Directadmin – auto assign custom authorized_keys for newly created users – SSH access

I setup a Directadmin server which was primary for website hosting. Separating every project with new DirectAdmin user is a good practice security vise. If one website/project is hacked, other sites that are with different users are safe. But creating new users and then set up ssh keys that are allowed for every user can be time consumedly. In this case, ssh public keys were the same for every user as only developers were able to ssh connect to user account. I created a simple script that will create .ssh directory and authorized_keys with public keys for every user.

  • First, create script  user_create_post.sh inside /usr/local/directadmin/scripts/custom/.
  • Create template file with all ssh  public keys that should be assign to every new user. I created file /usr/local/directadmin/data/custom-authorized_keys
  • Add this content to the script:
    #!/bin/sh

    mkdir /home/$username/.ssh
    chown $username:$username /home/$username/.ssh
    cp /usr/local/directadmin/data/custom-authorized_keys /home/$username/.ssh/authorized_keys
    chown $username:$username /home/$username/.ssh/authorized_keys
    chmod 600 /home/$username/.ssh/authorized_keys

    echo "SSH keys added!"

    exit 0;
  • Give this script execution rights
    chmod +x /usr/local/directadmin/scripts/custom/user_create_post.sh

That is it. Every time a new user is created, .ssh directory with authorized_keys will be created inside user’s home account.

cPanel – change email password without cPanel access – edit shadow file

I had issue with cPanel on which license was expired. So web interface wasn’t accessible. One client had situation and need to change email password urgently. Because cpanel wasn’t accessible, he was unable to do so. There is a trick. You can change mail password without accessing cpanel directly. You can modify shadow file and paste new password hash. cPanel stores email passwords in shadow file. Here is how you can do it.

First, you need to generate new password hash in SHA512 format. You can do it with python:

[root@machine ~]# python3 -c 'import crypt; print(crypt.crypt("mynewpassword", crypt.mksalt(crypt.METHOD_SHA512)))'
$6$Xy/Xjk9kArTdnMeh$tZemrVaYPG8kqW0DFxpxGXzurUWYx/3qoYA5xw1KYokYaVS/34jMWrFbrjf95xjOlOrskVAZeXSnKLAPn56pi.

Then you need to locate shadow file for your user and edit it:

root@cpanel [~]# cd /home/test/etc/testdomain.com
root@cpanel [/home/test/etc/testdomain.com]#
root@cpanel [/home/test/etc/testdomain.com]# vi shadow

Here is original hash for our user. You should change it with hash generated in first step. Change part which is marked with bold:

test:$6$o/dl07XTG2tht5ir$GZQ8DCOQQ1FG9U/G87aq0kOiEru8ndwWK8RbrDy6vbl9DCKSDEsejjIxwfvO329a4dONuypsQx9HuUj6MVuqx.:18269::::::

so it looks like this:

test:$6$Xy/Xjk9kArTdnMeh$tZemrVaYPG8kqW0DFxpxGXzurUWYx/3qoYA5xw1KYokYaVS/34jMWrFbrjf95xjOlOrskVAZeXSnKLAPn56pi.:18269::::::

That’s it, you should be able to login in webmail with new password, generated with python – frist step.

Migrate all databases to remote server with mysqldump in one step – 1:1 migration

Here is quick one, last in this year :). So I had to move a lot of databases to another server, but problem was, that on source server there wasn’t enough disk available. Also it was migration from very old mysql version to mariadb so mysqldump is your friend. Mysqldump all databases was out of the question because of low disk space. Dumping each database on its own would take too long and too many effort. But you can create dump of database and import it on new server in the same step.

First, you’ll need list of all databases on your source server and create them on new server. If your mysqldump creates “create database”, then you don’t need to create them manually on new server. If you want, you can skip mysql and any other databases that you don’t wish to transfer with grep. Put list of databases in some file – databases.txt for example. But first, make shure that command bellow show all databases. It is also necessary that you can remote access to mysql from source server to new server.

Test list all databases (exclude unwanted ones):

[root@oldserver ~]# mysql -e 'show databases' | grep -v "|" | grep -v "Database\|information_schema\|mysql\|performance_schema"
database1
geekytuts
database2
database3
database4
database5

Then put list of databases in text file databasest.txt:

[root@oldserver ~]# mysql -e 'show databases' | grep -v "|" | grep -v "Database\|information_schema\|mysql\|performance_schema" > databases.txt

Then you can import database to remote server like this:

mysqldump -u root -ppassword --single-transaction --skip-lock-tables database1 | mysql -h 1.1.1.1 -u root -ppassword database1

If you want to import all/multi databases, then use database.txt that we created in first step with for loop:

for i in `cat databases.txt`; do mysqldump -u root -ppassword --single-transaction --skip-lock-tables $i | mysql -h 1.1.1.1 -u root -ppassword $i; done

Bonus: If you need to create all databases listed in databases.txt on new server manualy, then you can also create all of them in one step. Use databases.txt on new server. If your mysqldump creates “create database” also, then you can skip this step.

[root@newserver ~]# for i in `cat databases.txt`; do mysql -u root -ppassword -e create database $i; done

Hope this helps someone.

Happy new year!

© 2021 geegkytuts.net
Hosted by SIEL


About author