Wednesday, June 5, 2013

Protecting packages in yum

In my last post I gave a nice bit of advice on how to remove packages using sed, rpmorphan and yum but also warned that you could easily erase sshd or other programs that you might want.

In this short post I just want to mention that you can protect individual packages from being removed in yum. All you need to do is create a .conf file in /etc/yum/protected.d and add the names of the packages you wish to have protected. This is good for adding important things like your ssh server, or other programs that you might accidentally erase using the method I showed you, or by just using yum. It has happened to me before and I am glad this has been put into yum as a feature.

You can read more in the Fedora documentation.

Using rpmorphan on CentOS 6.4

So I just spent the night compiling and rebuilding RPMs on CentOS to get the exact set up that I would like and now I am left with several *-devel packages along with other development tools and libraries that I do not need any longer. Since this is a production environment, I would prefer to have as little extraneous packages as possible for various reasons.

Enter rpmorphan.

This nifty little tool will list all "orphaned" packages on your system. It would be VERY wise to add the packages that you wish to keep to the exclude list since common programs like wget don't have anything depending on them and will be listed in the output with each package to a line.

Adding a package to the exclude list is simple:

rpmorphan -add-keep wget

The above will add wget to your exclude list.

After you have all the packages you want to keep in your exclude list, removing all orphaned packages with yum is extremely simple:

yum remove `rpmorphan -all | sed ':a;N;$!ba;s/\n/ /g'`

This will run the output of rpmorphan through sed and replace all new lines with a space and use that as the argument list for yum remove. You should be very careful when doing this because I also noticed it listed openssh-server as an orphaned package. Be sure to add that in your exclude list. If not, I feel bad for you and hope you have console or physical access to your box because that would really suck.

Again, I will repeat: Use this at your own risk. If you remove something like your sshd you won't have access to your box. If you're sure that you can handle not doing something like that, this saves a lot of time and stress in the long run. Enjoy!

I would like to acknowledge Zsolt Botykai for his answer on stackoverflow in regards to the sed command. It was very helpful and explained very well.

Tuesday, June 4, 2013

Loading keys automatically with Pageant on Windows.

For those who work remotely on Linux from a Windows machine, they are probably familiar with the PuTTY set of tools for SSH connection management.

For managing keys in the PuTTY client you use pageant which, by default, when you open it will not load any keys. This is easily fixed just by creating a shortcut to the actual pageant program and in the box labelled 
"Target" you should see the path to the executable in double quotes. To load a key automatically when you click this shortcut, just type the full path to the key that you wish to load after the quotes. To add more than one key give a space separated list of full paths to each key you wish to load. 



Here are a couple of examples:

"C:\Program Files (x86)\PuTTY\pageant.exe" D:\SSH\mykey.ppk
The above will load the key "mykey.ppk" when you click on the shortcut.

"C:\Program Files (x86)\PuTTY\pageant.exe" D:\SSH\mykey1.ppk D:\SSH\mykey2.ppk D:\SSH\mykey3.ppk
The above will load the three keys when run from the shortcut.

As an added bonus, you could even place the shortcut in the startup start menu folder to have pageant start up on boot with all your keys loaded. Hopefully this saves someone some time. :)

SFTP Integration with Windows Explorer

I've come to notice that I very rarely use FTP for file transfers and have turned to using SFTP (FTP over SSH) instead for the two following reasons:
First, it is one less bit of software that I need to manage for my servers and second it is more secure. While I generally use Filezilla for most of my general purpose file transfer needs, I have also come across a nice little shell extension that integrates with Windows Explorer called Swish.

With Swish, you are able to log in to your servers through SSH either using password authentication, or through key authentication using pageant key manager. Upon logging in, you are able to navigate through your directories and files directly from Windows Explorer.

While it's a very useful and nice-to-have application, it is still in alpha. For the most part, I have not noticed any major errors that make it a shaky program to have. I think it's really worth a shot. Check it out at the Swish SFTP Homepage.