How to check if AES-NI is enabled for OpenSSL on Linux

Question: I have a Linux server which has Intel AES-NI hardware capability. I would like to check whether currently installed OpenSSL can use AES-NI acceleration. Intel Advanced Encryption Standard New Instructions (AES-NI) is a special instruction set for x86 processors, which is designed to accelerate the execution of AES algorithms. AES-based symmetric encryption is widely […]
Continue reading…

 

How to disable GNOME Keyring on GNOME desktop

Question: I am trying to use gpg-agent for SSH authentication when my key is on a separate USB security key card. However, I notice that when I log in to my GNOME desktop, gnome-keyring-daemon is already running, which appears to interfere with gpg-agent. How can I disable GNOME keyring on my Linux desktop? GNOME Keyring […]
Continue reading…

 

How to force password change at the next login on Linux

Question: I manage a Linux server for multiple users to share. I have just created a new user account with some default password, and I want the user to change the default password immediately after the first login. Is there a way to force a user to change his/her password at the next login? In […]
Continue reading…

 

How to block specific user agents on nginx web server

Question: I notice that some robots often visit my Nginx-powered website and scan it aggressively, ending up wasting a lot of my web server resources. I am trying to block those robots based on their user-agent string. How can I block specific user agent(s) on nginx web server? The modern Internet is infested with various […]
Continue reading…

 

How to fix “fatal error: security/pam_modules.h: No such file or directory”

Question: I was trying to compile a program on [insert your Linux distro], but was getting the following compile error: “pam_otpw.c:27:34: fatal error: security/pam_modules.h: No such file or directory” How can I fix this error? The missing header file ‘security/pam_modules.h’ is part of development files for libpam, a PAM (Pluggable Authentication Modules) library. Thus to […]
Continue reading…

 

How to install Shrew Soft IPsec VPN client on Linux

Question: I need to connect to an IPSec VPN gateway. For that, I’m trying to use Shrew Soft VPN client, which is available for free. How can I install Shrew Soft VPN client on [insert your Linux distro]? There are many commercial VPN gateways available, which come with their own proprietary VPN client software. While […]
Continue reading…

 

How to install autossh on Linux

Question: I would like to install autossh on [insert your Linux distro]. How can I do that? autossh is an open-source tool that allows you to monitor an SSH session and restart it automatically should it gets disconnected or stops forwarding traffic. autossh assumes that passwordless SSH login for a destination host is already setup, […]
Continue reading…

 

How to check SSH protocol version on Linux

Question: I am aware that there exist SSH protocol version 1 and 2 (SSH1 and SSH2). What is the difference between SSH1 and SSH2, and how can I check which SSH protocol version is supported on a Linux server? Secure Shell (SSH) is a network protocol that enables remote login or remote command execution between […]
Continue reading…

 

How to open a port in the firewall on CentOS or RHEL

Question: I am running a web/file server on my CentOS box, and to access the server remotely, I need to modify a firewall to allow access to a TCP port on the box. What is a proper way to open a TCP/UDP port in the firewall of CentOS/RHEL? Out of the box, enterprise Linux distributions […]
Continue reading…

 

How to fix “sshd error: could not load host key”

Question: When I try to SSH to a remote server, SSH client fails with “Connection closed by X.X.X.X”. On the SSH server side, I see error messages: “sshd error: could not load host key.” What is going on, and how can I fix this error? The detailed symptom of this SSH connection error is as […]
Continue reading…

 

How to detect and patch Shellshock vulnerability in bash​​

Question: I would like to know how to test whether or not my Linux server is vulnerable to bash Shellshock bug, and how to protect my Linux server against the Shellshock exploit. On September 24, 2014, a bash vulnerability nicknamed “Shellshock” (aka “Bashdoor” or “Bash bug”) was discovered by a security researcher named Stephane Chazelas. […]
Continue reading…

 

How to create a new Amazon AWS access key

Question: I was asked to provide an AWS access key ID and secret access key when configuring an application which requires access to my Amazon AWS account. How can I create a new AWS access key? Amazon AWS security credentials are used to authenticate you and authorize any third-party application to access your AWS account. […]
Continue reading…

 

How to fix “X11 forwarding request failed on channel 0”

Question: When I tried to SSH to a remote host with X11 forwarding option, I got “X11 forwarding request failed on channel 0” error after logging in. Why am I getting this error, and how can I fix this problem? First of all, we assume that you already enabled X11 forwarding over SSH properly. If […]
Continue reading…

 

How to turn off server signature on Apache web server

Question: Whenever Apache2 web server returns error pages (e.g., 404 not found, 403 access forbidden pages), it shows web server signature (e.g., Apache version number and operating system info) at the bottom of the pages. Also, when Apache2 web server serves any PHP pages, it reveals PHP version info. How can I turn off these […]
Continue reading…

 

How to define PATH environment variable for sudo commands

Question: I built and installed a program in /usr/local/bin. The program requires root privilege to run. But when I try to run the program with sudo, I get “sudo: XXXXX: command not found” error. Somehow /usr/local/bin is not included in the PATH environment variable. How can I fix this problem? When you run a program […]
Continue reading…

 

How to install Google Authenticator on Linux

Question: I want to use Google Authenticator to set up two factor authentication. How can I install Google Authenticator on [insert your Linux distro]? Google Authenticator is an application which can generate time-based one-time passcode to be used for two-factor authentication. You can install Google Authenticator on Linux as a pre-built package or by building […]
Continue reading…

 

How to disable a particular AppArmor profile on Ubuntu

Question: Is it possible to disable AppArmor for a specific service or software only, instead of completely turning off AppArmor system-wide? AppArmor, which is considered an alternative to SELinux, is the default application access control system of Ubuntu. Many Ubuntu packages (e.g., libvirt, MySQL) come with their corresponding AppArmor profiles which restrict the capabilities of […]
Continue reading…

 

How to use sudo without password prompt on Linux

Question: How can I use sudo without entering a password on Linux? sudo allows a system administrator to grant certain users (or groups) a permission to run privileged commands on Linux system. In order to run a command with sudo, users have to type their own password at a password prompt. To allow a specific […]
Continue reading…