Create a tunnel-only connection to a SSH server using graphical Putty on windows

Sometimes you don't need a shell on a server, but you need to connect to a service that is not exposed on the internet for a different number of reasons, from security to ease of use.

In this case, you can use a server which has a working ssh service as a bastion host to reach the server using a SSH tunnel.

In this way you can create a connection between the client host and the service host though the ssh connection. The data will also be encrypted by the ssh session key so if the service doesn't use an encrypted channel, your data will be secure from eavesdropping.

This is a standard ssh behaviour but unfortunately this can be rather difficult to use if your client machine has windows as OS.

First, you need to have a moderately recent version of Putty, you can get it here: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html and open it, you will get a configuration dialog.

• In the first screen, you are in the “Session” section and you can insert your bastion host name and ssh port (ssh port is 22 by default). You can define a session different by the default one, remember to save it after you do all the configurations otherwise you session will miss the configurations you make after saving!

• Then you must go in Connection|Data section and insert the Auto-login username, this is convenient if you have a dedicated user for your tunnel connection because it saves you to enter the username all the times.

• Then you must go in Connection|SSH section and select “Don't start a shell or command at all” in the Protocol Options. Here if you need it you can select Enable compression if your target service uses a lot of streaming uncompressed data, but it's totally optional and can impact performance on some services.

• Then you go configuring the actual tunnel in Connection|SSH|Tunnel. The source port is the port that will be listening on you client localhost interface and which must be contacted to reach the final service. The Destination is a combination of host and port which has source from the bastion host, so if the bastion host and the service host are the same and the service is an http server, you can insert localhost:80 as destination. Otherwise you can insert the private ip address and destination port of the service host.

NB:  In the particulare case of http, you must verify that the service host is not serving Virtual Hosts as httpd, otherwise there could be problems because the service is not contacted with the right name. There are workarounds to it like for instance modifying the client hosts.txt file.

• Remember to save the section, even if you decided to only have a Default Settings session earlier, you have to go back to the Session section, select the session (or type a new name) and choose “Save”. 

• Then you can open the session (either by selecting it and clicking Open or by double-clicking it), Putty will ask you for the password (if you used Auto-login username, otherwise will ask you for a user first) and the drop you to a black terminal with nothing more. 

• Finally, you can point your client (as a web browser for http, a dbclient for a database or a game) to localhost and the port you choose as source port.

If everything went well, you should have your service ready to use!

TODO: make screenshots of all Putty configurations.

When you update the broadcom-wl drivers on Mageia5

...and the network goes down upon the installation of the brand new kernel module.

Don't Panic!

It's super-easy to recover, unless you make strange manouvers.

I simply follow these simple steps:

• Stop the network
• kill the wlsupplicant (if there's more than one, kill all instances associated with your wireless network device)
• Start the network

It works flawlessly for me and saves me a reboot.

Hope it helps.

Font problems with nonbeta NX server

As you now I'm just completing the migration to Mageia3 on all my client machines.

One issue I met is the absence of freenx server in the packages due to a dependency hell, it should be resolved when nxnode will be more mature.  Meanwhile, I installed the old-fashioned nx server from nomachine.org and I run into an issue: when you disconnect a session, upon reconnect the fonts of gtk applications are all messed up (I did not try what happens with qt ones, since I use only a few and never remotely).

The solution is easy, even I had a long time figuring it out. You have to edit /usr/NX/etc/node.cfg and uncomment this option:

AgentExtraOptions = "-norender"

If the option is already uncommented, just add -norender after all the options present (with a space in between). Disconnect the session and enjoy.

The Gnomification of Firefox

After the small post about Gnome3 as a working environment, I stumbled in a French article about regaining screen estate in Firefox. The advice seemed sound, and I went to apply the changes.

I already posted on Google+ the results, so I'm now summarizing the steps you need.

• First things first, you need the Adwaita Theme[en] that, as usual, you can find on addons.mozilla.org.
• Then you need the HTitle extension, from the same source. Big warning! The extension hides the titlebar, so if you use the same Firefox profile in other desktop environments, you could loose the titlebar when Firefox is maximized!
• Next you want also the Movable Firefox Button. This is optional but very convenient as you can move the FF button (which contains all the menus and such other things) in the url bar or in the tab bar, in the position you want it. In the original article it's just after the url bar, I prefer to have it as the first item in the tab bar.
• Install the OmniBar which let you merge the url bar and the search bar as Chrome do, but without losing functionality.
• Now you can move the tab bar on top of the url bar if you like, just type the usual about:config into the url bar and set the property browser.tabs.onTop to True.
• Now you can install the Status Titlebar Gnome Shell extension. This is also optional but it may be very useful in case you have similar windows open.

And then you're done, this is this same post viewed in a gnomicized Firefox:

Gnome 3 as a work desktop

I recently acquired a new notebook from my new employer and I choose of course to install Mageia 2 with a Gnome 3 desktop.

Beside installing my usual sort of utility applications, such as Nomachine's NX Client or grdesktop (which has rdesktop as a dependencies), I'm showing here some productivity configurations that I like.

Mageia 2 on Macbook Pro: how to enable brightness keys with nvidia driver

Here's how to make brightness keys (eg. F1 and F2) to work on Mageia 2 on Gnome 3.

Add this line to the Device section of the xorg.conf (after you configured the proprietary drivers under Mageia control center):

Option "RegistryDwords" "EnableBrightnessControl=1"

Here's the page that helped me.

Edit: note that this configuration may lead to X11 crashes as well as the same configuration with noveau (which does not need any Option in x.org.conf).

Mageia 2

It's out. It's amazing. It works on the macbook pro. Enough said.

Go update or install NOW!.

Mandriva and Mageia, Am I not a farseer?

Note this blog post of mine (and the date) and this announcement from Mageia.

No more left to say.

Fixin a form PDF saved with Mac OSX Preview

Working with tax forms, this year I found the form as an editable PDF.
Unfortunately I had the bad idea of editing e saving it with preview, rendering t unusable with Adobe Reader, which I had to use to print with a windows machine.

Google came to my rescue.
http://kb2.adobe.com/community/publishing/885/cpsid_88564.html

So this is what I have done:

• I installed the javascript in my linux box (in ~/.adobe/Acrobat/version/JavaScripts)
• This as per the documentation add a new option to the file menu, so you have to open the file which does not display the edited items and use " Fix Field Appearances"
• Now you can't save the PDF, but you can print it to a PS file
• run ps2pdf on the ps file and enjoy your pdf ready to be transferred to your windows box.
• Profit... :)

Mageia 2

Mageia 2 Beta2 is out.

The main new features from Mageia 1 are:

• Kernel 3
• Systemd
• KDE 4.8
• GNOME 3 (currently 3.3, 3.4 is planned for release)
• Many updated browser versions (Firefox, Chromium, Opera)

The installation on my trusted companion, the MSI s271 went very well and the issues presented by Mageia 1 have been resolved (I had to upgrade to the latest firmware for the power management to work correctly).

Sadly, NetworkManager still fails me (fortunately, Mageia includes Mageia Control Center so network configuration is still a breeze, even if there's no connection monitor on Gnome3).

Currently, I'm using the Gnome3 desktop as main environment on this installation and the only complaint I can think of is lack of customization possibilities.

Fixing click to focus problem on Gimp-X11 on MacOS X

If you try to use gimp on MacOS X, you'll find that all the clicks in the tool window needs to be repeated twice, once to select the window and once to select the tool.

If you don't like this beaviour, I stealed from this site the solution:

1. Open a terminal
2. Write

defaults write org.x.X11 wm_click_through -bool true

3. Restart X11 if you have it open
4. Enjoy

Fix MSN certificate problem with Pidgin

To make a long story shot, grab the certificate (here) and install under Pidgin.
Screenshots here.

Update: Of course the update to Pidgin has been issued and all. Just a reminder.

Come utilizzare Time Machine su share Samba (non supportato)

Eccomi con la versione italiana del mini-howto. È probabile che aggiunga degli screenshot non appena rimetto le mani sul MacBookPro.

Ieri mi sono cimentato nel convincere TimeMachine a utilizzare una share di rete samba come disco di backup, dato che ho completato la configurazione del mio MSI Wind Box con dual Atom.

Così, dopo un po' di prove, controprove, smanettamenti e ricerche su Google, ho trovato questo post sul forum di macrumors, che mi ha fatto risolvere tutti i problemi.

ATTENZIONE: Questa modalità d'uso di TimeMachine non è supportata da Apple, quindi usatela a vostro rischio... eccetera.

Richiede l'uso del terminale.

Using (unsupported) SMB shares for Time Machine

Yesterday, after setting up my Samba NAS based on a dual-Atom MSI Wind Box, I fought against Time Machine, which refuses to use a shared folder as a backup disk.

So after a long struggle, I found this forum post which make everything work.

DISCLAIMER: this use of Time Machine will be unsupported by Apple, so use it at your own risk, warranty is void, and so on.

Terminal access is required.

About Mandriva

This post is about my own opinion on the whole Mandriva issue.
(for the Italian version, keep scrolling)

The Fork

I think that putting up a forked project for the "community" edition of Mandriva (Mageia) is good. This should become what Fedora is for Redhat, a community-driven distribution, high on Mandriva standards and willfull to embrace new technologies in Cooker.

The Company

The company should leverage Mageia by producing a derived distribution from the stable version, including former One live editions, and selling powerpacks. From the solid base, they should expand and integrate the Enterprise Editions

The Community

Having both Mageia and Mandriva, the community should try to integrate both distribution to work with binary packages in the contrib, plf and mib repositories, so you should have binary compatibility in the stable Mageia version and in Mandriva. Projects like Codeina should go on and simply just work.

The Future

We will see if the sinergy will work correctly as I hope. In the meantime, having a backup project like Mageia, will easy the transition for many users, including myself. For now, I'm postponing the migration to CentOS as it seemed so obvious to do it just a few days ago.

File versioning

I wrote a small script to do file-level backup/versioning of a single file or group of files as a whole, without resorting to anything beyond basic cp, tar and rm.

Basically it works like this: