Transparent ssh tunnels

One of our clients tipped me off to this awesome ssh configuration to create dynamic tunnels to servers which would otherwise be hidden behind NAT or a firewall. The mechanism uses a bastion host as a proxy combined with netcat.

Example snippet from .ssh/config or /etc/ssh/ssh_config…

Host example-gw
Hostname <ip-address>

Host  *
  ProxyCommand ssh example-gw exec 'nc %h %p' 2>/dev/null

Combine this with ssh keys and (something like) keychain/pageant/ssh-agent and accessing the systems at a remote site becomes oh so easy!

Preseeding Ubuntu 8.04.2 LTS With Software Raid

Since I’ve spent the better part of the weekend trying to get this work, I thought that I should share. Later I will post a more thorough description for preparing fully automated Ubuntu installations using preseeding, but for now, here’s the hard part.

If you’ve found this blog posting via google, then you’ve probably read all of the unhelpful forum posts, IRC chat transcripts (some of which I’m involved in), and mailing list posts about this. Yes, the documentation says that it is possible to setup Software Raid via preseeding, and even gives you some working preseed stanzas to do it. What the Documentation fails to admit,is that the package required to achieve this feat, partman-auto-raid, is not actually included with the Ubuntu netboot installer.

Never worry, for whenever you expect an elegant bit of pre-planned infrastructure to solve a problem, you end up with a dirty hack. This is no exception.

What you need to do is download partman-auto-raid_7_all.udeb from the Ubuntu Universe pool, and install it. The trick is to install it before the installer looks at your recipes. This is achieved with the partman/early_command hack:

d-i partman/early_command string 
/usr/bin/wget -O /tmp/raid.udeb 
  && udpkg -i /tmp/raid.udeb

With Great Thanks to Brent Chapman from Netomata , the complete and working preseed example including the ugly hacks required to partition software raid volumes are posted below. Note, there’s still one bug I haven’t ironed out yet which adds an annoying manual step. After the installer finishes partitioning, it will falsely complain about not being able to reread the partition table, with this error:

“The kernel was unable to re-read the partition table on /dev/md0 (Invalid argument).
 This means Linux won’t know anything about the modifications you made until you reboot.
 You should reboot your computer before doing anything with /dev/md0.”

If anybody knows how to suppress this error,  please let me know.  Below is the complete preseed file.

 Continue reading