macOS: ignore hostkeys of some hosts

To ignore hostkey checking for a subnet (i.e. when hosts got changed/provisioned/scaled often) use the following snippet:

# ~/.ssh/config

Host 172.18.*
   StrictHostKeyChecking no
   UserKnownHostsFile=/dev/null

But use with care, in general hostkey checking is a good idea!

macOS: add ssh-keys to agent

Since macOS sierra the system don’t adds ssh-keys to the agent automatically anymore. Add the following ssh-config file to restore the previous behaviour:

# ~/.ssh/config

Host *
    UseKeychain yes
    AddKeysToAgent yes

after connecting to a remote shell and typing the passphrase once the key/passphrase will be remembered in the macOS keychain.

Debugging NGINX location regex-rules

Nginx has unfortunately no really usable „rewrite log“ for regex location matches. But you can create your own small (but sometimes very useful) debug output:

    location ~ ^/(.*?)/(.*)  {
 
        return 200 'Debug: 1:$1  2:$2';
        add_header Content-Type text/plain;
 
        # try_files $uri /$1/index.php?$args;
    }

Nginx now simply returns the generated content:

Debug: 1:xxxxx  2:yyyyy

The add_header statement is used to force text-output if you’re debugging using a web-browser (otherwise a download would be created).

Links August 2015

A bit Elasticsearch dominated this time 😉

Custom routes in OpenVPN client

Um vom Server gepushte Routen zu ignorieren und nur eigene im VPN-Client zu verwenden, genügen folgende Zeilen in der openvpn.conf des Clients:

route-nopull
route 192.168.23.0 255.255.255.0

Ich nutze dies hier mit Tunnelblick auf dem Mac um bei der OpenVPN Config der Astaro wahlweise nicht den gesamten Traffic durchs VPN zu schicken.