Tag Archives: ubuntu

Use ansible to update openssl for heartbleed

Here is a quick and dirty ansible playbook to update to a specific version of libssl1.0.0 and openssl on my ubuntu 12.04 boxes:

---
- hosts: all
  sudo: True
  tasks:
    - name: update openssl for heartbleed
      apt: name={{ item }} state=installed
      with_items:
        - openssl=1.0.1-4ubuntu5.12
        - libssl1.0.0=1.0.1-4ubuntu5.12
      notify:
        - restart apache2
  handlers:
    - name: restart apache2
      action: service name=apache2 state=restarte

Received disconnect from: Too many authentication failures for ubuntu

Short answer: Add IdentitiesOnly yes to your .ssh/config file.

Long answer:

I was receiving the error message “Received disconnect from X.X.X.X: 2: Too many authentication failures for ubuntu” while trying to login to some of my servers. Tried logging into various other servers and some worked and some didn’t. I was using public key authentication and I know the keys were correct so I tried logging into the failing servers from other machines and they all worked, same keys, so the keys were all good and the server was working just fine.

Time to ssh -vvv to see what errors were occuring. At the end of the output I was seeing a lot of this:

...
debug1: Offering RSA public key: wes@desktop
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: wes@desktop
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
...

Ok, so it looks like my public keys are failing. I’m using my .ssh/config file to assign specific IdentityFiles to Hosts, perhaps that was failing so I tried passing the path to the IdentityFile directly via ssh -i. Still nothing, it still is passing several publickeys and failing on all of them. My servers all have the default setting in the sshd_config for MaxAuthTries set to 6, increasing that helps but that’s not the direction I want to change that value and I don’t want to do that across dozens of servers and this appears to be a client side problem.

Next up, I did a little googling around and ran ssh-add -L and see that ssh-agent has cached 6 public keys. ssh automatically tries those 6 keys first always and then tries the ones you specify on command line or in your config file. That’s not really super cool, I guess it assumes you are using the same key or it needs a default to look for and try. One option was to run ssh-add -D, that wasn’t really working and doesn’t directly solve the problem. Instead I read the manual, what a novel idea, and found the setting IdentitiesOnly and set it to yes, what this does is instead of checking ssh-agent for cached keys it will use your defined identity file only… MUCH better! So, just add IdentitiesOnly yes to your .ssh/config file and you are set. Or put this in the /etc/ssh/ssh_config file for the entire system.

haproxy NOSRV BADREQ

Today I loaded up one of my haproxy instances on amazon ec2 and I decided it was a good idea to take a quick peak at the haproxy.log to be sure it booted it correctly etc… I saw a ton of entries (several per second) being added to the log that looked something like this:

Jul 21 09:44:19 localhost haproxy[3536]: 127.0.0.1:55422 [21/Jul/2011:09:44:19.707] webserver webserver/ -1/-1/-1/-1/0 400 0 - - SC-- 1998/0/0/0/0 0/0 ""

I ran a quick check on the config file to be sure it was all good and sure enough the address for the webserver returned the error “Invalid server name: ‘webserver.example.com'”. Obviously that server no longer reponds, in this case it was a server that we no longer were using and my config on this machine was out of date, I updated the config, (re-ran the check) and restarted. Good to go.

Additional Steps Installing Ubuntu 10.10 Maverick

Here are some additional things either installing custom software or specific configuration options used in setting up my new system.

A few settings I set with Compiz setup.

  1. I use shutter for a screenshot utility and this will allow it to replace the default gnome-screenshot tool allowing more flexibility and control. I especially like the section and web screenshot options where I can take a shot of the entire contents of a window without any of the controls or of an entire web page without having to stitch them together.Open up the Settings Manager and in Gnome Compatibility on the Commands tab I replace ‘gnome-screenshot’ with ‘shutter –full’ and ‘gnome-screenshot –window’ with ‘shutter –section’ in the first two entries.

    Edit: be sure to have synapse 0.87 installed

    sudo add-apt-repository ppa:shutter/ppa
    sudo apt-get update && sudo apt-get install shutter

I chose to install synapse over gnome-do my usual default launcher, Synapse just seemed like a little more fun this time around.

sudo add-apt-repository ppa:synapse-core/ppa
sudo apt-get update && sudo apt-get install synapse

Some other software I installed as I realized it.

wget http://download.virtualbox.org/virtualbox/4.0.2/virtualbox-4.0_4.0.2-69518~Ubuntu~maverick_i386.de
sudo apt-get install libqt4-network libqt4-opengl
sudo dpkg -i virtualbox-4.0_4.0.2-69518~Ubuntu~maverick_i386.deb

sudo apt-get install apache2 mysql-client mysql-server php5 libapache2-mod-php5
sudo apt-get install banshee
sudo apt-get install subversion
sudo apt-get install sshfs

Ubuntu + Boxee

Who needs cable when you’ve got Boxee? I sure don’t, well except for watching some hockey. I love NHL Gamecentre, if only it played local games (well it can but not if they can help it). More on that at a later time, this is about my basic Boxee setup.

I’m going with Ubuntu 10.04 on this setup, I’ve played with 10.10 and had some troubles with it and a few things relating to boxee and my remote, I already had 10.04 installed on other boxee systems so this seemed like a good fit.

Hardware

I’m going with a Zotac Mag that I picked up at Ncix for pretty cheap on a boxing day sale. It’s got HDMI out and runs pretty cool and quiet. It also conveniently mounts to the back of your tv if you haven’t already mounted on to the wall which makes it nice and out of the way. For a remote I’m using a standard Windows Media Center remote circa 2005.

The Zotac doesn’t come pre-installed with any OS on it and there is no optical drives of any sort so you must boot from a USB disk. I have gone and used the Startup Disk Creator in Ubuntu to create a boot disk of Ubuntu 10.04.1 iso, pretty standard follow the instructions.

The Zotac boots from hard disk by default so be sure to press the delete key until you get the bios, set it to boot from the USB and Save & Exit. Because I used the 10.10 disk creator (that’s what I have running on my laptop) with a 10.04 iso there is a bug that doesn’t allow the usb disk to book correctly with the error message “vesamenu.c32: not a com32r image”. All I did was type help at the prompt which sent me to the help screen and then hit enter and it continued along it’s merry little way.

Software

With the live version of the OS up and running just hit the install to disk button and follow the prompts, this should all be pretty self-explanatory. I chose to let Ubuntu use the whole disk as it likes rather than partition it up myself.

With the OS installed a quick sudo apt-get update && sudo apt-get upgrade to get up to date and then I also installed the Restricted Drivers from Nvidia.

I can then download and install the boxee software itself by downloading the latest version from http://www.boxee.tv/download – at the time of writing it was 0.9.22.13692 for 32bit Ubuntu Linux. Just open the file it will open up in the Ubuntu Software Center and you are good to go.

Issues

First problem I ran into was the sound. Boxee booted up and it didn’t have the typical startup sounds. Because I’m using HDMI I realized I had to enabled the digital output in the System > Preferences > Sound menu on the Hardware tab. This wasn’t quite enough though, it turns out that alsa defaults to muting the Digital outputs. Just run the following in a terminal and use the mouse cursor to scroll over to the digital outputs, press the M key on each of them to unmute the digital outputs and you are good to go.

alsamixer

Next up, I tried out my remote and nothing. Right, I need to install lirc. You can find that in the System > Administration > Synaptic Package Manger or with a:

sudo apt-get install lirc

This will install lirc and then ask you a couple questions, first page you will scroll down and pick your remote. The second page I chose ‘None’ for the IR receiver as I’m not using one and that was it. Remote is now working again.

Now that the remote is working I wanted it to suspend the entire system when I pressed the power button.

Copy keymap file to your home dir.

cp /opt/boxee/system/keymaps/remote.xml ~/.boxee/UserData/keymaps/

and change XBMC.Shutdown() to XBMC.Suspend(). I found this on line 64 at the time of writing. I also updated line 68 XBMC.ActivateWindow(Home) to XBMC.ActivateWindow(10481) which allowed the MyTV button to load the TV page instead of going to the home screen.

Below is my Lircmap.xml file that I used for my MCE Remote

<lircmap>
<remote device="mceusb">
<play>Play</play>
<pause>Pause</pause>
<stop>Stop</stop>
<forward>Forward</forward>
<reverse>Rewind</reverse>
<left>Left</left>
<right>Right</right>
<up>Up</up>
<down>Down</down>
<select>OK</select>
<pageplus>ChanUp</pageplus>
<pageminus>ChanDown</pageminus>
<back>Back</back>
<menu>PreviousMenu</menu>
<title>More</title>
<info>More</info>
<skipplus>Skip</skipplus>
<skipminus>Replay</skipminus>
<display>Teletext</display>
<start>Home</start>
<record>Record</record>
<volumeplus>VolUp</volumeplus>
<volumeminus>VolDown</volumeminus>
<mute>Mute</mute>
<power>Power</power>
<mytv>Videos</mytv>
<mymusic>Music</mymusic>
<mypictures>Pictures</mypictures>
<myvideo>TV</myvideo>
<one>One</one>
<two>Two</two>
<three>Three</three>
<four>Four</four>
<five>Five</five>
<six>Six</six>
<seven>Seven</seven>
<eight>Eight</eight>
<nine>Nine</nine>
<zero>Zero</zero>
<red>Red</red>
<green>Green</green>
<yellow>Yellow</yellow>
<blue>Blue</blue>
</remote>
</lircmap>

In System > Preferences > Power Management turn off the display power down by setting it to Never. Be sure kernel is > 2.6.32-24 as there is a bug in 2.6.32-23 that does not allow to wake from the usb remote correctly.

The remote wasn’t working to wake, you need to enable a USB device to wake the computer. Here is a link suggesting how to find the correct device and set it, you need to try each of the USB devices listed until you find the right one, rebooting between each attempt. http://forum.xbmc.org/showpost.php?p=506509&postcount=11

Disable screen lock in gconf-editor to prevent asking for password when resuming from suspend:

gconftool-2 --type boolean -s /desktop/gnome/lockdown/disable_lock_screen true

(for some reason if you use app indicator it sill locks no matter which setting is used https://bugs.launchpad.net/ubuntu/+source/gnome-power-manager/+bug/255228)

Custom Look

Just for fun I decided to make the desktop look as clean and simple as possible and somewhat boxee-esqe. I set the toolbars on top and bottom to auto-hide. Just right-click on each, select Properties… and check Auto-Hide.

I then removed all desktop icons as you can see from http://www.howtogeek.com/howto/ubuntu/hide-removable-drive-icons-from-your-ubuntu-desktop/ and then I set wallpaper to use the boxee wallpaper which I found in here: /opt/boxee/skin/boxee/media/background

Add boxee to startup apps in System > Preferences > Startup Applications and Adding a new app with the command: /opt/boxee/run-boxee-desktop. This should automatically run boxee everytime you boot up your computer.

That’s about it! A nice clean simple custom boxee box that runs through HDMI with a remote and properly suspends. In a later post I’ll describe my setup for automated tv show downloads using transmission-daemon and tvnamer and perhaps some vpn magic to gain access to content you can’t normally view.