The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,862 other subscribers

Archive for the ‘*nix’ Category

« Previous Entries
Next Entries »

OpenSSH keygen guidelines

Posted by jpluimers on 2020/05/01

Verify [WayBack] OpenSSH: Key generation before generating keys.

At the time of grabbing it was this (for the mozilla tag; use another tag if you prefer):

# RSA keys are favored over ECDSA keys when backward compatibility ''is required'',
# thus, newly generated keys are always either ED25519 or RSA (NOT ECDSA or DSA).
$ ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa_mozilla_$(date +%Y-%m-%d) -C "Mozilla key for xyz"

# ED25519 keys are favored over RSA keys when backward compatibility ''is not required''.
# This is only compatible with OpenSSH 6.5+ and fixed-size (256 bytes).
$ ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_mozilla_$(date +%Y-%m-%d) -C "Mozilla key for xyz"

This was not changed based on [WayBack] Key generation: pass-a and -o argument? · Issue #68 · mozilla/wikimo_content · GitHub: a discussion on the KDF rounds (-a parameter) and storage format (-o parameter).

This is slightly less strong than in [WayBack] Upgrade Your SSH Key to Ed25519 | Programming Journal, but seems to be OK when writing this in 2018.

For comparison, a similar discussion is at [WayBack] public key – How many KDF rounds for an SSH key? – Cryptography Stack Exchange.

In practice, I am not for one ssh ID per host, but I use different tags depending on where the ssh ID applies. More discussion on this is at [WayBack] privacy – Best Practice: ”separate ssh-key per host and user“ vs. ”one ssh-key for all hosts“ – Information Security Stack Exchange

Based on the above, I also learned about this password generator: [WayBack] GitHub – gdestuynder/pwgen

–jeroen

Posted in *nix, *nix-tools, Encryption, Hashing, Power User, Security, ssh/sshd | Leave a Comment »

Side by Side user scoped .NET Core installations on Linux with dotnet-install.sh – Scott Hanselman

Posted by jpluimers on 2020/04/28

For my link archive: [WayBack] Side by Side user scoped .NET Core installations on Linux with dotnet-install.sh – Scott Hanselman

Via [WayBack] DotNetKicks on Twitteru: „Side by Side user scoped .NET Core installations on Linux with  by @shanselman  #aspnet via @DotNetKicks“

–jeroen

Posted in .NET, .NET Core, .NET Core, .NET Standard, Development, Linux, Power User, Software Development | Leave a Comment »

KiTTY auto-reconnect ssh tunnel so you can RDP from remote machine into local one

Posted by jpluimers on 2020/04/27

I needed this equivalent in KiTTY while also keeping the connection alive:

ssh -o "ExitOnForwardFailure yes" -R :3389:127.0.0.1:3389 

Here, (via [WayBack] SSH options, Port Forwarding over SSH, Keepalives – zwilnik), -R Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side. This works by allocating a socket to listen to port on the remote side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the local machine.

This is unlike most port forwarding examples which shows you how to forward a local port to a remote one (for instance [WayBack] Portforwarding with SSH (Putty)).

 

I wanted this on Windows, but auto connect, and not depend on OpenSSH. So I used the portable edition of [WayBack] Download KiTTY., which is a PuTTY derivative with more features.

With OpenSSH it is easier, but requires either Windows 10 (having it pre-installed) or an OpenSSH installation. How simple? This simple: [WayBack] openssh – How do I keep SSH connection alive on Windows 10? – Stack Overflow

The portable version of KiTTYensures all configuration is in configuration files (not the registry like the regular edition: [WayBack] KiTTY Session Configuration Location – Chase’s Notes)

I bumped into KiTTY because in another situation, I needed to execute a remote command and found [WayBack] ssh – How to run a remote command in PuTTY after login & keep the shell running? – Super User

Later I found other references as it can also auto-logon:

Kitty has a URL based update checker; for instance [WayBackwww.9bis.net/kitty/check_update.php?version=0.70.0.6 checks if a newer version than 0.70.0.6 is available. If you do not trust it, you can run that URL over TLS as well.

These screenshots seem to do just get the above configuration:

  1. Under “SSH”, in “Tunnels”
    • tick “Remote ports do the same (SSH-2 only)”
    • fill in a source port (that’s the remote port and will become the :3389: bit above)
    • fill in destination 127.0.0.1:3389 (that’s the local RDP port on your Windows machine)
    • tick “Remote”
    • tick “Auto”
    • click “Add” to get to the second screenshot

  2. Under connection:
    • Ensure “Seconds between keepalives” is larger than zero (I took 1)
    • Tick “Disable Nagle’s algorithm”
    • Tick “Enable TCP keepalives”
    • Tick “Attempt to reconnect on system wakup”
    • Tick “Attempt to reconnect on connection failure”
  3. On the “SSH” tab:
    • Do not enter a “Remote command” (seems unneeded on my system)

So for now, I can do without things like:

–jeroen

Posted in *nix, *nix-tools, Power User, ssh/sshd, Windows | Leave a Comment »

curl/wget: use content-disposition for the file names

Posted by jpluimers on 2020/04/27

For me, on Windows, curl works better than wget, but on Linux/Mac OS X, curl tends to work better. Some people find wget easier for downloading multiple URLs at the same time. So here the parameter switches for both so they download to the file specified by the Content-Disposition http header:

  • curl --remote-name --remote-header-name
  • wget --content-disposition

My experience is that wget is better at this, especially when redirects are involved (by adding a [WayBack] --location parameter to  thecurl command line).

So for instance the first fails, but the second succeeds determining the download to be VSCodeUserSetup-x64-1.27.2.exe (so curl keeps the name stable):

curl.exe --location --remote-name --remote-time --remote-header-name https://vscode-update.azurewebsites.net/latest/win32-x64-user/stable

wget.exe --content-disposition https://vscode-update.azurewebsites.net/latest/win32-x64-user/stable

This takes into account the name after all followed redirects.

Via:

–jeroen

Posted in *nix, cURL, Power User, wget | Leave a Comment »

This means your SD card is dead for writing: “fsck.ext4: unable to set superblock flags on ROOT”

Posted by jpluimers on 2020/04/24

A while ago I had a "fsck.ext4: unable to set superblock flags on ROOT" on an SD card in a Raspberry Pi: it basically means the SD card is dead.

Back then Google found only one entry: [WayBack] Bad Superblock – Raspberry Pi Forums

–jeroen

Posted in *nix, *nix-tools, Development, Hardware Development, Power User, Raspberry Pi | Leave a Comment »

How to install patterns in openSUSE and SUSE – TechRepublic

Posted by jpluimers on 2020/04/20

This was much easier than I hoped for: the zypper verbs search and install both support the --type pattern argument.

After that, the names for them are pattern names instead of the normal package names.

So for instance:

zypper search --type pattern
zypper install -type pattern kde kde_plasmaaa

Sources:

–jeroen

 

Posted in *nix, Linux, openSuSE, Power User, SuSE Linux, Tumbleweed | Leave a Comment »

sed double expression: match, replace in one line, overwrite file

Posted by jpluimers on 2020/04/15

A while ago, I needed to conditionally replace in files, so I used sed and a regular expression, though usually I dislike those.

However, since the system had a very basic install, there was not much choice.

Luckily back then, my Google foo returned these:

This allowed me to do a double expression (the first matches a pattern, the second performs the actual replacement within the matching lines).

In case my Google foo in the future fails:

## https://robots.thoughtbot.com/sed-102-replace-in-place
## -i causes no backup to be saved, but does in-place replacement
## since we run under git, we can always restore
## combined with a double expression (the first matches, the second executes) this is very powerful
sed -i -e '/#.*AVOID_DAILY_AUTOCOMMITS=.*$/s/^.//' /etc/etckeeper/etckeeper.conf && git diff | more

–jeroen

Posted in *nix, Development, etckeeper, Linux, Power User, RegEx, Software Development | Leave a Comment »

Create a large file filled with zeros on Linux – twm’s blog

Posted by jpluimers on 2020/04/13

Interesting read as there are at least 3 options of which I only knew the first (dd): [WayBackCreate a large file filled with zeros on Linux – twm’s blog.

  • dd (fully allocated storage; zeros, random or another data source)
  • truncate (sparse storage; always gets zeros)
  • fallocate (fully allocated storage; always gets zeros)

–jeroen

via: [WayBack] Sometimes you need a large file for testing purposes or just to take up space that should not be available on the file system. There are several options… – Thomas Mueller (dummzeuch) – Google+

Posted in *nix, *nix-tools, Power User | Leave a Comment »

xrdp

Posted by jpluimers on 2020/04/06

I totally missed this the last 5 years. Where have I been (:

[WayBack] xrdp: An open source remote desktop protocol(rdp) server.

It runs on top of either Xvnc (which I have used) or X11rdp and should be usable with any RDP client (like the excellent Microsoft RDP for Mac OS X).

Related

Via:

–jeroen

Posted in *nix, *nix-tools, Power User, Remote Desktop Protocol/MSTSC/Terminal Services, VNC/Virtual_Network_Computing, Windows | Leave a Comment »

Workaround for “Nmap 7.8 Assertion failed: htn.toclock_running == true” · Issue #1764 · nmap/nmap · GitHub

Posted by jpluimers on 2020/03/27

I got this on Windows 10, 8.1 and 7, MacOS and Linux:

C:\bin>nmap -sn 192.168.71.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-24 13:44 W. Europe Standard Time
Assertion failed: htn.toclock_running == true, file ..\Target.cc, line 503

Luckily [WayBack] Nmap 7.8 Assertion failed: htn.toclock_running == true · Issue #1764 · nmap/nmap · GitHub has a solution: add the --max-parallelism 100 parameter:

C:\bin>nmap -sn --max-parallelism 100 192.168.71.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-24 13:48 W. Europe Standard Time
Nmap scan report for 192.168.71.1
...
Host is up.
Nmap done: 256 IP addresses (50 hosts up) scanned in 54.07 seconds

The other workaround is to have at least one ARP request succeed.

Via [WayBack] “Assertion failed: htn.toclock_running == true, file ..\Target.cc, line 503” – Google Search

–jeroen

Posted in *nix, *nix-tools, nmap, Power User | Leave a Comment »

« Previous Entries
Next Entries »