CrossOver runs your Windows apps on Mac or Linux computers

No matter where you fall on the Windows vs. Mac vs. Linux debate, one thing remains true: you shouldn’t be forced to limit yourself to just one operating system. Of course, there are workarounds, like running a virtual machine, but they’re not always intuitive and can inhibit your programs’ performance.

CrossOver 17 allows you to launch Windows apps natively on your Mac or Linux computer without buying a Windows license, rebooting, or using a virtual machine, and it’s on sale for $19.

From productivity software to games, CrossOver 17 lets you operate Windows software at native speed and without any performance limitations. You can install Windows programs with a single click, and you don’t need to use Windows virus protection to access them. Plus, CrossOver 17 integrates seamlessly with your desktop environment, so you can get your new software up and running faster.

CrossOver 17 is available in Mac and Linux variants and typically retails for $39.95 each. But, today you can get it on sale for $19, saving more than half off the usual price.

Securely Connect to Linux Instances Running in a Private Amazon VPC

Important note: You should enable SSH agent forwarding with caution. When you set up agent forwarding, a socket file is created on the forwarding host, which is the mechanism by which the key can be forwarded to your destination. Another user on the system with the ability to modify files could potentially use this key to authenticate as you. See the SSH manual for more details.

 

In an earlier blog post, Ryan Holland, a Principal Partner Solutions Architect in AWS, showed how to secure access to multiple Amazon EC2 Windows instances running behind a Windows Remote Desktop Gateway acting as a bastion host. Ryan returns this week with a post that focuses on bastion hosts for Linux instances in private Amazon VPC subnets.


In this post, I’ll look at how to use SSH agent forwarding to allow administrators to securely connect to Linux instances in private Amazon VPC subnets. Using this configuration improves security because you don’t have to expose the management ports of your Linux instances to the Internet or to other subnets in your VPC.SSH and bastion servers

By default, Linux instances in EC2 use SSH key files for authentication instead of SSH usernames and passwords. Using key files can reduce the chance of somebody trying to guess the password to gain access to the instance. But using key pairs with a bastion host can present a challenge—connecting to instances in the private subnets requires a private key, but you should never store private keys on the bastion.

One solution is to use SSH agent forwarding (ssh-agent) on the client. This allows an administrator to connect from the bastion to another instance without storing the private key on the bastion. That’s the approach I’ll discuss in this post.

Configuring ssh-agent

The first step in using SSH agent forwarding with EC2 instances is to configure a bastion in your VPC. We suggest that the instance you use for your bastion be purpose-built and that you use it only as a bastion and not for anything else. The bastion should also be set up with a security group that’s configured to listen only on the SSH port (TCP/22). For additional security, you can harden the instance further. It’s beyond the scope of this post to discuss hardening in detail, but doing so involves tasks like enabling SELinux, using a remote syslog server for logs, and configuring host-based intrusion detection. For more in-depth information, see OS Hardening Principles on the etutorials.org site.

Always remember the following when configuring your bastion:

  • Never place your SSH private keys on the bastion instance. Instead, use SSH agent forwarding to connect first to the bastion and from there to other instances in private subnets. This lets you keep your SSH private key just on your computer.
  • Configure the security group on the bastion to allow SSH connections (TCP/22) only from known and trusted IP addresses.
  • Always have more than one bastion. You should have a bastion in each availability zone (AZ) where your instances are. If your deployment takes advantage of a VPC VPN, also have a bastion on premises.
  • Configure Linux instances in your VPC to accept SSH connections only from bastion instances.

Configuring ssh-agent on a Mac

For Mac users, ssh-agent is already installed as part of the OS. You can add your private keys to the keychain application by using the ssh-add command with the -K option and the .pem file for the key, as shown in the following example. The agent prompts you for your passphrase, if there is one, and stores the private key in memory and the passphrase in your keychain.

ssh-add -K myPrivateKey.pem
Enter passphrase for myPrivateKey.pem:
Passphrase stored in keychain: myPrivateKey.pem
Identity added: myPrivateKey.pem (myPrivateKey.pem)

Adding the key to the agent lets you use SSH to connect to an instance without having to use the –i <keyfile> option when you connect. If you want to verify the keys available to ssh-agent, use the ssh-add command with the -L option. The agent displays the keys it has stored, as shown in the following example:

ssh-add –L

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDHEXAMPLErl25NOrbhgIGQzyO+TYyqbbYEueiEL
cXtOQHgEFpMAb1Nb8SSnlxMxiCXwTKd5/lVnmgcbDwBpe7ayQ6idzjHfvoxPsFrI3QSJVQgyN
cx0RylX9IjcvJOyw== myPrivateKey.pem

After the key is added to your keychain, you can connect to the bastion instance with SSH using the –A option. This option enables SSH agent forwarding and lets the local SSH agent respond to a public-key challenge when you use SSH to connect from the bastion to a target instance in your VPC.

For example, to connect to an instance in a private subnet, enter the following command to enable SSH agent forwarding using the bastion instance:

ssh –A user@<bastion-IP-address or DNS-entry>

When you first connect to the instance, you should verify that the RSA key fingerprint that the bastion presents matches what is displayed in the instance’s console output. (For instructions on how to check the fingerprint, se the EC2 documentation).

After you’re connected to the bastion instance, use SSH to connect to a specific instance using a command like this:

ssh user@<instance-IP-address or DNS-entry>

Note that ssh-agent does not know which key it should use for a given SSH connection. Therefore, ssh-agent will sequentially try all the keys that are loaded in the agent. Because instances terminate the connection after five failed connection attempts, make sure that the agent has five or fewer keys. Because each administrator should have only a single key, this is rarely a problem for most deployments. For details about how to manage the keys in ssh-agent, use the man ssh-agentcommand.

Configuring ssh-agent on Windows

In Windows, you can connect to Linux VPC instances using PuTTY. To get SSH agent functionality, you can use Pageant, which is available from the PuTTY download page. When Pageant is installed, you can use the agent forwarding option in PuTTY to connect to instances in private subnets.

To use Pageant, you need to convert your private key from PEM format to PuTTY format using PuTTYGen (available from the PuTTY download page). In PuTTYGen, choose Conversions > Import Key and select your PEM-formatted private key. Enter a passphrase and then click Save private key, as shown in the following screenshot. Save the key as a .ppk file.

Image of saving the private key

After you convert the private key, open Pageant, which runs as a Windows service. To import the PuTTY-formatted key into Pageant, double-click the Pageant icon in the notification area and then click Add Key. When you select the .ppk file, you’re prompted to enter the passphrase you chose when you converted the key, as shown in the following screenshot.

Screenshot of typing the passphrase

After you add the key, close the Pageant Key List window.

Finally, when you are configuring the connections for SSH in PuTTY, check the Allow agent forwarding box and leave the Private key file for authentication field empty.

When you use PuTTY to connect to the public IP address of your bastion, you will see that the Pageant PuTTY component provides the SSH key for authentication, as shown in the following screenshot.

Screenshot of the Pageant PuTTY component providing the SSH key for authentication

With agent forwarding enabled in the PuTTY configuration, you can connect from the bastion to any other instance in the VPC without having the SSH private key on the bastion. To connect to other instances, use the following command:

ssh user@<instance-IP-address or DNS-entry>

As long as the matching private key for the instance is loaded into Pageant, the connection will be successful, as shown in the following screenshot.

Screenshot of a successful connection

Conclusion

Using this information on how to configure bastions in front of Linux instances in a VPC, and with the earlier post about Windows instances and bastions, you now have additional tools  to help improve the security of your EC2 instances by closing off Internet access to their management ports.

If you’d like more information about SSH agent forwarding, there’s a good tutorial on the Unixwiz.net web site.

Let us know if these best practices work for your environment. We’re always looking to enhance our guidance to support as many of our customers’ use cases as possible.

 

How to Flush DNS Cache in Mac OS X EI Capitan: 10.11, 10.10.4

Most useful way if you’re a network administrator, Server administrator or web developer. And you’re working with Mac OS X machine likely MacBook Pro, MacBook Air, iMac or Mac Mini. Furthermore each version of Mac OS X has different- different command to reset DNS cache. So you should use exact command according to your system version of OS X.

You may very familiar from DNS Cache, because you may face a situation to DNS cache in Mac OS X. but here about DNS cache who are beginner in networking. DNS Cache is a small database that maintained by a computer’s system (Mac, Windows, Linux) etc. it accept DNS quires from local clients such as web browsers (Safari, Google chrome) and mail transfer agnates. So it collects response from remote DNS servers. It caches the response to save time later.

But sometimes it might be necessary to reset the cache immediately and re-quarry a DNS Server. In addition, if your Mac machine isn’t using the latest DNS entries from remote server, then you can restart your Mac to update its cached info. But you can’t change DNS entries on your server through restarting your Mac. But you should do flush DNS Cache in Mac OS X Ei Capitan, OS X Yosemite and earlier OS X.

We recommend you a terminal command to flush DNS cache in Mac OS X EI Capitan, OS X Yosemite (10.10.4).

Terminal Command to flush the DNS Cache in Mac OS X EI Capitan, OS X Yosemite.

sudo dscacheutil -flushcache;sudo killall -HUP mDNSResponder;say flushed

Steps how to Flush DNS Cache in Mac OS X EI Capitan or OS X Yosemite

To reset flush DNS cache in Mac you need to use the Terminal(known as CMD in windows).

Step 1. Launch Terminal using Spotlight (command + Space) for Mac and Ctrl + Space for Windows keyboard.

Step 2. Enter bellow Command for Apple Mac OS X 10.10.4, OS X 10.11 and in future coming OS X,

  • sudo killall -HUP mDNSResponderhow to Flush DNS Cache in Mac OS X EI Capitan or OS X Yosemite 10.11 and 10.10.4

Step 3. Press return key and enter the Admin password when requested.reset flush dns on mac os x 10.11

it’s Say flushed. so that’s it.

While you can use below command to reset DNS cache on OS X Yosemite 10.10. OS X 10.10.1, OS X 10.10.2 and OS X Yosemite 10.10.3

  • sudo discoveryutil mdnsflushcache

Do you want to know flush dns has changed?

Then to determine if a name server or IP has actually changed you can use the ‘dig’ command with the URL likely:

  • dig howtoisolve.com

Let’s know do you have any latest version of OS X cache tricks. Text us in the comment box.

Mac Won’t Sleep? Here’s How to Find Out Why And Fix It

Find why a Mac won't go to sleep

On the rare occasion that you go to put a Mac to sleep and, well, it won’t sleep, there’s an easy to way to find out what the holdup is. Though this is a somewhat technical approach, it should give a good starting point to anyone who’s confused as to why something like automatic sleep isn’t taking effect, and hopefully provide a quick resolution to the problem.

Determining the Cause of Sleep Prevention in Mac OS X with the Command Line

This works to determine both why a Mac won’t sleep and why a Mac display is not sleeping:

    • Launch Terminal from /Applications/Utilities/ and type the following command:

pmset -g assertions

  • Look through the reported assertion list for items with a “1” next to their name to find what’s keeping the Mac awake

For example, if you see something like the following:

$ pmset -g assertions
7/11/12 10:45:33 PM PDT
Assertion status system-wide:
PreventUserIdleDisplaySleep 0
CPUBoundAssertion 0
DisableInflow 0
ChargeInhibit 0
PreventSystemSleep 0
PreventUserIdleSystemSleep 1
NoIdleSleepAssertion 1
ExternalMedia 0
DisableLowPowerBatteryWarnings 0
EnableIdleSleep 1
NoRealPowerSources_debug 0
UserIsActive 0
ApplePushServiceTask 0

Listed by owning process:
pid 1827: [0x000000bb012c01f1] PreventUserIdleSystemSleep named: "com.apple.audio.'AppleHDAEngineOutput:1B,0,1,1:0'.noidlesleep"

You’ll notice the “sleep when idle” feature is disabled, but what you really want to pay attention to is the lower portion of the list where the “Listed by owning process” report shows com.apple.audio as the reason that PreventUserIdleSystemSleep is enabled. Why is that? Because iTunes is running and playing music, meaning the computer isn’t idle.

If you’re having persistent problems with sleep and the above tip doesn’t give you any clue as to where to begin, sleep issues relating to hardware and power management quirks can often be fixed with an SMC reset. On the other side of the fence, another command line tip shows us how to find out why a Mac woke up from sleep. Sometimes the same thing preventing a Mac from sleeping is responsible from waking it up too, like Time Machine and schedule backups.

This is a handy tip from Lifehacker who also provides a similar tip for Windows computers. Don’t miss Apple’s article on the topic too for some additional help.

SD Card Reformat on a Mac Computer

What are you trying to do?

Format an SD card in Windows

Where does it apply?

  • Mac OS X

How to do it

Here is a link that shows you how to reformat an SD card (or MicroSD card) on your Mac:

The steps are also written out below.

  1. Connect the SD card to your computer by using an external card reader.  Save all the files from your SD card that you want to keep to your computer before moving to step 2.  Formatting the SD card deletes all the data off of the card.
    1. Note – If you’re using a Micro SD card, please insert the Micro SD card into the SD card adapter that came with card.  Connect the SD card adapter to your computer by using an external card reader.
    2. Also note – Mac OS 10.6.5 or earlier does not support exFAT format, which most 64 GB SD cards are formatted to.  This means that you won’t be able to format or use exFAT card on your computer.  In this case, we’d recommend either upgrading your OS to 10.6.6 or later, or using an SD card that’s already formatted to MS-DOS (FAT) or FAT32 to complete the below steps.
  2. Open Disk Utility.  To do this, click on the magnifying glass in the top-right corner of your computer screen.  Type “disk utility” in the search box that opens, then click on the “Disk Utility” Application that comes up.
  3. Find the SD card in the left side of the window.  It’ll be named something like NO NAME or UNTITLED.
  4. Click the ERASE tab in the middle of the window.
  5. Next, click on the “Format” dropdown menu.  Select “MS-DOS (FAT)” if the card is 32 GB or smaller.  If it’s a 64GB card, please select “ExFAT”.
  6. A message will appear asking, “Are you sure you want to erase the partition “[YOUR SD CARD NAME]?”  Click “Erase”. Now the computer will delete the contents of your SD card and format it.  You’re all done.

How to burn .iso to USB drive

CD/DVD drives have gone obsolete and USB drives have become more popular and cheaper now. Thats the reason we prefer to use USB drives instead of CD or DVD to install a new system. 
There are many utilities available which can do this. UNetbootin (http://unetbootin.sourceforge.net/) is one of them. UNetbootin allows you to create bootable Live USB drives for Ubuntu, Fedora, and other Linux distributions without burning a CD. The best part of it is that it runs on Windows, Linux, and Mac OS X. You can either let UNetbootin download one of the many distributions or supply your own Linux .iso file. It has a very simple user interface.
unetbootin-windows7
For Command Line Lovers
For command line lovers like me the best utility to burn a .iso to USB drive is “dd”.
  • Insert the USB drive and open terminal (Ctrl+Alt+T)
  • better be a root (sudo -i), don’t be afraid believe in yourself
  • use “fdisk -l”  to find the USB device

fdisk-before

  • So in our case its /dev/sdb
  • Make sure the USB device is unmounted
umount /dev/sdb1
  • Assuming the .iso file is in your current working folder, type the below command and wait for it to finish.
dd bs=4M if=ubuntu-12.04.2-server-i386.iso of=/dev/sdb

dd

  • ubuntu-12.04.2-server-i386.iso is your .iso file
  • “bs=4M” is optional. Its just to make it faster
Testing Time….
To test if everything has gone right, boot your system from the USB drive. To do so you will have to reboot your system. QEMU can help you in this. What?! Yes QEMU is a machine emulator and virtualizer.
  • Make sure qemu is installed (apt-get install qemu)
  • run the below command and you will see a virtual machine booting from your USB Drive

qemu -hda /dev/sdb

How to write an image file to an SD card under Mac OS X (for Raspberry Pi)

Find the SD card device

In this case, the SD card is /dev/disk4. DO NOT get this wrong or you may destroy all the data on the wrong disk/card/drive.

diskutil list

/dev/disk0
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *160.0 GB   disk0
   1:                        EFI                         209.7 MB   disk0s1
   2:                  Apple_HFS Macintosh HD            159.2 GB   disk0s2
   3:                 Apple_Boot Recovery HD             650.0 MB   disk0s3
/dev/disk1
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *160.0 GB   disk1
   1:                        EFI                         209.7 MB   disk1s1
   2:                  Apple_HFS 160GB                   159.7 GB   disk1s2
/dev/disk2
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *320.1 GB   disk2
   1:                        EFI                         209.7 MB   disk2s1
   2:          Apple_CoreStorage                         319.6 GB   disk2s2
   3:                 Apple_Boot Boot OS X               134.2 MB   disk2s3
/dev/disk3
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:                  Apple_HFS Backup                 *319.3 GB   disk3
/dev/disk4
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:     FDisk_partition_scheme                        *3.9 GB     disk4
   1:             Windows_FAT_32                         98.6 MB    disk4s1
   2:                      Linux                         1.9 GB     disk4s2

Umount the disk, NOT eject

diskutil unmountDisk /dev/disk4

Write the image to the SD card with dd

dd if=/path/to/image.img of=/dev/rdisk4 bs=1m

How to Burn Disc Images in OS X El Capitan Without Disk Utility

Burn disc images in OS X El Capitan

Apple removed the ability to burn disc images from Disk Utility in OS X 10.11 and newer, and while that makes sense for many Macs that no longer have SuperDrives, CDRW, and DVD burners, for those who use an external burner, use disc drive sharing, or who do have hardware with a built-in SuperDrive, may find it frustrating to lose such a feature. But not to worry, you can still burn disk images and data discs in OS X El Capitan, and you can start the process either from the Finder or from the command line on the Mac.

Note this is not necessary in older versions of OS X, which allowed burning ISO files from Disk Utility. This is exclusively for OS X El Capitan and later, where the feature no longer exists.

Burn a Disk Image File (ISO, DMG, etc) from the Finder of OS X

The ability to burn data and disk images has long existed in the Finder of OS X, but now burning images is missing from Disk Utility, it’s one of the primary methods of burning a disk in OS X 10.11 and later:

  1. From the OS X Finder, select a disk image file
  2. Pull down the “File” menu and choose “Burn Disk Image (Name) to Disc…”
  3. Insert a blank DVD, CD, or CDRW disc into the drive, then click on the “Burn” button

Burn a disc image in Mac OS X from the Finder File menu

You can also access the “Burn Disk Image to Disc” option by right-clicking on an image file.

This works to burn disk images and just data in general, OS X Is smart enough to know what to do with a DMG and an ISO.

Burning Disc Images & ISO Files in OS X EL Capitan from the Command Line

Users can also turn to the command line to burn a disk image or iso file. The syntax is rather simple but being the command line things must be precise to avoid failure or unintended consequences, thus this is best for advanced Mac users. Here’s what to do to burn an iso from OS X El Capitan with hdiutil in the Terminal application:

    1. Place the ISO somewhere easy to locate like the desktop or user home folder
    2. Insert a blank DVD or CD into the Mac
    3. Launch the Terminal and type the following command:

hdiutil burn ~/Path/To/DiskImageFile.iso

hdiutil will start burning the disk image file immediately assuming the syntax to the iso or dmg file is correct, and a CD/DVD drive with write abilities is found. The hdiutil command is quite powerful and it can create iso images as well as convert them, making it a valuable tool for users who don’t mind the Terminal.

If for some reason you don’t want to use hdiutil, it remains possible to burn ISOs or other disk image from the command line using dd too.

SSH USING LINUX OR MAC OS

You can use SSH to connect to your Raspberry Pi from a Linux computer or Mac (or another Pi) from the Terminal, without installing additional software.

You’ll need to know your Pi’s IP address to connect to it. To find this from your Pi’s terminal type hostname -I.

Alternatively if you’re running the Pi without a screen, aka headless, you can also look at the device list on your router or use a tool like nmap, which is described in detail in our IP Address doc.

To connect to your Pi from a different computer, copy and paste the following command into the terminal window but replace <IP> with the IP address of the Raspberry Pi. Use Ctrl + Shift + V to paste in the terminal.

ssh pi@<IP>

If you receive a connection timed out error it’s likely that you’ve entered the wrong IP address for the Raspberry Pi.

When the connection works you’ll see a security/authenticity warning. Type yesto continue. You’ll only see this warning the first time you connect.

In the event your Pi has taken the IP address of a device to which your computer has connected before (even on another network), you may be given a warning and asked to clear the record from your list of known devices. Following this instruction and trying the ssh command again should be successful.

Next you’ll be prompted for the password for the pi login, by default on Raspbian the password is raspberry. You should now have the Raspberry Pi prompt which will be identical to the one found on the Raspberry Pi itself.

If you have set up another user on the Pi, you can connect to it the same way, replacing the username with your own, e.g. eben@192.168.1.5

pi@raspberrypi ~ $

You are now connected to the Pi remotely and can execute commands.

X-FORWARDING

You can also forward your X session over SSH to allow use of graphical applications by using the -Y flag:

ssh -Y pi@192.168.1.5

Now you’re on the command line as before, but you have the ability to open up graphical windows, for example:

idle3 &

This will open up the Python editor IDLE in a graphical window.

scratch &

This will open up Scratch!

For further documentation on the ssh command just enter man ssh into the Terminal.

To configure your Pi to allow passwordless SSH access with a public/private key pair see the passwordless SSH guide.