Skip to content

Linux

Setup Two Factor Authentication to Debian

It is always best to have Two-factor authentication (2FA) to any method of access control. The following post will guide you to enable 2FA on Debian Linux environment.

It is assumed that we will be using Password Authentication in conjunction with 2FA.

Install Google Authenticator

apt-get install libpam-google-authenticator

Edit /etc/pam.d/sshd and add the following.

auth required pam_google_authenticator.so

Edit the file _/etc/ssh/sshdconfig and make sure you have the following enabled.

UsePAM yes
ChallengeResponseAuthentication yes

Run Google Authenticator from the account.

google-authenticator

Add the account to your Google Authenticator app and save the emergency codes.

Read more

Exim Error: Exit R=virtual_aliases: No Such User Here

T he following Exim mail servers error was encountered while sending out mails. The original error was experienced by Gravity Forms WordPress plugin. However, I was able to test it out by using command line to rule out the plugin.

someone@domain.com R=virtual_aliases: No Such User Here

The debug message I received via Gravity Forms is the following. This confirms the mail has been passed on from WordPress to the mail server.

2016-03-25 11:06:04.042599 - DEBUG --> GFCommon::send_email(): Result from wp_mail(): 1
2016-03-25 11:06:04.042748 - DEBUG --> GFCommon::send_email(): Mail was passed from WordPress to the mail server.
2016-03-25 11:06:04.153172 - DEBUG --> GFFormDisplay::handle_confirmation(): Sending confirmation.

Before I go any further, I would like to give some background information on domain.com, which the following aspects are hosted as below.

Read more

How to force APT/apt-get to use IPv4 instead of IPv6

Even though I am a big advocate on promoting IPv6, I have came across Debian’s APT / apt-get stuck with the following message. I believe it is due to an issue on the serve concerning the FQDN http.debian.net and security.debian.org. The easy way to fix is to force APT to use IPv4 as opposed to IPv6. 0% [Connecting to http.debian.net (2a01:4f8:151:555d::42)] [Connecting to security.debian.org (2610:148:1f10:3::73)] echo 'Acquire::ForceIPv4 "true";' | tee /etc/apt/apt.conf.d/99force-ipv4

Changing Linux Interface Numbering

T he following method is useful when you have cloned a Linux VM and end up with a interface other than eth0. This usually happen when you are cloning or creating a VM from template with interface name eth0 and the cloned copy will have eth1 and not eth0 as the interface name. According to VMware, this is by design and can only be fixed by the following method.

Start up the VM and open up the following file with your favourite text editor and find the interface you want to remove.

/etc/udev/rules.d/70-persistent-net.rules
Read more

SSH Automatic RSA Key login

The following method shows how to setup SSH Automatic RSA Key login with two simple steps. Create RSA key on LOCAL Host without a passphrase. ssh-keygen -t rsa Copy the RSA key to the REMOTE Host, while making sure the directory .ssh exists within the user’s home directory. cat .ssh/id_rsa.pub | ssh username@REMOTE.Host 'cat .ssh/authorized_keys' If you want to have this feature from both direction, you need to do the above tasks from both servers.

Disabling SSH protocol version 1

When Changing on Version 1 on Debian, have thrown the following error and generating the key did not fix the issue. Disabling protocol version 1. Could not load host key sshd: no hostkeys available -- exiting. Make sure you have the Version 1 & 2 Hostkeys are commented out like the following. # HostKey for protocol version 1 HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key Remove And Install openssh-server via apt-get seem to have fixed the issue. I have checked the permission issues, it seems to be some kind of issue caused this error which I did not find the root cause of this problem.

How to Mount USB Drive on FreeNAS

Mounting an External USB drive to FreeNAS especially useful when creating backups or transferring files and so on… The following method shows, mounting an External USB NTFS formatted drive on FreeNAS (FreeNAS-9.2.0-RELEASE-x64) Login to FreeNAS via Terminal and run dmesg, you will see a similar output once you plugged in the USB Drive. ugen3.2: <seagate at usbus3 umass1: </seagate<seagate Expansion Desk, class 0/0, rev 2.10/1.00, addr 2 on usbus3 da1 at umass-sim1 bus 1 scbus8 target 0 lun 0 da1: </seagate<seagate Expansion Desk 070B Fixed Direct Access SCSI-6 device da1: 40.000MB/s transfers da1: 3815447MB (976754645 4096 byte sectors: 255H 63S/T 60800C) da1: quirks=0x2 ... </seagate From the above output, we can distinguish the device in question is /dev/da1s1 Now, Make a Mount Point as follows… mkdir /mnt/usbext Make sure the fuse.ko module is loaded by running the following command. You should see a similar output… [nish@freenas] /mnt# kldstat | grep fuse 23 1 0xffffffff81a61000 aac3 fuse. Read more

How to Configure Firewall on Linux

Below I will go over three easy steps on Configuring IPTables Firewall on Linux Environment. The following configuration was tested on 64 Bit Debian.

The firewall itself consists of two configuration files located in the following location.

/etc/default/firewall-rules consist the firewalls rules which are editable by the user.
/etc/init.d/firewall is the script for start|stop|restart|status of the firewall.

Below you can see Sample Firewall Rules. This script resides in /etc/default/firewall-rules

Please use this as a template and replace the EXIF, EXTIP and other IP Address / Ranges.

Read more