Cisco SG300 / SG500 switch SSH Public key authentication

Argh! I wasn’t able to paste my public SSH key into the switch’s GUI (keeps on giving me a very annoying error:

Invalid key string.
When a Key is entered, it should contain the “BEGIN” and “END” markers.

So, let’s try the CLI. I presume you already know how to handle a Cisco from the terminal.

– Enable ssh-server on the switch

switchxxxxxx(config)# ip ssh server

– Enable public key authentication

switchxxxxxx(config)# ip ssh pubkey-auth auto-login

– Add a user:

switchxxxxxx(config)# username martijn password SecretPassword privilege 15

– Then, add user’s public key

switchxxxxxx(config)# crypto key pubkey-chain ssh
switchxxxxxx(config-pubkey-chain)# user-key martijn rsa
switchxxxxxx(config-pubkey-key)# key-string

(paste your id_rsa.pub here)

– Check if the fingerprint is correct:

switchxxxxxx# show crypto key pubkey-chain ssh

Username Fingerprint
————– —————————————————————
martijn 35:ea:60:06:fc:d7:f7:d3:3b:d1:0f:10:63:f7:0b:02

Now try to ssh to your switch; no password should be asked.

SkyCity 802.11n USB 2.0 driver for Windows

Bought a very cheap DealExtreme WiFi USB adapter with this info:

Driver Information for Realtek RTL8188CU Wireless LAN 802.11n USB 2.0 Network Adapter / ECS H61H2-M3
Device Name
Realtek RTL8188CU Wireless LAN 802.11n USB 2.0 Network Adapter
Hardware ID
USB\VID_0BDA&PID_8176&REV_0200
USB\VID_0BDA&PID_8176 <—- Device ID matches with our database

Compatible IDs:
USB\CLASS_FF&SUBCLASS_FF&PROT_FF
USB\CLASS_FF&SUBCLASS_FF
USB\CLASS_FF

Version
1006.1.713.2010,2010-07-13
Device Type
net
Driver Version
1015.6.210.2012
OS Support
2K,XP,2K3,VISTA,WIN7,WIN8/32bits
Driver Date
2012-02-10
Manufacturer
Realtek Semiconductor Corp.

And finally found a working Windows driver:

http://www1.medion.de/downloads/index.pl?op=detail&id=11727&type=treiber&lang=us

Just wanted to share 🙂

Sophos / Astaro UTM – Limit and separate SMTP Proxy IP addresses

As a default, Sophos / Astaro UTM’s SMTP Proxy listens on all external IP addresses. Quite annoying if you have an internal mail server that you want to let your external users use for sending (authenticated) emails, since UTM will intercept all SMTP traffic.

Here’s how I solved that (only works if you have at least 2 public IP addresses).

– NAT one external public IP address to your internal mail server (so forward at least ports 25, 465, 587; use the IP address that you use for (example) mail.yourdomain.com. In this example I use 23.37.149.232 (WAN – FW2)
NAT to mailserver

– enable SMTP proxy on your UTM (your UTM will now listen on all your external public IP addresses)

– configure SMTP routing to forward MX emails to your internal server
SMTP proxy routing

– SSH to your UTM and become root

– with vi, edit this file: /var/storage/chroot-smtp/etc/exim.conf

– edit this line, remove the # and enter your public IP address to reflect your MX record (like mx.yourdomain.com):
local_interfaces = 23.37.149.233:81.37.153.126:59.94.132.164
(I have 3 SDSL lines on my Sophos UTM box, separate each entry with semicolons)

– restart your EXIM service:
/var/mdw/scripts/smtp restart

Check you SMTP Proxy log file, something like this should appear:
listening for SMTP on [23.37.149.233]:25 [23.37.149.233]:587 [81.37.153.126]:25 [81.37.153.126]:587 [59.94.132.164]:25 [59.94.132.164:587]

Done. Now, Sophos UTM will intercept your incoming MX traffic (and if setup right, forward non-junk emails to your internal mail server) while the other IP address is useable for your users as an authenticated relay-server. 23.37.149.232 is used directly by the mail server, 23.37.149.233, 81.37.153.126 and 59.94.132.164 by Sophos as incoming MX server.

Reverse DNS & Telecom Italia (Interbusiness)

Per cambiare il Reverse DNS (rDNS) di Telecom Italia (Interbusiness) da loro nome di default tipo host113-249-static.47-98-b.business.telecomitalia.it in il nome del vostro nome del dominio / mail server, tipo mail.nomedeldominio.it, basta fare una chiamata a

800-018914, opzione 5

e chiedere il cambio. Tutto lì.

Dopo il cambio, potreste controllare qua se tutto funziona:
http://mxtoolbox.com/SuperTool.aspx?action=mx%3anomedeldominio.it
…cliccando sul SMTP Test

Debian 6 and slow DNS lookup & resolving

Just installed a basic Debian 6 server and was amazed about how much time it took to resolve any domain name; at least 4 seconds. But I found the solution: if you don’t use IPv6 then disable it.

Check the IPv6 alias:

grep ipv6 /etc/modprobe.d/aliases

This should give you this entry:

# alias net-pf-10 ipv6

Edit that file and change the line to:

alias net-pf-10 off ipv6

Then reboot. As always, YMMV.

VNCserver with GParted on headless Ubuntu server

I need to grow a disk on my Ubuntu server but only have SSH access to the machine and need GParted to do that.

Here’s how I’ve done it:

sudo apt-get install vnc4server openbox gparted
vnc4server 
vnc4server -kill :1
sed -i -e 's/x-window-manager/openbox-session/g' ~/.vnc/xstartup
vnc4server

Open port 5901 incoming, and access with a VNC client. Right-click to start the terminal within openbox, and you’ll be able to run any GTK+ apps, including gparted.

Disable BitLocker on Windows (perhaps for a HW change)

In a tight spot with BitLocker on your Windows system?
For example wanting to do a hardware change(s) to your system?
Become IT dept independent!

Disable BitLocker, do your changes, and turn it back on.

Please note : You will need an admin shell – not God mode, just a ‘run as admin’ dos box.

1) In the shell type:

 manage-bde -protectors -disable C:

2) Do the changes.

3) Turn it back on:

 manage-bde -protectors -enable C:

Thats it. YMMV
This is also a decent resource:
http://technet.microsoft.com/en-us/library/dd875513(v=ws.10).aspx

Elenco streaming radio per Radio 105, RMC & Virgin Radio

105 Best 4U  		http://shoutcast.unitedradio.it:1213
105 Channel 1 - 105 FM	http://shoutcast.unitedradio.it:1101
105 Classics		http://shoutcast.unitedradio.it:1105
105 Hip Hop/R&B		http://shoutcast.unitedradio.it:1113
105 Hits  		http://shoutcast.unitedradio.it:1109
105 House  		http://shoutcast.unitedradio.it:1203
105 Latino  		http://shoutcast.unitedradio.it:1209
105 Music Star Vasco  	http://shoutcast.unitedradio.it:1409
105 Rock  		http://shoutcast.unitedradio.it:1117
105 Story  		http://shoutcast.unitedradio.it:1313
GROOVE 80  		http://shoutcast.unitedradio.it:1119
MALIBOOMBOOM RADIO  	http://shoutcast.unitedradio.it:1201
MyRadio  		http://shoutcast.unitedradio.it:1305
Radio Bau & Co		http://shoutcast.unitedradio.it:1405
Revolver  		http://shoutcast.unitedradio.it:1411
RMC  			http://shoutcast.unitedradio.it:1103
RMC 60  		http://shoutcast.unitedradio.it:1317
RMC 70  		http://shoutcast.unitedradio.it:1407
RMC 80  		http://shoutcast.unitedradio.it:1401
RMC 90  		http://shoutcast.unitedradio.it:1403
RMC Film  		http://shoutcast.unitedradio.it:1123
RMC Great Artists	http://shoutcast.unitedradio.it:1111
RMC Italia  		http://shoutcast.unitedradio.it:1211
RMC Love Songs  	http://shoutcast.unitedradio.it:1121
RMC Marine  		http://shoutcast.unitedradio.it:1311
RMC The Best  		http://shoutcast.unitedradio.it:1205
RMC Nights Story	http://shoutcast.unitedradio.it:1115
RMC2  			http://shoutcast.unitedradio.it:1107
Virgin palestre  	http://shoutcast.unitedradio.it:1315
Virgin Radio  		http://shoutcast.unitedradio.it:1301
VIRGIN Rock Alternative http://shoutcast.unitedradio.it:1513
VIRGIN Rock Classico 	http://shoutcast.unitedradio.it:1307
VIRGIN Rock Extreme  	http://shoutcast.unitedradio.it:1309
ZOO RADIO  		http://shoutcast.unitedradio.it:1413

VMware ESXi – expand RAID and resize VMFS datastore – also on non-HP server hardware

Recently, I extended my RAID 5 array with 2 extra disks from 3x 146GB to 5x 146GB, creating thus a logical RAID 5 volume of (5x 146 – 146=) 584GB. Since I didn’t want to move my VM’s to another box and reformat the datastore, I gathered all the info on the internet and made this manual.

Notes:

    * All the instructions are executed on a whitebox (i7 3770) and a SmartArray P400 controller.
    * I already modified the HP ESXi tools to be able to run on non-HP hardware.
    * It is highly recommended that you backup all your VM’s before executing a single command.
    Everything worked fine for me but one error in a command could lead to a complete data loss of everything!
    * To see the rebuilding status, HP has a tool called hpacucli which allows you to control the array and see the status of it out of the ESXi console.
    * I’m NOT responsible for YOUR mistakes. See note 3.

This is my old situation:

The steps:

– Add disks to your RAID array using ACU (offline boot CD)
hpacuoffline-9.10-22.0.iso

Explaining how to add disks is beyond the scope of this guide.

If you’re using non-HP server, get these modified HP tools:
hpacucli-9.10-22.0-esxi_mod.vib
hpbootcfg-01-01.02-esxi_mod.vib
hponcfg-04-00.10-esxi_mod.vib
char-hpilo-500.9.0.0.9-esxi_mod.vib

– Install HP tools on your non-HP ESXi server

scp *.vib root@esxserver:/tmp/
ssh root@esxserver
esxcli software vib install -f -v /tmp/hpacucli-9.10-22.0-esxi_mod.vib
esxcli software vib install -f -v /tmp/hpbootcfg-01-01.02-esxi_mod.vib
esxcli software vib install -f -v /tmp/hponcfg-04-00.10-esxi_mod.vib
esxcli software vib install -f -v /tmp/char-hpilo-500.9.0.0.9-1OEM.500.0.0.434156.x86_64-esxi_mod.vib

OR

– Get HP’s ESXi5 Offline Utilities
hp-HPUtil-esxi5.0-bundle-1.3-6.zip

– Install HP tools on your HP ESXi server
scp hp-HPUtil-esxi5.0-bundle-1.3-6.zip root@esxserver:/tmp/
ssh root@esxserver
esxcli software vib install -d /tmp/hp-HPUtil-esxi5.0-bundle-1.1-38.zip

After installing the tools, reboot ESXi server. Login again on your ESXi server using SSH or console.

– Check and expand logical drive to max
/opt/hp/hpacucli/bin/hpacucli controller slot=18 show config
/opt/hp/hpacucli/bin/hpacucli controller slot=18 array all show detail
/opt/hp/hpacucli/bin/hpacucli controller slot=18 logicaldrive 1 modify size=max
/opt/hp/hpacucli/bin/hpacucli controller slot=18 array all show detail
If you don’t know your controller slot number, use
/opt/hp/hpacucli/bin/hpacucli controller all show config

Reboot ESXi server. Login again on your ESXi server using SSH or console.

– Get the ID of your VMFS datastore
vmkfstools -P “/vmfs/volumes/datastore-nameIn my case:
Partitions spanned (on “lvm”):
mpx.vmhba1:C0:T0:L0:3

– Get the starting sector size of the VMFS partition
partedUtil getptbl “/vmfs/devices/disks/mpx.vmhba1:C0:T0:L0″

In my case:
3 10229760 573367046 AA31E02A400F11DB9590000C2911D1B8 vmfs 0

– Find usable sectors (free space)
partedUtil getUsableSectors “/vmfs/devices/disks/mpx.vmhba1:C0:T0:L0

In my case:
1146733318

– Resize VMFS partition
partedUtil resize “/vmfs/devices/disks/mpx.vmhba1:C0:T0:L03 10229760 1146733318

– Grow VMFS partition
vmkfstools –growfs “/vmfs/devices/disks/mpx.vmhba1:C0:T0:L0:3” “/vmfs/devices/disks/mpx.vmhba1:C0:T0:L0:3

Yes, you need to specify twice the same partition.

– Refresh the datastore in vSphere

New situation:

Done.

Windows 2008 R2 Server & Windows 7 Pro: Unidentified network unchangeable

After installing Windows 2008 R2 inside VMware, I changed the network driver from E1000 to VMNET3. No problem, Windows 2008 R2 recognized the new adapters after a reboot. I only had to change the DHCP IP address to fixed IP. And then the problems started: apparently Windows 2008 (or Windows 7) won’t let you change the network location as soon as it has put the network in the ‘Unidentified network’ category. Trying ‘to fix’ this problem using the Windows ‘Diagnose’ tool just removed the fixed IP address and put it back on DHCP (and strangely, now the network category is Public).

This, of course, sucks.

However, this little trick should work:

1. Start –> run –> MMC –> press enter

2. In MMC console , from menu file select Add/Remove Snap-in

3. Select Group Policy Object editor –> Press Add –> select Local computer –> press OK –>press OK

4. Open Computer configration –>Windows Settings –>Security Settings –>select Network list manager policies

5. Double click –>Unidentified networks

Then you can select the option to consider the Unidentified networks as private.

This worked for me !