Mac OSX

Broken pipe error on SSH session

Posted on by Andy

The "broken pipe" occurs when a SSH sessions times out. To resolve this you have 2 possibilities:

Server-Side (Linux):

  • open /etc/ssh/sshd_config
    # vim /etc/ssh/sshd_config
  • uncomment the lines:
    TCPKeepAlive Yes
    ClientAliveInterval 0 (change the 0 to 60, so every 60 seconds a keep alive packet is sent)
  • save the config
  • restart ssh server
    # service sshd restart

Client-Side (MacOSX/Linux):

  • open ~/.ssh/ssh_config (linux) or ~/.ssh/config (MacOSX)
  • add following lines:
    ServerAliveInterval 60 (send packet every 60 seconds)
  • save file

Create self-signed certificates with OpenSSL

Posted on by Andy

Hey, here are a few steps to create your own self-signed certificates with your own CA:

  1. Generate your 4096 bit CA key (no password):
    # openssl genrsa -out CA.key 4096
    or generate one with a password:
    # openssl genrsa -out CA.key 4096 -des3

​Please note that if someone gets this key and it’s not password protected he can generate valid certificates in your name, which is really really bad, so keep it secret!

  1. Generate your CA certificate:
    # openssl req -new -x509 -extensions v3_ca -key CA.key -days 10000 -out CA.crt

​This creates a valid CA certificate wich is valid for 10000 days. Why so long? Because when this CA expires you have to revoke and regenerate all the certificates based on this one which could be timeconsuming, but feel free to set a lower number. In order to recognize your self-signed certificates this CA must be installed on your computer which calls the website or alike. which varies between operating systems and programs.

  1. Generate a key for the server (again with or without password, simply add -des3 if you want password protection):
    # openssl genrsa -out server.key 4096
  2. Create A CSR (certificat signing request):
    # openssl req -new -key server.key -out server.csr

​Now before creating a CRT file: if you need multiple domains you can specifiy them in a separate file. In my example i named it multidomains.cnf and added the following line:

subjectAltName=DNS:www.domain.com,DNS:mail.domain.com,DNS:domain.com,DNS:mysql.domain.com

Please note that you need to specify the normal domain too (domain.com) in this file and as CommonName when generating the CSR.

  1. Generate the server certificate:
    # openssl x509 -req -in server.csr -CA CA.crt -CAkey CA.key -CAcreateserial -out server.crt -days 365
    generate with multidomains:
    # openssl x509 -req -in server.csr -CA CA.crt -CAkey CA.key -CAcreateserial -extfile multidomains.cnf -out server.crt -days 365

In case you want the to do quickly a certificate, you can do it also in one line:

openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout server.key -out server.crt

​All you have to do now is copy the server.key and server.crt onto your machine and configure your application to use this certificates.

Here are some useful sites if found about SSL:
http://www.chainsawonatireswing.com
http://phaseshiftllc.com
http://blog.didierstevens.com
http://shib.kuleuven.be

How to put OSX Mountain Lion (10.8) on a single-layer dvd

Posted on by Andy

Hello,

the downloaded Mountain Lion image has a total size of 4.8 GB which is too big for a single-layer dvd, but if you open the image and check the size of all files you only have 4.1 GB. So here is what you have to do to get the files on a normal dvd.

  1. Open the terminal and go to the folder where the installer dmg is located (InstallESD.dmg)
  2. Convert the dmg file to an iso file with
    # hdiutil makehybrid -o MountainLion.iso <dmg file>
  3. Now take the iso file and burn it normally to the single-layer dvd

That should be all, have fun with the new OS 😉