Recently in Linux Category

Linux Named Pipe

Vote 0 Votes

mkfifo fifo_file
cat fifo_file

In another shell session
date > fifo_file

You'll see date info in first shell session.
General Usage: piping data from program A to program B.

ref. Named pipe

OTP Client for Linux and Windows

Vote 0 Votes

For Linux: OATH Toolkit
For Windows: WinAuth

Compile PHP with couchdb

Vote 0 Votes

cd php-5.6.23
git clone
mv php-couchdb ext/couchdb
rm configure
./buildconf --force
./configure --enable-couchdb

Compile PHP with mongodb

Vote 0 Votes

cd php-5.6.23
wget -qO- | tar zxv
mv mongo-1.6.14 ext/mongo
rm configure
./buildconf --force
./configure --enable-mongo

mongo extension 已經被 mongodb 取代, 不過仍有維護及安全性更新

因為 PuTTY 的 Private Key 格式, 跟 OpenSSH 的不太一樣, 若兩邊要共用同一把 Key,
Key 要從 OpenSSH 那邊產生, 再用 puttygen.exe 匯入 Key, 用 Load an existing private key file

再 Save public key, Save private key

SSH 的認證方式, 其實有很多種, 用 ssh -oPreferredAuthentications=none host 可以取得 Server 端所支援的認證方式,
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password,hostbased).
輸出類似這樣, 看到 Permission denied 是正常的
比較常見的是 password、publickey, 而 hostbased 比較少用的原因可能是需求變少了, 且 sshd_config 中預設也沒開
hostbased 認證使用時機是當 Host C 中的很多用戶, 都要用免密碼連到 Host S, 管理者只要設定好,
Host C 用戶就能直接 ssh 到 Host S (同帳號)
環境 Host C's hostname is host-c, Host S's hostname is host-s

Client /etc/ssh/ssh_config
HostbasedAuthentication yes
EnableSSHKeysign yes
Client /etc/hosts host-c
加入自已的 IP Hostname 對應, 若沒有會出現 get_socket_address: getnameinfo 8 failed: Name or service not known

Server sshd_config
HostbasedAuthentication yes
HostbasedUsesNameFromPacketOnly yes
IgnoreRhosts no # 若要讓 root 也能連入
Server /etc/ssh/ssh_known_hosts 這個檔要有 Client 端的 /etc/ssh/
ssh-keyscan host-c >> /etc/ssh/ssh_known_hosts
編輯 /etc/ssh/ssh_known_hosts
在 Host C IP 前加入 host-c, 重要, 因為 hostbased 是認 Hostname, 若沒加會找不到 Key
host-c, ssh-rsa AAAAB3NzaC1yc2EAAAABIw ... qqU24CcgzmM=
Server /etc/ssh/shosts.equiv
加入 host-c
若要讓 root 也能連入, /root/.shosts 要加入 host-c

XML formating

Vote 0 Votes

| xmllint --format - # need libxml2 package
| xmlstarlet fo # need xmlstarlet
Make it more readable.

JSON formating

Vote 0 Votes

| python -m json.tool # need python package
| jq . # need jq package
Make it more readable.


Vote 0 Votes

nginx (發音 engine) 近幾年因為性能卓越, 市佔已愈來愈高, 僅次於 Apache, IIS, 排第三
官方有提供 Prebuilt Packages, 安裝很方便
name=nginx repo

yum -y install nginx

PHP 在 configure 需加 --enable-fpm 參數
設定檔用預設的即可 cp sapi/fpm/php-fpm.conf /usr/local/etc/php-fpm.conf
執行 php-fpm 會 Listen 9000 Port
nginx 設定檔 /etc/nginx/conf.d/default.conf
這是 HTTP + HTTPS + PHP 的典型設定, DocumentRoot 在 /var/www/html
若 SSL 憑證是用 Let's Encrypt, ssl_certificate 這個參數要把這兩個檔合併 cert.pem, chain.pem
cat cert.pem chain.pem > cert_chain.pem
若只有 cert.pem 的內容, 試過一般瀏覽器可以正常, 但是 curl, wget, links, lynx, w3m 等 CLI 工具都會出現錯誤
curl: (60) Peer certificate cannot be authenticated with known CA certificates
wget: ERROR: The certificate of '' is not trusted.
links: SSL error
lynx: SSL error:unable to get local issuer certificate
w3m: unable to get local issuer certificate
ERROR: The certificate of '' hasn't got a known issuer.

ref. Install NGINX

openssl s_client

Vote 0 Votes

openssl s_client 可用來查看 HTTPS Server 的憑證
openssl s_client -connect
openssl s_client -host -port 443

About this Archive

This page is an archive of recent entries in the Linux category.

Life is the previous category.

Misc is the next category.

Find recent content on the main index or look in the archives to find all content.

Linux: Monthly Archives

Monthly Archives