Establish SSH connection to server without password prompt
- The principle behind a secure password-less connection is based on a set of keys: a private and a public one.
- The public key is used for encryption and the private key for decryption.
- The keys are created on a client machine that wants to connect to a server without using the SSH password every time.
- The public key must be transferred once from the client to the server.
- When the client later requests a connection, the server sends an encrypted challenge to the client (using his public key). This challenge can only be decrypted by the holder of the matching private key.
- On top of that, the private key can be stored in an encrypted way using a passphrase so that only the holder of the passphrase can make use of the decryption key.
- The passphrase can be stored in e.g. GNOME’s keyring. Thus, once added to the keyring, the user is not asked for the passphrase anymore. However, systemd automount typically has no access to the user’s keyring, so mount at boot is not supported if a passphrase is used.
- Create set of keys on client:
ssh-keygen -t rsa -b 4096
- The above command creates a set of RSA keys (better than DSA) with length 4096 bit.
- The use of a passphrase is recommended. However, if you want to mount the server via fstab at boot leave the passphrase empty.
- Copy the public key from the client to the server into directory ~/.ssh/authorized_keys:
ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-system
- From now on, no password is needed anymore for establishing the connection from the client to the server.
Automount remote directory via systemd in fstab
- This only works if no passphrase was entered for the private key. The problem is that systemd has normally no access to the user’s (GNOME) keyring (e.g. managed by seahorse) and thus cannot decrypt the private key needed for the connection.
- Add to /etc/fstab on client:
user@server:/home/user /MOUNTDIR fuse.sshfs port=2222,noauto,x-systemd.automount,_netdev,users,idmap=user,IdentityFile=/home/user/.ssh/id_rsa,allow_other,default_permissions,uid=1000,gid=1000 0 0
- To mount as user one line in file /etc/fuse.conf must be uncommented:
- Restart systemd:
systemctl restart remote-MOUNTDIR.automount
Create an SSH tunnel through a portal/gate/bridge server
- Assume that you are running a local ssh service on your-lan-machine at port 9999 (non standard), i.e. you can connect only within the LAN.
- However, you can enter the LAN from outside via a protected gateway server portal.domain.com, at port 22 (standard).
- In order to establish a “direct” ssh connection to your-lan-machine (at port 9999), you could create a tunnel (using port 8888 on localhost):
ssh -L 8888:your-lan-machine:9999 firstname.lastname@example.org
- And then connect “directly” to your-lan-machine using ssh/scp/filezilla (or other clients) via:
Compare content of directories including all subdirectories
diff -qr dir1 dir2
- r…recursive (include subdirectories)
- q…less verbose (do not show details about different content within files)
Backup with Cronopete
- Cronopete is a Time-Machine Clone for Linux
- creates backups periodically, e.g. every hour
- keeps all backups from the last 24hours
- keeps daily backups for last month
- and keeps all weekly backups until disk is full
Since I backup on a remote disk that is mounted with sshfs locally (via fstab), I use Cronopete’s functionality to backup into a folder (rather than on a disk). Thus, I needed to enable a certain dconf key. The key is named “enable-folder-backend” and is found using dconf-editor in /org/rastersoft/cronopete/.
Stop viewing raw images (*.NEF, *.CR2) with gwenview
With my Nikon DF, I take images in low resolution *.JPG format together with Nikon’s *.NEF raw format. The filesize of my raw images is roughly 20MB. Since I cannot carry all my images with my notebook (because the harddisk is too small), the images are stored on a QNAP NAS. When browsing the files over the network, I want to exclude the raw images (to make image browsing a fluent experience). This can be done in gwenview by adding the following line to the file ~/.config/gwenviewrc under Section [General]:
The extension *.new must be given, because it is the temporary file extension internally used by gwenview.
Disable file indexing in Gnome
After a fresh Fedora install, a piece of software called tracker is running as a daemon in the background. It is a file indexing service, which – depending on the speed of your harddrive and the amount of data on it – might cause substantial cpu load. Check the status of tracker with this command:
In order to disable tracker for all users on a Linux/Fedora system, the statement “Hidden=True” must be added to all tracker*.desktop files in /etc/xdg/autostart/. The following command does this automatically for you:
for f in /etc/xdg/autostart/tracker*.desktop; do echo “Hidden=true” | sudo tee -a “$f”; done
Clear Gnome cache files
- Recently opened files:
rm -rf ~/.local/share/recently-used.xbel
- File manager thumbnails:
rm -rf ~/.cache/thumbnails/
- Gnome index:
tracker reset -r
Create additional swap/virtual memory in Fedora
Sometimes, I need to run scripts that eat up loads of memory (e.g. several tens of GB), causing Fedora to crash once RAM is full. A solution is to (temporarily) create addition swap space:
- Create empty file (as root) with size N in kB, e.g. for 16GB, N=16384000:
dd if=/dev/zero of=/swapfile bs=1024 count=N
- Make file swap space:
chmod 0600 /swapfile