Fabian Lee : Software Engineer

Bash: fixing “Too many authentication failures” for ssh with private key authentication

December 21, 2023
Categories: Linux

If you are using ssh private/public keypair authentication, and get an almost immediate error like below: $ ssh -i id_rsa.pub myuser@a.b.c.d -p 22 Received disconnect from a.b.c.d port 22:2: Too many authentication failures Disconnected from a.b.c.d port 22 Then try again using the ‘IdentitiesOnly‘ option. ssh -o ‘IdentitiesOnly yes’ -i id_rsa.pub myuser@a.b.c.d -p 22 The … Bash: fixing “Too many authentication failures” for ssh with private key authentication

Bash: fixing SSH authentication error “bad ownership or modes for file/directory”

November 5, 2023
Categories: Linux

If ssh private/public keypair authentication is failing, check the logs on the server side for permission errors. On Debian/Ubuntu check for these errors in “/var/log/auth.log”. # error if authorized_keys file has too wide a permission for others Authentication refused: bad ownership or modes for file /home/myuser/.ssh/authorized_keys # error if .ssh directory has too wide a … Bash: fixing SSH authentication error “bad ownership or modes for file/directory”

Linux: ssh client throwing unable to negotiate error

January 9, 2023
Categories: Linux

If you are attempting to ssh to a server and receive an error like below, it means the server side ssh daemon only supports a cryptographically weaker algorithm. Unable to negotiate with 192.168.2.1 port 22: no matching host key type found. Their offer: ssh-rsa If you still wish to connect, you can either provide this … Linux: ssh client throwing unable to negotiate error

Bash: extend timeout for idle ssh sessions using TMOUT

October 17, 2022
Categories: Linux

The ClientAliveInterval and ClientAliveMaxCount settings in “/etc/sshd/sshd_config” work together to control the timeout value of an ssh session on the server side. But under BASH, to keep idle client sessions from timing out, you also need to set the ‘TMOUT’ variable or you will see messages like below when disconnected. timed out waiting for input: … Bash: extend timeout for idle ssh sessions using TMOUT

Ansible: orchestrating ssh access through a bastion host

May 29, 2021
Categories: Automation

Ansible uses ssh to configure its target host inventory, but for on-premise datacenters as well as hyperscalers like EC2/GCP/Azure, the target hosts are often purposely located in deeper private subnets that cannot be reached from the Ansible orchestrator host. One solution is to enable a bastion/jumpbox host that serves as the forwarding host. It sits … Ansible: orchestrating ssh access through a bastion host

KVM: virt-manager to connect to a remote console using qemu+ssh

February 16, 2019
Categories: Linux, Virtualization

If you are running KVM on a console-only server, you still have the option to use the graphical virt-manager. You just need to specify the method of communication (ssh, tls, tcp, etc). In this article I will show how to use virt-manager from an Ubuntu client desktop to a server running KVM and libvirtd, with … KVM: virt-manager to connect to a remote console using qemu+ssh

Ubuntu: X2Go on Ubuntu bionic for remote desktop access

February 3, 2019
Categories: Linux

Updated April 2023: Tested on Ubuntu 22.04 LTS with X2GO sever 4.1.0 X2Go provides remote desktop access for Linux, similar to VNC or xRDP. It tunnels over ssh which can provide SSH public key authentication for security and is easily understood when opening firewall rules. Additionally, it is optimized for narrow bandwidth requirements, making it … Ubuntu: X2Go on Ubuntu bionic for remote desktop access

Ubuntu: X11 forwarding to view GUI applications running on server hosts

October 14, 2018
Categories: Linux

Although server hosts typically have no graphical desktop and only serve console-based clients, these machines still have the ability to serve a GUI display screen to a remote desktop if necessary. The X11 protocol makes it possible to send the graphical display to a remote graphical desktop. Beyond the ability to run GUI utilities on … Ubuntu: X11 forwarding to view GUI applications running on server hosts

KVM: Creating an Ubuntu VM with console-only access

October 6, 2018
Categories: Linux

If you are running KVM on a console-only host OS, you can still do a full Ubuntu installation on a KVM guest VM by using serial port output and the Ubuntu Server text-based installer. Once deployed, this guest VM can be accessed by using ssh or ‘virsh console’, without the need for a graphics display. … KVM: Creating an Ubuntu VM with console-only access

SaltStack: salt-ssh for agentless automation on Ubuntu

July 1, 2018
Categories: Automation, DevOps

Configuration Management tools like SaltStack are invaluable for managing infrastructure at scale. Even in the growing world of containerization, there is the need for bulk automation. This article will detail installation of Salt SSH which leverages the power of SaltStack without the requirements for an agent install.

CloudFoundry: Deploy Cloud Foundry locally using BOSH Lite on Ubuntu

March 8, 2018
Categories: Containers, Virtualization

Update Jan 2019: Now using CredHub instead of ‘–vars-store’ (which will be deprecated in CF 3) Even if you are developing a service or application that will ultimately be deployed to a private Cloud Foundry instance, having a local CF instance for development work is still an ideal development workflow. There is a local CF … CloudFoundry: Deploy Cloud Foundry locally using BOSH Lite on Ubuntu

CloudFoundry: Enabling Java JMX/RMI access for remote containers

December 9, 2017
Categories: Containers, Java

Enabling the use of real-time JVM monitoring tools like jconsole and VisualVM can be extremely beneficial when troubleshooting issues. These tools work by enabling a JMX/RMI communication channel to the JVM. These are typically thought of as local development tools, but they can also be used on remote CF containers running Java. In this article, … CloudFoundry: Enabling Java JMX/RMI access for remote containers

CloudFoundry: Java thread and heap dump analysis on remote containers

December 8, 2017
Categories: Containers, Java

Java thread and heap dumps are valuable tools for troubleshooting local development, but they can also be used on remote CF containers running a JVM. In this article, we’ll go through various method of gathering this data from a Cloud Foundry container and then tools for analyzing this data. Now matter how uniform your environments, … CloudFoundry: Java thread and heap dump analysis on remote containers

Windows: Windows 2012 Sysprep for Vagrant readiness

October 5, 2017
Categories: Linux

Many developers like to use Vagrant from HashiCorp to standardize the workflow of virtual machines: creation, running, destroying, taking snapshots, etc.. Usually Vagrant is used for Linux hosts, but it also works with Windows as long as you prepare the template properly. In a previous article I went over the detailed steps to create a template image for … Windows: Windows 2012 Sysprep for Vagrant readiness

Ansible: Installing Ansible on Ubuntu 16.04

June 6, 2017
Categories: Automation, Linux

Ansible is an agentless configuration management tool that helps operations teams manage installation, patching, and command execution across a set of servers. In this article I’ll describe how to deploy the latest release of Ansible using pip on Ubuntu 16.04, and then perform a quick validation against a client.

Ansible: Installing Ansible on Ubuntu 14.04

June 4, 2017
Categories: Automation, Linux

Ansible is an agentless configuration management tool that helps operations teams manage installation, patching, and command execution across a set of servers. In this article I’ll describe how to deploy the latest release of Ansible using pip on Ubuntu 14.04, and then perform a quick validation against a client.

OpenWrt: Upgrading OpenWrt to the latest snapshot build

February 4, 2017
Categories: OpenWrt

Update Jan 2023: I have written an updated article on doing a sysupgrade from older OpenWrt versions to 19.x. If you want to do an in-place sysupgrade of a 19.x or earlier snapshot, use the instructions from the newer article, but selecting a snapshot image instead of a stable release image. Although stables releases of … OpenWrt: Upgrading OpenWrt to the latest snapshot build

SaltStack: Running a masterless minion on Ubuntu

October 31, 2016
Categories: DevOps, Linux

It may be hard to imagine on the development side, but there are instances where a deployed host is not accessible from the Salt Master in a production environment. This forces a bit of creativity if you have a set of standard formulas you need to apply to the host. For instance, imagine a host … SaltStack: Running a masterless minion on Ubuntu