SSH escape sequences

A lot of people don’t know that ssh has a number of escape sequences that can be run. I’ve often used the ~. to kill a stuck session but I recently discovered, by mistyping the aforementioned option, there is a number of other useful options too:

Supported escape sequences:
  ~.  - terminate connection (and any multiplexed sessions)
  ~B  - send a BREAK to the remote system
  ~C  - open a command line
  ~R  - Request rekey (SSH protocol 2 only)
  ~^Z - suspend ssh
  ~#  - list forwarded connections
  ~&  - background ssh (when waiting for connections to terminate)
  ~?  - this message
  ~~  - send the escape character by typing it twice
(Note that escapes are only recognized immediately after newline.)

Configuring filesystem “TRIM” options on Fedora or RHEL

The SATA TRIM option, or discard if you use enterprise SCSI/SAS, that everyone likes to ensure their whiz bang SSD supports actually needs some configuration on Linux. There’s a few tasks that need to be done and some depend on your partitioning configuration.

Filesystem mount options: You’ll need to be using ext4/xfs/btrfs and mount with the “-o discard” option. To do this automatically in /etc/fstab just add ,discard after the defaults option.

LVM config: In /etc/lvm/lvm.conf file set the issue_discards option to 1. So issue_discards = 1.

LUKS config: In /etc/crypttab file add discards to the end of the appropriate luks lines, likely it’ll look like the following: none discards. It’s worth nothing there are some security implications by enabling discards with an encrypted filesystem.

For the fstab changes to take effect you just need to reboot. For the LVM and crypttab changes to take effect you also need to regenerate the initrd (or just wait for the next kernel update 🙂 ).

The above will enable online discards. You can also do it in batches with the fstrim command which is as simple as fstrim mount-point.

Killing zombie processes

So not really the zombie apocalypse but useful. I sometimes get zombie processes with my GNOME desktop and a lot of the GNOME apps won’t restart with a zombie brother hanging around. While sometimes the only resolution to a zombie process is to restart the computer I often find this helps.

cat /proc/1111/status | grep PPid

Where 1111 is the Zombie process number. This will give you the parent process ID (PPid). For GNOME apps this is often the gnome-shell process. Thankfully the GNOME guys allow you to restart this while all is running without losing your entire desktop session so a simple

killall -HUP gnome-shell

will restart the shell and generally kill off the Zombie so you can get back to reading your email or what ever it is you were trying to do much more quickly without the pain of a full session restart 🙂

RoundCube mail on RHEL/Fedora

I run my own mail server and for years I’ve used squirrelmail as it was a simple interface that just worked and I never really use many of the advanced web mail features anyway. The squirrelmail project hasn’t really advanced a whole lot though and while they do keep up the security fixes and make it work with the latest releases of php there’s been no real development in quite some time so with the move to a new hosted server I decided it was time for a change. I decided to go with RoundCube Mail. The instructions are identical for Fedora as well.

Initial Install
RoundCube is packaged in EPEL and while 0.8.6 isn’t the latest release the ability to “yum install” works for me.

Install the roundcubemail package, mysql and mod_nss for HTTPS (or mod_ssl if you prefer), I’m assuming here you already have a working imap/smtp server. So just a:

yum install roundcubemail mysql-server mod_nss

I plan to use a MySQL DB so to create that I did the following to create the DB and db user:

# mysql -u root -p
mysql> create database roundcubemail;
mysql> create user roundcube;
mysql> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost IDENTIFIED BY 'changeme';
mysql> FLUSH PRIVILEGES;
mysql> quit
# mysql -u root -p roundcubemail < /usr/share/doc/roundcubemail-0.8.6/SQL/mysql.initial.sql

To configure RoundCube to access the database edit /etc/roundcubemail/db.inc.php:

$rcmail_config['db_dsnw'] = 'mysql://roundcube:changeme@localhost/roundcubemail';

To configure RoundCube for mail server settings edit /etc/roundcubemail/main.inc.php:

$rcmail_config['default_host'] = 'localhost';

The only config changes I made for the mod_nss was to change the default port from 8443 to the standard HTTPS port of 443 by editing /etc/httpd/conf.d/nss.conf

Configure RoundCube URL and various other apache config like enforcing HTTP edit /etc/httpd/conf.d/roundcubemail.conf:

Alias /webmail /usr/share/roundcubemail

    RewriteEngine on
    RewriteCond %{HTTPS} !=on
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

I'll likely tweak the apache config a little more but that ensures its running over SSL for now.

Finally restart apache to make it work 🙂 with a "service httpd restart"

Fixes to enable running SELinux in Enforcing mode
Initial on testing I wad getting an error in the apache logs about writing to logs. I figured this might be a SELinux error so I did a quick setenforce 0 to test my theory and I was right on.

[error] [client 192.168.100.1] PHP Warning:  Error writing to log file /var/log/roundcubemail/errors; Please check permissions in /usr/share/roundcubemail/program/include/main.inc on line 1965

To fix running in enforcing mode I needed to change two SELinux settings. The first was to set the log directory with http_log and the second was to allow httpd to connect to the network. Fixed easily with these two commands:

chcon -R system_u:object_r:httpd_log_t:s0 /var/log/roundcubemail
setsebool -P httpd_can_network_connect=1

Now I don't need to upset Major Hayden or make Dan weep 😉

Fixing the date display
The date column in the mail initially didn't display. Looking at the apache logs I needed to set the php date.timezone setting in /etc/php.ini. I have users in a number of timezones so I was a little concerned at first of chosing one in particular but it doesn't seem to make much difference. Just search for date.timezone in /etc/php.ini and your good to go.

Conclusion
I like my new mail setup. The migration has enabled me to clean up a number of things I've wanted to for some time and just never got around to it. All the commands are basically identical on Fedora or any other EL6 clones. Hopefully it will be useful for others, and of course feedback is welcome.