SSH multiplexing is the ability to carry multiple SSH sessions over a single TCP connection.
OpenSSH can reuse an existing TCP connection for multiple concurrent SSH sessions. This results into reduction of the overhead of creating new TCP connections.
Advantage of using SSH multiplexing is that it speeds up certain operations that rely on or occur over SSH. For example, let’s say that you’re using SSH to regularly execute a command on a remote host. Without multiplexing, every time that command is executed your SSH client must establish a new TCP connection and a new SSH session with the remote host. With multiplexing, you can configure SSH to establish a single TCP connection that is kept alive for a specific period of time, and SSH sessions are established over that connection.
You can see the difference below
without multiplexing, we see the normal connection time:
$ time ssh lintel-blog
Then we do the same thing again, but with a multiplexed connection to see a faster result:
$ time ssh lintel-blog
OpenSSH client supports multiplexing its outgoing connections, since version 3.9, using the ControlMaster, ControlPath and ControlPersist configuration directives which get defined in ssh_config. The client configuration file usually defaults to the location ~/.ssh/config.
ControlMaster determines whether ssh will listen for control connections and what to do about them. ControlPath sets the location for the control socket used by the multiplexed sessions. These can be either globally or locally in ssh_config or else specified at run time. Control sockets are removed automatically when the master connection has ended. ControlPersist can be used in conjunction with ControlMaster. If ControlPersist is set to ‘yes’, then it will leave the master connection open in the background to accept new connections until either killed explicitly or closed with -O or ends at a pre-defined timeout. If ControlPersist is set to a time, then it will leave the master connection open for the designated time or until the last multiplexed session is closed, whichever is longer.
Here is a sample excerpt from ssh_config applicable for starting a multiplexed session to server1.example.org via the shortcut server1.
Access the web UI at https://domain.com (or a different port, in case you edited the compose file).
If you want to use jigasi too, first configure your env file with SIP credentials and then run Docker Compose as follows: docker-compose -f docker-compose.yml -f jigasi.yml up
If you want to enable document sharing via Etherpad, configure it and run Docker Compose as follows: docker-compose -f docker-compose.yml -f etherpad.yml up
If you want to use jibri too, first configure a host as described in JItsi BRoadcasting Infrastructure configuration section and then run Docker Compose as follows: docker-compose -f docker-compose.yml -f jibri.yml up -d or to use jigasi too: docker-compose -f docker-compose.yml -f jigasi.yml -f jibri.yml up -d
Running behind NAT or on a LAN environment
If running in a LAN environment (as well as on the public Internet, via NAT) is a requirement, the DOCKER_HOST_ADDRESS should be set. This way, the Videobridge will advertise the IP address of the host running Docker instead of the internal IP address that Docker assigned it, thus making ICE succeed. If your users are coming in over the Internet (and not over LAN), this will likely be your public IP address. If this is not set up correctly, calls will crash when more than two users join a meeting.
The public IP address is discovered via STUN. STUN servers can be specified with the JVB_STUN_SERVERS option.
A SOCKS server is a general purpose proxy server that establishes a TCP connection to another server on behalf of a client, then routes all the traffic back and forth between the client and the server. It works for any kind of network protocol on any port. SOCKS Version 5 adds additional support for security and UDP.
Use of SOCKS is as a circumvention tool, allowing traffic to bypass Internet filtering to access content otherwise blocked, e.g., by governments, workplaces, schools, and country-specific web services
SOCKS proxies can be created without any special SOCKS proxy software if you have Open SSH installed on your server and an SSH client with dynamic tunnelling support installed on your client computer.
ssh-D1080user@<IP Address orDomain of your Server>
Now, enter your password and make sure to leave the Terminal window open. You have now created a SOCKS proxy at localhost:1080. Only close this window if you wish to disable your local SOCKS proxy.
Using Microsocks program
MicroSocks is a multithreaded, small, efficient SOCKS5 server.
It’s very lightweight, and very light on resources too:
for every client, a thread with a stack size of 8KB is spawned. the main process basically doesn’t consume any resources at all.
the only limits are the amount of file descriptors and the RAM.
It’s also designed to be robust: it handles resource exhaustion gracefully by simply denying new connections, instead of calling abort() as most other programs do these days.
another plus is ease-of-use: no config file necessary, everything can be done from the command line and doesn’t even need any parameters for quick setup.
all arguments are optional. by default listenip is 0.0.0.0 and port 1080.
option -1 activates auth_once mode: once a specific ip address authed successfully with user/pass, it is added to a whitelist and may use the proxy without auth. this is handy for programs like firefox that don’t support user/pass auth. for it to work you’d basically make one connection with another program that supports it, and then you can use firefox too.
a port scanner is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify the security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities.
ipset is a companion application for the iptables Linux firewall. It allows you to setup rules to quickly and easily block a set of IP addresses, among other things.
Debian based system
# apt install ipset
Redhat based system
# yum install ipset
Blocking a list of network
Start by creating a new “set” of network addresses. This creates a new “hash” set of “net” network addresses named “myset”.
# ipset create myset hash:net
# ipset -N myset nethash
Add any IP address that you’d like to block to the set.
# ipset add myset 22.214.171.124/12
# ipset add myset 126.96.36.199/13
# ipset add myset 188.8.131.52/15
# ipset add myset 184.108.40.206/24
Finally, configure iptables to block any address in that set. This command will add a rule to the top of the “INPUT” chain to “-m” match the set named “myset” from ipset (–match-set) when it’s a “src” packet and “DROP”, or block, it.
# iptables -I INPUT -m set --match-set myset src -j DROP
Blocking a list of IP addresses
Start by creating a new “set” of ip addresses. This creates a new “hash” set of “ip” addresses named “myset-ip”.
# ipset create myset-ip hash:ip
# ipset -N myset-ip iphash
Add any IP address that you’d like to block to the set.
# ipset add myset-ip 220.127.116.11
# ipset add myset-ip 18.104.22.168
Finally, configure iptables to block any address in that set.
# iptables -I INPUT -m set --match-set myset-ip src -j DROP
Making ipset persistent
The ipset you have created is stored in memory and will be gone after reboot. To make the ipset persistent you have to do the followings:
First save the ipset to /etc/ipset.conf:
# ipset save > /etc/ipset.conf
Then enable ipset.service, which works similarly to iptables.service for restoring iptables rules.
Most of people in this generation would spend their time daily to send and receive emails. E-mail plays a vital role in our daily activities. As technology evolved email became the one of major communication tool. It may not cost you to send or receive a mail but there is an intricate process involved behind. You just need to press send button to send your message, your message goes through the complex machanism to get received by recipient.
The invention of email was started in 1961. There were more than couple of people to list as the inventors of email.
The evolution of email started from messaging users on the same computer, then message transition between computer then message among multi user and multi computer, finally email. Email has became revolutionary tool for communication. Now a days it is part of our daily life. We will see how email really works.
There are different components involved in the email system. There are few abbreviated terms. Having idea about terminology and abbreviations will help you to better understand the system.
Mail Submission Agent
Mail Transfer Agent
Mail Delivery Agent
Domain Name System
MUA is the software that user will use either to send or retrieve the mail(message) from the server.
MSA is the piece of software which is installed on mail server. Where it is responsible to transfer the message to destination or mail server called MTA (Mail Transfer Agent)
MTA is the Mail Transfer Agent. It is the piece software on the server which is responsible to route the mail to destination mail server. So we called it as mail router, mail server etc. Here are few popular MTA(Mail Server) softwares : postfix, qmail, Courier Mail and sendmail.
postfix is the one which is widely used, and it comes with many linux distributions.
You can find the exhaustive mail server softwares list here
There are different protocol involved in email system. All of them are required to get email delivered to the recipient. They are building blocks of email system. Those protocols are,
Simple Mail Transport Protocol
Internet Message Access Protocol
Post Office Protocol
Domain Name System (Protocol)
How does email work?
This sections will get you the idea about how these protocols work together to deliver the mail to recipient. Here is the abstract overview of email system.
The above figure will give you simple abstract overview of email system. As described in the figure. SMTP is the protocol which is used to push or send an email to server by sender. IMAP and POP are the protocols which are used to check or retrieve message from server by recipient. The recipient MUA is configured to use either IMAP or POP or BOTH (IMAP & POP). The protocol IMPA is bidirectional where POP is unidirectional. We will see more about POP and IMAP in later section.
As per the above figure(abstract overview) you can sense that, the sender email client(MUA) will send message using SMPT protocol to mail server (MTA). The mail server will check for the destination if it finds the one it will connect to destination mail server, that is other MTA/MDA and will pass the message(mail) using SMTP protocol. The recipient server will store the received mail locally. Later if recipient will check the mail by using his mail client by connecting to his mail server.
Now let’s see flow of email in detail with following figure
Here Alice is sending email to Bob(email@example.com) by using her email client. Where she will push her message to server using SMTP to send Bob. The mail server will determine the destination by getting the MX record for the destination server. The Alice mail server will check for the domain after @ in the to(recipient) mail address to get the MX record. Once Alice(sender) mail server received the result from DNS for the DNS query to get MX record, this server will connect to destination mail server and will delivery the mail (message) using SMTP protocol. The destination mail server will store the message locally. Bob will check the newly arrived mails by using his mail client.
I would like to illustrate this process even more by using following figure.
In the above figure there are new components introduced, those are MSA, MDA and extra MX servers.
MSA is the Mail Submission agent where it is piece of software it will receive the message from MUA. It uses the same protocol SMTP and port 25. Practically most MTAs perform the function of MSA so you may assume MTA as MSA.
The MDA means mail delivery agent or message delivery agent is a computer software component that is responsible for the delivery of e-mail messages to a local recipient’s mailbox. You may not need to get confused, most of MTAs perform the MDA functionality as well though there are softwares which are only designed to work as MDA.
Here, you can see that practically there will be more than 1 mail server(MX SERVER)s. All other MX servers are for backup purpose. When sender query DNS for MX record it may get more that one MX server with priorities. Here is the sample output of DNS query for gmail MX records. Gmail is having 5 MX servers with different priorities.
The above result is the out put of command line utility dig. Where we use this utility to query the DNS. In the output you would see something like below in the right side of ANSWER SECTION.
Here you would see some numbers in front of domains. Those numbers will decide the priority of MX record. The domain which is having very lowest number associated will have highest priority. Here gmail-smtp-in.l.google.com MX record having highest priority cause it having lowest number associated, that is 5. So the sender MTA will try to connect with most prioritized MX first. If it is down or so, it will try to connect with next MX (Mail Exchange server). As a result mail will be delivered with no down time.
Once the mail is received by the destination mail server, it will store the message in the mail store. There are two types of mail stores used by various mail servers(softwares). Those are,
Locally stored mail will be accessed(fetched) by the recipient client using either POP or IMAP.
Protocols POP and IMAP
POP and IMAP are application layer protocols, as described above POP and IMAP are the protocols which are used to fetch or access the mails by recipient email client (MUA). Both protocols are different, they server for different purpose.
The protocol POP means Post Office Protocol and POP3 is it’s version 3. As the name describes, this protocol is used to download the message from the server by the client. Once message is downloaded form the server, it will be removed unless you set the flag leave a copy on server just how post card is delivered to destination. If you are only the one who will access mailbox from one location the POP3 suites well. This will also save some memory on server. So, if use POP3 you can’t access the mail using different clients.
Unlike POP3 the IMAP won’t download the message by deleting it on server. It will just access the message like browser does webpages. So it is handy if you use multiple clients from different locations.
Webhook is an asynchronous HTTP callback on an event occurrence. It is a simple server to server communication for reporting a specific event occurred on a server. The server on which event occurred will fire a HTTP POST request to another server on a URL which is provided by receiving server.
For example, whenever your colleague pushes code commits to github, an event has occurred on github’s server. Now if a webhook URL is provided in github settings, a webhook will be fired to that URL. This webhook will be a HTTP POST request with commit details inside the body in a specified format. More details on github webhook can be found here.
In this post, I will share my experience of implementing webhook handler in python. For the readers, basic knowledge on implementing web application in python would be better.
A Webhook can be handled by simply providing a URL endpoint in a web application. Following is an example using Django. Add webhook url in urls.py
from django.conf.urls import url
Now create view function in views.py which will parse the data and process it. In most of the cases, webhook data is sent in JSON format. So lets load the webhook data and sent the data to process_webhook function.
Most of the web applications accept POST request after verifying CSRF token, but here we need to exempt it from this check. So put @csrf_token decorator above the view function. Also put an @require_post decorator to ensure the request is only POST.
The above implementation of URL endpoint will remain different for various other python web framework like Flask, tornado, twisted. But the below code process_webhook function implementation will remain same irrespective of any framework.
There may be different type events we need to handle. So, before proceeding to implement process_webhook function, lets create a python module named webhook_events.py, which will contain a single function for each type of event wherein will be the logic for that particular event. In other words, we are going to map event name with its function, which will handle the logic for that particular type of webhook event.
# do something for
# for event 'event.one'
# do something for
# for event 'event.two'
There are many ways to implement process_webhook function and how we map a webhook event with its function. We are going to discuss different implementation of process_webhook based on extendability. Most basic version of that is below.
# and so on
A Better way
Now suppose, there are 10s of webhook to be served. We certainly don’t want to write repetitive code. So below is a better way of implementing process_webhook. Here we just replace dot in event name with underscore, so that we get the function name written in webhook_events.py for that event. If the function is not found that means event is not registered (not being served). In this way, no matter the number webhook to be served, just write the function to handle it, in webhook_events.py
More robust and pythonic way of implementing process_webhook is by using decorators. Lets define a decorator in webhook_events.py which will map the event_name to its function. Here the EVENT_MAP is dictionary inside a setting module, which will contain event name as key and event function as its value.
from django.conf import settings
# Initializing settings.event_map if not already
# Mapping event name to its function
# do something for
# for event 'event.one'
# do something for
# for event 'event.two'
In this case, the process_webhook will look like below:
print('Event %s is not registered.'%event_name)
This is the way which I prefer to implement webhook handler in python. How would you prefer ? Please feel free to comment below.