Fix for SSH Keys Not Working on Newer Versions of Debian / Ubuntu

If your old SSH keys are not working on newer versions of Ubuntu / Debian, and you're being prompted to login (~/.ssh/config configuration being ignored), the fix is to add the following line to the bottom of the /etc/ssh/ssh_config file:

    PubkeyAcceptedKeyTypes +ssh-rsa

That's it.  It will work again.  You may need to restart the ssh service

sudo service ssh restart

https://askubuntu.com/questions/1404049/ssh-without-password-does-not-work-after-upgrading-from-18-04-to-22-04

Getting Areca Backup to Work on Modern Systems

Unfortunately, Areca Backup hasn't been updated since 2015.  But, it still works great, and it's an awesome program that can compress and encrypt files into a backup archive that can be transferred to a NAS drive or uploaded to the cloud.  However, getting it to work on a modern system can be a chore.  After installing Areca Backup, when you try to launch the application, if nothing happens, you will need to perform both of the following fixes:

Install 32-bit Java first [Windows Offline], and then install 64-bit Java second [Windows Offline (64-bit)] if you have a 64-bit operating system.  Without the 64-bit version of Java, Areca will not launch on a 64-bit system.

The next step to getting Areca to run is to replace the "swt.jar" file in the lib folder found in the installation directory (default is C:\Program Files (x86)\Areca\) with this one:  http://dinofly.com/files/swt.zip

Once the original swt.jar file has been replaced in C:\Program Files (x86)\Areca\lib with the one linked above, Areca will now open and run properly.

Tested on Windows 7 x64, Windows 10 x64, and Windows 11 x64.

HTML Buttons with Div Areas Underneath Absolute Positioned

I received a design from our UI team at work that included some buttons that toggle additional HTML areas underneath them when clicked.  I've never tried doing this before or thought about this design approach, but I suppose it could be useful in certain scenarios.  As such, I decided to create a jQuery prototype here:

https://jsfiddle.net/2btkwan3/2/

The jQuery and JavaScript:

// find elements
var button = $("button.view")
// handle click and add class
button.on("click", function(e){
  $(button).not($(this)).removeClass('active');
  $(this).removeClass('active').addClass('active');
  var moreDivArea = $("div.moreStuff", $(this).closest('.buttonWrapper'));
  $("div.moreStuff").not(moreDivArea).removeClass('hide').addClass('hide');
  if(moreDivArea.hasClass('hide')){
      moreDivArea.removeClass('hide');
  }else{
    moreDivArea.removeClass('hide').addClass('hide');
  }
})

The HTML Code:

<div class="buttonWrapper">
  <button class="view">View more stuff</button>
  <div class="hide absolute moreStuff">
    <p>
    Showing this is possible!
    </p>
    <table>
      <thead>
        <tr>
          <th>Color</th>
          <th>Name</th>
        </tr>
      </thead>
      <tbody>
        <tr>
          <td>Blue</td>
          <td>Eric</td>
        </tr>
        <tr>
          <td>Green</td>
          <td>Matt</td>
        </tr>
        
        <tr>
          <td>Purple</td>
          <td>Glenn</td>
        </tr>
      </tbody>
    </table>
  </div>
</div>
<div class="buttonWrapper rightButtonWrapper">
  <button class="view">View Firefox coolness</button>
  <div class="hide absolute moreStuff">
    <p>
    Showing this is possible!
    </p>
    <img src="https://design.firefox.com/product-identity/firefox/firefox/firefox-logo.png" height="100">
  </div>
</div><div>
<p>
Stuff underneath this...
</p>
<img src="https://neilpatel.com/wp-content/uploads/2021/02/ExamplesofSuccessfulBannerAdvertising-700x420.jpg">
</div>

The CSS:

.hide {display: none;}
.absolute {position: absolute;}
div.buttonWrapper {display: inline-block; vertical-align: top;}
div.rightButtonWrapper {
 
}
button.view {box-sizing: border-box;}
.moreStuff {
  width: 300px;
  border: 2px solid blue;
  box-sizing: border-box;
  z-index: 999;
  background-color: white;
  padding-left: 1em;
  padding-right: 1em;
  padding-top: 0px;
  padding-bottom: 1em;
}
button.active{
  border: 2px solid blue;
}

That's all.  How this translates into a React component is another problem I guess I'll have to solve later.  For now, this was just a proof of concept using my beloved jQuery!

Manage Dell C1100 CS24-TY Servers Using IPMI Tool

Dell C1100 servers can be managed using the IPMI tool which interfaces with the low level BMC interface.  Dell has also released a bmc specific utility that compliments the generic ipmitool to better configure and manage specific settings that are difficult to configure using ipmitool on its own.

Here's how to use both ipmitool and the bmc utilities.  First, login as root:

sudo -i

Now, install the ipmitool:

yum install OpenIPMI ipmitool -y

Start the ipmi service:

service ipmi start

Download the bmc utility:

mkdir -p ~/Downloads/bmc
cd ~/Downloads/bmc
wget -N "http://dinofly.com/files/dell_c1100/bmc-2014-10-15.zip"

If your system is running versions of PERL 5.26 or newer, download this version instead:

# For PERL 5.26+
wget -O "bmc-2014-10-15.zip" -N "http://dinofly.com/files/dell_c1100/bmc-2014-10-15_perl_5.26.zip"

Unzip the bmc tool and make it executable:

unzip bmc-2014-10-15.zip
chmod +x bmc

Here's how to change the BMC interface IP settings:

ipmitool lan set 1 ipsrc static
ipmitool lan set 1 ipaddr x.x.x.x
ipmitool lan set 1 netmask x.x.x.x
ipmitool lan set 1 defgw ipaddr x.x.x.x
./bmc nic_mode set [dedicated|shared]
./bmc allinfo

If the BMC web interace is not responding, try this:

ipmitool bmc reset cold

Running and Debugging Specific WordPress Cron Hooks Manually Using WP-CLI

If your WordPress instance is configured with debugging turned off (WP_DEBUG set to false in wp-config.php) and you need to troubleshoot, debug, or run a specific WordPress cron hook or function manually, you'll find that it's pretty tough to do so.  Fortunately, I found a relatively easy way to do exactly this using WP-CLI.

Install WP-CLI

Install WP-CLI by using the below commands as root:

sudo -i
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
chmod +x wp-cli.phar
sudo mv wp-cli.phar /usr/local/bin/wp

Now, change into your WordPress instance vhosts directory:

cd /var/www/vhosts/{YOUR_DOMAIN}/httpdocs

Update the above path as necessary.

To run all the scheduled WordPress cron events, use this command:

wp cron event run --all --allow-root

To run a specific WordPress cron hook, use this command:

wp cron event run "NAME_OF_CRON_HOOK" --allow-root

If you need help determining the name of the cron job hook you specifically want to run or debug, install the WP Control plugin in your WordPress instance. Then visit the /wp-admin/tools.php?page=crontrol_admin_manage_page page to see a list of cron hooks and when they run.  Grab the name from the "Hook" column and update your wp cli command to run that cron event!

You can add echo statements and other code to your individual cron function plugins to better debug and troubleshoot them.

OpenVPN Expired CRL – VPN Won't Connect

Recently, I ran into an issue where OpenVPN was no longer working for existing clients.  After looking at the OpenVPN log in /var/log/openvpn.log, I found the following:

VERIFY ERROR: depth=0, error=CRL has expired:

If you see an OpenVPN error about an expired certificate revocation list (CRL), here's how to generate a new CRL:

cd /etc/openvpn/easy-rsa
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
chown nobody:nogroup /etc/openvpn/crl.pem
service openvpn restart

Problem solved!

Support Older TLS Versions in Newer Ubuntu / Debian OS Versions

Edit openssl.conf file:

sudo nano /etc/ssl/openssl.cnf

Add this line at the top:

openssl_conf = openssl_init

And add these lines at the end:

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
CipherString = DEFAULT@SECLEVEL=1

https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level#answer-1296578

cURL and wget Issues on Ubuntu 16.04

When using wget or curl to make HTTP requests from a no longer supported installation of Ubuntu 16.04 Xenial, if you get any of the following errors:

curl gnutls_handshake() failed: Error in protocol version
curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version  /home/mohan/mesg
[SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:727) 

The solution is to add SavOS Rob Savoury PPAs to get updated curl and wget packages:

sudo add-apt-repository ppa:savoury1/build-tools
sudo add-apt-repository ppa:savoury1/backports
sudo add-apt-repository ppa:savoury1/python
sudo add-apt-repository ppa:savoury1/encryption
sudo add-apt-repository ppa:savoury1/curl34
sudo apt-get update && sudo apt-get upgrade
sudo apt-get install wget curl python2.7

ASP.NET CORE MVC – Protect AJAX Requests from CSRF Attempts

This is a follow-up post related to https://blog.eamster.tk/asp-net-mvc-smart-way-to-prevent-cross-site-request-forgery-csrf-attempts-webapi-ajax-xhr-and-normal-post-operations/

I've modified the code from the linked post above so that it works with ASP.NET CORE.  Below is the code that can protect all AJAX requests from CSRF (Cross-Site Request Forgery) attempts.  For normal <form> POST requests, you should still use and validate against a CSRF token, but if your application is separated into multiple pieces (for example a node.js React front-end application and a .NET CORE based API), this is an easy way to help prevent CSRF attacks without the use of tokens.

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;

namespace AnalyticsAPI.Filters
{
    public class CSRFAjaxRequestMitigation : IAuthorizationFilter
    {
        public void OnAuthorization(AuthorizationFilterContext filterContext)
        {
            IServiceProvider services = filterContext.HttpContext.RequestServices;
            IConfiguration Configuration = services.GetService<IConfiguration>();

            string validOrigins = Configuration.GetValue<string>("AllowedEnvironments"); // Example in appsettings.json "AllowedEnvironments": "https://testurl.com:4443,https://testurl.com,https://testurl2.com", 
            bool skipCheck = false;

            if(Configuration.GetValue<string>("ENVIRONMENT") == "LOCAL")
            {
                skipCheck = true;
            }

            // In AJAX requests, the origin header is always sent (UNLESS IT'S COMING FROM THE SAME ORIGIN), so we can validate that it comes from a trusted location to prevent CSRF attacks - but if one isn't sent, we won't do anything (assume trusted)
            // In which case, we don't need to do any token checking either
            if (!skipCheck && !string.IsNullOrEmpty(validOrigins))
            {
                List<string> validOriginURLs = validOrigins.Split(',').ToList();
                if (!string.IsNullOrEmpty(filterContext.HttpContext.Request.Headers["Origin"].ToString()))
                {
                    string origin = filterContext.HttpContext.Request.Headers["Origin"];
                    if (!validOriginURLs.Contains(origin, StringComparer.OrdinalIgnoreCase))
                    {
                        filterContext.Result = new UnauthorizedResult();
                    }
                }
            }
        }
    }

    public class CSRFMitigationAttribute : TypeFilterAttribute
    {
        public CSRFMitigationAttribute()
            : base(typeof(CSRFAjaxRequestMitigation))
        {
            Arguments = new object[] {};
        }
    }
} 

Ubuntu: Allow Automatic Updates for Specific Packages Only

If you want to allow Google products and packages to update automatically, follow this guide.

You can also add additional sources that should update automatically following the same process.

This is helpful when using Selenium, WebDriver for Chrome, and Python.  Doing this allows you to always use the most up-to-date version of all of these dependent packages.

Tested in Ubuntu 20.04