Wednesday 20 May 2015

Get the SSH fingerprint of an SSH server

If you've ever tried to connected to a new server over SSH, you would've seen a message similar to the following:

# ssh iridium The authenticity of host '[foo]' can't be established. RSA key fingerprint is a2:b9:c5:d3:e5:fc:a6:b3:c7:da:e1:f0:ac:b9:c9:d5. Are you sure you want to continue connecting (yes/no)?

Then you may have wondered, "Well, what *is* the fingerprint of my server supposed to be?". Basically, in order to do the authentication of the host, you should run the command below (at SSH server install time, or over a "secure" channel) in order to get your hosts SSH fingerprint:

# ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub 2048 a2:b9:c5:d3:e5:fc:a6:b3:c7:da:e1:f0:ac:b9:c9:d5 root@foo (RSA)

You should then be able to compare the two fingerprints to determine whether the server you're connecting to is in fact the one you're trying to connect to and isn't some sort of honeypot.

Command to delete a particular host from known_hosts

Occasionally (especially in the cloud world, where instances are cattle), the SSH fingerprint for a host changes. When this happens, you will see a warning.
If the warning is expected, the usual remedy is to delete the offending key from your "known_hosts" file (typically found under ~/.ssh/known_hosts). However, when you need to do this across a bunch of machines and you don't know what line number the host will be on, on each machine, the following command might be useful:

sed -i -e '/\[webserver-03.example.com\]:2222/d' ~/.ssh/known_hosts

It deletes any line which matches the host "[webserver-03.example.com]:2222" in the default "known_hosts" file.

Monday 17 November 2014

Online courses

I've signed up to Code School to try it out. So far, have done three different courses:

* Try Ruby
* Javscript Roadtrip 1
* Try Git

All three seem really basic, geared towards people that don't know how to program. Site doesn't appear to have very many free courses and costs $29USD per month to get full access.

Apparently the two other sites which offer courses of a similar nature are Treehouse and Codecademy.

I've also had recommended the Crypto 101 course and will probably be trying that one out next.

Whatever course site (MOOC?) I sign up for, it would be really great if they integrated Open Badges.

Friday 14 November 2014

Getting Firefox Sync server running

Have been setting up Firefox Sync, following the instructions found at: https://docs.services.mozilla.com/howtos/run-sync-1.5.html

The instructions were pretty straight-forward, got it up and running in no time (even ran the tests to ensure everything was passing).

However, after reconfiguring the browser to point to the new Sync URL, nothing happened. (In the end it turned out I forgot the "/token/" part of the URL: https://bugzilla.mozilla.org/show_bug.cgi?id=1032039)

Debugging Tips:

* By default if you run the server using "local/bin/pserve syncserver.ini" the server logs to console.

* The database the server saves to (by default) is "syncserver/syncserver.db", which you can view using SQLite Browser.

* To manually start a Sync, you can go to "Tools" -> "Sync Now"

* To view the browser (client) sync logs, enter "about:sync-log" in the URL bar. You can turn on logging on successful sync by toggling the "services.sync.log.appender.file.logOnSuccess" configuration variable.

* At time of writing there's a bug where the URL can be set back to the default in some instances: https://bugzilla.mozilla.org/show_bug.cgi?id=1003708

* You can modify the "services.sync.syncInterval" variable to make the browser attempt to sync more frequently (value is in milliseconds).

Wednesday 12 November 2014

Getting Risk of Rain working

I bought the Humble Indie Bundle 13 and downloaded Risk of Rain (non-Steam version). Tried firing it up, when it wouldn't run, giving error:

"error while loading shared libraries: libopenal.so.1"

Found that it required a bunch of 32-bit packages, namely:

* libopenal1:i386
* libxrandr2:i386
* libglu1-mesa:i386

 which you had to install with "sudo apt-get install [package name]"

NOTE: To get "Shadowrun Returns" working, also had to install the "libxcursor1:i386" package.

NOTE2: Am running Ubuntu 14.04LTS 64-bit

Tuesday 14 October 2014

Firewall configuration in CentOS 7

CentOS 7 introduced firewalld to replace iptables. As a result, the "system-config-firewall-tui" command no longer works (unless you re-install iptables).

The equivalent way of adding in a couple of ports to the firewall rules is as follows:

sudo firewall-cmd --add-port=4505/tcp
sudo firewall-cmd --add-port=4506/tcp

The above will add rules to open the ports, but the change won't survive a reboot. To make the changes permanent, just add the "--permanent" flag to the command.

Friday 25 October 2013

Configuring PostgreSQL to listen on all IPs

Tested on CentOS 6. Modify the line:

listen_addresses = '*'

In the /var/lib/pgsql/data/postgresql.conf file.