FOB

A couple of days ago, a Comcast technician came out and installed my brand new business Internet. I was promised 22mbps down 5mbps up. So far it usually is faster than that.

The next step was, as always, a reconfiguration adventure for my home network. I had a couple of really crazily busy days, but today I finally rolled up my sleeves and got to working on the new thing…

About three hours ago the ancient AMD box I was using as a gateway machine for my home network bit it. Seems to have been either the motherboard or power supply; I don't really care much which at this point…

So I discovered something interesting about SSH a couple of months ago, and something else a couple of days ago; these discoveries together answered a bunch of my questions about why I could never make SSH work properly.

First, it turns out that SSH, unlike most programs that read config files, takes the first assignment to a config variable and ignores later ones. This means that if you want overrideable global settings, for example to the User variable, you need to put them at the end of the file, not the begginning. Completely counterintuitive, but there you are.

Second, it turns out that if the remote SSH service offers public key authentication (as most do) and you haven't supplied a matching private key, SSH may start trying to use all the public keys lying around in your .ssh directory. I haven't been able to replicate this reliably, and it seems to be at least partly an interaction with ssh-agent, which is probably the real fail. It actually sounds like a reasonable plan, except that usually the remote SSH service will only let you try a few keys before it cuts you off, which means that you never get to password authentication if you need it.

So, now I have things cleaned up. My keys are in a subdirectory .ssh/keys and so far I'm not seeing the bug in question. My config file has the global config, including my default username, at the bottom. SSH seems to be a lot happier now. Who knew?

A while back I wrote about how much trouble I was having with the Atheros 802.11 card I was using as an AP at my house. There was much flailing and gnashing of teeth, and eventually I got something kind of kludged together that seemed to do WPA and stay up most of the time…

I'm sick of trying to debug ssh connection issues; they're often hard, and I work on them just infrequently enough to forget everything I knew. This blog post is a note to myself about what kinds of problem to look for and where to look when ssh has gone south…

I needed to run debsums on everything on one of my boxes today. A hack from the net helped me get it going…

  cd /var/cache/apt/archives
  apt-get --download-only \
    --reinstall install `debsums -l`
  debsums --generate=keep,nocheck *.deb

Since I had a full local Debian mirror and my apt was set up to use it, I had to temporarily change /etc/apt/sources.list to get apt-get to do what was wanted. Then it worked like a charm, and I was able to finish with debsums -c and find out that everything was fine except what wasn't.

Thanks Arthur de Jong from 2005!

This is a very short HOWTO that answers something that's been bugging me for months. Network Manager was finally working fine with my Debian laptop's wireless, but would not (as advertised) manage its wired connection. The solution was found in an obscure email list conversation. Go to /etc/network/interfaces and comment out the lines related to eth0. Then restart Network Manager or just reboot.

I have no idea how you're supposed to know this.

A while back, I wrote a little HOWTO on putting the cryptoloop module back in Debian. Yesterday, Josh Triplett pointed out to me that current dm-crypt can actually be used instead of the cryptoloop module to compatibly work with cryptoloop-formatted volumes. Huh.

It turns out to be as simple as

$ apt-get install cryptsetup
$ cryptsetup create -c mycipher -s mykeysize volume-label /dev/sdx7
$ mount /dev/mapper/volume-label /mount-point

Obviously you'll need to make some substitutions in the above. Use

$ umount /mount-point
$ cryptsetup remove volume-label

to clean up afterwards. Enjoy.

Update 2010-11-20: It has been pointed out to me that dm-crypt can handle cryptoloop volumes. Thus, you may choose to ignore this HOWTO in favor of one on how to do that.

For reasons detailed in Debian Bug #559961 the cryptoloop module has been dropped from the Debian kernel as of the 2.6.32-trunk binary packages. I've filed a complaint at that bug. I know what I'm doing, and am unhappy that the Debian kernel maintainers have taken it upon themselves to gratuitously delete functionality from the Linux kernel image…

So I just now tried to download and install Firefox for my sister-in-law's computer. I did this by Googling "firefox windows download" and clicking on the first hit. The first hit was a sponsored link to "usfirefoxbrowser.com"; seemed a little strange, but what the heck. The page it took me to looked official enough at a half a glance, so I clicked on the prominent button…