Tag: ssh

  • Github Hosted Runners and Their Access to GCP VPC

    TL; DR: Given plenty of free time of Github hosted runners, I’m tempted to use it instead of running self-hosted ones in my GCP environment. Here are some options to grant network access to my GCP VPC. Prerequisites: Google Workload Identity Federation for Github Runners Option #1, grab the public IP of the runner on-the-fly…

  • How to Connect to Cloud SQL via SSH

    TL;DR: here’s a handy bash script which can connect to a private Cloud SQL instance(MySQL in this case) via a bastion host. Prerequisites: Google Cloud SQL instance with mTLS certs provisioned Google Cloud SDK installed(the gcloud command) a bash shell(better be V5.0+) OpenSSH and MySQL CLI installed Google Cloud SQL is an RDB as a…

  • 5G is Fast but There’s No Public IP

    I’m super happy that I can finally have a broadband that does have a broad bandwidth. However like all other cellular services the 5G gateway has a private IP as its external IP, ie. everything I got is behind huge NAT servers of Optus and they will not open any port just for me. The…

  • Working with a Big Corporation

    So it’s been a while since I started this job in a big corporation. I always enjoy new challenges, now my wish got granted. Not in a very good way. The things work in a quite different manner here. There are big silos and layers between teams and departments, so the challenges here are not…

  • Don’t Need Ngrok When I Have SSH

    I was trying to create a Slack app. In order to let Slack send REST requests to my dev environment, eg. http://localhost:9000, I searched a bit and saw ngrok. Ngrok is very handy for this kind of setup: Slack -> xyz.ngrok.io -> localhost However I just don’t want to install anything so I turned to…

  • 用 ssh_config 为 CLI 提速

    最常用的命令, 应该是最简短的. 就好比常用的词句, 例如, 你好, 再见, 都是简短的. 惭愧的是, 我才想起来优化我的 CLI, 看来以前的工作压力还不够大 ^_^ 参考(man) ssh_config, 可以把常用的 ssh 命令的参数写在 ~/.ssh/config 文件内. 最简单的格式是: Host h1 HostName 10.0.0.100 User raymond 存盘后, 下次连接到 10.0.0.100, 只需要输入 ssh h1 就相当于 ssh [email protected] 一样了. 进一步的, 可以是: Host h1 HostName 10.0.0.100 User raymond Port 10022 ForwardAgent yes ProxyCommand ssh [email protected] nc -w 1 %h…

  • 让傀儡机去洗洗睡吧

    DenyHosts在这里. sshd: Authentication Failures: unknown (124.124.59.60): 8496 Time(s) root (124.124.59.60): 1166 Time(s) mail (124.124.59.60): 67 Time(s) mysql (124.124.59.60): 67 Time(s) nobody (124.124.59.60): 62 Time(s) …… “我最讨厌你们这些劫匪了,一点技术含量都没有。” 当你看到某人或某傀儡机一遍一遍又一遍的蒙你的登录账号(俗称暴力破解), 你也会这么想吧. Google了一下, 原来Centos已经包含了简单且有效的解决方案. 如果还没有安装DenyHosts可以一步安装: sudo yum install denyhosts 缺省配置(/etc/denyhosts.conf)基本可用, 改一下接收报告的Email地址, 就启动吧: sudo chkconfig –levels 2345 denyhosts on sudo service denyhosts start 首次启动可能时间长一些, 因为要分析全部的日志文件. 之后, 和那些”别有用心”的肉机傀儡机说再见吧. Added the following…

  • LAMP服务器的简单备份方法

    我用CentOS作为网站服务器的OS,我是这样备份我的网站的。 以下简称网站服务器为C,我的电脑是A。首先,在C上用一段shell script备份网站: backup.sh #! /bin/bash # This script is to backup the website files and db mysqldump mydb -pmypass >/var/www/mysite/mydump.sql datestamp=`date +%Y%m%d` filewww=”/home/myuser/backup/mysite_””$datestamp””.zip” zip -r $filewww /var/www/mysite 然后可以先运行一下这个script,看看结果是否符合预期。如果没问题,就可以将其加入到crontab了,每天自动运行。 59 3 * * * /bin/bash /home/myuser/backup.sh 这样C这边每天凌晨会备份一次并生成一个zip压缩包。但是把C的备份留在C就没意义了,我还要定期的把zip从C传到A。由于A不像C那样不间断运行的,所以如果从C向A传输就需要测试A是否在线,麻烦。不如让A取C上的zip。这就涉及到另一个问题,身份验证。 为一段自动运行的script提供password,我觉得不如使用public key验证来得专业,而且简单,两步就搞定: ssh-keygen -t rsa ssh-copy-id -i .ssh/id_rsa.pub myuser@C 这期间问到private key password时直接回车就行了;myuser@C的password还是需要输入的(否则……)。 下一步就是在A上写script,获取C上的备份,成功获取后删除C上的备份,并将A本机上超过一个月的备份删除。 backup-mysite.sh #!/bin/bash #by Raymond, Jun,…