I'm trying to sign some kernel modules (for virtualbox) as explained here.
As explained there, I create the new keys:
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Descriptive name/"
I sign all the modules:
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxdrv)
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxnetadp)
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxnetflt)
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxpci)
But when it comes to importing the keys, that fails
$ sudo mokutil --import MOK.der
input password:
input password again:
Failed to enroll new keys
What could be causing this?
EDIT: Actually, I just noticed that I really can't do much with mokutil. For example:
$ sudo mokutil --reset
input password:
input password again:
Failed to unset MokNew
Failed to write MokAuth
Failed to unset MokNew
Failed to issue a reset request
I think that the only commands that don't fail somehow are --sb-state which correctly states that SecureBoot is enabled, and --list-enrolled which lists enrolled keys. Everything else errs in some way.
If you are on Ubuntu you don't need to set a root password. Not sure about other distros, but this should work with any distro that uses sudo.
sudo su
mokutil --import MOK.der
It should work without error now. Then to get back to a normal prompt just type.
exit
or simple
reboot
You now need to go through the UEFI prompt to add your key. Whatever you named it should show up, at least it did for me on my system.
Now you should be able to use your software.
I had the same problem and found that UEFI boot had to be enabled while using modutil. (I had it disabled to use vmware workstation.)
Hope that helps!
I was able to solve this:
set a root passord (as I am using Ubuntu and it is not set by default)
doing it as root and with option --root-pw
Had the same issue. Did a bit digging around with mokutil --help and was able to get things to work like this:
mokutil --set-verbosity true #optional
mokutil --password #enter password when prompted
mokutil --import MOK.der #enter same password
Posting it here in the hope that it helps someone. I have no clue why it works like this. All I'm trying to do is get VMware Workstation to work on Ubuntu with Secure Boot turned on :)
PS: Ubuntu 20.04.1 Desktop
Related
I am trying to install the macport demeter using the following line in mac terminal:
sudo port install demeter
I get the error message
Error: Failed to activate demeter: Image error: /opt/local/lib/perl5/vendor_perl/5.34/darwin-thread-multi-2level/Ifeffit.pm is being used by the active p5.34-ifeffit port. Please deactivate this port first, or use 'port -f activate demeter' to force the activation.
I have two questions:
(1) Why am I getting this error message? Have I accidentally got two copies of demeter?
(2) How can I deactivate this port? (I'd rather deactivate it then use the force activate option)
When I run
sudo lsof -i -n -P | grep TCP
I can't actually see 'p5.34-ifeffit port' in the list of ports.
This is a bug in the demeter port. It should not install the files of the ifeffit perl module, but instead declare a dependency on p5.34-ifeffit.
Please file a ticket at https://trac.macports.org/newticket.
You can force the activation, but that will overwrite the file(s) in question with the copies from the demeter port. Uninstalling that port later will delete those files, which may then in turn break other software that relies on p5.34-ifeffit.
I'm not experienced with Demeter but you might try asking for help on the MacPorts users mailing list:
https://lists.macports.org/mailman/listinfo/macports-users
Or raise a ticket on the MacPorts Trac system:
https://trac.macports.org/newticket?port=demeter
Craig
I'm installing SQL Server on Linux Ubuntu 18.04, according to the tutorial https://learn.microsoft.com/en-us/sql/linux/quickstart-install-connect-ubuntu?view=sql-server-ver15, however when executing the first command
wget -qO- https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
I get the following error
gpg: no valid OpenPGP data found.
I've done several researches about the error, installed ca-certificates, installed all the gpg packages but I still can't solve the problem, can someone direct me to a solution?
The command works fine for me. In all likelihood there is a firewall or proxy server silently blocking and/or rewriting the web page.
Do this:
wget -qO- https://packages.microsoft.com/keys/microsoft.asc
In all likelihood it will print out something that tells you what is intercepting the traffic and preventing you from getting the real key. Once you figure out what's blocking the traffic, you'll have to figure out how to get it to stop.
I have the same problem. I believe 99.99% of it's a connection issue. You might be connecting through a firewall or VPN. I have the same issue when I only connect through the company network. I tried the same command on a machine at my house, and it's working just fine.
You can just add "--no-check-certificate" to the command:
wget --no-check-certificate -qO- https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
If you want to see what is going on, you can use verbose command instead of quiet before adding "--no-check-certificate" option. e.g.
wget -vO - https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
This will tell you to use "--no-check-certificate" if you are behind proxy.
My problem was the internet connection configuration, in my /etc/netplan/00-installer-config.yaml file, the network mask was wrong
I'm setting up a new remote host and every time i initiate it i get the following error output: Any feedback or direction on how to resolve this issue?
Pseudo-terminal will not be allocated because stdin is not a terminal.
Linux Destiny 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1 (2019-04-12) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
mesg: ttyname failed: Inappropriate ioctl for device
bash: cannot set terminal process group (3202): Inappropriate ioctl for device
bash: no job control in this shell
mesg: ttyname failed: Inappropriate ioctl for device
Installing...
Downloading with wget
WARNING: tar exited with non-0 exit code
Found running server...
*
* Reminder: You may only use this software with Visual Studio family products,
* as described in the license (https://go.microsoft.com/fwlink/?linkid=2077057)
*
cat: /root/.vscode-remote/.473af338e1bd9ad4d9853933da1cd9d5d9e07dc9.log: No such
file or directory
Server did not start successfully. Full server log:
cat: /root/.vscode-remote/.X.log51ec4692-
4da4-4ec0-b613-5a3563034cf1====
: No such file or directory
"install" terminal command done
Received install output: : No such file or directory
Failed to parse remote port from server output: : No such file or directory
If the server fails to shut down properly, sometimes it leaves dangling lockfiles. This can cause startup to fail and produce the "Failed to parse remote port from server output" error message. In this case the solution is to simply to delete the lockfiles:
.vscode-server/bin/[:xdigit:]*/vscode-remote-lock.*
Fixed the issue. It appears I had 2 other server agents running incorrectly. I killed both server agents using kill (PID) and removed ".vscode_remote" directory from user home directory. Then i reinitialized remote-ssh from vscode. Successfully connected!
On remote machine you do not have a tar installed. It's in log output
Installing... Downloading with wget
WARNING: tar exited with non-0 exit code
so under a root run:
apt-get install tar
or with sudo, if you have a user with sudoers configured:
sudo apt-get install tar
I also got the same issue and my workaround was to provide proper rights to the home or user folder, so vscode can create a remote folder and do the required installation on it.
Example :
sudo chmod -R 777 home/
In this case, I have provided all rights to my home folder and It worked like a charm for all the users.
I ssh'd onto the remote server (linux) and then deleted both directories as follows:
$ rm -r .vscode-server.backup2022-04-03T16:20:18-05:00
$ rm -r .vscode-server
In case someone else encounters the same issue - I had an instance where remote target had no space left on device. After extending root volume of target machine, connection worked fine.
I had the same issue because vscode was looking for my .vscode-server directory in the wrong location (it was in a custom location due to restrictions on where files can be saved). This can be fixed by using How to change vscode-server directory. Specifically add:
"remote.SSH.lockfilesInTmp": true,
"remote.SSH.serverInstallPath":{
"hostname":"/path/to/.vscode-server/.."
}
To your settings.json
In my case, it wasn't working because of server asking for new password when starting a session. What I did was to open a new default terminal (not VSC terminal but your OS default terminal like ZSH, CMD, and so on). And I used the ssh command to login. I logged in successfully and changed the password. Then I tried connecting with the new password and it worked because the server didn't asked for password change now.
Command:
ssh username#IP
Enter password and you'll get asked to change the password. Change the password and try connecting again with new password using SSH VSC extension.
If yout authorize by ssh-key - also check the value of User parameter in VsCode ssh config. User must have matching key in ~/.ssh/authorized_keys on remote host.
#Sachin's answer directed me in the right direction, VSCode needs permissions in order to create some files, but instead of giving 777 permissions to your home folder (which can be dangerous) you can just chown the user that wants to log in (the user for me was ubuntu):
sudo chown -R ubuntu /home
I also got the same issue and my workaround was to provide proper rights to the home or user folder, so vscode can create a remote folder and do the required installation on it.
Step 1: Add port to your config file :
Host hostname
Port 22
User username
Step 2 : Go to File->Prefrences ->Open settings.json fle
Search for lockfilesInTmp
and check the box next to that
I need to monitor the performance of a raspberry PI (with raspbian), I tried to use new relic, but it doesn't support ARM architecture, so it's impossible to use.
I even tried graphdat but seems to have the same problem.
Any alternative to suggest me?
Linode Longview does support arm architecture:
https://www.linode.com/longview
The free tier have 12-hour retention but that may be enough for most cases.
I know this is old, but New Relic has ARM and ARM64 infrastructure agents now:
https://download.newrelic.com/infrastructure_agent/binaries/linux/arm/
I've tested this on a Raspberry Pi 4 (8GB) on Debian (32-bit) and it's been working fine so far.
In case anyone else tries, here's what I did:
Download the Infrastructure Agent:
sudo curl https://download.newrelic.com/infrastructure_agent/binaries/linux/arm/newrelic-infra_linux_1.20.5_arm.tar.gz --output newrelic-infra_linux_1.20.5_arm.tar.gz
Extract the files
sudo tar -xf newrelic-infra_linux_1.20.5_arm.tar.gz
Add license key to the config script:
echo "license_key=\"<YOUR_LICENSE_KEY>\"" | sudo tee -a ~/newrelic-infra/config_defaults.sh
Install the Infrastructure Agent
sudo ~/newrelic-infra/installer.sh
Check service status to make sure it's running:
sudo systemctl status newrelic-infra
By default, process information is not sent to New Relic, so I had to enable it manually:
echo "enable_process_metrics: true" | sudo tee -a /etc/newrelic-infra.yml
Finally, restart the service:
sudo systemctl restart newrelic-infra
I'm trying to download a file from sftp site using batch script. I'm getting the following error:
Permission denied (publickey,password,keyboard-interactive).
Couldn't read packet: Connection reset by peer
When running the command:
sftp -b /home/batchfile.sftp <user>#<server ip>:<folder>
the batchfile.sftp includes these data:
password
lcd [local folder]
cd [sftp server folder]
get *
bye
Note: It's working when running at the prompt as
sftp <user>#<server ip>:<folder>
But I need the ability to enter the password automatically.
You'll want to install the sshpass program. Then:
sshpass -p YOUR_PASSWORD sftp -oBatchMode=no -b YOUR_COMMAND_FILE_PATH USER#HOST
Obviously, it's better to setup public key authentication. Only use this if that's impossible to do, for whatever reason.
If you are generating a heap of commands to be run, then call that script from a terminal, you can try the following.
sftp login#host < /path/to/command/list
You will then be asked to enter your password (as per normal) however all the commands in the script run after that.
This is clearly not a completely automated option that can be used in a cron job, but it can be used from a terminal.
I advise you to run sftp with -v option. It becomes much easier to fathom what is happening.
The manual clearly states:
The final usage format allows for automated sessions using the -b
option.
In such cases, it is necessary to configure non-interactive authentication
to obviate the need to enter a password at connection time (see
sshd(8) and ssh-keygen(1) for details).
In other words you have to establish a publickey authentication. Then you'll be able to run a batch script.
P.S.
It is wrong to put your password in your batch file.
You mention batch files, am I correct then assuming that you're talking about a Windows system? If so you cannot use sshpass, and you will have to switch to a different option.
Two of such options, that follow diametrically opposite philosophies are:
psftp: command-line tool that you can call from within your batch scripts; psftp is part of the PuTTY package and you can find it here http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Syncplify.me FTP Script: a scriptable FTP/S and SFTP client for Windows that allows you to store your password in encrypted "profile files"; check it out here http://www.syncplify.me/products/ftp-script/
Either way, switching from password to PKI authentication is strongly recommended.
PSFTP -b path/file_name.sftp user#IP_server -hostkey 1e:52:b1... -pw password
the file content is:
lcd "path_file for send"
cd path_destination
mput file_name_to_send
quit
to have the hostkey run:
psftp user#IP_SERVER
You need to use the command pscp and forcing it to pass through sftp protocol. pscp is automatically installed when you install PuttY, a software to connect to a linux server through ssh.
When you have your pscp command here is the command line:
pscp -sftp -pw <yourPassword> "<pathToYourFile(s)>" <username>#<serverIP>:<PathInTheServerFromTheHomeDirectory>
These parameters (-sftp and -pw) are only available with pscp and not scp. You can also add -r if you want to upload everything in a folder in a recursive way.
This command will help you
sshpass -p MYPASSWORD sftp MYUSERNAME#HOST