Set up a user to connect to a Linux server with a private-public key pair

To secure a Linux server, disable password authentication on it. This way only those users can connect to it, who have access to an authorized private key.

To enable users to connect to a Linux server with a private-public key pair

Generate an RSA key pair

  1. In a Bash terminal on your workstation execute
    ssh-keygen
  2. Follow the prompts to specify the name of the key file pair. In most of the cases, you don’t need to protect the key with a password.
    1. If you don’t specify the file name, the key will be saved as ~/.ssh/id_rsa
    2. If you specify a file name, the key files will be saved in the current directory
  3. The public key file will get the “.pub” extension, the private file has no extension

Upload the public key to the Linux server

  1. Log into the server with the “ssh” command using a username and password
    ssh MY_USER_NAME@SERVER_IP_ADDRESS
  2. Add the public part of the key to the user configuration
    1. Switch to sudo mode, this command will ask for the password again
      sudo -i
    2. Navigate to the user home directory
      cd /home/USER_NAME/
    3. Add the public key to the user’s authorized_keys file. Open the file with a text editor and copy the public key into a new line.
      vi authorized_keys
    4. To test the configuration, on your workstation navigate to the directory where the new key is located, and log into the server with
      ssh -i MY_KEY_NAME MY_USER_NAME@SERVER_IP_ADDRESS

Turn off password authentication

  1. Make sure you can log in with the new key !!!
  2. Execute the command
    sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config

The user account does not have permission to run this task

When a Scheduled task is created by another user (or SYSTEM) most of the time only that user can manually trigger the task execution.

When you try to execute the scheduled task from the user interface you can get the error message:

The user account does not have permission to run this task

This error is caused by the lack of permissions on the XML file that contains the task details. To allow all administrators to execute the scheduled task

  1. Remote into the Windows server
  2. Open the C:\Windows\System32\Tasks folder in Windows Explorer
  3. Right-click the file with the name of the scheduled task and select properties
  4. On the Security tab select Administrators and click the Edit button
  5. Check the Read & execute checkbox and click the OK button
  6. Click Yes on the Windows Security popup

Now you should be able to manually execute the scheduled task

Error loading table definition of a PostgreSQL table

When a PostgreSQL table name contains uppercase letters there is no known way to get the table definition SQL script.

When we right-click a table name in SQLPro for Postgres the has an uppercase letter and select Script as, CREATE to, New query window

we get the error message

/*
* Error loading table definition.
* ERROR: relation “public.users” does not exist
*/

As the error message tells us, PostgreSQL is looking for the table name with all lowercase letters.


The pg_dump utility acts the same way.

pg_dump -s -h MY_SERVER_ADDRESS -U M_USERNAME -t Users MY_DATABASE

The error message is

pg_dump: no matching tables were found


The same process works if the table name only contains lowercase letters.

Convert an existing PostgreSQL database to all lowercase table and column names

To avoid similar errors caused by upper case letters in table and column names, convert the existing database definition to all lowercase

    1. Backup your database from the command prompt
      PGPASSWORD=MY_PASSWORD pg_dump -h MY_DATABASE_ADDRESS -U MY_DATABSE_USER -f MY_BACKUP_FILENAME.bak MY_DATABASE_NAME
    2. Open the backup file in a text editor
    3. Add underscores to the table and column names to match the .NET entity framework user identity processes.
      1. The PostgreSQL driver converts the first letter of all lowercase table and column names to upper-case and the letter that follows an underscore. For example, asp_net_users will be converted to AspNetUsers.
        1. Replace the table names with TableName -> table_name ( leave __EFMigrationsHistory as is)
        2. Replace the column names with “ColumnName” -> “column_name”
        3. Replace the primary key names with PK_ -> pk_
        4. Replace the index names with IX_ -> ix_
        5. Replace the foreign key names with FK_ -> fk_
    4. Drop the database. In SQL Pro for Postgres
      1. Right-click the database and select Drop database
    5. Re-create the database. In SQL Pro for Postgres
      1. Rith-click the server name and select Create database
    6. Import the modified backup file from the command prompt
      PGPASSWORD=MY_PASSWORD psql -h MY_DATABASE_ADDRESS -U MY_DATABSE_USER -d MY_DATABASE_NAME -f MY_BACKUP_FILENAME.bak
    7. Reverse engineer the database back to the .NET data layer project
      1. Delete the class files that correspond to the database tables
      2. Delete the MY_DATABSEContext.cs file
      3. Import execute the command in the data layer project directory
        dotnet ef dbcontext scaffold --force "Host=MY_DATABASE_ADDRESS;Database=MY_DATABASE_NAME;Username=MY_DATABSE_USER;Password=MY_PASSWORD" Npgsql.EntityFrameworkCore.PostgreSQL

Copy files between Linux machines

The rsync command allows you to copy files using SSH connection, between your workstation and another Linux machine. You have to be logged into one of the machines, this command cannot copy files between two remote machines.

To copy a file from a remote server to your local workstation, execute

rsync -avz -e "ssh -i SSH_KEY_NAME" USER_NAME@SOURCE_IP:/SOURCE_DIRECTORY/SOURCE_FILE_NAME TARGET_DIRECTORY

To copy a file to a remote server, swap the source and target definitions after the SSH_KEY_NAME option.

Using tmux terminal multiplexer

The tmux terminal multiplexer allows us to open multiple terminal windows in the same SSH session and continue the command execution even when we log out of the SSH session. This way we can execute long-running copy commands overnight without keeping the SSH session open.

Install tmux

On CentOS family Linux

yum install tmux

To start tmux and attach to the last session

tmux a

To keep the current session active

To continue the session execution even when you log out of the server, detach from the session before closing the connection. See the commands below.

Commands

To switch to binding mode

ctrl-b

Commands in binding mode

d detach
% vertical split
horizontal split
arrows move between panes
c new window
p previous window
n next window
l last used pane
q display pane numbers
[ enable scroll with arrow keys or pgup, pgdown
q quit scroll mode
x close the pane (will ask you to press “y” to confirm)

Zooming

cmd-shift + zoom in
cmd-shift – zoom out
cmd-shift 0 (zero) 100% zoom

Copy files between Windows and Linux computers

There are many tools to copy files between Windows and Linux computers, I have found this method the simplest.

It does not require any software installation on the Windows machine, and only one package installation on the Linux machine.

Share a folder on the Windows machine

Share a folder on the Windows machine and allow access to it for a user. If the Windows computer is in the Windows domain, the domain user does not have to be a member of any security group on the Windows machine.

If you copy files from Windows to Linux, make the folder read-only for the user. If you copy files to the Windows machine, allow write access to the folder for the user.

Set up the Linux machine

  1. Install the cifs-utils on the Linux machine
    1. On Red Hat, CentOS, and Amazon Linux
      sudo yum install cifs-utils
    1. On Ubuntu
      sudo apt-get install cifs-utils

Mount the shared Windows folder on the Linux machine

  1. On the Linux machine create a directory to mount the Windows folder to
    mkdir /tmp/windows
  2. Mount the Windows share
    sudo mount.cifs '\\WINDOWS_SERVER_IP\attachments' /tmp/windows -o domain=MY_DOMAIN,username=MY_USERNAME,password=MY_PASSWORD,vers=1.0

    First, you will be asked for the root password on the Linux machine.
    If you do not specify your password in the line above, you will be also asked to enter your password on the Windows machine.

Access the Windows share

  1. On the Linux machine navigate to the mount directory
    cd /tmp/windows
  2. List the files of the Windows share
    ls -al

Troubleshooting

If you get the error message when you issue the mount command

mount error(16): Device or resource busy

try to unmount (umount !) the share first and try the mount again

umount /tmp/windows

 

Edit the HKEY_CURRENT_USER Windows Registry keys of another user

The user-specific settings in the Windows registry are stored under the HKEY_CURRENT_USER key. If you open the Regedit.exe application the HKEY_CURRENT_USER key contains the settings for your user account.

To access the registry keys of another user we need to

Find the Security ID of the user

  1. In Regedit navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist
  2. The key lists the Security IDs and usernames
  3. Save the Security ID of the user.

Another Security ID list location:

The partial list of the Security IDs is also available at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Not all user profiles are listed here.

Click the Security ID folders on the left to see the username in the ProfileImagePath.

Open the user-specific registry keys

  1. In Regedit navigate to the HKEY_USERS key
  2. Select the Security ID of the user you are looking for
  3. The user-specific values are under that key

 

delimited by end-of-file (wanted `EOF’)

When you create a file in a script and use an end of file delimiter,

if ...
  cat <<EOF> $chef_dir/attrib.json
    $json
  EOF
fi

and you indent the word EOF to look nicer, you will get the error message

warning: here-document at line … delimited by end-of-file (wanted `EOF’)
STDERR> …: line …: syntax error: unexpected end of file

To correct the script, move the EOF to the beginning of the line

if ...
  cat <<EOF> $chef_dir/attrib.json
    $json
EOF
fi