Mahinda Jayasundara

Operating System..................................................................................................................................3
Disk Operations.....................................................................................................................................4
File Operations......................................................................................................................................6
Users......................................................................................................................................................9
Network Operations............................................................................................................................10
Important Files....................................................................................................................................14
Shell Scripts.........................................................................................................................................15
SSH, IP-Sec & SSL.................................................................................................................................16
Operating System
Red Hat/ Fedora/ CentOS  from same initial distribution
rpm –ivh <filename>.rpm (to install packages)

rpm –qa (list rpms) (modules also come as rpms)

ldconfig –p (list libraries)

ps -ef | grpe -i oam (list running processes)(e-all process f-full format)

UID PID PPID C STIME TTY TIME CMD
root 3911 3888 0 Oct10 ? 00:14:12 oampAgent

-e - List information about every process now running.

-f - Generates a full listing.

top (list running processes)(It is dynamic and interactive)

htop (Human friendly output)
top - 16:24:55 up 96 days, 1:32, 1 user, load average: 0.23, 0.42, 0.48
Tasks: 395 total, 2 running, 393 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.6%us, 0.1%sy, 0.0%ni, 99.3%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 65837456k total, 24705324k used, 41132132k free, 927608k buffers
Swap: 0k total, 0k used, 0k free, 12496556k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND

7244 root 15 0 241m 105m 101m S 1.0 0.2 1717:30 cmha
7260 root 15 0 523m 107m 92m S 0.7 0.2 891:23.46 inetrep

Load Average (5/10/15 min avg)

CUP in load average and Cpu(S)  Max load =100%
CPU in PIDs
In Irix mode
Max load =100%*number of processers
Press Shift+i to turn off Irix mode
Then Max load =100%

Press 1 to view separate CPU loading

q – quit top display
k – to kill a process
d – change refresh time
Shift+O – Sort display in a field
Shift+P – Sort display in by cpu usage
Shift+W – Save top result
top –u <user> - display processes by user

uptime – command will also display the uptime

lscpu or cat /proc/cpuinfo – to display number of cpus

kill -9 3991
kill -9 oampAgent

service --status-all (List all Services)

Cat /proc/sys/kernel/core_pattern (tells core file location)

uptimev(Current time and up time)
08:11:22 up 74 days, 34 min, 2 users, load average: 0.40, 0.36, 0.36

which <command> (To get the directory of the command)

nohup <command> & (To run a command in background)(Even after logout)

Shutdown -h now (to shutdown linux gracefully)

Init 0

Shutdown -r (to restart linux gracefully)

Init 6
reboot
Disk Operations
ls –ltr /dev
brw-rw---- 1 root disk 3, 0 May 5 1998 hda (IDE disks)
brw-rw---- 1 root disk 8, 0 May 5 1998 sda (SCASI/USB disks/u)
brw-rw---- 1 root cdrom 11, 0 Mar 15 2002 scd0 (CD)
crw------- 1 root tty 4, 64 May 5 1998 ttyS0 (Serial)

mount|grep “/dev”
/dev/sda2 on / type ext3
/dev/sda1 on /media/Windows-XP-x64 type fuseblk
/dev/scd0 on /media/cdrom0 type iso9660 (or /mnt/cdrom)

drive name drive controller drive number

(IDE1/IDE2) (Master/Slave)
/dev/hda 1 1
/dev/hdb 1 2
/dev/hdc 2 1
/dev/hdd 2 2

Partitions are represented by a number.

drive name drive controller drive number partition type partition number
/dev/hda1 1 1 primary 1
/dev/hda2 1 1 primary 2
/dev/hda4 1 1 swap NA
/dev/hdb1 1 2 primary 1
/dev/hdb2 1 2 extended NA
/dev/hdb3 1 2 logical 2

/usr
/var For mail, printing, error log.
Server computers ought to have /var in a different partition.
/bin This is where most executable binaries go.
/tmp Some programs write temporary data files here.
/home This is where users home directories go.
/boot This is where your kernel images go.
/etc Configuration files

mount -t ext3 /dev/sda1 /opt

(Destination directory has to be created first)

mount –t iso9660 /dev/cdrom /mnt/cdrom

mount -o loop /media/sdb1/872-2161-115-2.2.2_10.28.0.iso /mnt/upgrade

mount -B /home/user1 /opt/u1 (Bind a directory)

mount –bind /home/user1 /opt/u1

umount /mnt/upgrade

File system type. Other types you are likely to use are:
ext3 journaling sile system based on ext2
msdos DOS
hfs mac
iso9660 CDROM
nfs network file system

Default mounts are in /etc/fstab

df -h
Filesystem Size Used Available Use% Mounted on
/dev/sda5 4.6G 2.8G 1.8G 60% /
/dev/sda6 3.8G 1.7G 2.1G 44% /mydata
/dev/sda1 1.5G 540M 1.1G 33% /boot

/etc/fstab – For mount locations to be used

(Only used if not specified in the command)

du –h /<path> (Give the folder and subfolder size)

du --max-depth=1 –h (list all sub directory size)

fdisk /dev/sda (To create a partition)(Interactive Session)

fdisk -l (List disk partition details)

mkfs (make file system - Format a disk)

fsck /dev/ada1 (file system check)

Better to unmounts or mount as a read only before fsck
File Operations
ls -ltr
-rwxrwxrwx 1 owner group 9275204 Jun 13 15:27 mthesaur.txt.gz

First character specifies the type of the file.

- normal file
d directory
s socket file
l link file
b block device (hard disk)
c character device (tty)

Read, write, execute permissions for user, group and others.

Number of links for that file.
Owner of the file.
Group of the file.
Size of file. (in Bytes)
Last modified date & time.
File name.

If a path ends with / it is always a directory

ls -l |more (To display page by page)

ls sep* (List all files start with sep) (Same like using grep)

ls > <file name> (overwrite output to a file)

ls >> <file name> (amend output to a file)

head <file name> (list the first few lines of a file)

tail -20 <file name> (list the last few lines of a file)

tail -f <file name> (Continuously view last few lines of a file)

ctrl c - exit

more <file name> (list page by page. Spacebar to navigate)

less <file name> (Possible to go up and down)
spacebar - next page
b - previous page
q - quit

cat-vet <file name> (display the hidden characters)

cat <file name> (no page by page)
cat <file name> | grep -i -A5 "System Information"
-i - ignore case
-A – Pint number of lines after

cat <file name> | more (page by page)

cat file1.txt file2.txt > file3.txt (Join two files)
>Override
>>Append

grep “key” <filename>

grep –v “key” <filename> (Invert Match)
grep -r "modules" . (search all files in that directory)
grep -rl "modules" . (Only list the files)
grep -lr "mod.*" ./DpC* (Search all files starting with DpC)
grep -r –B 1 ‘req="mod"’ ./DpC* (-B before –A after –C both)

grep -r "drupal\|joomla\|wordpress" . (Search multiple files)

find / -name <filename> (To find a file)

find / | grep 20130719

wc -l <filename> (To count the number of lines)

wc -w <filename> (To count the number of words)

cat <filename> | egrep “apple|banana|orange”

diff <file1> <file2> (list different lines)

< only in file1
< only in file2

zip –r filename.zip file*.* (To compress a file into .zip)

unzip -j filename.zip (To un-compress a .zip file)
unzip –l (To list files in a zip file)

gzip <filename> (will gz the original file)

gunzip file.gz (To un-compress a .gz file)
gzip -d file.gz (To un-compress a .gz file)

cd ~ Home directory
cd .. Parent directory

rmdir <directory name> (delete a empty directory)

rm –r <directory name> (delete a directory with files)

cp -p <filename> <newfilename> (p-preserve all properties)

chown <user>:<group> <filename>

chmod 777 <filename>

SFTP
!ls -ltr (list the files in the local folder)
lcd /root (change the local folder)
vi <File Name>
vim <file Name>
x Delete a character
dd Delete a line
o Open a new line
p Paste
yy Copy line
Shift+g go to last line
:wq Save and exit
:q! Exit without Saving
Esc Command mode
Esc+i Edit mode
/<key> Search a key
n - Search next
N - Search previous

screen
screen -S <name> -L
(Screen commands are not stored under history. But it will be saves in
putty log)

“Ctrl-A” and “?” (For help menu)

“Ctrl-A” and “d” (To detach the screen)
“Ctrl-A” and “K” (To terminate a screen)
“Ctrl-A” and “H” (To start loggin)

screen –list (List running screens)

There is a screen on:
4491.pts-2.FC547 (detached)

screen –r 7849 (To re-attach)

man ls (manual page)

CTRL + B - Page Up
CTRL + F - Page Down
/<word> - enter to search. n to search next.
q - Quite

man –k <word> (list all commands with that word)

hostname --h (help on hostname command)

hostname <hostname> will change the host name till reboot

To change host name permanently
vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=myserver.example.com
GATEWAY=10.10.10.1
Users

su - (to change to root user) (- change environment also)

su - <user> (to change the user)
useradd <username> (create user)

groupadd <groupname>
useradd -G <group-name> <username>
usermod -aG <group-name> <username>

passwd <username>
passwd (will change current user password)

id <username> (Display user details)

users (list the currently connected users)
whoami (display current user)

cat /etc/passwd (list all users configured in the system)

cat /etc/shadow(list all users password hashes)

userdel -r <username> (Delete a user)

cat /etc/group (List all groups)

env | more (List the user environmental variables)

Network Operations

Define IPs
netconfig (start a menu to configure network) (Only in Red hat)
ifconfig eth0 up 192.168.0.5 mask 255.255.255.0 (IP)
ifconfig eth0 down
vi /etc/sysconfig/network-scripts/ifcfg-eth0 (Permanently)
DEVICE=eth0
BOOTPROTO=static
DHCPCLASS=
HWADDR=00:30:48:56:A6:2E
IPADDR=10.10.10.15
NETMASK=255.255.255.192
ONBOOT=yes
service network restart

Define Default GW
route add default gw 10.10.10.1 (Default Gateway)
vi /etc/sysconfig/network (Permanently)
NETWORKING=yes
HOSTNAME=myserver.example.com
GATEWAY=10.10.10.1

Define Routes
route add -net 172.22.31.160/27 gw 172.22.31.129 dev eth5.1514

route add default gw 192.168.1.10

vi /etc/sysconfig/network-scripts/route-eth0 (Permanently)
service network restart

route –n (Print the IP routing table)

netstat -rn (Print the IP routing table)
ip route show (Print the IP routing table)

netstat –a (Print listening ports and established connections)

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:7710 *:* LISTEN
tcp 0 0 mpe2a:56402 mpe2b:7710 ESTABLISHED

Active UNIX domain sockets (servers and established)

Proto RefCnt Flags Type State I-Node Path
unix 2 [ACC] STREAM LISTENING 199525502 /var/agentx/master
unix 3 [ ] STREAM CONNECTED 467911122
unix 2 [ ] DGRAM 2218680

netstat -na | grep 10.29.62.214 (Check connections to/from the host)

netstat -an|egrep 386[89]|sort

tcpkill host 192.168.1.2 (To kill all TPC connections to/from the host)

ip -f inet addr (to check all IPs including VIPs)

vi /etc/resolv.conf (for DNS server)
search <Local Domain Name>
nameserver 202.54.1.10
nameserver 202.54.1.11

vi /ect/hosts (for Hostnames)

IPAddress Hostname Alias
127.0.0.1 localhost deep.openna.com
208.164.186.1 deep.openna.com deep
208.164.186.2 mail.openna.com mail
208.164.186.3 web.openna.com web

vi /etc/snmp (SNMP configuration)

FireWall (iptables)
iptables –L (list firewall configuration)
iptable –S (list firewall configuration)
service iptables stop (to Stop firewall)

Adding a rule (After that save and restart the network services may be requires)
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
-A - Add to the end of chain “INPUT”
-I - Add to the begining of chain “INPUT”
-R - Replace a rule

Add a rule (complete steps)

iptables -I SIGTRAN1 -p sctp --match multiport --dports 1024:65535 -j ACCEPT
service iptables save
service network restart

Removing a rule
iptables -D INPUT 5

Save the rules

service iptables save

Backup/Restore
iptables-save > iptables.dump
iptables-restore < iptables.dump

cat /sys/devices/.....eth11/operstate (To check the interface status)

cat /sys/class/net/eth0/operstate

ifdown eth0
ifup eth0 or ifconfig eth0 up (to make interface up)

ethtool eth0 (View network card properties)

ethtool -s eth0 autoneg off (Change network interface setting temporarily)
ethtool –i eth0 (Display FW info)
ethtool -S eth0 (Display statistics)
ethtool -p eth0 (Blink LED)

mii-tool

dmesg | grep eth (Display kernel messages related to interfaces)

dmesg > kernel_msgs.txt (save kernal messages)

cat /proc/net/bonding/bond1 (See the bonding info)

ping 10.239.130.89 -I 10.59.226.4

traceroute 10.239.130.89 -I 10.59.226.4
(First entry is the gateway IP/ If some devices don’t support traceroute it will be shown as * * *)

telnet 10.239.130.89 443 (To check the connectivity when only a specific port is open)

ntpq -p(list NTP status)

cat /etc/ntp.conf
service ntpd stop
ntpdate ntpserver1
service ntpd start

ssh-keygen -R 10.249.15.200 (to remove a known host SSH Key)

nslookup <FQDN>
TCP Dump

-C <file size> A new file will be created with a different number to the end (Mb)
-c Number of packets to display
-i <interface> Interface to monitor
-n Don't convert addresses to names
-s Set the max packet size. 0 mean 65535 (Default is also 65535) (Bytes)
-r Read a file
-w Write to a file
-W Number of files (Files will be overwritten)
-Z User
host <IP>
port <Port>
–vvv Display the details of the packet

tcpdump -r MP.cap (To read a file)

tcpdump -ni eth01 -w /tpm/trace1.pcap port 3868 -c 100

tcpdump -i any host 62.93.153.5

tcpdump -i bond0.5 host 62.93.153.5 -w /tmp/ixptrace.cap -c 1000

nohup tcpdump -Z root -n -C 150 -W 50 -i any -s 0 -w /dev/shm/prov.pcap &

Will run in backgroubd
-C File count
-W File size

use ps –ef | grep –i tcp to list

kill -9 to stop
T Shark (From wireshark)

-R Read Filter (packets that pass the read filter will be displayed or saved to the output file)
-f Capture Filter
-S Set a line seperator

tshark -i any -R ‘snmp’ -w /tmp/test.pcap

tshark -i any -R ‘diameter or sctp’ -w /tmp/27022014.pcap

tshark -i bond0.6 -w mp1_sctp3.pcap -R 'sctp'

tshark -w output.cap -R "ip.addr==10.82.23.x" (doesn’t filter the IP)

tethereal -i any -R "diameter.cmd.code==265||diameter.cmd.code==272" -S -

w /tmp/Trace.pcap

cat /proc/memoryinfo

free -m |grep mem

service httpd stop

service ntpd stop

ntpdate ntpserver1
Important Files

cat /etc/passwd (list all the users configured in the system)

cat /etc/shadow
cat /etc/group (List all groups)

Cat proc/sys/kernel/core_pattern (tells core file location)

Shell Scripts
Name of Command
Description
shell name
Bourne shell sh The most basic shell available on all UNIX systems
Korn Shell ksh / pdksh Based on the Bourne shell with enhancements
C Shell csh Similar to the C programming language in syntax
Bourne Again Shell combines the advantages of the Korn Shell and
Bash Shell bash
the C Shell. The default on most Linux distributions.
tcsh tcsh Similar to the C Shell

Cat Display.sh
#! /bin/bash
# This a sample script
echo "Date and time is:"
date
echo
echo "Your username is: `whoami` \n"
echo "Your current directory is: \c"
pwd
echo
echo “Your Name is $1”

N1=10
N2=20
Let N3=$N1+$N2
echo “Value of N3 is $N3”

./Display.sh Mahinda (To execute the script)

(Mahinda is passed as a command line argument $1) $0 is the script name

Run a script in background

bash /export/TAC/newchkwebci > checkwebciout.log &

use kill –ef <PID> to stop it

\n New line
\c Continue on the same line
Clear Clear the screen
echo $USERNAME (System Variables are in Block Caps)
n=10 (Define UDV with value 10)

echo $((1 + 3 + 4)) - Arithmetic expansion

echo `expr 1 + 3` (` is not ‘) – Command substitution

echo $(expr 1 + 3)
echo "Today is $(date)"
; more commands in same line

>> Append to a file

> Redirect to a file
< to get an input from a file (grep searchterm < file)

msg1=one
msg2="$msg1 two" (if string has spaces include it in “”)

Exit Value of a command or script (if 0, it was successful)

ls
echo $? (will give 0)

read fname (will wait till variable is input)

ls [a-c]* ls [abc]* (Will display files stating with a, b or c)

ls [!abc] ls [^abc] (Will display files not stating with a, b and c)

check_syscheck.sh file
#!/bin/bash

DATFile=/home1/mjayasun/check_syscheck.dat
TIME=$(date +"%T %d/%m/%Y")
$ - store the command value into variable
+ - Specify the format

# Compose the alert message

MESSAGE="[$TIME] ERROR: Syscheck script has no driver file: ${DATFile}\nPlease escalate to
MDS."

# Email details
EMAIL_TO="MDS-Helpdesk@telefonica.com"
EMAIL_SUBJECT="PCRF/SPR syscheck Alert"

echo "Starting /home1/mjayasun/check_syscheck.sh at $TIME ............."

echo go to new line automatically
echo "" (add an empty line)

# Check if the file does NOT exist

if [ ! -f "${DATFile}" ]; then
# Send email alert
printf "$MESSAGE" | mail -s "$EMAIL_SUBJECT" "$EMAIL_TO"

# Print visible warning in console/log

echo "**** ${DATFile} is missing ****"

# Exit script with error status

exit 1
fi

# Loop through servers defined under SERVERS=

for NODE in $(grep SERVERS "${DATFile}" | awk -F"=" '{ print $2 }'); do
Separate the content using = Then take the second value
For loop automatically iterate through space separated words

Server="${NODE%:*}" (remove shortest map from the end) (% remove from the end)
SrvType="${NODE##*:}" (remove longest map from the start) (# remove from the start)

# Check for FAILURE entries

ssh "$Server" "grep "FAILURE" /var/TKLC/log/syscheck/fail_log" > "/tmp/fail_${Server}.log
2>/dev/null
Save only failure logs to /tmp/fail.log and discard any other errors

Stream File Descriptor Purpose

stdin 0 Input
stdout 1 Normal output
stderr 2 Error output

if [ $? -eq 0 ]; then
 echo "[INFO] Failure found for $Server ($SrvType)" | tee -a /home1/mjayasun/syscheck$(date
+%Y%m%d).log
If the last operation exit code ($?) is success. That means a FAILURE is found.

# Loop through modules reported as "Running"

for MODULE in $(grep "Running" /tmp/fail_${Server}.log | awk '{print $NF}'); do
print $NF print the last field

echo "[ACTION] Running syscheck for module: $MODULE"

ssh "$Server" “syscheck -v "$MODULE"”
done
else
echo "[INFO] No FAILURE entries found for $Server ($SrvType)"
fi
done

echo ""
echo "Completed !!!"
echo ""

exit 0

check_syscheck.dat file
SERVERS=csite-func1-tvoe:s csite-func1-pmac:s csite-func1-cmp1:s csite-func1-cmp2:s csite-func1-
sdmfront1:s csite-func1-sdmfront2:s csite-func1-sdmback1:s csite-func1-sdmback2:s
#
#
#
Columns are :- tag:ServerType,AlertTeam
#
s:Server,MDS
CronTab

crontab -e Edit current users crontab file, or create one if it doesn’t already exist.
crontab -l Display current users crontab file.
crontab -r Remove current users crontab file.
crontab –v

Eg:
0,15,30,45 * * * * /home1/mjayasun/check_syscheck.sh
Will run check_syscheck.sh in every 15 min

User-specific crontabs: in /var/spool/cron/crontabs/

System-wide crontab: /etc/crontab

Hourly/Daily/Weekly scripts: /etc/cron.hourly/, /etc/cron.daily/, etc.

SSH - Public key authentication

On the client machine, the user must generate a public / private keys.

If key is password protected, user will be prompted for the password every time he is going to
use the key.

Use ssh-copy-id from client

Or server admin can add the public key to ~/.ssh/authorized_keys

Generate the authentication key

To generate the key pair

fabio@morpheus:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/fabio/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/fabio/.ssh/id_rsa.
Your public key has been saved in /home/fabio/.ssh/id_rsa.pub.
The key fingerprint is:
44:3e:ef:58:94:15:52:c2:88:ca:ab:21:43:53:3d:42 fabio@morpheus
fabio@morpheus:~$

If you need to change the password or add one, do:

fabio@morpheus:~$ ssh-keygen -p
Enter file in which the key is (/home/fabio/.ssh/id_rsa):
Key has comment '/home/fabio/.ssh/id_rsa'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.
fabio@morpheus:~$

In this case, a new password was added. Note that this operation does not change the public /
private key pair. It only changes its encryption.

Install the public key on the servers

SSH comes with an utility called ssh-copy-id that simply adds the contents of client’s
~/.ssh/id_rsa.pub to the server’s ~/.ssh/authorized_keys:
fabio@morpheus:~$ ssh-copy-id -i .ssh/id_rsa.pub ornellas@apanela.com 15
ornellas@apanela.com's password:

Note that at this point password access is needed

Now try logging into the server, with "ssh 'ornellas@apanela.com'", and
check in:

.ssh/authorized_keys

Or
cat id_rsa.pub >> .ssh/authorized_keys

Access

At this point, user’s account on the server can be locked for password authentication. On
Linux systems, one can make:

root@apanela.com:~# passwd -l ornellas

Now, try to access the server:

fabio@morpheus:~$ ssh ornellas@apanela.com

Enter passphrase for key '/home/fabio/.ssh/id_rsa':
ornellas@pound:~$

On this case, the client’s key was encrypted and its password was asked. If it had no
password, nothing would have been asked, and access would be direct:

fabio@morpheus:~$ ssh ornellas@apanela.com

ornellas@pound:~$

For Windows
Download putty.zip

Create your ssh key

Run the puttygen.exe utility to generate a pair of private/public keys.
Make sure the SSH-2 RSA parameter is selected at the bottom of the window and click on the
Generate button.

Once you have accumulated enough entropy, the application generates the key.
Make sure you enter a lengthy passphrase in the Key passphrase field and confirm it in the
Confirm passphrase field.
Click on the Save private key button to save your private key in a file.

With your mouse, select the content of the box labeled Public key for pasting into OpenSSH
authorized_keys file, copy it (that is, hit Control-C).
Make it available for PuTTY-compliant applications
1. Under Session , enter the hostname of the Unix machine, and choose the SSH
protocol
2. Under Connection > Data , enter your login name for the Unix machine in Auto-login
username

3. Under Connection > SSH > Auth , select the filename of the private key that you
saved out of PuTTYGen

4. Back under Session , enter the hostname again in the box under Saved Sessions and
click Save
This is now added into the registry and all PuTTY applications are aware of it.
Load your key

Pageant is a utility that loads ssh keys in memory. If you load your ssh key with pageant, you
won't have to type your ssh key passphrase again and again.

First, run pageant.exe. Then load your ssh key by right-clicking on the pageant icon in the
system tray bar as shown below.

Click on the Add key menu item: a file dialog pops up.

Select the private key file you saved while running puttygen.exe and click on the Open
button: a new dialog pops up. Its title is Pageant: enter passphrase.

Type in your passphrase and click on the ok button.

Your key is now loaded in pageant.

On Linux

Create the RSA Key Pair in client

#ssh-keygen -t rsa

With more options

#ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -C "Enter an optional
comment about your key"

Copy public key to server

id_rsa.pub to /home/<user>/.ssh/id_rsa.pub

#ls /home/<user>/.ssh
id_rsa.pub
known_hosts (public keys of other known servers)
authorized_keys

Include the public key in authorized_keys file

In ther server
#mv id_rsa.pub authorized_keys

Or
In the client.
#cat ~/.ssh/id_rsa.pub | ssh root@example.com 'cat - >>
~/.ssh/authorized_keys'

In the server. Change the permission for authorized_keys file

#chmod 600 ~/.ssh/authorized_keys && chmod 700 ~/.ssh/

To remove a public key from known hosts

ssh-keygen -R 10.249.15.200