Difference between revisions of "Keeping the Qube alive"
m (1 revision imported) |
(→1. Compensating for dead crypto suites: Host key deprecation update) |
||
Line 1: | Line 1: | ||
==== 1. Compensating for dead crypto suites ==== | ==== 1. Compensating for dead crypto suites ==== | ||
At least as early as November 2021, the modern SSH client stopped accepting the old SHA1-based | At least as early as November 2021, the modern SSH client stopped accepting the old SHA1-based key-exchange suites suites offered by the Qube. Now you need to log in like this, with an override: | ||
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 192.168.25.8 | ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 192.168.25.8 | ||
'''Update 07/16/2022 --Upstream deprecation of hostkey suites''' | |||
Times mills grind slowly on, and how you need hostkey overrides as well. On the commandline, the switch is: | |||
HostKeyAlgorithms +ssh-rsa,ssh-dss | |||
The updated stanza in ~/.ssh/config looks like this: | |||
Host 192.168.25.8 | |||
HostKeyAlgorithms=+ssh-dss,ssh-rsa | |||
KexAlgorithms +diffie-hellman-group1-sha1 | |||
KexAlgorithms +diffie-hellman-group-exchange-sha1 | |||
==== 2. Terminal support ==== | ==== 2. Terminal support ==== |
Revision as of 19:34, 16 July 2022
1. Compensating for dead crypto suites
At least as early as November 2021, the modern SSH client stopped accepting the old SHA1-based key-exchange suites suites offered by the Qube. Now you need to log in like this, with an override:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 192.168.25.8
Update 07/16/2022 --Upstream deprecation of hostkey suites
Times mills grind slowly on, and how you need hostkey overrides as well. On the commandline, the switch is:
HostKeyAlgorithms +ssh-rsa,ssh-dss
The updated stanza in ~/.ssh/config looks like this:
Host 192.168.25.8 HostKeyAlgorithms=+ssh-dss,ssh-rsa KexAlgorithms +diffie-hellman-group1-sha1 KexAlgorithms +diffie-hellman-group-exchange-sha1
2. Terminal support
Shell sessions with modern terminal emulators result in protocol errors for many programs on the Qube. Use xterm instead.
3. Compatibility for old NFS protocol versions
My Cobalt Qube 2 servers, which were set up as music servers, stopped working a few years ago. The problem was with the NFS client -- the shared files were visible to some system utilities and applications on the Qubes, but they weren't visible to MPD or Apache. It turns out that the fix is a mount option:
nfsvers=2
I added this to /etc/fstab and it fixed the problem. See:
https://ubuntuforums.org/showthread.php?t=2198333 https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Reference_Guide/s2-nfs-client-config-options.html
Update 12/15/2017 --Upstream deprecation of nfsv2
Now you have to explicitly enable nfsv2 on the server in addition to adding the client parameter.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869855
From: Robert Wohlmuther <robert.wohlmuther@gmail.com>
To: submit@bugs.debian.org Subject: nfs-kernel-server nfsv2 Date: Thu, 27 Jul 2017 08:14:19 +0200
Package: nfs-kernel-server Version: 1:1.3.4-2.1
uname -a Linux 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u2 (2017-06-26) x86_64 GNU/Linux
After upgrading jessie to stretch NFS version 2 is not working.
stretch:
cat /proc/fs/nfsd/versions
-2 +3 +4 +4.1 +4.2
jessie:
cat /proc/fs/nfsd/versions
+2 +3 +4 +4.1 -4.2
From: Marc-Henri Pamiseux <mhp@libricks.fr>
To: 869855@bugs.debian.org Cc: robert.wohlmuther@gmail.com Subject: Debian Stretch and nfs-kernel-server nfsv2 Date: Thu, 27 Jul 2017 23:44:04 +0200
Hello,
It is not a bug, It is a feature:)
Simple to resolv. Edit /etc/default/nfs-kernel-server file and change RPCNFSDCOUNT variable like this:
RPCNFSDCOUNT="8 --nfs-version 2"
Save the file and restart nfs-kernel-server service. Check the value of cat /proc/fs/nfsd/version. Update 1/2017 -- Old NFS settings in the firmware It turns out that if you try the existing Cobalt installation tutorials these days, they also run afoul of the NFS version problem. To-do: network chatter during failed NFS installation. Solution: install an old Debian version and, with it, an old nfs-kernel-server version.
Get an old netinst ISO and put it on USB or an optical disk. I used v6.0.10 (Squeeze), from here: http://cdimage.debian.org/cdimage/archive/6.0.10/amd64/iso-cd/. The nfs-kernel-server package is 1:1.2.2-4squeeze2 according to the search page. Installation works until you try to select a repo mirror -- old releases are not present on the mirrors. Instead, you have to access the archive after initial installation is over. Instructions for this: https://www.howtoforge.com/using-old-debian-versions-in-your-sources.list. Skip through the installer's mirror-selection step, which sends it straight to grub installation and completion. Boot into the new system, configure the apt sources as described in the link, and run tasksel to get back on track and complete the installation.