You may want to consider buying the print edition from Amazon though as it is a rather long read (or print) from PDF…

I’m sure you have heard by now that there is a reported vulnerability in openSSL and openSSH. This only affects Debian and its variants for now (ie:Ubuntu).

This is a pretty serious issue so it should be patched ASAP.

Follow the instructions below to guard your Debian and Ubuntu machines from the vulnerability.

Run the following to find out if you are affected:

wget -c http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
gunzip dowkd.pl.gz
chmod u+x dowkd.pl
./dowkd.pl user
./dowkd.pl host hostname

If either the 2nd to last or the last command issued above shows something similar to the following:

.ssh/id_dsa.pub:1: weak key

…then you are affected by the vulnerability. If you do not see “weak key” reported then you are OK.

Otherwise follow below:

Apply any updates by entering the following at a command line:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade

You should see an update for openssl and openssh packages (along with anything else available).

After these new packages have been installed you will want to regenerate any keys that you’ve generated (ie; openssh keys, CA cert, etc).

To generate a new openssh key for your user: (This only required if ‘./dowkd.pl user‘ reports weak)

ssh-keygen -t dsa -b 1024

To generate a new openssh key for your server: (This only required if ./dowkd.pl host hostname reports weak)

sudo rm /etc/ssh/ssh_host_{dsa,rsa}_key*
sudo dpkg-reconfigure -plow openssh-server

You should now run the validation script again and make sure it does not report any errors. If you still see reported warnings such as:

.ssh/authorized_hosts:1: weak key

…this means that you have keys saved that are still affected, in this case in the authorized_host file. The easiest way to solve this is issue the following:

rm .ssh/authorized_hosts

This will remove the file, which will be recreated the next time it is needed or you can delete the line in the affected file using your favorite text editor. The line is indicated by the ending “:1″ which maps to the affected line number.

Continue to run the ./dowkd.pl script until no weaknesses are reported.

A new kernel update just went out yesterday or the day before (not
sure), but it fixes the vmsplice proof-of-concept exploit that was
released two days ago. The exploit would allow someone at a non-root
console to elevate themself to root without using sudo or su or knowing
any passwords at all.

Check out Mackenzie’s site: Ubuntu Linux Tips & Tricks

Technorati Tags: update, vulnerability

In my example I had all my music saved on an external hard drive that mounted itself as “disk”. I wanted to change it over to a new computer and a new external drive that mounts itself as “OneTouch1″ (Maxtor external drive). It doesn’t matter where your music is and where you want it to go (maybe you just want to connect the same drive to a new computer) but in either case this is how I did it:

First off I mounted both drives on the computer that had the current configuration I wanted to save.

Then I ran an rsync command to transfer all my music from the old external drive to the new one:

rsync -av /media/disk/Music/ /media/OneTouch1/Music

This copied all my music from disk/Music to OneTouch1/Music.

Then I needed to grab the current mySQL database, so I fired up webmin on the localhost and did a backup of my “amarok” database I had all my collection data stored in. One more thing you will need for all your playlist and configuration settings is the app settings folder located in your home directory in a hidden directory. You can grab it like so:

rsync -av /home/yourusername/.kde/share/apps/amarok/ /media/OneTouch1/amarok

Make sure you substitute your username and new drive name above.

Now we should be ready to configure the new computer with your old computer’s settings. The next steps assume you have Amarok installed and running.

Make sure Amarok is closed and not running and then plug in your external drive.

Create a symbolic link to map everything up like it was before. In my case it was done like so:

ln -s /media/OneTouch1/ /media/disk

The above is needed even if you want to use the same drive, but only in the case that it mounts itself on the new computer with a different name than it does on the old computer.

Now we want to create an empty database called amarok (or whatever your previous db was called) (I used webmin for ease of use) and create the same user id and credentials that you had used on your previous computer.

The next step is open your home directory and hit ctrl “h” to show hidden files and browse to .kde/share/apps and rename the amorak folder to amorak_old (just so we can revert later if needed). Then copy the amorak folder we had backed up from your old computer onto the external drive to replace the folder we just renamed.

Once this is all complete, we can open Amarok and go to Settings -> Configure Amarok and navigate to the Collection tab on the left. Make sure that the correct directory is selected (using the symbolic link to select it) and also that the correct db and user credentials are entered.

After the above is done, go to Tools -> Rescan Collection. This may take awhile, depending on the size of your collection, but when it is complete you should see that everything is how it was on your old computer!

Technorati Tags: Amarok, migrate, music, collection, playlists

This guide assumes that you have an SSH server setup on your “server” and an SSH client set up on your client. (sudo apt-get install openssh-server & sudo apt-get install openssh-client respectively)

First from the client run the following command logged in as your normal user account:

ssh-keygen

(Leave the password blank if you do not want to supply it on login, but remember to guard the created cert with your life as it opens the door to anyone that finds it…)

This creates id_rsa and id_rsa.pub in the ~/.ssh directory.

Next we want to upload the pub file to the remote server/host that you want to connect to:

scp ~/.ssh/id_rsa.pub remoteuser@remotehost:~/

Now that it is uploaded we have to authorize it by connecting to the remote machine (ssh user@remotehost) and running the following on the remote host:

cat id_rsa.pub >> ~/.ssh/authorized_keys

and then:

rm id_rsa.pub

to delete the uploaded file.

If the remote host does not have key authentication enabled (should be by default), ssh the machine and edit the config file like such:

nano /etc/ssh/sshd_config

and add/change the following to options as such:

RSAAuthentication yes
PubkeyAuthentication yes

then reload the config:

At this point you can check to make sure that you are allowed to log in via your key and if that is the case you can disable password authentication.

Edit the config again:

nano /etc/ssh/sshd_config

and set the following:

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

reload the config:

/etc/init.d/ssh reload

That it. You are now on your way to more secure/hassle free SSH authentication.

Technorati Tags: SSH, key, authentication

Technorati Tags: wallpapers

Well today you are in luck. VMware Server (free), allows you to connect graphically to administer a VMware  Server so there is no need to install a GUI on your VMware Server and waste precious RAM.

Let’s get started.

First off, I assume that you already have an install of Gutsy Gibbon server version installed and set to a static IP address. From here on out it is pretty easy.

All we have to do is run the following command to install a few prerequisites before we get started.

First jump to the root account:

sudo su

then:

apt-get install build-essential linux-headers-`uname -r` xinetd xorg-dev

After that is installed we grab the install tar file from VMware.com:

wget http://vmware.com/whatever-the-current-release-url-is

extract the tar:

tar xfz VMware-server-1.*

then move into the newly created directory:

cd vmware-server-distrib

Then run the install script:

./vmware-install.pl

Accept all the default options (unless you have reason not to) and you will return back to the command prompt after installation is complete.

At this point you can connect to the server via the VMware console by entering the IP address of your new VMware Server and the login credentials.

Technorati Tags: VMware, server, Gutsy, Gibbon, Ubuntu

• Run gconf-editor (by hitting Alt+F2 or from terminal).
• Browse to apps->nautilus->desktop in the left-hand folders window
• Uncheck the “volumes_visible” option

Careful, as this will also hide portable storage volumes also…

http://secunia.com/advisories/26885/

If you have it downloaded into the /usr/local/webmin directory, the following commands should get you upgraded (while logged in as root):

cd /usr/local/webmin
wget http://prdownloads.sourceforge.net/webadmin/webmin-1.370.tar.gz
tar xzvf webmin-1.370.tar.gz
cd webmin-1.370
sh setup.sh

then follow the prompts…

Technorati Tags: Linux, webmin, update, vulnerability, alert

Ubuntu is fully supported.

Get it here:

http://desktop.google.com/linux/