Skip to content

Instantly share code, notes, and snippets.


Troy Fontaine troyfontaine

View GitHub Profile
troyfontaine /
Created Mar 20, 2018
RubyGems Type Error Fix

Based on the work by wjordan in this comment

The solution is to force the update of RubyGems to side step the issue.

gem update --force --system 2.6.11

Then the error does not occur.

troyfontaine /
Created Feb 6, 2018
High Sierra SSH Issue with Cisco iOS (ssh_dispatch_run_fatal Invalid key length)


You must connect to your Cisco device from another machine using an earlier version of OpenSSH as the reason for this error is:

  1. The new version of OpenSSH does not support RSA Host Keys less than 1024 bits in length
  2. The switch by default has an RSA Host Key of less than 1024 bits

The solution is as follows:

Step 1. Connect from another device

You can actually get away with (for now) using Bitvise SSH on Windows and enabling the disabled Algorithms, etc. to allow you to connect to the Cisco device.

troyfontaine /
Created Jul 1, 2018 — forked from RichardBronosky/
Using cloud-init for cloudless provisioning of Raspberry Pi

Installing cloud-init on a fresh Raspbian Lite image

This is a work in Progress!


This mainly demonstrates my goal of preparing a Raspberry Pi to be provisioned prior to its first boot. To do this I have chosen to use the same cloud-init that is the standard for provisioning servers at Amazon EC2, Microsoft Azure, OpenStack, etc.

I found this to be quite challenging because there is little information available for using cloud-init without a cloud. So, this project also servers as a demonstration for anyone on any version of Linux who may want to install from source, and/or use without a cloud. If you fall into that later group, you probably just want to read the code. It's bash so everything I do, you could also do at the command line. (Even the for loop.)

troyfontaine / excerpt.conf
Created Nov 22, 2017
HAProxy Security Headers (1.6+)
View excerpt.conf
# Sampling of security headers
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
http-response set-header X-Frame-Options SAMEORIGIN
http-response set-header X-XSS-Protection "1; mode=block"
http-response set-header Referrer-Policy no-referrer-when-downgrade
troyfontaine /
Created Sep 10, 2018
Raspbian Stretch VIM Fix

Fix for blasted visual editor mode

Create the following file: /etc/vim/vimrc.local

" This file loads the default vim options at the beginning and prevents
" that they are being loaded again later. All other options that will be set,
" are added, or overwrite the default settings. Add as many options as you
" whish at the end of this file.

" Load the defaults
troyfontaine /
Last active Oct 5, 2018
ACMESharp Cloudflare Script Steps Outline

How to Manually Generate a Certificate using ACMESharp and CloudFlare DNS Integration

Install ACMESharp as per here.

Follow the installation steps from the getting started guide before using the instructions below.

Install Cloudflare Module

Run the following command to install the module:

Install-Module ACMESharp.Providers.CloudFlare
troyfontaine /
Created Dec 12, 2018
Dell PowerConnect 3500 Series Tips

How To


Firmware Updating while Stacked

Copy from a tftp to a stack master

copy tftp:// image
troyfontaine /
Last active Feb 6, 2019
Cloudkey SSL Cert with Third-party cert
# Create fullchain
cat ~/cert/*.ca-bundle ~/cert/*.crt >> fullchain.cer
# Generate pkcs12 cert from acme output
openssl pkcs12 -export -in ~/cert/fullchain.cer -inkey \
~/cert/mydomain.key \
-out ~/cert/unifi.p12 -name unifi -password pass:aircontrolenterprise
troyfontaine /
Last active Mar 5, 2019
PFSense Router with VLANs and TFTP Server

Ephemeral Ports are your bane

TFTP is said to "only use UDP 69" but this is completely and totally inaccurate.

TFTP starts communications on UDP 69, then moves the conversation to ephemeral ports between the two systems-and depending on the systems involved, they can change during the boot process.

Note, this doesn't seem to work across VLANs....

So, where do you start?

Step 1) You need UDP 67, 69, 4011, 1024:5000 from your PXE booting machine to the PXE Server. This is because the PXE bootloader appears to use that range specifically.

troyfontaine /
Last active Mar 24, 2019
Ubuntu 18.04 Raspberry Pi Cloud Init Notes

Location of cloud-config


Networking Issues

Netplan seems to not play nicely with VLANs (or so it would appear), further testing required

Port in use issues if using WireGuard on UDP 53

systemd-resolve issues, solution

You can’t perform that action at this time.