Re: [PLUG] Troubleshooting ssh [FIXED]
Have this problem all the time at work. It didn't occur to me to share. We reinstall systems all the time. So much so that I wrote a shell wrapper around ssh-keygen. It has an option to manage known hosts. ssh-keygen -q -v -R ${host} On Sep 10, 2017 3:47 PM, "Ken Stephens"wrote: > Rich Shepard wrote: > > On Tue, 5 Sep 2017, Rich Shepard wrote: > > > >> I'm out of ideas of what to test so I can fix this issue, and seek > advice > >> from experienced network admins. > > Having tried all suggestions from my thread on LQ I re-read openssh > web > > pages, particularly the sections on authorized_keys and known_hosts. It > > occurred to me that for reasons known only to computers, the server's > entry > > in ~/.ssh/known_hosts was FUBAR. > > > > Yep. That was the problem. Cleaned out all known_host entries on each > > portable, then entered the command $ ssh salmo. Told openssh to connect > to > > the unknown server, correctly entered my passphrase, and the connection > was > > established for each portable. > > > > My web searches did not find any result that suggested cleaning > > known_hosts when a client refuses to connect to a server. This is a > lesson > > I'll not soon forget. > > > > Rich > > > Rich, > > Thanks for sharing your findings. You come up with interesting problems > and solutions in Linux. I > learn from them. > > I find that if I don't find a solution after diligent searching, the > problem is usually something very > obvious that I have missed. My forehead is much flatter after discovering > what I did from the slap > that reflexibly happens at that time. > > Thanks, again, > Ken > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Internet access certificate issues
So it is unlikely that the router was the issue, and even if it was, any hope of confirming that is gone. Now to the present state. I am connected directly to the Comcast Modem, an Arris TG1268T. The modem has wireless, and that is set up to function (I use it for my laptop.) This afternoon I noticed that the 2.5Ghz light is flashing once every 6 seconds. I do not know if that is new or not. But assuming that the bad behavior was caused by bad actors, might I still have nasty stuff installed somewhere? How do I check? If it recurs, what should I do to find out what is happening? There is an SSID and PW label pasted to the modem, said to be unique to this particular box. What does that information allow one to access, and from where? Where does DNS poisoning occur? Since it was just local to my machine (no general complaints noticed), then something local must have been hacked. This could have been either my router or my modem, since my laptop connecting via wireless to the router also had the problem. The modem was reset a few times during my contact with Comcast's technician, so it could have been the modem if reset clears the cache. This whole thing is above my pay grade. Bottom line, if it recurs, what should I do to find out what is happening? Thanks for all the helpful comments. -Denis On Fri, Sep 15, 2017 at 10:38 AM, Russell Seniorwrote: > > "Denis" == Denis Heidtmann writes: > > Denis> The router is out of service, not powered. Is there any way to > Denis> diagnose it at this point, or would I have to place it back in > Denis> service and observe a repeat of the problem? Or is the problem > Denis> not in the router at all; just coincidence that it went away when > Denis> I removed the router? Clearly I need some very basic > Denis> understanding of how all these things operate. > > Assuming my wild-assed guess has any merit ... > > The problem probably wasn't in the router, except for some transient > state, which probably would go away with a power cycle. Unless it was > under an ongoing "attack". I don't think the stock firmware preserves > any state, to speak of, over a reboot. > > One thing to do is to determine whether DNS is the problem. You can > ping hosts where you were seeing the problem and see if the IP address(es) > makes sense. If possible, try from a different machine (or have someone > else do that), and see if they agree. > > The certificate issue comes from asking the machine to provide some > proof it is who it claims to be and finding that it can't. My theory is > that it's because it isn't the right machine. It could be that the > service is broken (e.g. the certificate expired, or the server is > misconfigured). However, if you are seeing this at a big name, popular > service, or at more than one unrelated services at the same time, then > the probability of that being innocent seems to go way down. > > > -- > Russell Senior, President > russ...@personaltelco.net > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Internet access certificate issues
If the wireless router was providing the DNS lookup services for wireless clients, then the conclusion that the router was hacked and providing bogus DNS info was correct. Figuring that out would need to recreate the situation and check the IP against the DNS name received. Earlier references to DNS poisoning were the correct term. On Sep 15, 2017 9:16 AM, "Denis Heidtmann"wrote: > The router is out of service, not powered. Is there any way to diagnose > it at this point, or would I have to place it back in service and observe > a repeat of the problem? Or is the problem not in the router at all; just > coincidence that it went away when I removed the router? Clearly I need > some very basic understanding of how all these things operate. > > -Denis > > On Fri, Sep 15, 2017 at 2:52 AM, Russell Senior > > wrote: > > > > "Denis" == Denis Heidtmann writes: > > > > Denis> [...] My son suggested that the router was attacked. Other > > Denis> explanations could be poor wired connections: one end of one of > > Denis> the Ethernet cables is missing the mechanical lock. Maybe it got > > Denis> noisy. Also, it could be the power supply to the router is > > Denis> failing. I have not checked it yet. > > > > Denis> My son want to examine the router. How about you, Russell? > > > > That sounds like maybe DNS poisoning, someone giving incorrect answers > > to your device's DNS requests in order to try to redirect your browser > > to a spoofed site, possibly to try to steal your credentials. > > > > Don't tell your browser to accept invalid certificates! Rebooting the > > AirRouter should clear its cache. Diagnosing probably involves running > > tcpdump to see what's going on. > > > > > > -- > > Russell Senior, President > > russ...@personaltelco.net > > ___ > > PLUG mailing list > > PLUG@lists.pdxlinux.org > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Xlib.
On Fri, 15 Sep 2017, Michael Robinson wrote: > I need to take a demo program that displays a PNG file via Xlib and modify > the output. It is a C program, not C# or C++. Has xlib been replaced by > xcb? I'm developing this for an HDMI projector hooked to a Raspberry Pi 3 > model B. Michael, Have you looked at the extensive ImageMagick toolkit? Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
[PLUG] Xlib.
Hello pluggers, I need to take a demo program that displays a PNG file via Xlib and modify the output. It is a C program, not C# or C++. Has xlib been replaced by xcb? I'm developing this for an HDMI projector hooked to a Raspberry Pi 3 model B. Preferably, I don't want to pull out cairo or any other graphical library that is heavier than Xlib. If I have to pull out another tool, what should I use? I need to remove the title bar and all areas that can be clicked on, the image is a target for calibration. The program that I'm trying to fix ASAP uses opencv, a computer vision package. Obviously, the program calculates or accepts user input on where the target should project and that has to work. So the image can't pop up willy nilly on the screen the way it does in the current demo program. ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Internet access certificate issues
> "Denis" == Denis Heidtmannwrites: Denis> The router is out of service, not powered. Is there any way to Denis> diagnose it at this point, or would I have to place it back in Denis> service and observe a repeat of the problem? Or is the problem Denis> not in the router at all; just coincidence that it went away when Denis> I removed the router? Clearly I need some very basic Denis> understanding of how all these things operate. Assuming my wild-assed guess has any merit ... The problem probably wasn't in the router, except for some transient state, which probably would go away with a power cycle. Unless it was under an ongoing "attack". I don't think the stock firmware preserves any state, to speak of, over a reboot. One thing to do is to determine whether DNS is the problem. You can ping hosts where you were seeing the problem and see if the IP address(es) makes sense. If possible, try from a different machine (or have someone else do that), and see if they agree. The certificate issue comes from asking the machine to provide some proof it is who it claims to be and finding that it can't. My theory is that it's because it isn't the right machine. It could be that the service is broken (e.g. the certificate expired, or the server is misconfigured). However, if you are seeing this at a big name, popular service, or at more than one unrelated services at the same time, then the probability of that being innocent seems to go way down. -- Russell Senior, President russ...@personaltelco.net ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Internet access certificate issues
The router is out of service, not powered. Is there any way to diagnose it at this point, or would I have to place it back in service and observe a repeat of the problem? Or is the problem not in the router at all; just coincidence that it went away when I removed the router? Clearly I need some very basic understanding of how all these things operate. -Denis On Fri, Sep 15, 2017 at 2:52 AM, Russell Seniorwrote: > > "Denis" == Denis Heidtmann writes: > > Denis> [...] My son suggested that the router was attacked. Other > Denis> explanations could be poor wired connections: one end of one of > Denis> the Ethernet cables is missing the mechanical lock. Maybe it got > Denis> noisy. Also, it could be the power supply to the router is > Denis> failing. I have not checked it yet. > > Denis> My son want to examine the router. How about you, Russell? > > That sounds like maybe DNS poisoning, someone giving incorrect answers > to your device's DNS requests in order to try to redirect your browser > to a spoofed site, possibly to try to steal your credentials. > > Don't tell your browser to accept invalid certificates! Rebooting the > AirRouter should clear its cache. Diagnosing probably involves running > tcpdump to see what's going on. > > > -- > Russell Senior, President > russ...@personaltelco.net > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Internet access certificate issues
> "Denis" == Denis Heidtmannwrites: Denis> [...] My son suggested that the router was attacked. Other Denis> explanations could be poor wired connections: one end of one of Denis> the Ethernet cables is missing the mechanical lock. Maybe it got Denis> noisy. Also, it could be the power supply to the router is Denis> failing. I have not checked it yet. Denis> My son want to examine the router. How about you, Russell? That sounds like maybe DNS poisoning, someone giving incorrect answers to your device's DNS requests in order to try to redirect your browser to a spoofed site, possibly to try to steal your credentials. Don't tell your browser to accept invalid certificates! Rebooting the AirRouter should clear its cache. Diagnosing probably involves running tcpdump to see what's going on. -- Russell Senior, President russ...@personaltelco.net ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug