After my successfull sudo test I was interested in 2fa for ssh. As a systemadministrator you are always scared about secure login just for you/your team.
Also ssh 2fa via yubikey is pretty straight forward. It needs some more work than just the sudo case but here we go.
Some days ago I thought about testing two factor authentication (2FA) with Yubikey. Yubikey is a hardware security key which can do a lot.
How to test 2FA on a local machine if you don’t want to log you out or destroy anything important? I decided to implement 2FA for
sudo command with yubikeys U2F feature. Be aware: This does not work for ssh.
I did a lot of work with libvirt and kvm and for some hosts I wanted to have a fixed IP address but not configured on the host itself. I wanted to get it from dhcp.
I did some more research and development with kubernetes and minikube. During some tests where the diskspace of one node got bigger than 16GB and I saw a message about
DiskPressure in the logs, I figured out that minikube has a default disksize of something around 16GB.
I played around with minikube and kubernetes. In the end I wanted to use my own insecure registry and was looking around to specify the insecure registry in minikube.
After the last reboot of my local host according to some debian security patches I got some errors to start minikube afterwards.
I’m using letsencrypt for most of my servers. One of these servers is behind a firewall without any direct internet connection. Therefore I’m not able to use letsencrypt or dehydrated directly on that server. I’m copying the certificate to a specific location as a normal ssh user and on that host itself I have to check if the certificate was changed to reload the webserver.
Some days ago I got an error on one of my puppet agents which I can’t really explain. Everytime I executed my puppet agent (
puppet agent -t -d) I got the following error:
Could not retrieve catalog from remote server: \ Could not intern from text/pson: "\xC2" on US-ASCII
After upgrade to Ubuntu 16.04 I recognized that
pm-utils are not used anymore to suspend/resume my notebook. The change was already done with Ubuntu 15.04, but I haven’t recognized it before, because everything was working like expected. I recognized it these days after I changed my windowmanager to i3wm.
Since Ubuntu 15.04 they don’t use the
pm-suspend any more. They use now systemctl commands to suspend if the lid is closed. Therefore my screenlock was not working any more and I had to adapt some things to get the i3 screenlocker
I’m using prometheus to collect metrics of java applications or unix systems. On top I configured grafana just to have a nice an shiny view and to get the possibility to add dashboards and to save my graphs somehow. Grafana is pretty nice to add graphs in a fast way to new dashboards, but what happens if you have, like I have, a lot of metrics which change or new hosts are getting added. That’ something you don’t want to do by hand. Therefore grafana implemented the “scripted dashboards”. I figured out, that the documentation of these dashboards ...