SOLVED: SSH and Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password)

OpenSSHI ran across the error “Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).” while ssh’ing to another server today:

$ ssh myhost
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

Usually this means that the permissions of ~/.ssh, ~/.ssh/authorized_keys or your home directory on the other box isn’t setup right The permissions should look like so:

  1. -rwx——. /home/jason
  2. -rwx——. /home/jason/.ssh
  3. -rw——-. /home/jason/.authorized_keys

You would fix with:

$ chmod 0700 ~
$ chmod 0700 ~/.ssh
$ chmod 0600 ~/.ssh/authorized_keys

In my case, the permissions were correct. I ran the ssh command with extra verbose (-v -v)

$ ssh -v -v myhost
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /home/jason/.ssh/config
debug1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: /etc/ssh/ssh_config line 62: Deprecated option "RhostsAuthentication"
debug2: ssh_connect: needpriv 0
debug1: Connecting to myhost [192.168.12.6] port 22.
debug1: Connection established.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/jason/.ssh/id_rsa type 1
debug1: identity file /home/jason/.ssh/id_rsa-cert type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/jason/.ssh/id_dsa type 2
debug1: identity file /home/jason/.ssh/id_dsa-cert type -1
debug1: identity file /home/jason/.ssh/id_ecdsa type -1
debug1: identity file /home/jason/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0
debug1: match: OpenSSH_6.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 154/256
debug2: bits set: 520/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
Warning: Permanently added 'myhost,192.168.1.66' (RSA) to the list of known hosts.
debug2: bits set: 525/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/jason/.ssh/id_rsa (0x7ff594d8ecb0)
debug2: key: /home/jason/.ssh/id_dsa (0x7ff594d90550)
debug2: key: /home/jason/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).

I didn’t see a reason why I wasn’t getting a password prompt but I do see it reading my ssh_config file. A real quick override of the ssh_config showed me that my ssh_config was the culprit:

$ ssh -F /dev/null myhost
jason@myhost's password:

So what is in my ~/.ssh/config file?

ServerAliveInterval 240
BatchMode yes
TCPKeepAlive = yes

Neither ServerAliveInterval or TCPKeepAlive have anything to do with authentication but BatchMode does. From the ssh_config man page:

BatchMode

The argument must be yes or no. If set to yes, passphrase/password querying will be disabled. This option is useful in scripts and other batch jobs where you have no user to supply the password.

So, if my public ssh key is not in the ~/.ssh/authorized_keys, the connection will fail with a permission denied. Let’s verify but removing BatchMode from the ~/.ssh/config file:

ServerAliveInterval 240
TCPKeepAlive = yes
$ ssh -F /dev/null myhost
___$

Success 🙂

Share Button

HOWTO: stty: tcgetattr: Not a typewriter Shell scripting SOLVED

If you connect to a remote system or run a script through a cron like scheduler, you may encounter an error message from the stty or some such program:

stty: tcgetattr: Not a typewriter

The error is raised because your script is being run in a non-interactive mode and the stty program is expecting to have access to a terminal (ptty / tty). If your script isn’t explicitly calling stty, check any scripts that you’re sourcing and you will find code similar to the following:

set -o vi
stty erase ^H

So, how do you work around this? Easily, simply check if the script is running in interactive mode.

if [[ $- = *i* ]]; then
    set -o vi
    stty erase ^H
fi

The shell special variable $- will list the shell modes that are active.

echo $-
ism
Share Button

HOWTO: Find the real and effective users in AIX & Linux when you’re sudo / su’d to another

Retrieving the user that you logged in as while running sudo or su’d into another user can be painful if you don’t have access to root. Here’s a short script that will retrieve the original user that was your session logged in as.

#!/bin/ksh93

OS_NAME=$( uname -s )

if [[ $OS_NAME == "AIX" ]]; then
    typeset var TTY
    REAL_USER=$( TTY=$(tty | sed 's:/dev/::' ) ; ps -t "$TTY" -o ruser=,etime= |sort -r -k2,2 | awk '{ print $1 } ' |head -1 )
elif [[ $OS_NAME = "Linux" ]]; then
    REAL_USER=$( ps T --sort start_time --no-heading -o ruser |head -1 )
else
    echo "ERROR: Requires Linux or AIX"
    exit 1
fi

EFFECTIVE_USER=$( whoami )

echo "I am \"$EFFECTIVE_USER\" but really \"$REAL_USER\""
ssh mybox
..
> sudo su - sybase

AIX Output:

 ./realme.ksh
I am "sybase" but really "jason"

Linux Output:

 ./realme.ksh
I am "sybase" but really "jason"
Share Button

HOWTO: Determine what process is listening on a port (AIX Unix specific)

I needed an easy way to determine which process was listening on a port. For AIX, you need to get the socket id from “netstat -Ana” and use the rmsock “rmsock socket_id tcpcb” to get the PID and command. It would be easy to expand this out to list command line and owner for each PID.

--------------------------------------------------------------------------------------
| Process              | PID             | Protocol | Listening On                   |
--------------------------------------------------------------------------------------
| WEBAPL               |         4915396 |      UDP |                127.0.0.1.32807 |
| WEBAPL               |         4915396 |      UDP |                127.0.0.1.32808 |
| WEBAPL               |        12058770 |      UDP |                127.0.0.1.51714 |
| WEBAPL               |        12058770 |      UDP |                127.0.0.1.51715 |
| backupserver         |        19791994 |      TCP |              192.168.1.4.50021 |
--------------------------------------------------------------------------------------
#!/bin/ksh93

OS_NAME=$( uname -s )

if [[ $OS_NAME == "AIX" ]] ; then
    echo "--------------------------------------------------------------------------------------"
    printf "| %-20s | %-15s | Protocol | %-30s |\n" "Process" "PID" "Listening On";
    echo "--------------------------------------------------------------------------------------"

    netstat -Ana | awk '
    /[0-9\*].[0-9].+LISTEN/ {
        SOCKET=$1;
        IPPORT=$5;
        "rmsock " SOCKET " tcpcb" | getline SOCKOUT;
        split(SOCKOUT, sockarray, " ");
        gsub(/[\.\(\)]/, "", sockarray[10]);
        LISTENERS[ sprintf("| %-20s | %15d | %8s | %30s |", sockarray[10], sockarray[9], "TCP", IPPORT) ] = 1;
    }
    /udp.*.[0-9]/ {
        SOCKET=$1;
        IPPORT=$5;
        "rmsock " SOCKET " inpcb" | getline SOCKOUT;
        split(SOCKOUT, sockarray, " ");
        gsub(/[\.\(\)]/, "", sockarray[10]);
        LISTENERS[ sprintf("| %-20s | %15d | %8s | %30s |", sockarray[10], sockarray[9], "UDP", IPPORT) ] = 1;
    }
    END {
        for (var in LISTENERS)
            print var

    }' | sort | uniq

    echo "--------------------------------------------------------------------------------------"
else
    echo "ERROR: Requires AIX"
    exit 1
fi
Share Button

Howto convert an entire directory of videos to play on your Sony Playstation 3 using ffmpeg

I think a lot of people have been struggling with mass converting of videos for the ps3…
I’ve been searching for a way to mass convert my videos (mostly podcasts) to play on my Sony PlayStation 3 over the wire with Mediatomb.  For a long time I’ve been using a hodpodge of mp4box and mencoder to convert the videos.  The problem was that mp4box more often then not would crash or get stuck in a loop where it fills up a 1TB harddrive converting a 20mb file.  There had to be a better way.

If your ffmpeg doesn’t support x264 (video) or aac (audio) encoding, like all Ubuntu Linux distributions, then you will have to recompile ffmpeg.  Don’t worry, it is easier then you think!

FakeOutdoorsman over on the Ubuntu Forums posted the method to build ffmpeg from scratch:

Choose your Ubuntu

0.The instructions on the page are for Ubuntu Jaunty Jackalope 9.04 and Ubuntu Intrepid Ibex 8.10. Separate instructions are also available for other releases:

* Install FFmpeg and x264 on Ubuntu Hardy Heron 8.04 LTS
* Install FFmpeg and x264 on Ubuntu Dapper Drake 6.06 LTS

Getting the Dependencies

1. Uninstall x264, libx264-dev, and ffmpeg if they are already installed. Open a terminal and run the following:

sudo apt-get purge ffmpeg x264 libx264-dev

2. Next, get all of the packages you will need to install FFmpeg and x264 (you may need to enable the universe and multiverse repositories):

Code:

sudo apt-get update
sudo apt-get install build-essential subversion git-core checkinstall yasm texi2html libfaac-dev libfaad-dev libmp3lame-dev libsdl1.2-dev libtheora-dev libx11-dev libxvidcore4-dev zlib1g-dev

Install x264
3. Get the most current source files from the official x264 git repository, compile, and install. You can run “./configure –help” to see what features you can enable/disable. If you are behind a firewall or unable to use git, then daily source tarballs are also available.

cd
git clone git://git.videolan.org/x264.git
cd x264
./configure
make
sudo checkinstall --fstrans=no --install=yes --pkgname=x264 --pkgversion "1:0.svn`date +%Y%m%d`-0.0ubuntu1" --default

Install FFmpeg
4. Get the most current source files from the official FFmpeg svn, compile, and install. Run “./configure –help” to see what features you can enable/disable. If you are behind a firewall or unable to use subversion, then nightly FFmpeg snapshots are also available.

cd
svn checkout svn://svn.ffmpeg.org/ffmpeg/trunk ffmpeg
cd ffmpeg
./configure --enable-gpl --enable-nonfree --enable-pthreads --enable-libfaac --enable-libfaad --enable-libmp3lame --enable-libtheora --enable-libx264 --enable-libxvid --enable-x11grab
make
sudo checkinstall --fstrans=no --install=yes --pkgname=ffmpeg --pkgversion "3:0.svn`date +%Y%m%d`-12ubuntu3" --default 

That’s it for installation. You can keep the ~/x264 and ~/ffmpeg directories if you later want to update the source files to a new revision. See “Updating Your Installation” below for more details.

Now that we have a working ffmpeg, we can go on to the converting the video files (convert_videos.sh):

#!/bin/bash

function print_usage {
  echo "============================================================================================="
  echo "        convert_videos.sh [file|directory] [output directory] {bb|bb_storm|ps3} {file prefix}" 
  echo "============================================================================================="
}

function verify_file {
  echo j
}

function process_file {
  ORIG_FILE="$1"
  DEST_DIR="$2"

  if [[ -z ${BLACKBERRY} ]]; then
    DEST_FILE=${DEST_DIR}/${FILE_PREFIX}$( basename "${ORIG_FILE}" | perl -ne 's/\.(?:[a-z,A-Z,0-9]{3,4})$/\.mp4/; print $_' )
  else
    DEST_FILE=${DEST_DIR}/${FILE_PREFIX}$( basename "${ORIG_FILE}" | perl -ne 's/\.(?:[a-z,A-Z,0-9]{3,4})$/_bb\.mp4/; print $_' )
  fi

  if [[ -f "${DEST_FILE}" ]]; then
    echo "    We already processed \"${ORIG_FILE}\" ... skipping"
  else
    VID_INFO_FPS=$( mplayer -identify -nosound -vo null -nocache -really-quiet -frames 1 "${ORIG_FILE}" 2>/dev/null | grep FPS ) 
    VID_INFO_FPS=${VID_INFO_FPS#*=}
    VID_INFO_WIDTH=$( mplayer -identify -nosound -vo null -nocache -really-quiet -frames 1 "${ORIG_FILE}" 2>/dev/null | grep WIDTH ) 
    VID_INFO_WIDTH=${VID_INFO_WIDTH##*=}
    VID_INFO_HEIGHT=$( mplayer -identify -nosound -vo null -nocache -really-quiet -frames 1 "${ORIG_FILE}" 2>/dev/null | grep HEIGHT ) 
    VID_INFO_HEIGHT=${VID_INFO_HEIGHT##*=}
    VID_INFO_ASPECT=$( mplayer -identify -nosound -vo null -nocache -really-quiet -frames 1 "${ORIG_FILE}" 2>/dev/null | grep ASPECT ) 
    VID_INFO_ASPECT=${VID_INFO_ASPECT##*=}

    AUD_INFO_FORMAT=$( mplayer -identify -ao null -vo null -nocache -really-quiet -frames 1 "${ORIG_FILE}" 2>/dev/null | grep AUDIO_FORMAT ) 
    AUD_INFO_FORMAT=${AUD_INFO_FORMAT##*=}
    AUD_INFO_CHANNELS=$( mplayer -identify -ao null -vo null -nocache -really-quiet -frames 1 "${ORIG_FILE}" 2>/dev/null | grep AUDIO_NCH ) 
    AUD_INFO_CHANNELS=${AUD_INFO_CHANNELS##*=}
    AUD_INFO_BITRATE=$( mplayer -identify -ao null -vo null -nocache -really-quiet -frames 1 "${ORIG_FILE}" 2>/dev/null | grep ID_AUDIO_BITRATE ) 
    AUD_INFO_BITRATE=${AUD_INFO_BITRATE##*=}

    if (( ${AUD_INFO_BITRATE} < 163840 )); then
      AUD_INFO_BITRATE=160
    else
      AUD_INFO_BITRATE=$( expr ${AUD_INFO_BITRATE} / 1024 )
    fi

    ###############
    #  We need to make the frame rate an acceptible amoun
    ###############
    case ${VID_INFO_FPS} in
      60.000)
        # HD
        VID_INFO_FPS=59.94
        ;;
      30.000)
        # NTSC
        VID_INFO_FPS=29.97
        ;;
      24.000)
        # PAL
        VID_INFO_FPS=23.97
        ;;
    esac 

    ###############
    #  We need to make the video resolution a multiple of 16 for it to be properly compressed
    ###############
    if (( ${VID_INFO_HEIGHT} % 16 )); then
      VID_BORDER_VERTICAL=$( expr 16 - ${VID_INFO_HEIGHT} % 16 )
      VID_BORDER_VERTICAL=$( expr ${VID_BORDER_VERTICAL} / 2 )

      if (( ${VID_BORDER_VERTICAL} % 2 )); then
        let VID_BORDER_VERTICAL_TOP+=$( expr ${VID_BORDER_VERTICAL} - 1 )
        let VID_BORDER_VERTICAL_BOTTOM+=$( expr ${VID_BORDER_VERTICAL} + 1 )
      else
        VID_BORDER_VERTICAL_TOP=${VID_BORDER_VERTICAL}
        VID_BORDER_VERTICAL_BOTTOM=${VID_BORDER_VERTICAL}
      fi
    else
      VID_BORDER_VERTICAL_TOP=0
      VID_BORDER_VERTICAL_BOTTOM=0
    fi
 
    if (( ${VID_INFO_WIDTH} % 16 )); then
      VID_BORDER_HORIZONTAL=$( 16 - ${VID_INFO_WIDTH} % 16 )
      VID_BORDER_HORIZONTAL=$( ${VID_INFO_WIDTH} / 2 )

      if (( ${VID_BORDER_HORIZONTAL} % 2 )); then
        let VID_BORDER_HORIZONTAL_RIGHT+=$( expr ${VID_BORDER_HORIZONTAL} + 1 )
        let VID_BORDER_HORIZONTAL_LEFT+=$( expr ${VID_BORDER_HORIZONTAL} - 1 )
      else
        VID_BORDER_HORIZONTAL_RIGHT=${VID_BORDER_HORIZONTAL}
        VID_BORDER_HORIZONTAL_LEFT=${VID_BORDER_HORIZONTAL}
      fi
    else
      VID_BORDER_HORIZONTAL_LEFT=0
      VID_BORDER_HORIZONTAL_RIGHT=0
    fi

    if &#91;&#91; -z ${VID_INFO_ASPECT} &#93;&#93; || &#91;&#91; ${VID_INFO_ASPECT} == "0.0000" &#93;&#93;; then
      VID_INFO_ASPECT="16:9"
    fi

    if &#91;&#91; -z ${AUD_INFO_CHANNELS} &#93;&#93;; then
      AUD_INFO_CHANNELS=2
    fi


    ##############
    # If we're not converting for the blackberry, perform a normal conversion 
    ##############
    if &#91;&#91; -z ${BLACKBERRY} &#93;&#93;; then
      VID_INFO_RESOLUTION="${VID_INFO_WIDTH}x${VID_INFO_HEIGHT}"

      convert_file_first_pass 

      if &#91;&#91; ! -z ${FIRST_PASS_BITRATE} &#93;&#93;; then
        BITRATE=${FIRST_PASS_BITRATE}
      fi
    else
      ############
      # if we have a blackberry, set the resolution appropriately
      ############
      case ${BB_TYPE} in
        STORM)
          VID_INFO_RESOLUTION="480x360"
          ;;
        *)
          VID_INFO_RESOLUTION="240x180"
          ;;
      esac
    fi

    convert_file_second_pass 
  fi
}

function process_directory {
 ORIG_VIDEO_DIR="$1"
 DEST_VIDEO_DIR="$2"

  if &#91;&#91; -d "${ORIG_VIDEO_DIR}" &#93;&#93; && &#91;&#91; -d "${DEST_VIDEO_DIR}" &#93;&#93;; then
    IFS=$'\n'

    for ORIG_VIDEO_FILE in $( find "${ORIG_VIDEO_DIR}" -depth -maxdepth 1 -type f -readable -iregex '.*\.\(3gp\|3g2\|avi\|divx\|flv\|m4v\|mj2\|mov\|mp1\|mp2\|mp4\|mpe\|mpeg\|mpeg4\|mpg\|mkv\|mv\|ogm\|rm\|rmvb\|rv\|qt\|wmv\)' ); do
      process_file "${ORIG_VIDEO_FILE}" "${DEST_VIDEO_DIR}"
    done
  fi 
}

function convert_file_first_pass {
  echo "----------------------------------------------------"
  echo "   First pass: ${ORIG_FILE}"
  echo "ffmpeg -i \"${ORIG_FILE}\" -an -pass 1 \
    -vcodec libx264 -flags +loop -cmp +chroma -partitions +parti4x4+partp8x8+partb8x8 \
    -me_method epzs -subq 1 -trellis 0 -refs 1 -bf 3 -b_strategy 1 -level 31 -coder 1 -me_range 16 -g 250 -keyint_min 25 \
    -sc_threshold 40 -i_qfactor 0.71 -bt 200kb -rc_eq 'blurCplx^(1-qComp)' -qcomp 0.6 -qmin 1 -qmax 51 -qdiff 4 \
    -padtop ${VID_BORDER_VERTICAL_TOP} -padbottom ${VID_BORDER_VERTICAL_BOTTOM} \
    -padleft ${VID_BORDER_HORIZONTAL_LEFT} -padright ${VID_BORDER_HORIZONTAL_RIGHT} \
    -threads 2 \
    -s ${VID_INFO_RESOLUTION} -aspect ${VID_INFO_ASPECT} -f rawvideo -y /dev/null" 

  ffmpeg -i "${ORIG_FILE}" -an -pass 1 \
    -vcodec libx264 -flags +loop -cmp +chroma -partitions +parti4x4+partp8x8+partb8x8 \
    -me_method epzs -subq 1 -trellis 0 -refs 1 -bf 3 -b_strategy 1 -level 31 -coder 1 -me_range 16 -g 250 -keyint_min 250 \
    -sc_threshold 40 -i_qfactor 0.71 -bt 200kb -rc_eq 'blurCplx^(1-qComp)' -qcomp 0.6 -qmin 1 -qmax 51 -qdiff 4 \
    -padtop ${VID_BORDER_VERTICAL_TOP} -padbottom ${VID_BORDER_VERTICAL_BOTTOM} \
    -padleft ${VID_BORDER_HORIZONTAL_LEFT} -padright ${VID_BORDER_HORIZONTAL_RIGHT} \
    -threads 2 \
    -s ${VID_INFO_RESOLUTION} -aspect ${VID_INFO_ASPECT} -f rawvideo -y /dev/null 2>&1 | tee pass2.out

  BITRATE=$( grep -e "\[libx264.*kb\/s" pass2.out )
  BITRATE=${BITRATE##*:}
  BITRATE=${BITRATE/.*}

  echo "average first pass bitrate: ${BITRATE}"

  if [[ -n ${BITRATE} ]]; then
    if (( ${BITRATE} % 16 )); then
      let BITRATE+=$( expr ${BITRATE} % 16 )
    fi
  else
    if (( ${VID_INFO_WIDTH} > 1024 )); then
       BITRATE=15360
    elif (( ${VID_INFO_WIDTH} > 900 )); then
       BITRATE=10240 
    elif (( ${VID_INFO_WIDTH} > 719 )); then
       BITRATE=8192
    elif (( ${VID_INFO_WIDTH} > 620 )); then
       BITRATE=2560
    else
       BITRATE=512
    fi
  fi

  MAX_BITRATE=$( expr ${BITRATE} + 512 )
}

function convert_file_second_pass {
  echo "----------------------------------------------------"
  echo "   Second pass: ${ORIG_FILE}"

  if [[ -n ${BLACKBERRY} ]]; then
    echo "ffmpeg -i \"${ORIG_FILE}\" -vcodec mpeg4 -vtag XVID -s ${VID_INFO_RESOLUTION} \
      -qscale 10 -ab 48k -ar 22050 -ac 2 -acodec libmp3lame -deinterlace \
      -b 512kb -qmin 1 -qmax 51 \
      -padtop ${VID_BORDER_VERTICAL_TOP} -padbottom ${VID_BORDER_VERTICAL_BOTTOM} \
      -padleft ${VID_BORDER_HORIZONTAL_LEFT} -padright ${VID_BORDER_HORIZONTAL_RIGHT} \
      -aspect ${VID_INFO_ASPECT} \"${DEST_FILE}\""

    ffmpeg -i "${ORIG_FILE}" -vcodec mpeg4 -vtag XVID -s ${VID_INFO_RESOLUTION} \
      -ab 48k -ar 22050 -ac 2 -acodec libmp3lame -deinterlace \
      -b 512kb -qmin 1 -qmax 51 \
      -padtop ${VID_BORDER_VERTICAL_TOP} -padbottom ${VID_BORDER_VERTICAL_BOTTOM} \
      -padleft ${VID_BORDER_HORIZONTAL_LEFT} -padright ${VID_BORDER_HORIZONTAL_RIGHT} \
      -aspect ${VID_INFO_ASPECT} "${DEST_FILE}"
  else
    echo "ffmpeg -i \"${ORIG_FILE}\" -acodec libfaac -ar 44100 -ac ${AUD_INFO_CHANNELS} \
      -async 1 -f mp4 -pass 2 -vcodec libx264 -vtag XVID -flags +loop+ilme -cmp +chroma \
      -partitions +parti4x4+partp8x8+partb8x8 -flags2 +mixed_refs -me_method umh -subq 5 \
      -trellis 1 -refs 5 -bf 3 -b_strategy 1 -level 31 -coder 1 -me_range 16 \
      -g 250 -keyint_min 250 -sc_threshold 40 -i_qfactor 0.71 -bt 200kb \
      -rc_eq 'blurCplx^(1-qComp)' -qcomp 0.6 -qmin 3 -qmax 15 -qdiff 4 \
      -s ${VID_INFO_RESOLUTION} -aspect ${VID_INFO_ASPECT} \
      -padtop ${VID_BORDER_VERTICAL_TOP} -padbottom ${VID_BORDER_VERTICAL_BOTTOM} \
      -padleft ${VID_BORDER_HORIZONTAL_LEFT} -padright ${VID_BORDER_HORIZONTAL_RIGHT} \
      -b ${BITRATE}kb -maxrate ${MAX_BITRATE}kb \
      -bufsize ${MAX_BITRATE}kb -ab ${AUD_INFO_BITRATE}kb \
      -threads 2 \
      -r ${VID_INFO_FPS} \"${DEST_FILE}\""

    ffmpeg -i "${ORIG_FILE}" -acodec libfaac -ar 44100 -ac ${AUD_INFO_CHANNELS} \
      -async 1 -f mp4 -pass 2 -vcodec libx264 -vtag XVID -flags +loop+ilme -cmp +chroma \
      -partitions +parti4x4+partp8x8+partb8x8 -flags2 +mixed_refs -me_method umh -subq 5 \
      -trellis 1 -refs 5 -bf 3 -b_strategy 1 -level 31 -coder 1 -me_range 16 \
      -g 250 -keyint_min 250 -sc_threshold 40 -i_qfactor 0.71 -bt 200kb \
      -rc_eq 'blurCplx^(1-qComp)' -qcomp 0.6 -qmin 1 -qmax 51 -qdiff 4 \
      -s ${VID_INFO_RESOLUTION} -aspect ${VID_INFO_ASPECT} \
      -padtop ${VID_BORDER_VERTICAL_TOP} -padbottom ${VID_BORDER_VERTICAL_BOTTOM} \
      -padleft ${VID_BORDER_HORIZONTAL_LEFT} -padright ${VID_BORDER_HORIZONTAL_RIGHT} \
      -b ${BITRATE}kb -maxrate ${MAX_BITRATE}kb \
      -bufsize ${MAX_BITRATE}kb -ab ${AUD_INFO_BITRATE}kb \
      -threads 2 \
      -r ${VID_INFO_FPS} "${DEST_FILE}"
  fi
}

if [[ -n "$1" ]] && [[ -n "$2" ]]; then
  if [[ -n "$3" ]]; then
    case "$3" in
      bb)
        BLACKBERRY=1
        BB_TYPE="norm"
        ;;
      bb_storm)
        BLACKBERRY=1
        BB_TYPE="STORM"
        ;;
      ps3)
        ;;
      *)
        ;;
    esac
  fi

  if [[ -n "$4" ]]; then
    FILE_PREFIX="${4}_"
  else
    FILE_PREFIX=""
  fi

  if [[ -f "$1" ]]; then
    process_file "$1" "$2"
  elif [[ -d "$1" ]]; then
    process_directory "$1" "$2"
  fi
else
  print_usage
  exit
fi

The ffmpeg parameters are based off of Using ffmpeg to transcode video for the PS3. Hope his works for you too.

Share Button

Getting “Xlib: PuTTY X11 proxy: wrong authentication protocol attempted”? I have the answer :)

Here’s the scenario:

You ssh to a remote server with your login and either sudo or su to another user to run some application that uses a X Windows front end.  There is a firewall between your desktop and the remote server that allows only ssh connections (port 22).  When you run into the error “Xlib: PuTTY X11 proxy: wrong authentication protocol attempted”.  What to do?

ssh jason@remote-server -X
jason $ echo $DISPLAY
localhost:10.0
jason $ su - oracle
oracle's Password:
oracle $ xterm
Xlib: connection to "localhost:10.0" refused by server
Xlib: PuTTY X11 proxy: wrong authentication protocol attempted
xterm Xt error: Can't open display: localhost:10.0

On recent OpenSSH Server releases, you can simply enable “ForwardX11Trusted yes” in the /etc/ssh/sshd_config file and restart the OpenSSH server.  If you’re not using a recent OpenSSH Server release or if you can’t for security or political reasons, what could you do? Give up? It’s simpler than you think.

You need to temporarily transfer the authorization to the other account. First, get the key from your account:

jason $ xauth list
aspc2o1/unix:10 MIT-MAGIC-COOKIE-1 bc334c66cfec3c5c3d5b0efc4ee9d3ad

Next, sudo/su to the other account and add the authorization key.

jason $ su - oracle
oracle $ xauth add aspc2o1/unix:10 MIT-MAGIC-COOKIE-1 bc334c66cfec3c5c3d5b0efc4ee9d3ad

Now, you should be able to start any X Windows application, assuming that your DISPLAY variable is set to go through the ssh tunnel:

oracle $ xterm

UPDATE:

Kyle McBride provided an easy way to automate adding the key to xauth. Add the following to your .bashrc or .profile file.

xauth list | while read x ; do sudo -u oracle xauth add $x ; done

The -u oracle will run the xauth command as the user oracle otherwise the keys will be added to the root user.

Share Button

Need to upload a file to multiple Windows boxes?

If you don’t want to mess around with windows scripting and you just want to get the job done, well, the easiest method is sometimes the not so obvious…  use smbclient!  It’s part of Samba (no, not the samba style of music).

I’ve created a very simple script to automate smbclient.  It assumes that the login name, password and the directory on each of the windows boxes are the same.

Note that the directory is relative to the windows share.  For example the following two windows machines share the sybase directory as “sybase”.  Whether actual location of sybase is located on the C drive or somewhere else, doesn’t really matter as it is simply “\\<server>\sybase” to the rest of the network.

c:\sybase shared as \\mywin2k\sybase

d:\sybase shared as \\mywin2k3\sybase

Put either the ip address or the name of each of the windows machines you want to upload your file to into the smb_ips file.

192.168.0.70
192.168.0.71
192.168.0.17
192.168.0.101
192.168.0.23
192.168.0.24
192.168.0.25

Change the smb_user and smb_pass to your windows login/password.  Next, change upload_file to point to the file you need to upload to the windows box.  Finally, change the upload_dir to the directory on the windows box you want to upload the file to.

#!/bin/bash

smb_user=”login”
smb_pass=”password”

# EBF 13464.zip is Sybase ASE 12.5.1 esd 13 for windows
upload_file=”EBF13464.zip”
upload_dir=”sybase”

while read ip; do
echo Uploading ${upload_file} to ${ip}
smbclient –user $smb_user \\\\${ip}\\${upload_dir} $smb_pass < Uploading EBF13464.zip to 192.168.0.70
Domain=[DONUT_COOKIE] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
putting file EBF13464.zip as \EBF13464.zip (330.5 kb/s) (average 330.5 kb/s)

Uploading EBF13464.zip to 192.168.0.71
Domain=[DONUT_COOKIE] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
putting file EBF13464.zip as \EBF13464.zip (331.5 kb/s) (average 331.5 kb/s)

Uploading EBF13464.zip to 192.168.0.17
Domain=[DONUT_COOKIE] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
putting file EBF13464.zip as \EBF13464.zip (330.4 kb/s) (average 330.4 kb/s)

Uploading EBF13464.zip to 192.168.0.101
Domain=[DONUT_COOKIE] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
putting file EBF13464.zip as \EBF13464.zip (335.4 kb/s) (average 335.4 kb/s)

Uploading EBF13464.zip to 192.168.0.23
Domain=[DONUT_COOKIE] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
putting file EBF13464.zip as \EBF13464.zip (327.5 kb/s) (average 327.5 kb/s)

Uploading EBF13464.zip to 192.168.0.24
Domain=[DONUT_COOKIE] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
putting file EBF13464.zip as \EBF13464.zip (318.4 kb/s) (average 318.4 kb/s)

Uploading EBF13464.zip to 192.168.0.25
Domain=[DONUT_COOKIE] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
putting file EBF13464.zip as \EBF13464.zip (329.5 kb/s) (average 329.5 kb/s)

Share Button