andersblockmar.

Ask me anything   This is my blog, mostly pictures and not that many posts though. I'm also on Instagram and Twitter.

twitter.com/blockmar:

    Puma förtydligar vad de accepterar och inte i sin återvinningslåda. Vilken tur. (à ION Orchard)

    Puma förtydligar vad de accepterar och inte i sin återvinningslåda. Vilken tur. (à ION Orchard)

    — 4 months ago

    Det är inte alltid så classy på Hilton. (à Zeta Bar)

    Det är inte alltid så classy på Hilton. (à Zeta Bar)

    — 4 months ago

    Aaron James Draplin på #yayfestival

    Aaron James Draplin på #yayfestival

    — 7 months ago

    #yayfestival 
    Sitter framför datorn…

    Sitter framför datorn…

    — 7 months ago

    Halloween!

    Halloween!

    — 7 months ago

    Nu är det dags igen! Yey!!

    Nu är det dags igen! Yey!!

    — 8 months ago

    Street Art #paris  (Pris avec Instagram)

    Street Art #paris (Pris avec Instagram)

    — 10 months ago

    #paris 
    Paris in the morning #nofilter #nopeople (Pris avec Instagram)

    Paris in the morning #nofilter #nopeople (Pris avec Instagram)

    — 11 months ago

    #nofilter  #nopeople 
    Sthlm! (Pris avec Instagram à Monteliusvägen)

    Sthlm! (Pris avec Instagram à Monteliusvägen)

    — 11 months ago

    creativemornings:

    In this CreativeMornings/Stockholm talk, Julia Hoffmann, Creative Director at the MoMA speaks about working with one of the world’s most important brands for art. From type decisions to a recently launched iPad App, Julia walks us through the branding decisions and design work that goes on behind the scenes at this iconic museum.

    Cheers to Nisse Axman & Oskar Törnros for filming and Nisse Axman for editing!

    — 12 months ago with 15 notes

    I Paris täcker man en hel bro, I Stockholm är det en klase… (Pris avec instagram)

    I Paris täcker man en hel bro, I Stockholm är det en klase… (Pris avec instagram)

    — 1 year ago

    Instagram old school

    Instagram old school

    — 1 year ago

    Fint mitt i city. (Taken with Instagram at Jarlaplan)

    Fint mitt i city. (Taken with Instagram at Jarlaplan)

    — 1 year ago

    OpenSSH 5.9 on an old Fedora 9

    Recently I was faced with the task of upgrading OpenSSH on an old Fedora 9 Linux system. This is the tale of how it is done.

    I will not address the issue of why we do not just upgrade our Fedora 9 (the current version is 16 or 17)  that is a totally different story…

    The problem with installing the latest version of ssh on an old system is that no prebuilt rpms exists. And since I was preforming the upgrade remotely (using ssh) I wasn’t too happy about having to build the server from source. Luckily some Googeling provided a golden mean.

    This blog-post explained how to build custom rpm’s using redhat’s contributed presets:

    http://wiki.xdroop.com/space/Linux/Building+OpenSSH-Portable+for+CentOS

    First the basics. Install development packages needed to compile OpenSSH.

    # yum install gcc
    # yum install openssl-devel
    # yum install pam-devel
    # yum install rpm-build
    

    To install OpenSSH 5.9 you also need tcp_wrappers_devel

    # yum install tcp_wrappers-devel
    

    Then download the latest tar-ball from here. Extract it somewhere, eg. /usr/local/src. Then copy the files into the redhat rpm build tree:

    # tar zxvf openssh-5.9p1.tar.gz
    # cp openssh-5.9p1/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/
    # cp openssh-5.9p1.tar.gz /usr/src/redhat/SOURCES/
    # cd /usr/src/redhat/SPECS
    

    The blog-post then suggested running a perl hack to remove som unwanted configuration options. This hack wan’t compatible with the newer version of the openssh.spec file. Instead just edit the file by hand using your editor of choice. I used vi.

    The following changes are needed:

    1. Change “no_x11_askpass” from 0 to 1
    2. Change “no_gnome_askpass” from 0 to 1
    3. Remove WARNING* from the line begining with %doc

    I added the last change to solve a problem when building the docs, no files named WARNING* exists resulting in a failed build.

    Now build the rpms.

    # rpmbuild -bb openssh.spec
    

    Before you install the rpms there is one last very important step. The new rpms will replace the /etc/pam.d/sshd file with an updated incorrect version. Make a backup copy of this file before you install. If you do not replace the file after the install logging in to the server will NOT work!

    # cp /etc/pam.d/sshd /etc/pam.d/sshd.bak
    

    Then install your new rpm from the /usr/src/redhat/RPMS/<architecture>/ folder

    # rpm -Uvh openssh*rpm
     Preparing… ############################ [100%]
     1:openssh ############################ [ 33%]
     2:openssh-clients ####################### [ 67%]
     3:openssh-server ####################### [100%]
    

    And then re-replace your pam-config

    # cp /etc/pam.d/sshd.bak /etc/pam.d/sshd
    

    The last step is to restart sshd and test logging in to your server.

    # /etc/init.d/sshd restart
    

    Now try logging in to your server using ssh. If it does not work you need to reinstall the old ssh-rpms. Download them from the Fedora site and use the same command as above (Use —force to allow downgrading) then restart again and see that everything works.

    If you missed the step of replacing the pam-configuration and login does not work. You will see an error message like this one in your logs (/var/log/security)

    PAM unable to dlopen(/lib64/security/pam_stack.so): /lib64/security/pam_stack.so: cannot open shared object file: No such file or directory
    

    This is because the config wrongly is pointing to pam_stack.so that does not exist on Fedora 9. The correct pam-config should look like this:

    #%PAM-1.0
    auth       include      system-auth
    account    required     pam_nologin.so
    account    include      system-auth
    password   include      system-auth
    session    optional     pam_keyinit.so force revoke
    session    include      system-auth
    session    required     pam_loginuid.so
    
    — 1 year ago