Moving...

DaffyDocs is being moved to be merged with MohCho.com. Stay tuned for more information with regards to this merger.

Kill SSH Session


Kill that S..

I thought that it would be good to share how to identify suspicious/stale SSH connections and drop/kill that connection. *NIX gurus, please do not reprimand as this subject is very noob-like and totally basic from your perspectives. Unfortunately, for the rest of us, things may not be as intuitive so we, including myself, need help from time to time.

So, last night, I had connected via SSH to my Linux server and forgot about it. For whatever reason, the server kept the connection "live" but when I tried to type commands this morning, I received no feedback. So, I opened up a new terminal, opened a new SSH connection and took care of the issue.

So, what to do?

Step 1: Open terminal from Linux laptop (Mac users: you'll have to go to your Applications -> Utilities directory. PC users: you'll need to use a third party application like PuTTY).

Step 2: Initiate the SSH connection by typing the following: ssh username@hostname.dom/IP_address. FYI, the '.' is not part of the command; simply grammatical. Caution: If you've specified a different TCP port in your /etc/ssh/sshd_config file than the standard port 22, you will need to append the following to your command -p 1234 (replace 1234 with your port number).

Step 3: Find out who is currently connected to the system by issuing the following command at the prompt: who. You should see output similar to what I've listed below:

user@host:~$ who
user pts/0        2014-06-04 09:21 (connection_origin_your_modem/ISP_information)
user pts/2        2014-06-04 09:59 (connection_origin_your_modem/ISP_information)

According to the time stamp, I know that the connection (pts/0) is the stale connection.

Step 4: Now, we'll find out the PID (process ID) for the connections we've found. We'll need the following command ps -axf | grep pts. By the way, the '.' is not part of the command, it's only grammatical. Issuing the command will provide information similar to the following:

user@host:~$ ps -axf | grep pts
 9231 ?        S      0:00  |   \_ sshd: user@pts/0
 9232 pts/0    Ss+    0:00  |       \_ -bash
 9270 ?        S      0:00      \_ sshd: user@pts/2
 9271 pts/2    Ss     0:00          \_ -bash
 9282 pts/2    R+     0:00              \_ ps -axf
 9283 pts/2    S+     0:00              \_ grep --color=auto pts

As we had determined above, pts/0 is the stale connection. So, we will kill it. The PID is 9231.

Step 5: Now, we'll pretend to be the digital grim reaper. Instead of using the scythe; however, we'll use the command: kill 9213. As explained above '.' is not part of the command; only grammatical. We can confirm that we've successfully killed the stale connection in one of two ways. First way is to use the who command and the second way is to issue the ps -axf | grep pts command.

Step 5a: Upon entering the who command, you'll see output similar to the following:

user@host:~$ who
user pts/2        2014-06-04 09:59 (connection_origin_your_modem/ISP_information)

As you can see, the pts/0 connection from 2014-06-04 09:21 is no longer present; connection has been dropped!

Step 5b: Upon entering the ps -axf | grep pts command, you'll see output similar to the following:

user@host:~$ ps -axf | grep pts
 9270 ?        R      0:00      \_ sshd: user@pts/2
 9271 pts/2    Ss     0:00          \_ -bash
 9284 pts/2    R+     0:00              \_ ps -axf
 9285 pts/2    S+     0:00              \_ grep --color=auto pts

Once again, we're able to confirm that the pts/0 process/connection is not longer there. The parent process 9231, along with it's child processes have been killed.

***Disclaimer: Kill is a command and terminology used in *NIX land. Please, I hope that people do not take kill to mean something different: as in killing living things. So, yeah, don't read this post and go around killing things.***

VPS Provider


Looking for an awesome VPS provider? Well, you can stop searching now because the awesome folks at VPSCheap.net have you covered! They have a comprehensive list of VPS options from which you can choose exactly what you need/want. Best of all, they have an unmetered bandwidth policy...something most other providers are stingy about.

They really are awesome! VPSCheap provides very quick service from support and sales teams. Professionalism is also top notch here. VPSCheap is definitely making a big difference in the VPS world and I certainly recommend them over most other VPS providers.


***This message is not financially motivated. I receive no financial incentive from VPSCheap for praising their efforts and services. I am also not affiliated with VPSCheap in any way. I am only sharing my experience with you.***

PPTP and Ubuntu


Most of ya'll out there already know this. However, for those of us who are lacking in our *NIX abilities, a quick illustration is necessary. I'm posting this for a friend who requested that I do this.

Please be aware that I do not assume any responsibility should your following the below instructions brick your equipment. Proceed at your own risk. As always, if you are using company issued equipment, please consult your administrator prior to making any changes.


Click the Ubuntu icon (12.04+)


Search for System Settings


Click, to open, System Settings


Click Network


Click the plus (+) sign to add a new connection. Choose VPN from the drop-down menu (for me VPN was the only option).


Choose the type of VPN connection you'd like to add and click Create.


By default, you'll be taken to the VPN tab.


  • Name your connection so there's no confusion down the road
  • Fill in the Gateway field (IP address for your VPN server)
  • Enter your username in the following format: DOMAIN\USERNAME
  • Leave the password blank and choose the option to always ask
  • Leave NT Domain field blank
Click Advanced
  • Enable Use Point-to-Point encryption (MPPE).
  • PAP, CHAP, and EAP will be disabled.
  • Only MSCHAP and MSCHAPv2 will remain enabled.
  • *** Depending on your VPN server, you may or may not need to enable MSCHAPv2 (check with your admin).


OPTIONAL: If your VPN server supports split-tunnel (check with your admin) do the following:

Switch to the IPv4 Settings tab

Click Routes to enable option to Use this connection only for resources on its network.

Mitel Phone Config

Just like almost everything else in life: cell phones, home appliances, service providers, etc. there's a vast array of products and services available to meet anyone's telephony needs. Cisco's Unified Communications Manager, Asterisk PBX, Nortel's Meridian PBX, ShorTel, and 3CX are just some of of the possible choices that come to mind, at the moment. Each has it's own set of strengths and weaknesses; some more customization to your needs/desires than others. At the end of it all; however, they all help you meet most, if not all, of your communications needs.

I've used VoIP systems from Cisco, Asterisk, Nortel, and Mitel. By far, if configured and managed properly, I have found that Mitel is one of the best solutions for medium to large businesses and enterprises. Not only is it extremely rich in terms of the features it provides (i.e. Call groups: ACD, Hunt, and Ring among a host of other features) it is also quite easy for the IT personnel who are entrusted to manage and run the systems.

In future posts, I will be writing more about Mitel's systems and that of other vendors'. The goal of this post is to share the steps that are necessary to configure a Mitel phone such that it registers with a remote Mitel phone server that is configured to provide teleworker services (I will further discuss teleworkers in future posts). If you need to reconfigure your Mitel phone to use a different server, start with the first bullet point. If you are simply trying to reconfigure your Mitel phone to register with a new/different Mitel phone server, start from the second bullet point. Nonetheless, the procedure is:
  • Disconnect and power down your phone.
    • On most Mitel phones, you'll need to unplug the second Ethernet cable from the back of your phone.
      • If you look closely, you will notice that there is a symbol of two computers with a line between them located on the left side of the port.
  • While you hold down the 7 key, insert the Ethernet cable back into your phone’s second Ethernet port. Release the 7 key only when the message: “CONFIG TELEWORKER?” appears on your LCD.
  • Press the * key to select Yes when asked whether or not you would like to “CONFIG TELEWORKER?”.
  • Press the # key to select New when asked whether or not you would like to “DELETE/NEW SETTING?”.
  • Enter the IP address of the Mitel phone server assigned to you by pressing the corresponding keys on the number pad. If any of the four octets of the IP address has less than three digits, use the # key to append a . after the octet. If you press the wrong key, use the * key to delete your previous entry.
  • Press the down arrow generally located on the first bank of keys closest to the LCD.
  • Press the * key to choose Yes when asked whether or not you would like to “STORE CHANGES?”.
  • Wait while the phone saves it’s configuration, reboots, registers with the Mitel phone server to download and install the proper software.
  • When the phone is ready for use, the message “Logged Out *00 to Login” will appear on your LCD. In order to log in to your phone, you'll need log in information provided by your IT personnel/service provider.
  • To log on to your phone, press *00

    • Extension: [Example: 9876]
    • PIN: [Example: 0000#]

MS Office Activation


A few weeks ago, I've run into an issue where I reformatted my end user's computer and went on to activate Microsoft Office 2010 but it didn't go so well. After I entered my license key, I received and error that the application suite could not be activated. I will share with you how to overcome this hurdle below.

How did Windows explode this time? Microsoft told me that:


Lucky for me, the world didn't end there. What I did was simply bypass Microsoft's silly activation wizard...did things the "old school" way.

Step 1:  Open the Command Prompt
  • Click Start
  • Search for CMD
  • Right click on "CMD" application
  • Choose "Run as Administrator"
Step 2: Change to the Office14 directory because the Command Prompt will start in the System32 directory (C:\Windows\System32\)
  • Type cd .. and press the Enter key to go back one directory and chance to C:\Windows directory
  • Type cd .. and press the Enter key again to go back another directory and change to C:\ directory ("root of C)
  • Type cd "Program Files" and press the Enter key to change to C:\Program Files directory ("Program Files (x86)" if you're using 32-bit MS Office on a 64-bit Windows 7 installation)
  • Type cd "Microsoft Office" and press the Enter key to change to C:\Program Files\Microsoft Office directory
  • Type cd "Office14" and press the Enter key to change to C:\Program Files\Microsoft Office\Office14 directory

Step 3: Run the "Office Software Protection Platform" script
  • Type CScript OSPP.vbs /act and press the Enter key to run the activation script manually

Step 4: Close the Command Prompt
  • Type exit and press the Enter key
Step 5: Close MS Office Word and re-open the application for the changes to take effect
Step 6: Choose how you want to Help Protect and Improve Microsoft Office. I usually only opt to Install Updates Only.



Voila! Your MS Office application suite is activated...now you can start to do the same things you could have done on Google Docs (for FREE) but using bloatware that cost you between $174.00 and $499.00, depending on which suite you chose: Home and Student vs. Professional

Virtualbox Headless



You’ve installed your Ubuntu Server and configured it exactly the way you want it. Now, you must get to work creating some awesomeness but you’re weary that you’ll end up making some mistake and you’ll foo bar your server. Of course you can delete config files and run apt-get remove [package-name], but there’s nothing like a clean and pristine installation. Fortunately, there are other options. The option I really like is to install Virtualbox and run headless VMs. The goal of this note is to document how I was able to go about installing and configuring Virtualbox headless on my Ubuntu Server 13.04 computer.
  • Install Ubuntu Server 13.04 x64 on your machine. 
  • Update packages:
    • sudo apt-get -y update && sudo apt-get -y upgrade 
  • Assign your computer a static IP address:
    • sudo vi /etc/network/interfaces
      • Comment the line that says # iface [interface name, i.e. eth0] inet dhcp
      • Append the line iface [interface name, i.e. eth0] inet static
      • Append the line address xxx.xxx.xxx.xxx
      • Append the line netmask xxx.xxx.xxx.xxx
      • Append the line gateway xxx.xxx.xxx.xxx
    • Write changes and exit.
  • Add the Virtualbox source link to the Ubuntu sources list:
    • sudo vi /etc/apt/sources.list
      • Append the line: deb http://download.virtualbox.org/virtualbox/debian raring contrib
    • Write changes and exit.
  • Download Virtualbox public key:
    • wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -
  • Update packages:
    • sudo apt-get -y update && sudo apt-get -y upgrade
  • Install latest version of Virtualbox [4.2]:
    • sudo apt-get install linux-headers-$(uname -r) build-essential virtualbox-4.2 dkms
  • Download Virtualbox Extension Pack:
    • wget http://download.virtualbox.org/virtualbox/4.2.16/Oracle_VM_VirtualBox_Extension_Pack-4.2.16-86992.vbox-extpack
  • Install Virtualbox Extension Pack:
    • sudo VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-4.2.16-86992.vbox-extpack
  • Give user(s) ability to run/manage VMs by adding them to the vboxusers group:
    • sudo adduser [username] vboxusers
Awesome! Virtualbox is now installed on our Ubuntu Server 13.04 installation. Next, we’ll take a look at how to create VMs and manage them.

BIND DNS

Ain't nothin' to it, really!
Below are steps listed that will help you install BIND9 and configure BIND9 as a forwarding DNS server. For an in depth explanation of DNS, how it works, how to configure it, read O'Reilly's book DNS and BIND 5th edition and other resources regarding DNS.

Step 1: Install LINUX or UNIX - You'll have to figure this out on your own or wait until I put one together.

Step 3: Update your Linux installation:

sudo apt-get update
sudo apt-get upgrade

Step 4: Install BIND9 and BIND9Utils:

sudo apt-get install bind9 bind9utils

Step 5: Assign your host a static IP address:

sudo vi /etc/network/interfaces

# The setting for appropriate network interface
auto eth0
iface eth0 inet static
address 192.168.xxx.xxx
netmask 255.255.xxx.xxx
broadcast 192.168.xxx.xxx
gateway 192.168.xxx.xxx

Step 6: Change resolver:

sudo vi /etc/resolv.conf
nameserver 192.168.xxx.xxx

 Step 7: Restart your network interface:

 sudo service networking restart

Step 8: Make directory in which your zones files will reside:

sudo mkdir /etc/bind/zones
sudo mkdir /etc/bind/zones/master

Step 9: Create your zone files:

sudo touch db.sub.domain.tld (i.e. db.internal.mchowdhury.com)
sudo touch db.192.168.xxx

Step 10: Edit your zone file (db.sub.domain.tld):

;
; BIND data file for sub.domain.tld
;
$TTL    86400
@       IN      SOA     host.sub.domain.tld.    admin.domain.tld. (
                                  05232013        ;       Serial
                                  10800              ;       Refresh
                                  3600                ;       Retry
                                  604800            ;       Expire
                                  86400  )           ;       Negative caching TTL
;
@       IN      NS        host.sub.domain.tld.

 sub.domain.tld.       IN      A       192.168.xxx.xxx
host    IN      A       192.168.xxx.xxx
host2  IN      A       192.168.xxx.xxx
host3  IN      A       192.168.xxx.xxx

Step 11: Edit your reverse zone file (db.192.168.xxx)

;
;BIND reverse data file for 101.168.192.in-addr.arpa
;
$TTL    86400
xxx.168.192.in-addr.arpa.       IN      SOA     host.sub.domain.tld.    admin.domain.tld. (
                                05232013       ;       Serial
                                10800             ;       Refresh
                                3600               ;       Retry
                                604800           ;       Expire
                                86400  )          ;       Negative caching TTL
;
xxx.168.192.in-addr.arpa.       IN      NS      host.sub.domain.tld.
xxx.xxx.168.192.in-addr.arpa.   IN      PTR     host.sub.domain.tld.
xxx.xxx.168.192.in-addr.arpa.   IN      PTR     host.sub.domain.tld.

 Step 12: Indicate the servers to which you want your DNS server to forward DNS requests if it doesn't know the answer:

 sudo vi /etc/bind/named.conf.options

 forwarders {
         xxx.xxx.xxx.xxx;xxx.xxx.xxx.xxx;
};

 Step 13: Check your configuration:

sudo named-checkconf

 Step 14: Check zone file:

sudo named-checkzone sub.domain.tld /etc/bind/zones/master/db.sub.domain.tld

If all goes well, you should see something along the lines of:

zone sub.domain.tld/IN: loaded serial 05232013
OK

Step 15: Check reverse zone file:

sudo named-checkzone xxx.168.192.in-addr.arpa /etc/bind/zones/master/db.192.168.xxx

If all goes well, you should see something along the lines of:

zone xxx.168.192.in-addr.arpa/IN: loaded serial 05232013
OK

Step 16: Restart BIND9:

sudo service bind9 restart

At this point, you're done! You can check if things are working by doing some digging :-). For instance, on your server, run the following command:

dig google.com

You should get output similar to:

; <<>> DiG 9.7.3 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60050
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 13, ADDITIONAL: 0

 ;; QUESTION SECTION:
;google.com. IN A

 ;; ANSWER SECTION:
google.com. 300 IN A 74.125.228.78
google.com. 300 IN A 74.125.228.64
google.com. 300 IN A 74.125.228.65
google.com. 300 IN A 74.125.228.66
google.com. 300 IN A 74.125.228.67
google.com. 300 IN A 74.125.228.68
google.com. 300 IN A 74.125.228.69
google.com. 300 IN A 74.125.228.70
google.com. 300 IN A 74.125.228.71
google.com. 300 IN A 74.125.228.72
google.com. 300 IN A 74.125.228.73

 ;; AUTHORITY SECTION:
com. 167884 IN NS l.gtld-servers.net.
com. 167884 IN NS i.gtld-servers.net.
com. 167884 IN NS j.gtld-servers.net.
com. 167884 IN NS m.gtld-servers.net.
com. 167884 IN NS a.gtld-servers.net.
com. 167884 IN NS k.gtld-servers.net.
com. 167884 IN NS c.gtld-servers.net.
com. 167884 IN NS b.gtld-servers.net.
com. 167884 IN NS f.gtld-servers.net.
com. 167884 IN NS g.gtld-servers.net.
com. 167884 IN NS d.gtld-servers.net.
com. 167884 IN NS e.gtld-servers.net.
com. 167884 IN NS h.gtld-servers.net.

 ;; Query time: 29 msec
;; SERVER: 192.168.xxx.xxx#53(192.168.xxx.xxx) <-- Response provided by your server.
;; WHEN: Thu May 23 19:29:21 2013
;; MSG SIZE  rcvd: 428

Java Nightmare

WTF!!! What Now???
In light of the recent Java vulnerabilities, we should be updating to the latest Java Runtime Environment (JRE). When some people have tried updating their JRE, things went haywire! I mean, catastrophic failure! However, like most issues, there's a resolution.

If you're trying to update your JRE, and run into this weird error, do the following:

***SCREENSHOTS COMING SOON...EXPERIENCING TECHNICAL DIFFICULTIES.***
  • Save your work.
  • Close all running applications.
  • Restart your computer.
  • Go to Java's website to run the Java Uninstall Applet to uninstall any old versions of Java from your computer.
  • First thing's first, Oracle informs you that this applet is for testing purposes and that you still want to use this applet.
  • Click agree; applet works pretty well to be honest.
  • We'll be prompted whether or not we trust Oracle America, Inc.'s Java Uninstall Applet - Early Access application. Here, we'll check on the option to "Always trust content from this publisher." Otherwise, the applet won't work.
  • The applet first determines which JREs we have installed.
  • Usually, you'd see a status bar along with the message that the applet is uninstalling Java. Here, you see that there's nothing installed because, on my test machine, I didn't have the Java JRE installed to begin with.
This part's easy. Now that you have the old versions of the Java JRE uninstalled, all we have to do is install the most recent version.
  • Go to http://java.com/en/ to download the latest version of the Java JRE
  • Click on Download
  • Follow the prompts to install Java. Otherwise, visit my post illustrating how to install the Java JRE.

Zimbra Outlook Connector

This is so AWESOME!
Just wait until you have to debug this EVERY DAY!
The Zimbra Outlook Connector (ZOC) is:

As defined on Zimbra's support site, the ZOC "provides real time two-way synchronization of mail, contacts, tasks, and calendar between Outlook and the Zimbra server." In other words, the connector makes it possible for Zimbra Communications server to, communicate natively with Outlook as if using Microsoft's proprietary MAPI protocol. Simply put, the ZOC is a plug-in for Outlook that makes Outlook think that it is sending to and receiving from a Microsoft Exchange mail server.

Mo's Professional Opinion about the ZOC:

For the most part, the ZOC works well and as intended. However, just like all workarounds and "bandages" the ZOC has it's issues and hiccups. Occasionally, you will receive the "local failure" error emails. The local failures are caused by a range of issues including, but not limited to, sync token mismatch and signature sync failures. In this post, I hope to provide you some suggestions to address your local failure messages, as related to signature sync failures.

Download the ZOC
Generally, you can download the ZOC from your mail server; unless your Zimbra representative asks you to use a different connector for which s/he will provide you a download link. To obtain the ZOC, simply browse to https://webmail.domain.com/downloads/index.html (remember to substitute the word "domain" with your domain name). In my case, the URL would be https://webmail.mchowdhury.com/downloads/index.html. Regardless, please consult you Tech Support and/or Systems Administration team for the specifics for your environment.

Ensure you save this connector to your hard drive, in a directory which you will remember. You will need this when you have to uninstall the connector and re-sync your mail profile.

Install the ZOC
The wonderful folks at Stanford University's ITS have compiled a very good tutorial on this, so I'll skip this.

Step 3: Fix the Signature Sync Error
No matter what I try, using an older version of the Zimbra connector, using the same version connector as the server, or using a newer version of the connector that the server, I've had end users complain of this issue. Hence, I recommend doing the following:

  • In Outlook, delete any signatures you've created:
    • Click File, then select Options
    • From the Options window, select Signatures
    • From the Signatures and Stationary window, highlight and delete/remove all existing signatures
    • If you're asked whether or not you want to delete the signature, select Yes
    • Close Outlook (ensure all Outlook.exe processes have been killed by checking the processes tab in Task Manager)
    • Open your browser and go to your webmail portal (i.e. https://webmail.mchowdhury.com) and log in
    • Switch to the Preferences tab
    • On the left hand side of the Preferences window, locate and select Composing
    • You will now see your options and settings for the message compositions. Change from text to HTML. Then select a desired font
    • Select Signatures from the list to the left of the window
    • Remove any existing signatures by clicking the clear button
    • Choose Add Signature and change the format to HTML and enter your signature, as desired. Upon completion, click Save and log out of the webmail portal
    • Open Outlook and allow for Outlook to sync with Zimbra
Subscribe to: Comments (Atom)