Getting Your SSH Key Fingerprint

Sometimes you may need to verify the fingerprint of your SSH key. This is useful for out-of-band verification of keys (such as over the phone). Using multiple channels (for example SSH copy and fingerprint verification over the phone) makes Man-In-The-Middle (MITM) attacks much more difficult to execute.

For example, you might need to verify your SSH key in gitlab:

Continue reading

Enabling Kerberos Authentication in Google Chrome

Google Chrome allows you to use your kerberos tickets to authenticate to webservers that support kerberos authentication. To do this, we need to tell Chrome about the domains you wish to authenticate against. This will be unique to your organisation (if you’re doing it right) and it can usually be determined by the portion after the @ sign in your ticket.

For example, my personal kerberos setup uses the domain MKNOWLES.COM.AU (no big secret). You can see that on the output below (keep in mind that I’ve already run kinit):

$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: redacted@MKNOWLES.COM.AU

Valid starting     Expires            Service principal
02/11/17 16:31:30  03/11/17 02:31:25  krbtgt/MKNOWLES.COM.AU@MKNOWLES.COM.AU
02/11/17 16:41:50  03/11/17 02:31:25  HTTP/redacted.mknowles.com.au@MKNOWLES.COM.AU
$ 

Continue reading

Using Google G Suite as a Spam Filter

I’ve run my own mail server for about 20 years now. I always took pride in the fact that I had complete control over my email and that none of it sat in the “cloud”. Well, I relented, kind of. The amount of spam coming through my email server well exceeds that of genuine email. Originally the problem was mainly contained to my email account; probably because I’ve had it for so long; but then my wife’s email account started to cop it as well.

Continue reading

Fixing Terminal Beep in Cinnamon Desktop

I recently started a new job where IRC is used internally. I installed irssi and configured it to “beep” when my nick is mentioned, but nothing would come out of the speakers. Even the beep command would fail. I have a theory that it’s due to the Macbook I use not having a “PC speaker”, but I’m not 100% sure as I managed to fix things pretty quicky using this train of thought. Here are the commands that fixed it.

Continue reading

libvirtd Segfault – Start request repeated too quickly for libvirtd.service (Solved)

Today I came across the following issue after an upgrade of libvirtd:

[root@karma ~]# service libvirtd start

Oct 19 17:48:43 karma kernel: libvirtd[4469]: segfault at 0 ip 00007f38f342ccf7 sp 00007f38efb5cf88 error 4 in libvirt_driver_qemu.so[7f38f33c3000+133000]
Oct 19 17:48:43 karma systemd: libvirtd.service: main process exited, code=killed, status=11/SEGV
Oct 19 17:48:43 karma systemd: Unit libvirtd.service entered failed state.
Oct 19 17:48:43 karma systemd: libvirtd.service failed.
Oct 19 17:48:43 karma systemd: libvirtd.service holdoff time over, scheduling restart.
Oct 19 17:48:43 karma systemd: start request repeated too quickly for libvirtd.service
Oct 19 17:48:43 karma systemd: Failed to start Virtualization daemon.
Oct 19 17:48:43 karma systemd: Unit libvirtd.service entered failed state.
Oct 19 17:48:43 karma systemd: libvirtd.service failed.

It looks like libvirtd is segfaulting immediately, leading to systemd restarting it over and over, eventually failing due to it failing so quickly.
Continue reading