This is a local copy of http://www.cs.helsinki.fi/u/hendry/content/debian/tips.shtml not my article.
My uncle sends my parents these 12 meg .tif files that take FOREVER to display, so I wanted to change them to a reasonable format such as PNG and scale them down to a viewable size.
hendry@praze:~/pictures$ for i in `ls`; do convert -scale 580x394 $i `basename $i .tif`.png; done
If your scaling division is wrong, do not worry convert will retain the ratio. Thanks to Robot101 from #debian-uk for that tip.
On my workstation/playmobile I run "unstable". Don't be daft and use it on a server. Unstable mostly has the latest debian packages, i.e. the bleeding edge..
I use
apt-get -u dist-upgrade
"dist-upgrade" is a little naughty at times and may remove packages to resolve a conflinct. So I suggest you upgrade manually and check what is being removed (if anything).
Block all incoming connections, except for ssh.
iptables -N block iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT iptables -A block -j DROP iptables -A INPUT -j block iptables -A FORWARD -j block iptables -L iptables -I block -i ppp0 -p tcp --dport 22 -j ACCEPT iptables -L /etc/init.d/iptables save active
If you routinely need to login to several machines, as I do, you will find this tip useful to automate the process. Thanks to Robot101 again!
ssh-keygen -t dsa
In the previous version of my tip, I did not set a passphrase. Robot101 notes this is generally unwise and that it is better to put a passphrase on, and use ssh-agent. I believe him.
hendry@praze:~$ ssh-keygen -p Enter file in which the key is (/home/hendry/.ssh/id_rsa): /home/hendry/.ssh/id_dsa Key has comment '/home/hendry/.ssh/id_dsa' Enter new passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved with the new passphrase.
In debian, ssh-agent should be already running when you run an X session.
eval `ssh-agent`
ssh-add prompts your for the passphrase which it will remember for the session.
hendry@praze:~$ ssh-add Enter passphrase for /home/hendry/.ssh/id_dsa: Identity added: /home/hendry/.ssh/id_dsa (/home/hendry/.ssh/id_dsa)
Finally the command to copy your id to your various shells, such as mine at dabase.com could well be yourmachine.co.uk!
ssh-copy-id -i id_dsa.pub dabase.com
So now for example, if you want to login automagically and run a process use:
ssh somecomputer -t theprocessyouwanttorun
Another nifty switch is the -v switch for verbose output ssh (thats fun).
Screen is a very very cool console enhancement, which allows you to create new windows, flip between them and best of all detach and reattach all of them! Why is that so damn cool? I will tell you why. To me I can now have this nice warm fuzzy feeling that the processes are safe, and just how I left them. The keys I typically use while running it are, "ctrl-a c" to create a new window. "ctrl-a space" to flip between my windows and "ctrl-a ctrl-d" to detach screen. screen -R reattach to a session. Screen is a lifesaver if a program does not background well or you have a dodgy net connection, and it works very well with irssi. Hmmm, lets revise the earlier tip to:
ssh myreliableremoteshell -t screen -R
23:05 < Robot101> another handy tip for screen 23:05 < Robot101> 'screen -x' lets you attatch to the same screen more than once 23:06 < Robot101> I use it for helping people remotely, so they can see what I'm doing or vice versa
It is a pretty good idea to understand that whole public/private encryption concept before you start to think about using pgp or gpg. I remember using PGP sometime ago with DOS, but I stopped using it because it was a pain to use. To make matters worse, I think I accidentally deleted my secret key. There is an first year essay I did about PGP somewhere on the Internet. Anyway I have started using mutt, and it has great support for encryption with the GNU PGP implementation called gpg.
gpg --gen-key
Generate your key pair. Default settings are fine. Use a strong password. My tip for creating passwords was told to me by another friend named Athan. Basically he says:
With your gpg or pgp (they are the same to me) passphrase, it really needs to be strong. So, you might even want to think about repeating that process, with two phrases.
After that fun interaction, you need to export your public key and upload it to your webpage!
gpg -a --export yourusername > yourusername.pub scp yourusername.pub yourwwwhostshellmachine:public_html/
With mutt gpg is well integrated. Hit P while in the send message view for encryption options. To add public keys of your collaborators, use:
gpg --import whatevertheirpublickeyiscalled.whatevertheycalledtheextension
Feel free to send me an encrypted mail. =) My public key should be here.
gpg -kvc
This should print out some useful information for distributing and verifying your signature. For example:
pub 1024D/A000D5CC 2002-05-18 Kai I Hendry <hendry AT cs.helsinki.fi>
Has some information useful to you. A000D5CC is my public key id which is used as a quick and easy reference to perform various functions with.
gpg --keyserver wwwkeys.pgp.net --recv-keys A000D5CC
The command above grabs my pub key from a server and imports it quite smartly. DO not to forget your passphrase/password!! I have myself have forgotten the passphrase of my first key and it is extremely annoying for yourself and others. To avoid such an embarrasing situation, make a revocation certificate in advance, using:
gpg --output revcert.asc --gen-revoke A000D5CC
Keep that revcert.asc in a safe place. Maybe even print it out as the GnuPG Keysigning
Party HOWTO suggests.
Again using your public id, put some custom headers
into your .muttrc. For example, here are mine:
my_hdr X-GPG-Fingerprint: 5A9F A10D 621C 7D24 4624 90F0 ACCB 71F0 A000 D5CC my_hdr X-GPG-Key: 1024D/A000D5CC
Here is my little tip.