Upgrading my SSH and SSHd settings

Thanks to the great articles by stribika on github and Aaron Toponce, these are the updated settings I am using now:

Protocol 2
Ciphers aes256-ctr,aes192-ctr,aes128-ctr,arcfour256,arcfour128,arcfour 
KexAlgorithms diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160


Host *
    Ciphers aes256-ctr,aes192-ctr,aes128-ctr,arcfour256,arcfour128,arcfour
    KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160

Difficulties installing TrueCrypt on OS X Yosemite


Finally I came across doing a clean install of my Macbook, this is long due since the system is piling up crap from 2012.

I am a heavy TrueCrypt user despite the announcements the team made a couple of months back so after installing OS X I went to the archive page on GRC to get the latest fully functional binary and upon installing on my Mac I found that there was a version check.

Thanks to the fix on stefansundin.com I was able to be up and running:

First copy the package to your desktop, then open terminal and type:

sed -i '' 's/<installation-check .*>//' 'Desktop/TrueCrypt 7.1a.mpkg/Contents/distribution.dist'

Thats it!

Creating an Ansible-Ready Proxmox VE OpenVZ template

Alongside with the instructions on creating a customized template, also:

  1. Create the user “ansible”.

    adduser ansible 
    mkdir /home/ansible/.ssh 
    echo "YOURSSSHKEYHERE" > /home/ansible/.ssh/authorized_keys 
    chown -R ansible:ansible /home/USERNAME/.ssh 
    chmod 600 /home/ansible/.ssh/authorized_keys
  2. Add it to the sudoer’s list:

    cat > /etc/sudoers.d/ansible <<!ENDSUDOERS 
    ansible ALL=(ALL) NOPASSWD: ALL 
    chmod 440 /etc/sudoers.d/ansible

Letting your pool sleep…

Some very good points on an article I just stumbled upon…

Mount all your filesystems/pools with noatime

This way you won’t generate writes every time a file is accessed. I had this suggested by an episode of TechSnap where one of the hosts mentioned that they do this to avoid writes while doing reads but never came back to actually implement it.

I don’t have other filesystems on my FreeNAS box and ZFS has a property for this. Just run:

zfs set atime=off POOLNAME

Find files modified in the last day or so

A good snippet to try to get to these files is:

find / -mtime -1

Relocate directories and files to non-rotating media

Also another great suggestion on the original article:

Get a cheap USB drive (does not need to be big) and format it as ext4 (technically, you could set up another ZFS pool there too). Then, set it to be mounted in `/var/volatile` on your fstab. You can now move directories that contain frequently modified files there. After you’re done moving those directories, you can symlink them from their original location. So, for example, you would move `/var/log` to `/var/volatile/log`, then creating a symbolic link to `/var/volatile/log` named `/var/log`. At this point, it would be wise to make a cron job to nightly back the contents of this USB drive up (think `rsync -a`) to a backups directory somewhere in your pool. OK. If you’ve moved the most frequently modified files to `/var/volatile`, your disks will be idle unless you are actually using your file server. Now it’s time to take advantage of that idleness.

Problems when Windows and Macs access the same FreeNAS shares

I believe that this might be quite a common issue among other FreeNAS users. I have in my network both Mac and Windows PCs and after I mount a share in OS X, multiple folders are created, namely “Network Trash Folder” and “Temporary Items”.

After trying to ignore them for quite a long time I decided to take a deeper look into this. The Oreilly’s Samba Book, Chapter 5, section 2 details some options that can be used here.

The Ubuntu forums also mention this solution which ended up being simpler than I could have expected. I just added the following line to CIFS Settings on my FreeNAS box:

hide files = /Network Trash Folder/Temporary Items/

That´s it!