Matching MD5 SSH fingerprint
by Sven Vermeulen, post on Thu 18 May 2017Today I was attempting to update a local repository, when SSH complained about a changed fingerprint, something like the following:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:p4ZGs+YjsBAw26tn2a+HPkga1dPWWAWX+NEm4Cv4I9s.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/user/.ssh/known_hosts:9
ECDSA host key for 192.168.56.101 has changed and you have requested strict checking.
Host key verification failed.
Switched to Lineage OS
by Sven Vermeulen, post on Sun 09 April 2017I have been a long time user of Cyanogenmod, which discontinued its services end of 2016. Due to lack of (continuous) time, I was not able to switch over toward a different ROM. Also, I wasn't sure if LineageOS would remain the best choice for me or not. I wanted to review other ROMs for my Samsung Galaxy SIII (the i9300 model) phone.
Today, I made my choice and installed LineageOS.
cvechecker 3.8 released
by Sven Vermeulen, post on Mon 27 March 2017A new release is now available for the cvechecker application. This is a stupid yet important bugfix release: the 3.7 release saw all newly released CVEs as being already known, so it did not take them up to the database. As a result, systems would never check for the new CVEs.
Handling certificates in Gentoo Linux
by Sven Vermeulen, post on Mon 06 March 2017I recently created a new article on the Gentoo Wiki titled Certificates which talks about how to handle certificate stores on Gentoo Linux. The write-up of the article (which might still change name later, because it does not handle everything about certificates, mostly how to handle certificate stores) was inspired by the observation that I had to adjust the certificate stores of both Chromium and Firefox separately, even though they both use NSS.
cvechecker 3.7 released
by Sven Vermeulen, post on Thu 02 March 2017After a long time of getting too little attention from me, I decided to make a new cvechecker release. There are few changes in it, but I am planning on making a new release soon with lots of clean-ups.
I missed FOSDEM
by Sven Vermeulen, post on Tue 07 February 2017I sadly had to miss out on the FOSDEM event. The entire weekend was filled with me being apathetic, feverish and overall zombie-like. Yes, sickness can be cruel. It wasn't until today that I had the energy back to fire up my laptop.
Sorry for the crew that I promised to meet at FOSDEM. I'll make it up, somehow.
SELinux System Administration, 2nd Edition
by Sven Vermeulen, post on Thu 22 December 2016While still working on a few other projects, one of the time consumers of the past half year (haven't you noticed? my blog was quite silent) has come to an end: the SELinux System Administration - Second Edition book is now available. With almost double the amount of pages and a serious update of the content, the book can now be bought either through Packt Publishing itself, or the various online bookstores such as Amazon.
With the holidays now approaching, I hope to be able to execute a few tasks within the Gentoo community (and of the Gentoo Foundation) and get back on track. Luckily, my absence was not jeopardizing the state of SELinux in Gentoo thanks to the efforts of Jason Zaman.
GnuPG: private key suddenly missing?
by Sven Vermeulen, post on Wed 12 October 2016After updating my workstation, I noticed that keychain reported that it could not load one of the GnuPG keys I passed it on.
* keychain 2.8.1 ~ http://www.funtoo.org
* Found existing ssh-agent: 2167
* Found existing gpg-agent: 2194
* Warning: can't find 0xB7BD4B0DE76AC6A4; skipping
* Known ssh key: /home/swift/.ssh/id_dsa
* Known ssh key: /home/swift/.ssh/id_ed25519
* Known gpg key: 0x22899E947878B0CE
I did not modify my key store at all, so what happened?
We do not ship SELinux sandbox
by Sven Vermeulen, post on Tue 27 September 2016A few days ago a vulnerability was reported in the SELinux sandbox user space
utility. The utility is part of the policycoreutils package. Luckily, Gentoo's
sys-apps/policycoreutils package is not vulnerable - and not because we were
clairvoyant about this issue, but because we don't ship this utility.
Mounting QEMU images
by Sven Vermeulen, post on Mon 26 September 2016While working on the second edition of my first book, SELinux System Administration - Second Edition I had to test out a few commands on different Linux distributions to make sure that I don't create instructions that only work on Gentoo Linux. After all, as awesome as Gentoo might be, the Linux world is a bit bigger. So I downloaded a few live systems to run in Qemu/KVM.
Some of these systems however use cloud-init which, while interesting to use, is not set up on my system yet. And without support for cloud-init, how can I get access to the system?