Skip to main content

Kerberos & SSH at CERN

Quick blog posting to save me having to explain to people what's needed:

1) RTFM: http://linux.web.cern.ch/linux/docs/kerberos-access.shtml -- thats where most of the good debugging tips are

2) to get it working between say your ubuntu laptop and cern hosts you'll need to append
allow_weak_crypto = true
to /etc/krb5.conf [libdefaults] section. (see bug)

3) make life easy and put a few things in your ~/.ssh/config

host *
Protocol 2
VerifyHostKeyDNS yes
VisualHostKey yes
GSSAPIAuthentication yes
PreferredAuthentications gssapi-with-mic,publickey

host lxplus
hostname lxplus.cern.ch
ForwardAgent yes
GSSAPIDelegateCredentials yes
GSSAPITrustDNS yes

(despite what the man page says there are NO SPACES between the options in PreferredAuthentications (see SSH bug 1702)

Comments

Popular posts from this blog

Growatt inverter monitoring with Raspberry Pi

At home we have a small (2.5KW - 10*250w panels) PV system to try and offset our daytime electricity usage. This is connected to a 'Growatt' inverter that handily has both RS485 (wierd 2 pin plugs) and RS232 (9 pin D connector buried under a screwplate) outputs.

With the firmware on ours (installed Sept 2013) it supports modbus-rtu over serial 9600 8N1.

I had done some initial digging and experimentation (as announced on Whirlpool) but never really got sensible values out.When my guruplug (via a long USB to serial adaptor) finally died and I shelved the whole thing. With the completion of the structured wiring though I finally got round to reconnecting it and starting again.

Small D9 Gender changer, + cisco console cable (all hail fleabay) gives a nice neat look on the outside, and in the garage I have another console cable plugged into the relevant patch outlet and a cheap usb-serial adaptor in a Raspberry Pi (which also has a GPS module connected, acting as a PPS NTP master)

Publishing DHT22 data via MQTT with an ESP8266

Some time ago I picked up a couple of ESP-01 modules with the intention of using them as wireless temperature/humidity sensors coupled with a DHT22.

Initial investigations took place at the Perth Artifactory "Arduino-U" evenings - I managed to put on a nodemcu lua firmware and found a few (varying) dht22 libraries. however I couldn't ever manage to get it to consistently publish the information to my message broker - it'd do one or two and then lock up. I dug it out again recently and decided to have another go - especially as Pete Scargill seemed to be having success with them (running native C).

So trying to 'revert' to a newer espressif release turned out to be non-trivial - installing the relevant toolchain needs multiple bits. I gave up and noticed that there was a newer (0.9.6-dev_20150704) nodemcu release, so I gave that a try.

First discovery - There's native support for the dht sensors in the firmware, so to get the current values all you need is…

Pretty Colours via MQTT

What does a geek do when they have some spare RGB LED strip (addressable WS2812B) and some cheap nasty LED devices? LED transplant time...

So, first to go was the LED glass prism stand received as a christmas present - out went the potted pcb with three fading LEDs, and in went a single piece of RGB strip fixed in place with a hot glue gun.
wire comes out the bottom and goes to a nanode.
So far so good, but I don't just want fixed or fading colours so time to revisit an IoT idea: Cheerlights

The cheerlights API defines 10 colors that can be set, but I want the possibility of sending any RGB value, so I created @FakeCheerlights as an MQTT series of topics on the test.mosquitto.org broker

fakecheerlights/rgb
fakecheerlights/colour
fakecheerlights/raw

which contain the hex RGB value, the identified colour name and the raw tweet.

A separate script (running on the NAS) uses the twitter API via tweepy to follow the twitter stream search for 'cheerlights' and 'fakecheerlights…