Posts

Automatically mount NVME volumes in AWS EC2 on Windows with Cloudformation and Powershell Userdata

Introduction This post explains how I go about with AWS Cloudformation and Powershell userdata scripts. attaching EBS volumes to Windows EC2 instances identifying them in the OS initializing them formatting them and assigning labels and drive letters. Prerequisites You should know something about Cloudformation and Powershell. The AWS Image you use for your EC2 instance should be one provided by AWS and should have the following utility already deployed to  C:\ProgramData\Amazon\Tools\ebsnvme-id.exe AWS Cloudformation Step I typically do not declare EBS Volumes together with the EC2 Instance declaration in Cloudformation but prefer to declare them as separate resources along with their own ebs attachment resources.  Here is an example EC2 instance with three additional volume declarations on top of the root volume which is automatically mounted on C:\ WindowsServerInstance: Type: AWS::EC2::Instance Properties: BlockDeviceMappings: - DeviceName: /dev/sda1

ASUS USB-N10 Nano on OpenSuse 13.1 Linux

Today I bought myself a wifi adapter for my Opensuse desktop PC. I was tired of running a network cable across the carpet to my modem. The model I bought was an ASUS USB-N10 Nano from PB Technologies in Henderson. It was less than $20 so I thought a good deal. When I bought it, I completely ignored all the printed garbage about support for Windows and Mac and figured, that it will be supported under linux. It is supported under Linux but it was not too simple to set up on my Opensuse. In the end and after much google-ing, I found this repository: https://github.com/pvaret/rtl8192cu-fixes The driver that ships with the kernel is not so hot. The network keeps dropping even though it appears to remain connected. With this version, things are much more stable. Also it compiles nicely under the latest kernel. The proprietry driver from Realtek did not compile under the kernel shipped with Opensuse 13.1. So here is what I ended up doing: ~ git clone https://github.com/pv

Restrict Commands executed via pre-shared SSH keys

Introduction Using pre-shared SSH keys is a great way to make logging into remote hosts quick and easy.  No pesky passwords to remember.  The downside is that if your organization relies on passwords for access control, the pre-shared key will negate any password control you have.  For example: If your organization rolls a password for a system account, and the new password is not shared with all the original people, then some people who should not have access any more will continue to have access via their pre-shared key. Also, anyone with access to a user's account on a client host, could access the system account via the pre-shared key on the remote host.  This is not ideal. Sometimes, it is neccessary to allow certain commands only to be executed over SSH from specified client hosts without a password.  Especially when thinking about automated tasks. In my examples, I will demonstrate how we can create a simple remote procedure call type scenario using pre-shared keys and

Python suds (SOAP Library) does not support SSLv3

The Oracle Virtual Machine (OVM) manager exposes a SOAP (wsdl) web-service. At the time of writing this can be found here: (for version 3.2.x) https://<hostname>:7002/ovm/core/wsapi/soap?wsdl You can access this url in your web browser and will be prompted to accept the self signed cert etc.  (There is a way to add a real certificate but that's not what this article is about.) In order to consume this webservice in python, I thought to try out the (now quite old) "suds" library.  Opensuse still ship this library and you can install it with: zypper in python-suds EDIT: I have added the forked library to github here: https://github.com/linuxplayground/suds-sslv3-fork The problem I found was that when trying to connect to the service, I was receiving an exception error around SSL. Here is how it looked... The example code: #!/usr/bin/python from suds.client import Client client = Client(url='https://ovm:7002/ovm/core/wsapi/soap?wsdl') print cli

Simple symmetric / Shared key encryption tutorial

I was looking for a way to explain cryptography to my 8 year old son this evening and we devised a simple share key encryption / decryption method.  The key is symmetrical because both sides have the same key  and the same key is used for both encrypting and decrypting. We took a simple ceasar cipher and extended it slightly by creating a stronger key.  Something like this: Plain Text = HELLO WORLD Key = [2, -5, 3, 7] to encrypt we take the positional value for each letter and apply the replacement for the next key bit in turn.  For example: Start at keybit = 1 [2] H = 8, H + 2 = 10, 10 = J keybit = 2 [-5] E = 5, E - 5 = 0 (26), 26 = Z keybit = 3 [3] L = 12, 12 + 3 = 15, 15 = O keybit = 4 [7] L = 12, 12 + 7 = 19, 19 = S Now start at key bit =1  O = 15, 15 + 2 = 17, 17 = Q and so on. So long as the same key is used for decryption the thing works a treat. So I explained that simple key can be made and shared between friends then private messag

Samba4 Windows AND Linux authentication

Introduction This post describes all the millions of configuration files you need to set up on a CLIENT LINUX server / machine in order to ssh to it with your domain credentials. I have this working in a LAB environment with the following caveats: SELINUX disabled (work on this required) Firewall Disabled (not hard to fix this if required) DNS Setup not working completely for Forwarding to external Nameserver by Samba4.  Don't know why. (more investigation required) You will need to have a user called binduser which has permissions in AD to look up other users.  I am sure there is documentation on this around somewhere :) Install packages yum -y install samba-winbind pam_ldap pam_krb5 nss-pam-ldapd oddjob-mkhomedir bind-utils Configure openldap (/etc/openldap/ldap.conf) [root@linuxclient ~]# cat /etc/openldap/ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example,dc=com #URI

Disable the touch pad while typing on Linux

The Problem: If you have a Synaptics touch-pad like the one I have on my HP ProBook 6560b, you might want to learn how to disable the touch-pad while typing. This particular laptop has a touch-pad that is positioned poorly so it is common for your palm to be in contact with the pad while you type. The solution is to disable it for 2 seconds while typing. It is a minor inconvenience to have to wait two seconds to use it again but at least your typing is uninterrupted which could be a major inconvenience.  The solution: Use the syndaemon tool that ships with the synaptics packages. In my case they shipped by default. You could always try the gui... david.latham@davepc:~> cat bin/touchpad.sh #!/bin/bash syndaemon -k -i 2 -d Now just configure your desktop manager to run this script on start up. It is a trivial thing to do in KDE under system settings -> Sartup and Shutdown, Add Script...