git is an unbelievably powerful tool which is unfortunately rather picky in choosing its friends. Documentation is available in copious amounts and this blog article adds to the mountain.
Unfortunately, the documentation out there always assumes the ideal case: A small project, a handful of colleagues who are motivated and doing the right thing, a workflow agreement that matches the work to be done and no mistakes. Reality is different, and so you might find yourself wedged in broken workflows, surrounded by unwilling or incompetent cow-orkers and/or a git repository that has grown historically and still is carrying the burden of misguided work of decades.
In this blog article, I'd like to introduce you to my way of trying things with git. It allows you to easily do things in the right and in the wrong way while immediately seeing the results of your actions. Let me know whether it's of any help for you to grok git (which I have not fully managed yet).
Continue reading "git workflow trial environment"
Oftmals hat man die Aufgabe, einen maschinenübergreifenden Zugriff automatisiert stattfinden zu lassen, ohne dass man der einen Seite gleich "vollwertige" Credentials für einen interaktiven Login auf der anderen Seite geben möchte. Wenn der Zugriff automatisiert stattfinden soll, fällt auch noch die Sicherheitsstufe eines ssh passphrases weg, da niemand da ist um diesen einzugeben.
ssh forced commands bieten eine Möglichkeit, einen solchen Zugriff zu erlauben, ohne gleich die Büchse der Pandora zu öffnen. Selbst ein automatischer Zugriff mit root-Rechten ist auf diese Weise "reasonably secure" realisierbar.
Continue reading "Login als technischer User mit ssh forced commands"
Yes, You Should Not discard cached ssh host keys without looking. An unexpected change of an ssh host key is always a reason to step back from the keyboard and think. However, there are situations when you know that a systems' ssh host key has changed, for example when the system reachable under this host name has been redeployed, which happens
increasingly often proportionally to the devopsness of your environment, or for example in test environments.
Later versions of ssh offer you the ssh-keygen -R command line to paste from the error message, so that you can abort the connection attempt, paste the command and reconnect again. This will still ask for confirmation of the new host key though.
Almost every sysadmin has an alias or wrapper to make handling of this situation easier. Solutions range from using "StrictHostKeyChecking no" and/or "UserKnownHostsFile /dev/null", turning off this layer of securit altogether either globally or usually too broadly, to more-or-less sophisticated solutions that involve turning off know-host file hashing, parsing client output and/or grep-sed-awk magic. grml even comes with an insecssh script that is rather neat and that I used until I developed my own.
Continue reading "insecssh"
