SSH to a Host With Multiple Hops

If you want to make an SSH connection to a host which is reachable only with multiple ssh connections you may use below command to connect it easly. (Note that older versions of ssh do not have this option but you can use some workarounds to do the same (proxy command and etc.))

Assume that you are in A, want to access hostC which is only reachable through hostB

A –> hostB –> hostC

then the command becomes:

ssh -J @hostB @hostC

this will give you a ssh to hostC.

Furthermore, if you are lazy enough to type this long command every time (and you also may jump several times) you can put this command in your ssh configuration. For instance, in your home folder:

vi .ssh/config

And add following as your needs

Host hostC 
    ProxyJump user1@hostB 
    User root

and you can issue an SSH connection like below:

ssh hostC

Openvswitch Cheat Sheet

Add libvirt network to be used with open vswitch

Create an xml file like below (it is going to be listed in networks)

The parameters are:

  • The name of the network
  • The forward mode is set to bridge
  • The bridge name is the bridge name
  • The virtualport is set to openvswitch

Then introduce this network to libvirt using commands below:


Add Mirror:

ovs-vsctl –id=@pout get port mir0 — –id=@sport get port eno4 — –id=@m create mirror name=obr0_mirror0 select-src-port=@sport output-port=@pout — set bridge obr0 mirrors=@m

where obr0 is the openvswitch bridge name.

mir0 is the mirror port attached to obr0

eno4 is the port to be mirrored

obr0_mirror0 is the name of the mirror

Add More than One Mirror:

ovs-vsctl –id=@pout get port mir0 — –id=@sport get port eno4 — –id=@m create mirror name=obr0_mirror0 — add bridge obr0 mirrors @m — set mirror obr0_mirror0 select-src-port=@sport select-dst-port=@sport output-port=@pout

repeat as many as mirror as you need!

Clear All Mirrors:

ovs-vsctl clear bridge ovsbr0 mirrors

List All Mirrors:

ovs-vsctl list mirror mymirror


Nagios Tutorial for Programmers – 1

If you’re reading this post, then you probably know what Nagios is. It is a good, open-source monitoring solution for most of the needs. Most of the Nagios concept is very straight-forward for system admins. But if you’re rather a programmer then a system administrator some of Nagios concepts may confuse you. You have already looked for what “Passive Check” stands for already! If you’re like me this tutorial is for you.

Please note that this post is rather a learning process than a complete tutorial. But I thought if a concept is hard for me to understand it may be hard for others too.

Nagios in Short

It is a monitoring tool. It can monitor your assets like: servers/clients, services (means server processes on servers). If you want to know what is the current status of your hosts&services, or you want to get notifications as soon as any critical event (such as service interruption) took place on your assets. Nagios CAN monitor hosts&servers behind NAT ( i.e. router/firewall).

There are two versions of Nagios. Even though I’m not quite sure, you have to pay for one version, but there is a free version also. I will cover free version here. I’ve tested paid version, and it is much simpler and better look-and-feel. But if you’re tight on budget, or like to learn scenes behind it, this tutorial is perfect for you.

Nagios Checks

Nagios reports its hosts and services to us. To report their current health or other important metrics, Nagios should “somehow” get their status. Nagios can gather this information using 2 completely different methods.

Active Checks

First method, active checks, is what everybody is familiar with. In active checks Nagios server actively makes connections to hosts&services and runs some scripts/binary files using its Nagios client on the related hosts. It is important to understand that Nagios server is initiating the connection at the active checks. That means you can NOT reach hosts&services behind firewall or NAT if they are not configured to allow Nagios active checks. Checks are executed on the clients (as expected) and results are reported to Nagios server.

Passive Checks

Second method, passive checks, is an enabler actually. This method enables us to monitor hosts&services behind firewalls and routers. In passive checks, connection is initiated from client to Nagios server. This means Nagios server is accepting connections. This is totally different from active checks where Nagios server was initiating the connections.

This is it for first part. Next part covers Nagios Server setup on CentOS 7.

Debian Bring Manually Configured Interface Up at Boot/Reboot

Edit /etc/network/interfaces and make following changes:

1.Add interface to auto line (your interface name may change and number of interfaces may also change). This change makes interface to be brought up at boot time:

auto lo eth0 eth1 eth2

2.Add following lines for each interface. This change will make interface to be manually configured:

iface eth1 inet manual
   pre-up /sbin/ifconfig $IFACE up
   post-down /sbin/ifconfig $IFACE down

reboot and see your changes.

KVM Persistent Interface Names

If you’re using KVM for virtualization you may notice that your ethernet device that is attached to the bridge may have different names each time KVM restarts, and KVM manages attaching/detaching this interface to the bridge by itself.

If you’re using standard linux bridge you can check attached ports:

brctl show

This gives you current bridges (KVM and user defined) and ports on them as shown below:

But you may have some special rules/routes/mirrors based on this interface name. If this interface name ever changes you might execute some commands that disable/cancel previous commands, and update the commands to reflect new interface name. If you’re managing many interfaces, this task may be very time consuming.

Fortunately there is a way to prevent this. You can define the interface name generated by KVM for each guest interface. To enable this feature we’ll be adding some definitions to XML presentation of virtual machine (domain in other words). To add this definition we use “virsh” as expected.

virsh edit <domain-name>

This opens a text editor (vi/vim/nano depending on your OS and configuration) to modify contents. File is in XML format. So make sure that changes result a valid XML file.

Find Interface node in the file. Add below line within the interface node defining a desired interface name:

<target dev="<interface_name>" />

Also note that longer interface names may cause errors and choose a name that is not started with “vnet”. It is obvious not to start with “vnet” because KVM uses “vnet” by default.

Restart KVM service to changes to be effective:

systemctl restart libvirtd.service

Check your bridges again and confirm that KVM guests use your new naming.