iGadget's questions

In an attempt to harden the security of my servers, I'm taking my first steps in implementing key-based SSH logins. However, the following confused me:

After setting up my public and private key, ssh-keygen opted me to secure the private key with a password. Following my own strict password policy, I let my password manager create a strong, lenghty password (which I don't want or need to remember) and copy-pasted it into the terminal (using CTRL+SHIFT+V to paste). All well.

Then I transfered my public key to one of my servers (ProxMox running on Debian) with ssh-copy-id. Worked like a charm:

$ ssh-copy-id admin@server
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 2 key(s) remain to be installed -- if you are prompted now it is to install the new keys
admin@server's password: 

Number of key(s) added: 2

Now try logging into the machine, with:   "ssh 'admin@server'"
and check to make sure that only the key(s) you wanted were added.

Here's when my confusion starts:

• I type the command exactly as shown above - ssh 'admin@server'
• A full screen popup appears, telling me to "Enter password to unlock private key"
• There's no way for me to switch to my password manager (fancy Ubuntu 20.04 fullscreen popups, yay...)
• I hit 'Cancel' since I have no way to copy-paste the required password from my password manager
• ...and next thing I know I'm logged in as admin@server.

How is this possible? I expected an 'access denied', 'unable to login' or 'unable to access private key', since the private key was never unlocked. But none of that - I'm just logged in. The only thing I see right after I'm logged in is this:

sign_and_send_pubkey: signing failed for RSA "/home/user/.ssh/id_rsa" from agent: agent refused operation

But after that, I can do whatever I want on the server. So... Is this how things are supposed to work? What's the point of putting a password on your private key, if it's ignored anyway? Sounds to me something is seriously broken, or am I missing something?

(P.S. - The 'sign_and_send_pubkey' message disappeared after unlocking the private key properly, but still I think I should not have been granted access to the server before the private key was unlocked, right?)

Since the installation of Ubuntu 20.04 on my Lenovo Flex2 Pro 15, the time between pressing the power button and the appearance of the LENOVO logo on screen is unusually long, i.e. more than 30 seconds. The screen is completely black during this time.

Once the LENOVO logo is finally displayed, the Ubuntu logo follows shortly after and the boot sequence proceeds as expected. Not extremely fast, but ok.

This was not the case when I had Ubuntu 18.04 installed (which did not display the LENOVO logo at boot), so I'm suspecting the new logo-feature could be related to this issue.

I do have SecureBoot enabled, but I'm not sure if that's related. What I do remember is that I had SecureBoot enabled on 18.04 as well, but as said I did not have the issue of slow booting.

Also, when I hit any key (other than F2/Setup or F12/Boot menu) during the time that the screen is black, the screen remains black indefinitely and the system seems to hang.

Output of systemd-analyze blame:

5.177s plymouth-quit-wait.service                                                               
4.186s NetworkManager-wait-online.service                                                       
3.374s dev-sda2.device                                                                          
2.362s dev-loop10.device                                                                        
2.317s dev-loop8.device                                                                         
2.231s dev-loop9.device                                                                         
2.227s snapd.service                                                                            
2.216s dev-loop11.device                                                                        
2.146s dev-loop14.device                                                                        
2.111s dev-loop15.device                                                                        
2.103s dev-loop13.device                                                                        
2.074s dev-loop16.device                                                                        
2.059s dev-loop12.device                                                                        
2.047s dev-loop18.device                                                                        
2.036s dev-loop17.device                                                                        
2.033s dev-loop19.device                                                                        
2.028s dev-loop20.device                                                                        
1.916s [email protected]                                                                        
1.871s dev-loop3.device                                                                         
1.862s dev-loop2.device                                                                         
1.858s dev-loop23.device                                                                        
1.841s dev-loop25.device                                                                        
1.826s dev-loop21.device                                                                        
1.811s dev-loop26.device                                                                        
1.807s dev-loop24.device                                                                        
1.798s dev-loop22.device                                                                        
1.765s dev-loop4.device                                                                         
1.735s dev-loop5.device                                                                         
1.723s dev-loop27.device                                                                        
1.699s dev-loop1.device                                                                         
1.677s dev-loop0.device                                                                         
1.672s dev-loop7.device                                                                         
1.649s dev-loop29.device                                                                        
1.611s dev-loop6.device                                                                         
1.602s dev-loop31.device                                                                        
1.597s dev-loop28.device                                                                        
1.585s dev-loop30.device                                                                        
1.350s systemd-journal-flush.service                                                            
1.255s snap-speedy\x2dduplicate\x2dfinder-22.mount                                              
1.254s snap-speedy\x2dduplicate\x2dfinder-27.mount                                              
1.217s snap-snapd-8790.mount                                                                    
1.194s snap-warzone2100-1573.mount                                                              
1.156s snap-scrcpy-238.mount                                                                    
1.071s snap-warzone2100\x2dvideos-2.mount                                                       
1.067s snap-keepassxc-1006.mount                                                                
1.064s systemd-udevd.service                                                                    
1.052s snap-obs\x2dstudio-1090.mount                                                            
1.044s snap-scrcpy-243.mount                                                                    
1.032s snap-snapd-8542.mount                                                                    
1.010s snap-snap\x2dstore-467.mount                                                             
 986ms networkd-dispatcher.service                                                              
 972ms systemd-rfkill.service                                                                   
 875ms snap-gnome\x2d3\x2d34\x2d1804-36.mount                                                   
 863ms snap-kde\x2dframeworks\x2d5\x2dcore18-32.mount                                           
 847ms snap-signal\x2ddesktop-326.mount                                                         
 809ms snap-sweethome3d\x2dhomedesign-9.mount                                                   
 747ms snap-keepassxc-978.mount                                                                 
 746ms snap-minetest-1521.mount                                                                 
 657ms snap-minetest-1619.mount                                                                 
 628ms snap-snap\x2dstore-454.mount                                                             
 621ms udisks2.service                                                                          
 597ms snap-core18-1880.mount                                                                   
 595ms snap-obs\x2dstudio-1118.mount                                                            
 585ms snap-signal\x2ddesktop-327.mount                                                         
 564ms snap-core-9665.mount                                                                     
 559ms [email protected]                                                              
 555ms snap-gtk\x2dcommon\x2dthemes-1506.mount                                                  
 550ms snap-canonical\x2dlivepatch-95.mount                                                     
 544ms snap-intellij\x2didea\x2dcommunity-249.mount                                             
 511ms snap-core-9804.mount                                                                     
 473ms snap-gnome\x2d3\x2d28\x2d1804-128.mount                                                  
 466ms accounts-daemon.service                                                                  
 455ms systemd-logind.service                                                                   
 446ms plymouth-read-write.service                                                              
 417ms snap-intellij\x2didea\x2dcommunity-246.mount                                             
 372ms snap-core18-1885.mount                                                                   
 332ms upower.service                                                                           
 326ms NetworkManager.service                                                                   
 287ms snap-gimp-281.mount                                                                      
 287ms snap-gimp-292.mount                                                                      
 280ms snapper-boot.service                                                                     
 277ms systemd-resolved.service                                                                 
 276ms fwupd.service                                                                            
 259ms avahi-daemon.service                                                                     
 252ms bluetooth.service                                                                        
 224ms apport.service                                                                           
 223ms polkit.service                                                                           
 215ms motd-news.service                                                                        
 207ms snapd.apparmor.service                                                                   
 197ms ModemManager.service                                                                     
 195ms systemd-timesyncd.service                                                                
 193ms switcheroo-control.service                                                               
 185ms systemd-sysctl.service                                                                   
 184ms plymouth-start.service                                                                   
 180ms wpa_supplicant.service                                                                   
 179ms thermald.service                                                                         
 176ms grub-common.service                                                                      
 168ms gpu-manager.service                                                                      
 165ms rsyslog.service                                                                          
 162ms systemd-journald.service                                                                 
 160ms [email protected]                                                                        
 158ms systemd-modules-load.service                                                             
 154ms secureboot-db.service                                                                    
 150ms e2scrub_reap.service                                                                     
 147ms grub-initrd-fallback.service                                                             
 123ms colord.service                                                                           
 120ms systemd-sysusers.service                                                                 
 110ms apparmor.service                                                                         
 109ms systemd-random-seed.service                                                              
 109ms keyboard-setup.service                                                                   
 102ms systemd-fsck@dev-disk-by\x2duuid-EBBB\x2d0E8C.service                                    
  98ms home.mount                                                                               
  96ms systemd-udev-trigger.service                                                             
  91ms teamviewerd.service                                                                      
  82ms snapd.seeded.service                                                                     
  77ms systemd-tmpfiles-setup-dev.service                                                       
  77ms gdm.service                                                                              
  55ms systemd-update-utmp.service                                                              
  53ms pppd-dns.service                                                                         
  47ms kerneloops.service                                                                       
  46ms rtkit-daemon.service                                                                     
  44ms systemd-tmpfiles-setup.service                                                           
  43ms systemd-fsck@dev-disk-by\x2duuid-139a2ef0\x2d2474\x2d484d\x2dbde8\x2d192ade6e4696.service
  36ms openvpn.service                                                                          
  33ms run-rpc_pipefs.mount                                                                     
  29ms alsa-restore.service                                                                     
  28ms [email protected]                                                            
  27ms rpcbind.service                                                                          
  26ms systemd-remount-fs.service                                                               
  23ms systemd-tmpfiles-clean.service                                                           
  22ms systemd-user-sessions.service                                                            
  22ms [email protected]                                                                     
  20ms boot-efi.mount                                                                           
  19ms dev-hugepages.mount                                                                      
  19ms setvtrgb.service                                                                         
  18ms dev-mqueue.mount                                                                         
  16ms ufw.service                                                                              
  16ms sys-kernel-debug.mount                                                                   
  15ms sys-kernel-tracing.mount                                                                 
  14ms systemd-update-utmp-runlevel.service                                                     
  12ms systemd-backlight@backlight:intel_backlight.service                                      
  11ms kmod-static-nodes.service                                                                
  10ms console-setup.service                                                                    
   9ms nfs-config.service                                                                       
   5ms sys-fs-fuse-connections.mount                                                            
   3ms sys-kernel-config.mount                                                                  
   3ms swapfile.swap                                                                            
   2ms postfix.service                                                                          
   1ms snapd.socket

Output of systemd-analyze critical-chain:

The time when unit became active or started is printed after the "@" character.
The time the unit took to start is printed after the "+" character.

graphical.target @10.836s
└─multi-user.target @10.836s
  └─postfix.service @10.833s +2ms
    └─[email protected] @8.915s +1.916s
      └─network-online.target @8.912s
        └─NetworkManager-wait-online.service @4.724s +4.186s
          └─NetworkManager.service @4.396s +326ms
            └─dbus.service @4.385s
              └─basic.target @4.362s
                └─sockets.target @4.362s
                  └─snapd.socket @4.361s +1ms
                    └─sysinit.target @4.357s
                      └─snapd.apparmor.service @4.006s +207ms
                        └─apparmor.service @3.894s +110ms
                          └─local-fs.target @3.892s
                            └─run-snapd-ns-canonical\x2dlivepatch.mnt.mount @5.516s
                              └─run-snapd-ns.mount @5.048s
                                └─local-fs-pre.target @638ms
                                  └─systemd-tmpfiles-setup-dev.service @560ms +77ms
                                    └─systemd-sysusers.service @438ms +120ms
                                      └─systemd-remount-fs.service @406ms +26ms
                                        └─systemd-journald.socket @390ms
                                          └─system.slice @382ms
                                            └─-.slice @382ms

Since a week or so, Thunderbird (68.10.0, 64 bit, running on vanilla Ubuntu 20.04) keeps popping up prompts to "Add a new address book" every 10 minutes or so.

The window looks like this:

I've restarted Thunderbird, restarted my laptop... To no avail - the popups keep coming.

How do I debug this?

After having fiddled around and finally fixed my WebApps with Chromium Snap on Ubuntu 20.04, today I discovered that all my WebApps were missing from the dock and no longer available when searching for them.

The issue is related to the Snap package and the way the WebApp shortcuts are created.

When looking at the .desktop files in ~/.local/share/applications, you'll notice the Chromium binary is called for that specific Snap version for which it was created:

Exec=/snap/chromium/1123/usr/lib/chromium-browser/chrome --profile-directory=Default --app-id=<yourappid>

So in the example above, version 1123 is called. Now this works fine, until a new Chromium Snap version is released. This new version, i.e. 1143, is then installed in a new dir: /snap/chromium/1143/usr/lib/chromium-browser/chrome. Now as soon as the old version (1123) gets automatically purged, all the .desktop files break.

Just installed Ubuntu 20.04 and tried to get my favorite webapps (i.e. Google Calendar, WhatsApp Web) working again. Since Firefox removed this feature years ago, I'm now using Chromium for this. On 18.04 I could just head to my favorite website, click the hamburger menu, 'More tools', 'Create shortcut...', tag 'Open as window' and bam, the WebApp was ready.

In 20.04 on my system with the Chromium Snap however, creating a WebApp sometimes results in Chromium crashing which leaves a .desktop file that does not work. The .desktop file, which is created on the desktop, you then right-click and choose 'Allow Launching'. In most cases, this works and the webapp will get a proper icon and can be launched.

In other cases (i.e. when creating a shortcut from chrome://apps or when creating the shortcut resulted in Chromium crashing), the icon turns into a "faulty" sign:

When I double-click WhatsApp, it's opened as a 'real' app (as can be seen in the screenshot). When i double-click Google Calendar however, a new empty full Chromium window is opened. And when I double-click Trello (of which the shortcut was created from chrome://apps), a new full Chromium Window is opened (instead of an 'app'-window) but it does lead to trello.com.

I've tried to find the culprit of what's going wrong by looking at the .desktop files of all three apps, but so far I'm unable to see what could be causing this behaviour.

Furthermore, when I was trying to find out why Chromium crashed when creating the shortcut to Google Calendar, I started Chromium from the commandline: $ /snap/chromium/1123/usr/lib/chromium-browser/chrome.

To my surprise, Chromium now did NOT crash when creating the shortcut. Also, the .desktop file was now placed immediately in ~/.local/share/applications/, which was not the case in my previous attempts.

So in the end, all seems to be well and looking back I'm suspecting some old leftover cruft / bitrot perhaps being the cause of all this - I did install 20.04 using my unmodified 18.04 /home partition after all...

Which leaves me with the question if I should actually post this - I guess I will in the hopes of giving anyone else who might be running into this some options to look at.

If indeed this is something other people run into, I'd be happy to provide more info so it can be debugged.

If you're on Ubuntu 20.04 and create a webapp through Chromium Snap (via menu, 'More tools', 'Create shortcut...', tag 'Open as window', right-click the .desktop file on your desktop and choose 'Allow Launching') you will notice the app cannot be pinned to the dock (since there's no option 'Add to Favorites'). Also, the webapp will not be found when you search for it.

After using Ubuntu 16.04's Startup Disk Creator to create a live (16.04) environment on my 4GB USB drive, I'm unable to create additional partitions (tried both FAT, Ext4, primary and logical) in the remaining unused space.

The 'Disks' application throws this error when I try to create an additional partition on the drive:

Error creating partition on /dev/sdb: Command-line `parted --align optimal --script "/dev/sdb" "mkpart primary ext2 1420MiB 3488977919b"' exited with non-zero exit status 1: Warning: The driver descriptor says the physical block size is 2048 bytes, but Linux says it is 512 bytes. (udisks-error-quark, 0)

The 'cfdisk' application throws another error when trying to do the same:

Start sector 2893824 out of range.

What am I missing?

When I install the CEWE Fotobuch (rebranded as "Kruidvat fotoservice" in the Netherlands) software on my 64 bit system, the application does not start. Instead, I'm getting a 'file not found' error. But the files are there! What's going on?

I've been using KVM in combination with Virt-Manager and Remmina at a fair success up until now. The issue I need to solve now is to get audio from a virtualized Windows XP and make it audible on the Ubuntu 11.10 host.

Remmina / RDP works for 'simple' audio (system sounds and such), but when the source gets trickier (e.g. Flash audio), Remmina / RDP messes up. So I figured I'd just connect to the machine directly using Virt-Manager. Unfortunately, it seems that even though I have successfully configured the AC97 audio device on WinXP, it's unable to get it's output to the Ubuntu host. This is probably because Virt-Manager uses VNC (and AFAIK, VNC doesn't transport audio).

Does anyone know if there is a solution to fix this? I've heard of Spice, but the installation required so much voodoo last time I checked, I figured I'd let that solution boil to maturity a little longer ;)

But perhaps there are other options I haven't thought of yet (which don't require switching to VirtualBox / VMware)...

For my job I require the use of the spreedX client which allows me to share my desktop when using the Spreed web conferencing environment (www.spreed.com). In pre-Unity Ubuntu versions, this application's indicator worked perfectly. However, it doesn't play nice with Unity (it doesn't show), not even when adding the magic

gsettings set com.canonical.Unity.Panel systray-whitelist "['all']".

So I'm not entirely sure where to go from here, but I did find the (presumable) source of the client: https://github.com/andreashe/mygitsite/tree/master/spreedX.

I'm assuming that for an (experienced?) Python developer, it shouldn't be hard to fix the app by using the guidelines which I found here. Unfortunately, I'm no Python developer, let alone an experienced one :-(

But perhaps there are other solutions which I did not think about? Of course, I will contact Spreed and ask them to fix this, but if they won't (or it takes them forever) I would love to have some more options...

After installing Ubuntu 11.10 and copying my KVM images which were created on Ubuntu 11.04 over to the new system, I notice that Virt-manager says it's using QEMU and not KVM. Also when running virsh version it says Running hypervisor: QEMU 0.14.1.

However, when I run kvm-ok it says INFO: /dev/kvm exists and KVM acceleration can be used. Also, the XML file of my VM clearly states it should use KVM: <domain type='kvm'> <emulator>/usr/bin/kvm</emulator>.

Furthermore, lsmod |grep kvm shows the following (when the VM is running):

kvm_intel              61643  3
kvm                   383822  1 kvm_intel

So how do I know if KVM or QEMU is being used? And why am I getting such contradictory output of these different commands?