Monday, August 18, 2014

RHEL7 sshd Ignores authorized_keys2

I found out the hard way that my authorized_keys2 files is ignored in Redhat Enterprise Linux 7.  My ssh client would submit the key file and then prompt me for my password.

The line "#AuthorizedKeysFile .ssh/authorized_keys" from sshd_config was uncommented, which changed the default behavior of reading both authorized_keys and authorized_keys2.

Unfortunately, I don't find any announcement of this change.  And, the sshd man page still reads
"AuthorizedKeysFile specifies the files containing public keys for public key authentication; if none is specified, the default is ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2."

Renaming the authorized_keys2 file to authorized_keys will fix the problem.  Be sure to merge these files if authorized_keys also exists.

I've submitted product feedback to Redhat asking that they announce the change and fix the man page.  FWIW, we've been warned in the past, starting in 2001 with the release of openssh version 3, that this authorized_keys2 is deprecated.  It just seems like an explicit "your stuff will now break" announcement is warranted.
AuthorizedKeysFile specifies the files containing public keys for public key authentication; if none is specified, the default is ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2.
AuthorizedKeysFile specifies the files containing public keys for public key authentication; if none is specified, the default is ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2.
AuthorizedKeysFile specifies the files containing public keys for public key authentication; if none is specified, the default is ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2.
AuthorizedKeysFile specifies the files containing public keys for public key authentication; if none is specified, the default is ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2.












at





2 comments:
  


































          

        

          

        

Wednesday, June 4, 2014


          

        









ViewSonic DCR Causes Dim Terminal/Console Screens










For a long time, I've been fighting with my screen dimming while I'm in a terminal session (black or dark backgrounds).  I simply could not see the text due to the dim screen.  I didn't know if it was a bug in power savings code in Ubuntu or some issue with my monitor.  Today I accidentally won the battle.







I have a ViewSonic VA2226w monitor.  I happened to press and hold the up arrow on the monitor and I saw an on-screen display message that I hadn't before noticed.  It said "DCR off".  Turns out, Viewsonic's "Dynamic Contrast Ratio" was the culprit!







So, at least for the ViewSonic VA2226w, the way to toggle DCR is:








    

  1. exit all OSD menus, if opened
    2. 

  2. press and hold the up arrow until you see "DCR on" or "DCR off"
    3. 




I hope you haven't fought with this as long as I have.  DCR is a bug, not a feature.














at





1 comment:
  


































          

        

          

        

Tuesday, June 28, 2011


          

        









Watch Out for App Engine Proxies










This summary is not available. Please 
    
   click here  to view the post.











at





7 comments:
  


































          

        

          

        

Tuesday, March 22, 2011


          

        









Using Flash Media Live Encoder 3.2 with Red5 RTMP Server










Live streaming is tricky. But, FMLE + Red5 is a cheap way to do it that gives you even more options than you'd have with with Flash Media Server.

I simply installed Red5 and the oflaDemo application. Then, I fired up Flash Media Live Encoder 3.2. I gave the URL of rtmp:myserver/oflaDemo to FMLE, with a stream name "myownstream".

To test viewing, I used the included Publisher demo application. I specified the "Location" as rtmp:myserver/oflaDemo and clicked "Connect". Then, I specified the "Name" as "myownstream" and clicked "Play". Magically, it worked!

I hope this simple tutorial can bootstrap you into live streaming with Red5.











at





1 comment:
  


































          

        

          

        

Thursday, May 20, 2010


          

        









SSL Certificates from the Command-Line










If you've ever wondered how to easily inspect a certificate from the command line, look no further than openssl.

openssl s_client -connect hostname:port

If you ever need to look up several hosts at once and want to report the ones which will expire before a given date, try this script:



hostFile="/tmp/ssl_hostnames"
thresholdDate="June 30, 2010"
(for hostAndPort in $(< $hostFile )
do
  dateStr="\
               $(date -d "\
                              $(echo blah |\
                                 openssl s_client -connect $hostAndPort 2> /dev/null |\
                                 sed "1,/Server certificate/ {d}; /subject/,$ {d;};"|\
                                 openssl x509 -text 2> /dev/null|\
                                 grep "Not After"|\
                                 sed "s/.* : //"\
                                )"\
                  )"
  if (( $( date -d "$dateStr" +%s ) <= $( date -d "$thresholdDate" +%s ) ))
  then
    echo ${hostAndPort%:*}\|$dateStr
  fi
done)| column -s "|" -t



Right now, there's not much error checking in this script. And, I'm not doing any TLS stuff. The hostFile just contains host:port pairs, one host per line.











at





2 comments:
  


































          

        

          

        

Friday, May 7, 2010


          

        









Moving from MyWeb to Live@Edu










The personal webhosting service offered to all UGA affiliates is called MyWeb. It offers only 200mb of storage. The advantage is that javascript, iframes, etc. are allowed, which is not the case for many free website hosting tools, especially the fancy WYSIWIG ones. So, I haven't convinced you that MyWeb has value? Well, consider redirecting your myweb page to your live@edu profile,Spaces page, or other site that you do maintain. Here's how:




<html>
<head>
<meta http-equiv="refresh" content="0;url=http://YOUR_CID_HERE.profile.live.com/">
</head>
</html>



    

  • Save the file on your computer with a name of index.html
    • 

  • Log into your MyDrive web interface at https://mydrive.uga.edu/NetStorage/
    • 

  • Navigate to the Home@UGA->www folder
    • 

  • From the File menu on the right, select Upload
    • 

  • Click Choose File and select your newly created index.html file
    • 

  • Click Upload
    • 



You could also choose to only redirect certain directories of your site by adding a similar index.html file in the subdirectories that you desire to redirect.











at





No comments:
  










































Making Linux Talk Microsoft live@edu












Overview

Our new mail solution will be Exchange 2010 in the form of Microsoft's Live@edu hosted environment. Sounds swell for Microsoft lovers. But, what about us Linux folk? What clients can we use to have as rich an experience as the Microsoft crowd? What to do? Sometimes, the best or only answer for users of any operating system is to use the web interface. Mostly, we'll explore the thick client options in this article.



Email

Evolution hacks seemed to work against Exchange 2007. But, all webdav has been yanked from 2010. I almost lost hope.

The best solution I've come across is Thunderbird + Lightning + xdata-provider. Lightning adds calendar functionality to Thunderbird. The xdata-provider add-on extends the Lightning to interact with the Exchange 2010 calendar. Thunderbird will speak IMAP to Exchange to fetch mail. Lightning/xdata-provider will handle the calendar.



What you'll need


    

  • Thunderbird
    • 

  • the Lightning add-on (available as the "lightning-extension" package in Ubuntu)
    • 

  • xdata-provider add-on for Thunderbird
    • 




Caveats

Thus far, I've had trouble editing Exchange calendar events in Thunderbird. Nor have I been able to reply (accept/decline) event invitations. Essentially, it has proven useful only for adding new events. I don't even think it has alerted me



Instant Messaging

Empathy provides Instant Messaging capabilities for your live (MSN) account.



Cloud Storage / Collaboration

As for SkyDrive, the best solution is to forget about it (until a Linux client comes along) and use DropBox. Same goes for Office Live Workspace, which will greet you with an "Windows users only" error anyhow.

A couple nice features of SkyDrive is that you can do light editing on Office documents without downloading them. The other is the SSO (single-sign-on), which saves you a click or two.



Blog / Simple Web Site.

I see no point in using Spaces, since there are better blog tools out there and this tool is in no way branded to affiliate one to UGA or any easier to use because of our agreement. Your spaces account must be unique in the spaces.live.com namespace, which already has millions of users.











at





No comments:
  


































        

      









Subscribe to:
Posts (Atom)