Thursday, October 30, 2014

SSH - no matching cipher found

Edit: Please do your research, this may re-introduce vulnerable ciphers -- i don't have time to be safe. lmao.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

After a recent update of either Debian testing (Jessie) or OSX (Mavericks), I could no longer SSH from OSX into my Debian testing boxes.
I really don't know which OS update was at fault, but when I tried to SSH into my Debian testing boxes, i received the following message:
no matching cipher found: client blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
I can't have that -- my daughter needed to play on the minecraft server and she NEEDED TO PLAY NOW!
What this told me is that that my client (OSX) expected blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc but my server (Debian) supported aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
That sucks; stupid computer! (Wow, had not said that once since leaving Windows®)
Via web searches, I found that I could force a cipher like so: ssh -c aes128-ctr username@hostname so i did successfully. (I could just as well used ssh -c none username@hostname, but that's risky)
Once logged into my Debian box(es), I edited the ssh daemon config:
sudo nano /etc/ssh/sshd_config
and added the following to the bottom:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
As you can see, since I didn't know if there is an order of preference or not, I erred on the safe side and added the previously supported server ciphers before the client's expected ciphers.
Afterward I had to restart and verify the SSH Daemon:
sudo service sshd restart ; sudo service sshd status
On my OSX client, I tried to SSH and it complained WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! .. Oh my lord the world will end.
An easy fix was ssh-keygen -R hostname, where hostname was my Debian's hostname or IP obviosuly.
Now it worked as expected (and should have never failed in the first place).
-end-
But Daddy, you forgot the minecraft server... START THE MINECRAFT SERVER NOW!
--

Saturday, October 4, 2014

Lost or Stolen Mobile Device Location (Modern Devices / 2014)

Lost or Stolen Mobile Device Location
(Modern Devices / 2014)

In the event of lost or stolen devices, it is best to have your device prepared ahead of time.

Below are the "native" ways to do, but I will also present two other free services afterward.

To prepare your Android device, install "Device Manager" from the Google Play Store. Login with your Google account and approve location sharing if necessary. You may need to turn on Settings->Location Access+GPS+WiFi. If you have multiple Android devices, this app will also help locate your other devices.

In the event of a lost or stolen device, visit https://www.google.com/android/devicemanager and login with your Google account that was used to setup the device. Device Manager allows you to locate, ring, lock or erase your device. (You may have to "Setup Lock & Erase" First.)

To prepare your iPhone or iPad, go to Settings->iCloud. Login if necessary (use your Apple account) and pan down to "Find my iPhone" (or iPad) and turn it on. Also turn on "Send Last Location". You may need to turn on Settings->Privacy->Location Services also.

In the event of a lost or stolen device, visit https://www.icloud.com/#find to locate your device.

Now although these will certainly work, I personally don't want to be limited to only this.

I also recommend both Prey (https://preyproject.com/) and Lookout (https://www.lookout.com/).

Prey is a free location/anti-theft app for up to three devices including laptop computers. If lost or stolen, visit https://panel.preyproject.com/app where you can locate, lock, erase, send an alert, or sound an alarm. Prey may also be able to access the front facing camera.

Lookout is a free antivirus, backup, and device-location app with additional paid backup features. Once installed and configured, visit https://www.lookout.com/d/missingDevice to locate, lock, erase, or sound an alarm.
Plan B (https://faq.lookout.com/categories/20504137-plan-b) from Lookout.com may also help you locate your Android device if you have not configured any previous location services.

Thursday, October 2, 2014

git pull all your .gits

I'll provide this commandline with the terms that I am not responsible for any screw-ups due to it. (caveat: if your local repo specifies to merge, it will attempt merge or maybe warn.)


Find all your .gits and git pull each project:
find ~/ -type d -name ".git" -exec git -C '{}/..' pull \;

If you prefer to actually see which are updating, try:
find ~/ -type d -name ".git" -exec echo "{}" \; -exec git -C '{}/..' pull \; -exec echo "" \;

good luck!
---