locate .pem | grep "\.pem$"
A bozo's blog
Thursday, May 28, 2020
Linux: list SSL certificates
Source: List all available ssl ca certificates
Perl SSL: get debug details when it's not working
When trying to understand why LWP::UserAgent cannot post to HTTPS, you can try:
use IO::Socket::SSL qw(debug4);so as to get more details.
Monday, May 25, 2020
postgreSQL: streaming replication delay
From the standby DB:
crmmbqt=# select now() - pg_last_xact_replay_timestamp() as replication_delay; ┌───────────────────────┐ │ replication_delay │ ├───────────────────────┤ │ 1 day 05:45:26.277667 │ └───────────────────────┘or get more details with
crmmbqt=# pg_last_xlog_receive_location(), pg_last_xlog_replay_location(), pg_last_xact_replay_timestamp(), case when pg_last_xlog_receive_location() = pg_last_xlog_replay_location() then 0 else extract(epoch from now() - pg_last_xact_replay_timestamp()) end as replication_delay;
Wednesday, May 20, 2020
AWS: Launch an EC2 template over multiple subnets
Source: AWS Ec2 - Launch template spanning multiple subnets / availability zones
First create a launch template in the VPC with a Security Group.
Then, at the end, select Create Auto Scaling Group.
And then specify the subnets.
First create a launch template in the VPC with a Security Group.
Then, at the end, select Create Auto Scaling Group.
And then specify the subnets.
AWS: add .pem to SSH agent
Be sure the SSH agent is running.
[ec2-user@ip-10-75-40-54 .ssh]$ ssh-add par-vas-key.pem
Could not open a connection to your authentication agent.
[ec2-user@ip-10-75-40-54 .ssh]$ eval `ssh-agent -s`
Agent pid 32703
[ec2-user@ip-10-75-40-54 .ssh]$ ssh-add par-vas-key.pem
Identity added: par-vas-key.pem (par-vas-key.pem)
[ec2-user@ip-10-75-40-54 .ssh]$ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClUygT8u3RS02SLEL44XkE... par-vas-key.pem
Thursday, May 14, 2020
Docker Alpine Linux: ssh keeps asking for password
Suppose we are running an sshd Docker Alpine (3.11) container. Even if properly configured by installing an SSH public key for root, you may keep being prompted for the root password by sshing the container.
Root cause: CVE-2019-5021
Bottom line: add this command in the Dockerfile:
[jerome@jeroboam] > docker run -e 'SSH_PUBLIC_KEY="..." -it --rm -p 2223:22 --name ss-ussd-sshd ss-ussd/sshd [jerome@jeroboam] > ssh -p 2223 root@localhost Warning: Permanently added '[localhost]:2223' (ECDSA) to the list of known hosts. root@localhost's password:Solution: can't config ssh service when i use alpine:3.9 #28
Root cause: CVE-2019-5021
Bottom line: add this command in the Dockerfile:
# make sure root login is disabled
RUN sed -i -e 's/^root::/root:!:/' /etc/shadowTuesday, May 5, 2020
Validate CloudFormation
CloudFormation Linter
MacOS Install
MacOS Install
[jerome@jeroboam] > brew install cfn-lint[jerome@jeroboam] > cfn-lint ussd_vas.yaml
Subscribe to:
Posts (Atom)