SSH to servers behind JumpServers

Let’s suppose you have received a bunch of Linux servers you need now to administer… the problem tough, is that to access those servers you need to open a ssh session to a “Jump Server”, then from jump server, you will reach all the needed servers…

This is what I did:

Pre-requisites:

1. ssh public keys installed on the jump server, and also in all the other servers…
Note: Although you really don’t need the keys for this approach to work, it’s very recommended… BTW who still using passwords??

To configure in your linux machine:

1. If not created, create a file named “config” under your user .ssh directory, and put the following contents…

vim /home/username/.ssh/config

and copy this contents:

Host host_you_need_to_connect_to
	ProtocolKeepAlives 15
	ServerAliveInterval 15
	ProxyCommand ssh -e none user@jumpserver exec nc %h %p

Quick explanation:

Host: In this option you configure the hostname or hosts names you want to connect to. The * it’s also useful. Example: server_*

Alive Options: This will keep you out of errors like this: Write failed: Broken pipe

ProxyCommand: This is where the magic happens, first it will open a ssh connection to the jump server, and execute netcat command to second server, or better to say to the host you want to connect to….

Running VPNC and StrongSwan IPsec together

If in your company, or your workplace has Cisco VPN infrastructure, but at the same time you need to connect to some remote site using Ipsec, and you are Linux desktop user, then this is a good tip how to run both of them at the same time.

Requirements:

Already configured vpnc to connect to VPN
Already configured ipsec to connect to remote sites
Already configured Internet connection

Internet to VPN

To connect to corporate vpn, there’s a lot of guides out there. The important thing to consider, it’s that both daemons (vpnc and ipsec, pluto for StrongSwan ) CAN NOT bind to the same port. So in the case of vpnc, the way to start it it’s:

vpnc <name_of_your_profile> –local-port 0

If you run it this way, you’ll note that vpnc daemon it’s binded to random UDP port in your interfaces. You can use netstat to figure out which port it’s using. Now that you are connected to your VPN it’s time to use ipsec…

Connect to remote sites using IPSEC

StrongSwan it’s one of the most used ipsec implementations for Linux. One of the restrictions of StrongSwan, it’s that when it starts pluto daemon, it must be started in UDP port 500. So, now that you have started vpnc in different port, there’s shouldn’t be a problem running this one too:

ipsec start

You can see your configured logs for ipsec, and also you can use netstat to figure out the port that’s being used. With the daemon initialized, now you can open ipsec connections:

ipsec up <conn_name_configured_in_ipsec.conf>

Conclusion

Now that you have configured different ports for those daemons, it’s quite simple to used both at the same time. This approach enables you to use Linux, and open source software, instead of $$indows and $$isco proprietary software.

Using ClusterSSH for multiple ssh sessions

If you like me, sometimes requires typing same command in multiple ssh connections to remote servers, this is a useful tool: ClusterSSH. HomePage: http://sourceforge.net/projects/clusterssh/

At this moment I’m in Ubuntu 10.4, so:

Installation

Simple use aptitude to install the package:

sudo aptitude install clusterssh

Usage

Just open your regular terminal and type in this command:

cssh -l <username> <server1> <server2> …

That will open several terminals and also will open CSSH window. So, whatever you type in that windows will be reflected in every server!!!

As always you also can edit /etc/clusters file to put your own configurations, for more information visit the Home Page of the project.

Conclusion

This is a good tool to speed things up when handling multiple servers, however you should be very CAREFUL with it.

Ruby 1.8.7 with gems 1.4.2 in Ubuntu 10.4

While trying to figure out how to install gems 1.4.2 in Ubuntu 10.4 with Ruby 1.9.2 I found the following error:

root@DMX82877:/usr/src/rubygems-1.4.2# ruby setup.rb --setup
/usr/src/rubygems-1.4.2/lib/rubygems/source_index.rb:62:in `installed_spec_directories': undefined method `path' for Gem:Module (NoMethodError)
 from /usr/src/rubygems-1.4.2/lib/rubygems/source_index.rb:52:in `from_installed_gems'
 from /usr/src/rubygems-1.4.2/lib/rubygems.rb:914:in `source_index'
 from /usr/src/rubygems-1.4.2/lib/rubygems/gem_path_searcher.rb:83:in `init_gemspecs'
 from /usr/src/rubygems-1.4.2/lib/rubygems/gem_path_searcher.rb:13:in `initialize'
 from /usr/src/rubygems-1.4.2/lib/rubygems.rb:873:in `new'
 from /usr/src/rubygems-1.4.2/lib/rubygems.rb:873:in `searcher'
 from /usr/src/rubygems-1.4.2/lib/rubygems.rb:495:in `find_files'
 from /usr/src/rubygems-1.4.2/lib/rubygems.rb:1034:in `load_plugins'
 from /usr/src/rubygems-1.4.2/lib/rubygems/gem_runner.rb:84:in `<top (required)>'
 from <internal:lib/rubygems/custom_require>:29:in `require'
 from <internal:lib/rubygems/custom_require>:29:in `require'
 from setup.rb:25:in `<main>'.

Making google research I found this is kind of a known issue, but until now there’s not a real workaround of this. So what I did, it’s making flat installation of ruby 1.8.7, then install gems 1.4.2 and at the end rails 3.0.3 and it worked just right!

 

cd ruby-1.8.7-p330/
 ./configure
  make
  make install
 
cd rubygems-1.4.2
  ruby setup.rb
gem install -r rails

References:

http://railsforum.com/viewtopic.php?id=42374

 

Outbound DAHDI calls failing, “Sent deferred digit string”

This is for our main records, but if someone find this useful that will be nice.

Problem: Trying to make outbound calls fails in asterisk 1.4.X with dahdi

[Apr  6 09:07:53] DEBUG[9180] chan_dahdi.c: Dialing ’5932050′
[Apr  6 09:07:53] DEBUG[9180] chan_dahdi.c: Deferring dialing… (res -1)
[Apr  6 09:07:53] VERBOSE[9180] logger.c:     — Called 2/5932050
[Apr  6 09:07:54] DEBUG[9180] chan_dahdi.c: Sent deferred digit string: T593205

Solution:

exten => _9XXXXXXX,1,Dial(DAHDI/g0/ww${EXTEN:1})
exten => _9XXXXXXX,2,Hangup()

Look on the ‘ww’ before the phone number, that makes chan_dahdi pause for 1 second before placing the digits on the line.

References:

http://pbxinaflash.com/forum/showthread.php?t=4190

http://www.voip-info.org/wiki/view/Asterisk+cmd+Dial

DTMF Problems between different Asterisk Versions.

Well, I’m writing this just for personal records, but I’ll be glad if someone finds this information useful.

I updated one of the main Asterisk Servers for one of the Electrosystems Customers VoIP network from 1.2 branch to 1.6, but we noticed troubles with the dtmf’s tones not passing through. So at the end I found a very useful article describing the problem:

Just include this line in sip.conf in your Asterisk 1.6 of 1.4 and it will fix the problem:

rfc2833compensate=yes

References:

http://www.voip-info.org/wiki/view/Asterisk+DTMF

http://www.freepbx.org/trac/ticket/2726

MAC OS X install on PC AMD 64 X2 with NVIDIA 8400 GS

Well, after a few try and errors attempts trying to get MAC OS X to get installed on non-MAC hardware, finally I got success thanks to many folks out there who have taken the bull by the horns, and have demonstrated us that MAC can be installed and run out of Job’s Hardware rules.

So, what’s better than see by your own eyes:

References:

http://www.insanelymac.com/forum/lofiversion/index.php/t92043.html

http://nvinject.free.fr/downloads.php

http://www.insanelymac.com/forum/index.php?act=Print&client=printer&f=11&t=78980

FreePBX with Asterisk 1.6 not applying changes

Last week, while trying to upgrade Asterisk to branch 1.6 for an Electrosystems Project (I had to mention) , besides other issues I found that the last FreePBX 2.5.1.5 version is not able to make the reload by default.

This is because in Asterisk 1.6 the CLI command ‘reload’ it’s missing, or it has been renamed to ‘module reload’.

So, what I did was change the file functions.inc.php inside the FreePBX installation folder. This is what I did:

cd /var/www/html/admin/

Edit the file functions.inc.php

Replace this line:

$astman->send_request(‘Command’, array(‘Command’=>’reload’));
For this Line:

$astman->send_request(‘Command’, array(‘Command’=>’module reload’));

And that’s it. Now the Apply changes bar is working as expected.

Conferencia de Asterisk en Flisol 2009

Gracias a todos los que organizaron y especialmente a los asistentes del taller de Asterisk en el Flisol,

Aunque hubo contratiempos la platica resulto muy amena, los asistentes resultaron personas muy participativas, creo que algunos eran del Tec de Delicias y los demas, personas que les interesa el movimiento del software libre…

Quiero agradecer especialmente a Arturo y su gente por su apoyo en la preparacion del taller… le di mucha guerra con los telefonos y cosas necesarias (cables y demas) …

Vimos a gente del gluch, lo cual resulto agradable… es diferente conocer personas que solo leer mensajes de correo electronico de ellas… Saludos para todos!!!

Al final solo hay que esperar a que compartan las fotos, para publicarlas aqui… mientras tanto, seguimos en contacto… cualquier comentario es bienvenido… y welcome to the Asterisk Revolution!!!

Conexion Asterisk con Axtel usando ISDN PRI en Mexico

Hace unos dias me toco instalar otro servidor Asterisk, pero esta vez el reto es que la empresa tiene lineas digitales con el Telco AXTEL, y lo mas interesante es que es un E1 usando ISDN PRI… cosa rara para los americanos… ya que para ellos siempre son T1′s.

Esta vez las tarjetas utilizadas fueron 2 Digium TE210P (dos puertos E1′s)…. una para comunicar 2 enlaces de AXTEL, y la otra para conectar 2 E1′s con un PBX NORTEL Opcion 61 usando CAS/R2…

Para conectar Axtel esta fue la configuracion:

Leer el resto de esta entrada »