The other day I was baffled. The version of ssh-keygen I was trying to use just was not giving me the results I wanted. The really strange part was that ssh-keygen -h gave completely different options than what I could find in the ssh manpage.
I checked the version and things started to get wierd:
[root@zim .ssh2]# ssh-keygen -V
ssh-keygen version , compiled Jun 7 2009.
That's right, it had no version. I'm not sure why, but it didn't. Strange things were afoot.
I spent about an hour trying to figure out how this ssh-keygen worked. I was interested to see that it generated keys in RFC 4716 format instead of the openssh key format required in ~/.ssh/authorized_keys. It couldn't produce the normal openssh format no matter what options I used.
After rpm verify didn't show me anything of interest (ssh-keygen matched what was distributed by the openssh package) I decided to see where ssh-keygen was living.
[root@zim .ssh2]# which ssh-keygen
/usr/local/bin/ssh-keygen
What's that you say? /usr/local? No RPM installed openssh binaries have any business living there.
[root@zim .ssh2]# ls -la /usr/local/bin
....
lrwxrwxrwx 1 root root 11 Jun 7 00:41 ssh-keygen -> ssh-keygen2
-rwxr-xr-x 1 root root 2041687 Jun 7 00:41 ssh-keygen2
....
How interesting. Jun 7. That was the alleged compile time from ssh-keygen -V.
I have removed those binaries from /usr/local/bin, things returned to normal, and now I'm left wondering how they got there.
Saturday, September 26, 2009
Wednesday, May 13, 2009
Warning: DocumentRoot [/home/bugzilla/bugzilla-2.20] does not exist
Default CentOS 5.3 install.
Found solution here: http://forums.devshed.com/apache-development-15/documentroot-does-not-exist-when-it-does-526847.html
Change SELINUX=enforcing to permissive
[root@tatersalad bugzilla-2.20]# apachectl graceful
Warning: DocumentRoot [/home/bugzilla/bugzilla-2.20] does not exist
httpd: Could not reliably determine the server's fully qualified domain name, using tatersalad.loc.yoohoo.net for ServerName
httpd not running, trying to start
Found solution here: http://forums.devshed.com/apache-development-15/documentroot-does-not-exist-when-it-does-526847.html
[root@tatersalad bugzilla-2.20]# vim /etc/selinux/
config restorecond.conf semanage.conf targeted/
[root@tatersalad bugzilla-2.20]# vim /etc/selinux/config
Change SELINUX=enforcing to permissive
# This file controls the state of SELinux on the system.Reboot. Enjoy.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=permissive
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
Monday, March 16, 2009
Command Line Truecrypt Volume Creation
This will create a hidden volume in an outer volume on a disk device. If you haven't been playing around with Truecrypt and breaking where it will try to mount things by default, this will work fine. Otherwise, you may have to determine what the /dev/mapper/truecrypt mountpoint will be. Same goes for /dev/sd?.
Create your normal Truecrypt volume on the device. You can also do this with a disk partition; i.e., sdq1.
Mount the volume in Truecrypt so that you can format the filesystem.
Format the filesystem.
Unmount the volume.
Create the hidden volume with a password you don't intend to divulge. Until they start pulling fingermails, of course. Adjust your hidden volume's size according to your device's contraints. Volume size is given in bytes. fdisk -l /dev/sdq will show how many bytes are available on the device or partition.
Mount the volume so the filesystem can be formatted.
Format the volume's filesystem.
Unmount the volume.
Truecrypt requires keyfile values be given (-k) when creating volumes via command line, or it will prompt for them. Adding the two single-quotes (-k '') just says that there isn't a keyfile to be used. Truecrypt in command line mode also apparently won't create an ext2 filesystem, so you first have to create the volume without a filesystem, mount it with truecrypt and use mkfs (mkfs.ext2 in this case) to format the the volume.
Create your normal Truecrypt volume on the device. You can also do this with a disk partition; i.e., sdq1.
truecrypt -k '' -p somewhatsekrit --volume-type=normal --filesystem=none --encryption=AES --hash=RIPEMD-160 --random-source=/dev/urandom -c /dev/sdq
Mount the volume in Truecrypt so that you can format the filesystem.
truecrypt -k '' --filesystem=none --protect-hidden=no -p somewhatsekrit /dev/sdq
Format the filesystem.
mkfs.ext2 /dev/mapper/truecrypt0
Unmount the volume.
truecrypt -d /dev/sdq
Create the hidden volume with a password you don't intend to divulge. Until they start pulling fingermails, of course. Adjust your hidden volume's size according to your device's contraints. Volume size is given in bytes. fdisk -l /dev/sdq will show how many bytes are available on the device or partition.
truecrypt -k '' --volume-type=hidden -p omgverysekrit --filesystem=none --encryption=AES --hash=RIPEMD-160 --random-source=/dev/urandom -c /dev/sdq --size=50000000
Mount the volume so the filesystem can be formatted.
truecrypt -k '' --filesystem=none --protect-hidden=no -p omgverysekrit --filesystem=none /dev/sdq
Format the volume's filesystem.
mkfs.ext2 /dev/mapper/truecrypt0
Unmount the volume.
truecrypt -d /dev/sdq
Truecrypt requires keyfile values be given (-k) when creating volumes via command line, or it will prompt for them. Adding the two single-quotes (-k '') just says that there isn't a keyfile to be used. Truecrypt in command line mode also apparently won't create an ext2 filesystem, so you first have to create the volume without a filesystem, mount it with truecrypt and use mkfs (mkfs.ext2 in this case) to format the the volume.
Wednesday, January 21, 2009
how do you say "netdump" in chinese?
Amazing. This happens to me all the time. I perform a Google search so pertinent, relevant and fine that its like a scalpel cutting through the cruft and garbage of the Interwebz. It yields a single pebble of truth... and it's in Chinese. Fuck.
"/var/crash/magic" "No such file or directory"
*sigh*
I'm trying to get netdump installed on a server that's giving us some trouble. I'll post an update when I have the solution.
Update: Not bothering w/ netdump anymore right now.
"/var/crash/magic" "No such file or directory"
*sigh*
I'm trying to get netdump installed on a server that's giving us some trouble. I'll post an update when I have the solution.
Update: Not bothering w/ netdump anymore right now.
Subscribe to:
Posts (Atom)