Recently in Shell Category

# curl -v https://google.com 2>&1 | egrep -i "issuer:|expire"
* expire date: Feb 01 00:11:00 2018 GMT
* issuer: CN=Google Internet Authority G2,O=Google Inc,C=US

e.g. Get http://mirror01.idc.hinet.net/CentOS/ first 7.x dir name

RE=">(7[0-9\.]+)"
[[ `curl -s http://mirror01.idc.hinet.net/CentOS/` =~ $RE ]]
echo ${BASH_REMATCH[1]}

Output:
7.0.1406

dehydrated 之前叫做 letsencrypt.sh 因為名稱違反 Let's Encrypt 的商標而改名
設定跟之前大同小異

以下範例 Document Root 在 /var/www/html, dehydrated 放在 /usr/local
cd /usr/local
git clone https://github.com/lukas2511/dehydrated
cd dehydrated
echo "yourdomain.com www.yourdomain.com" > domains.txt
mkdir -p /var/www/html/.well-known/acme-challenge # 另一個方法是設 alias (官網教的方法)
echo BASEDIR=/usr/local/dehydrated > config
echo WELLKNOWN=/var/www/html/.well-known/acme-challenge >> config
./dehydrated --register --accept-terms
./dehydrated -c

Let's Eencrypt 憑證有效期只有三個月, 到期前要再來執行 dehydrated -c
可排程每月執行, 剩餘時間要少於 30 天才會 renew, 不然只會提示 Longer than 30 days. Skipping

若機器有防火牆, 需開放以下 IP (for ACME challenge)
outbound1.letsencrypt.org 66.133.109.36
outbound2.letsencrypt.org 64.78.149.164

Apache 設定
Unmark Include conf/extra/httpd-ssl.conf in httpd.conf
conf/extra/httpd-ssl.conf 內容
SSLCertificateFile /usr/local/dehydrated/certs/yourdomain.com/cert.pem
SSLCertificateKeyFile /usr/local/dehydrated/certs/yourdomain.com/privkey.pem
SSLCertificateChainFile /usr/local/dehydrated/certs/yourdomain.com/chain.pem
SSLCACertificateFile /usr/local/dehydrated/certs/yourdomain.com/fullchain.pem

PowerShell OpenSSH 是微軟 PowerShell Team 所 build 的 OpenSSH,
其針對 Windows 環境有些調整, 例如 ssh-keygen 會產在 Key 在 %USERPROFILE\.ssh
比起其他的版本, 更適合在 Windows 使用, 目前仍是 Pre-release

ref. Windows PowerShell Blog - OpenSSH for Windows Update

| xmllint --format - # need libxml2 package
| xmlstarlet fo # need xmlstarlet
Make it more readable.

| python -m json.tool # need python package
| jq . # need jq package
Make it more readable.

Server Side sshd_config
ClientAliveInterval 60
ClientAliveCountMax 3

or

Client Side ssh_config
ServerAliveInterval 60

ssh user@host bash -s -- < local-script.sh

You can add arguments if you need.
ssh user@host bash -s -- < local-script.sh argv1

一般是建 Key 來達成 ssh 免密碼, 若不想建 Key, 可以用 sshpass
sshpass 可以在 ssh 時自動將密碼帶入
密碼可以用檔案(-f filename)或參數(-p password)或變數SSHPASS(-e)帶入
e.g.
sshpass -f pass_file ssh user@somewhere.com
sshpass -p password ssh user@somewhere.com
export SSHPASS=password
sshpass -e user@somewhere.com
當然也可以直接執行所連線主機的 command
sshpass -e user@somewhere.com cat /etc/hosts

dcmd 可以將 command 一次下到多台機器,
前提是要先建立 ssh key, 管理端那台必需先把 public key 送到各台的 authorized_keys
機器清單存在 /etc/dcmd.hosts
然後就可以用 dssh 批次下指令, 例如 dssh uptime
# dssh uptime
host1 14:05:44 up 18 days, 4:12, 0 users, load average: 0.11, 0.10, 0.09
host2 14:05:45 up 19 days, 4:53, 39 users, load average: 1.37, 1.08, 1.08
host3 14:05:45 up 50 days, 4:28, 5 users, load average: 6.06, 6.02, 6.01