19 Apr

Using Rsync and SSH

Published in CentOS 6

This document covers using cron, ssh, and rsync to backup files over a local network or the Internet. Part of my goal is to ensure no user intervention is required when the computer is restarted (for passwords, keys, or key managers).

I like to backup some logging, mail, and configuration information sometimes on hosts across the network and Internet, and here is a way I have found to do it. You'll need these packages installed:

rsync
openssh
cron (or vixie-cron)

Please note these instructions may be specific to Red Hat Linux versions 7.3, 9, and Fedora Core 3, but I hope they won't be too hard to adapt to almost any *NIX type OS. The man pages for 'ssh' and 'rsync' should be helpful to you if you need to change some things (use the "man ssh" and "man rsync" commands).

First, I'll define some variables. In my explanation, I will be synchronizing files (copying only new or changed files) one way, and I will be starting this process from the host I want to copy things to. In other words, I will be syncing files from /remote/dir/ on remotehost, as remoteuser, to /this/dir/ on thishost, as thisuser.

I want to make sure that 'rsync' over 'ssh' works at all before I begin to automate the process, so I test it first as thisuser:

$ rsync -avz -e ssh remoteuser@remotehost:/remote/dir /this/dir/ 

and type in remoteuser@remotehost's password when prompted. I do need to make sure that remoteuser has read permissions to /remote/dir/ on remotehost, and that thisuser has write permissions to /this/dir/ onthishost. Also, 'rsync' and 'ssh' should be in thisuser's path (use "which ssh" and "which rsync"), 'rsync' should be in remoteuser's path, and 'sshd' should be running on remotehost.

Configuring thishost

If that all worked out, or I eventually made it work, I am ready for the next step. I need to generate a private/public pair of keys to allow a 'ssh' connection without asking for a password. This may sound dangerous, and it is, but it is better than storing a user password (or key password) as clear text in the script [0]. I can also put limitations on where connections made with this key can come from, and on what they can do when connected. Anyway, I generate the key I will use on thishost (as thisuser):

$ ssh-keygen -t rsa -b 2048 -f /home/thisuser/cron/thishost-rsync-key 
Generating public/private rsa key pair. 
Enter passphrase (empty for no passphrase): [press enter here] 
Enter same passphrase again: [press enter here] 
Your identification has been saved in /home/thisuser/cron/thishost-rsync-key. 
Your public key has been saved in /home/thisuser/cron/thishost-rsync-key.pub. 
The key fingerprint is: 
2e:28:d9:ec:85:21:e7:ff:73:df:2e:07:78:f0:d0:a0 thisuser@thishost 

and now we have a key with no password in the two files mentioned above [1]. Make sure that no other unauthorized user can read the private key file (the one without the '.pub' extension).

This key serves no purpose until we put the public portion into the 'authorized_keys' file [2] on remotehost, specifically the one for remoteuser:

/home/remoteuser/.ssh/authorized_keys 

I use scp to get the file over to remotehost:

$ scp /home/thisuser/cron/thishost-rsync-key.pub remoteuser@remotehost:/home/remoteuser/ 

and then I can prepare things on remotehost.

Configuring remotehost

I 'ssh' over to remotehost:

$ ssh remoteuser@remotehost
remoteuser@remotehost's password: [type correct password here]
$ echo I am now $USER at $HOSTNAME
I am now remoteuser at remotehost

to do some work.

I need to make sure I have the directory and files I need to authorize connections with this key [3]:

$ if [ ! -d .ssh ]; then mkdir .ssh ; chmod 700 .ssh ; fi 
$ mv thishost-rsync-key.pub .ssh/ 
$ cd .ssh/ 
$ if [ ! -f authorized_keys ]; then touch authorized_keys ; chmod 600 authorized_keys ; fi 
$ cat thishost-rsync-key.pub >> authorized_keys 

Now the key can be used to make connections to this host, but these connections can be from anywhere (that the ssh daemon on remotehost allows connections from) and they can do anything (that remoteuser can do), and I don't want that. I edit the 'authorized_keys' file (with vi) and modify the line with 'thishost-rsync-key.pub' information on it. I will only be adding a few things in front of what is already there, changing the line from this:

ssh-dss AAAAB3NzaC1kc3MAAAEBAKYJenaYvMG3nHwWxKwlWLjHb77CT2hXwmC8Ap+fG8wjlaY/9t4u
A+2qx9JNorgdrWKhHSKHokFFlWRj+qk3q+lGHS+hsXuvta44W0yD0y0sW62wrEVegz+JVmntxeYc0nDz
5tVGfZe6ydlgomzj1bhfdpYe+BAwop8L+EMqKLS4iSacNjoPlHsmqHMnbibn3tBqJEq2QJjEPaiYj1iP
5IaCuYBhuTKQGa+oyH3mXEif5CKdsIKBj46B0tCy0/GC7oWcUN92QdLrUyTeRJZsTWsxKpRbMliD2pBh
4oyX/aXEf8+HZBrO5vQjDBCfTFQA+35Xrd3eTVEjkGkncI0SAeUAAAAVAMZSASmQ9Pi38mdm6oiVXD55
Kk2rAAABAE/bA402VuCsOLg9YS0NKxugT+o4UuIjyl6b2/cMmBVWO39lWAjcsKK/zEdJbrOdt/sKsxIK
1/ZIvtl92DLlMhci5c4tBjCODey4yjLhApjWgvX9D5OPp89qhah4zu509uNX7uH58Zw/+m6ZOLHN28mV
5KLUl7FTL2KZ583KrcWkUA0Id4ptUa9CAkcqn/gWkHMptgVwaZKlqZ+QtEa0V2IwUDWS097p3SlLvozw
46+ucWxwTJttCHLzUmNN7w1cIv0w/OHh5IGh+wWjV9pbO0VT3/r2jxkzqksKOYAb5CYzSNRyEwp+NIKr
Y+aJz7myu4Unn9de4cYsuXoAB6FQ5I8AAAEBAJSmDndXJCm7G66qdu3ElsLT0Jlz/es9F27r+xrg5pZ5
GjfBCRvHNo2DF4YW9MKdUQiv+ILMY8OISduTeu32nyA7dwx7z5M8b+DtasRAa1U03EfpvRQps6ovu79m
bt1OE8LS9ql8trx8qyIpYmJxmzIdBQ+kzkY+9ZlaXsaU0Ssuda7xPrX4405CbnKcpvM6q6okMP86Ejjn
75Cfzhv65hJkCjbiF7FZxosCRIuYbhEEKu2Z9Dgh+ZbsZ+9FETZVzKBs4fySA6dIw6zmGINd+KY6umMW
yJNej2Sia70fu3XLHj2yBgN5cy8arlZ80q1Mcy763RjYGkR/FkLJ611HWIA= thisuser@thishost

to this [4]:

from="10.1.1.1",command="/home/remoteuser/cron/validate-rsync" ssh-dss AAAAB3Nza
C1kc3MAAAEBAKYJenaYvMG3nHwWxKwlWLjHb77CT2hXwmC8Ap+fG8wjlaY/9t4uA+2qx9JNorgdrWKhH
SKHokFFlWRj+qk3q+lGHS+hsXuvta44W0yD0y0sW62wrEVegz+JVmntxeYc0nDz5tVGfZe6ydlgomzj1
bhfdpYe+BAwop8L+EMqKLS4iSacNjoPlHsmqHMnbibn3tBqJEq2QJjEPaiYj1iP5IaCuYBhuTKQGa+oy
H3mXEif5CKdsIKBj46B0tCy0/GC7oWcUN92QdLrUyTeRJZsTWsxKpRbMliD2pBh4oyX/aXEf8+HZBrO5
vQjDBCfTFQA+35Xrd3eTVEjkGkncI0SAeUAAAAVAMZSASmQ9Pi38mdm6oiVXD55Kk2rAAABAE/bA402V
uCsOLg9YS0NKxugT+o4UuIjyl6b2/cMmBVWO39lWAjcsKK/zEdJbrOdt/sKsxIK1/ZIvtl92DLlMhci5
c4tBjCODey4yjLhApjWgvX9D5OPp89qhah4zu509uNX7uH58Zw/+m6ZOLHN28mV5KLUl7FTL2KZ583Kr
cWkUA0Id4ptUa9CAkcqn/gWkHMptgVwaZKlqZ+QtEa0V2IwUDWS097p3SlLvozw46+ucWxwTJttCHLzU
mNN7w1cIv0w/OHh5IGh+wWjV9pbO0VT3/r2jxkzqksKOYAb5CYzSNRyEwp+NIKrY+aJz7myu4Unn9de4
cYsuXoAB6FQ5I8AAAEBAJSmDndXJCm7G66qdu3ElsLT0Jlz/es9F27r+xrg5pZ5GjfBCRvHNo2DF4YW9
MKdUQiv+ILMY8OISduTeu32nyA7dwx7z5M8b+DtasRAa1U03EfpvRQps6ovu79mbt1OE8LS9ql8trx8q
yIpYmJxmzIdBQ+kzkY+9ZlaXsaU0Ssuda7xPrX4405CbnKcpvM6q6okMP86Ejjn75Cfzhv65hJkCjbiF
7FZxosCRIuYbhEEKu2Z9Dgh+ZbsZ+9FETZVzKBs4fySA6dIw6zmGINd+KY6umMWyJNej2Sia70fu3XLH
j2yBgN5cy8arlZ80q1Mcy763RjYGkR/FkLJ611HWIA= thisuser@thishost

where "10.1.1.1" is the IP (version 4 [5]) address of thishost, and "/home/remoteuser/cron/validate-rsync" (which is just one of a few options [6], including customization [7] to enhance security) is a script that looks something like this :

#!/bin/sh 

case "$SSH_ORIGINAL_COMMAND" in 
*\&*) 
echo "Rejected" 
;; 
*\(*) 
echo "Rejected" 
;; 
*\{*) 
echo "Rejected" 
;; 
*\;*) 
echo "Rejected" 
;; 
*\<*) 
echo "Rejected" 
;; 
*\`*) 
echo "Rejected" 
;; 
*\|*) 
echo "Rejected" 
;; 
rsync\ --server*) 
$SSH_ORIGINAL_COMMAND 
;; 
*) 
echo "Rejected" 
;; 
esac 

If thishost has a variable address, or shares its address (via NAT or something similar) with hosts you do not trust, omit the 'from="10.1.1.1",' part of the line (including the comma), but leave the 'command' portion. This way, only the 'rsync' will be possible from connections using this key. Make certain that the 'validate-rsync' script is executable by remoteuser on remotehost and test it.

PLEASE NOTE: The private key, though now somewhat limited in what it can do (and hopefully where it can be done from), allows the possessor to copy any file from remotehost that remoteuser has access to. This is dangerous, and I should take whatever precautions I deem necessary to maintain the security and secrecy of this key. Some possibilities would be ensuring proper file permissions are assigned, consider using a key caching daemon, and consider if I really need this process automated verses the risk.

ALSO NOTE: Another security detail to consider is the SSH daemon configuration on remotehost. This example focuses on a user (remoteuser) who is not root. I recommend not using root as the remote user becauseroot has access to every file on remotehost. That capability alone is very dangerous, and the penalties for a mistake or misconfiguration can be far steeper than those for a 'normal' user. If you do not use root as your remote user (ever), and you make security decisions for remotehost, I recommend either:

PermitRootLogin no 

or:

PermitRootLogin forced-commands-only 

be included in the '/etc/ssh/sshd_config' file on remotehost. These are global settings, not just related to this connection, so be sure you do not need the capability these configuration options prohibit. [8].

The 'AllowUsers', 'AllowGroups', 'DenyUsers', and 'DenyGroups' key words can be used to restrict SSH access to particular users and groups. They are documented in the man page for "sshd_config", but I will mention that they all can use '*' and '?' as wildcards to allow and deny access to users and groups that match patterns. 'AllowUsers' and 'DenyUsers' can also restrict by host when the pattern is in USER@HOST form.

Troubleshooting

Now that I have the key with no password in place and configured, I need to test it out before putting it in a cron job (which has its own small set of baggage). I exit from the ssh session to remotehost and try [9]:

$ rsync -avz -e "ssh -i /home/thisuser/cron/thishost-rsync-key" remoteuser@remotehost:/remote/dir /this/dir/

If this doesn't work, I will take off the "command" restriction on the key and try again. If it asks for a password, I will check permissions on the private key file (on thishost, should be 600), on 'authorized_keys' and (onremotehost, should be 600), on the '~/.ssh/' directory (on both hosts, should be 700), and on the home directory ('~/') itself (on both hosts, should not be writeable by anyone but the user). If some cryptic 'rsync' protocol error occurs mentioning the 'validate-rsync' script, I will make sure the permissions on 'validate-rsync' (on remotehost, may be 755 if every remotehost user is trusted) allow remoteuser to read and execute it.

If things still aren't working out, some useful information may be found in log files. Log files usually found in the /var/log/ directory on most linux hosts, and in the /var/log/secure log file on Red Hat-ish linux hosts. The most useful logfiles in this instance will be found on remotehost, but localhost may provide some client side information in its logs [10] . If you can't get to the logs, or are just impatient, you can tell the 'ssh' executable to provide some logging with the 'verbose' commands: '-v', '-vv', '-vvv'. The more v's, the more verbose the output. One is in the command above, but the one below should provide much more output:

$ rsync -avvvz -e "ssh -i /home/thisuser/cron/thishost-rsync-key" remoteuser@remotehost:/remote/dir /this/dir/ 

Hopefully, it will always just work flawlessly so I never have to extend the troubleshooting information listed here [11] .

Cron Job Setup

The last step is the cron script. I use something like this:

#!/bin/sh 

RSYNC=/usr/bin/rsync 
SSH=/usr/bin/ssh 
KEY=/home/thisuser/cron/thishost-rsync-key 
RUSER=remoteuser 
RHOST=remotehost 
RPATH=/remote/dir 
LPATH=/this/dir/ 

$RSYNC -az -e "$SSH -i $KEY" $RUSER@$RHOST:$RPATH $LPATH 

because it is easy to modify the bits and pieces of the command line for different hosts and paths. I will usually call it something like 'rsync-remotehost-backups' if it contains backups. I test the script too, just in case I carefully inserted an error somewhere.

When I get the script running successfully, I use 'crontab -e' to insert a line for this new cron job:

0 5 * * * /home/thisuser/cron/rsync-remotehost-backups 

for a daily 5 AM sync, or:

0 5 * * 5 /home/thisuser/cron/rsync-remotehost-backups 

for a weekly (5 AM on Fridays). Monthly and yearly ones are rarer for me, so look at "man crontab" or here for advice on those.

Alright! Except for the everyday "keeping up with patches" thing, the insidious "hidden configuration flaws" part, and the unforgettable "total failure of human logic" set of problems, my work here is done. Enjoy!

19 Apr

qnap rsync Segmentation fault daemon

Published in Qnap

qnap rsync segmentation fault daemon

原因不支持 daemon 转换用 shell

rsync 两种方式 1 daemon 2 shell

rsync -avz -e ssh remoteuser@remotehost:/remote/dir /this/dir/

19 Apr

vcenter 5.1 迁移后无法连接

Published in Vsphere ESXI

更改 host 文件手动分配 dns

07 Apr

WINDOWS 7 手动删除用户配置文件后，只能使用临时配置文件的问题

Published in Windows 7

在XP时代，如果将用户的配置文件删除了，用户在登录就会自动重新创建一个配置文件

但在WINDOWS 7不行，删除用户配置文件后，不会自动创建用户的配置文件，下次登录会一直使用临时配置文件

原因：

如果使用命令提示符或 Windows 资源管理器手动删除用户配置文件，则可能出现此问题。手动删除的配置文件不会删除注册表中配置文件列表中的安全标识符 (SID)。

警告：Microsoft 建议不要将此方法作为删除计算机中用户配置文件的标准方法。记录和支持的方法是使用系统属性中“高级系统设置”的“用户配置文件”设置。对于应用程序来说，使用“DeleteProfile”API 即可提供此功能。

如果存在 SID，则 Windows 将通过使用指向到不存在的路径 ProfileImagePath 加载配置文件。因此，无法加载该配置文件。

给出了解决办法：

1，下载微软提供的修复工具下载运行修复

或者

1，在系统属性中找到要删除的用户，删除用户配置文件（如果存在）

2，HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

删除相应的 SID，然后单击“删除”。

微软官方KB

http://support.microsoft.com/kb/947215/zh-cn

27 Mar

[Windows 7] HOWTO:解决系统管理员不允许使用保存的凭据登录远程计算机

Published in Windows 7

一台加入到 ActiveDirectory（活动目录 – AD，注：WinSRV2008）的 Windows 7 客户端，使用 Remote Desktop 登录 AD 内部的计算机时能够使用已保存的凭据进行自动验证。但是 AD 外部的计算机即使保存了登录凭据，在连接时仍然会提示输入密码，如下图所示：

Remote Desktop 会提示“系统管理员不允许使用保存的凭据登录远程计算机，原因是未完全验证其标识。请输入新凭据。”！这是出于安全考虑的设计，当然我们可以进行修改使加入到 AD 内的系统能够保存 AD 外部计算机的凭据。

为此，在运行中输入 gpedit.msc，启动本地组策略编辑器。定位到计算机配置 - 管理模板 - 系统 - 凭据分配，打开右边窗体的“允许分配保存的凭据用于仅 NTLM 服务器身份验证”，如下图所示：

启用“允许分配保存的凭据用于仅 NTLM 服务器身份验证”，并点击“将服务器添加到列表：显示”，在服务器列表中添加允许保存凭据的服务器名称和类型，如 dc.contoso.com 上的终端服务器，即“TERMSRV/dc.contoso.com”。当然也可以输入“TERMSRV/*”允许保存所有计算机的远程终端凭据。

最后执行 gpupdate /force 使修改的组策略生效，即可！

26 Mar

命令行查看Memcached运行状态(shell或者telnet) 测试 Memcach

Published in CentOS 6

查看memcached状态的基本命令，通过这个命令可以看到如下信息：

STAT pid 22459 进程ID STAT uptime 1027046 服务器运行秒数 STAT time 1273043062 服务器当前unix时间戳 STAT version 1.4.4 服务器版本 STAT pointer_size 64 操作系统字大小(这台服务器是64位的) STAT rusage_user 0.040000 进程累计用户时间 STAT rusage_system 0.260000 进程累计系统时间 STAT curr_connections 10 当前打开连接数 STAT total_connections 82 曾打开的连接总数 STAT connection_structures 13 服务器分配的连接结构数 STAT cmd_get 54 执行get命令总数 STAT cmd_set 34 执行set命令总数 STAT cmd_flush 3 指向flush_all命令总数 STAT get_hits 9 get命中次数 STAT get_misses 45 get未命中次数 STAT delete_misses 5 delete未命中次数 STAT delete_hits 1 delete命中次数 STAT incr_misses 0 incr未命中次数 STAT incr_hits 0 incr命中次数 STAT decr_misses 0 decr未命中次数 STAT decr_hits 0 decr命中次数 STAT cas_misses 0 cas未命中次数 STAT cas_hits 0 cas命中次数 STAT cas_badval 0 使用擦拭次数 STAT auth_cmds 0 STAT auth_errors 0 STAT bytes_read 15785 读取字节总数 STAT bytes_written 15222 写入字节总数 STAT limit_maxbytes 1048576 分配的内存数（字节） STAT accepting_conns 1 目前接受的链接数 STAT listen_disabled_num 0 STAT threads 4 线程数 STAT conn_yields 0 STAT bytes 0 存储item字节数 STAT curr_items 0 item个数 STAT total_items 34 item总数 STAT evictions 0 为获取空间删除item的总数

stats items

输出各个slab中的item信息。s

stats slabs

输出slab中更详细的item信息

stats sizes

输出所有item的大小和个数

stats cachedump <slab_id> <limit_num>

根据<slab_id>输出相同的<slab_id>中的item信息。<limit_num>是输出的个数，当<limit_num>为0是输出所有的item。

利用shell命令操作Memcached

1、数据存储（假设key为g，value为12345）

printf "set g 0 0 5\r\n12345\r\n"|nc 127.0.0.1 11211

STORED

2、数据取回（假设key为zhangyan）

printf "get g\r\n"|nc 127.0.0.1 11211

    VALUE g 0 5
    　12345
    　END

3、数值增加1（假设key为g，并且value为正整数）

printf "incr g 1\r\n" | nc 127.0.0.1 11211

12346

4、数值减少3（假设key为g，并且value为正整数）

printf "decr g 3\r\n" | nc 127.0.0.1 11211

12343

5、数据删除（假设key为g）

printf "delete g\r\n" | nc 127.0.0.1 11211

DELETED

6、查看Memcached状态

printf "stats\r\n" | nc 127.0.0.1 11211

STAT pid 3025
　STAT uptime 4120500
　STAT time 1228021767
　STAT version 1.2.6
　STAT pointer_size 32
　STAT rusage_user 433.463103
　STAT rusage_system 1224.515845
　STAT curr_items 1132460
　STAT total_items 8980260
　STAT bytes 1895325386
　STAT curr_connections 252
　STAT total_connections 547850
　STAT connection_structures 1189
　STAT cmd_get 13619685
　STAT cmd_set 8980260
　STAT get_hits 6851607
　STAT get_misses 6768078
　STAT evictions 0
　STAT bytes_read 160396238246
　STAT bytes_written 260080686529
　STAT limit_maxbytes 2147483648
　STAT threads 1
　END

　　7、模拟top命令，查看Memcached状态：

watch "printf 'stats\r\n' | nc 127.0.0.1 11211"

或者

watch "echo stats | nc 127.0.0.1 11211"

一、echo stats items | nc127.0.0.1 11211
STAT items:1:number 998     Slab Id=1 ; items数量:998(也就是已经存储了998个key值)
STAT items:1:age 604348     Slab Id=1 ; 已经存在时间，单位秒
STAT items:1:evicted 0                      Slab Id=1 ; 被踢出的数量
STAT items:1:evicted_nonzero 0
STAT items:1:evicted_time 0
STAT items:1:outofmemory 0
STAT items:1:tailrepairs 0
STAT items:1:reclaimed 0
STAT items:6:number 91897              Slab Id=6 ; items数量:91897(也就是已经存储了91897个key值)
STAT items:6:age 604345                  Slab Id=6 ; 已经存在时间，单位秒
STAT items:6:evicted 0                       Slab Id=6 ; 被踢出的数量
STAT items:6:evicted_nonzero 0
STAT items:6:evicted_time 0
STAT items:6:outofmemory 0
STAT items:6:tailrepairs 0
STAT items:6:reclaimed 0

26 Mar

Memcached centos 5 设置

Published in CentOS 5

(3) 設置memcached

vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="512"
OPTIONS=""

(4) 啟動memcached

# Set Memcached to start automatically on boot
chkconfig memcached on
# Start Memcached
/etc/init.d/memcached start
## OR ##
service memcached start

(5) 檢查memcached是否正常的運作。

yum install nc

nc = netcat

echo stats | nc localhost 11211
STAT pid 7599
STAT uptime 10
STAT time 1265288542
STAT version 1.4.4
STAT pointer_size 32
STAT rusage_user 0.003999
STAT rusage_system 0.052991
STAT curr_connections 10
STAT total_connections 11
STAT connection_structures 11
STAT cmd_get 0
STAT cmd_set 0
STAT cmd_flush 0
STAT get_hits 0
STAT get_misses 0
STAT delete_misses 0
STAT delete_hits 0
STAT incr_misses 0
STAT incr_hits 0
STAT decr_misses 0
STAT decr_hits 0
STAT cas_misses 0
STAT cas_hits 0
STAT cas_badval 0
STAT auth_cmds 0
STAT auth_errors 0
STAT bytes_read 6
STAT bytes_written 0
STAT limit_maxbytes 536870912
STAT accepting_conns 1
STAT listen_disabled_num 0
STAT threads 4
STAT conn_yields 0
STAT bytes 0
STAT curr_items 0
STAT total_items 0
STAT evictions 0
END

# Try to get some value
echo get some_value | nc localhost 11211
END

# Not found, but check the stats again
echo stats | nc localhost 11211
STAT pid 7599
STAT uptime 10
STAT time 1265288542
STAT version 1.4.4
[...]
STAT cmd_get 1
STAT cmd_set 0
STAT cmd_flush 0
STAT get_hits 0
STAT get_misses 1
STAT delete_misses 0
[...]
STAT evictions 0
END

22 Mar

excel 英文递增

Published in Office - microsoft office

A1输入公式后向下拉
=IF(CEILING(ROW()/511758,1)-1=0,"",CHAR(MOD(CEILING(ROW()/511758,1)-2,26)+65))&IF(CEILING(ROW()/18954,1)-1=0,"",CHAR(MOD(CEILING(ROW()/18954,1)-2,26)+65))&IF(CEILING(ROW()/702,1)-1=0,"",CHAR(MOD(CEILING(ROW()/702,1)-2,26)+65))&IF(CEILING(ROW()/26,1)-1=0,"",CHAR(MOD(CEILING(ROW()/26,1)-2,26)+65))&CHAR(MOD((ROW()-1),26)+65)