SFTP Not Working On The Fedora 21 KDE Spin?

Attempting to connect to SFTP from Dolphin gave an Error.  Which made no sense, as I knew the remote port was open, and I could connect via the command line SSH.  I am using the KDE Plasma Desktop Spin for Fedora 21.

If you are getting this, its an easy fix - some library was missing and I'm not sure which (writing this after the fact).  But the KDE Spin didn't have the full KDE group installed, so just do:

sudo yum groupinstall "KDE Plasma Workspaces"

Now try connecting.

Firewalld Configuration for Bittorrent Sync on Fedora 21

Have you started to use Bittorrent Sync (or btsync) yet?  Its absolutely fabulous and a great alternative to Box, Drive or Dropbox (and others).  And its a great snub to those that thinks 'bittorrent' equates to piracy when its simply a protocol.

When you add a folder or key and do not see any expected peers (your other machines with btsync installed, that connect to share content) this is most likely firewalld blocking your necessary port, when using Fedora 21.

The default behaviour of Fedora 21 with firewalld is to run in public zone with limited services inbound.  This is good.

You could disable firewalld - but thats crazy talk!  A firewall should be mandatory for any roaming machine, and still a good idea for a desktop or server.  A better idea, learn how to configure it (of course).

Now, you can configure btsync to use a specific port, turn off UPNP and put a hole in your router to your device.  There is an easier way.  (and not always an option if you are on a public or work network)

Lets keep using UPNP for the router, open up tcp/udp port 3000 for LAN searching, as well as allowing relay to work for external hosts.

So we do all our work in the firewall-config app.  You can find this in your menus or simply run it.

For a preamble, my sync.conf has the following related parameters:

"listening_port" : 0
"use_upnp" : true

On my home zone, I created a new service called (take a wild guess) btsync with a tcp and udp port, both using 3000.

Remember to configure your changes in the Permanent configuration (the drop down at the top).

Then on the home zone (or whichever you have configured for your connection), simply select btsync as a service.

Nearly done.  In the Options menu, select Reload Firewalld.

Switch to the Runtime configuration to see if your changes took hold.

Now check your btsync web interface, you should see your peers appear.

Install Arch With Encrypted LVM

Any device with data that you own should have encryption to protect data at rest.

In a previous post, I described how to install Arch with LVM.  Now I will inject the commands to encrypt a disk partition using LUKS and use that for your LVM physical volume with dm-crypt.  I use this method to install a new Arch Linux laptop, for example, one that will not span physical drives, and done at installation time.  If you wish to encrypt your desktop drive, it may be better to follow the LUKS on LVM method instead of the LVM on LUKS that I use here.

So after you have encrypted your drive but before creating your physical volume, encrypt that partition.

cryptsetup --verify-passphrase luksFormat /dev/sda2

Now you need to open the newly encrypted partition, naming it lvm, to create the LVM physical volume upon.

cryptsetup open --type luks  /dev/sda2 lvm

Now replace the following commands with these that use the encrypted partition.

pvcreate /dev/mapper/lvm
vgcreate system /dev/mapper/lvm

Now continue with the LVM posting and your installation guide of choice. Your disk will look like this:



My /etc/fstab now looks like this - note, this is an SSD drive.




When you get to the configuring mkinitcpio.conf section, add encrypt before lvm2 in the HOOKS parameter.

HOOKS="...block encrypt lvm2..."

I disabled UUID disk identification, but this is optional, in this file as well.

GRUB_DISABLE_LINUX_UUID=true

Ensure you create the new initramfs file after editing.

Only one more thing, you need to tell the bootloader about the encrypted partition by editing /etc/default/grub.

GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:system:allow-discards"

Finish your Arch install.

Running SSH With a Non-Default Port in Fedora 20

I admit it, I'm a noob to using Fedora.  But I've jumped in with both feet and am enjoying it very much.  One of the very first things I do to a new installation of GNU/Linux is set up SSH for remote access.

After setting up your /etc/ssh/sshd_config with a different port than the default, 22, you need to enable the service and allow access to the port in Fedora 20.

sudo vim /etc/ssh/sshd_config

Its a very good idea to go through this file and set it up appropriately.  But for the purposes of this post, set Port 22022.

I'm cheating - using a GUI tool to set the firewall as I'm still learning firewall-cmd.  So run sudo firewall-config.   You want to change the configuration to Permanent, select the Services tab then select the ssh Service.  Now in the Ports and Protocols, select Add.  Simply enter the port number you wish to use, I'm using 22022, the select OK.  You will end up with something like this.

Almost done.  Select the Options menu and then Reload Firewalld.

You can check if your changes took hold by switching back the configuration to Runtime, and then view the ssh Service.

You need to configure SELinux to allow the new port.  A simple command will do it.

sudo semanage port -a -t ssh_port_t -p tcp 22022

Now you can (re)start and enable the service.

sudo systemctl restart sshd.service
sudo systemctl enable sshd.service

Want to test if everything is okay.  First look at the service.

sudo systemctl status sshd.service

Finally, ssh to the box for a final test.

Installing Arch Linux With LVM

The question is not "are you using LVM" but "why aren't you using LVM"?  (I'm politely ignoring Btfs for this posting, I'll post on that another time)

I won't get into the benefits of using the Logical Volume Manager (LVM) - but its a stable disk management system that his been in the Linux world since 1998 - and I can not imagine installing a Linux system (from laptop to server) without it.

I can go on - give you some war stories - but instead let me give you the few commands you include when installing Arch Linux with LVM.

Following the Installation Guide (or maybe the Beginners Guide), when you get to partitioning you will want to load this module.

modprobe dm-mod

Next you will partition your disk(s).  I will show you a simplified setup using MBR with a separate /boot partition (call me old school).  Notice /dev/sda2 type is Linux LVM.  You could create a single large partition, or even multiple Linux LVM type-partitions on different disks.



Next you need to setup LVM inside the Linux LVM type-partition.  First initialize the physical volume, the /dev/sda2 partition you created above.

pvcreate /dev/sda2

Next you need a volume group, keeping it simple I'll just create the one - naming it system.

vgcreate system /dev/sda2

Now your logical volumes, where the fun happens (notice the system volume group label).

lvcreate -L 25G -n root system
lvcreate -L 16G -n swap system
lvcreate -l 100%FREE -n home system

Now you come to the formatting portion of the instructions.  Its essentially the same, just the syntax is a little different.

mkfs.ext4 /dev/sda1
mkfs.ext4 /dev/mapper/system-root
mkfs.ext4 /dev/mapper/system-home

And the same for your swap logical volume.

mkswap /dev/mapper/system-swap
swapon /dev/mapper/system-swap

Now mount those bad-boys.

mount /dev/mapper/system-root /mnt
mkdir /mnt/home /mnt/boot
mount /dev/sda1 /mnt/boot
mount /dev/mapper/system-home /mnt/home

When you create your /etc/fstab ensure everything is correct.



Now edit your /etc/mkinitcpio.conf to add the lvm2 HOOK between block and filesystems so it looks like this.

HOOKS="base udev autodetect modconf block lvm2 filesystems keyboard fsck"

In the same file add dm-mod to MODULES.

MODULES="dm-mod"

Any time you edit that file, remember to run the following.

mkinitcpio -p linux

I didn't include the /boot partition in LVM or I would have had to include lvm module in /etc/default/grub, like this.  Remember to do this before creating the /boot/grub/grub.cfg

GRUB_PRELOAD_MODULES="part_gpt part_msdos lvm"

That is pretty much it.  You may get warnings when generating your /boot/grub/grub.cfg, but as long as there is no errors all should be good.

Continue with the remainder of your instructions and remember the most important thing - have fun with your Arch system!

This is just showing you how to install Arch Linux using LVM - not even touching on why you should do this or, now that its installed and configured, what you can do with it.

Migrate VMware Fusion Virtual Machines to VirtualBox

If you Google on how to migrate a VMware Fusion virtual machine (VM) to Oracle VirtualBox, you will find a lot of different methods and responses.  I selected the following due to the simplicity of it, as well as the small size of the open virtualization format (OVF) used for moving between physical machines.

On your OSX machine that has Fusion installed, and since we will be working from the command line, I link the ovftool to /usr/local/bin/ which is on my $PATH (you can link it to any other location, or skip and access with the full path).

ln -s /Applications/VMware\ Fusion.app/Contents/Library/VMware\ OVF\ Tool/ovftool /usr/local/bin/

Ensure your VM is powered off before starting this.  Run the tool against the VMX file - outputting the OVF file to wherever you want.

ovftool --acceptAllEulas ../../Virtual\ Machines.localized/Debian.vmwarevm/Debian.vmx Debian.ovf

 Then in Virtual Box do an Import Appliance from the File menu.

Once finished, don't forget to remove the VMware Tools and install the VirtualBox Guest Addons.  Oh yea, double check your VirtualBox settings for this newly converted VM as well - do not assume they converted correctly.

Finally, cross your fingers and start it up!

Use Remote Login on OSX for File Sharing

Big shocker - I'm a heterogeneous kind of guy.

While I prefer Linux, I also have OSX boxes - and sometimes the odd Windows machine will show up on my LAN.  I want to share files across these machines.  You'd suggest SMB right (or File Sharing in Apple parlance)?

Wrong.

For a long time, File Sharing (SMB or AFP) was a hit and miss type of service on every OSX machine I used.  Most of the time it worked - and then it doesn't, and you hunt around for a cause, trying various actions to fix the issue that strangely appeared without any changes to the machine.  It was frustrating.  (and no, it wasn't just user error! lol)

Then the fix hit me one day - SFTP!

And I've never been happier.  (and the bonus, all my communications are encrypted!)

On your OSX box, head to System Preferences -> Sharing -> disable File Sharing and enable Remote Login.  Chose who to allow onto your box.

You may not know it - but your life just got easier (and less frustrating).

Connecting to that machine from various other machines will now be dependable and consistent.  You can use, from your command line, sftp, ssh, scp (and probably others).  For GUI clients, there are too many to list - from Dophin on KDE, to ForkLift on OSX.

The biggest negative to this solution is that the default Connect to Server on OSX won't (natively) support SSH, neither does Windows.  There are ways to make me into a liar though - and I encourage you to check these out.

While describing OpenSSH is out of scope for this post - configuring this tool correctly will allow for a secure and simpler authentication experience.