tag:blogger.com,1999:blog-39959676619363725152024-02-08T04:29:40.869-08:00Code Grillbrainshttp://www.blogger.com/profile/03481074725470465735noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-3995967661936372515.post-30587469737761560922010-08-06T10:52:00.000-07:002010-08-06T11:09:21.936-07:00eCryptFS and SSH authorized_keysI updated ubuntu earlier this week which broke ssh via public key encryption if your home directory is encrypted with eCryptFS. Here's the error from my /var/log/auth.log file:<br /><blockquote>sshd[27665]: Passphrase key already in keyring; rc = [1] <br />sshd[27665]: ecryptfs_add_passphrase_key_to_keyring: Error adding auth tok with sig [679363337585871a] to the keyring; rc = [1] <br />sshd[27665]: Error attempting to add filename encryption key to user session keyring; rc = [1] <br /></blockquote><br />The problem is your encrypted home directory is not mounted if you are not logged in, so the authorized_keys file which is normally in your ~/.ssh/ path doesn't exist yet. The solution is to login with your encrypted home directory unmounted and recreate the .ssh/authorized_keys file in the unmounted state. Described <a href="https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427/comments/12">here</a>.<blockquote>$ /sbin/umount.ecryptfs_private<br />$ cd $HOME<br />$ chmod 700 .<br />$ sudo mkdir -m 700 .ssh<br />$ chmod 500 .<br />$ echo $YOUR_PUBLIC_KEY > .ssh/authorized_keys<br />$ /sbin/mount.ecryptfs_private</blockquote><br />Note that you must do this for all users who want to login with ssh.brainshttp://www.blogger.com/profile/03481074725470465735noreply@blogger.com6tag:blogger.com,1999:blog-3995967661936372515.post-48465410249750468392009-07-06T00:59:00.000-07:002009-07-06T01:43:22.177-07:00How To Serve Pre-Compressed Static Files in ApacheThere are example snippets in various corners of the web on how to do this, but surprisingly it's hard to find real working examples. <br /><br />Here's a snippet of Apache configuration that will serve out pre-compressed gzip files for javascript and css and set the proper Content-Type and Content-Encoding. For example, if the client requested <i>myfile.js</i> and accepts gzip encoding, Apache will look for a file named <i>myfile.js.gz</i> and send the contents of the compressed file instead. If the compressed file doesn't exist, it sends the uncompressed version.<br /><br />Also note that this is proxy caching server friendly.<br /><br /><pre><br /># Netscape 4.x has some problems... only compress html files<br />BrowserMatch ^Mozilla/4 gzip-only-text/html<br /><br /># Netscape 4.06-4.08 has problems... don't compress anything<br />BrowserMatch ^Mozilla/4\.0[678] no-gzip<br /><br /># MSIE masquerades as Netscape<br />BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html<br /><br />RewriteEngine on<br /><br /># If the browser accepts gzip and the requested file exists with<br /># a .gz appended, then rewrite the request to the .gz file<br />RewriteCond %{HTTP:Accept-Encoding} gzip<br />RewriteCond %{REQUEST_FILENAME}.gz -f<br />RewriteRule (.*\.(css|js))$ $1\.gz [L]<br /><br />#Set content type to JavaScript and the encoding to gzip<br /><FilesMatch ".*\.js\.gz$"><br /> ForceType application/x-javascript<br /> Header set Content-Encoding gzip<br /></FilesMatch><br /><br />#Set content type to CSS and the encoding to gzip<br /><FilesMatch ".*\.css\.gz$"><br /> ForceType text/css<br /> Header set Content-Encoding gzip<br /></FilesMatch><br /><br /># Tell caching proxy servers to cache the file based on both<br /># browser type and encoding<br />Header append Vary User-Agent<br />Header append Vary Accept-Encoding<br /><br /># Do this to set proper ETags for server clusters<br />FileETag MTime Size<br /></pre>brainshttp://www.blogger.com/profile/03481074725470465735noreply@blogger.com5