Lately, github ssh access needs to remove a lot of host fingerprints.
The title removes :32
Blog
How to set up the SSH keys on Windows
https://superuser.com/questions/1296024/windows-ssh-permissions-for-private-key-are-too-open
TL;DR
New-Variable -Name Key -Value "$env:UserProfile\.ssh\id_rsa"
Icacls $Key /c /t /Inheritance:d
Icacls $Key /c /t /Grant ${env:UserName}:F
TakeOwn /F $Key
Icacls $Key /c /t /Grant:r ${env:UserName}:F
Icacls $Key /c /t /Remove:g Administrator "Authenticated Users" BUILTIN\Administrators BUILTIN Everyone System Users
Icacls $Key
Remove-Variable -Name Key
PowerShell:
- Set Key File Variable:
New-Variable -Name Key -Value “$env:UserProfile.ssh\id_rsa” -
Remove Inheritance:
Icacls $Key /c /t /Inheritance:d -
Set Ownership to Owner:
- Key’s within $env:UserProfile:
Icacls $Key /c /t /Grant ${env:UserName}:F
-
Key’s outside of $env:UserProfile:
TakeOwn /F $Key
Icacls $Key /c /t /Grant:r ${env:UserName}:F
- Key’s within $env:UserProfile:
-
Remove All Users, except for Owner:
Icacls $Key /c /t /Remove:g Administrator “Authenticated Users” BUILTIN\Administrators BUILTIN Everyone System Users
Verify:
Icacls $Key
Remove Variable:
Remove-Variable -Name Key
TIL Overlayroot exists, and I wasted my time
With moving onto Ubuntu 22.04LTS, WCE triage needed to not use aufs anymore. Aufs is a union file system and it is around quite sometime, but apparently deprecated from 22.04.
I wrote a rather annoying script to do the file system overlay for 18.04, and continued to use it in 20.04. Here is the script.
So learning that aufs not available anymore, I was ready to rewrite it with overlayfs. After poking around with a lot of googling and reading man pages, I ran into overlayroot package.
I did not know I was solving a problem that I did not need to solve. It is already solved and all I have to do was to install this package and use it. Reading it, lt looks like it has been around quite sometime.
Sometimes, instead of solving the problem, the best way is to ask the right (google) question. Damn. I spent too much time on this.
Ubuntu 22.04, NVidia and Intel hybrid graphics with multiple display problem and how to make it work
For WCE work, I used to use a Dell Latitude E7340 donated to WCE. It was not fast machine but it is easy to swap disks, etc. I got a lot of mileage out of it. With WCE getting newer laptops, I decided to replace it with newer one. It is not really new as it is a used donated Lenovo P51 but it is still better. Quad core, NVMe x 2, and 2.5 disk space
I fresh installed a vanilla Ubuntu 22.04 on it. What do you know, the external monitor does not work. This is a deal breaker as most of work I do with it, I work with an 2nd monitor.
So, here is what I have found:
1. Do not connect the external display until all of steps complete
2. In the BIOS, enable “hybrid graphics”. Choosing “discrete graphics” hangs at start up.
3. You must install NVidia proprietary driver
4. Once Ubuntu is up and the laptop is useable, open NVIDIA Settings
5. In it, go to “PRIME Profiles”, and choose NVIDIA (Performance Mode)
6. Reboot the machine
7. Profit!
It looks like this it not limited to Ubuntu or 22.04. Hybrid graphics and the driver is buggy. When an external monitor is connected, it kills Xorg and hangs the machine. Since this means that the graphics chip consumes more energy, it would be not ideal for laptop use but at home and using this as workstation, this setting gets around the bug. I am writing this on very this laptop with an external monitor.
Linux laptop with Colemak keymap
It has been a month or so I started using Colemak keyboard layout instead of QWERTY. I now struggle with QWERTY.
This is the /etc/default/keyboard I use on the laptop.
XKBMODEL="pc105"
XKBLAYOUT="us"
XKBVARIANT="colemak"
XKBOPTIONS="ctrl:swap_lalt_lctl_lwin"
BACKSPACE="guess"
ESXi’s VMFSL size: systemMediaSize=min to the boot option of installer
I bought a fanless Intel N5100 + 4 x Intel 225l ethernet ports on AliExpress. ESXi 7.0u3 does not have the driver for this, and you have to create your own ISO instailler with the community driver added, but that’s another story some other time.
Anyhow, I put on small memory (8GB) and small-ish NVME. My original intension was to install pfSense and be done with it. I however decided to install ESXi, and got surprized to see 120GB of disk space is occupied by VMFSL.
Apparently, that’s the ESXi’s system. I sure don’t need that much space for ESXi system. After a few installation attempts later, finally found the answer how to make this partition smaller.
The credit goes to here.
TL;DR
1. ESXi always takes up 120GB. I did not pay attention to this before. All other home ESXi machine’s system disk is gigantic to notice. Sigh.
2. At the very begging of ESXi installer, press “Shift-O” to bring up the boot options.
3.append systemMediaSize=min to it.
4. Hit return and continue the rest of installation.
The valid option values are “min”, “small”, “default”, “max”. I think for my needs, “min” is the only value I care.
Moving ESXi disk to other machine – postmortem
When you move a ESXi system disk to other machine, you need to recreate the vmknic0 in order to reassign the MAC address.
If you don’t, the vmknic0 inherits the MAC address from other machine. This means, if you ever reintroduce the other machine on the same network, MAC address is duped, and you will have a partial but somewhat catastorophic network problem as you cannot reach to the ESXi server.
I just went through this. I put myself in a tight spot, and therefore this entry must be made for my future self.
Background
I have been using a pfSense for nearly 15 years since switching over from dd-wrt. First, I was using a small machine running a Linux, and run VirtuaiBox to host a pfSense. This lasted for years until the internet speed reached 10Mbps. To upgrade, I switched to use VMware/ESXi for better performace. Now, looking into the possibility of gigabit, I decided to upgrade the ESXi host.
Both machines got ESXi normally, and I moved the pfSense config rather than copying VM instance. One day, I shut both ESXi hosts, and the new ESXi’s pfSense became the firewall. All is good.
Then, since the new box has a lot of storage and CPU power, I decided to put a new FreeBSD server. Up to this point, no problems.
I started taxing the new box, then, the new ESXi host malfunctioned. Most likely cause is overheatng but that is not relevant here. (So far, it appears that NVME slot is not happy.) With it, I decided to bring back the old ESXi host machine, moved the system SSD, and all Is good.
TL;DR – ESXi-A – replaced by ESXi-B – went back to ESXi-A with the disk of B.
Crisis
Problem started
with the reintroduction of ESXi-B, I could not access ESXi-A, because the Disk-B is still using the MAC address of ESXi-B. IOW vmknic0 of both ESXi hosts are using the same MAC.
I don’t have to use the ESXi-B but naturally, I have it, and want to use it after the hardware issue resolved.
Compounding the problem
After identifying the MAC addr dupe, I googled and found this. At this point, I was not aware that I can use the shell session of ESXi on the physical host. So, I was SSH-ing into it.
# esxcfg-vmknic -d -p Management\ Network
Then, OBVIOUSLY the networe connection is lost.
Panic sets in
I should have studied VMware a little better. Anyhow, I reboot the box, with a monitor and keyboard. Goes into ESXi’s 19th century user interface. At this point, ESXi web interface is lisening on http://0.0.0.0 and no go.
I cannot recreate the management network as the pfSense VM auto-starts and blocks from resetting the network config.
Shoot.
Obi-wan (YouTube), you are my only hope
Another round of googling lands on a random YouTube, and “Hit F1 go get to the shell”. Today, first time, I learned that I can use the shell of ESXi on the physical host.
Hit alt-F1 (like any Linux terminal session), and the console awaits the username/password.
I was finally in clear. Not completly but I know how now.
On the way to recovery
Now, I can do the 2nd part of creating the new vmknic0.
esxcfg-vmknic -a -i 192.168.1.2 -n 255.255.255.0 Management\ Network
which picked up the MAC addr from ESXi-A.
Also, I lost the ESXi’s virtual switch using vmknic0 so that also needed to re-assign.
Lessons Learned
- vmknic0 MAC address Is sticky and you cannot move the disk from one ESXi host to the other without recreating it
- To do so, you enable the shell, and you have access to the CLI on the physical host
- Before doing so, it is your firewall running host, print out all the commands you need beforehand.
- Have a hot-spot capable phone just in case so you can google in comfort.
setxkbmap -layout us,us -option “” -option “caps:backspace,ctrl:swap_lalt_lctl_lwin”
With two -option options, the first “” clears off the existing options, and the 2nd one “adds” to the empty options.
This sets the capslock as the backspace, left-alt as the control key, “windows” key as meta, and left control as super key.
My left hand is very happy.
Anker USB C Hub 555 and Ethernet port
I do not intend this site to be the product review site. I actually search my own site to be just a memo pad for daily use.
Having said that, I ran into Amazon not letting me to write the review of Anker’s USB-C hub. I think I’ve written a review before, and I wanted to update my findings about it, and I cannot get to my own product review.
I’ve been using this hub for quite some time. As a matter of fact, I used to have 2 of them. It works as you’d expect. Everything works as advertised, except one weakness.
The ethernet port sucks. On hot summer day, it seems to overheat and stops working. It’s rare this happens but if you hook up a 4k monitor, USB-C power PD, all of USB ports used, the adapter heats up enough to stop working.
The other ethernet port issue I found is that, it cannot do full gigabit. It caps out around 330Mbit/s. I have another Anker hub of different type and I swapped between 2 Ethernet ports, and one works full gigabit and this one goes up to 330Mbit/s. IOW, this is real apple-to-apple comparison. The benchmarking is done by iperf3.
In real world use, it’s rare that you need full gigabit speed but it shows the Ethernet port is a weakpoint of this hub.
ntai:~$ iperf3 -c imac --port 3333
Connecting to host imac, port 3333
[ 7] local 192.168.10.134 port 54262 connected to 192.168.10.40 port 3333
[ ID] Interval Transfer Bitrate
[ 7] 0.00-1.00 sec 42.5 MBytes 356 Mbits/sec
[ 7] 1.00-2.00 sec 40.4 MBytes 339 Mbits/sec
[ 7] 2.00-3.00 sec 40.3 MBytes 338 Mbits/sec
[ 7] 3.00-4.00 sec 40.0 MBytes 336 Mbits/sec
[ 7] 4.00-5.00 sec 40.5 MBytes 340 Mbits/sec
[ 7] 5.00-6.00 sec 40.2 MBytes 337 Mbits/sec
[ 7] 6.00-7.00 sec 40.0 MBytes 336 Mbits/sec
[ 7] 7.00-8.00 sec 40.5 MBytes 340 Mbits/sec
[ 7] 8.00-9.00 sec 39.9 MBytes 334 Mbits/sec
[ 7] 9.00-10.00 sec 40.5 MBytes 340 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 7] 0.00-10.00 sec 405 MBytes 340 Mbits/sec sender
[ 7] 0.00-10.01 sec 403 MBytes 338 Mbits/sec receiver
iperf Done.
ntai:~$ iperf3 -c imac --port 3333
Connecting to host imac, port 3333
[ 7] local 192.168.10.118 port 54333 connected to 192.168.10.40 port 3333
[ ID] Interval Transfer Bitrate
[ 7] 0.00-1.00 sec 114 MBytes 958 Mbits/sec
[ 7] 1.00-2.00 sec 111 MBytes 935 Mbits/sec
[ 7] 2.00-3.00 sec 111 MBytes 932 Mbits/sec
[ 7] 3.00-4.00 sec 112 MBytes 942 Mbits/sec
[ 7] 4.00-5.00 sec 111 MBytes 933 Mbits/sec
[ 7] 5.00-6.00 sec 113 MBytes 945 Mbits/sec
[ 7] 6.00-7.00 sec 112 MBytes 935 Mbits/sec
[ 7] 7.00-8.00 sec 112 MBytes 936 Mbits/sec
[ 7] 8.00-9.00 sec 112 MBytes 944 Mbits/sec
[ 7] 9.00-10.00 sec 111 MBytes 935 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 7] 0.00-10.00 sec 1.09 GBytes 939 Mbits/sec sender
[ 7] 0.00-10.01 sec 1.09 GBytes 938 Mbits/sec receiver
Intel 4000 HD Graphics with 2560×1440 on HDMI
First, see what’s your monitor connection.
$ xrandr --listmonitors
Monitors: 1
0: +HDMI-2 1920/697x1080/392+0+0 HDMI-2
$ xrandr --newmode "2560x1440" 220.812 2560 2608 2640 2720 1440 1443 1448 1478 -hsync -vsync
$ xrandr --addmode HDMI-2 "2560x1440"
After this you may have to bring up the “Display” control panel and choose newly added 2560×1440 resolution. This will be 55 Hz with reduced blanking