1. OpenSSH keyfile format doesn't play with gnome-keyring daemon

    If you use the OpenSSH keyfile format (ssh-keygen -o or using Ed25519 keys) and using gnome-keyring you may get:

    sr4l@Lars-Laptop:~$ ssh user@server
    sign_and_send_pubkey: signing failed: agent refused operation
    Permission denied (publickey).

    This error message cost me a lot of time because on some PCs it does work on others it doesn't. Later I discovered that the problem only occurred if the keys have the default name ~/ssh/id_rsa. Later I found similar reports leading to gnome-keyring daemon.


    • Deactivate gnome-keyring entirely
    • Only deactivate the gnome-keyring SSH backend
    • Safe your keyfiles with a non-default name and use ssh-add /path …


  2. Zero-Day-Exploit for phpMoAdmin

    Cross post: Also on Github.

    A week ago I read a security alert at 'heise Security' . It's a German IT news site. The article was about someone is selling a Zero-Day-Exploit for phpMoAdmin. Here is another source in English. Because nobody has written an issue or a fix a week later I decided to write all the stuff down I figured out last week.

    At least for the second bug I already found Metasploit scripts. So I decide to publish the exploits as well. Its already all over the Internet.

    Well, the fact that there is a security hole and …


  3. Broken pyvenv in Ubuntu

    Since version 3.3 Python has his own virtual environment build-in. This is extremely useful especially if you like to install development or other specific versions of python libraries without messing with Ubuntu's repository python libs.

    Sadly it is broken in Ubuntu 14.04 and 14.10. If you try:

    sr4l@LARS-Laptop:~$ pyvenv-3.4 myvenv
    Error: Command '['/home/sr4l/myvenv/bin/python3.4', '-Im', 'ensurepip', '--upgrade', '--default-pip']' returned non-zero exit status 1

    You can only use it without pip and later install pip manually. (Bug report)

    With Ubuntu 14.04s Python 3.4 and the newest version of …


Page 1 / 2 »