VMware ESX SSH No Matching Cipher Found Error
If you need to speedup file transfer to you ESX server using scp you can change the Chiper to 'blowfish' or '3des', example:
scp -c blowfish filename.tar.gz root@10.10.10.1:/vmfs/volumes/storage1/
But you can get this error Message:
no matching cipher found: client blowfish-cbc server aes256-cbc,aes128-cbc
You can edit your Ciphers list to include blowfish-cbc by doing the following:
vi /etc/ssh/sshd_config
at the end of the file you should see a line like: Ciphers aes256-cbc,aes128-cbc
Change this line to:
Ciphers aes256-cbc,aes128-cbc,blowfish-cbc
Once the file has been updated run the following command to restart the sshd service:
service sshd restart
Identify disk device with the UUID
When linux system starts, auto mounting partition will be done by refering to the configuration file /etc/fstab (File System Table), in this file you specify the disk, the mount point and the type of mount to do at system startup:
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/sda1 /my/disk vfat default,umask=077,gid=46 0 0
In the above example /dev/sda1 is the device you want to be mounted in /my/disk directory, but the name /dev/sda1 can change when you change the order on your controller or when you change the port where you connect your external usb-drive.
So the name of the device isn't an unique identifier of the specific disk; you need to refer to it in a different way, using the UUID (Universally Unique IDentifier). The UUID is a specific identifier for this specific file system, it changes only when you reinitialize the filesystem but not when you change the order you connect it to you machine.
So you can change you /etc/fstab in this way and you no need to worry about the reordering of hard disk anymore:
UUID=1928b637-4daa-4073-b42c-14a05220ce8a /my/disk vfat defaults,umask=007,gid=46 0 0
To retrive the UUID of a specific partition you had different ways depending on your linux distribution, here are some example, try the one that fits your linux distribution:
dumpe2fs /dev/sda1 | grep -i uuid
blkid /dev/sda1
ls -l /dev/disk/by-uuid/
Reset ILO (Integrated Lights-Out 2) on HP Server
Recently I had the necessity to reset the ILO interface of an HP Proliant Server.
I found that you need to connect in ssh (or in telnet) to do it.
One connect give this commands:
cd /Map1
reset
Here an example:
User:admin logged-in to ILOGB87451B7E(10.1.1.15)
iLO 2 Advanced 1.81 at 11:05:47 Jan 15 2010
Server Name: myserver.mydomain.com
Server Power: On
hpiLO-> cd /Map1
status=0
status_tag=COMMAND COMPLETED
/Map1
hpiLO-> reset
status=0
status_tag=COMMAND COMPLETED
Resetting iLO.
CLI session stopped
Can’t find Telnet in Windows Vista
For some strange security reasons Microsoft decided to don't enable by default the telnet client in Windows Vista.
In order to enable it follow this simple steps:
- Go to Control Panel
- Select Programs and Features
- Select Turn Windows features on or off
- Select the Telnet Client option
- Click OK
- A dialog box will appear to confirm installation
The telnet command should now be available!
Solve Issue: “can’t open /etc/ntp/drift.TEMP: Permission denied”
If you get the error "can’t open /etc/ntp/drift.TEMP: Permission denied" in your /var/log/messages just simply modify the configuration file /etc/ntp.conf changing the incorrect entry:
driftfile /etc/ntp/drift
to the correct one:
driftfile /var/lib/ntp/drift
This is due to the fact that the ntp daemon doesn't run as root but the directory /etc/ntp is owned by root!
On the newest release of RedHat the preferred location for the drift file is the directory /var/lib/ntp but you can set an other one owned by ntp:ntp .
Fix RMAN-06059: expected archived log not found
If you get RMAN-06059: expected archived log not found it means that rman can't find one or more archivelog file that he had to archive.
In order to fix it you can restore the archivelog he can't find or you had to force the crosscheck of all the archivelog issuing this command:
RMAN> change archivelog all crosscheck;
In this way you probably don't have a consistent backup so it's reccomended to make a full backup in order to go to a consistent situation.
Enable root login in GUI Gnome
For security reason is a very bad idea logging in with the root account directly to you box, but if you need it here's the solution.
First of all make a backup copy of the file you need to modify:
cp /etc/gdm/gdm /etc/gdm/gdm.backup cp /etc/gdm/gdm-password /etc/gdm/gdmpassword.backup cp /etc/gdm/gdm-fingerprint /etc/gdm/gdm-fingerprint.backup
Now modify these files:
vi gdm vi gdm-password vi gdm-fingerprint
You need to comment or remove the line:
auth required pam_succeed_if.so user != root quiet
Reboot you system and you can logon with root in the GUI.
If you don't have the fingerprint sensor on you machine, probably you don't need to change this file!
Tested only on Fedora Core 11 & 12
Add and Remove kernel
Some simple commands to add/remove/change kernels on RedHat based Linux
Install a new kernel:
rpm -ivh kernel.....rpm
Show the kernel installed:
rpm -qa | grep kernel
Remove unused kernel:
rpm -e kernel.....
Removing kernel it should remove also the entries in the grub.conf
In order to check the current kernel you can simply use the command:
uname -a
In order to change the kernel to load at startup edit the file /boot/grub/grub.conf.
Show routing table in AIX
On an AIX system in order to show the routing you need to user this command:
netstat -nr
Recreate Enterprise Manager Repository on 10g Windows with multiple ip addresses
If you have a Windows Server with multiple IP addresses and you install a Database Instance with Enterprise Manager Repository and you bind your LISTENER to a different ip address than the one that respond to the machine name you had to manually drop and recreate the EM.
You had to open a dos command prompt and setup your SID and you correct IP Address:
C:\> set ORACLE_SID=YOUR_SID C:\> set ORACLE_HOSTNAME=10.1.0.100
Unlock DBSNMP and SYSMAN user and reset their password connecting :
sqlplus "sys/YOUR_PASSWORD@YOUR_SID as sysdba" alter user dbsnmp account unlock identified by YOUR_PASSWORD; alter user sysman account unlock identified by YOUR_PASSWORD;
Go to %ORACLE_HOME%\bin directory and drop EM Repository:
C:\oracle\product\10.2.0\db1\bin> emca -deconfig dbcontrol db -repos drop
Clear some DB Object that can remain:
sqlplus "sys/YOUR_PASSWORD@YOUR_SID as sysdba" drop public synonym SETEMVIEWUSERCONTEXT; drop ROLE MGMT_USER; drop PUBLIC SYNONYM MGMT_TARGET_BLACKOUTS; drop user sysman cascade; drop user MGMT_VIEW cascade; exit;
Recreate the EM Repository:
C:\oracle\product\10.2.0\db1\bin> emca -config dbcontrol db -repos create
When you start emca operations follow online instructions.
Enable SSH on ESXi (3i and 4.0)
ESXi 3.5 and 4.0 has the ability to run SSH Daemon, but is disabled by default (and is not officially supported). If you need to access to the console of an ESXi perform this steps:
- At the console ot the ESXi host press ALT-F1 to access the console windows.
- Enter unsupported in the console and the press Enter (you will not see the text you type in).
- If you typed in unsupported correctly, you will see the Tech Support Mode warning and a password prompt. Enter the password for the root login.
- You should the see the prompt of ~#. Edit the file inetd.conf (vi /etc/inetd.conf).
- Find the line that begins with #ssh and remove the #. Then save the file. (NOTE: there are two lines for SSH with ESXi 4.0,one for regular IP and the other for IPv6)
- Once you've edited the file, you had to kill the inetd process, run ps | grep inetd to determine the process ID, then run kill -HUP <process_id>
Tip: some applications like WinSCP uses as default encryption cipher AES, If you change that to Blowfish you will likely see significantly faster transfers.
Restore a Cisco AP1100 Series with a IOS firmware failure
Recently i need to restore a Cisco AP1100 Series with a firmware failure so i found this notes on how to restore:
If your Access Point (Cisco AP1100 Series) experiences a firmware failure or a corrupt firmware image, indicated by three red LED indicators, you must reload the image from a connected TFTP server.
This procedure resets all configuration settings to factory defaults, including passwords, WEP keys, the access point IP address, and SSIDs.
Follow this steps below to reload the access point image file:
- The PC you intend to use must be configured with a static IP address in the range of 10.0.0.2 to 10.0.0.10.
- Make sure the PC contains the access point image file (c1100-k9w7-tar.default) in the TFTP server folder and the TFTP server is activated.
- Connect the PC to the access point using a Category 5 (CAT5) Ethernet cable.
- Disconnect power (the power jack for external power or the Ethernet cable for in-line power) from the access point.
- Press and hold the MODE button while you reconnect power to the access point.
- Hold the MODE button until the status LED turns red (approximately 20 to 30 seconds), and release the MODE button.
- Wait until the access point reboots as indicated by all LEDs turning green followed by the Status LED blinking green.
- After the access point reboots, you must reconfigure the access point by using the Web interface, the Telnet interface, or IOS commands.
When the Access Point reboots it has his standard ip (10.0.0.1) and his standard User and Password(Cisco/Cisco).
Disable Data Execution Prevention (DEP) for Internet Explorer 8
If you disable DEP at Operating System level and you have Internet Explorer 8 it remain enabled for it.
You can disable for IE8 just adding this reg file:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "DEPOff"=dword:00000001
Use OpenVPN p12 cert with NetworkManager
The Linux NetworkManager doesn't support PKCS12 files that are produced from an OpenVPN Server.
This file include both the certificate and the private key that had to be extracted.
Import the .ovpn file in Network Manager in order to setup the Connection parameters, and extract from the .p12 file the UserCert, the CACert and the UserKey with this three simple commands:
openssl pkcs12 -nocerts -in YOUR_CERT.p12 -out userkey.pem openssl pkcs12 -nokeys -clcerts -in YOUR_CERT.p12 -out usercert.pem openssl pkcs12 -nokeys -cacerts -in YOUR_CERT.p12 -out userca.pem
Restart ESX Management Services
If you can't connect from the Virtual Center Server to an esx server you probably need to restart the Virtal Center Agent on the esx server:
service vmware-vpxa restart
If you still can't connect neither through the Virtual Center neither directly to the host from VMware Infrastructure Client you may need to restart both the Virtual Center Agent and the Management Server Service on the esx server:
service mgmt-vmware restart service vmware-vpxa restart
You can do it without giving any problem to the running virtual machines.
SSH Without a Password
In order to connect through ssh beetween linux hosts without prompting password you need to store the RSA Keys.
First log in on SERVERA as user USERA and generate a pair of authentication keys. Do not enter a passphrase:
usera@SERVERA:~> ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/usera/.ssh/id_rsa): Created directory '/home/usera/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/usera/.ssh/id_rsa. Your public key has been saved in /home/usera/.ssh/id_rsa.pub. The key fingerprint is: 4a:4a:79:12:1b:2a:9f:3d:7c:be:f9:43:56:cb:24:e1 usera@SERVERA
Now use ssh to create a directory ~/.ssh as user userb on SERVERB. (The directory may already exist, which is fine):
usera@SERVERA:~> ssh userb@SERVERB mkdir -p .ssh userb@SERVERB's password:
Finally append usera's new public key to userb@SERVERB:.ssh/authorized_keys and enter userb's password for the last time:
usera@SERVERA:~> cat .ssh/id_rsa.pub | ssh userb@SERVERB "cat - >> .ssh/authorized_keys" userb@SERVERB's password:
From now on you can log into B as b from A as a without password:
usera@SERVERA:~> ssh userb@SERVERB hostname SERVERB
In some Linux version (it depends on SSH version) you had to:
- Put the public key in .ssh/authorized_keys2
- Change the permissions of .ssh to 700
- Change the permissions of .ssh/authorized_keys2 to 640
Install Windows XP in VMware ESX
In order to install Windows XP in VMware ESX you need to download the SCSI drivers from VMware.
http://download3.vmware.com/software/vmscsi-1.2.0.4.flp
Without this drivers the Windows XP will not find the Hard Disk.
Yum: quick use
* Install PackageKit:
yum install PackageKit
* To see a list of available software:
yum list available
* To install some software, you type:
yum install packagename
* To update some software, you type:
yum update packagename
If you leave out "packagename" yum will update all your software.
* To see what updates are available, you can do:
yum check-update
* To search for a package, you can do:
yum search word
* Use a proxy
http_proxy=proxy:portnum
export http_proxy
Ubuntu: unlock and lock root account
To unlock root account you just need to set it a password:
sudo passwd root
and set a password as normal.
To lock root account you just need to remove it's password:
sudo passwd -l root
Linux: quickly setup NFS Server
On the source server (10.1.0.1):
Modify: /etc/exports
Add:
/dir/subdir 10.1.0.2(rw,sync,no_root_squash)
Restart NFS Server:
service nfs restart
On the second server (10.1.0.2):
Create the mount point:
mkdir -p /mnt/other_server
Mount it:
mount 10.1.0.1:/dir/subdir /mnt/other_server
You can put it in rc.local if you need it mounted at every reboot