• ssh how to verify your host key / avoid MIM attacks


    SSH helps keep us secure in many ways, one of those is the host-key fingerprint which is unique. If you have been connecting to an SSH server that you've made no changes to and suddenly ssh warns that the key doesn't match then you have a problem. But how about connecting to an existing server for the first time on a new machine or client? A lot of new clients calculate it using an SHA256 hash but it is not as easy on your host machine to produce the sam........
  • How to encrypt your SSH private key file id_rsa


    ssh-keygen -p -f /path/to/your/id_rsa Enter new passphrase (empty for no passphrase): After that your rsa private key will be encrypted which is a layer of protection and security in the event that somehow someone acquires your key and tries to access servers that the key is authorized on.........
  • Local Vs Universally Administered MAC Address NIC Refuses to come up


    2,6,A or E is what the second digit of your MAC address must be otherwise a lot of OS's will not work. They will say the NIC is down/not connected even though it is. This is because if the second digit is not set properly it will not view as a valid MAC or device uplink. This is especially an issue with VMs whether in QEMU etc.. if you are making your own MAC. MAC address is invalid c4:d1:aa:e5:10:05 To fix it just........
  • Cisco Router Setup Guide and Tutorial Howto With Commands and Examples


    In most of the Cisco router IOS I find the ports like ge0/0 ge0/1 and ge0/2 or whatever your ports are down. They will not even give you a link light. So one of the first tasks should be getting the port you are working with up. In my case the first goal is often connectivity with the LAN and WAN. LAN = your local area network (eg. in the office/home ) WAN= your ISP/public internet (eg. fiber/cable/dsl/ethernet). In these examples I as........
  • How Does Cisco CUCM (Cisco Unified Communication Manager) Work?


    Cisco's CUCM (Cisco Unified Communication Manager) is a system that combines voice, video, data and mobile products into a single unified management suite. At its core, the CUCMis like a "Super PBX" that controls the flow of all communications through an organization even single or multiple site deployments. Cisco's CUCMmakes communication more effective and simple through centralized management and unification of communications resources.........
  • Linux Kernel USB Export Errors


    4.374647] usb_common: exports duplicate symbol usb_get_dr_mode (owned by kernel) [ 4.403334] usbcore: exports duplicate symbol __usb_get_extra_descriptor (owned by kernel) [ 4.427736] xhci_hcd 0000:00:15.0: xHCI Host Controller [ 4.427844] xhci_hcd 0000:00:15.0: new USB bus registered, assigned bus number 1 [ 4.429040] xhci_hcd 0000:00:15.0: hcc params 0x200077c1 hci version 0x100 quirks 0x01109810 [ 4.429141] xhci_hcd 0000:00:15.0: cache line size of 64 is not sup........
  • Cannot create gradle for conversations


    The main issue is it looks like Java is not configured to accept the invalid ssl cert that is coming from the download location. Exception in thread "main" java.lang.RuntimeException: javax.net.ssl.SSLException: java.security.ProviderException: java.security.InvalidKeyException: EC parameters error export ANDROID_HOME=/home/user/Downloads/tools/ Conversations-master$ ./gradlew Downloading https://services.gradle.org/distributions/grad........
  • sign_and_send_pubkey: signing failed: agent refused operation - SSH Solution


    sign_and_send_pubkey: signing failed: agent refused operation This happens when you don't manually add your ssh key with ssh-add it is some weird new feature in SSH or Ubuntu/Debian that causes this weird problem. Solution: ssh-add Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)........
  • rsync run as root sudo without password


    This is a common issue, what if a issue shouldn't have root but you want to use that user to make a full backup of a system? They of course need root access. You can actually just give them passwordless sudo access to rsync in /etc/sudoers: sudo vi /etc/sudoers yourusername ALL = NOPASSWD: /usr/bin/rsync Here is how you would execute rsync: The key thing for the remote host is to........
  • [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) - Apache Error Solution


    Does this mean? [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) Basically it means you created your SSL Certificate as a CA the wrong way, usually with this command: openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key How can you fix it and do it properly? Step 1.) Make a new Private KeyCreate server pass key:........
  • How to Properly Secure SSL/TLS Apache Settings against Heartbleed Poodle (TLS) Poodle (SSLv3) FREAK BEAST CRIME


    Many users still are not aware but simply patching OpenSSL does not secure you against many known and easy to exploit attacks that will render your encryption useless by an attacker. Use the following setings in /etc/httpd/conf.d/ssl.conf SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !CAMELLIA !SEED !3DES !RC4 !aNULL !eNULL !LOW !MD5 !EXP !PSK !........
  • forcedeth MCP55 Nforce3600 Nvidia Network NIC Card Not working in Linux at 1gigabit speeds


    Now many people report this card simply not working in various Linux distros and kernels. My issue is different, it always works at 100mbit (eg. plugged into a 100mbit switch) but no matter what 1000M/gigabit switch I would try, it would never work. The link would be up (the lights were on) and the OS detected the link as being up as well but it wouldn't work at all and could not pass data in or out (not even a ack/ping). There is one simple solution and command........
  • How to Normalize and Increase the Volume on M4A files in Linux


    M4A is a weird format, so you have to be creative here is a quick copy of what I did. Basically you need to convert to .wav to make use of them and thenI converted the resulting .wav into an mp3 (nice small file size and basically universally playable): ======= sudo apt-get install mpg321 mp3gain faad normalize lame faad "Voice 002 (copy).m4a" faad "Voice 002 (copy).m4a"........
  • Dell CS24,FS12 NV5 and NV7 1U Server Information & Parts


    Motherboard: Gigabyte GA-3CESL: http://b2b.gigabyte.com/products/product-page.aspx?pid=2658#dl Dell Part Numbers for the motherboard: R1232 R1232L R2232S SERVER MOTHERBOARD GENUINE 408P9 CN-0408P9 GA-3CESL Manual Download here RAMSlots: 16 (8 controlled by each CPU) RAMType: DDR2 ECC 5300P........
  • Unable to configure RSA server private key SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch


    [Tue Jun 23 02:05:52 2015] [error] Unable to configure RSA server private key [Tue Jun 23 02:05:52 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch The above is an accurate description of what is wrong. In our case the client made a simple mistake of thinking the localhost.crt and localhost.key (default key locations for Apache SSL in Centos) were in the same directory but they we........
  • Enable Multiple RDP Sessions on Windows XP, Vista, 7 Howto


    http://deepxw.blogspot.ca/search/label/Universal%20Termsrv.dll%20Patch The above site has the patch that does this essentialy turning a Desktop Windows into a full fledged RDP server.........
  • SSH Can't Login/Hang


    Client Log OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.1.253 [192.168.1.253] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type 1 debug1: identity file /root/.ssh/id_d........
  • How to convert raw,img,vdi,vmdk and other virtual image formats using qemu-img convert between VBOX/KVM/VMWare/Xen


    The example below converts youvm.img into a vdi. The -O vdi specifies the new format will be vdi but you can use any other valid formats/vice versa. qemu-img convert yourvm.img -O vdi yourvm.vdi This is very handy for those who need to switch between virtualization technologies.........
  • Directadmin Enable SSL


    It's really silly how DA doesn't enable SSL by default but is otherwise a stable, fast and secure control panel. Here's a copy and paste way of enabling SSL for Directadmin in just a few seconds: *setup SSL openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodes That creates the public certificate and private key pair in the location Directadmin expects to fi........
  • Linux Kernel Panic Messages - Symptoms of bad RAM module/stick


    These were caused by a bad stick of Corsair RAM [] free_hot_cold_page+0xfc/0x150 [] __pagevec_free+0x14/0x1a [] release_pages+0x127/0x12f [] __pagevec_release+0x15/0x1d [] __invalid_mapping_pages+0x120/0x156 [........
  • wget download all files on page/directory automatically recursively


    Have you ever found a website/page that has several or perhaps dozens, hundreds or thousands of files that you need downloaded but don't have the time to manually do it? wget's recursive function called with -r does that, but also with some quirks to be warned about. If you're doing it from a standard web based directory structure, you will notice there is still a link to .. and wget will follow that. Eg. let's say you have files in http://serverip/documen........
  • Yahoo Mail (email) DNS Server Out Of Date Problems


    I don't expect this to be solved soon but some of Yahoo's DNS servers are out of whack. I changed the IPs of some nameservers of some domains and now most Yahoo users can't e-mail to those domains! As you can see below by the "No MX or A records for mychangedomain.com", now Yahoo's DNS/mailserver DNS cache is wrong. You would think they would at least have cached the old incorrect records, but instead for some reason their DNS cache has no entry and doesn't seem........
  • Directadmin DA Install Guide


    yum -y install openssl* gcc-c++ gcc flex g++ make;wget http://www.directadmin.com/setup.sh;chmod +x ./setup.sh;./setup.sh #enable SSL /usr/bin/openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodes chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem chmod 400 /usr/local/directadmin/conf/cakey.pem sed -i "s/SSL=0/SSL=1/g" /usr/local/dire........
  • SSH delay problem UseDNS and disabling GSSAPI does not help


    The normal solution doesn't help or apply here: ssh -v user@192.168.5.41 OpenSSH_4.3p2 Debian-9etch3, OpenSSL 0.9.8c 05 Sep 2006 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.5.41 [192.168.5.41] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: i........
  • PHP CURL SSL won't work or connect


    I spent so much time debugging this, most sites don't tell you a very important option to use with CURL and you will only find out this is the problem by running the PHP script from the command line you get the following output that shows the issue (I don't see any way to get this output from Apache itself). * About to connect() to ip.ip.ip.ip port 25000 * Trying ip.ip.ip.ip... * connected * Connected to ip.ip.ip.ip (ip.ip.ip.ip) port 25000 * succes........
  • Realtek r8169 1gbit/1000mbit NIC/Ethernet Goes Down/Halts on Large File Transfer/Heavy Network Usage


    This is obviously a bug in the r8169 kernel module and it seems to affect a lot of people. I upgraded to the latest kernel and hope this won't happen anymore, as it is a very serious error. This is especially serious for those who are running servers with this chipset, who can afford for the NIC to randomly go off-line for no apparent reason? [655548.189113] type=1505 audit(1277067560.902:5): operation="profile_load" name="/usr/bin/freshclam&q........
  • WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! "IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The f


    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by th........
  • SSH Automatic/Passwordless Logon - Setup Public Key Encryption In Single Command


    This is a very simple solution, but most guides out there make you login twice (once to scp the key) and once to put the key in authorized_keys. There's no need for that. If you don't already have a ~/.ssh/id_rsa.pub just type "ssh-keygen -t rsa" and keep hitting enter until it's done :) Just use this code to easily enable passwordless login with SSHD key=`cat ~/.ssh/id_rsa.pub`;ssh user@192.168.5.25 "echo $key >> ~/.ssh/auth........
  • Picking an FTPD (vsftpd) Server in Linux Centos/Debian


    I decided on using yum to help me decide even though I normaly use proftpd I decided to see what else I could find. yum search ftp Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * rpmforge: ftp-stud.fht-esslingen.de * base: mirrors.netdna.com * updates: updates.interworx.info * addons: yum.singlehop.com * extras: mirrors.netdna.com rpmforge........
  • SSH automatic login without password


    SSH automatic login without passwordlocal> ssh-keygen -t rsa -f .ssh/id_rsa -t is the encryption type -f tells where to store the public/private key pairs. In this case, the .ssh directory on home is being used A password will be asked; leave this part blank, just pressing Now, go the .ssh directory, and you will find two new files: id_dsa and id_dsa.pub. The last one is the public part. Now, copy the public key to the serv........
  • Clustering Links


    Clustering LinksI thought this might be interesting for people with spare time. [b:6423c19973]Great clustering article from Linux Mag[/b:6423c19973] http://www.linux-mag.com/2003-11/clusters_01.html [b:6423c19973]General Linux cluster information[/b:6423c19973] http://www.gdargaud.net/Hack/ClusterNotes.html#HighA http://www.faqs.org/docs/Linux-HOWTO/Cluster-HOWTO.html#s3 http://www.yolinux.com/TUTORIALS/LinuxClustersAndFileSys........
  • pound a Linux Load Balance and Reverse Proxy


    I have played around with Pound a little bit. It is a reverse proxy and load balancer in one, and it can be used as only a reverse proxy if you like. It is very simple to configure as either, and Pound even senses if one of the systems is down and stops sending requests to the dead server. It supports SSL (but passes the request to the destination server unencrypted) and even the Apache log format. Pound is very simple, fast a........
  • Create/Enable SSL Certificates for Apache on Linux/Unix Systems eg. Redhat,Centos,Debian


    Shortcut/Easiest Way To Create A Self-Signed Key: openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key Using the above, you instantly create a self-signed certificate valid for 1530 days and you can simply skip to step #5.) below. If You Need a Real SSLCertificate (eg. Equifax/Openssl) then you need to create a CSR request (you'll need to follow Steps 1.) and 2.) in order to create the CSR. You then upload the CSR Certi........
  • Linux/Unix Open SSH Login Without Password Key Exchange including Debian, Redhat, Fedora, Ubuntu, BSD etc..


    In those 4 simple commands you can setup mutual key exchange between two sshservers by using a single login shell session and single window. *Just change the IP address examples of (10.10.0.2) to the target of your mutual key exchange. It doesn't matter if the server is on a LANor WAN(well unless the server is behind a firewall and you cannot SSHinto it).........
  • Timezone Change/Updated for Linux/Unix Debian/Fedora/Ubuntu/Centos Change Update Time zone


    This way should work on all Linux machines, at least RHEL/Debian (Ubuntu) based distros but most likely all and also should work on many Unix style machines I believe. Many OS's have tools to update the timezone, but most of them (even if command line) require several bloated packages and even Xorg/KDE based packages etc.. Your time zone info file is actually in /etc/localtime if you open this file in vi/vim/pico you'll see it's gibberish (binary code or another encodin........
  • OCFS2 crash


    When trying to even cd or ls the mounted OCFS2 partition it crashes. Ithink this is a combination of VMWare Server's problem and the way I mounted and symlinked to it. More than anything this shows the problem and lack of forsight with VMWare, but also that OCFS2 is easily crashed if you do strange things. Output of /var/log/messages for OCFS2 Apr 10 15:57:45 localhost kernel: [84331.691258] Modules linked in: vmnet vmci vmmon ocfs2_stac........
  • Latest Articles

  • Linux tftp listens on all interfaces and IPs by DEFAULT Security Risk Hole Solution
  • python import docx error
  • Cisco Unified Communications Manager Express Cheatsheet CUCME CME
  • Linux Ubuntu Debian Missing privilege separation directory: /var/run/sshd
  • bash how to count the number of columns or words in a line
  • bash if statement how to test program output without assigning to variable
  • RTNETLINK answers: Network is unreachable
  • Centos 7 how to save iptables rules like Centos 6
  • nfs tuning maximum amount of connections
  • qemu-kvm error "Could not initialize SDL(No available video device) - exiting"
  • Centos 7 tftpd will not work with selinux enabled
  • Debian Ubuntu Mint Howto Create Bridge (br0)
  • How To Control Interface that dhcpd server listens to on Debian based Linux like Mint and Ubuntu
  • LUKS unable to type password to unlock during boot on Debian, Ubuntu and Mint
  • Debian Ubuntu and Linux Mint Broken Kernel After Date - New Extra Module Naming Convention
  • Wordpress overwrites and wipes out custom htaccess rules and changes soluton
  • Apache htaccess and mod_rewrite how to redirect and force all URLs and visitors to the SSL / HTTPS version
  • python 3 pip cannot install mysql module
  • QEMU-KVM won't boot Windows 2016 or 2019 server on an Intel Core i3
  • Virtualbox vbox not starting