Enable root login via SSH on Linux/Unix systems

Most Linux/Unix systems have root login disabled by default.

It is a huge security risk to allow root login via SSH, so if for some particular reason you need root login via SSH, enable it temporarily to perform need tasks, then disable it right away to secure your system.

FreeNAS:

  • go to Services -> SSH config
  • enable Login as Root with password
  • OK to save

Linux/FreeBSD:

  • edit the /etc/ssh/sshd_config file
    • $ sudo nano /etc/ssh/sshd_config
  • set PermitRootLogin yes
  • restart sshd
    • $ systemctl restart sshd

For more information on sshd_config settings read the man page.

Java error: Unsigned application requesting unrestricted access to sytem

Starting with Java version 8 Update 131, Oracle decided to treat applications that are signed with the MD5withRSA or MD5withDSA algorithms as unsigned, therefore JNLP (Java Network Launch Protocol) with not run them.

When I try to access one of my Dell servers via the iDRAC interface, I get this error:

The reason for this is that the application was signed with a weak cryptographic algorithm (such as MD5witRSA ) and Java will not run the application due to security reasons since it sees it as unsigned.

To allow applications signed with a weak cryptographic algorithm to run, you need to disable jdk.jar.disabledAlgorithms property in the Java master security properties file, called java.security. Do this at your own risk!

The java.security file is located in C:\Program Files\Java\jre1.8.0_171\lib\security folder for the 64-bit systems and C:\Program Files (x86)\Java\jre1.8.0_171\lib\security folder for the 32-bit systems.

To edit the java.security file you must Run as administrator your favorite text editor, then open the file. Comment out the jdk.jar.disabledAlgorithms property and save the file.

Restart your browser and connect again. This time, the JNLP should run the application.

Obtaining a SSL Certificate via LetsEncrypt.org on FreeBSD

This tutorial assumes you have successfully installed the following:

  • FreeBSD system
  • Apache server
  • certbot client
  • you have sudo privileges from the command line

To obtain a SSL certificate via the webroot method or to renew a specific web domain:

$ sudo certbot certonly --webroot -w /full/path/to/site/directory -d yourdomain.com -d www.yourdomain.com

To test** automatic renewal for all certificates:

$ sudo certbot renew --dry-run

**Testing will NOT renew your certificates!

To renew ALL certificates:

$ sudo certbot renew

To check the status of all your certificates:

$ sudo certbot certificates

After renewing any certificates, remember to gracefully restart the Apache server:

$ sudo apachectl graceful