Sometimes users take their removal drives and unplug and replug them to test what happens during the failure of a disk. However, this breaks things quite badly due to the /dev/mapper in LUKS not coming back online due to it not being closed.
In other words, generally with non-encrypted drives the process is smooth but when encrypted you may want to follow a strategy like this:
We can see below that both disks are unavailable as they were physically remov........
Just in case, it is reocmmended to backup the original contents of the directory (especially your home dir) before proceeding.
Setup ecryptfs
Run this command: ecryptfs-setup-private
It will ask you for your login password, this is so that when you login, everything is automatically decrypted by using a passphrase that is wrapped with your login.
You can hit enter and leave things blank for an autogenerated passphrase (for mounting) or you can en........
In this scenario, let's say you want to clone your OS at the filesystem level and the source system (the system you want to clone from) is in use.
Doing a blind rsync / is a big problem because it uses twice as much space for no reason.
The reason for this is that with ecryptfs you have a /home/.ecryptfs directory which has the actual encrypted versions of your files and folders. However your home directory (eg. /home/someuser) is mounted.
Doing the blind rsync will ca........
The key is that you need to know the passphrase to do it, if you don't know the password for the key then you can't remove the key since it cannot be decrypted.
ssh-keygen is the easiest method and openssl can be used to manually remove the key and output it to a new file, which you can then copy back over top of the encrypted file.
After that your public key authentication will work without any password prompt because it is no longer encrypted. Make sure you understand........
This is only really necessary in the case you don't want DHCP. If you are dealing with an encrypted LUKS server on the internet, you will often want to have a static IP so you know which IP to connect to (or if you have a semi-static IP assigned by DHCP).
SET IP Address by /etc/initramfs-tools/initramfs.conf
IP Address=192.168.1.27
Gateway=192.168.1.1
Subnet Mask: 255.255.255.0
Hostname=myhome.com
IP=192.1........
The reason for doing this is that the installer doesn't seem to work properly for LUKS and the server installer doesn't even support LUKS anymore. When you use the GUI install on Desktop for LUKS it won't boot and will just hang after you enter your password. So the only reliable way is to do it ourselves.
1.) Make a default minimal install of Ubuntu
2.) Have a secondary disk on the server or VM.
3.)........
ssh-keygen -p -f /path/to/your/id_rsa
Enter new passphrase (empty for no passphrase):
After that your rsa private key will be encrypted which is a layer of protection and security in the event that somehow someone acquires your key and tries to access servers that the key is authorized on.........
Install Errors on Version 12:
This error happened on QEMU emulator version 2.11.1 pve-qemu-kvm_2.11.1-5
on Proxmox/Debian but installing on QEMU.12 on Centos 6 did not produce the error.
*Update it is not related to the OS or QEMU version. This happened in Centos 6 too after a second install.
What really causes this even though you successfully install........
The strange thing is that usually the first install or two will work on any new machine but then it suddenly won't. I had this experience on QEMU 2.13 on a different machine. There is something finicky or buggy about the CUCM installer even when choosing the same virtual hardware specs.
qemu-kvm command:
/usr/libexec/qemu-kvm -version
QEMU PC emulator version 0.12.1 (qemu-kvm-0.12.1.2-2.506.el6_10.1), Copyright (c) 2003-2008 Fabrice Bellard
........
The key thing here is to know the actual partition that is encrypted.
Often in Linux Mint's installer that ends up being partition 5 or /dev/sda5
sudo cryptsetup luksOpen /dev/sda5 anynamehere
You will then be prompted for your irrecoverable passphrase:
Enter passphrase for /dev/sda5:
If all goes well it won't say anything further. If it says ""No key available with this passphr........
1.) Replicate the number of partitions in your new drives.
gdisk /dev/sda
gdisk /dev/sdb
I created 3 partitions of the same same size.
partition #1: +1G (/boot)
partition #2: +60G (swap)
partition #3: rest of it (/)
#note if you are using GPT/gdisk you need to create separate a partition at least 1MB in size (in my case I would a 4th partition and mark it type ef02).........
Iwill start by saying I think I know what caused this boot-time error on Linux Mint but should also apply to Debian and Ubuntu.
I changed my BIOS time to several hours in the past to match the current time, but this caused Linux to think there were incorrect filesystem times.
The problem is that it seems when you hit this I am not sure what is happening, it doesn't seem to be doing fsck and hangs without prompting the user.
What I have found is that........
It's really silly how DA doesn't enable SSL by default but is otherwise a stable, fast and secure control panel.
Here's a copy and paste way of enabling SSL for Directadmin in just a few seconds:
*setup SSL
openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodes
That creates the public certificate and private key pair in the location Directadmin expects to fi........
Error Detected........
This is a great way to use your ftp server space, for example on your web hosting account (althoughI believe many hosts don't allow storage like this), but if you have a VPS/Dedicated Server etc.., this would be perfect. Imagine how easy it is to work with an ftp account that you can just mount as a normal partition or directory in Linux, it would be great for backups etc..
Name
curlftpfs - mount a ftp host as a local directory
Synopsis........
This is based on Debian Linux but should apply equally to any *nix distro.
Install LUKS/crypt-setup
apt-get install cryptsetup
Setup your LUKS Partition
Of course change /dev/md2 with whatever partition you intend to use LUKS on.
cryptsetup --verbose --verify-passphrase luksFormat /dev/md2
You'll be asked to verify your decryption password twice
*DO NOT FORGET THIS PASSWORD AS IT IS NOT RECOVERABLE!........
I decided on using yum to help me decide even though I normaly use proftpd I decided to see what else I could find.
yum search ftp
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* rpmforge: ftp-stud.fht-esslingen.de
* base: mirrors.netdna.com
* updates: updates.interworx.info
* addons: yum.singlehop.com
* extras: mirrors.netdna.com
rpmforge........
./ntfs-3g /dev/sda1 /mnt -o force
Unexpected sectors per cluster value (127).
Failed to mount '/dev/sda1': Invalid argument
The device '/dev/sda1' doesn't seem to have a valid NTFS.
Maybe the wrong device is used? Or the whole disk instead of a
partition (e.g. /dev/sda, not /dev/sda1)? Or the other way around?
This is happening on a system I've come across an HP 6930P running Windows XP Professional. The partition appears to be very norm........
PHP cannot access /usr/bin/opensslI have verified the username that runs the process is able to access /usr/bin/openssl and it does exist but the PHP script is saying it doesn't exist:
[code:1:1fd0f3abbe]
if (!file_exists($OPENSSL)) {
//echo "ERROR: OPENSSL $OPENSSL not foundn";
}[/code:1:1fd0f3abbe]
I don't get itI can clearly see the contents of /usr/bin by using the PHP system fu........
I have played around with Pound a little bit. It is a reverse proxy and load balancer in one, and it can be used as only a reverse proxy if you like. It is very simple to configure as either, and Pound even senses if one of the systems is down and stops sending requests to the dead server.
It supports SSL (but passes the request to the destination server unencrypted) and even the Apache log format. Pound is very simple, fast a........