Skip to content

Instantly share code, notes, and snippets.

Avatar

Troy Fontaine troyfontaine

View GitHub Profile
@troyfontaine
troyfontaine / README.md
Created Mar 20, 2018
RubyGems Type Error Fix
View README.md

Based on the work by wjordan in this comment

The solution is to force the update of RubyGems to side step the issue.

gem update --force --system 2.6.11

Then the error does not occur.

@troyfontaine
troyfontaine / README.md
Created Feb 6, 2018
High Sierra SSH Issue with Cisco iOS (ssh_dispatch_run_fatal Invalid key length)
View README.md

Overview

You must connect to your Cisco device from another machine using an earlier version of OpenSSH as the reason for this error is:

  1. The new version of OpenSSH does not support RSA Host Keys less than 1024 bits in length
  2. The switch by default has an RSA Host Key of less than 1024 bits

The solution is as follows:

Step 1. Connect from another device

You can actually get away with (for now) using Bitvise SSH on Windows and enabling the disabled Algorithms, etc. to allow you to connect to the Cisco device.

@troyfontaine
troyfontaine / README.md
Created Jul 1, 2018 — forked from RichardBronosky/README.md
Using cloud-init for cloudless provisioning of Raspberry Pi
View README.md

Installing cloud-init on a fresh Raspbian Lite image

This is a work in Progress!

Purpose

This mainly demonstrates my goal of preparing a Raspberry Pi to be provisioned prior to its first boot. To do this I have chosen to use the same cloud-init that is the standard for provisioning servers at Amazon EC2, Microsoft Azure, OpenStack, etc.

I found this to be quite challenging because there is little information available for using cloud-init without a cloud. So, this project also servers as a demonstration for anyone on any version of Linux who may want to install from source, and/or use without a cloud. If you fall into that later group, you probably just want to read the code. It's bash so everything I do, you could also do at the command line. (Even the for loop.)

@troyfontaine
troyfontaine / excerpt.conf
Created Nov 22, 2017
HAProxy Security Headers (1.6+)
View excerpt.conf
# Sampling of security headers
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
http-response set-header X-Frame-Options SAMEORIGIN
http-response set-header X-XSS-Protection "1; mode=block"
http-response set-header Referrer-Policy no-referrer-when-downgrade
@troyfontaine
troyfontaine / README.md
Created Sep 10, 2018
Raspbian Stretch VIM Fix
View README.md

Fix for blasted visual editor mode

Create the following file: /etc/vim/vimrc.local

" This file loads the default vim options at the beginning and prevents
" that they are being loaded again later. All other options that will be set,
" are added, or overwrite the default settings. Add as many options as you
" whish at the end of this file.

" Load the defaults
@troyfontaine
troyfontaine / README.md
Last active Oct 5, 2018
ACMESharp Cloudflare Script Steps Outline
View README.md

How to Manually Generate a Certificate using ACMESharp and CloudFlare DNS Integration

Install ACMESharp as per here.

Follow the installation steps from the getting started guide before using the instructions below.

Install Cloudflare Module

Run the following command to install the module:

Install-Module ACMESharp.Providers.CloudFlare
@troyfontaine
troyfontaine / README.md
Created Dec 12, 2018
Dell PowerConnect 3500 Series Tips
View README.md

How To

Commands

Firmware Updating while Stacked

Copy from a tftp to a stack master

copy tftp://192.168.0.8/powerconnect_35xx-20066.ros image
@troyfontaine
troyfontaine / create.sh
Last active Feb 6, 2019
Cloudkey SSL Cert with Third-party cert
View create.sh
#!/bin/bash
# Create fullchain
cat ~/cert/*.ca-bundle ~/cert/*.crt >> fullchain.cer
# Generate pkcs12 cert from acme output
openssl pkcs12 -export -in ~/cert/fullchain.cer -inkey \
~/cert/mydomain.key \
-out ~/cert/unifi.p12 -name unifi -password pass:aircontrolenterprise
@troyfontaine
troyfontaine / howtosurvive.md
Last active Mar 5, 2019
PFSense Router with VLANs and TFTP Server
View howtosurvive.md

Ephemeral Ports are your bane

TFTP is said to "only use UDP 69" but this is completely and totally inaccurate.

TFTP starts communications on UDP 69, then moves the conversation to ephemeral ports between the two systems-and depending on the systems involved, they can change during the boot process.

Note, this doesn't seem to work across VLANs....

So, where do you start?

Step 1) You need UDP 67, 69, 4011, 1024:5000 from your PXE booting machine to the PXE Server. This is because the PXE bootloader appears to use that range specifically.

@troyfontaine
troyfontaine / README.md
Last active Mar 24, 2019
Ubuntu 18.04 Raspberry Pi Cloud Init Notes
View README.md

Location of cloud-config

/Volumes/cloudimg-rootfs/var/lib/cloud/seed/nocloud-net/user-data

Networking Issues

Netplan seems to not play nicely with VLANs (or so it would appear), further testing required

Port in use issues if using WireGuard on UDP 53

systemd-resolve issues, solution

You can’t perform that action at this time.