加上 C:\GRLDR="GRUB"。 虽然恢复以后的系统不是100%的完美，主要要两次引导，一次是grldr， 然后才是linux下的grub。

2) 第二种恢复是完全恢复，在恢复以前首先必须从floopy 或者恢复盘进入到GRUB。 比如从floopy恢复，先要把GRUB安装到floopy上面，安装的方法是

cd /usr/lib/grub/i386-pc

dd if=stage1 of=/dev/fd0 bs=512 count=1

dd if=stage2 of=/dev/fd0 bs=512 seek=1

然后从floopy启动， 进入到GRUB控制台。 

找可以用的stage1文件 

find /boot/grub/stage1

如果系统安装了多个操作系统，比如

• SUSE on (hd0,1)
• Kubuntu on (hd0,2) 
• Mandriva on (hd0,4)

如果用SUSE的stage1文件

root (hd0,1)

如果用Kubuntu的stage1文件

root (hd0,2)

同理Mandriva

root (hd0,4)

最后setup（hd0）

然后退出。 

总结一下

find /boot/grub/stage1 (optional)
root (hdX,Y)
setup (hd0)
quit

重新启动机器 ok