SSHbase is a bcfg2 plugin for managing ssh host keys. It is responsible for making ssh keys persist beyond a client rebuild and building a consistent ssh_known_hosts file including all the ssh keys and deploying it across all the systems bcfg2 manages.

SSHbase has two basic functions:

• to generate ssh host keys; if a system has not a key in the repository, it will be generated on its first check-in
• to maintain a consistent ssh_known_hosts file, and deploy it to all systems. This will include all the public keys in the repository.

Read the rest of this entry »

The Dell Remote Access Controller or DRAC is an interface card by Dell which provides out-of-band management. The controller has its own processor, memory, battery, network connection, and access to the system bus. Key features include power management, virtual media access and remote console, all available through a supported web browser. This gives system administrators the ability to configure a machine as if they were sitting at the local console (terminal).

Since the DRAC card has its own IP separated from the one of the host server it is very common to assign for it a private IP; or even if it has a public IP it might be protected by a corporate firewall, making it very simple to connect from the corporate office, but not from outside. In such cases when you need to connect to the DRAC console from outside a solution is to tunnel over SSH your DRAC traffic.

Read the rest of this entry »

Yesterday, 13 May 2008, was a really bad day for the Debian project, probably one of the worst days in the history of Debian. Luciano Bello discovered that the random number generator in Debian’s openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable.

Systems which are running any of the following releases are affected :

• Debian 4.0 (etch):

  http://www.debian.org/security/2008/dsa-1571

• Ubuntu 7.04 (Feisty), 7.10 (Gutsy), 8.04 LTS (Hardy):

  http://www.ubuntu.com/usn/usn-612-1

• and other debian etch based distros.

Read the rest of this entry »

This document describes how to install and use sshfs, a FUSE based filesystem that uses SSH to mount remote folders. Since it is based on FUSE (userspace filesystem framework for Linux) your kernel will need to have the fuse module available. FUSE is included in kernel newer than 2.6.14, so I will assume that you will have it already included in your kernel.

Read the rest of this entry »