≡ Menu

Setup Two Factor Authentication to Debian

It is always best to have Two-factor authentication (2FA) to any method of access control. The following post will guide you to enable 2FA on Debian Linux environment.

It is assumed that we will be using Password Authentication in conjunction with 2FA.

Install Google Authenticator

apt-get install libpam-google-authenticator

Edit /etc/pam.d/sshd and add the following.

# Google Authenticator
auth required pam_google_authenticator.so

Edit the file /etc/ssh/sshd_config and make sure you have the following enabled.

UsePAM yes
ChallengeResponseAuthentication yes

Run Google Authenticator from the account.

google-authenticator

Add the account to your Google Authenticator app and save the emergency codes.

[click to continue…]

Exim Error: Exit R=virtual_aliases: No Such User Here

T he following Exim mail servers error was encountered while sending out mails. The original error was experienced by Gravity Forms WordPress plugin. However, I was able to test it out by using command line to rule out the plugin.

someone@domain.com R=virtual_aliases: No Such User Here

The debug message I received via Gravity Forms is the following. This confirms the mail has been passed on from WordPress to the mail server.

2016-03-25 11:06:04.042599 - DEBUG --> GFCommon::send_email(): Result from wp_mail(): 1
2016-03-25 11:06:04.042748 - DEBUG --> GFCommon::send_email(): Mail was passed from WordPress to the mail server.
2016-03-25 11:06:04.153172 - DEBUG --> GFFormDisplay::handle_confirmation(): Sending confirmation.

Before I go any further, I would like to give some background information on domain.com, which the following aspects are hosted as below.

[click to continue…]

How to force APT/apt-get to use IPv4 instead of IPv6

Even though I am a big advocate on promoting IPv6, I have came across Debian’s APT / apt-get stuck with the following message. I believe it is due to an issue on the serve concerning the FQDN
http.debian.net and security.debian.org. The easy way to fix is to force APT to use IPv4 as opposed to IPv6.

0% [Connecting to http.debian.net (2a01:4f8:151:555d::42)] [Connecting to security.debian.org (2610:148:1f10:3::73)]
echo 'Acquire::ForceIPv4 "true";' | tee /etc/apt/apt.conf.d/99force-ipv4

Changing Linux Interface Numbering

T he following method is useful when you have cloned a Linux VM and end up with a interface other than eth0. This usually happen when you are cloning or creating a VM from template with interface name eth0 and the cloned copy will have eth1 and not eth0 as the interface name. According to VMware, this is by design and can only be fixed by the following method.

Start up the VM and open up the following file with your favourite text editor and find the interface you want to remove.

/etc/udev/rules.d/70-persistent-net.rules

[click to continue…]

ifconfig: command not found under user mode

Running ifconfig will throw an error as ifconfig: command not found while running on usermode.

This can be fixed with the below Symbolic Link.

ln -s /sbin/ifconfig /usr/bin/ifconfig

SSH Automatic RSA Key login

The following method shows how to setup SSH Automatic RSA Key login with two simple steps.

Create RSA key on LOCAL Host without a passphrase.

ssh-keygen -t rsa

Copy the RSA key to the REMOTE Host, while making sure the directory .ssh exists within the user’s home directory.

cat .ssh/id_rsa.pub | ssh username@REMOTE.Host 'cat >> .ssh/authorized_keys'

If you want to have this feature from both direction, you need to do the above tasks from both servers.

How to change Squid cache administrator

The following on squid.conf will change the email address in error page which reflects…

“Your cache administrator is root”

Where root will be replaced with the email address below…

cache_mgr admin@domain.com

Disabling SSH protocol version 1

When Changing on Version 1 on Debian, have thrown the following error and generating the key did not fix the issue.

Disabling protocol version 1. Could not load host key
sshd: no hostkeys available -- exiting.

Make sure you have the Version 1 & 2 Hostkeys are commented out like the following.

# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

Remove And Install openssh-server via apt-get seem to have fixed the issue.

I have checked the permission issues, it seems to be some kind of issue caused this error which I did not find the root cause of this problem.

How to Mount USB Drive on FreeNAS

Mounting an External USB drive to FreeNAS especially useful when creating backups or transferring files and so on…

The following method shows, mounting an External USB NTFS formatted drive on FreeNAS (FreeNAS-9.2.0-RELEASE-x64)

Login to FreeNAS via Terminal and run dmesg, you will see a similar output once you plugged in the USB Drive.

ugen3.2:  at usbus3
umass1:  on usbus3
da1 at umass-sim1 bus 1 scbus8 target 0 lun 0
da1:  Fixed Direct Access SCSI-6 device
da1: 40.000MB/s transfers
da1: 3815447MB (976754645 4096 byte sectors: 255H 63S/T 60800C)
da1: quirks=0x2
...

From the above output, we can distinguish the device in question is /dev/da1s1

Now, Make a Mount Point as follows…

mkdir /mnt/usbext

Make sure the fuse.ko module is loaded by running the following command. You should see a similar output…

[nish@freenas] /mnt# kldstat | grep fuse
23    1 0xffffffff81a61000 aac3     fuse.ko
[nish@freenas] /mnt#

If not, load the module by running the following command…

kldload /usr/local/modules/fuse.ko

Finally, mount the drive to the Mount Point we created earlier…

mount -t ntfs /dev/da1s1 /mnt/usbext/

How to Configure Firewall on Linux

Below I will go over three easy steps on Configuring IPTables Firewall on Linux Environment. The following configuration was tested on 64 Bit Debian.

The firewall itself consists of two configuration files located in the following location.

/etc/default/firewall-rules consist the firewalls rules which are editable by the user.
/etc/init.d/firewall is the script for start|stop|restart|status of the firewall.

Below you can see Sample Firewall Rules. This script resides in /etc/default/firewall-rules

Please use this as a template and replace the EXIF, EXTIP and other IP Address / Ranges.

[click to continue…]

Copyright © Nish Vamadevan 2002-2018. All Rights Reserved. Terms and Policies.