msgbartop
MAC OS X, Linux, Windows and other IT Tips and Tricks
msgbarbottom

19 Jan 17 SSH doesn’t accept my key since upgrade Mac OS X to Sierra

Introduction:
I have two MacBooks. One that still has Mavericks OS X and one that I just upgrade to Sierra OS X.
Since the upgrade I can’t connect via SSH to one of my Linux servers using the RSA/DSA Keys any more.
It always asks for a password. After adding the ‘-v’ option to the ssh command line, to see the handshaking, I noticed the following line:
debug1: Skipping ssh-dss key /Users/michel/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes
After doing some research in Google, it was said that the DSA keys are no more ‘secure’.
In order to make it work again against the same DSA keys it was suggested to do the following which worked:

Note: This solution is not recommended to be used because of the old DSA keys.
Solution:
In MAC edit(or create if not existing) the file ~/.ssh/config and add the following line:
PubkeyAcceptedKeyTypes +ssh-dss

11 Jan 17 Making a bootable USB stick using an .iso file on MAC

Introduction:
Although Mac has been changed a lot since the days of Free-BSD it is still Unix and has lots of commands that are very compatible with the ones of its brother Linux. So here are the commands done in the Mac terminal which creates a bootable USB drive using an ISO file as the source.
Note: The result might not be bootable on Mac since OS X does have some extra quirks that prevents this. In order to make an USB stick bootable on MAC use another article in this site which does exactly that.

Steps:
Plug you destination USB drive into Mac USB port and run the following command to find out which drive this is:
diskutil list
The result might look like this:
/dev/disk0
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *1.0 TB disk0
1: EFI EFI 209.7 MB disk0s1
2: Apple_HFS MAC13 676.2 GB disk0s2
3: Microsoft Basic Data LINUX 60.1 GB disk0s3
4: Microsoft Basic Data Linux Mint 60.1 GB disk0s4
5: Microsoft Basic Data 4.1 GB disk0s5
6: Microsoft Basic Data COMMON 199.3 GB disk0s6
/dev/disk1
#: TYPE NAME SIZE IDENTIFIER
..............
/dev/disk4
#: TYPE NAME SIZE IDENTIFIER
0: Apple_partition_scheme *104.9 MB disk4
1: Apple_partition_map 32.3 KB disk4s1
2: Apple_HFS 7zX 104.9 MB disk4s2
/dev/disk5
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *67.0 GB disk5
1: EFI EFI 209.7 MB disk5s1
2: Apple_HFS 64GB-OSX 66.7 GB disk5s2

In this case here the last device /dev/disk5s2 is the one in question.
We need now to unmount this device using the command:
diskutil unmount /dev/disk5s2
Then use the following command to create the bootable USB drive using the iso file:
dd if=/Volumes/DATA/ISO/debian-8.6.0-amd64-netinst.iso of=/dev/disk5s2 bs=1m
You can afterwards pull out the USB drive and use it to boot on a PC.

07 Nov 16 Extending SSD life expectancy by tuning Firefox

Introduction:
If you are using Firefox and SSD drive(s) then according to this site:
https://www.servethehome.com/firefox-is-eating-your-ssd-here-is-how-to-fix-it/
it is very recommended to make the small configuration change in Firefox to extend the life of your SSD.

Reason:
SSD Drives do have a lifespan depending on how many times we write to it. Therefore the function of regular saving of session found in Firefox reduces the life expectancy of SSDs.
By default it saves every 15 Sec. It is recommended to at least raise this to 30 Min. for example.

Steps:
Enter the following URL in your browser:
about:config
The search in the lists of configurations the item called:
browser.sessionstore.interval
Right click the mouse and select Modify
Since these values are in Milliseconds to make it 30 Min.(30x60x1000) this value should then be changed to:1800000

You can find also some extra information in this regard in the above web site where i took this valuable information.

28 Oct 16 Activating TRIM support for non-Apple SSDs

Introduction:
For a long time since the SSDs have appeared on the market, Apple had as default disabled the TRIP support for the SSDs IF the SSD was not manufactured from Apple. Thad certainly didn’t quite pleased the Mac users who wanted to upgrade their Macs with a non-Apple SSD. The company Cindori has since offered for free a tool called Trim Enabler which patched a kernel module that would overcome this limitation and got really successful with it, even after Apple has tried to block this by preventing a kernel module to load if it had been modified. Interestingly enough apparently since version OSX 10.10.4 Apple itself has felivered with the system a tool that would allow a user to enable TRIP support: trimforce. You run the tool in a terminal under sudo. Apple says explicitly that they don’t give any support for that tool if anything goes wrong, but since they have created it and offered it to users, there is no reason to believe that anything would go wrong with it.
NOTE: One has to have administrator rights to be able to run such tool though.

So here is how to use it:
Applications –>> Utilities –>> Terminal
in Terminal run the commands:
To enable TRIM support. You give your password and then you reboot the system for it to take effect
sudo trimforce enable
(to disable TRIM support. You give your password and then you reboot the system for it to take effect)
sudo trimforce disable
To verify the TRIM support:
Top Left Apple Logo –>> About this Mac –>> System Report(button) –>> SATA/SATA Express
Select the SSD in question and under TRIM Support it should be: Yes
TRIM Support: Yes

05 Oct 16 Disable the ‘System Integrity Protection’ in Mac

Follow these steps:

1. Boot to Recovery OS by restarting your machine and holding down the Command and R keys at startup.
2. Launch Terminal from the Utilities menu.
3. Enter the following command: csrutil enable --without debug
Reboot your computer.

09 Mar 16 Testing SSL Connections with SSLyze, Nmap or OpenSSL

Introduction:
OpenSSL is a great tool to check SSL connections to servers. The difficulty here is when one want a full scan of all possible SSL Cyphers and protocols used by a server. That is where SSLyze comes in handy. This tool is a Python script which will scan the target host/port for SSL handshake and report what works/support and what not. Unfortunately this lovely tool is not included in the Ubuntu/Debian distributions, and this is where this post comes handy.

IMPORTANT: Besides executing all the tests below one thing very important (as noted in the This link) is to upgrade OpenSSL to the latest version as follows:
OpenSSL 1.0.2 users should upgrade to 1.0.2g
OpenSSL 1.0.1 users should upgrade to 1.0.1s

SSLyze

Installing the dependencies and tool
cd /root/bin
wget https://github.com/nabla-c0d3/sslyze/archive/0.13.4.tar.gz
tar fvxz 0.13.4.tar.gz
apt-get install python-pip python-dev
pip install nassl

Using SSLyze
python /root/bin/sslyze-0.13.4/sslyze_cli.py --regular www.itmatrix.eu:443

NMAP

Scanning the full server for weaknesses including weak SSL Versions using NMAP.
Note: This operation can take a long time to execute.
apt-get install nmap
nmap -sV -sC www.itmatrix.eu

OR better(for checking the HTTPS,SMTPS,IMAPS,POP3S)
nmap --script ssl-cert,ssl-enum-ciphers -p 443,465,993,995 www.itmatrix.eu

OpenSSL

Checking the SSL connection with OpenSSL
echo 'q' | openssl s_client -host www.itmatrix.eu -port 443
Note: In this above case since the SSLv2 support is normally disabled for OpenSSL in Debian/Ubuntu distributions, you will not be able to see if the server is supporting it. To overcome this and enable SSLv2 support(for your testing Linux) then follow the instructions in this site:
http://www.hackwhackandsmack.com/?p=46

NOTE:
For more information regarding protection against DROWN(SSLv2) or POODLE(SSLv3) attacks see:
https://drownattack.com
http://www.softwaresecured.com/2016/03/01/how-to-confirm-whether-you-are-vulnerable-to-the-drown-attack/
http://www.mogilowski.net/lang/de-de/2014/10/23/disabling-sslv3-for-poodle-on-debian/
https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers,_Insufficient_Transport_Layer_Protection_%28OTG-CRYPST-001%29
https://zmap.io/sslv3/

22 Feb 16 Trouble installing Yosemite/El Capitan MAC OS X

Introduction:
You downloaded Yosemite or El Capitan Mac OS X and decided to install it a month or so later. As you start to install it and you get the error message:
“This copy of the Install OS X Yosemite(El Capitan) application can’t be verified. It may have been corrupted or tampered with during downloading.”

Reason:
The certificate of this copy of the installation app has run out. I don’t know for how long the certificate is but there is a way out.

Solution:
You set your system date/time to slightly later(one day or so) than the Modification Date/Time of the Installation app.
This way the app will ‘think’ that the certificate has not expired and let you install the new system. If the system is really too old then you can update it via Apple App Store after the installation.

Steps:
1) Take a look at the Modification date of the Installation app (Install OS X El Capitan.app) by right click on the application and selecting ‘Get Info’
2) Start you Utilities application called Terminal and use the following command to set the system date/time slightly later than the Modification Date/time. I used one day later and it worked fine:
Syntax:
sudo date {month}{day}{hour}{minute}{year}
Every bracket should be replaced with a two-digit number. For example, March 18th 2013 12:50 would become the following command:
sudo date 0318125013

Then restart the installation and it should not display this error any more.

12 Oct 15 How to upgrade your Mac from a rotary(regular) hard disk to an SSD.

Introduction:

Very often friends that have a Mac or PC tell me that they need to buy a new Mac/PC because the present one has become too slow. Generally these machines have no internal SSD installed as system hard disk. In this case I often recommend to install an SSD instead of buying a new machine. Doing so the machine will become from 4 to 6 times faster, and the procedure is much cheaper.
I will explain here one way to do it for the Mac OS X. The procedure of doing the same for a PC is not explained here. The different versions of Windows or Linux are so many, that writing a procedure for each variations of those systems is beyond my time and/or motivation.

Upgrading your Mac OS X to run in an SSD drive

1. Depending on your budget and the size of the existing hard disk,
you go onto the following site and buy the size of SSD hard disk that is appropriate to your needs.
I chose the Samsung SSD because I find them to be very reliable. I have no experience with other brands though.
http://www.amazon.co.uk/Samsung-2-5-Inch-Solid-State-Drive/dp/B00P73B1E4/ref=sr_1_1?ie=UTF8&qid=1444605857&sr=8-1&keywords=samsung+500GB+SSD
Note: Always make sure you are buying an SSD that is of equal capacity or higher than the existing hard drive.

2. Because you will need to use the existing hard disk as external one for the migration of your system, you will need to get an external casing for it. Here is a site that give lots of possible alternatives of cases for your 2.5 Inches existing hard drive.
http://www.amazon.co.uk/s/ref=nb_sb_noss_2?url=search-alias%3Daps&field-keywords=external+hard+disk+case

3. Once you have bought and received the new SSD, find a reliable Mac service center around you and ask them to ONLY replace the existing hard disk with the new SSD. That’s all, you’ll do the rest of the migration. This way you limit the costs of the Mac service center and learn how to do it. You can then do it for your friends later on.

4. Once the SSD is installed in the Mac and you have received the external casing for the hard disk, open the external case and install your old hard disk in it. It is quite simple to do.

5. Connect your external hard disk(containing your original hard disk) to the Mac’s USB port before turning it on.

6. Press on the option key (‘alt’) and keep it pressed while you turn on your Mac. You will be presented with a choice of hard disks from which you can boot. Very likely there will be only one presented: Your external hard disk.
In any case, chose to boot from the Orange color hard disk (that will be your external hard disk)
Note: This booting time will take much longer than usual, simply because the booting hard disk is accessed via the slow USB port as opposed to the regular internal fast port.

7. Once you have completed the booting and logged in, start your favorite browser and download the program: Carbon-Copy-Cloner. This program can be downloaded without purchasing it. It will have advertisements on it as long as you don’t purchase it, but it has all the same functions as the purchased version. Double-click on the downloaded .dmg file to extract it, and place the ‘Carbon Copy Cloner.app’ into the Application directory.

8. You start the Hard disk Utilily application (Disk Utility.app) found in /Applications/Utilities/ directory.
Partition the Samsung SSD hard disk as a single partition and completely format this partition as ‘Mac OS Extended (Journalled)’ file system format.
WARNING: Make sure you are making those changes on the proper hard disk(SSD) and not the one you are using as external hard disk. You certainly don’t want to delete all on your original hard disk before the migration is finished. ;-(

9. In order to be able to migrate your original OS X and data to the new SSD, you will need a special program that will do the job properly, including making the new SSD bootable(very important part). Download this software from:
http://www.macupdate.com/app/mac/7032/carbon-copy-cloner
– Install and Start the ‘Carbon Copy Cloner’ application.
– Assign the source and destination hard disks.
. The source hard disk will be the external hard disk (probably of orange color)
. The destination hard disk will be the SSD (probably of grey color)
– Start the cloning procedure. This will take some time.
Note: Very possibly the Carbon Copy Cloner application will immediately complain that you don’t have a recovery partition assigned in your destination disk and that it is recommended to create one. Simply accept and follow the instructions. This should send you to the Hard Disk Utility ,where you start the creation of this recovery partition, then when finished, it should throw you back to the Carbon Copy Cloner where you can continue the cloning.

10. Once the cloning is finished, shut down your mac normally.

11. Unplug the external hard disk and turn on your Mac. It should take a bit of time for it to try to figure out from which hard disk it should boot. It should then automatically boot from your SSD.

12. Once booted, to make sure that your Mac doesn’t take too much time to figure out where is the disk to boot from on next boots, go to the System Preferences and select the icon: Startup Disk (in the fourth row). Select the SSD and Click on ‘Restart‘ button. This time the booting should be very fast without delays.

13. Once booted again, you need to install the TRIM Enabler software. Here is why:
The TRIM function is meant to do some regular house cleaning on SSD hard disks.
If not enabled the hard disk will, with time, become slower for writing new data on it.
Since Apple OS X doesn’t enable the TRIM function if the SSD is not an Apple SSD,
we need to use a third party software to do the trick and enable it.
You can download it from:
https://www.cindori.org/software/trimenabler/
The purchased version most likely has more features which you don’t need just for the TRIM function.
Install it, start it, turn it ON and select the option that it should check for the TRIM Enable status ever time the system boots.

14. That’s it!! You can now use your external hard drive as a backup of your system or anything else and you’ve got a new Mac, well not really but much faster 😉

Recommendation:
I recommend, besides doing backups with Time Machine, to make regular backups of your full system onto an external hard disk that is as big as the system disk using the Carbon Copy Cloner.
The way in the advent of a crash and/or unable to boot you can:
– boot the backup system from this external hard disk via USB
– backup the data that is new on the SSD that is not on the backup system
– use Carbon Copy Cloner program to clone back from the External drive to the SSD
(like you did for the first migration)
– recover your latest data from the data backup disk or the Time Machine

15 Apr 15 How to create a bootable USB stick on OS X

This article is based on the following How-to in Ubuntu site:
http://www.ubuntu.com/download/desktop/create-a-usb-stick-on-mac-osx

We would encourage Mac users to download Ubuntu Desktop Edition by burning a CD. But if you prefer to use a USB stick, please follow the instructions below.

Note: this procedure requires that you create an .img file from the .iso file you download. It will also change the filesystem that is on the USB stick to make it bootable, so backup all data before continuing.

Tip: Drag and drop a file from Finder to Terminal to ‘paste’ the full path without risking typing errors.

1 – Download Ubuntu Desktop
2 – Open the Terminal (in /Applications/Utilities/ or query Terminal in Spotlight).
3 – Convert the .iso file to .img using the convert option of hdiutil e.g.,
hdiutil convert -format UDRW -o ~/path/to/target.img ~/path/to/ubuntu.iso
Note: OS X tends to put the .dmg ending on the output file automatically.
4 – Run
diskutil list
to get the current list of devices.
5 – Insert your flash media in USB port.
6 – Run
diskutil list
again and determine the device node assigned to your flash media (e.g. /dev/disk2).
7 – Run
diskutil unmountDisk /dev/diskN
(replace N with the disk number from the last command; in the previous example, N would be 2).
8 – Execute
sudo dd if=/path/to/downloaded.img of=/dev/rdiskN bs=1m
(replace /path/to/downloaded.img with the path where the image file is located; for example, ./ubuntu.img or ./ubuntu.dmg).
Using /dev/rdisk instead of /dev/disk may be faster
If you see the error dd: Invalid number ‘1m’, you are using GNU dd. Use the same command but replace bs=1m with bs=1M
If you see the error dd: /dev/diskN: Resource busy, make sure the disk is not in use. Start the ‘Disk Utility.app’ and unmount (don’t eject) the drive
9 – Run
diskutil eject /dev/diskN
and remove your flash media when the command completes.
10 – Restart your Mac and press alt/option key while the Mac is restarting to choose the USB stick.

03 Apr 15 Resuming files copy after break with rsync

In my work, I often need to transfer large files from my MAC desktop to a Linux server in Internet.
Since the Internet connection is often broken and changes IP, transferring of large files really can be difficult.
That is where rsync come to the rescue by saving the already transferred part of the file in a temporary location in the remote server. If the connection breaks the transfer can than be resumed by initiating the same command again.
Here is an example:
rsync --append --progress --partial -azvv /local/dir/ user@remote.srv:/data/backups/
This command will show you the progress of the recursive transfer of all files contained in /local/dir/ to the remote server in the existing directory /data/backups/. If the connection breaks, issuing the same command again will resume the transfer from where it got interrupted.

NOTE 1: Remember that pressing ‘CTRL-C’ to interrupt the transfer will defeat this resume feature since the remote server will detect that the transfer was intentionally interrupted by the user with CTRL-C and will delete the already transferred part of the current file. All fully transferred files will not be touched. Only the partially transferred part will be deleted.

NOTE 2: When resuming a broken transfer, the partially transferred file will get read in the remote server to verify where it should resume from. If the file is big that can take a while. Nevertheless it does that much much faster than re-transferring the whole file again.