January 2012 Archives

doukoula console login: pascal
Password:            login account failure: No account present for user
   instance svc:/system/console-login:default exited with status 1

What's the problem?
It is the nscd, the Name Service Cache Daemon.

What did I wrong?

I just read this (in German):

http://heise.de/-1413109
(in short: For ARM devices, Microsoft insists on having UEFI secure boot for their Windows 8 system, and metro apps will only be available on the Microsoft app store with signed code).


My comment:
The game is already at its end, my opinion.

Everybody wants closed platforms, "ecosystems". Nobody wants an open platform, besides us "freaks".

Developers DO want a closed platform, as a radical DRM/Licensing will generate guaranteed revenue and they can bully the user like they want to motivate them to pay more.

When you wonder why your known_hosts file has changed or you don't find your hosts:

|1|AEf8B/QCP+1wRKA761Cq/woad4s=|HVEWXKDdRpZmO3GeQ5T37xCFwgE= ssh-rsa AAAAB3NzaC1
yc2EAAAABIwAAAQEAt20HN/iasjy9KEW/BGjtxlsy8oebyEEnZvKAnjMck0EEVbA5rtE4dzisnbrYwZ4
67JP+p9UGZDQa4jbVo2ZHmz28nQapmw1WpLBD2wSN66PsMk5QCxICxBC6PDCOlwakQvLNES2B9R2cuev
G9Ag2ni+2Qdb17gEkkh2MZ91INylAzM7QWW7soGoSf1TsshSHexfMt12zb6kWxRuRCeT4fOzlJNOmPgr
uE3wTt/kfEbvPBZwDyUbEKApfYIxO8ic+FyO7qFEjHkhqT7px/oJMLS279uUHlhG+KWtPxYPhWaYulPZ
hhdn4D6pR+6shjPsH4VTyAUGwf7usKUvJZP59Ww==

Then your ssh server software is a new version which hashes the known hosts file entries. To remove entries from there because the host key differs (you installed the host completely from scratch), just type:

ssh-keygen -R hostname

or

ssh-keygen -R ipadress

That's it.

If you have a new ssh package, you may hash yourself your known_hosts file by typing:

ssh-keygen -H

Just because it happens again today:

After doing a very minimal Solaris 10 installation without remote services enabled, it is always the same thing to get the SSH server running (Solaris 10 DVD in drive):

# mount -F hsfs /dev/dsk/c2t0d0s0 /mnt
# cd /mnt/Solaris_10/Product
# pkgadd -d . SUNWsshdr SUNWgssc SUNWgss SUNWsshcu SUNWuiu8 SUNWsshdu SUNWsshr SUNWsshu
# cd /etc/ssh
# ssh-keygen -t rsa -b 2048 -f ssh_host_rsa_key
# ssh-keygen -t dsa -b 2048 -f ssh_host_dsa_key
# svcadm enable ssh

Replace device of the DVD drive with your actual configuration.

A real case of RTFM of OpenSSL ...

After un upgrade of OpenSSL to Version 1.0.0 (from 0.9.8) the certificate authority chain of my certificate did not show up any more (was not given by the TLS server). A look in the OpenSSL manual could have helped to save 20 minutes of error searching :)

A

for i in *.pem; do ln -s $i `openssl x509 -noout -subject_hash -in $i`.0; done

was enough to restore the hash index links for my CA certs (the files did not have any whitespace or punctuation marks in their filename so $i was enough).

The manual states:

-subject_hash
outputs the ``hash'' of the certificate subject name. This is used in OpenSSL to form an index to allow certificates in a directory to be lookedup by subject name.

-subject_hash_old
outputs the ``hash'' of the certificate subject name using the olde ralgorithm as used by OpenSSL versions before 1.0.0.

Fascinating.