What a maddeningly addictive game. Damn!
I wanted a directory and everything under it to always get the same owner, group and mode, regardless of who created the files. Access Control Lists to the rescue.
# setfacl -Rm u:myuser:rwX,g:www-data:rwX,d:u:myuser:rwX,d:g:www-data:rwX dir/
I had to
apt-get install acl to get the
setfacl command. I’m not exactly clear on why I repeat two regular ACLs with the “d:” prefix to make them default ACLs. Why not just use the default syntax exclusively?
After trawling many a forum, finally found the answer. Reset the BIOS to defaults. Seriously. That is all. Derp.
I was curious to see how quickly I could transfer files to my Pi using SSH rather than FTP. Obviously using FTP is way faster than almost any other method, but still I wanted to see how fast I could transfer data over SSH.
Here’s the time it took to transfer a 50 MB file to my Pi using different SSH ciphers.
I later re-tested the
aes128-ctr cipher and it took about a second less than what I’d recorded initially. This boils down to:
- Don’t use triple-DES ever, for both performance and security reasons
- Most other ciphers give about the same performance, and are generally considered secure
arcfouris the fastest class of ciphers, but there is less trust in it from the crypto community. If you’re going to use it, try to avoid the base
arcfourcipher and instead use the 128 or 256 version, which tosses out some of the initial bits as a precaution
The usual suspects failed me last night when the
$DISPLAY environment variable wasn’t being set after I logged in via SSH to my Pi. The usual suspects being to make sure that the X11 forwarding options were turned on in
/etc/ssh/sshd_config on the server and in
ssh_config on the client, or to use the command line options
So I tried logging in again with the debug level turned up (
-vvv) and saw the message,
X11 forwarding request failed on channel 0. I had remembered from when this happened to me before that you also need a particular package on the server side to allow X11 authentication, whatever package contains the
xauth binary. However, it was there and seemed to be working properly.
The Googles turned up this link, which showed that a new option may need to be in your
sshd_config on a newer version of OpenSSH:
I then did a
sudo service ssh restart, which thankfully is smart enough not to kill your existing SSH session, and logged in again. Finally, I saw
$ echo $DISPLAY
and once again, all was well with the world.