November 2008 Archives

The following steps will setup ssh authentication using keys rather than just a password.

Create your ssh keys

/usr/bin/ssh-keygen -b 1024 -t dsa -f ~/.ssh/<filename> -C "Some comment you want"

• -b is the number of bits
• -t is the type of ssh key to generate
• -f is the filename to save too. If left out, it will default to ~/.ssh/id_<key type> where <key type> is the type of key defined when -t is used.
• -C is a comment (optional)

Once the keys (a private key and a public key) have been created, you will need to copy the public key up to the server you wish to connect to.

cat ~/.ssh/id_dsa.pub | \
/usr/bin/ssh username@server.example.com \
'cat - >> ~/.ssh/authorized_keys'

If you left out the -f when creating the ssh keys then you can connect to your server using:

/usr/bin/ssh user@server.example.com

If you used the -f option to specify a different filename when creating the ssh keys then you can connect to your server using:

/usr/bin/ssh -f ~/.ssh/id_dsa user@server.example.com

SSH Config

Rather than have to specify options on the command line each time you wish to ssh anywhere, you can create a file ~/.ssh/config to hold user defined options. Below is a config file I use

Host *
Compression yes
CompressionLevel 9
IdentityFile ~/.ssh/client_dsa  

Host server1
    HostName server1.example.com
    User user2

Host server3
    HostName server3.example.com

Host server4
    HostName server4.example.com
    User user3

Host server7
    HostName server7.example.com
    User user4

Host home
    HostName home.example.com
    LocalForward 10548 localhost:548
    LocalForward 5911 localhost:5900

The first section (Host *) defines options to all hosts I connect to. Each subsequent host defines options for just that host. Normally just a hostname and in some cases a different username. If you don't specify a username when connecting via ssh, it will default to your logged in username on the current machine.

For the host home, I have defined some local port forwarding to allow me to connect via VNC and AppleTalk over the ssh connection. To use this, once connected, I can load up my vnc client and enter a hostname of localhost and a port number of 11. Similarly, if I wish to connect via AppleTalk, I would use afp://localhost:10548 when connecting.

Once saved, you can now connect to your ssh server(s) just by typing:

/usr/bin/ssh server4

For more options that can be included in ~/.ssh/config, checkout http://www.hmug.org/man/5/ssh_config.php.

Show Databases

$ psql -U postgres -l

Make a backup using pg_dump

$ pg_dump -U postgres sample > sample.dump.sql

or to compress the database during export you can also do

$ pg_dump -U postgres sample | gzip -c > sample.dump.sql.gz

Restore database

$ gunzip sample.dump.sql.gz
$ psql -U postgres -d sample -f sample.dump.sql

Dump all databases

Another option is to use the pg_dumpall command. As the name suggests, it dumps each database and preserves cluster-wide data such as users and groups. You can use it as follows:

$ pg_dumpall -U postgres > all.dbs.sql

or

$ pg_dumpall -U postgres | gzip -c > all.dbs.sql.gz

Restore all databases

$ psql -U postgres -f all.dbs.sql postgres

Note, all the steps must be done in single-user mode (hold down cmd-s during boot).

Delete the user home directory

$ mount -uw /
$ rm -R /Users/<username>

Delete the user from Directory Services

$ /bin/launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
$ dscl . -delete /Groups/admin GroupMembership <username>
$ dscl . -delete /Users/<username>

Remove .AppleSetupDone to cause Setup Assistant to run

$ rm -rf /var/db/.AppleSetupDone

Once the final step has completed, you can shutdown the computer using the command below and then boot from another HD and image if necessary using Disk Utility.

$ shutdown -h now