Category Archives: Ubuntu/Debian

Openssl Create a Private Key and a CSR with 2048bit for an SSL Certificate

If you need a new SSL certificate for a server you will need a 2048bit private key from 2011 onwards. This command creates both:

openssl req -new -nodes -newkey rsa:2048 -keyout example.key -out example.csr

Thats it send the CSR to you ISP and you should get you SSL cert back. You can also edit:


And change the default_bits line to 2048 then all new keys we be created with 2048bits.

Reset Forgotten MySQL Root Password

Okay so you have forgotten your mysql root password and need to access you mysql server. This howto requires root access to the shell or via sudo:

First stop your mysql server via the init script:

/etc/init.d/mysql stop

Now lets start up the mysql daemon and skip the grant tables which store the passwords:

mysqld_safe --skip-grant-tables

You should be able to see mysql starting. Logon to mysql with the fowling command:

mysql --user=root mysql

Now change the password with:

update user set Password=PASSWORD('new-password') where user='root';
flush privileges;

Now kill your running mysqld, then restart it normally. You should be good to go. Try not to forget your password again.

Mysql Update Crypt Field

This is our mysql table for proftpd with two users. One user has a clear text password ‘Clear_text’ and the other user has a Crypt password. The passwords are stored in the field passwd. Which we need to update for the user ftp.

mysql> select * from ftpuser;
| id | userid | passwd | uid | gid | homedir | shell | count | accessed | modified |
| 10 | ftp| *BD0359A2B6ZZHHA6A35B8D06DC1114D92CE3101 | 108 | 1002 | /storage/data | /sbin/nologin | 23 | 2011-01-19 13:07:33 | 2011-01-19 11:47:54 |
| 11 | upload | Clear_text | 108 | 1002 | /storage/data | /sbin/nologin | 529 | 2011-01-19 10:06:28 | 2011-01-06 16:01:30 |

We want to update the crypt password from the mysql shell. The following command will update the user ftp with a new crypt password:

update ftpuser set passwd=PASSWORD('KLatttGuya') where userid='ftp';

You can see the password in clear text here ‘KLatttGuya’ because of the option PASSWORD mysql knows that it must store a crypt password.

Howto Create a self signed SSL certificate

This howto shows you howto create a self signed SSL certificate without a passphrase. Using openssl with one single command:

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mykey.key -out mycert.crt

After you have answered all the questions you should have two files one key file and one crt file. Please make sure to enter your domain name when asked for your common name. This can also be an ip address if you don’t have a domain name to use. You can change how long the cert is valid for by changing the value days. If you prefer to have your cert and key in one file normally called a pem file please use the following command:

openssl req -x509 -nodes -days 1095 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem

As you can see the only thing i changed is instead of using two file names one for the key and one for the cert. You just repeat the first name which will create the cert and the key in one file called mycert.pem in our example.

Encrypted home and swap partition on Ubuntu 10.10 Maverick with auto logon

I wrote a howto about encrypting your home and swap partition a while ago. One thing was missing in the last howto the login process with pam mount. Please be careful following this howto if you do anything wrong you may erase all of you data. You have been warned!

First install a few packages:

aptitude install cryptsetup libpam-mount

We will start of with the swap partition which is easy. First deactivate your swap partition you may need to remove it from /etc/fstab and reboot if it is in use.:

swapoff /dev/sda7

Then fill your swap with random data from /dev/urandom

dd if=/dev/urandom of=/dev/sda7 bs=1M

Configure encrypted swap in /etc/crypttab and /etc/fstab

cat /etc/crypttab

cryptoswap /dev/sda7 /dev/urandom cipher=aes-cbc-essiv:sha256,size=256,hash=sha256,swap

cat /etc/fstab

/dev/mapper/cryptoswap none swap sw 0 0

Okay thats it reboot to test. If you call top from a shell you should see a normal swap partition. Then try and run the follow command you should see something like this:

cryptsetup status cryptoswap
/dev/mapper/cryptoswap is active:
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/sda7
offset: 0 sectors
size: 8401932 sectors
mode: read/write

Ok your swap partition is done lets move on to /home make sure you have an empty partition for this all data on the partition will be deleted. You’ve been warned

Fill your new home partition with random data.

dd if=/dev/urandom of=/dev/sda8

Initialize the partition and set initial key. Please make sure to use the same password to login and for the encrypted partition. Otherwise you will not be able to unlock your home partition when you login.

cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/sda8

Create a device mapping

cryptsetup luksOpen /dev/sda8 cryptohome

Now you can create a file system on cryptohome

mkfs.ext4 -j -m 1 -O dir_index,filetype,sparse_super /dev/mapper/cryptohome

Okay give your new home a test by closing it reopening it and finally the first mount

cryptsetup luksClose cryptohome
cryptsetup luksOpen /dev/sda8 cryptohome
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.

mkdir -p /mnt/cryptohome
mount /dev/mapper/cryptohome /mnt/cryptohome
touch /mnt/cryptohome/linux
ls /mnt/cryptohome/
lost+found linux

We can also confirm that it works by issuing the command

cryptsetup status cryptohome
/dev/mapper/cryptohome is active:
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/sda8
offset: 2056 sectors
size: 20978771 sectors
mode: read/write

Now would be a good time to move your current home data to this partition. And umount the partition:

umount /mnt/cryptohome
cryptsetup luksClose cryptohome

Automatically mount when logging in first edit pam_mount.conf.xml:

vi /etc/security/pam_mount.conf.xml

and add the following:

<volume user="User" fstype="crypt" path="/dev/disk/by-uuid/6d53f51f-7c25-4b3d-aa15-f3594f4f49e1" mountpoint="/home" options="fsck,relatime" />

Make sure to replace User with your user name. And you will also need to change the disk path. You can either add a path like /dev/sda6 or you can add a uuid the ubuntu way.

To find your uuid you use the following command:

blkid /dev/sda8

/dev/sda8: UUID="6d53f51f-7c25-4b3d-aa15-f3594f4f49e1" TYPE="crypto_LUKS"

After you have done that make sure to comment out the entry for your /home partition in /etc/fstab. Pam mount will deal with mounting your /home partition now.

vi /etc/fstab

# /home is on /dev/sda8
#UUID=6d53f51f-7c25-4b3d-aa15-f3594f4f49e1 /home ext4 defaults 0 2

Thats it you should be safe to reboot now. The login process will take slightly longer than before because your home partition gets mounted in the background. The only downside i see with this setup is you can’t use it in a multi-user environment. I am the only user on my laptop so that doesn’t really matter to me.

Installling OSX with VirtualBox on Ubuntu

I have always wanted to install OSX as a virtual machine. I tried about a year ago with a vmware image which was so slow. So i thought i would give it a another try after hearing that VirtualBox >=3.2 supports OSX. I was actually quite surprised at the speed it runs at it is reasonably snappy. The only think it really lacks is 3d support so that you good use the seamless mode. And change the resolution to some better than 1024×768.

Installing OSX on Ubuntu

Indicator Applet Thunderbird Support

Thunderbird does not have the Ubuntu indicator support at the moment. Only evolution is has full indicator support at the moment but i prefer to use Thunderbird. So here is how to get a basic Thunderbird starter in your indicator applet:

create a file named ‘thunderbird’ in /usr/share/indicators/messages/applications

nano /usr/share/indicators/messages/applications/thunderbird

and add the following:


Thats it save the file and you should be able to start Thunderbird from the indicator applet

Ubuntu Firefox won’t play flash movies

To get firefox to play flash movies in ubuntu do the following. First make sure you have the adobe flash player installed:

aptitude install flashplugin-installer

This should enable flash in firefox after restarting firefox. One additional problem i had is due to compiz the flash movie player would show up in firefox. But pressing the play button had no effect. Do the following:

Edit the file: /usr/lib/nspluginwrapper/i386/linux/npviewer and add the following line:


Thats it have fun watching flash movies on ubuntu

Debian/Ubuntu Package management Using dpkg

Dpkg is the Debian package manager dpkg is a tool to install, build, remove and manage Debian packages.

Now we will see all the available commands for dpkg with some examples

1)Install a package


dpkg -i <.deb file name>


dpkg -i courier-pop-ssl_0.61.2-1ubuntu2_amd64.deb

2)Install all packages recursively from a directory


dpkg -R


dpkg -R /usr/local/src

3)Unpack the package, but don’t configure it.


dpkg --unpack package_file

If you use -R option is specified, package_file must refer to a directory instead.


dpkg --unpack courier-pop-ssl_0.61.2-1ubuntu2_amd64.deb

4)Reconfigure an unpacked package


dpkg --configure package

If -a is given instead of package, all unpacked but unconfigured packages are configured.


dpkg --configure courier-pop-ssl_0.61.2-1ubuntu2_amd64.deb

5)Remove an installed package except configuration files


dpkg -r


dpkg -r courier-pop-ssl_0.61.2-1ubuntu2_amd64.deb

6)Remove an installed package including configuration files


dpkg -P

If you use -a is given instead of a package name, then all packages unpacked, but marked to be removed or purged in file /var/lib/dpkg/status, are removed or purged, respectively.


dpkg -P courier-pop-ssl

7)Replace available packages info


dpkg --update-avail

With this option old information is replaced with the information in the Packages-file.

8)Merge with info from file


dpkg --merge-avail

With this option old information is combined with information from Packages file.

The Packages file distributed with Debian is simply named Packages.dpkg keeps its record of available packages in /var/lib/dpkg/available.

9)Update dpkg and dselect’s idea of which packages are available with information from the package pack-age_file.


dpkg -A package_file

10)Forget about uninstalled unavailable packages.


dpkg --forget-old-unavail

11)Erase the existing information about what packages are available.


dpkg --clear-avail

12)Searches for packages that have been installed only partially on your system.


dpkg -C

13)Compare Package versions version numbers


dpkg --compare-versions ver1 op ver2

14)Display a brief help message.


dpkg --help

15)Display dpkg licence.


dpkg --licence (or) dpkg --license

16)Display dpkg version information.


dpkg --version

17)Build a deb package.


dpkg -b directory [filename]

18)List contents of a deb package.


dpkg -c filename

19)Show information about a package.


dpkg -I filename [control-file]

20)List packages matching given pattern.


dpkg -l package-name-pattern


dpkg -l postfix

21)List all installed packages, along with package version and short description


dpkg -l

22)Report status of specified package.


dpkg -s package-name


dpkg -s openssh-server

23)List files installed to your system from package.


dpkg -L package-Name


dpkg -L postfix

24)Search for a filename from installed packages.


dpkg -S filename-search-pattern


dpkg -S /usr/bin/cut

25)Display details about package


dpkg -p package-name


dpkg -p openssh-server

If you want more information about dpkg check “man dpkg”