Brain Dump

A place to store my random thoughts and anything else I might find useful.

Archive for September, 2008

Linux: How to tunnel X over ssh through an intermediate host

Posted by mzanfardino on September 23, 2008

There have been times when I’ve needed to have access to some X application on a remote desktop that I could not access directly. However, I did have access to another machine on the same network via ssh. For instance, at work there is a server that is exposed to the outside world that I can access via ssh. Once connected, I can further ssh to my desktop which is not directly available to the outside. NOTE: Now that we have a properly configured VPN, this processes is not as much in demand.

Here is the general form I use when I want to use ssh tunneling to tunnel X through the intermediate server to the outside world (say from home) to access my work desktop:

General Form:

ssh -f $intermediate_host -L $local_port:$destination_host:$source_port sleep 5; ssh -X localhost -p $destination_port

So, say the public facing host ($intermediate_host) has IP address of (this address could not be public, of course, as 192.168.x.x are non-routeable addresses). Let’s further assume that the internal address of the desktop workstation ($destination_host) is (this address is also a non-routeable address and would not be visible to the outside world). Since we are going to tunnel X over ssh, we are going to want to actually tunnel ssh over a port other than the standard ssh port (22). The local port ($local_port) can be any unused port, so for this example I will choose 9999. The source post ($source_port) will be 22 as this is the port ssh uses. With this information I can rewrite the general form as:

ssh -f -L 9999: sleep 5; ssh -X localhost -p 9999

The first parameter (-f) requests ssh to go to background just before command execution. This is done because we expect ssh to prompt for a password when connecting to the remote machine (see man ssh).

The second parameter (-L) specifies that the given port ($local_port) on the local host is to be forwarded to the given host and port ($destination_server:$source_port) on the remote machine. Therefore ‘-L 9999:’ tells ssh to map local host port 9999 to port 22 on remote host

We have to issue some sort of command when tunneling, so we use ‘sleep 5’. The could be something else, but ‘sleep 5’ will suspend execution of the calling thread for 5 second (see man sleep) which is sufficient to create the tunnel.

The command following the semicolon (;) must be appended to the original command and should not be broken into a separate step. Once the tunnel to the intermediate host ($intermediate_host) is established ‘ssh -X localhost -p 9999’ will be executed. This is the command that forwards X to the host over ssh through the tunnel. The ‘localhost -p 9999’ statement configures ssh to open a localhost connection at port 9999 ($local_port) which is being tunneled to the destination host ($destination_host) which for this example is at port 22.

Pretty simple. When you first issue the command you will be required to provide passwords for both the intermediate host ($intermediate_host) and destination host ($destination_host). NOTE: this example assumes that you are logging into both hosts withe the same user name. If this is not the case, simple append ‘$intermediate_host_username@’ and/or ‘$destination_host_username@’ to each of the servers as appropriate:

General Form:

ssh -f $intermediate_host_username@$intermediate_host -L $local_port:$destination_host_username@$destination_host:$source_port sleep 5; ssh -X localhost -p $destination_port

Example 1:

ssh -f foo@ -L 9999:bar@ sleep 5; ssh -X localhost -p 9999

That’s it! You now have X tunneling through an intermediate host, thereby providing you with a pseudo-vnc connection. Of course, this all assumes that you have X running on your local machine as well. Now, given the general forms above, it shouldn’t be much of a stretch to write a fairly simple (and complete) bash script to automate this task. I’ll leave that exercise for another time.

Example 2:

Recently I had a need to tunnel through an intermediate host to access a remote customer server. The network admin has restricted access for ssh from specific IP addresses. The intermediate host originates from a qualifying address, hence tunneling through this host. To further complicate matters, I needed to port-forward port 902 in order to use vmware-server-console to perform maintenance on a crashed virtual machine. I will not debate the merits of maintaining a server running VMWare Server 1.0.10 with an up-time in excess of 1090 days (as of this writing)!

The following command is used to access the remote server through an intermediate host while port-forwarding port 902:

$ ssh -f intermediate_user@intermediate_host -L 9999:destination_host:22 sleep 5; sudo ssh -L 902:localhost:902 destination_user@localhost -p 9999

Note the use of “sudo” when establishing the port-forwarding. Root authority is required to port-forward any port <1024, so your intermediate user must have the authority to elevate rights to root via sudo. Alternatively you could configure the intermediate server to permit root user access from remote thereby eliminating this requirement, however it’s never a good idea to open ssh to root access!


Posted in linux | Tagged: , , , , | 1 Comment »

Linux: How to kill and logout users

Posted by mzanfardino on September 23, 2008

Task: How to halt/stop a user

# skill -STOP -u <user>

You muse be root to stop other users. For debian/ubuntu you should precede this command with sudo.

Task: How to resume already halted user

# skill -CONT -u <user>

Task: How to kill and logout user

# skill -KILL -u <userid>

Task: Kill and logout all users

The ultimate command to kill and logout all users:
# skill -KILL -v /dev/pts/*

Posted in linux, ubuntu | Tagged: , , | 1 Comment »

Creating a playable DVD from multiple video files

Posted by mzanfardino on September 19, 2008

Like many folks, I have from time to time wanted to burn a DVD of some video files so that I can watch them on my TV. This seems like a no-brainer, but as with so many no-brainers it does take a little bit of work. I will first summarize the tasks at hand, then work though a step-by-step example. Please note, this worked for me but is no guarantee that it will work for you (your mileage may vary).

In general, a DVD is made up of a number of files located in two directories: VIDEO_TS and AUDIO_TS. By and large it’s the VIDEO_TS directory that will hold all the necessary files. Specifically there are three types of files found: *.BUP, *.IFO and *.VOB. So, the ultimate goal will to create these files and directories from the source video in order to burn a DVD that can be played in a stand alone player.

The process starts with a video file. If it’s not already an .AVI or .MPG file it should be converted to .AVI. This can be done using mencoder (instructions to follow). Once you have an AVI file, use ffmpeg to convert it to an .MPG file (again, instructions to follow). The next step is to create the DVD file structure. This can be done with dvdauthor. However in order to add multiple videos and create separation it will be necessary to first create an .XML file (structure to follow) that will be used by dvdauthor when creating the DVD file structure. Once the file structure is in place the dvd can be burned either directly or after converting it to an .ISO file. I will discuss the merits of both at the end.

The applications required to perform this little bit of video transcoding magic are:

  1. mencoder
  2. ffmpeg
  3. dvdauthor
  4. mkisofs
  5. growisofs

For the first step (converting a video file to .AVI) it will be necessary to use mencoder. The following command will generate a log file which will be used by the next command to convert the file to an .AVI

mencoder <inputfile> -ovc xvid -xvidencopts pass=1 -oac mp3lame -lameopts vbr=3 -o /dev/null

Now use mencoder to create the .AVI:

mencoder <inputfile> -ovc xvid -xvidencopts pass=2:bitrate=1000 -oac mp3lame -lameopts vbr=3 -o <avifile>

Now the newly create .AVI file needs to be converted to an .MPG file. This is done with ffmpeg. This is also the time to add parameters that will convert to specific formats (NTSC or PAL) and aspect ratio (4:3 or 16:9). Since I’m in the US I will be formatting to NTSC and since I plan to watch this on my SD TV I will use 4:3 aspect ratio in this example.

ffmpeg -i <avifile> -target ntsc-dvd -aspect 4:3 <mpgfile>

NOTE: If the ffmpeg reports an error with the ntsc-dvd parameter, install transcode.

Before moving to the next step repeat the preceding steps for each of the video files that will be burned to the DVD. Once all the files have been converted to .MPG an XML file will be required n order to append multiple files to a single DVD. NOTE: this will not create a menu, but it will permit the use of next and back with the stand alone DVD player to select between videos. I will write up more about creating menus in a separate blog (once I figure it out!).

The XML file will looks something like this:

<pgc pause=”4″>
<vob file=”video-1.mpg” chapters=”0″/>
<vob file=”video-2.mpg” chapters=”0″/>

I will not go into detail here about what the various xml fields manage save to say that pgc pause controls the delay between videos and that each video should be defined with the <vob file/> tag. More information can be found at

Once the XML file has been created the DVD file structure can be created using dvdauthor as follows:

dvdauthor -o <dvd directory> -x <dvdauthor config xml>

At this point there should be a new directory (as defined by <dvd directory>) containing AUDIO_TS and VIDEO_TS directories. This new directory is the source for the DVD. At this point there are two ways to create the DVD. One is to create an .ISO file first. I can’t swear that this is strictly necessary, but I have found it to be useful for testing by mounting as an ISO9660 and then loading it as though it where the CD. To create the ISO file use mkisofs as follows:

mkisofs -dvd-video -v -o <isofile> <dvd directory>

The resulting ISO can be mounted using:

mount -o loop -t iso9660 <isofile> <mount point>

Using VLC (or any other video player) watch the results from the mount point. NOTE: this DVD should permit skipping from one chapter to the next and back. There will be no proper menu. This will be addressed in a later blog.

The last step is to burn the DVD. If you have created an ISO this can be accomplished with:

growisofs -dvd-compat -Z /dev/dvd=<isofile>

If instead you wish to burn directly from the source directory, this can be done with the following:

growisofs -Z /dev/dvd -dvd-compat <dvd directory>

There are additional options that can be used to add a title, etc. Check man growisofs for details.

That’s it! This is by no means a comprehensive process and is only meant as a jumping off point. The bulk of this information comes from (my thanks to netyire for the source post!) and a lot of trial and error. There is a lot of really good information out there about transcoding videos and different methods of burning DVD’s. I highly recommend checking out for more information.

Mark Zanfardino

Posted in linux | Tagged: , , | 2 Comments »

Changing default Documents path in Kubuntu Hardy

Posted by mzanfardino on September 19, 2008

Since I started working with kubuntu 8.04.1 (hardy) with KDE 3.5.9 I have been irked that the default path to my documents folder has been changed from “documents” to “Documents”. I realize to some this might seem a trivial change, but when you work from the command line (cli) as I do, you find that a change in capitalization for such a frequently used folder can slow you down. As a result I have wanted to change my configuration to use “documents” but found that simply adding the documents directory was not enough. Several applications, such as System Menu (found in the applet panel) and Dolphin still point to Documents.

While doing some research I followed the trail from System Menu. First I found that the directories available from System Menu are derived from /usr/share/apps/systemview by way of .desktop files. Looking at documents.desktop reveals that the path is set by kio_system_documenthelper, which in turn is a script located in /usr/bin that relies on kde-config to return $document_path.

Okay, so it appears that there is a path that must be changed on a user level. Looking at System Settings (systemsettings) -> About Me -> Paths reveals three user paths that can be changed: Desktop, Autostart, and Documents. Simple right? Just change the path in Documents to point to documents instead of Documents. Wrong. Making this change and applying it is not enough. After a relog (and later a reboot) the path appears to remain set to it’s default of Documents.

What you say? How can this be? And how can I make this change permanent? It seems that there is another file that needs to be edited before these changes can be made permanent. Located in /etc/xdg is the file user-dirs.defaults. This file must be changed to reflect the new path as well. It appears there is some mechanism which I do not understand that reads the values from user-dirs.defaults and overwrites any changes made by the user in systemsettings (note: using kcontrol instead of systemsettings behaves in the same manner).

The good news? Simply change /etc/xdg/user-dirs.defaults to reflect whatever path you choose for documents. Once this has been done you can user systemsettings (or kcontrol) to change the path and this time the change will be made permanent.

NOTE: As with Documents, the Desktop path can also be changed as documented above.

Mark Zanfardino

Posted in kubuntu | Tagged: , , , , , , , | 1 Comment »