Gentoo Blog

If you need to regenerate your SSH Host Keys do the following.

1. delete your old keys

rm /etc/ssh/ssh_host_*

2. reconfigure the ssh server

dpkg-reconfigure openssh-server

That’s it now you can update you known_hosts file when you connect next time. If you use strict checking which you should you will need to delete the key from you known_hosts file in you home directory. Or you will not be able to connect.

If you need a new SSL certificate for a server you will need a 2048bit private key from 2011 onwards. This command creates both:

openssl req -new -nodes -newkey rsa:2048 -keyout example.key -out example.csr

Thats it send the CSR to you ISP and you should get you SSL cert back. You can also edit:

/etc/ssl/openssl.cnf

And change the default_bits line to 2048 then all new keys we be created with 2048bits.

Okay so you have forgotten your mysql root password and need to access you mysql server. This howto requires root access to the shell or via sudo:

First stop your mysql server via the init script:

/etc/init.d/mysql stop

Now lets start up the mysql daemon and skip the grant tables which store the passwords:

mysqld_safe --skip-grant-tables

You should be able to see mysql starting. Logon to mysql with the fowling command:

mysql --user=root mysql

Now change the password with:

update user set Password=PASSWORD('new-password') where user='root';
flush privileges;
exit;

Now kill your running mysqld, then restart it normally. You should be good to go. Try not to forget your password again.

To compare the content of two fields in mysql and print the matching results do the following:

select * from user where username=password;

This would match all users that have the same username and password

This is our mysql table for proftpd with two users. One user has a clear text password ‘Clear_text’ and the other user has a Crypt password. The passwords are stored in the field passwd. Which we need to update for the user ftp.

mysql> select * from ftpuser;
+----+----------+-------------------------------------------+-----+------+---------------+---------------+-------+---------------------+---------------------+
| id | userid | passwd | uid | gid | homedir | shell | count | accessed | modified |
+----+----------+-------------------------------------------+-----+------+---------------+---------------+-------+---------------------+---------------------+
| 10 | ftp| *BD0359A2B6ZZHHA6A35B8D06DC1114D92CE3101 | 108 | 1002 | /storage/data | /sbin/nologin | 23 | 2011-01-19 13:07:33 | 2011-01-19 11:47:54 |
| 11 | upload | Clear_text | 108 | 1002 | /storage/data | /sbin/nologin | 529 | 2011-01-19 10:06:28 | 2011-01-06 16:01:30 |
+----+----------+-------------------------------------------+-----+------+---------------+---------------+-------+---------------------+---------------------+

We want to update the crypt password from the mysql shell. The following command will update the user ftp with a new crypt password:

update ftpuser set passwd=PASSWORD('KLatttGuya') where userid='ftp';

You can see the password in clear text here ‘KLatttGuya’ because of the option PASSWORD mysql knows that it must store a crypt password.

This howto shows you howto create a self signed SSL certificate without a passphrase. Using openssl with one single command:

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mykey.key -out mycert.crt

After you have answered all the questions you should have two files one key file and one crt file. Please make sure to enter your domain name when asked for your common name. This can also be an ip address if you don’t have a domain name to use. You can change how long the cert is valid for by changing the value days. If you prefer to have your cert and key in one file normally called a pem file please use the following command:

openssl req -x509 -nodes -days 1095 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem

As you can see the only thing i changed is instead of using two file names one for the key and one for the cert. You just repeat the first name which will create the cert and the key in one file called mycert.pem in our example.

I wrote a howto about encrypting your home and swap partition a while ago. One thing was missing in the last howto the login process with pam mount. Please be careful following this howto if you do anything wrong you may erase all of you data. You have been warned!

First install a few packages:

aptitude install cryptsetup libpam-mount

We will start of with the swap partition which is easy. First deactivate your swap partition you may need to remove it from /etc/fstab and reboot if it is in use.:

swapoff /dev/sda7

Then fill your swap with random data from /dev/urandom

dd if=/dev/urandom of=/dev/sda7 bs=1M

Configure encrypted swap in /etc/crypttab and /etc/fstab

cat /etc/crypttab

cryptoswap /dev/sda7 /dev/urandom cipher=aes-cbc-essiv:sha256,size=256,hash=sha256,swap

cat /etc/fstab

/dev/mapper/cryptoswap none swap sw 0 0

Okay thats it reboot to test. If you call top from a shell you should see a normal swap partition. Then try and run the follow command you should see something like this:

cryptsetup status cryptoswap
/dev/mapper/cryptoswap is active:
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/sda7
offset: 0 sectors
size: 8401932 sectors
mode: read/write


Ok your swap partition is done lets move on to /home make sure you have an empty partition for this all data on the partition will be deleted. You’ve been warned

Fill your new home partition with random data.

dd if=/dev/urandom of=/dev/sda8

Initialize the partition and set initial key. Please make sure to use the same password to login and for the encrypted partition. Otherwise you will not be able to unlock your home partition when you login.

cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/sda8

Create a device mapping

cryptsetup luksOpen /dev/sda8 cryptohome

Now you can create a file system on cryptohome

mkfs.ext4 -j -m 1 -O dir_index,filetype,sparse_super /dev/mapper/cryptohome

Okay give your new home a test by closing it reopening it and finally the first mount

cryptsetup luksClose cryptohome
cryptsetup luksOpen /dev/sda8 cryptohome
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.

mkdir -p /mnt/cryptohome
mount /dev/mapper/cryptohome /mnt/cryptohome
touch /mnt/cryptohome/linux
ls /mnt/cryptohome/
lost+found linux

We can also confirm that it works by issuing the command

cryptsetup status cryptohome
/dev/mapper/cryptohome is active:
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/sda8
offset: 2056 sectors
size: 20978771 sectors
mode: read/write


Now would be a good time to move your current home data to this partition. And umount the partition:

umount /mnt/cryptohome
cryptsetup luksClose cryptohome

Automatically mount when logging in first edit pam_mount.conf.xml:

vi /etc/security/pam_mount.conf.xml

and add the following:

<volume user="User" fstype="crypt" path="/dev/disk/by-uuid/6d53f51f-7c25-4b3d-aa15-f3594f4f49e1" mountpoint="/home" options="fsck,relatime" />

Make sure to replace User with your user name. And you will also need to change the disk path. You can either add a path like /dev/sda6 or you can add a uuid the ubuntu way.

To find your uuid you use the following command:

blkid /dev/sda8

/dev/sda8: UUID="6d53f51f-7c25-4b3d-aa15-f3594f4f49e1" TYPE="crypto_LUKS"

After you have done that make sure to comment out the entry for your /home partition in /etc/fstab. Pam mount will deal with mounting your /home partition now.

vi /etc/fstab

# /home is on /dev/sda8
#UUID=6d53f51f-7c25-4b3d-aa15-f3594f4f49e1 /home ext4 defaults 0 2


Thats it you should be safe to reboot now. The login process will take slightly longer than before because your home partition gets mounted in the background. The only downside i see with this setup is you can’t use it in a multi-user environment. I am the only user on my laptop so that doesn’t really matter to me.

I have always wanted to install OSX as a virtual machine. I tried about a year ago with a vmware image which was so slow. So i thought i would give it a another try after hearing that VirtualBox >=3.2 supports OSX. I was actually quite surprised at the speed it runs at it is reasonably snappy. The only think it really lacks is 3d support so that you good use the seamless mode. And change the resolution to some better than 1024×768.

Thunderbird does not have the Ubuntu indicator support at the moment. Only evolution is has full indicator support at the moment but i prefer to use Thunderbird. So here is how to get a basic Thunderbird starter in your indicator applet:

create a file named ‘thunderbird’ in /usr/share/indicators/messages/applications

nano /usr/share/indicators/messages/applications/thunderbird

and add the following:

/usr/share/applications/thunderbird.desktop

Thats it save the file and you should be able to start Thunderbird from the indicator applet

To get firefox to play flash movies in ubuntu do the following. First make sure you have the adobe flash player installed:

aptitude install flashplugin-installer

This should enable flash in firefox after restarting firefox. One additional problem i had is due to compiz the flash movie player would show up in firefox. But pressing the play button had no effect. Do the following:

Edit the file: /usr/lib/nspluginwrapper/i386/linux/npviewer and add the following line:

export GDK_NATIVE_WINDOWS=1

Thats it have fun watching flash movies on ubuntu