Archive

Archive for the ‘Technical Miscellany’ Category

Images are back…

July 20, 2013 Leave a comment

A few weeks ago, the node that hosts hostileadmin.com experienced a catastrophic hardware failure.  The hostileadmin blog was affected by this outage in the area of images and downloadable files.

Consequently, I procured virtual hosting services with RootBSD and have moved data from the old node to the VPS service.  I am pleased to announce hostileadmin blog images and downloadable files are back!

I apologize for any inconvenience this may have caused.

Advertisements
Categories: Technical Miscellany

Upcoming Changes to hostileadmin Blog

May 31, 2013 Leave a comment

hostileadmin.com has experienced a hardware failure in a colocation facility that is geographically difficult to reach in a timely manner.  The hostileadmin blog is affected by this outage in the area of images and downloaded files.  Thus, blog posts containing images and/or other downloadable files are incomplete.

As a result of this outage, I have procured virtual hosting services with RootBSD and will begin hosting my images and files from this point forward on the new service.  At an undetermined point in the future, the data on the failed hardware will be recovered and moved to the RootBSD virtual hosting service.

I have purchased a level of service that affords me the ability to move the majority of my disparate services into a single, more reliable environment.  This transition will take place in phases, but will have minimal impact on the blog, which is my most visible area of work at this time.

I apologize for any inconvenience and hope to have services fully restored in the coming weeks.

Categories: Technical Miscellany

Encrypting User Password Strings

September 10, 2012 Leave a comment

Encrypting User Password Strings

The Use Case

User account passwords can be set during systems provisioning in multiple ways. Setting a host’s root password is a common use case. During a FreeBSD 8.x install, one can set root’s password (or other user account password) executing the following within the install.cfg:

/bin/sh -c ‘echo passwd |pw mod user username -h 0’

Unfortunately, doing so exposes the user’s account password. Therefore, the recommendation is to use an encrypted hash as follows:

/usr/bin/chpass -p $1$nPUexUs5$O4JuN.Ed/LqWHJKmf8K0h0 root

Encrypting The Password

The use case begs the question: How does one ascertain an encrypted hash given a string?

On FreeBSD, there are varying methods to ascertain an encrypted hash. Here are just two of the many.

openssl

# openssl passwd -1 MySecret
$1$YRth1v3T$MvGupL8n.VBjvM12JhR4G0

openssl(1) returns the entire encrypted hash. The character between the first and second dollar signs identifies the crypt mechanism. The following eight characters are the salt. The remaining characters following the third dollar sign are the encrypted string.

md5

# md5 -s MySecret
MD5 (“MySecret”) = 4132d75e6cb04073cc7756707057027f

md5(1) returns a partial encrypted hash. In the key-value pair, the key is the crypt mechanism. The first 8 characters of the value are the salt. The remaining characters are the encrypted string.

In this method, one must prepend $1$ to the value before feeding it into chpass(1).

Related Documentation

* Chapter 15, Security, of the FreeBSD handbook explains identifying a host’s crypt mechanism.

GNU tar Header Errors?

July 30, 2012 1 comment

Dealing with GNU/tar’s Extended Header Warnings

I tar’d files up on a FreeBSD host and transferred them to a linux host. When extracting the tarball, I was presented with the following warnings:

GNU/tar Header Errors

It seems that FreeBSD‘s tar binary utilizes additional headers that GNU tar does not recognize. There are many blog posts about this. The problem appears to affect tarballs created on various operating systems that employ varying versions of tar and extracting those tarballs with GNU tar.

Generally speaking, these warning can be ignored. On the command line, the files contained within the tarball will still extract (or at least they have every time I’ve encountered this). This does, however, present a problem if one is programmatically encountering this. One can resolve this by addressing the issue within their code or by using the same version of tar on each platform to create and extract the tarballs in question.

Using screen to connect to serial ports

June 22, 2012 2 comments

Using screen to connect to serial ports

screen is cool. screen is an indespencable tool to any unix administrator. My challenge was to find a solution to connect to the serial port on a server chassis. The solution I found was to utilize a USB-Serial adapter (and associated Mac OS X Lion Driver), null modem cable, and rj45-db9 adapter in conjunction with screen.

screen, being a key tool in an administrator’s tool box, was found to have the capability of connecting to serial ports!

To connect to the serial port:

screen /dev/tty.PL2303-000013FD

Specifying baud rate:

screen /dev/tty.PL2303-000013FD 9600

Enabling CTS/RTS:

screen /dev/tty.PL2303-000013FD 9600,ctsrts

Terminate the session using screen command ^a,k

Notes

  • Your tty will likely differ. I was using a PL2303 based USB-Serial adapter within Mac OS X 10.7 (aka Lion)
  • A driver for this USB-Serial adapter were difficult to find, so I will link to it here
  • I downloaded the driver from here
Categories: Technical Miscellany