Saturday, September 26, 2009

ssh FAIL!

The other day I was baffled. The version of ssh-keygen I was trying to use just was not giving me the results I wanted. The really strange part was that ssh-keygen -h gave completely different options than what I could find in the ssh manpage.

I checked the version and things started to get wierd:
[root@zim .ssh2]# ssh-keygen -V
ssh-keygen version , compiled Jun 7 2009.

That's right, it had no version. I'm not sure why, but it didn't. Strange things were afoot.

I spent about an hour trying to figure out how this ssh-keygen worked. I was interested to see that it generated keys in RFC 4716 format instead of the openssh key format required in ~/.ssh/authorized_keys. It couldn't produce the normal openssh format no matter what options I used.

After rpm verify didn't show me anything of interest (ssh-keygen matched what was distributed by the openssh package) I decided to see where ssh-keygen was living.

[root@zim .ssh2]# which ssh-keygen
/usr/local/bin/ssh-keygen

What's that you say? /usr/local? No RPM installed openssh binaries have any business living there.

[root@zim .ssh2]# ls -la /usr/local/bin
....
lrwxrwxrwx 1 root root 11 Jun 7 00:41 ssh-keygen -> ssh-keygen2
-rwxr-xr-x 1 root root 2041687 Jun 7 00:41 ssh-keygen2
....

How interesting. Jun 7. That was the alleged compile time from ssh-keygen -V.

I have removed those binaries from /usr/local/bin, things returned to normal, and now I'm left wondering how they got there.

Wednesday, May 13, 2009

Warning: DocumentRoot [/home/bugzilla/bugzilla-2.20] does not exist

Default CentOS 5.3 install.
[root@tatersalad bugzilla-2.20]# apachectl graceful
Warning: DocumentRoot [/home/bugzilla/bugzilla-2.20] does not exist
httpd: Could not reliably determine the server's fully qualified domain name, using tatersalad.loc.yoohoo.net for ServerName
httpd not running, trying to start

Found solution here: http://forums.devshed.com/apache-development-15/documentroot-does-not-exist-when-it-does-526847.html
[root@tatersalad bugzilla-2.20]# vim /etc/selinux/
config restorecond.conf semanage.conf targeted/
[root@tatersalad bugzilla-2.20]# vim /etc/selinux/config

Change SELINUX=enforcing to permissive
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=permissive
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
Reboot. Enjoy.

Monday, March 16, 2009

Command Line Truecrypt Volume Creation

This will create a hidden volume in an outer volume on a disk device. If you haven't been playing around with Truecrypt and breaking where it will try to mount things by default, this will work fine. Otherwise, you may have to determine what the /dev/mapper/truecrypt mountpoint will be. Same goes for /dev/sd?.


Create your normal Truecrypt volume on the device. You can also do this with a disk partition; i.e., sdq1.
truecrypt -k '' -p somewhatsekrit --volume-type=normal --filesystem=none --encryption=AES --hash=RIPEMD-160 --random-source=/dev/urandom -c /dev/sdq

Mount the volume in Truecrypt so that you can format the filesystem.
truecrypt -k '' --filesystem=none --protect-hidden=no -p somewhatsekrit /dev/sdq

Format the filesystem.
mkfs.ext2 /dev/mapper/truecrypt0

Unmount the volume.
truecrypt -d /dev/sdq

Create the hidden volume with a password you don't intend to divulge. Until they start pulling fingermails, of course. Adjust your hidden volume's size according to your device's contraints. Volume size is given in bytes. fdisk -l /dev/sdq will show how many bytes are available on the device or partition.
truecrypt -k '' --volume-type=hidden -p omgverysekrit --filesystem=none --encryption=AES --hash=RIPEMD-160 --random-source=/dev/urandom -c /dev/sdq --size=50000000

Mount the volume so the filesystem can be formatted.
truecrypt -k '' --filesystem=none --protect-hidden=no -p omgverysekrit --filesystem=none /dev/sdq

Format the volume's filesystem.
mkfs.ext2 /dev/mapper/truecrypt0

Unmount the volume.
truecrypt -d /dev/sdq

Truecrypt requires keyfile values be given (-k) when creating volumes via command line, or it will prompt for them. Adding the two single-quotes (-k '') just says that there isn't a keyfile to be used. Truecrypt in command line mode also apparently won't create an ext2 filesystem, so you first have to create the volume without a filesystem, mount it with truecrypt and use mkfs (mkfs.ext2 in this case) to format the the volume.

Wednesday, January 21, 2009

how do you say "netdump" in chinese?

Amazing. This happens to me all the time. I perform a Google search so pertinent, relevant and fine that its like a scalpel cutting through the cruft and garbage of the Interwebz. It yields a single pebble of truth... and it's in Chinese. Fuck.

"/var/crash/magic" "No such file or directory"

*sigh*

I'm trying to get netdump installed on a server that's giving us some trouble. I'll post an update when I have the solution.

Update: Not bothering w/ netdump anymore right now.