Unable to negotiate with 1.2.3.4 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss

While trying to connect to an older esxi server I got the error message Unable to negotiate with 1.2.3.4 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss

I was wondering.

The solution $EDITOR ~/.ssh/config

Host 1.2.3.4
    User root
    HostKeyAlgorithms=+ssh-dss

Proxmox: How to resolve “service start-limit-hit”

The error message on the proxmox gui

()
Job for [email protected] failed.
See "systemctl status [email protected]" and "journalctl -xe" for details.
TASK ERROR: command '/bin/systemctl start ceph-mgr@pve-03' failed: exit code 1

The error message from systemctl

[email protected]: Start request repeated too quickly.
[email protected]: Failed with result 'start-limit-hit'.

Solve with

systemctl reset-failed ceph-mgr@pve-03
systemctl start ceph-mgr@pve-03

change pve-03 to your node name.

zfs snapshot send resume

zfs send ... |  ssh host2 zfs receive -s otherpool/new-fs

On the receiving side, get the opaque token with the DMU object #, offset stored in it

zfs send ... |  ssh host2 zfs receive -s otherpool/new-fs
zfs get receive_resume_token otherpool/new-fs
# 1-e604ea4bf-e0-789c63a2...

Re-start sending from the DMU object #, offset stored in the token

zfs send -t 1-e604ea4bf-e0-789c63a2... |  ssh host2 zfs receive -s otherpool/new-fs

If you don’t want to resume the send, abort to remove the partial state on the receiving system

zfs receive -A otherpool/new-fs

ZFS enable email notification

Edit

/etc/zfs/zed.d/zed.rc

uncomment

ZED_EMAIL_ADDR="[email protected]" 

and add a valid email address.

uncomment

ZED_EMAIL_PROG="mail"

uncomment

ZED_EMAIL_OPTS="-s '@SUBJECT@' @ADDRESS@"

uncomment

ZED_NOTIFY_VERBOSE=0

if you want to get an email after every scrup set the value to 1

save the file and restart zed service

systemctl restart zed.service

failed Import ZFS pools by cache file

A single disk zpool “test” crashed on my server (the disk died). It was just for testing, so nothing dramatic. However, when I rebooted the server I got the error message “failed Import ZFS pools by cache file”.  A zpool destroy -f did not solve the problem. zpool status still showed the “test” pool. The other pool tank was still working.

What did help was

# disable the cache file for the existing pool(s)
zpool set cachefile=none tank
# delete the old pool file
rm -rf /etc/zfs/zpool.cache
# recreate if
touch /etc/zfs/zpool.cache
reboot
# re-enable the cache
zpool set cachefile=/etc/zfs/zpool.cache tank

Well, the cache file should be automatically updated when your pool configuration is changed, but with the crashed pool it did not.

resize2fs new size too large to be expressed in 32 bits

After virtualizing a real computer with an old Linux I wanted to increase the partition size of the data drive. But I got this warning: resize2fs new size too large to be expressed in 32 bits

How to solve this? I started the VM with gparted-live.iso

# check file system
e2fsck -f /dev/sdb1
# auf 64 bit ändern
resize2fs -b /dev/sdb1
# increase partition .... wait :D / optional coffee
resize2fs -p /dev/sdb1
# check file system
e2fsck -f /dev/sdb1

Done :)

iptables 101

How to do things with iptables. Safety first: How to reset everything.

sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
Also, safety first: Don’t just copy something and run it on your server. You better understand what you are doing.
How to block a service?
Instead of using “DROP” you should use “REJECT –reject-with tcp-reset”. If you want to be able to access that service from the inside, you have to add an allow rule first.
sudo iptables -A INPUT -p tcp -s localhost --dport 3306 -j ACCEPT #mysql allow local
sudo iptables -A INPUT -p tcp --dport 3306 -j REJECT --reject-with tcp-reset #mysql

The “REJECT –reject-with tcp-reset” looks to the outside like there is no service running. A “DROP” will show that there is a firewall / iptables working.

Blocking an IP range

sudo iptables -A bannedDownloader -s 14.120.0.0/16 -j DROP

Disallow NTP queries

sudo iptables -A INPUT -p udp -s localhost --dport 123 -j ACCEPT #ntp allow local
sudo iptables -I INPUT -p udp --dport 123 -j REJECT #ntp

Block timestamp

sudo iptables -I INPUT 1 -p ICMP --icmp-type timestamp-request -j DROP
sudo iptables -I INPUT 1 -p ICMP --icmp-type timestamp-reply -j DROP
sudo iptables -A INPUT -p icmp --icmp-type 13 -j DROP

Archive for category linux

Archives by Month: