.pQd – Page 2 – .pQd's log

userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

2023-07-102023-07-10 by .pQd

colleague reported that he cannot anymore log-in using putty, via ssh to server that was recently upgraded to Debian Bookworm. /var/log/auth.log showed: putty log it turned out that it was pretty old putty – 0.74, just upgrading it to the more recent one [ 0.78 at the time of writing ] solved it. alternatively i ... Read More

running command as user who has shell /usr/sbin/nologin

2023-07-01 by .pQd

using vector to send JSON-formatted nginx logs to ClickHouse

2023-06-152023-06-15 by .pQd

for some particular case i need to log and later analyze POST bodies of HTTP requests sent via nginx reverse proxy. ClickHouse will store the logs and be useful in analysis.

using clickhouse-local to analyze archived log files

2023-06-052023-06-05 by .pQd

at work we’re hoarding log files. it’s a low-cost, low-tech solution: btrfs, some python script archiving /var/log/*.log, *.1 from hundreds of servers. we have a peace of mind that whatever it is – as long as it’s logging to that folder – we’ll have an archive of it. till now, whenever there was a need ... Read More

tar + zstd, without piping

2023-05-242023-05-24 by .pQd

debian installer not detecting built-in nvme drive

2023-05-09 by .pQd

i’m trying to set up debian 12 on a laptop [ dell latitude 7400 ]. pendrive ready but.. the installer detects only pendrive and no NVMe that holds Windows 11. why? it turns out bios had Raid mode configured for the intel storage controller – as described here. how to reconfigure it without ruining ability ... Read More

playing with min.io cluster

2023-04-122023-04-22 by .pQd

min.io is open source [ although AGPL-3 licensed ] object storage software providing s3-compatible interface and handling clustering for HA & data distribution. below – notes from setting it up on a tiny scale, without using Kubernetes. notes are based on RELEASE.2023-03-24T21-41-23Z i’ve fetched two binaries for the project: my cluster has 4 nodes, looks ... Read More

mental models and alike

2023-04-102023-04-10 by .pQd

https://fs.blog/tgmm https://perell.com/essay/50-ideas-that-changed-my-life https://en.wikipedia.org/wiki/List_of_cognitive_biases https://en.wikipedia.org/wiki/List_of_fallacies

restarting from cron users’s service with a random delay

2023-04-07 by .pQd

sometimes things are not as stable and not-leaky as they should be.

temporarily speeding up IO performance for KVM VM

2023-03-312023-03-31 by .pQd

i have few VMs running on top of spinning rust. recently i’ve upgraded one of them to not-yet-stable debian bookworm. upgrade would be pretty slow but.. i’ve edited the VM definition and asked KVM to allow host server to cache any IO operations. speedup was great, bullseye->bookworm upgrade finished in less than 5 minutes. for ... Read More

using hardware tokens to secure SSH, MS365 logins

2023-03-252024-03-08 by .pQd

i’ve done a bit of research, below – my understanding of the current state of affairs [ 2023-03 ]. i’m writing this while testing YubiKey 5 NFC, but consider different alternatives. SSH why: i’m considering an attack vector where malicious actor has remote control of my PC – can lift up arbitrary files [ including ... Read More

re-parenting a shell command

2023-02-272023-02-27 by .pQd

let’s say you’ve logged in via ssh to some server and started some long running command. minutes or hours later you’ve realized that you did not run it under screen or tmux – so that command will die once your ssh connection is closed. today i’ve learned about reptyr which can help with that – ... Read More

squid-based forward proxy that accepts incoming tls-encrypted connections

2022-12-162022-12-27 by .pQd

we needed to do some interoperability testing, and for that we had to allow http client application to talk with http proxy via secure channel. on debian 11 i had to install package squid-openssl and add this line in /etc/squid/squid.conf: the ssl cert was generated by certbot certonly. that’s how i tested it:

getting unique string stats for large file; where data has small cardinality

2022-12-142023-06-05 by .pQd

sadly, not all of our logs are in clickhouse, meaning chewing them can be time consuming and not-so-fun.

MySQL / MariaDB login audit

2022-12-082024-03-31 by .pQd

once in a while i need to review which database accounts are used, from what IPs connections arrive. MySQL / MariaDB does not have built-in mechanism [ unless you want to allow full query log ], but there’s quite easy way to get the data.

online tools to test your mail infrastructure

2022-11-212024-04-01 by .pQd

once in a while i’m involed in moving mail servers around, to and from the could. those tools are useful each time it’s done: also related – a deep dive into e-mail delivery in 2024.

rsync with more efficient compression, hash algorithm

2022-09-242022-09-24 by .pQd

rsync 3.2.0 and newer supports more compression and hash algorithms. zstd compression is well suited for slower network connections [ tens mbit/s ], lz4 – for faster. xxh3 hash is worth using regardless of the network speed. syntax:

nrpe’s check_http – POSTing a file

2022-09-092022-09-09 by .pQd

i needed to monitor some service available via HTTP, this service is expecting to get a file posted – as if it was submitted via HTML form. so the file’s content is in the POST body, wrapped in Content-Type: multipart/form-data and stored between boundaries. Is it possible to simulate via check_http? yes!

Best Practical’s RT – recovering specific tickets from backups

2022-08-052022-08-05 by .pQd

I needed to recover a particular, old and already shredded, RT ticket from a backup to web interface. I’ve restored the database to a separate server and run those commands to get INSERT statements for two tickets i was interested in – 69187, 100112: To be on the safe side – always recover to a ... Read More

mysqldump headaches

2022-05-222022-05-22 by .pQd

over the years i’ve set up multiple backup workflows. one of them is described here. part of the cycles involves taking database backups. for MySQL i’m mostly using mysqldump. it comes with some headaches: it’s single-threaded by nature – both for backup, and restore [ unless you chop the dump file into pieces and try ... Read More