Category Archives: System Administration

How to Rsync Files Securely With and Without a Password

Interactive Commands

Unattended – Non-interactive Commands

You may want to automate backups or avoid storing passwords within scripts, etc.

Generate private/public key pairs:

 Place the public key in the authorized_keys file on the remote server:

Make sure the .ssh folder and authorized keys have the proper permissions on the remote server:

Log into the remote server:

 Keep in mind if you don’t have you use the “-i” option if you store your private key as ~/.ssh/id_rsa.

In order to provide a bit of security, we want to restrict this automation by source connection and authorized commands. Edit the .ssh/authorized_keys file:

From:

To:

We need to create the script to ensure only the rsync command is allowed for this user:

Setting the proper permissions:

Finally, test it out:

 

 

 

Apache 2.4.7 Start Error: apr_sockaddr_info_get() failed on Ubuntu 14.04

This error is usually harmless. Sometimes you don’t require a complex /etc/hosts file that includes all your virtual hosts.

When running:

You might get this error:

A quick solution to this problem:

What Is the Meaning of 127.0.1.1 in the /etc/hosts File for Debian/Ubuntu Servers?

This is related to this bug report: Debian bug #316099

The system hostname should always be resolvable even when the network is down. Basically, some applications still try to resolve a host via 127.0.1.1 so in order to accommodate, it is kept by default on current debian-type distributions.

The general rule of thumb is: If you don’t have a permanent IP address for your host, use 127.0.1.1.

Another approach is discussed here.

How to Add Comodo’s CA Certificate Files on Apache 2

Along with your domain’s SSL certificate, Comodo gives you a few seemingly random files. The SSLCACertificateFile directive is used for client authentication. It’s basically a single file with PEM-encoded CA certificates concatenated together. They are concatenated by order of preference:

cat COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt > mydomain.cer

This particular example was on an Ubuntu 14.04.1 LTS server with Apache 2.4.7.
apache_ssl_configuration