Xprotect security OSX and Java

February 12th, 2013

I was curious about how Apple managed to quickly respond and disable Java after the CERT and SEI vulnerability warnings remotely. Some googling later, figured out that the Xprotect security mechanism in OSX Lion operates on this file which can be remotely updated by Apple - mine seems to have been on Feb 8, 2013.

/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist

Xprotect Meta Plist Lion

Interesting to see Flash listed in this same block list as well.

Installing ns2 (2.35) on Mac OSX Lion

January 30th, 2013

Turns out that installing ns2.35 on Mac OSX Lion 10.7.5 wasn’t as painful as other blogs said [Blog1][Blog2][Blog3]. [Blog1] and its comments presented useful information. So here is a quick summary of what I had to do (as of Jan 30, 2013).

1. Downloaded ns2 from sourceforge, untarred ns-allinone-2.35.tar.gz

[Here]

2. The standard install script and a modification recommended in one of the blogs [here] blew up in a whole lot of places.

In particular when the standard script is linking the files, it throws up:

Undefined symbols for architecture x86_64:

As recommended, the way to solve it is by installing tcl8.5.10, tk8.5.10, tclcl-1.20, otcl-1.14, and ns-2.35 in that order with 64-bit enabled. I guess the install script can be modified, but I don’t have time for that now.

3. To compile tcl8.5.11

Navigate to ns/tcl8.5.10/unix in the download, configure with 64-bit compilation enabled, make and make install


cd tcl8.5.10/unix
./configure --enable-framework --enable-64bit
make
make test
## you should pass all test.
sudo make install

4. To compile tk8.5.10

Navigate to tk8.5.10/unix in the download folder, configure with 64-bit compilation enabled, make and make install


cd tk8.5.10/unix
./configure --enable-framework --enable-64bit
make
sudo make install

5. To compile otcl-1.14

Navigate into the otcl-1.14 directory, configure, move a couple headers to an alternate location, make


cd otcl-1.14/
./configure --with-tcl-ver=8.5.10 --with-tk-ver=8.5.10
cp tcl8.5.10/unix/*.h tcl8.5.10/generic/
make

If you tried make without copying the headers above, you will get error: tclUnixPort.h: No such file or directory and then Make goes beserk.

6. To compile tclcl-1.20

Navigate to tclcl-1.20/, configure, make


cd tclcl-1.20
./configure --with-otcl=../otcl-1.14 --with-tcl-ver=8.5.10 --with-tk-ver=8.5.10
make

7. To compile ns-2.35

Navigate to ns-2.35, configure, make, run validation tests


cd ns-2.35
./configure --with-otcl=../otcl-1.14 --with-tclcl=../tclcl-1.20 --with-tcl-ver=8.5.10 --with-tk-ver=8.5.10
make

Note here that we are specifying absolute path for otcl-1.14 and tclcl-1.20 here; since tcl-8.5.10 & tk8.5.10 was installed in their default Library locations (make install), we do not need to specify the same. To learn more, type ./configure –help.

Now run validation, take a long break


./validate
##(Validation can take 1-30 hours to run.)

Finally, you will get this:


"validate overall report: all tests passed"

8. That’s it. ns2 is now installed on the Mac OSX Lion. Wasn’t painful at all. Some intelligent changes in the standard install script would make it a no-brainer.

 

X11 Forwarding problems with Ubuntu 10.04 when IPV6 disabled

August 30th, 2012

I had problem hunting down a “Error: Can’t open display:” bug with X11 forwarding today. There were many fixes suggested online but none that solved my problem. Assuming you have setup X11 forwarding on the remote machine end (i.e. /etc/ssh/sshd_config) has entries such as:


X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes

Logging in to this remote machine from a local PC/MAC with ssh -X or ssh -Y should work. Wrong (for me). Here is what I saw happen on Ubuntu 10.04 and Ubuntu 10.10 because I had IPv6 disabled.


$xclock
Error: Can’t open display:

I decided to verify whether the request was being indeed passed on to the Remote_computer by turning on the debug messages with -v.

From Local Machine:

$ssh -v

I saw this among many other debug lines:


debug1: Requesting X11 forwarding with authentication spoofing.

Looks good. So, what’s the problem?

At Remote Machine:


$ vi /var/log/auth.log

I saw this at the bottom of the log pile.


Aug 30 19:03:40 sshd[2306]: error: Failed to allocate internet-domain X11 display socket.

Hmm, it turns out that the daemon was unable to create a display socket. Why? I had disabled IPv6
on the remote machine in some other context. You can verify if this is the case with you by:


cat /proc/sys/net/ipv6/conf/all/disable_ipv6

A return value of 0 means IPv6 is enabled, a value of 1 means disabled.

I had disabled ipv6 earlier by the following changes in /etc/sysctl.conf


#disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Simple solution. On Remote Machine, we have to explicitly say that we want to bind to the IPv4 family.


$sudo vi /etc/ssh/sshd_config

AddressFamily inet
Port 22


That’s what was needed. service sudo ssh restart didn’t do the trick. I simply restarted the machine and tried again.

Making Net::SCP work (CPAN, FTP_PASSIVE, sudo, visudo)

April 11th, 2012

This is a short note regarding the motions I had to go through to make the perl module Net::SCP work. This is a note to self.

Step 0 -  CPAN’s documentation is pretty straight-forward. http://search.cpan.org/~ivan/Net-SCP-0.08/SCP.pm
Step 1 - Installation


$cpan
install Net::SCP

Oops.. Needs sudo permissions to perform make install


$sudo cpan

What!! Can not fetch LWP/FTP. Why? It just did it. FTP_PASSIVE is set as an environment variable (see my previous blog). Now what’s wrong.

Turns out sudo filters out most environment variables (FTP_PASSIVE not picked up). The fix is to edit /etc/sudoers


env_keep = ..... FTP_PASSIVE .....

So, I tried : sudo /etc/sudoers Read-only - Er.. For Root? Oh that’s a security feature, so let’s try : sudo visudo Err visudo doesn’t exist. It’s not in $PATH. All right sudo /usr/sbin/visudo.

Problem solved. Now sudo cpan can make install in peace and I can get around pesky firewall’s with passive FTP as root.

Oh and a code dump of what I was testing.


#!/bin/perl
use strict;
use warnings;
use Net::SCP;

#used ssh-keygen -t rsa to generate key on local machine
#used ssh-copy-id -i ~/.ssh/id_rsa.pub [remote_username]@[remote_machine] to share public key from [local_machine] to [remote_machine]

#otherwise replace Net::SCP->new("[remote_machine_name]“,”PASSWORD”);

my $scp;
$scp = Net::SCP->new(”[remote_machine]”);
$scp->login(”[remote_username]”);
$scp->put(”[what to put]”,”[where to put]”) or die $scp->{errstr};

This was pretty straight-forward.

My BITSAA Journey… (so far)

April 11th, 2012

I joined the first batch at the spanking newly christened BITS Pilani Goa Campus. Just as the many bright-eyed students who enter the hallowed halls of BITS Pilani,  we the 2004 batch students (the first in a sister campus in India) perhaps had some additional apprehensions, worries. Among them there was a burning desire to be accepted as, feel like, be treated and get the same experience as and finally be accepted into the vast pantheon of BITS Alumni. BITS did that spectacularly - the same coursework, many of the same legendary Professors who moved to spanking new campus, sometimes setting the same exams, and encouraging similar extra-curricular activities. As students, we did other things - contributing to Sandpaper, enthusiastically adopting programs initiated by alumni like BITSEmbryo. Tens of alumni who spoke to us through BITSEmbryo welcomed their fellow BITSian’s in the campuses.  Then BITSAA CEO Ashish Garg (someone of our generation), visited the campus, was given a rousing welcome (about 500 students attended a pack Lecture Theatre). His rousing speech set aside any remaining aspersions permanently etching in our minds - BITSAA (like BITS Pilani) was one brand - we are brothers-in-arms. As the Goa campus evolved, we were already mimicking structures in Pilani with a Goa twist in some - org structure for campus events to Centre for Software Development. BITSAA Bangalore was doing wonderful things - hosting our then Director Prof. Goel for a series of talks with alumni. Then came the Practice School Program where some of us made the trek to Silicon Valley or the East Coast as Interns and came back to tell us wonderful stories about the life “out there” as a BITS Pilani graduate awaiting us. BITS Alumni like Sunil Nanda (Nvidia) came by to the Goa Campus in the very first year to not only hire but educate students in “Whats out there?” It might not be unfair to say that most of the companies who came in to hire from the Goa Campus in its very first year were either headed by or had BITSians in influential positions.

 

To most of us, BITSAA was this massive monolith (behemoth?) - an army of “BITSians” organized in many chapters out there helping each other and helping the cause of BITS. BITSConnect had just happened (2003-2004). We had seen the “Old Boys” come together to wire up the BITS Campuses not too long ago. BITS alumni could make magic happen. Stalwarts like Jayan Ramankutty, Chandra Bhople and others flew down regularly to address students, encourage budding entrepreneurs, opening doors. I was fortunate to come to the Silicon Valley as a Practice School student. Among other things, I had the opportunity to see BITSAA Silicon Valley Chapter in full force. The ACYUT Robotics Team from BITS Pilani had just made an appeal to alumni for support in building India’s first humanoid. I saw first-hand Raju and Viggy and many others marshall fellow alumni - raising record sums in record time. Not only that, under their leadership alumni drove down to the event to cheer BITS Pilani at the Robogames. Such a wonderful gesture! Team ACYUT was invited to and given rousing receptions in several Silicon Valley companies, TiE hosted an event, so did BITSAA. I saw the level of attachment and commitment alumni had in promoting young BITSians. Wow! these guys are EXACTLY who I imagined they were.

 

Next, I had a unique back room view into BITSAA International’s rebirth - working directly with then CEO Ashish Garg. I helped in putting BITSAA International’s paperwork in order & realized how all the “different BITSAA’s” I adored were working hard but not talking to each other. I also attended the first couple of Board of Trustees meetings minuting discussions - understanding the thinking at the highest levels of BITSAA’s leadership (especially the challenges they faced). In hindsight, there were many problems - a global alumni directory did not exist, a consistent annual fundraiser had never happened, finances and paperwork were not consistently maintained. Lots of alumni were interested in contributing but there was no structure, no inclusive organization which managed everything. Only the most passionate among alumni could sustain projects. When their enthu died, so did BITSAA. That is what SP Kothari, Ashish Garg and the then Board of Trustees were fighting and ended up creating a  ”BITSAA Leaders Group” & the BITSAA Leadership Program. BITSAA was now going to operate as a Corporate entity with a Board of Trustees, an empowered Executive Team and a pseudo-corporate hierarchy. For an all-volunteer group, I think it was a bold move an experiment whose time had come.

 

In 2008, as a newly christened BITS graduate I came to Texas for Grad school. Was disappointed that there was no Chapter in the area. Efforts were underway to recreate one. I ended up joining BITSAA’s new Technology Team - its newly assigned mandate: “Create BITSAA’s first global alumni directory”. I had the opportunity to work with Sarath Kolla, then CTO. I learnt from him about his more than 5 year long commitment as the CTO. It was all finally coming to fruition - a comprehensive all-in-one managed website, alumni directory, fundraising portal, e-store, career center, news portal, newsletter, bulk-mailing system etc. etc. Sarath was an amazing mentor not only for technical matters but for “How to be a leader” and “Get stuff done”. In addition to spending time on numerous technology/backend matters, application development etc., I was also managing the agenda and minutes for Sunday calls for the next two years. This gave me a unique vantage point to see, learn from and be inspired by the many BITSians who joined these calls on a dutiful, diligent basis - reported on the progress of their programs, initiatives - investigated failures, celebrated success together. This was a different somewhat unique experience but extremely rewarding to be a part of. I was a regular. There were so many programs that took off between 2008-2010: LPBP, Campus Relations, CEL, Sandpaper, two fundraising drives driven globally, BITS2Marathon, many new scholarships, travel grants for students and faculty and more. For the first time, BITS alumni were creating endowments which would last for decades. Alumni were donating money to help fallen BITSians (Seema Sood, Life for Manish). It was exhilarating!

 

Alas, all good things come to an end. One fine weekend, I got a call from the “Boss” (Ashish) saying he was hanging his boots and he was on the lookout for a successor. I was sad, tried to make him change his mind but he was “done”. Quite dutifully, I rattled off my recommendations (there were about a hundred people in the team then, 20-25 very active). Very quickly I realized that the “Boss” was drafting me in as his replacement!

 

Fast forward 2010, BITSAA had at its helm a young (somewhat untested) yet energetic executive team. The founding fathers had stepped down and it was up to gen-next to do it right. The first thing on our to do list was charting a way forward for the first BITSAA Global Meet. It was a great idea. We had to pull it through or drop it entirely. Every alumnus we spoke to encouraged us, had his own ideas about it. I would like to singularly congratulate Abhisheak for doggedly pursuing the BGM dream at this very early stage. After a lot of meetings, conference calls with Chapters & BITS Leadership, we finally had everything sorted out. CS Goel, the dynamic leader of BITSAA’s oldest chapter - “BITSAA Delhi” had stepped up to the plate with his team. A marriage made in heaven - youth (the young BITSAA Intl volunteers) and experienced (the Delhi team have been doing this for the community for 30+ years). BITSAA could have its first BGM early 2011. Four years of planning was going to be put to the test. The biggest value BGM brought to the community was that it brought us together. Although it was a 3 day event, the 6+ month planning brought together chapter leaders, batch leaders, distinguished BITSians, ethued BITSians under one roof. We BITSians relish a challenge - and thats what we did. Chapters from Silicon Valley to Dubai to Australia - long lasting ones in Bangalore, Hyderabad, Chennai, Singapore put their heads together - conducted parallel events informing BITSians of the effort, encouraging everyone to join in the festivities. Long dormant chapters like Houston, Boston, Seattle, UK, Singapore, Arizona sprung to life. The BITS Leadership saw this as an excellent opportunity to solicit alumni support in the “Parivartan” they had been mulling for some time. Win-win-win for everyone. Overall, BGM2011 benefited from a concocted recipe for success on all fronts.

 

What’s BITSAA all about? Among other things, it’s an avenue for enthu’ed BITSians to put our minds together, bring our expertise, resources and talents together, contemplate, devise and deliver game-chaning projects for the alma-mater. That’s exactly what happened at BGM (as expected I may add!). Bringing the BITS campuses together with state-of-the-art video conferencing technology had long been identified as the need of the hour by the BITSEmbryo team led by Shashikant Khandelwal(theFIND) and Prof. Rahul Banerjee (BITS) (scroll up!). Potential impact and reach of such frameworks had already been demonstrated over several years through Project Embryo. The bottlenecks had been identified - end delivery of video conferencing needs to be improved. BITS had already made made strides in this regard under the leadership of the Chancellor KM Birla & Kris Ramachandran. Bandwidth had been purchased (a long standing bottleneck out of the way). Classrooms need to be equipped to handle state of the art video conferencing infrastructure. If potential recruiters were to come into the campuses to hire, they need to be guaranteed unparalleled quality of service from the video-conferencing solution. If the leadership of the campuses wanted to have a virtual meeting to sort out administrative matters they need to use “No excuses” technology that “simply works”. If a distinguished visitor at one campus is making a speech to 2000 students in an auditorium, how can it be reliably webcast to the other campuses? How can a quality of service be guaranteed. When there is a will, there is a way. A volunteer army coalesced under the leadership of Prem Jain, the flag-bearer and alumni leader for projects like these. BITSConnect2.0 was born from BGM1.0. A comprehensive study of available technologies and fit for the alma-mater was started - request for quotes sent to the leading providers, detailed discussions held with BITS leadership -Prof. Rahul Banerjee playing a stellar role. After the technology fit was approved, price negotiations began. The BITS Leadership appeared very enthusiastic - “We wanted this years ago! This can bring a sea-change in the BITS system”. Mission accomplished. Let the fundraising begin..

 

BITSAA has been an integral part of my life for the past 5 years – I began as a volunteer in Project Embryo, worked in various roles within Technology Team, Operations/HR in an emerging BITSAA Organization. Over the past two years, I have had a chance to actively work with legends (like SP, Raju, Prem, Kris, Viggy, CS, Brij, Ashish, Anupendra, Sudeep, Sarath) who I think have become as close as family to me. It has been a lot of hard work and hours put in - lots of joy and yes occasional frustrations - my payback to BITS Pilani which has been the foundation for my life’s journey. Through my BITSAA experience, I have learnt professionally and personally. I would like to thank everyone who have come on this journey with me and given me the opportunity and honor to serve BITSAA. I have met some incredible BITSians along the way (like Arun Aravind, Abhisheak, Rohit, Vivek Iyer, Shashikant, SatP, VJ) who have had me redefine what “BITS Passion” really means - some of them have been going on upwards of a decade. I have had an extra intense last two years as BITSAA’s CEO. With a lot of BITSAA firsts and some missed opportunities - perhaps a once-in-a-lifetime experience at my age! I would like to thank all Board Members and SP, Raju, Ashish in particular for reposing faith in me and bequeathing their legacy - BITSAA Leaders. I hope I have done you all proud.

 

BITSAA, I feel today is at the at cusps of its next evolution under the dynamic leadership of its beloved new Chairman Raju Reddy and the now Global Board of Trustees. Flagship projects which they have nurtured beginning BGM2011 prep like BITSConnect2.0, BITS Spark and the umbrella “Bridges to the Future Campaign” need to be taken into high-gear, fulfilled and celebrated with full gusto. A new BGM 2014 Org Team needs to be put together. A more capable and energetic team who can do more justice to them has taken over - the dynamic Rohit Koul (’02) as the new CEO, the equally vociferous and committed Vijay Sharma (’06) as the new COO. “Maximizing the potential of BITSians and BITS Pilani” has begun with new visions, new beginnings, fresh minds and a renewed sense of purpose and direction.

 

BITSAA, in the next couple of years, in my opinion will need to focus on “alumni enrichment” - efforts for career improvement (online portal or in-person career fairs), promoting young entrepreneurs (BITS SPARKS) will make the network more relevant to the alumni. The more we get together for fellowship, the more we will devise projects benefitting our alma-mater. This is what most of the successful long-lasting chapters have been doing - Indore, Jaipur, Delhi, Australia, SVC. Getting together only when it is time to give is not a sustainable approach. BITSAA International in recent years, has focussed much on the mechanics - running things (scholarships, awards, programs etc). With the newly established  Office of Alumni Affairs at BITS taking full shape, BITSAA should transfer those obligations to BITS. That will free up our volunteer hours to promote existing programs - virtually or through chapter events. We can then figure out more says to enhance our bond as alumni, think of and execute programs benefitting alumni (job fairs, entrepreneurship, career growth, professional improvement etc). We can also find ways to collaborate and deliver on projects involving alumni worldwide. Chapter events which are held could be promoted to wider audiences - in person or virtually. We will be able to find ways to bring BITSians who are “out of the network” back into the fold. Alumni through BITSAA could potentially support BITS in other ways it has identified for us (outside of fundraising) - “identifying and hiring quality faculty”, “hiring graduate BITSians from the undergraduate and post-graduate programs”. “establishing new Practice School stations”, “setting up centers for excellence, Chair Professorships,” “leveraging their positions of influence in bringing to BITS” already available industry and government funding for research and teaching. The opportunities are endless. BITS resolve is strong. BITSians are the most passionate when it comes to BITS. The recipe, I feel is just about right. We just need to get going.

 

Go BITS.

LWP failed with code[400]

April 11th, 2012

When installing Perl modules with cpan, it is possible to get a error due to the firewall.


Fetching with LWP:
ftp://cpan.cs.utah.edu/CPAN/authors/01mailrc.txt.gz
LWP failed with code[400] message[FTP return code 150]
Fetching with Net::FTP:
ftp://cpan.cs.utah.edu/CPAN/authors/01mailrc.txt.gz

after doing:

perl -MCPAN -e shell
install

It typically hangs for a while while trying to fetch for a while over LWP or FTP
The simple fix is: export FTP_PASSIVE=1 before calling sudo perl -MCPAN -e shell or sudo cpan as the case may be.

The same thing ca be done within cpan with o conf ftp_passive

Giving a Root User Remote Access to a mySQL database

March 29th, 2012

I happen to be within a firewalled environment and I wanted to simply login as the root user for a mysql server from a development machine. Well, security purists would scoff at the idea, but I needed it (running some scripts as root from the dev machine).

The issue is mysql out-of-the-box is configured to explicitly dis-allow root from log in from anything other than the local machine.

Enabling remote access for any user is easy. Most of us have gone through this as part of mysql setup :

Step 1: On the mySQL server:

sudo vi /etc/my.cnf

Look for the line that says

bind-address=YOUR-SERVER-IP

Change that to:

bind-address=YOUR-SERVER-IP

Step 2: Restart mysql service

sudo /etc/init.d/mysql restart

All’s well. As long as individual users have been given permissions to a database through something like:

GRANT ALL ON *.* TO foo@bar IDENTIFIED BY 'PASSWORD';

Now what if I want the same for root? We need to update the allowed permissions for root on the server side with the following simple steps.

mysql -uroot -p

To Check what’s the current state of user,host login permissions we’ll lookup the default mysql table elegantly named: mysql.


mysql> use mysql;
mysql> select host, user from user;
+—————+——————+
| host | user |
+—————+——————+
| myhostname | root |
| localhost | root |
| % | myusername |
| myhostname | myusername |
+—————+——————+
3 rows in set (0.00 sec)

It seems that a non-root user ‘myusername’ was indeed allowed to login from anywhere. This is not the case for root. Now I’ll update the ‘myhostname’ entry to use the wildcard ‘%’, and then issue the command to reload the privilege tables.

mysql>update user set host=’%’ where user=’root’ and host=’myhostname’;
mysql>flush privileges;

Now, here’s the catch: It’s important to update the entry where host=’myhostname’. Inserting a fresh row will not work. Now you should be able to login from a remote machine (say a development box) to the mysql server as root. Any perl scripts will work fine. If this is not enabled on the remote machine, mysql command-line or any scripts for instance will look for ‘root’@'the-development-machine’ instead of ‘root’@'myhostname’. Thereby confusing the heck out of you.

$mysql -u root -h myhostname -p

This simple fix gave me a headache for sometime. So, this is a note to self.

Installing DBD::mysql on Mac OS X Lion

March 21st, 2012

I was trying to install the perl module DBD::mysql on Mac OS X Lion. I faced some hassles. Here are a couple of useful links (Thanks!). I had some peculiar problems of my own, so this post is a “note-to-self” for the next time :

http://blogs.perl.org/users/phillip_smith/2012/03/installing-dbdmysql-on-mac-os-x-107-lion.html

http://probably.co.uk/problems-installing-dbdmysql-on-os-x-snow-leopard.html

According to Joe Di Pol’s blog, OS X works slightly backwards to what most of us from Linux and Solaris backgrounds understand – compiled binaries look at a dynamic library, which in turns says where it is, rather than the traditional way of thinking which is to include a library search path in the compiled binary.


cpan[1]> install DBD::mysql

So, when it comes down to testing (make test), it fails.

# Failed test 'use DBD::mysql;'
# at t/00base.t line 21.
# Tried to use 'DBD::mysql'.
# Error: Can't load '/Users/aalap/.cpan/build/DBD-mysql-4.020-9nL8LG/blib/arch/auto/DBD/mysql/mysql.bundle' for module DBD::mysql: dlopen(/Users/aalap/.cpan/build/DBD-mysql-4.020-9nL8LG/blib/arch/auto/DBD/mysql/mysql.bundle, 2): Library not loaded: libmysqlclient.18.dylib

There are two solutions:

  1. Symlinking ‘libmysqlclient.XX.dylib’ from ‘/usr/local/mysql/lib’ to ‘/usr/lib/’ (where XX is the version of the library that is available to link to).
  2. Run install_name_tool command, install DBD::mysql buillds

  3. sudo install_name_tool -id /usr/local/mysql-5.5.21-osx10.6-x86_64/lib


    otool -D `mdfind libmysqlclient.18.dylib`

Alas, it still failed for me. Building successfully doesn’t mean it is installed. CPAN performs make install only after make test. I had changed my root password. The Makefile expects “” (NULL) password. I had to pass a valid user and a valid password. Passing arguments to the Makefile to ensure that the tests run using a proper MySQL user (the Makefile defaults to the system user running the tests, if no other user is provided, which fails for me as that user doesn’t exist). After a few more turns I realized, it lacks permissions to place some files in /Library/Perl/5.12/darwin-thread-multi-2level/Bundle/DBD. I decided to use root and run sudo CPAN. The way to do it is:


cpan[2] o conf makepl_arg "--testuser=root --testpassword=Whatever_my_password_is"

Now run install DBD::mysql again

cpan[3] install DBD::mysql

Yoohoo..


Running make install
Files found in blib/arch: installing files in blib/lib into architecture dependent library tree
Installing /Library/Perl/5.12/darwin-thread-multi-2level/auto/DBD/mysql/mysql.bs
Installing /Library/Perl/5.12/darwin-thread-multi-2level/auto/DBD/mysql/mysql.bundle
Installing /Library/Perl/5.12/darwin-thread-multi-2level/Bundle/DBD/mysql.pm
Installing /Library/Perl/5.12/darwin-thread-multi-2level/DBD/mysql.pm
Installing /Library/Perl/5.12/darwin-thread-multi-2level/DBD/mysql/GetInfo.pm
Installing /Library/Perl/5.12/darwin-thread-multi-2level/DBD/mysql/INSTALL.pod
Installing /usr/local/share/man/man3/Bundle::DBD::mysql.3pm
Installing /usr/local/share/man/man3/DBD::mysql.3pm
Installing /usr/local/share/man/man3/DBD::mysql::INSTALL.3pm
Appending installation info to /Library/Perl/Updates/5.12.3/darwin-thread-multi-2level/perllocal.pod
CAPTTOFU/DBD-mysql-4.020.tar.gz
/usr/bin/make install -- OK

All’s well that end’s well. Annoying errors had me stuck me for a while.

Passwordless Log in to Linux

November 5th, 2011

I was annoyed with having to enter passwords across multiple machines multiple times. this is something straight-forward..

On the Server (Machine to connect to):

Ensure PublicKeyAuthentication and RSA Authentication is accepted


vi /etc/ssh/sshd_config

Uncomment lines:


RSAAuthentication yes
PubkeyAuthentication yes

Restart SSH server


CentOS / RHEL / Fedora / Redhat Linux Restart SSH
# /etc/init.d/sshd restart
OR
# service sshd restart

Debian / Ubuntu Linux Restart SSH
# /etc/init.d/ssh restart
OR
# service ssh restart

FreeBSD Restart SSH
# /etc/rc.d/sshd restart

UNIX Restart SSH
# kill -HUP `cat /var/run/sshd.pid`

On the Client (Machine to connect from)

Create public/private keypairs (~/.ssh/id_rsa and ~/.ssh/id_rsa.pub)


ssh-keygen -t rsa


Generating public/private rsa key pair.
Enter file in which to save the key (/home/aalap/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/aalap/.ssh/id_rsa.
Your public key has been saved in /home/aalap/.ssh/id_rsa.pub.

Although it is very much possible to copy the contents of ~/.ssh/id_rsa.pub (on the client) to ~/.ssh/authorized_keys (on the server), it is easier to do it from the client side using ssh-copy-id


ssh-copy-id -i ~/.ssh/id_rsa.pub username@remote_host

Okay, I have multiple machines to connect to: What should I do? Use the same key-pair?
Yes, you probably can, what that means is that if its gets compromised you will have to go to each and every system you use the same shared key on and revoke the public key manually. There is a security risk but it works fine.

Setting up SSH-RSA with Putty - No Password necessary

August 2nd, 2010

[Source]

SSH Protocol

SSH (Secure Shell) is a network protocol that provides secure access to a computer (mostly Unix based).  When you want to connect to a remote Unix server, SSH is one way of accessing the server. SSH is very powerful by combining both security of the data transmitted over network and accessibility to the remote system. SSH protocol works between two computers by a client-server architecture. When a client computer connects to the server, the server requires the client to authenticate itself. There are different ways a client can authenticate itself to the server. A typical authentication mode will be to enter a password when logging into a remote system. In this howto we can explore another mode of authentication in which server doesn’t require a password to be entered by the user. This mode will be very useful if you are connecting to a remote system frequently and dont want to enter the password everytime.

Before we see the steps, just to give a background on the components involved:

SSH SERVER

When you need to connect to a remote computer via SSH, that computer should have a SSH server running on it. All Unix based distributions ( Linux, Mac OSX etc.,) includes a ssh server. For Windows based systems Cygwin can be used as an SSH server.

SSH CLIENT

Assuming your remote computer has an SSH server running on it, to connect to that computer you would need a SSH client on the local computer. On Unix based systems, SSH clients are available as command line utilities. For Windows based systems, putty is an excellent client. Check here for more information about putty.

CONFIGURATION

  1. We start the configuration at the client windows computer. Download the latest version of Putty.exe and Puttygen.exe from here. Using the Puttygen tool we have to generate an authentication key. This key will serve as a substitute for the password that will be entered during login.
  2. Start puttygen.exe by double clicking on the executable. The following window opens up.
  3. Leave the default ‘SSH-2 RSA’ selection and click on the ‘Generate’ button. The following window opens. Move mouse randomly over the empty space below the progress bar to create some randomness in the generated key.
  4. Don’t enter any key phrase. Click on ‘Save private Key’ button. Click ‘Yes’ on the window asking for confirmation for saving the key without a password.
  5. Save the key file to a safe location (Let us assume you will be saving it as C:\Personal\SSHKey\Laptop.ppk).
  6. Now you can close the Puttygen window.
  7. Open the Laptop.ppk file in a notepad. Copy the four lines under ‘Public-Lines’ section to windows clipboard.
  8. Now open putty and connect to the remote system using the user id you want to use for future no password connections. (Let us assume you will connect to the remote machine using user name ‘ubu’. This time when you login, you have to provide the password at the prompt. Future logins won’t require this password.
  9. Under the logged in user’s  home directory there will be .ssh directory, under that create a new  file called authorized_keys using a text editor such as vi. (In our case the file will be created under /home/ubu/.ssh/authorized_keys).
  10. Type the word ” ssh-rsa ” (including  spaces on both ends of the word) and paste the 4 lines copied from step 7. Remove the carriage return at end of each line, merging four lines into one single line. Be careful not to delete any characters while doing that.  Final output should like the following window.
  11. Now we have configured SSH server, its time to test our setup.
  12. On the local system, open Putty, enter the ip address details of the remote system.
  13. Now from the left navigation, select Connection -> Data. Enter ‘ubu’ as ‘Auto-login username’ on the right panel.
  14. Again from the left navigation menu, scroll down and select Connection -> SSH -> Auth. Enter the path of the saved private key file ( In our case C:\Personal\SSHKey\Laptop.ppk ). Leave other defaults as such and press open button.
  15. Now the putty connects to the remote SSH server and there won’t be any password prompt here after :-).