Apparently Fedora 25, even if in alpha state (not for long, beta coming soon) is doing extremely well with Wayland enable by default. Is there any graphical/easy-to-setup solution out there for remote desktop management (under another Linux machine) that will work with Wayland? Or is it too early?

As I understand this, firewalls (assuming default settings) deny all incoming traffic that has no prior corresponding outgoing traffic. Based on Reversing an ssh connection and SSH Tunneling Made Easy , reverse SSH tunneling can be used to get around pesky firewall restrictions. I would like to execute shell commands on a remote machine. The remote machine has its own firewall and is behind an additional firewall (router). It has an IP address like 192.168.1.126 (or something similar). I am not behind a firewall and I know the remote machine's IP address as seen from the Internet (not the 192.168.1.126 address). Additionally, I can ask someone to execute ssh (something) as root on the remote machine first. Could anyone explain me, step by step, how reverse SSH tunneling works to get around the firewalls (local and remote machines' firewalls and the additional firewall between them)? What is the role of the switches (-R, -f, -L, -N)?

I'm supervising a number of headless displays, and in order for me to see, remotely, what a screen is currently displaying without actually going there and look at it, I'm using scrot to take a screenshot every once in a while. However, one of our displays is a 4x4 (that is, 16-monitor) huge display, and if I use scrot, all I get is the upper left 16th of the display - I would like to view all of it. Any ideas?

i am trying to do something , but i cant get it to work After at least 4-5 hours of research and trying , its time for help I want to connect to a second remote machine trough a primary remote machine my setup is like that -> "Home1" windows desktop machine with SSH server -> "HOME" router with opened port to "Home1" SSH server -> internet -> "REMOTE" router with port opened to SSH server to "Remote1" -> "Remote1" on the same LAN as "Remote2" -> Http Server on port 1080 on "Remote1" -> Http Server on port 80 on "Remote2" -> Empty IPTABLE and policy set to ACCEPT on "Remote1" what is working right now : - i can connect to SSH console on "Remote1" - launch reverse SSH tunneling from "Remote1" To "Home1" -> ssh -fN -R 1080:localhost:1080 user@HOMEIP - i can acces "Remote1" http server from "Home1" by typing 127.0.0.1:1080 in my browser SO FAR everything is OK but if i try to do ssh -fN -R 80:localhost:80 user@HOMEIP then iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:80 iptables -t nat -A POSTROUTING -j MASQUERADE i can never get acces to "Remote2" http server i get an error on the "Remote1" console everytime i try to acces it thru my browser on "Home1" connect_to localhost port 80: failed. i am sure that "Remote2" is up and running , because it is actually my ISP router and i want to acces it to open new ports (interface acces is only possible from LAN and locked from WAN) (i have 3 hours of road to "REMOTE" and no one on site for weeks) also tried many permutation of different settings and nothing seem to work THANKS

I want to push a new user's public key to a host invetory using Ansible. For that, a playbook was created like the following example. --- - name: vms1 - Authorize hosts with pub key hosts: vms1 tasks: - name: Copy ssh pub key to remote host ansible.posix.authorized_key: user: user1 state: present key: "{{ lookup('file', '/home/controluser/.ssh/id_rsa.pub') }}" - name: vms2 - Authorize hosts with pub key hosts: vms2 tasks: - name: Copy ssh pub key to remote host ansible.posix.authorized_key: user: user2 state: present key: "{{ lookup('file', '/home/controluser/.ssh/id_rsa.pub') }}" - name: vms3 - Authorize hosts with pub key hosts: vms3 tasks: - name: Copy ssh pub key to remote host ansible.posix.authorized_key: user: user3 state: present key: "{{ lookup('file', '/home/controluser/.ssh/id_rsa.pub') }}" The inventory goes like this. (with many more hosts) [vms1] 192.168.7.211 192.168.7.212 192.168.7.213 [vms2] 192.168.7.21 192.168.7.22 192.168.7.23 [vms3] 192.168.7.111 192.168.7.112 192.168.7.113 Each play has its own host group and its own user. The playbook can be started with the following command. ansible-playbook -k -i inventory playbook.yml When using -k option, it only asks the SSH password once. The issue I have is that the password is different for each group. Therefore, I would like to input the password for each play. How could the password be requested for each play?

I'm pretty sure this question has been already come up not only to me but I just fail to find answer. So I do ssh connection to a remote server with ssh certificate. No issue so far. Then I'm doing configuration on the remote server and obviously time to time I need sudo privileges. Thus I need to type password of my user from the remote server. As far as password is strong its hard to remember it. Actually issue is not to remember but rather how to automate typing it. Is it where pass can help me? Or some other small linux tool? I am looking for best practices and Linux way. Not sure I want to rely on heavy and bloat GUI application. But if no other choice... Thanks.

Sudo users do not seem to need privilege elevation to suspend/shutdown the computer when they are doing so locally, but require privilege elevation (e.g., need sudo shutdown instead of just shutdown). Is it possible to allow sudo users to do those remotely without privilege elevation?

10 years ago, there was a question: Automatically run commands over SSH on many servers . I have basically the same one, but I need to run commands/scripts with (potentially different) parameters there and need to stop long running tasks. Also, I would prefer a modern monitor (eg. web UI or Elastic output at least) so I can monitor which scripts are running and/or finished and with what results. Eventually would be nice to queue them, or give some time limits. Also, I can't add my public key to all of the computers, but I may (let someone) to install some software there. This is mainly intended for AI training processes, but also many others as upgrading the frameworks and eventually sending (downloading) new scripts and data. In the link above, guys suggested Ansible, I think the automation way is the modern way to go, but are there any others? A friend suggested also CI/CD (gitlab actions), but this seems a bit too much and for other purposes as code testing. I also got a tip for AutoML, but that is a complete framework for AI, which I don't need as I need also to run multiple various commands/scripts with various parametes there.

I have a Windows VM that is stuck on the blue reset screen. Usually in this situation I just kill the process for the VM, but obviously that isn't ideal. It seems that they way to do this is through the qemu monitor console. However, I am not sure how to access it. - I don't have virsh, so virsh commands are out. - I am running with GPU passthrough, so ctrl-alt-2 doesn't switch to the qemu monitor. - I thought this might be the answer, but it brings up an iPXE prompt instead of a (qemu) prompt. https://unix.stackexchange.com/questions/426652/connect-to-running-qemu-instance-with-qemu-monitor - I tried subsituting the machines IP in the command described in the above answer, but that also resulted in a iPXE prompt. - From this iPXE prompt ctrl-alt-2 switches to a black screen with a solid cursor and no ability to type. Edit: As requested, here is the command I used to start the VM:

vmname=win10
sudo qemu-system-x86_64 \
-name $vmname,process=$vmname \
-machine type=pc,accel=kvm \
-cpu host,topoext,hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time \
-smp 8,sockets=1,cores=4,threads=2 \
-m 32G \
-rtc clock=host,base=localtime \
-serial none \
-parallel none \
-nographic \
-vga none \
-device vfio-pci,host=09:00.0,multifunction=on \
-device vfio-pci,host=09:00.1 \
-device vfio-pci,host=0a:00.0 \
-device vfio-pci,host=45:00.3 \
-drive if=pflash,format=raw,readonly,file=/usr/share/OVMF/OVMF_CODE.fd \
-drive if=pflash,format=raw,file=/tmp/my_vars.fd \
-boot order=dc \
-drive file=/dev/NVME-TANK/ntfs-zvol,format=raw,if=virtio \
-drive file=/home/boss/ISOs/virtio-win-0.1.208.iso,index=2,media=cdrom \
-netdev type=tap,id=net0,ifname=vmtap0,vhost=on \
-device virtio-net-pci,netdev=net0,mac=00:16:3e:00:01:01

Until now I used zerotier in order to reach a remote linux debian 9 machine that is a sort of vpn service, it assign you virtual router and you can add machines to it. Something got really strange since last update of the remote client. The machine is unreacheable, I have a person there with root access that can write a small list of command but he isn't very practical so keeping the list short is better. What list of command can I send to him in order to get a 100% sure functioning teamviewer installation so that I can get back and login in this machine ? The machine is a full classic Debian 9 installation with NO X or anything, only CLI classic terminal. I've read various teamviewer installation threads but every one seems to be very technical for linux, while I need something easy and unattended where the person have to do a command once, tell me his id and let me enter to fix all the mess zerotier last update leaved. BONUS: The command list can be also put online so he have to write a single line like a command runurl http:// some_pastebin_address ? Thanks!

I'm trying to work with our IT to provide a Linux option for laptops. The main sticking point is the ability for IT to disable the possibility for anyone to login to the machine in the event of a lost or stolen device or an employee termination. Jamf provides minimal Linux coverage. Anyone know of an equivalent to Jamf for Linux out there? Engineers are all 100% remote. AD is implemented using Azure AD (I think). People with windows machines are authed through AD, I believe. Mac folks are managed by Jamf and each engineer with a mac has a single account on the machine and they have sudo privs on their respective machines. Jamf provides the requirements as stated where IT can disable the machine when desired. I know that Linux can integrate with AD of old, but I'm not so sure about AD in azure. I'll start looking that up. So to answer a few questions in comments... 1. I'm not shopping. I am seeking advice as this type of service seems to be lacking for Linux and perhaps I'm wrong. I'm wondering if anyone else has solved this problem and if so, how so? 2. I'm just one of the engineers attempting to assist the IT dept because I freakin hate macs and windows. So if I can find a way to solve this problem then we will be authorized to use Linux. 3. No VPN required and I don't think it would solve the ask. Again, the idea is to minimize the ability for an attacker (insider or otherwise) to use the machine as a vector of attack by the push of a button.

I want to connect remote my linux machine via SSH. What should I do for this?

*I'm trying to copy a bunch of RSA keys to multiple servers for a specific user. Whenever I issue the ssh-copy-id command it asks me to confirm by typing "yes", then asks me for the password. I wanted to avoid wearing out my arms and fingers, so, I decided to create a script for this task, something like this:* #!/bin/bash runuser -u $RMTUSER -- ssh-copy-id root@172.24.168.47 runuser -u $RMTUSER -- ssh-copy-id root@172.24.168.48 (...) runuser -u $RMTUSER -- ssh-copy-id root@172.24.168.212 runuser -u $RMTUSER -- ssh-copy-id root@172.24.168.213 *I can't seem to find a good way to automate that task. Nothing seems to work. How can I input "yes" and the password automatically?* ---------- I've realized my initial question was quite lackluster. I'm sorry for that... it remains above, though. I've improved the script to something similar to what Marcus proposed. I'm stuck at the "for" loop wondering how to pass that password for different server arrays. My host sets are all static and there's much more. #!/bin/bash LOCUSER="$1" # USER FOR REMOTE ACCESS RMTUSER="$2" # REMOTE USER PASSWD="$3" # SITE PASSWORD SITE="$4" # SERV SITE function uras() { for IP in "$@"; do runuser -u "${LOCUSER}" -- sshpass "-p${PASSWD}" ssh-copy-id "${RMTUSER}@${IP}" [ "$?" -eq "0" ] && echo "OK - $IP" || echo "FAIL! - $IP" done } case $SITE in "sa") ARRAY_A=( $(cat ./serv_a.txt) ) uras "${ARRAY_A[@]}" ;; "sb") ARRAY_B=( $(cat ./serv_b.txt) ) uras "${ARRAY_B[@]}" ;; "sc") ARRAY_C=( $(cat ./serv_c.txt) ) uras "${ARRAY_C[@]}" ;; *) echo "INVALID SITE" ;; esac Still, the script fails for every host. # ./auto_ssh_copy.sh [user] root [pass] [site] /bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/zabbix/.ssh/id_rsa.pub" FAIL! - 172.24.168.48 /bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/zabbix/.ssh/id_rsa.pub" FAIL! - 172.24.168.49 /bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/zabbix/.ssh/id_rsa.pub" FAIL! - 172.24.168.50 (...) I tried using "-f" as well, but the result is the same. I agree that using something robust like Ansible might be a better tool for the job, but unfortunately it is just not available in my working set for now. This is what I came up with so far. ---------- **Finally I managed to copy all keys. The script above was missing option -o StrictHostKeyChecking=no, thus sshpass was returning exit code 6. The resulting command is this:** runuser -u ${LOCUSER} -- sshpass -v -p${PASSWD} ssh-copy-id -o StrictHostKeyChecking=no ${RMTUSER}@${IP} **Marcus awnser help a lot. Thanks everybody.**

Does anyone know of alternative protocols for gathering metrics remotely from Linux servers other than SSH and SNMP? We are looking to support as much of the Linux ecosystem as possible including very old distributions so the protocol needs to be broadly available. Thanks, Brian

I want to setup froxlor on not fresh install remote server (Ubuntu 10.04.2). I take care of admin the server since two month. Before I start, the previous guy installed and config some services and files. I don't know what he exactly does, I can only view what he installed (by the history) but not what he edit. I want to install the Server-Management-Panel 'Froxlor' to administrate the whole stuff with it and not doing it manually by ssh. My cousin (he rent the server) should also be able to config some stuff with the browser. These services already installed and configured and used - apache 2 + php 5 + mysql 5.1 - proftp 1.3 - postfix 2.7 + courier 0.62 The tutorials I found, are based on fresh install system. I already installed froxlor, but for using it I have to execute some scripts and change/overwrite the config files of the services. But if I do it, the current configurations will be lost. **What's the best practice to backup the configs as simple as possible** (with less effort and problems) and configure froxlor and then merge the backuped files. Which data / config files I have to backup?

My ISP gives me a 192.168.* IP to my home router. Only the main company router in the building gets a real IPv4 IP but all of the tenants in the building share that. They don't do IP forwarding so I can't request port 22 to be forwarded just to me or anything like that. Using Tor, I can open a route to the Tor network and ssh in from the outside. However, it is very laggy as you can image. Similarly, my Synology NAS opens a route to a remote server at Synology and I can connect to it remotely. I would like to know what this transport system is called and how I can use it to connect my home machine to a VPS server that I already lease (aka my bastion host) so that I can ssh in remotely, via the bastion host, without needing to go through Tor. I love Tor, but the lag over ssh makes me crazy.

I have a dedicated server running Ubuntu Server 18.04. I'm going to be hosting a Minecraft server for someone. What's the best way to restrict their read, write, and execute access to _only_ the Minecraft server directory? They'll also need access to Java to run the server.

I've just installed cockpit on my CentOS 8 box: dnf install cockpit systemctl start cockpit.socket systemctl enable cockpit.socket Once I'd let it through the firewall, I can get it up on a.b.c.d:9090 in my browser. But Chrome is saying Not secure, with https crossed out in the address bar. When I click on the warning and then Certiciate (invalid) it tells me Windows does not have enough information to verify this certificate. It says the certificate was issued by myhostname, to myhostname, and that it's valid from today until 2031. If I go to Certification path then Certificate status it says The issuer of this certificate could not be found.` I'm unclear whether my connection IS encrypted or not. Is Chrome just saying it doesn't like the certificate, or is it actively not using it and forcing http? I've checked the guide at https://cockpit-project.org/guide/latest/https.html and running remotectl certificate I can confirm that the file is there and is apparently being used. How can I fix this? Thank you!

I have multiple CentOS machines on a network and I need to be able to push one script at a time to all of the machines at once. I have looked at something like Atera, but that is for windows, is not free nor open source and it also has way too much functionality. If anyone can please give me a recommendation on what software I can use for this.

Beside our internal IT infrastructure, we've got around 500 Linux machines hosting our services for the on-line world. They are grouped in a bunch of clusters like Database A-n, Product A-n, NFS, Backoffice and so on. Furthermore, they are administered by an external provider, according to our specifications and requirements. However, we face a lot of trouble during (web-) software development, roll-out and deploy - especially because the dev- and staging-environments have almost nothing in common with the live systems (I spare out the nasty details..). Thus, I've tried to create virtual machines, copied the various live-systems as exactly as possible and prepared them to connect to e.g. the development-databases instead of the "real" ones transparently for developers (they aren't root). This works pretty well, but... I was wondering how one could administer those systems remotely and _in bulk_? Is there some software family I'm not aware of? Or, at least, some techniques or principles one should be familiar with? We would provide every developer with a bunch of images to be run locally (VirtualBox). The QA dept. would get virtual clusters (XEN or Hyper-V). If I need to provide an additional server-module, re-route a new database connection or just want to update everything provided by the package manager... how could I possibly do that without being forced to log on to every system and/or ask my colleagues to download and run some fixture-script? I believe there are plenty of solutions. Well, somehow I'm too stupid to enter the correct keywords into the search engines... Or isn't this issue as trivial as it sounds? For the record: - Almost all systems are running Debian GNU/Linux 6.x "squeeze" - No developer is forced to use a particular OS at his/her workstation - The budget is limited, of course, but not too small to buy proprietary software - A solution that would involve our aforementioned provider is preferred