linux – cryptsetup 2.3.4 rpm for CentOS 7?

I have been searching for cryptsetup 2.3.4 as I want to use --perf-no_read_workqueue.

According to the release note, the option is newly added in 2.3.4.

However, my CentOS 7’s official repository only has 2.0.3. I tried to rebuild 2.3.4 myself. However, it has many dependencies that require newer versions of some libraries and expects header files and libraries in different locations, etc.

Anyone knows which repos provides cryptsetup 2.3.4?

How to move /home from ssd to larger sata drive Centos 8? ⚙💻

I have a dedicated server, and I need to move the /home from the smaller ssd drive to the 12tb sata drive. The sata drive is mounted, and cu… | Read the rest of https://www.webhostingtalk.com/showthread.php?t=1838448&goto=newpost

centos8 – unable to install openssh server on centos 8

[error message1Image: Centos 8

Downloaded from osboxes

Goal: Installation of any package for example openssh server

error: attached screenshot

I have checked the following solutions centos yum

But did not really help me in any respect.

I am stuck and surprised i am not sure what can be done. I have been researching on this issue for a while now.

Please help

Regards

s

centos – NodePort performance/Latency issue in kubernetes cluster

Setup:
I have multiple Photovoltaics based setup where IOT Gateway get data from sensors and devices and send to Kubernetes Cluster. K8S cluster exposed its ActiveMQ broker with NodePort.

Requirements:
My application expect 10 sensor measurements within 1 seconds.

Problem:
On the base of requirements our setup sometime contains 1 server, three or more servers. I observed till three nodes setup i am receiving 10 measurements within 1 seconds and as soon as i add more servers these measurements start getting delayed and i received them in 1200ms or 1300ms.

I am suspecting Nodeport might be problem but running nmap is not showing any latency.

One Worse or not optimal Communication Flow:
Suppose ActiveMQ is running on Server1 then IOTGateway4 sensors data will flow like

IOTGW4 –> Switch4 –> Server4(nodeport/flannel routing) –> Switch4 –> Switch3 –> Switch2 –> Switch1 –> Server1 (where broker is running)

Kubernetes version: 1.19.2
CNI: flannel
OS: CentOS 7.8

One Server Setup is like

  +-------+   
  |IOT GW1|   
  +---+---+   
      |       
      |       
      v       
  +---+---+   
  |Switch1|   
  +---+---+   
      |       
      v       
+-----------+ 
|  Server1  | 
+-----------+ 

Setup with multiple servers

     +-------+      +-------+     +-------+      +-------+   
     |IOT GW1|      |IOT GW2|     |IOT GW3|      |IOT GW4|
     +---+---+      +---+---+     +---+---+      +---+---+
         |              |             |              |
+--------------------------------------------------------------+
|        v              v             v              v         |
|    +---+---+      +---+---+     +---+---+      +---+---+     |
|    |Switch1+------+Switch2+-----+Switch3|------+Switch4|     |
|    +---+---+      +---+---+     +---+---+      +---+---+     |
|        |              |             |              |         |
|        v              v             v              v         |
|  +-----------+  +-----------+  +-----------+  +-----------+  |
|  |  Server1  |  |  Server2  |  |  Server3  |  |  Server4  |  |
|  +-----------+  +-----------+  +-----------+  +-----------+  |
|                                                              |
+--------------------------------------------------------------+
  

As these setup suppose to scale up/ scale down on base of requirements which mean i add and remove one server setup, So using one switch is not answer to my question.

Any suggestions to improve this setup by changing at tcp stack of operating system or optimizing flannel?

amazon cloudformation – Best way to install cfn-bootstrap utilities on CentOS 8

I’m working on a CentOS 8 based instance/launch configuration in AWS and would like to use cfn-init to manage some of the setup/provisioning steps.

However, I’m finding that the provided RPM does not deploy, since the way Python2 and Python3 have been packaged up differs enough that the AWS supplied RPM can’t find its dependencies.

What would be the best way to install these tools in this instance?

firefox – CentOS 8 Stream – Cockpit – Turn off HSTS?

With the recent change in Firefox to strictly enforce HSTS I can no longer access Cockpit on a couple of local CentOS8-Stream systems via Firefox. Cockpit by default generates a self-signed certificate, and Firefox no longer allows bypassing the security error dialog when it sees the HSTS header.

I found a “solution” at Mozilla Support (the first answer by user tsmith35), but this does not work because the chain in the certificate is just the certificate itself, which is not configured for CA use, so it can’t be imported into Firefox’s CA store.

The documentation for Cockpit contains no mention of HSTS. You can completely disable HTTPS if you want, but I’d rather run HTTPS without HSTS. A fallback option would be to get a LetsEncrypt certificate, but that seems like overkill for a development system not exposed to the Internet.

Question: Is it possible to prevent Cockpit from sending the HSTS header, and if so, how?

centos – Filezilla hangs in “Retrieving directory listing”

This is a problem I’ve had since I started using Filezilla (8+?) years ago.
I’ve always used CentOS (6 & 7) on my servers, and this has always happened on every server.

SFTP in Filezilla works well most of the time, but if I leave a connection to a server open for a while (I believe hours), and then I come back and change the directory on the server, Filezilla will simply hang in this step:

Status: Retrieving directory listing of /path/here/

The only thing to do when this happens is to “cancel the current operation” and “reconnect to server”.

It feels like the connection becomes stale. I’ve seen several people on forums complaining about this, but they never seem to get a solution because “no one else” seems to reproduce the problem.

I don’t have any problems when using Putty. The session stays active and never stale.

I have tweaked “sshd_config” a bit, and restarted sshd:

MaxAuthTries 15
ClientAliveInterval 300
ClientAliveCountMax 120

However, it doesn’t seem to have helped the case.

Under Filezilla settings, I have “Passive” enabled and “FTP Keep-alive” enabled, but I’m not sure if the “FTP” settings are relevant here. There don’t seem to be any relevant settings under “SFTP”.

Any ideas what can be causing Filezilla’s SFTP connections to become stale?

centos – Exim – route non-local emails to remote host

We have Exim (within a cPanel environment, but we’re considering stripping out the cPanel dependency) set up as an outbound mailserver for our infrastructure, but also have G Suite (Google Workspace now, I think) set up for most other emails. Let’s use example.com as our domain.

  • Email sent to noreply@example.com and dmarcprocessor@example.com are sent to our Exim through a custom routing rule in Google Workspace
  • Since noreply and dmarcprocessor are local accounts, we have it set to local delivery for example.com.
  • All email sent to users, as well as internal stuff like Jira, is sent through Exim.

The issue here is that if we want to send email to an @example.com address, it doesn’t work because Exim tries local delivery and then fails out. Email to anywhere else works fine.

How can we get Exim to try local delivery first, and then try remote delivery?

Centos 8 folder permissions for nginx and sftp user

I can’t figure out how to merge nxginx and sftp user for a folder.

So for example I have folder: /var/www/domain.com/uploads

sftp user is: john

john belongs to group: sftpuser

  1. scenario with chown nginx:nginx

from web interface I can upload files to uploads folder. But the issue that when I login through sftp it doesn’t have rights to upload any file to that upload folder.

  1. scenario with chown john:sftpuser

from web interface I can’t upload files to uploads folder. But when I login through sftp I am able to upload files to uploads folder.

Any ideas and what the proper way to configure this?

Thank you in advance!

How to Set Up SSH Keys on CentOS 8

How to setup SSH Keys on CentOS 8

Secure Shell, or SSH, is an encrypted protocol that is used for logging on to your remote servers. It is meant to replace the more traditional way of using a password to provide authentication. In this guide, we will show you how you can generate SSH key pairs on your CentOS 8 system. Then we will proceed on how you would be able to set up an SSH-based authentication system for your servers.

1] Check for existing SSH key pairs

To get started, we need to create the public and private keys that will be used in the authentication process. There might be some already generated keys on your CentOS system, and you can check that via this command:

ls -l ~/.ssh/id_*.pub

If the output says that no such directory exists, then there are no existing keys on your system. However, even if there are any keys, you can generate new ones. Although, be sure to back up the existing keys as the new keys will overwrite them.

2] Generate new SSH keys

Now, to generate the new key pairs, run the following command:

ssh-keygen -t rsa -b 4096 -C [your_email@domain.com]

You will then be prompted to choose a location to save the keys; press enter to select the default one.

After that, you will be asked for a passphrase. This is an extra security step, and it is optional. If you don’t want to use a passphrase, press enter to continue.

3] Verify

To verify the generation of the SSH keys, run the following command:

ls ~/.ssh/id_*

Your output should look something like this:

/home/username/.ssh/id_rsa /home/username/.ssh/id_rsa.pub

4] Copy the key to your server

Now that you have generated the SSH keys, it is time to use them for authentication with your server. To do that, you will be using the ssh-copy-id command-line utility.

Use the following command to install ssh-copy-id, if not already available:

cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address “mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys”

Now you need to append the SSH key to your server. Run the following command:

ssh-copy-id remote_username@server_ip_address

It will prompt you for the remote username’s password, type that in and press enter. You should be greeted with the output that a key has been added.

7] Login to your server with the SSH keys

We have successfully enabled SSH key authentication on your server now. To login using these SSH keys, run the following command:

ssh user@server_ip

You will be prompted for your passphrase, or if you did not set one, you would be logged in immediately.

8] Disable password authentication

Now that you have a working SSH key authentication system, there is no need for password authentication. To disable the password authentication, log in to your server.

Then open the config file using this command:

sudo nano /etc/ssh/sshd_config

Then search for these arguments and modify them accordingly:

PasswordAuthentication no

ChallengeResponseAuthentication no

UsePAM no

Now, all you need to do this refresh the SSH service and the password authentication for your server would be disabled.

sudo systemctl restart ssh

Have any questions about setting up SSH keys on CentOS 8? Please feel free to leave your questions and feedback in the comments section below!

Jon Biloh

I’m Jon Biloh and I own LowEndBox and LowEndTalk. I’ve spent my nearly 20 year career in IT building companies and now I’m excited to focus on building and enhancing the community at LowEndBox and LowEndTalk.