davidmentis

22 November 2007 @ 09:50 pm

The following was unceremoniously ganked from Mark A. Hershberger's weblog

In .bashrc add:

export SSH_ENV="$HOME/.ssh/environment"

function start_agent {
     echo "Initialising new SSH agent..."
     /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
     echo succeeded
     chmod 600 "${SSH_ENV}"
     . "${SSH_ENV}" > /dev/null
     /usr/bin/ssh-add;
}

Follow this up in your .bash_profile with:

# Source SSH settings, if applicable

if [ -f "${SSH_ENV}" ]; then
     . "${SSH_ENV}" > /dev/null
     #ps ${SSH_AGENT_PID} doesn’t work under cywgin
     ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
         start_agent;
     }
else
     start_agent;
fi

You, of course, can place these files where you want. The effect is using SSH_ENV as a "lock" on ssh-agent. You can add, remove and check existing keys by using ssh-add:

$ ssh-add -l
$ ssh-add -d 
$ ssh-add -D
$ ssh-add

Tags: ssh ssh-agent ssh-add

Leave a comment

17 May 2007 @ 01:53 am

Using PGP to create a password safe

Unceremoniously ganked from here:

First, generate a keypair by running gpg --gen-key and follow the prompts using the defaults. gpg complained about there not being enough random bytes available. As I was doing this remotely, I had to open a new shell into the machine and do things like du -sh /, and find / ... Also, at the end of it I got an error message:

gpg: no writable public keyring found: eofKey generation failed: eof

To fix this, I had to

rm -rf ~/.gnupg && mkdir ~/.gnupg && chmod 0700 ~/.gnupg

Next, we have to generate a revocation certificate (in case we forget our passphrase or our key's been compromised) using gpg --output revoke.asc --gen-revoke "Your Name"

[dmentis@mail ~]$ gpg --output revoke.asc --gen-revoke "David Mentis"
sec  1024D/9DA1B8E1 2007-05-17   David Mentis <davidmentis@emailhost.com>
Create a revocation certificate for this key? y
Please select the reason for the revocation:   
  0 = No reason specified
  1 = Key has been compromised
  2 = Key is superseded
  3 = Key is no longer used
  Q = Cancel
(Probably you want to select 1 here)
Your decision? 
Enter an optional description; end it with an empty line:
> Revoking my key just in case it gets lost
>                                          
Reason for revocation: Key has been compromised
Revoking my key just in case it gets lost
Is this okay? y
               
You need a passphrase to unlock the secret key for
user: "David Mentis <davidmentis@emailhost.com>"
1024-bit DSA key, ID 9DA1B8E1, created 2007-05-17

ASCII armored output forced.
Revocation certificate created.

Please move it to a medium which you can hide away; if Mallory gets
access to this certificate he can use it to make your key unusable.
It is smart to print this certificate and store it away, just in case
your media become unreadable.  But have some caution:  The print system of
your machine might store the data and make it available to others!

Next, export your public key using gpg --armor --output public.gpg --export yourid@your.host.com. This will store your public key in public.gpg, if you want to put it on your website or mail it.

Now, encrypt the pw file with gpg --armor --output pw.gpg --encrypt --recipient yourid@your.host.com pw, which will encrypt the pw file as pw.gpg. To decrypt it, you must include your own key in the --recipient list.

Test decrypting the pw file with gpg --output testpw --decrypt pw.gpg.

Leave a comment

17 May 2007 @ 01:08 am

Installing Fedora via VNC or Network

A little web browsing turned up the Alternative Installation Methods. This gave me such wonderful information as installation via HTTP or NFS. Just add askmethod at the boot: prompt.

But what if you want to install via VNC? Similar process! Just add vnc to the boot: prompt.

Couldn't be easier.

Leave a comment

15 February 2007 @ 04:13 pm

Debian: Setting up a mail server

This is pulled largely from Scott Hurring's site. Another good site is this one which refers to exim4. I had originally installed Debian 3.1 and selected for the mail server install not realizing that it installed uw-imapd. The problem, is that I like the Maildir format, and uw-imapd does not support this. Here are the steps that I've taken to get exim + courier working with procmail and Maildir.

Uninstall uw-imapd.

david@dyan-0-14:~$ sudo apt-get --purge remove uw-imapd

Install Courier-IMAP:

david@dyan-0-14:~$ sudo apt-get install courier-imap courier-imap-ssl

Modify exim.conf:
Scott apparently referred to this site for modifying the exim.conf. These modification will give sitewide Maildir support (as opposed to giving to a per-user basis via a .forward file). These modifications are for exim4.
First, enable maildir by editing /etc/exim4/update-exim4.conf.conf

dc_localdelivery='maildir_home'

Then, enable the config changes:

david@dyan-0-14:~$ sudo /usr/sbin/update-exim4.conf

Check for syntax errors:

david@dyna-0-14:~$ sudo /usr/sbin/exim4 -bV

Then restart exim4 to pick up the changes:

david@dyna-0-14:~$ sudo /etc/init.d/exim4 restart

28 March 2006 @ 07:54 pm

bootable BIOS flashing cdrom in Linux/BSD

Note: I grabbed all of my information from here and here.

First, get a floppy image. You can find them at bootdisk.com. I chose boot98c.exe.

Unzip the image and mount it. Under linux:

 unzip boot98c.exe && mount boot98c /mnt

Under FreeBSD:

unzip boot98c
mdconfig -a -t vnode -f boot98c.IMA -u 0
mount -t msdos /dev/md0 /mnt

Remove as many EXE's as you can. You'll need the space.

scanreg.exe
scandisk.*
extract.exe
edit.*
drvspace.bin
fdisk.exe
format.com
smartdrv.exe
xcopy32.*
mem.exe
chkdsk.exe
move.exe
deltree.exe

Unmount the image and create a bootable ISO image:

$ mkisofs -o $WORKDIR/bootcd.iso \
> -b $WORKDIR/boot.IMA \
> -c boot.cat \
> $WORKDIR/boot.IMA

Then burn the cd. In FreeBSD you can use the burncd command:

 burncd -f /dev/acd0 data /tmp/bootcd.iso fixate

Clean up and you're done!

Leave a comment

28 March 2006 @ 10:40 am

Keep up to date with FreeBSD 6

Here's a nice quick and easy way to update a FreeBSD 6 machine using portupgrade:

#!/usr/local/bin/bash

# Script name: auto-cvsup.sh

# It requires the path to your supfile as argument.
# We use fastest_cvsup utility to locate fastest server in our area.
# Make sure you have 'BATCH=yes' in /etc/make.conf

PORTS_DIR=/usr/ports
PKG_BACKUP_DIR=/root/var_db_pkg_backups
COUNTRIES=us
TIMESTAMP=$(date +%F_%H:%M)

Check_if_root ()       # Check if root running script.
{                      # From "ex39.sh" example.
  if [ "$UID" -ne "$ROOT_UID" ]
  then
    echo "Must be root to run this script."
    exit 101
  fi
}  

if [ -z $1 ]
then
   Usage ""
   exit 1
fi

#are we root?
Check_if_root

if [ ! -d $PKG_BACKUP_DIR ]
then
   mkdir -p $PKG_BACKUP_DIR
fi


#SERVER=$(/usr/local/bin/fastest_cvsup -Q -c $COUNTRIES)
# cvsup is blocked at by company router, so portforward through home :%29
# uncomment the following line to fix it
#ssh -L 5999:cvsup11.freebsd.org:5999 dmentis@home.ip.address
SERVER=localhost
/usr/local/bin/cvsup -g -L1 -h $SERVER $1
cd /usr/ports
/usr/bin/make fetchindex
/usr/local/sbin/portsdb -u
/usr/bin/tar -czf $PKG_BACKUP_DIR/$TIMESTAMP-var.db.pkg.tar.gz /var/db/pkg
/usr/local/sbin/pkgdb --autofix
/usr/local/sbin/portsclean -C -DD
/usr/local/sbin/portupgrade -RrO portupgrade > /dev/null
/usr/local/sbin/portupgrade -RrOa -L /var/tmp/portupgrade-%s::%s.log > /dev/null

Leave a comment

06 February 2006 @ 11:08 am

How can I avoid GPG errors with apt 0.6 and above?

From here:

Explanation: the new apt-get introduced package authentication in order to improve security. You can still install non-authenticated packages, but if you want to take advantage of this feature do the following (note that not all the deb repositories implemented this feature, if you upgrade from such a repository you'll get a "packages could not be authenticated" warning. Last time I checked Mepis repo didn't have the authentication feature, so you'll get a warning each time you upgrade a package that's available in Mepis repo).

If you get this warning:

W: GPG error: ftp://ftp.nerim.net unstable Release: The following signatures couldn't be verified 
because the public key is not available: NO_PUBKEY 07DC563D1F41B907

or this one:

W: GPG error: ftp://ftp.nerim.net sid Release: The following signatures couldn't be verified 
because the public key is not available: NO_PUBKEY 07DC563D1F41B907

open konsole, type "su" and root password.
gpg --keyserver wwwkeys.eu.pgp.net --recv-keys 1F41B907
gpg --armor --export 1F41B907 | apt-key add -
apt-get update

If you have problems getting a key from wwwkeys.eu.pgp.net you can try minsky.surfnet.nl instead.

If you get this warning:

W: GPG error: http://secure-testing.debian.net etch/security-updates Release: The following signatures couldn't
be verified because the public key is not available: NO_PUBKEY 946AA6E18722E71E
W: You may want to run apt-get update to correct these problems

Open Konsole, type su and root password
wget http://secure-testing.debian.net/ziyi-2005-7.asc -O - | apt-key add -
apt-get update

If you have other sources in /etc/apt/sources.list you can get the key for them in a similar manner, look for the key number in the error message.

Leave a comment

29 January 2006 @ 04:00 pm

Getting the ISO that you want

Instalinux is a neat little site where you can configure your ISO before you download it. You tell it the setup options, and it returns an ISO that you can plop in and install. You still need a 'net connection to download the packages that you want.

28 January 2006 @ 03:33 am

Thunderbird Tips & Tricks

The beauty of IMAP is that I can have mail sifted into folders. Unfortunately, Thunderbird doesn't check all of your folders for new/unread mail. The fix is simple enough.

From here:

"Check all IMAP folders for new mail

Thunderbird can download mail from all accounts when you start the program. Just add the following code to your user.js file:"

// Download mail from all accounts on startup
user_pref("mail.check_all_imap_folders_for_new", true);

15 December 2005 @ 05:59 pm

NetBSD, csh, backspace and ^H

Wicked pisser in NetBSD that the default shell, csh, has old backspace settings. The fix?

stty erase ^H

Ahh, that's better. To keep this persistant? vi ~/.cshrc

stty erase CTRL-V CTRL-H

06 December 2005 @ 12:33 pm

Using X as a picture frame

#!/bin/csh
cd /home/dmentis/Screenshots
xsetroot -cursor /home/dmentis/emptycursor /home/dmentis/emptycursor

while (1)
   foreach i (*.jpg *.png *.tif)
     ../show $i
     sleep 10
   end
   xset s off
end

: {32} cat show
#!/bin/sh
display -size 1600x1200! -resize 1600x1200! -geometry 1600x1200! -window root $1

22 November 2005 @ 05:33 pm

X with empty cursor

# Create a file named emptycursor containing:

#define nn1_width 16
#define nn1_height 16
static unsigned char nn1_bits[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};

# type this command:

xsetroot -cursor emptycursor emptycursor

36)! How can I control the mouse with the keyboard?

13 October 2005 @ 05:11 pm

gentoo on compact flash

Let's create our working environment ...

mkdir -p ~/base/source
cd base/source
tar xjpf stage2-x86-2005.1.tar.bz2
mkdir oldroot

Then, get and uncompress portage:

cd base/source/usr && tar xjf portage-whatever.tar.bz2

Then, setup networking stuff:

nano -w resolv.conf
nameserver 172.24.1.6

Finish up the setup by configuring mount points and make.conf

cd base/source
mount -o bind /proc proc

nano -w /etc/make.conf

######################################
#   /etc/make.conf
######################################
FEATURES="sandbox ccache autoaddcvs noinfo noman"

USE="alsa -arts -avi -bitmap-fonts -cdr -cups -dvd \
-emacs -esd -foomaticdb -gif -gtk -gtk2 -jpeg \
-gnome -kde -nls -motif -mp3 -mpeg -oggvorbis -opengl \
-oss -perl -pdflib -png -ppds -qt -quicktime -samba \
-spell -truetype -truetype-fonts -type1-fonts -X -xmms"

#from http://radagast.bglug.ca/epia/epia_howto/index.html
# notice the -Os optimization for small binaries!
CFLAGS="-march=i586 -m3dnow -mmmx -Os -pipe -fomit-frame-pointer"
CHOST="i586-pc-linux-gnu"
CXXFLAGS="${CFLAGS}"

GENTOO_MIRRORS="http://ftp.uni-erlangen.de/pub/mirrors/gentoo \
e.edu http://www.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j2"

Now that our build environment is ready to rock, we can begin the build
</td>

cd base/source
chroot . /bin/bash --login
env-update && source /etc/profile
emerge --newuse system
ln -sf /usr/share/zoneinfo/GMT /etc/localtime

Modify fstab and other /etc/files:

Get a cup of coffee. Or 6 of them.

24 August 2005 @ 04:30 pm

Fedora Core 4 and JDK 1.4.2 Problems

Fedora Core 4 and JDK 1.4.2 Problems If you are experiencing problems with Fedora Core 4 with JDK 1.4.2, try adding the following command line argument to your java command line:

java -Djava.net.preferIPv4Stack=true YourApp

What's the problem?

"If IPv6 is available on the operating system the underlying native socket will be an IPv6 socket. This allows Java(tm) applications to connect to, and accept connections from, both IPv4 and IPv6 hosts."

This is misleading because I couldn't connect to any IPv4 hosts with Tomcat (i.e. database). You can read more about JDK 1.4.2's network properties at http://java.sun.com/j2se/1.4.2/docs/guide/net/properties.html. In Tomcat's catalina.sh, I just set JAVA_OPTS="-Djava.net.preferIPv4Stack=true" ( Jun 30 2005, 04:53:12 PM PDT ) Permalink Comments [3]
20050509

For anyone using FC4, it seems that JDK 1.4 is unable to make any network connections due to IPV6 being enabled in the kernel - 1.5.0_03 works fine.

Fortunately, disabling IPV6 seems to fix it (reboot needed).

/etc/modprobe.conf:
# Disable IPV6 to allow java networking to work
alias net-pf-10 off

Leave a comment

15 August 2005 @ 06:53 pm

oppressive firewalls and tor

download install tor

download install pivoxy - installed on FC4

download install tsocks

download install socat

Suppose that you wanted to connect to an IRC server running on barbaz.com, port 6667.

socat TCP4-LISTEN:4242,fork SOCKS4A:localhost:barbaz.com:6667,socksport=9050

Connecting to localhost, port 4242, would then be equivalent to connecting to barbaz.com, port 6667, via Tor.

TheOnionRouter/TorifyHOWTO

http://www.showmyip.com/

Leave a comment

09 August 2005 @ 01:12 pm

Wiping a linux disk clean

#! /bin/sh

# Make sure user specified a device
if [ "$1" == "" ]; then
   echo "Usage: $0 block-special-device"
   exit 1
fi

# Make sure the device is a block-special
if [ ! -b "$1" ]; then
   echo "'$1' is not a block-special device."
   echo "Try again!"
   exit 2
fi

# Verify user's intention
echo -n "Are you sure you want to wipe '$1'? (yes|NO) "
read ans
if [ $ans != "yes" ]; then
   echo "Aborted."
   exit 3
fi

# Start writing random data to the hard drive
for i in 1 2 3 4 5 6 7 8 9 10; do
   echo "Starting randomizer $i."
   dd if=/dev/urandom of=$1 bs=64k&
   # Give it a chance to get into the disk a bit
   sleep 60
done

# Wait for all the randomizers to finish
echo "Waiting for all randomizers to finish."
wait

echo "Beginning clear operation."
dd if=/dev/zero of=$1 bs=64k

# Done
echo "Wipe complete."

exit 0

Leave a comment

05 August 2005 @ 03:59 pm

Rolling your own linux live-cd

Creating a Complete Distribution on CD | Linux Journal

Building Your Own Live CD | Linux Journal

redhat forum with links

linux-live / slax

Leave a comment

02 August 2005 @ 11:51 pm

Keeping SSH alive through NAT/Firewall

On the windows side, PuTTY has a wonderful option to do KeepAlive while ssh'ing. Works brilliantly. Under *nix? Not so hot. I know in sshd_config there's the TCPKeepAlive, but that doesn't seem to work on it's own. A quick google turned this up:

TCPKeepAlive yes
ClientAliveInterval 30
ClientAliveCountMax 99999

Leave a comment

22 July 2005 @ 01:00 am

buzzword client

At some point in time, I tripped over a nice php blog software called buzzword. I like the style. I like the presentation. I HATE having to put data in through the web. I like having a client a la drivel. That way, I can have it sitting out of the way. So, I'm attemping to write a dirty little API to access the mysql backend directly. It's more of an exercise to dust of the C skills.

The MySQL C API

A nice tutorial to get me started

A quick side note. On linux, if you plan on using strmov make sure you include libmystrings:

gcc TestMysqlApp.c -o TestMysqlApp `mysql_config --cflags --libs` -lmystrings

This one kept me occupied for a few minutes :)

Leave a comment

21 July 2005 @ 09:49 pm

Turning on and turning off Simple File Sharing

Simple File Sharing is always turned on in Windows XP Home Edition-based computers. By default, the Simple File Sharing UI is turned on in Windows XP Professional-based computers that are joined to a workgroup. Windows XP Professional-based computers that are joined to a domain use only the classic file sharing and security interface. When you use the Simple File Sharing UI (that is located in the folder's properties), both share and file permissions are configured.

If you turn off Simple File Sharing, you have more control over the permissions to individual users. However, you must have advanced knowledge of NTFS and share permissions to help keep your folders and files more secure. If you turn off Simple File Sharing, the Shared Documents feature is not turned off.

To turn Simple File Sharing on or off in Windows XP Professional, follow these steps:
1. Double-click My Computer on the desktop.
2. On the Tools menu, click Folder Options.
3. Click the View tab, and then select the Use Simple File Sharing (Recommended) check box to turn on Simple File Sharing. (Clear this check box to turn off this feature.)

Microsoft's Support Page Article 304040

Leave a comment

Advertisement