Recently in linux Category

The server I'm paying for (dedibox) crashed for unknown reason, I had to reinstall it. Luckilly enough I could boot in rescue mode and archive my important data, it helped to get everything up and running again, or at least the important bits (gentoo, apache, this blog, postgresql)

The newest addition on this server :

• squid to act as proxy
• backup-manager as a backup solution

backup-manager is not very powerful, but it's small, light and simple to install and configure. All you need is Perl and gettext :) It'll do until I migrate to bacula.

On our way back from FOSDEM, I had a quick discussion about ssh with Chris, and it motivated me to clean up all my ssh keys, passphrases, agents.

So now I use different keys for work and home, and ssh keychain on both.

Next move is to add my work identity to my home session to be able to connect directly to servers at work without having to go through my workstation at work. Without putting my home private id on my machine at work, nor copying my home public id on all servers at work. It should be possible I've heard :)

Anyway, here is briefly how I did it : ssh-keygen (dsa as main key). Then install keychain (see http://www.gentoo.org/proj/en/keychain/ and configure it a bit. I added the following script in /etc/profile.d/keychain.sh (gentoo host), and I use the built in keychain on my mac.

#!/bin/bash
# start keychain, with the private keys to be cached
/usr/bin/keychain ~/.ssh/id_dsa
# then load the generated files
for i in ~/.keychain/*-sh*; do
echo "sourcing $i"
source $i
done

I know, I know, everybody is supposed to know everything about ssh, but I'm happy to admit that I learnt 2 or 3 things while setting up everything properly. Besides, how many of you have no passphrase on your ssh key ? :)

This blog now runs on apache + mod_fastcgi. I can feel the difference, especially given the fact that the hardware is not that powerful. I was curious aboud mod_fcgid, which claims to be better but compatible, but I'm not sure why exactly (I think something to do with better timing in spawning / killing cgi persistents processes).

I was willing to move to lighttpd as well, but it looks like it's more work than just installing and configuring mod_fastcgi for apache. By the way, you have to make sure that FCGI (the Perl module) is installed otherwise Movable Type will refuse to work.

This server this site is running on has a VIA CPUwith PadLock features enabled. That allows fast hardware accelerated encryption, namely AES, SHA1, SHA256. With modern kernel and openssl, there is no special patch needed. However, some application using encryption still need a patch to use the hardware feature.

If you are running a PadLock enabled Via CPU, this page has a list of patches for various linux programs. Look at the bottom of the page for contributions, and see if you're using any of these software. Even if you are using the same version, I recommend you to check if the patch hasn't been already applied by the maintainers of your linux distribution.

I applied the patchs for openssh, lighthttpd and a couple of other software.