SSH tunnels and remote port forwarding

If you want you can skip the beginning blurb and go right to the recipe.

Every so often you face a tough problem then someone sayz to yuh, “Cliff, have you tried ssh tunnels?” (well that’s what hey would say to you if you were me, and if you were me you would have a habit of making easy problems way tougher than they need to be while you make tough problems easy.) That’s what happened to me a loooong time ago… like around last month. The I was chattin’ with the VP of technology about all things Maven and mobile related explaining how clever we were with our solution to on device testing when he suggested we try ssh tunneling. I read an article that day and got excited because it looked soo easy. Then I made a promise to our mobile dev team that I would prototype it over the weeken. Then I quietly forgot about it. Today the question came up again and I was like, “Oh crap! I never did try prototyping a solution to that problem!” I gave it a good hour of effort before getting stuck. It’s really not that difficult, and after leaving for the day, coming home and attacking it fresh I found that I only had one minor problem… I didn’t read the docs completely. (That’s how it goes when I see something cool. I jump in head first and complain because I always miss something simple and fundamental.) Silly babbling aside I present you the how to on what to do to get to your CPU thru EC2…
(or any other public remote web host)

1 Remote server running a flavor of ssh. (In my example I assume openSSH as it’s prevalent across many Linux distros.)
1 local computer that you desire to access also running a flavor of ssh (I’m using OS X in my example.)
2 Eggs slightly beaten whites removed.

1. Combine one additional parameter with the default sshd_config file under our server’s /etc/ssh folder. Use vi, nano, kate, gedit or a fancy command like the following.
sudo echo ” GatewayPorts yes” >> /etc/ssh/sshd_config
[For best results supply password when using the above crazy command.] The parameter name is GatewayPorts and the value should be yes to allow clients other than the server itself to tunnel into your local machine.

2. Execute one sshd restart command to allow the new parameter to be considered on the server. Eg.
sudo /etc/sshd restart

3. Add -R [remote port]:localhost:[local port] to 1 1/2 cup of ssh command typing slow to avoid error. The remote port is the port number you wish to tunnel through on the remote machine while the local port is the port you want all traffic to be directed to on the local machine. Eg.
ssh me@myremotehost -R 80:localhost:9002
This can be used to forward all web server requests to a server app running on the crappy Compaq that you used to execute the ssh command.

That’s it! The net result would be a service running on your desktop/laptop/MacBook in your garage appearing as if was running on the public remote web host. So then you point your browser to http://myremotehost and your home equipment gets all the traffic. The secret is the “GatewayPorts yes” property that must be set in the remote host’s /etc/ssh/sshd_config file. That secret value bypasses all common sense security allowing anybody on the internet to peek into your home located machine and access the pictures of you and the kids looking burnt up at Daytona Beach, FL.

Now why would you want to do that? There are all sorts of possibilities that arise when you start playing with tunnels. First off, they run through the security of secure shell, a robust tool that I’ve only begun to understand the capabilities of. (It seems like ssh can do everything from being a secure channel, to enabling sFTP, to being a mountable file system allowing Windows explorer like file browsing, to recording those 10:30am episodes of Judge Judy while you’re at work. Yes, ssh can do that too.) Tunnels work both ways, remote forwarding and local forwarding. If you were behind a firewall that allowed connections to remote ssh hosts but blocked some other port/protocol you could sidestep by doing something similar to the above but substituting the ‘-R’ with a ‘-L’ for a local forward. Then all the traffic sent to the machine you run the ssh command from would be forwarded to the remote host. It’s so simple! Setting up a tunnel is a matter of specifying the port you want to forward from and the port you want to forward to! Use your imagination, and happy port forwarding!

Use ALSA for OSX Sounds

A follow up to a much earlier post using the same idea I’ve modified my old command line shell script to handle .m4a and partially .aif files. The catalyst was my neighbor on the other side of my cube wall. He got tired of hearing my Kopete blips and I’ll admit they do sound annoying. So now I opted for the much softer TokyoTrainStationAdiumSoundset from Apple’s adium IM client. Pulling these sounds over was the fun part. Using Konqueror, I drill into my Mac with the “fish://” protocol and navigate to /Applications/Internet/ where all of my Adium sound sets await, eager to invade my hungry little ear drums. I copy them to a folder locally. (Alternatively I could have opened the Adium application bundle in Finder by command tapping or right clicking or two-finger tapping and choosing “Show Bundle Contents”. I could then use MacFuse/MacFusion which is always broken after a run of Mac Janitor and mount my Linux box to push the files over.) I then dump my earlier shell script somewhere in my path (I named it alsa-play this time) and use it to configure Pidgin. (The same will work with Kopete though I’m using Pidgin now because Kopete has been acting very funny. The big problem is that Kopete refuses to communicate with my buddy’s WinXP install of Pidgin… so many variables, so little time to chase them all!) I apt-get install faad which is a command line tool for decoding Apple audio files. Here’s the painful part, figuring out which command line parameters to pass to both faad and aplay. (aplay is the command line tool for jamming audio 1s and 0s into your sound card which, in turn, shoves these 1s and 0s down the thin black cable connected to your speakers which eventually convert the numbers into sound by rattling those pricey paper cones located inside their towers. Its amazing how much I’ve learned about audio… can you tell how much I love the study of sound?) After various iterations of producing garbled nonsense from failed commands I learned that I was missing an “-f cd” flag on aplay. Who would have known? I’m not even sure I remember what the flag means. Here’s the finished script. (Remember it assumes you have faad, oggdec, and mpg123 installed for conversion puurposes.)


case $1 in

   *.m4a|*.aac|*.aif) faad -w -q $1 | aplay -q -t wav -f cd

   *.ogg) oggdec -Q -o - "$1" | aplay -q &

   *.wav|*.voc|*.wav|*.au|*.raw) aplay -q $1 &

   *.mp3) mpg321 -o alsa $1 &

   *) echo "unsupported file type $1"

Broken screen resolutions in Mepis 7

It’s been a while since I’ve been entrenched in Linux. I used to know this stuff like I know karate. (I took all of two months of Taekwondo which were Tuesday and Thursday evening courses back in the 6th grade.) There was a time I could dcopfrom KMenu through Amarok and generate Growl-like messages when new apps were installed. Now it feels like a struggle. Today I figured out how to fix my screen resolution in my recent Mepis 7 install. There’s a page on the wiki I used as a guide. For whatever the reason my resolution was too low in Twin View mode after installing the NVidia driver (2048×768 combined resolution) leading to some huge fonts that I couldn’t understand and other oddities. The fix was as simple as adjusting the MetaModes in my xorg.conf file. The meta modes is what seems to control the available resolutions in the twin view display settings. Also, if you’re gamma-configuring inclined you may wish to apt-get install the nvidia-settings program to fine tune things like Open-GL and other egg head parameters that I’ll only learn about two years from now when I’m stuck on the toilet looking for reading material and decide to pull out the mobile and do some web browsing finally noticing only few sites look good on the 8830 Wikipedia being one and JoelOnSoftware the other.

KDE Katapult Tip

I’ve done this before, all of it. Everything I’ve done to my new Mepis box is a repeat of two years ago but a lot of it I can’t remember… too hazy. That’s why the blog posts.

Today’s tip involves Katapult. I fell in love with it because of the way it lists my album art as I incrementally search my music selection. I used to rate it above anything on the Mac until I actually tried a Mac. (Silly me, right!) After having been exposed to QuickSilver for a while (and to that extent even Launchy has a thing or two on Katapult!) I miss the ability to re-index my catalog. What that means is being able to see the things right after you install them. Quicksilver (and I think even Launchy) does this automatically on an interval and gives you the option of manually starting a re indexing. Katapult, sadly, only indexes on startup. So I have this one line bash command that you can stick in your KDE menu (so Katapult can see it) that will force a rebuild of the index.

dcop katapult MainApplication-Interface quit; katapult

It restarts Katapult and if you put it in your KDE menu (and stick the Katapult icon on it all nice and cute like) just as I did then you can invoke katapult, right after you do something like install Pidgin, or Groovy, then restart and the next time you bring up Katapult your new install will be there.

Creative Sound Blaster X Fi on Ubuntu Hardy

I got a lot to say but no time to say it. For now just know that I’m back on Linux and fighting with audio incompatibility. It sux because most everything else works on my fresh new Mint Linux (that’s right I’m on Mint now, not Mepis, not Kubuntu…) install. For what it’s worth I think my answers may be here. If you have a Creative Sound Blaster X Fi card and are considering installing the latest version of Mepis, (K)Ubuntu, or Mint, look at this guide:

There’s a blurb about SLAB vs. SLUB don’t ask me what it means just follow along. I’m going to try this myself in another day or so.

Set the $PATH for the Run (Alt+F2) Dialog

Here’s another gem for Linux Hacks that’s bugged me far too long. We start with a story. You’re new to Linux. (Maybe you aren’t but just pretend you are.) You start playing with some bash scripts eventually accumulating a collection of little knick-knacks and doo-hickeys. They’re living in a folder titled “scripts” in some odd location under your home folder. (Maybe under Documents or something.) You know those brilliant ideas you spend hours on in the beginning only to find out there was already a bash command or combination that does the same thing but you still use your homemade utility because it was sooo cool to write and you spent so much time and effort and you have to justify the time somehow so why not eat your own dog food even if it literally looks, tastes, and smells like Purina. Yeah those kind of scripts! After a while your scripts grow up and start doing big boy things like opening little dialogs or starting the beanshell gui in a certain directory with a preset classpath, or sending DCOP commands to your music player or whatever. You want to run them other places instead of from the command line. You’ve read some quick start bash tutorials and discovered that any command you add to your $PATH can be run without specifying it’s absolute folder location. You also learned about the magic files `/.profile, `/.bash_profile, and `/.bashrc that are read by the bash interpreter when you start a session. Maybe you came from Windows XP or Win2000 and you draw a parallel between these magic files and the system environment settings under “My Computer -> properties -> Advanced Settings”. Whatever the case you have the understanding that editing one or all of these files and setting the PATH variable accordingly will result in the desired behavior allowing you to run your commands directly from your desktop’s run dialog. (In KDE, Gnome, and I believe XFCE the run dialog is typically enchanted by summoning the Alt+F2 key sequence.) After setting your PATH and closing/re-opening your konsole, err command shell you are content to see the environment has been set to your liking. You later attempt to open your run dialog and directly enter your command which results in a round of random profanity and swearing. It doesn’t work!

Get to the point! How do we fix it???
I can’t jump right into the sauce without giving the background of what’s wrong. I’m not the brightest man in the world but I’m going to explain things to the best of my knowledge. The problem of your desktop (Gnome gdm, KDE kdm) not picking up your PATH settings in your home profile scripts stems from the fact that your desktop has not been run as a login shell. To understand a little better put the following command in your `/.bash_profile:
If fortune is unfortunately not installed on your system run “apt-get install fortunes” (or “apt-get install fortune” I can’t remember which one.) If you don’t “get” apt-get (some of you may be running Gentoo based or Suse with Yast) just look in your package manager for the fortune program. Try not to make this another project. Worst case use the following command instead:
echo "Your fortune: People who live in glass house should not throw stones. Throwing parties is an acceptable alternative." > ~/fortune
Now login to your system from the command line using “su <your_user_account>” You should not see anything different than usual. Now exit that shell and login again but this time with the magic dash ‘-‘ after the su command: “su <your_user_account>” You should see your fortune echoed back to you. (If you’re running the Beryl desktop then flip the command shell around to the back and read me your lucky lotto numbers!) The dash character makes your new shell a login shell. In other words your .bash_profile is sourced on startup. That’s what’s missing by default in the window managers on many Linux distributions. To correct the problem we must make the window manager a login shell. (I’m not sure of the consiequences of such change. If there are side affects please let me know because I’m just as new to things as most people.) On my Mepis-6.5 system I navigate into my /etc/kde3/kdm/Xsession file and make my adjustment at the top. Originally it has the typical she-bang:
I introduce the login parameter:
#!/bin/sh -l
For those who don’t know, the she-bang is the standard prelude to a bash script. It is the 1st line of the file that the system reads which tells it which interpreter to use to process the file. It’s like a mini command line for running the source file and it can be parameterized like any typical command line. Appending the -l (or –login) parameter to the /bin/sh command tells the system to use a login shell. That’s all there is to it. Restarting X (logging out from the run menu and hitting Ctrl+Alt+Backspace from the login screen) will then load my mindow manager with the settings from my `/.bash_profile or `/.bashrc files. To double check I open the run dialog, key the following command “echo $PATH”, hit the advanced button, set it to run the command in a console, and execute.

The tricky part is knowing which file to edit for your particular system. You might get away with editing /etc/X11/Xsession or you might need to find the Xsession that is executed, for example, under a Gnome based system. An alternative approach in KDE is to put a bash script in the env folder under ~/.kde. Scripts here get sourced on KDE startup and are much safer than editing files under /etc. That’s the tip for today. Show your love in the square below…

KDE, KMenu and Katapult

Today’s entry in Linux Hacks involves a little issue I’ve been having in KDE. You see I sometimes need to add entries to my KMenu (the Linux/KDE equivalent to the Windows Start menu) but here’s the interesting thing. I never use my KMenu directly. Have you heard of Katapult? Me neither until my OSX obsessed buddy introduced my to some spotlight search thing on his Mac and we went a strolling looking for a Linux equivalent. Katapult is a cool way to interact with your system, it combines the Alt+F2 run dialog (also available in Windows via the WinKey+R sequence) with a Google Desktop Search allowing you to incrementally search your Run or K menu and launch whatever it has in it. The real cool thing is how it searches other areas too. If you have a huge collection of MP3 files on your desktop and you run Amarok along side Katapult then key Alt+Space and start typing the name of one of your favorite artists or songs. (Make sure it’s one that has album art downloaded and make sure your running the latest version of KDE/Katapult for the full effect!)

Anyway that’s not why I’ve summoned you here today. I wanted to explain what a pain it is to add stuff to Katapult’s catalog. Here’s the thing. Katapult scans the K Menu on start up and then live’s life believing it knows everything. Have you ever dealt with a hard headed individual where no matter how hard you try to tell them, “Bro, your fly is unzipped!” they go on to ignore you? Well that’s kinda how Katapult behaves. You add entries to your KMenu and no matter what Katapult won’t listen. I recently added an entry for GroovyConsole complete with a png of the Groovy logo. I bring up Katapult (on my system it’s mapped to the Win+R key) and type g-r-o-o-v-y and it bypasses an image of a spooky looking ghost (I have an entry for GV, what the heck is that?) and then gives up looking. Long story short, Katapult will not include any entries added to the KMenu after it starts. You have to kill Katapult and restart it to refresh it’s catalog. The first 462 times I encountered this problem I didn’t even know how to kill katapult. I mean I didn’t know its process name and I was running a version of Kubuntu that hid it’s tray icon by default.

Katapult Quick Fix
The answer ladies and gentlemen (do any ladies even read my blog?) is to include an easy way to refresh Katapult. The refresh involves two commands that must be run from the command line:
kill -9 katapult

They can be glued together on one line with a semi colon, “kill -9 katapult; katapult”. You can then add, guess what? A KMenu entry to refresh Katapult using the super-glue enabled two command sequence. I associated that with the Katapult icon and a title, “Refresh Katapult”. Then when I manually restarted Katapult I was able to find the refresh option by typing Win+R-r-e and viola! Now when I add entries to the KMenu or install apps via synaptic I can easily refresh Katapult and then locate the new app as if it ewre always there.

With respect for Kathy

Go Kathy!Kathy Seirra, one of the top three bloggers that I know of has been under attack. The short story is some people thought it would be comical, daring, or cool to slander the woman over the internet for whatever reason. The entire situation is foolish but you can’t easily stop something as powerful as the internet once it turns against you. I only have a small set of readers that frequent my pages, and I’m thankful for each one of you. I’m going to follow Scoble’s lead and refrain from posting or commenting at all during the following week in respect for Kathy. (I do realize that I may loose most of my loyal readers since I’m not as powerful or as cool as Joel or Rory but it’s something that I feel is necessary. It’s all good though because I got John Blaze stuff here, y’all just ain’t reckognizin’!!!) That’ll give me more time to actually work on GSpec as well as some other things. You can continue to post comments, hollaback, and drop it like it’s hot (unless of course it is really not all that hot and rather easy and comfortable to hold onto), I’ll respond to everyone and everything in a week. Support Kathy!If ya’ got a blog and ya’ wit’ me then take a moment of silence in support. If you don’t have a blog but yer’ still with me then join in the moment of silence by meditating on my man Cuba Gooding. (Show your further support for Kathy and Cuba by checking out one of his DLLs.) In parting I’d like to remind everyone that reads me, be careful of what you post on the net because once it’s out there, it’s impossible to take it back.

Use ALSA for KDE sounds

Building on my last post on Linux sound hacks I’m including this little gem. It’s a little bash script I wrote that plays an input parameter through ALSA. If you disable the KDE sound system you can use this shell script to push system sounds through ALSA. It assumes aplay, oggdec, and mpg321 are installed on your system. (I don’t remember their respective packages but you can use Synaptic to find them.) Here’s the code:


case $1 in

   *.ogg) oggdec -Q -o - "$1" | aplay -q &
   *.wav|*.voc|*.wav|*.au|*.raw) aplay -q $1 &
   *.mp3) mpg321 -o alsa $1 &
   *) echo "unsupported file type $1"

To use it you have to save it somewhere on your system and make it executable. (I put mine in $HOME/bin and madify my environment so that $HOME/bin is in my $PATH. Use chmod +x on the command line to make it executable.) Next go into your “System Notification” settings dialog in KDE. In the lower right corner there is a player settings button. Key in the path to the file that you saved, hit apply, then hit ok and you’re all set. If you want you can easily compare the sound that the script gives you with the sound that the KDE sound system gives you (using the player settings dialog) to hear the difference.

In my experience the KDE sound system plays sound choppy and not as high quality as ALSA. I’ve also had far too many other issues when the Sound system was running than I care to explain. Try my hack and tell me what you think.

Firefox Flash Linux Hack

Here’s the first in my series of Linux naunces/gems. Sometimes one of the most annoying things for a computer user of any breed is to navigate to a page that loads a Flash applet. Why is it annoying? For starters, Flash is likely not installed (typical on most Linux distros) and if it is installed it’s the wrong version. Adobe played a little trick on us Flash lovers with the introduction of Flash 8+. Until recently Linux users have been left in the cold next to Fred Flinstone after he’s placed on the stoop by that Saber tooth cat thing in the opening credits. More important (and more to the point of my posting) it becomes hell when you’re watching a presentation on the latest thing in technology, the presentor’s mouth and hands are in motion but for some reason he appears out of tune with the beat. As you watch you realize his lyrical prowess is unprecedented while his voice sounds exactly like Method Man. Somewhere between waiting for the hand gestures to catch up with the background drumming and pondering how the speaker comes up with those fantastic metaphors you realize he’s not rhyming at all, instead your Amarok playlist has casually advanced and faded in the next song on your playlist and it’s blocking the audio from the Flash plugin. While it’s nice to imagine how that smart guy from the Ruby RSpec development team has suddenly become passionate for your favorite genre of music it is more infuriating than ever to manually kill your MP3 jukebox app and manually restart Firefox only to find it blocked again from your buddy pinging you via IM about your latest check in. Before I get too far with my ramblings make sure you have this line in your /etc/firefox/firefoxrc file: FIREFOX_DSP="aoss" I’ll explain what it means in a moment.

Linux Sound Archtecture
Unless you spend your holidays importing headers and setting flags in the kernel for the new inotify feature you’ll most likely be unfamiliar with what I’m about to explain. Linux has this cool way of handling audio signals from programs that run. Remeber how you would try to sneak to the front of the line in the cafeteria so you wouldn’t miss out on the chocolate chip cookies that were always limited in supply in fourth grade? Remember the teacher that would send you to the back of the line when you got caught? Yeah, that’s kinda how Linux handles the audio signals from differnt apps. Well, in a round about way, that’s how it works at the lowest level. You see there are these different sound systems that are fighting each other over the kernels attention. (My explanation here is not totally accurate but it’s an easy way for me to make sense of things in my mind.) In one corner you have OSS which is like the kernels wife. He’s been married to her for most of his life so she get’s the most attention. Then you have ALSA. She’s the hot chick in the office that wears the tight thigh-high mini skirts and always cuts her eyes at him when he isn’t looking. (If my wife’s reading this post, which is highly unlikely but still possible I have to insert a disclaimer: There are no hot chicks in my office cutting their eyes at me. I include the story only as a visual aid to color the text around boring topics like audio signal processing priority and the like.) ALSA gets the kernels attention when he’s away from OSS, away from home. Then there’s the chicks in pub he sometimes hangs in, aRTs (let’s call her Artisia for our story) and eSD (Eshia). Artsia (aRTS) and Eshia are promiscuous. They like to play with ALSA but not with each other because they’re in competition. There are other women in the Kernels life too who fight over him but will remain nameless. Since the Kernel is one kernel he can’t use all of them. So the competition is on. My story is falling to pieces and making much less sense so let me break it down like this. The girls from the story are various APIs and services for handling audio. Sound normally goes through one of them before it hits the actual sound card in your PC tower which plays the noise so your ears can hear it. Some of these APIs and services can be shared while others can handle only one audio stream at a time. Some apps (not as many as before) like the Flash plugin write directly to OSS, which is an API that doesn’t share the sound card. Some apps use ALSA which is an API that can handle multiple sound streams. Many other apps use sound servers like Arts and ESD. (Sound servers can be particular to a desktop like aRTS is used for KDE while Gnome uses eSD.) You can make an app use a mix of both. What often happens on Linux is a bunch of apps will hook up to ALSA while the sound server for the desktop hooks directly into the sound card. When that happens you get wierd behaviour like apps taking turns on the sound card. (A blip from Kopete might preempt the signal from XMMS but you wait a minute and play XMMS again and it plays just fine while the other blips from Kopete go unheard.) The reccommended fix is to redirect your sound from XMMS through the window manager-s sound server. To do that you need a DSP app. (I think DSP stands for Digital Signal Processor but it could just as well stand for Driving Sick and Pregnant) A DSP app launches another app and pretends to be an audio device so when an app binds directly to the low level audio device (/dev/dsp) the signal is intercepted by the DSP app. The DSP app sends all audio it receives to a predetermined output location. For example, artsdsp is an app that redirects sound into aRTS.

The above hack is telling firefox to use the aoss app as it’s DSP app. The aoss app intercepts calls to oss and sends all audio it receives to ALSA. As long as other apps use ALSA then they will play along side with no problems. If it were that simple I would end here. The turth is, there are many DSP apps and many audio servers and many audio APIs. So the above hack worked for me because I’m running KDE without the sound system enabled. I’ve also conciously configured all of my apps to play through ALSA. Finally I’ve written a bash script to play all of my system sounds directly with ALSA. If had had been running the KDE sound system (which uses arts and has long been the default in KDE) and tried the above I would likely have the same behaviour. There is an option in later versions of KDE that allow you to connect Arts to ALSA which side steps the issue but creates another issue. Arts has a bad rep. So much so that I’ve heard rumors of it being discontinued. Furthermore I’ve compared using the sound system with using my bash script for system sounds and there’s a notcieable difference. Sound played though aRTS just doesn’t play as loud as it does when played directly by ALSA. (It gets truncated too for some wierd reason.)

Sound on Linux is very picky and difficult to understand. I’ve been a devot Linux user for years now and I still don’t fully understand it. If you got some info and would like to share it fill out the box below.