Keeping the Qube alive

From One-Eyed Man Wiki
Revision as of 19:34, 16 July 2022 by Dwrob (talk | contribs) (→‎1. Compensating for dead crypto suites: Host key deprecation update)
Jump to navigation Jump to search

1. Compensating for dead crypto suites

At least as early as November 2021, the modern SSH client stopped accepting the old SHA1-based key-exchange suites suites offered by the Qube. Now you need to log in like this, with an override:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 192.168.25.8

Update 07/16/2022 --Upstream deprecation of hostkey suites

Times mills grind slowly on, and how you need hostkey overrides as well. On the commandline, the switch is:

HostKeyAlgorithms +ssh-rsa,ssh-dss

The updated stanza in ~/.ssh/config looks like this:

Host 192.168.25.8
HostKeyAlgorithms=+ssh-dss,ssh-rsa
KexAlgorithms +diffie-hellman-group1-sha1
KexAlgorithms +diffie-hellman-group-exchange-sha1

2. Terminal support

Shell sessions with modern terminal emulators result in protocol errors for many programs on the Qube. Use xterm instead.

3. Compatibility for old NFS protocol versions

My Cobalt Qube 2 servers, which were set up as music servers, stopped working a few years ago. The problem was with the NFS client -- the shared files were visible to some system utilities and applications on the Qubes, but they weren't visible to MPD or Apache. It turns out that the fix is a mount option:

nfsvers=2

I added this to /etc/fstab and it fixed the problem. See:

https://ubuntuforums.org/showthread.php?t=2198333
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Reference_Guide/s2-nfs-client-config-options.html

Update 12/15/2017 --Upstream deprecation of nfsv2

Now you have to explicitly enable nfsv2 on the server in addition to adding the client parameter.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869855

From: Robert Wohlmuther <robert.wohlmuther@gmail.com>

To: submit@bugs.debian.org Subject: nfs-kernel-server nfsv2 Date: Thu, 27 Jul 2017 08:14:19 +0200

Package: nfs-kernel-server Version: 1:1.3.4-2.1

uname -a Linux 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u2 (2017-06-26) x86_64 GNU/Linux

After upgrading jessie to stretch NFS version 2 is not working.

stretch:

cat /proc/fs/nfsd/versions

-2 +3 +4 +4.1 +4.2

jessie:

cat /proc/fs/nfsd/versions

+2 +3 +4 +4.1 -4.2

From: Marc-Henri Pamiseux <mhp@libricks.fr>

To: 869855@bugs.debian.org Cc: robert.wohlmuther@gmail.com Subject: Debian Stretch and nfs-kernel-server nfsv2 Date: Thu, 27 Jul 2017 23:44:04 +0200

Hello,

It is not a bug, It is a feature:)

Simple to resolv. Edit /etc/default/nfs-kernel-server file and change RPCNFSDCOUNT variable like this:

RPCNFSDCOUNT="8 --nfs-version 2"

Save the file and restart nfs-kernel-server service. Check the value of cat /proc/fs/nfsd/version. Update 1/2017 -- Old NFS settings in the firmware It turns out that if you try the existing Cobalt installation tutorials these days, they also run afoul of the NFS version problem. To-do: network chatter during failed NFS installation. Solution: install an old Debian version and, with it, an old nfs-kernel-server version.

Get an old netinst ISO and put it on USB or an optical disk. I used v6.0.10 (Squeeze), from here: http://cdimage.debian.org/cdimage/archive/6.0.10/amd64/iso-cd/. The nfs-kernel-server package is 1:1.2.2-4squeeze2 according to the search page. Installation works until you try to select a repo mirror -- old releases are not present on the mirrors. Instead, you have to access the archive after initial installation is over. Instructions for this: https://www.howtoforge.com/using-old-debian-versions-in-your-sources.list. Skip through the installer's mirror-selection step, which sends it straight to grub installation and completion. Boot into the new system, configure the apt sources as described in the link, and run tasksel to get back on track and complete the installation.