06.20.08

Keep a specific debian package version

Posted in Intermediate, Linux at 10:21 am by Techie

In Debian / Ubuntu, sometimes you want to keep a package at a specific version, and not upgrade it. For instance, the Perl module DateTime::Timezone in Ubuntu Dapper lists its version as 1:0.37-1, when the version is actually 0.37. This makes it difficult if I build a new package of the perl module at version 0.7701, because though I can force install that version, if I run an apt-get upgrade later, it’s going to install the former, because it sees it as version 1, which is greater than 0.77.

Fortunately, the fix is easy: put the package on hold. This prevents it from being upgraded, though that also means you won’t get updates to it from the main repositories. If you built it yourself, then that might not be such a bad thing. To put a package on hold, you do:


echo packagename hold | sudo dpkg --set-selections

Replace packagename above with the name of your package (for instance, I would put libdatetime-timezone-perl). Did it work? Let’s see!


$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree... Done
The following packages have been kept back:
libdatetime-timezone-perl
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
$

Looks good to me!

Reference

06.11.08

Regenerating SSH keys on Ubuntu

Posted in Intermediate, Linux at 9:27 am by Techie

Due to the recent ssh vulnerability, many releases of Ubuntu found themselves with vulnerable ssh keys.

User Keys

Run ssh-vulnkey to see if you’re unlucky. If you are, you’ll have to regenerate your keys.

ssh-keygen -t rsa

That’s it. If you’re using dsa, use dsa in the above instead of rsa. You should let it overwrite your existing key file. Remember to clean up ~/.ssh/authorized_keys (or ~/.ssh/authorized_keys2) on the servers that might have your old key!

Server Keys

Dumping and re-creating your own keys is okay, but what about the server?

For ssh1 keys, do:

ssh-keygen -q -f /etc/ssh/ssh_host_key -N '' -t rsa1

For ssh2 keys, do the following:

ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa

Note that when you first connect to the server thereafter, it’ll warn you that the keys have changed. Well, obviously, you just regenerated them. You may have to manually edit 

~/.ssh/known_hosts

to remove those lines.

Reference

Bad Behavior has blocked 280 access attempts in the last 7 days.