KarkomaOnline

Sometimes it is very useful to be able to temporarily block an user account for maintenance purposes. The passwd utility provides a set of functionalities to do so.

To lock an account simply type:

passwd -l user_login_name

Now check the status of the account:

passwd -S user_login_name

and you’ll get something like this…

user_login_name L 12/09/2003 0 99999 7 -1

From the passwd man page:

The account status may be given with the -S option. The status information consists of 6 parts. The first part indicates if the user account is locked (L), has no password (NP), or has a usable password (P). The second part gives the date of the last password change. The next four parts are the minimum age, maximum age, warning period, and inactivity period for the password.

To unlock the user account…

passwd -u user_login_name
passwd -S user_login_name

And as a result…

user_login_name P 12/09/2003 0 99999 7 -1

Why is it that your ssh server open a port starting with 6010? When an ssh connection is stablished it is supposed to be at port 22 as netstat should report:

kranpak root # netstat -tanp | grep ssh
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 26580/sshd

This is a normal behaviour and is related to the X11 forwarding.

When an application wants to write to the screen (really a TCP port), it determines the host:port pair by looking for the value of DISPLAY environment variable (normally 6000 + display_number).

If, for instance, DISPLAY=localhost:0, it really tells the X client that the X server it needs to connect to is running on the local machine at port 6000. When you start an X server, it will usually take the first display 0 (port 6000 + 0) for applications to connect to. When you SSH to a server with X forwarding enabled, OpenSSH needs to open a display on the local machine for the X applications to connect, it will then forward these connections to the connecting client’s display over the secure tunnel.

By default, OpenSSH will normally start at display 10 (6000 + 10, or port 6010), or the next free display after that (11, 6000 + 11). The end result is that SSH will make a tunnel from 6010:localhost:6000 (presuming that ssh takes display 10 on the server and the client is running under display 0). So if then on those ssh sessions you were to run “echo $DISPLAY” you should see that they are “localhost:10″ and “localhost:11″ respectively.

Thanks to Chris Hendrickson.

As you probably know, ping is a tool that lets you ckeck the reachability of another host, in other words it lets you verify that a particular IP address exists and can accept requests.

ping sends ICMP (Internet Control Message Protocol) messages encapsulated into IP packets to check the reachability of a given host. The basic mechanism is simple, ping sends an ICMP echo request message (type 0) and waits for an ICMP echo reply message (type by the receiving host. If the destination host is unreachable you’ll get back something like this:

(more…)