Citrix Receiver on Linux: SSL Error 61 ("You have not chosen to trust")

Important:
If you don’t know or understand certificates / root and intermediate certificate authorities, get someone who understands to follow below instructions.

I tried connecting to the company’s citrix server, but kept hitting the same error when I tried to open the connection:

Contact your help desk with the following information:
You have not chosen to trust "INSERT YOUR CA HERE",
the issuer of the server's security certificate (SSL Error 61)

It seems that Citrix has an alternate directory where it stores it’s trusted cert’s / certificate authorities. Even though you can see that the server’s certificate is trusted (by root CA’s) via a web browser, we need to copy those to the correct directory.
In short: Copy the root and intermediate CA’s to this directory: /opt/Citrix/ICAClient/keystore/cacerts
Continue reading “Citrix Receiver on Linux: SSL Error 61 ("You have not chosen to trust")”

Using SSH to forward the same local port to multiple external hosts

Okay, this is kinda awesome :-), I got my geek on 🙂
My application is connecting to a cluster of external servers but my application can configure hostname but can’t configure port.
So I wanted to connect to a remote cluster using SSH tunneling, but I was unable to forward everything because the port binding to localhost (127.0.0.1) can only be used once.
Then I saw that you can use multiple loopback addresses! See this page: https://en.wikipedia.org/wiki/Loopback
Basically you can bind the portforward to 127.0.0.2, 127.0.0.3 till 127.255.255.254, that should provide enough addresses, right!? 🙂
So I can use multiple port forwards from my localhost(s) to the six remote hosts like this:

ssh somedomain.com \
-L 127.0.0.1:9042:external-node1.somedomain.com:9042 \
-L 127.0.0.2:9042:external-node2.somedomain.com:9042 \
-L 127.0.0.3:9042:external-node3.somedomain.com:9042 \
-L 127.0.0.4:9042:external-node4.somedomain.com:9042 \
-L 127.0.0.5:9042:external-node5.somedomain.com:9042 \
-L 127.0.0.6:9042:external-node6.somedomain.com:9042

Vagrant proxy through CNTLM on Windows using CYGWIN

Wow, talk about a crappy post title, but I just got this working on my corporate network and was quite happy about it.
Reason for this post; Every time I start a new assignment at a (rather big) corporation, I need to follow these steps to be able to access the internet from my vm’s.
(and I keep forgetting the steps, I’m getting old..)
What we’ll use to get this working:

  • Cygwin : https://www.cygwin.com/
  • Vagrant : https://www.vagrantup.com/
  • Virtualbox : https://www.virtualbox.org/
  • Cntlm : http://cntlm.sourceforge.net/

I’m running CentOS vm’s inside Vagrant with Virtualbox provisioning on Cygwin on Windows 7. I’m running Cntlm to create a local proxy for all stuff what I’m doing through cygwin, because I don’t like putting clear text passwords in bashrc or in Win / Bash variables.

Steps:

  1. Get your corporate proxy URL (Via Google Chrome)
  2. Configure Cntlm
  3. Configure Cygwin
  4. Configure Vagrant
  5. Use teh interwebs from your VM, practicing ninja turtle coding skillz and be instantly awesome!!1!

Continue reading “Vagrant proxy through CNTLM on Windows using CYGWIN”

Python pip without internet

The title of this post is a bit misleading. I will not outline the use of pip without internet but I will suspect most people will search for this search string, thus coming here for an alternative.
I’ve been blessed with a very thorough security officer, who decided that CLI internet access is not permitted, even using CNTLM (1)is blocked.
The easiest way to install packages is via pip, but it’s also possible to install them via the commandline.
Using the example of Django, we will first download the tarball from the Django site;
https://www.djangoproject.com/download/
On the right side there’s a link to the latest release.
Unzip and untar the tarball and open a Prompt in that directory.
Then run the following command:
python setup.py install

Next, we’ll check if it is installed correctly:
2015-10-20 13_11_27-Opdrachtprompt

Comparing sed stream output in linux

Sed is very very powerful, which is a good thing to be aware of.
I was looking to compare the output of a sed command to the original file before I wanted to execute the sed command directly on the file and came across this handy trick.
It works by using temporary named pipes inside the diff command.
Contents of file:
[code title=”contents of numbers.txt:”]
One
Two
Three
Four
Five
[/code]
If I just want to remove the line which begins with “Four”, I can check my sed command like this:
[code title=”Terminal output:”]
joris@beanie ~
$ diff <(sed ‘/Four/d’ numbers.txt) numbers.txt
3a4
> Four
[/code]
Awesome possum, now I know my sed command won’t destroy anything.

SSH Remote Execute command, multiple command and with interaction

This article shows how to execute remote commands via ssh, but you’ll send the commands from your own shell.
[code highlight=”1″]
ssh my_server ‘ls -l /home/my_home_dir’
[/code]
This will result in this output:
[code highlight=”1″]
$ ssh ae2 ‘ls -lha ~’
total 36K
drwxr-xr-x 2 joris joris 4.0K Jan 23 11:42 .
drwxr-xr-x. 5 root root 4.0K Jan 23 11:41 ..
-rw-r–r– 1 joris joris 54 Jan 23 11:41 .bash_logout
-rw-r–r– 1 joris joris 507 Jan 23 11:41 .bash_profile
-rw-r–r– 1 joris joris 213 Jan 23 11:41 .bashrc
-rw——- 1 joris joris 51 Jan 23 11:42 .history
-rw-r–r– 1 joris joris 171 Jan 23 11:41 .kshrc
-rw-r–r– 1 joris joris 375 Jan 23 11:41 .profile
-rw-r–r– 1 joris joris 153 Jan 23 11:41 .vimrc
[/code]
What’s even better, is that you can run multiple commands separated with a semi colon, like this:
[code highlight=”1″]
ssh my_server ‘ls -l /home/my_home_dir;whoami’
[/code]
And the best trick is this one, user input with an interactive command, sending input and output back and forth!
[code highlight=”1″]
ssh -t my_server ‘vi ~/.bash_profile’
[/code]

Oracle SQL Developer 4 does not run on Oracle Java 7 on Ubuntu 14.04

Wow, ain’t this awkward :-). I cannot run Oracle SQL Developer 4 (4.0.2) on Ubuntu with Oracle JDK 7..

To be complete: when running SQL Developer with JDK 7 from Oracle itself, displays the following error;

joris@dipshit:~/programs/sqldeveloper$ ./sqldeveloper.sh
Oracle SQL Developer
Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
LOAD TIME : 968#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x6aa69be0, pid=9537, tid=1836366656
#
# JRE version: Java(TM) SE Runtime Environment (7.0_65-b17) (build 1.7.0_65-b17)
# Java VM: Java HotSpot(TM) Server VM (24.65-b04 mixed mode linux-x86 )
# Problematic frame:
# C 0x6aa69be0
#
# Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# An error report file with more information is saved as:
# /home/joris/programs/sqldeveloper/sqldeveloper/bin/hs_err_pid9537.log
#
# If you would like to submit a bug report, please visit:
# http://bugreport.sun.com/bugreport/crash.jsp
#
/home/joris/programs/sqldeveloper/sqldeveloper/bin/../../ide/bin/launcher.sh: line 1193: 9537 Aborted (core dumped) ${JAVA} "${APP_VM_OPTS[@]}" ${APP_ENV_VARS} -classpath ${APP_CLASSPATH} ${APP_MAIN_CLASS} "${APP_APP_OPTS[@]}"

Solution: Run Oracle SQL Developer with OpenJDK

First we’ll need to install OpenJDK:

sudo apt-get install openjdk-7-jdk 

Then we’ll need to change the path which SQL Developer uses. This was asked once when you first started it and it is saved in the following path:

~/.sqldeveloper/4.0.0/product.conf

The file [[ product.conf ]] contains the value SetJavaHome, we need to change this to the OpenJDK path;

If you're running 32 bit Ubuntu:

SetJavaHome /usr/lib/jvm/java-7-openjdk-i386

Or if you're running 64 bit Ubuntu:

SetJavaHome /usr/lib/jvm/java-7-openjdk-amd64

After saving this change, you can start SQL Developer on Ubuntu 14.04 and it will use OpenJDK 7, without changing your regular Java settings!

SSH without password

SSH is one of the most friendly deamons in the Linux toolbox, you can port forward your home server, you can surf the internet via your own proxy server, you can transfer files, it’s the first thing I set up on a freshly installed box and by far the most used service around my home (yeah, that’s nerdy) 🙂
This post will outline how you can create a public and private RSA key pair, and then we will use that key pair to authenticate ourselves to another computer in the network.
We will need to complete the following steps:

  1. Create a public/private rsa key pair
  2. Copy the public key to the remote host via ssh-copy-id
  3. Login to the remote system without a password

Create a public/private rsa key pair

If you haven’t created a rsa key pair yet, we can create it with this command:

ssh-keygen

As shown in this screenshot:
Screenshot from 2014-07-28 21:28:18If you have previously created a key pair, you will be asked to replace this.
For my home machines I don’t use a passphrase, if you’re more paranoid (or careful) you can do so. Please read this article for more info on passphrases and how to use them.
The keys have been generated in /home/yourloginname/.ssh and are called id_rsa and id_rsa.pub.
Never, never send someone your private (id_rsa) key! That is the same as handing over your house keys..

Copy the public key to the remote host via ssh-copy-id

This step should be repeated for all hosts to which you want to SSH with the newly created RSA key pair.
The command used is:

ssh-copy-id -i ~/.ssh/id_rsa joris@192.168.0.10

Screenshot from 2014-07-28 21:30:35
 
You will need to enter your password one last time, after that your public key is added to the authorized_keys file, which is automatically created on the target system.
After this step you don’t need to use a password any more!

Login to the remote system without a password

Just SSH into the remote system:
Screenshot from 2014-07-28 21:32:01
And wonder what you’re gonna do with all that extra time you’ve just won because entering passwords belongs to the past… 🙂