Debian Tips (Local Copy)

This is a local copy of http://www.cs.helsinki.fi/u/hendry/content/debian/tips.shtml not my article.

Bash and imagemagick

My uncle sends my parents these 12 meg .tif files that take FOREVER to display, so I wanted to change them to a reasonable format such as PNG and scale them down to a viewable size.

hendry@praze:~/pictures$ for i in `ls`; do convert -scale 580x394 $i `basename $i .tif`.png; done

If your scaling division is wrong, do not worry convert will retain the ratio. Thanks to Robot101 from #debian-uk for that tip.

Upgrading with unstable

On my workstation/playmobile I run "unstable". Don't be daft and use it on a server. Unstable mostly has the latest debian packages, i.e. the bleeding edge..

I use

apt-get -u dist-upgrade

"dist-upgrade" is a little naughty at times and may remove packages to resolve a conflinct. So I suggest you upgrade manually and check what is being removed (if anything).

Setting up iptables

Block all incoming connections, except for ssh.

iptables -N block
iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT
iptables -A block -j DROP
iptables -A INPUT -j block
iptables -A FORWARD -j block
iptables -L
iptables -I block -i ppp0 -p tcp --dport 22 -j ACCEPT
iptables -L
/etc/init.d/iptables save active

SSH2 Password-less Login

If you routinely need to login to several machines, as I do, you will find this tip useful to automate the process. Thanks to Robot101 again!

ssh-keygen -t dsa

In the previous version of my tip, I did not set a passphrase. Robot101 notes this is generally unwise and that it is better to put a passphrase on, and use ssh-agent. I believe him.

hendry@praze:~$ ssh-keygen -p
Enter file in which the key is (/home/hendry/.ssh/id_rsa): /home/hendry/.ssh/id_dsa
Key has comment '/home/hendry/.ssh/id_dsa'
Enter new passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved with the new passphrase.

In debian, ssh-agent should be already running when you run an X session.

eval `ssh-agent`

ssh-add prompts your for the passphrase which it will remember for the session.

hendry@praze:~$ ssh-add 
Enter passphrase for /home/hendry/.ssh/id_dsa: 
Identity added: /home/hendry/.ssh/id_dsa (/home/hendry/.ssh/id_dsa)

Finally the command to copy your id to your various shells, such as mine at dabase.com could well be yourmachine.co.uk!

ssh-copy-id -i id_dsa.pub dabase.com

So now for example, if you want to login automagically and run a process use:

ssh somecomputer -t theprocessyouwanttorun

Another nifty switch is the -v switch for verbose output ssh (thats fun).

Screen

Screen is a very very cool console enhancement, which allows you to create new windows, flip between them and best of all detach and reattach all of them! Why is that so damn cool? I will tell you why. To me I can now have this nice warm fuzzy feeling that the processes are safe, and just how I left them. The keys I typically use while running it are, "ctrl-a c" to create a new window. "ctrl-a space" to flip between my windows and "ctrl-a ctrl-d" to detach screen. screen -R reattach to a session. Screen is a lifesaver if a program does not background well or you have a dodgy net connection, and it works very well with irssi. Hmmm, lets revise the earlier tip to:

ssh myreliableremoteshell -t screen -R

23:05 < Robot101> another handy tip for screen
23:05 < Robot101> 'screen -x' lets you attatch to the same screen more than once
23:06 < Robot101> I use it for helping people remotely, so they can see what I'm doing or vice versa

getting started with GPG (or protecting your privacy!)

It is a pretty good idea to understand that whole public/private encryption concept before you start to think about using pgp or gpg. I remember using PGP sometime ago with DOS, but I stopped using it because it was a pain to use. To make matters worse, I think I accidentally deleted my secret key. There is an first year essay I did about PGP somewhere on the Internet. Anyway I have started using mutt, and it has great support for encryption with the GNU PGP implementation called gpg.

gpg --gen-key

Generate your key pair. Default settings are fine. Use a strong password. My tip for creating passwords was told to me by another friend named Athan. Basically he says:

1. Think of a phrase e.g. the fox jumped over the fence
2. Take the first or second letter of the phrase to make a word e.g. (with 2nd letter) houvhe
3. Throw some funny chars in there like ! and 31337(eleet or elite) transition chars like o to 0 and e to 3.

With your gpg or pgp (they are the same to me) passphrase, it really needs to be strong. So, you might even want to think about repeating that process, with two phrases.

After that fun interaction, you need to export your public key and upload it to your webpage!

gpg -a --export yourusername > yourusername.pub
scp yourusername.pub yourwwwhostshellmachine:public_html/

With mutt gpg is well integrated. Hit P while in the send message view for encryption options. To add public keys of your collaborators, use:

gpg --import whatevertheirpublickeyiscalled.whatevertheycalledtheextension

Feel free to send me an encrypted mail. =) My public key should be here.

And some more...

gpg -kvc

This should print out some useful information for distributing and verifying your signature. For example:

pub  1024D/A000D5CC 2002-05-18 Kai I Hendry <hendry AT cs.helsinki.fi>

Has some information useful to you. A000D5CC is my public key id which is used as a quick and easy reference to perform various functions with.

gpg --keyserver wwwkeys.pgp.net --recv-keys A000D5CC

The command above grabs my pub key from a server and imports it quite smartly. DO not to forget your passphrase/password!! I have myself have forgotten the passphrase of my first key and it is extremely annoying for yourself and others. To avoid such an embarrasing situation, make a revocation certificate in advance, using:

gpg --output revcert.asc --gen-revoke A000D5CC

Keep that revcert.asc in a safe place. Maybe even print it out as the GnuPG Keysigning Party HOWTO suggests.
Again using your public id, put some custom headers into your .muttrc. For example, here are mine:

my_hdr X-GPG-Fingerprint: 5A9F A10D 621C 7D24 4624 90F0 ACCB 71F0 A000 D5CC
my_hdr X-GPG-Key: 1024D/A000D5CC

Debian and Pine?

Here is my little tip.

Some pages I look for tips:

• LinuxBrit
• Google Linux Search
• Linux Documentation
• Shameless plug

---

Copyright © 2002-2004:

Hooman Baradaran <webmaster_AT_hoomanb-dot-com>

Best viewed with CSS style sheets enabled at 1024 or higher resolution.