mindnotes

fast notes about tech stuff

In this example we'll expand a partition sdb1 mounted on the /opt directory.

on the proxmox side

The first thing to do is expand the disk using the proxmox UI, for that you'll need to turn off the kvm instance, expand the disk and turn it on again.

on the linux side

now with the os running you can

umount /opt
parted /dev/sdb
fix
resizepart sdb1 100%
quit
e2fck -f /dev/sdb1
mount /opt
xfs_growfs /dev/sdb1

that's it!


Did you like our content?

We have a lot to share; visit our site!

Our fediverse services ;)

Chat and video? We have it!

And utilities for our community

You can also visit our hacking space!

Follow our founder!

Follow the status of our tools

Do you want to support us? You can!

See you!

[s]

Fast and simple!

systemctl disable systemd-resolved.service
systemctl stop systemd-resolved
echo nameserver 1.1.1.1 > /etc/resolv.conf
echo nameserver 8.8.8.8 >> /etc/resolv.conf

Did you like our content?

We have a lot to share; visit our site!

Our fediverse services ;)

Chat and video? We have it!

And utilities for our community

You can also visit our hacking space!

Follow our founder!

Follow the status of our tools

Do you want to support us? You can!

See you!

[s]

Just a mind note, as always.

Host *
  User gutocarvalho
  # keepalive
  TCPKeepAlive yes
  ServerAliveInterval 10800
  # network config
  AddressFamily inet
  Compression yes
  Protocol 2
  # log config
  LogLevel INFO
  # GSSAPI config
  GSSAPIAuthentication no
  GSSAPIDelegateCredentials no
  # checkings
  VerifyHostKeyDNS no
  StrictHostKeyChecking no
  # hosts obfuscation
  #HashKnownHosts yes
  # ciphers
  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
  # connection control
  ControlPath ~/.ssh/controlmasters/%r@%h:%p
  ControlMaster auto
  ControlPersist yes
  # algoritms
  HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
 KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

## special domain

Host *.domain.ai *.domain.sh *.domain.io
  User gcarvalho
  Port 2222
  IdentityFile /path/to/your/ssh/key

## internal network password

Host 192.168.1.*
  User ubnt
  Port 22
  PreferredAuthentications password
  PubkeyAuthentication no
  ControlMaster no

## internal network sshkey

Host 192.168.222.*
  User ansible
  Port 8820
  IdentityFile /path/to/your/ssh/key
  ControlMaster no

## git services

Host github github.com
  HostName github.com
  PreferredAuthentications publickey
  IdentityFile /path/to/your/ssh/key
  User gutocarvalho

Host bitbucket bitbucket.org
  HostName bitbucket.org
  PreferredAuthentications publickey
  IdentityFile /path/to/your/ssh/key
  User gutocarvalho

Host gitlab gitlab.com
  HostName gitlab.com
  PreferredAuthentications publickey
  IdentityFile /path/to/your/ssh/key
  User gutocarvalho

## other services

Host mastodon-prod
  Hostname host.domain.tld
  User gutocarvalho
  Port 4430
  IdentityFile /path/to/your/ssh/key

Host mastodon-dev
  Hostname host.domain.tld
  User gutocarvalho
  Port 4431
  IdentityFile /path/to/your/ssh/key


Did you like our content?

We have a lot to share; visit our site!

Our fediverse services ;)

Chat and video? We have it!

And utilities for our community

You can also visit our hacking space!

Follow our founder!

Follow the status of our tools

Do you want to support us? You can!

See you!

[s]

For more show options

show command [TAB] [TAB]

show

general usg information

version

show version

configuration

show configuration all

logs with tail-like view

show log tail

network

summary

show interfaces

detailed

show interfaces detail

arp table

show arp

debugging

show debuging

load balancer

status

show load-balance status

watchdog status

show load-balance watchdog

dns

statistics

show dns forwarding statistics

dhcp

leases

show dhcp leases

statistics

show dhcp statistics

ntp

configuration

show ntp

system information

disk usage

show system storage

memory usage

show system memory

processeses

show system processes

uptime

show system uptime

Connections information

show system connections

users

show system login users

defining the network controller

Informing the Controller

set-inform http://unifi_network_controller_ip_here:8080/inform

reset & restore

Resetting to the default config

syswrapper.sh restore=default

refs


Did you like our content?

We have a lot to share; visit our site!

Our fediverse services ;)

Chat and video? We have it!

And utilities for our community

You can also visit our hacking space!

Follow our founder!

Follow the status of our tools

Do you want to support us? You can!

See you!

[s]

why?

Ubuntu 20.04 certbot package is ancient, the packge offers version 0.40.0 instead the current version is 2.6.x.

I need some resource like —preferred-chain that only exists in the recent version.

let's install it

apt remove certbot -f

installing depencies

 apt install python3 python3-venv libaugeas0

creating a venv

python3 -m venv /opt/certbot/

upgrading pip

/opt/certbot/bin/pip install --upgrade pip

installing the plugins

/opt/certbot/bin/pip install certbot certbot-apache certbot-nginx certbot-dns-cloudflare

creating the simbolic link

ln -s /opt/certbot/bin/certbot /usr/bin/certbot

creating a certificate for my zimbra

certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cloudflare/nativetrail.conf -d '*.nativetrail.io,nativetrail.io' -n --force-renewal --preferred-chain "ISRG Root X1"

That's it ;)


Did you like our content?

We have a lot to share; visit our site!

Our fediverse services ;)

Chat and video? We have it!

And utilities for our community

You can also visit our hacking space!

Follow our founder!

Follow the status of our tools

Do you want to support us? You can!

See you!

[s]

https://technitium.com/dns/


Did you like our content?

We have a lot to share; visit our site!

Our fediverse services ;)

Chat and video? We have it!

And utilities for our community

You can also visit our hacking space!

Follow our founder!

Follow the status of our tools

Do you want to support us? You can!

See you!

[s]

create the directory

$ mkdir -p ~/.ssh/controlmasters/

edit your ssh config file

$ vim ~/.ssh/config

at the top (first line, first config) add this

Host *
  ControlPath ~/.ssh/controlmasters/%r@%h:%p
  ControlMaster auto
  ControlPersist yes

that's it!

references


Did you like our content?

We have a lot to share; visit our site!

Our fediverse services ;)

Chat and video? We have it!

And utilities for our community

You can also visit our hacking space!

Follow our founder!

Follow the status of our tools

Do you want to support us? You can!

See you!

[s]

In this case, the registration is open with review with e-mail validation.

creating the account updates

docker-compose run --rm shell bin/tootctl accounts create updates --email updates@bolha.us --confirmed

confirming the e-mail

docker-compose run --rm shell bin/tootctl accounts modify --confirm updates

Did you like our content?

We have a lot to share; visit our site!

Our fediverse services ;)

Chat and video? We have it!

And utilities for our community

You can also visit our hacking space!

Follow our founder!

Follow the status of our tools

Do you want to support us? You can!

See you!

[s]

adduser ulysses
pveum user list
pveum user add ulysses@pam
pveum user list
pveum acl modify  --roles PVEAdmin --users ulysses@pam
pveum user list

that's it.

just a reminder!

refs


Did you like our content?

We have a lot to share; visit our site!

Our fediverse services ;)

Chat and video? We have it!

And utilities for our community

You can also visit our hacking space!

Follow our founder!

Follow the status of our tools

Do you want to support us? You can!

See you!

[s]

Don't use RSA or ECDSA, not anymore.

Use ed25519; it's simple, shorter, and more secure!

ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/gutocarvalho_ed25519 -C "gutocarvalho@bolha.us"

add to your agent to use easily

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/gutocarvalho_ed25519

ED25519?

Ed25519 is a public-key signature algorithm that was proposed by Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang in their paper High-speed high-security signatures (doi.org/10.1007/s13389-012-0027-1) in 2011. More precisely, Ed25519 is an instance of the Edwards-curve Digital Signature Algorithm (EdDSA), where a twisted Edwards curve birationally equivalent to the curve called Curve25519 is used. Curve25599 is a very fast elliptic-curve-Diffie-Hellmann function that was proposed by Daniel J. Bernstein in his paper Curve25519: new Diffie-Hellman speed records in 2006.

Text from: https://blog.peterruppel.de/ed25519-for-ssh/

Why?

There are several aspects that make Ed25519 appealing for authentication in SSH:

  • Ed25519 is considered to be secure (similar difficulty to breaking a ~3000-bit RSA key).
  • Creating a new signature with Ed25519 does not require a random input. This is very desirable from a security perspective (see the Playstation3 hack above...).
  • Ed25519 is resilient to hash-function collisions. This is good because it provides some additional protection in case the selected hash function contained some weakness.
  • Ed25519 is immune to cache-timing attacks, hyperthreading attacks, and other side-channel attacks that rely on leakage of addresses through the CPU cache. This is also very desirable from a security perspective.
  • Ed25519 does not use secret branch conditions, i.e., it is immune to side-channel attacks that rely on leakage of information through the branch-prediction unit.

Text from: https://blog.peterruppel.de/ed25519-for-ssh/

References


Did you like our content?

We have a lot to share; visit our site!

Our fediverse services ;)

Chat and video? We have it!

And utilities for our community

You can also visit our hacking space!

Follow our founder!

Follow the status of our tools

Do you want to support us? You can!

See you!

[s]