Tracy Phillips

Have you ever been sifting through your log files, and seen this little jewel:

Now are we listing on port 22 or not? I know I am logged in via ssh right now, so I know sshd is working correctly. Lets do a little investigation shall we? Lets see what is listing on port 22.

[server][root][~]# netstat -an | grep 22
tcp        0      0 :::22                      :::*                        LISTEN

[server][root][~]# lsof -i | grep 22
sshd        3449     root    3u  IPv6   7505       TCP *:22 (LISTEN)

Ahhhh HA! Just as I suspected, IPv6 is listening on port 22 so IPv4 can’t listen on port 22. Whew. I thought there might be something really serious going on.

Open up /etc/ssh/sshd_config in your favorite text editor and slap this snippet (or uncomment it if it is already there) into it.

ListenAddress 0.0.0.0

If you have this in your sshd_config, make sure that it is commented like so, by putting a hash (#) in front of it.

#ListenAddress ::

That should do it… restart sshd and that should take care of that little error… errrrr I mean jewel :-)

You can also disable IPv6 instead, but that’s taking things a little bit far if you ask me.

echo "alias net-pf-10 off" >> /etc/modprobe.conf

If you do disable IPv6, don’t forget to restart your server.

Scale 7.x will be February 20th – 22nd, 2009 at the Westin LAX Hotel and tickets are on sale now.

SCALE will co-op with LOPSA to make Linux training available at the Linux Expo. SCALE University will again convene at SCALE 7x!

Register early, demand will be high for the classes:

• Introduction to Virtualized Storage
• Disaster Recovery: Will you survive?
• Internal documentation for SysAdmins
• Saving the World with Fedora Directory Server

See you there… Be there or be square.

If you generate quite a few CSR’s that are used to generate SSL certificates, you might have the need to view the contents of the CSR itself to see if it has valid information in it.

To do that, save your CSR to a file… I will call mine, hostvelocity.com.www.csr (yeah, I know its long… but if you have ton of certs and csr’s lying around, it helps to be able to identify them)

Here is my CSR:

-----BEGIN CERTIFICATE REQUEST-----
MIIBtjCCAR8CAQAwdjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQH
EwlPY2VhbnNpZGUxFTATBgNVBAoTDEhvc3R2ZWxvY2l0eTEQMA4GA1UECxMHSVQg
RGVwdDEdMBsGA1UEAxMUd3d3Lmhvc3R2ZWxvY2l0eS5jb20wgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBALLHGFjPg3N6sq39e9cl6oGz214g/TgQW4wHwxlC0HLE
goMdjjReymgTYU8rsG3kJgoxGM5zd+wGgGzrlzKK06fep4gHH2QKYPvgvzNUpZKs
SmQC7rCu8VkBgmZTGAx1hQ2Yi9JUT8s4WjdTRYDrd0ZSOnG504pmEazDZwpysR1R
AgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQAyoAQkshdwXRniuNdKST35o+mftEz7
BruOiFn3B8W/O5ml3pLrhmYUHoOBpMb50H605QuWCwYYArhfSdFbCmjNfjaEqphU
eHG5HRzaMdyp6Imi7ZJUp5/rDGg1Idf+5v5zr5AwCVbjkPPLJEJnvjpn+XW+/5pO
joVymerQ/q2aHQ==
-----END CERTIFICATE REQUEST-----

Now to view the contents of it, just issue the following command

[server][root][~]# openssl req -text -noout -in hostvelocity.com.www.csr

and this is the output

Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=US, ST=CA, L=Oceanside, O=Hostvelocity, OU=IT Dept, CN=www.hostvelocity.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b2:c7:18:58:cf:83:73:7a:b2:ad:fd:7b:d7:25:
ea:81:b3:db:5e:20:fd:38:10:5b:8c:07:c3:19:42:
d0:72:c4:82:83:1d:8e:34:5e:ca:68:13:61:4f:2b:
b0:6d:e4:26:0a:31:18:ce:73:77:ec:06:80:6c:eb:
97:32:8a:d3:a7:de:a7:88:07:1f:64:0a:60:fb:e0:
bf:33:54:a5:92:ac:4a:64:02:ee:b0:ae:f1:59:01:
82:66:53:18:0c:75:85:0d:98:8b:d2:54:4f:cb:38:
5a:37:53:45:80:eb:77:46:52:3a:71:b9:d3:8a:66:
11:ac:c3:67:0a:72:b1:1d:51
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: md5WithRSAEncryption
32:a0:04:24:b2:17:70:5d:19:e2:b8:d7:4a:49:3d:f9:a3:e9:
9f:b4:4c:fb:06:bb:8e:88:59:f7:07:c5:bf:3b:99:a5:de:92:
eb:86:66:14:1e:83:81:a4:c6:f9:d0:7e:b4:e5:0b:96:0b:06:
18:02:b8:5f:49:d1:5b:0a:68:cd:7e:36:84:aa:98:54:78:71:
b9:1d:1c:da:31:dc:a9:e8:89:a2:ed:92:54:a7:9f:eb:0c:68:
35:21:d7:fe:e6:fe:73:af:90:30:09:56:e3:90:f3:cb:24:42:
67:be:3a:67:f9:75:be:ff:9a:4e:8e:85:72:99:ea:d0:fe:ad:
9a:1d

This is a good way to see if your customers have all the valid info required to order an SSL certificate. Things to look for:


C=Country
ST=State
L=City
O=Organization
OU=Department
CN=Common Name


You can see that I have that info in the output of the CSR above.

You need to run this as root:

[server][root][~]# for user in $(cut -f1 -d: /etc/passwd); do crontab -u $user -l; done

that will loop over each user in /etc/passwd listing out their crontab. The crontabs are owned by the respective users so you will not be able to see another user’s crontab without doing this as root.

Looks like Google has thrown Skype (Yahoo) a curve ball by introducing video chat.. right inside your browser. All you have to do is download and install a plugin and enable it in your gtalk from within gmail.

Now that is what I call bringing VoIP to the masses.
Chat anyone?

Well there you have it. Barack Obama will be the next president of the United States of America.

Barack Obama Wins in '08

Hopefully we will see the change Senator Obama has talked about for the last 21 months. By change, I mean change in the way that our federally elected officials work at a fundamental level. I think Washington has forgotten “Of the people, by the people” and they think of it more as “Of the party, by the party”.

Is Google breaking OpenID by not adhering to the already established standards?

I am glad they are embracing OpenID, the problem I have is how they are going about it. To make OpenID work, everyone needs to be on the same sheet of music. Google’s new way is to have you enter your email address instead of your OpenID provider URL.

With that said, I do like the concept of your email provider being your OpenID provider as well, one less thing to remember (not that its hard to remember a URL), and after all OpenID was created to help consolidate the multitude of authentications that you already have to remember.

I am not a big fan of “embrace and extend” when it breaks the system down. If they wish to extend the way OpenID works, there should be a consensus within the OpenID community.

Just in case you are using OpenOffice.org (OOo) and are looking for ways to speed it up, here is a tip that makes it open very quickly.

Tools -> Options -> Memory

Under Graphics cache:

Use for OpenOffice.org increase to 64MB “Memory per object” increase to 8MB

then under Java -> Java Options

Unselect Use a Java runtime environment

Close OOo and reopen it. See, how fast she goes now?

Having moved from Tennessee back in Feb 2008 it took me a couple of months to realize that I was now living in Southern California and that I was in a climbing mecca.

Previously, I had all but given up climbing… I just didn’t have the time, or so I thought. I am going to make time this go around.

I was surfing YouTube earlier and came across this video that looks pretty good:

I went bouldering over the Memorial Day weekend and although I didn’t get much bouldering in (My tips learned what the term “course granite” really means), I had a great time just being out again.

As my good friend Rob Piper used to say, “Thanks rock!”

In this fiery and funny TED talk, New York Times food writer Mark Bittman weighs in on what’s wrong with the way we eat now (too much meat, too few plants; too much fast food, too little home cooking), and why it’s putting the entire planet (and health) at risk.

I thought I was eating better by cutting the beef out of my diet and eating only fish and chicken. Hey Sushi is healthy right?

My wife and I have been trying to incorporate more raw foods into our diet along with milling grains for breads. This is a good read by Michael Pollan that gets you thinking more about big agra and that the FDA has sold us out.