CentOS

The CentOS Linux distribution is a stable, predictable, manageable and reproducible platform derived from the sources of Red Hat Enterprise Linux (RHEL). We are now looking to expand on that by creating the resources needed by other communities to come together and be able to build on the CentOS Linux platform. And today we start the process by delivering a clear governance model, increased transparency and access. In the coming weeks we aim to publish our own roadmap that includes variants of the core CentOS Linux.

Avoid stuck after ‘SSH2_MSG_SERVICE_ACCEPT received’

It is becoming pretty slow in SSH to a CentOS server.

Trying to print a verbose log:

$ ssh -vvvv my-host
....
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/user/.ssh/id_rsa RSA SHA256:XXXXX/gNY explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
..... <<<-- long long long silence here
debug3: receive packet: type 51 <<<-- and then continue to access the server
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred publickey,keyboard-interactive,password

(more…)

By Yu, ago

Multilib version problems found in CentOS

Recently, when I ran "yum update" for some update, which will get an error as follow:

--> Processing Dependency: libstdc++.so.6 for package: pcre-8.32-17.el7.i686
---> Package zlib.i686 0:1.2.7-17.el7 will be installed
--> Running transaction check
---> Package libcap-ng.i686 0:0.7.5-4.el7 will be installed
---> Package libstdc++.i686 0:4.8.5-16.el7 will be installed
--> Finished Dependency Resolution
Error:  Multilib version problems found. This often means that the root
       cause is something else and multilib version checking is just
       pointing out that there is a problem. Eg.:

         1. You have an upgrade for libstdc++ which is missing some
            dependency that another package requires. Yum is trying to
            solve this by installing an older version of libstdc++ of the
            different architecture. If you exclude the bad architecture
            yum will tell you what the root cause is (which package
            requires what). You can try redoing the upgrade with
            --exclude libstdc++.otherarch ... this should give you an error
            message showing the root cause of the problem.

         2. You have multiple architectures of libstdc++ installed, but
            yum can only see an upgrade for one of those architectures.
            If you don't want/need both architectures anymore then you
            can remove the one with the missing update and everything
            will work.

         3. You have duplicate versions of libstdc++ installed already.
            You can use "yum check" to get yum show these errors.

       ...you can also use --setopt=protected_multilib=false to remove
       this checking, however this is almost never the correct thing to
       do as something else is very likely to go wrong (often causing
       much more problems).

       Protected multilib versions: libstdc++-4.8.5-16.el7.i686 != libstdc++-4.8.5-11.el7.x86_64
Error: Protected multilib versions: libgcc-4.8.5-16.el7.i686 != libgcc-4.8.5-11.el7.x86_64
Error: Protected multilib versions: pcre-8.32-17.el7.i686 != pcre-8.32-15.el7_2.1.x86_64
Error: Protected multilib versions: elfutils-libelf-0.168-8.el7.i686 != elfutils-libelf-0.166-2.el7.x86_64
Error: Protected multilib versions: libcap-2.22-9.el7.i686 != libcap-2.22-8.el7.x86_64
Error: Protected multilib versions: libdb-5.3.21-20.el7.i686 != libdb-5.3.21-19.el7.x86_64
Error: Protected multilib versions: libgcrypt-1.5.3-14.el7.i686 != libgcrypt-1.5.3-13.el7_3.1.x86_64
Error: Protected multilib versions: elfutils-libs-0.168-8.el7.i686 != elfutils-libs-0.166-2.el7.x86_64
Error: Protected multilib versions: nss-softokn-freebl-3.28.3-8.el7_4.i686 != nss-softokn-freebl-3.16.2.3-14.4.el7.x86_64
Error: Protected multilib versions: libselinux-2.5-11.el7.i686 != libselinux-2.5-6.el7.x86_64

(more…)

By Yu, ago

重启 audit 服务, 恢复 audit.log 信息更新

audit 是一个很重要的日志服务, 它可以帮助我们查看各种异常情况. 比如有人尝试登录然后失败了什么, 你可以在此处看到它更多的介绍. 更有用的是, 我们可以通过分析 /var/log/audit/audit.log 日志, 查看被防火墙错误屏蔽的操作, 然后贴个 patch 让系统可以正常工作.

最近突然发现 audit.log 好一些日子不正常更新了, 查看停止时间, 貌似是某次某同志错误设置了系统权限的那会儿. 服务可能既被砍掉了权限, 又被停止了运行. 监测权限的日志被停止了权限, 简直囧囧的.

(more…)

By Yu, ago

CentOS 7 下使用 iptables

系统升级到CentOS 7后总感觉iptables怪怪的,比如不管怎么保存重启后都被初始化一下,即便我最后发大绝招启动时候加命令: 首先iptables-save > /etc/iptables.rules保存当前状态。 然后再在/etc/rc.local中强制加上

iptables-restore /etc/iptables.rules

重启后虽然规则生效但仔细看规则还是一些被莫名添加的额外的内容,让人很是不爽。 (more…)

By Yu, ago

CentOS 7 下安装 jdk1.8

更新: 现在 CentOS 7 下默认 repo 已经有 openjdk 1.6, 1.7, 1.8 三个选项了, 若无所谓 oraclejdk 和 openjdk 的区别, 我们可以直接安装 openjdk 命令如下: 
yum install java-1.8.0-openjdk -y
要是还需要用它的头文件和库, 可以再来句 
yum install java-1.8.0-openjdk-{devel,headless} -y
以后跟着 yum update 一起更新, 也是极好的.

CentOS 7 下目前默认是 jdk1.6 和 1.7。若需要更高版本的1.8,我们就需要一点额外的手段了。

首先,我们需要从这个页面下个最新版本的 jdk. Oracle 提供 rpm 包和tar.gz 包. 为了省事, 我们直接下载个 rpm 包完事.

若远程直接用 wget 下载, 有时候有一点问题, 需要加点参数来帮忙. 参考此处.

下载完成后,可以用 rpm 命令安装,不过本懒人记不住那么多命令, 更喜欢用 yum 搞定。 (more…)

By Yu, ago

No route to host 错误的解决

实验室需要一个新的 redis 服务器,作为内网的公共服务。所以配了个内存 20G 硬盘 15G 的奇葩货。 这货的操作系统为 CentOS, 基本什么都没装, 通过 ISO 捣腾出来后,就用 yum 更新了下,加了个 tmux 和 redis, 一通配置完毕 chkconfig redis on, 然后自嗨了下。

[root@localhost ~]# redis-cli ping
PONG

这种小事做起来毫无压力,写写代码看看俺妹顺便搞定操作系统,三线操作真是毫无压力,收工的时候,顺手测试下远程ping下--本来只是走个程序而已,意外发现居然没有得到需要的 PONG. (more…)

By Yu, ago

audacious 怎样在后台运行?

audacious 可能是我最喜欢的播放器之一。加上 gnome 的一些插件后,播放各种音乐超爽。但是有个小问题,因为一般情况下,音乐是常驻的,所以希望能点击关闭后在后台运行。 很多人有各种建议,比如加这个参数那个参数的。 其实 audacious 自带后台运行功能的。 (more…)

By Yu, ago