ssh

ssh with 2FA

2FA has its critics: It’s so unreliable! Phones are so easily hijacked It’s not a lot of added security etc Some of these make assumptions not necessarily in evidence. In this post: FreeBSD 12.1 pam_google_authenticator-1.08 Most of the 2FA I use is time-based one-off passwords (TOTP), as opposed to text messages. These are often 6-digit […]

ssh with 2FA Read More »

ansible: Timeout waiting for privilege escalation prompt

I was doing some work in a remote location with a laggy connection to home. I was running ansible and kept encountering these errors: fatal: [pg01]: FAILED! => {“failed”: true, “msg”: “Timeout (12s) waiting for privilege escalation prompt: “} Rerunning the script would encounter the same error in a different part of the script. After

ansible: Timeout waiting for privilege escalation prompt Read More »

When ssh and ansible play poorly together

Last night, this worked fine. This morning, it fails: # ansible-playbook jail-mailjail.yml PLAY [mailjails] ************************************************************** GATHERING FACTS *************************************************************** failed: [mailjail.example.org] => {“failed”: true, “parsed”: false} invalid output was: Sorry, try again. Sorry, try again. Sorry, try again. sudo: 3 incorrect password attempts TASK: [pkg | install pkg] ***************************************************** FATAL: no hosts matched or all hosts

When ssh and ansible play poorly together Read More »

Authentication tried for dan with correct key but not from a permitted host

I kept seeing these messages: Jun 12 04:09:18 nyi sshd[94523]: Authentication tried for dan with correct key but not from a permitted host (host=dbclone.example.org, ip=10.6.0.9). Jun 12 04:09:18 nyi sshd[94523]: Authentication tried for dan with correct key but not from a permitted host (host=dbclone.example.org, ip=10.6.0.9). I’ve been seeing them for a long time. How long?

Authentication tried for dan with correct key but not from a permitted host Read More »

sshd: error: key_read: uudecode failed

I started seeing this error: Jun 10 19:12:38 nyi sshd[92208]: error: key_read: uudecode AAAAB3NzaC1yc2EAAAABJQAAAIBdX/USEtxnO91Vpujney8gwkq2sRrcU9R6nKAoGv1eNMWrMD9a93kZMjR4fFMAH87g+zyHBftxCsyE0wJX2A0UFgIQsiuOOINkTJMyk\n failed I couldn’t figure it out. Then I searched ~/.ssh/authorized_keys for that string. I found it in there. But the line was incomplete. It looked like I’d deleted the last part of the line. It should end with something like this:

sshd: error: key_read: uudecode failed Read More »

The Bacula Tutorial jail server

One of the challenges of providing hands-on demonstrations is giving everyone their own sandbox to play in. I don’t want people to spend time on installing software. I want people to learn about the software in question, specifically Bacula. With this in mind, I’ve been building up a solution based on FreeBSD 9.1, ZFS, and

The Bacula Tutorial jail server Read More »

Scroll to Top