Diogo Ferreira

How to hide the libvirt-qemu user from the login screen on Linux Mint 19.1

This is a simple tip on how to hide the libvirt-qemu user from your login screen.


If you installed the KVM package using apt on your Linux Mint 19.1 you may notice that a new user shows up on your login screen (at least if you’re using Cinnamon DE with LightDM).

You can hide it by running the following commands:

$ printf "[User]\nSystemAccount=true\n" | sudo tee /var/lib/AccountsService/users/libvirt-qemu
$ sudo systemctl restart accounts-daemon.service

After logging out that user should be gone from your login screen.

OpenSSL cheat sheet

This OpenSSL cheat sheet was originally found on bitrot.sh. Since the site appears to be gone, and I had this saved, I’m leaving it here for future reference.

Generating Certificates

Generate RSA Private Key + CSR

openssl req -out newkey.csr -new -newkey rsa:[bits] -nodes -keyout priv.key

Generate Self Signed Certificate + Priv Key

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:[bits] -keyout priv.key -out cert.crt

Generate CSR for existing Cert

openssl x509 -x509toreq -in cert.crt -out newreq.csr -signkey priv.key

Generate CSR for Existing Key

openssl req -out oldkey.csr -key priv.key -new

Create a CA

openssl req -new -x509 -extensions v3_ca -keyout ca.key -out ca.crt -days [days valid]

Generate Diffie-Hellman Keys

openssl dhparam -out dhparam.pem [bits]

Examining Certificates

Examine a CSR

openssl req -text -noout -verify -in oldreq.csr

Examine a Private Key

openssl rsa -in priv.key -check

Examine a Certificate

openssl x509 -in cert.crt -text -noout

Examine PKCS files

openssl pkcs12 -info -in key.pfx

Converting Formats

PEM to DER

openssl x509 -outform der -in cert.pem -out cert.der

DER to PEM

openssl x509 -inform der -in cert.cer -out cert.pem

PKCS to PEM

openssl pkcs12 -in key.pfx -out key.pem -nodes

PEM to PKCS

openssl pkcs12 -export -out cert.pfx -inkey priv.key -in cert.crt -certfile ca.crt

Encryption and Decryption

List Encryption Schemes

openssl enc -h

Advanced Encryption Standard CBC Mode

Encrypt

openssl aes-256-cbc -salt -in priv.txt -out priv.txt.enc

Decrypt

openssl aes-256-cbc -d -in priv.txt.enc -out priv.txt.new

AES CBC Output as Base64 File

Encrypt

openssl aes-256-cbc -a -salt -in priv.txt -out priv.txt.enc

Decrypt

openssl aes-256-cbc -a -d -in priv.txt.enc -out priv.txt.new

Check Remote Certificates

HTTPS Server

openssl s_client -showcerts -connect www.example.com:443

IMAP Server

openssl s_client -showcerts -starttls imap -connect mail.eample.com:139

XMPP Server

openssl s_client -showcerts -starttls xmpp -connect chat.example.com:5222

Present Client Certificate

openssl s_client -showcerts -cert cert.crt -key cert.key -connect www.example.com:443

Verify Certificates

Verify Certificate with CA Certificate

openssl verify -verbose -CAFile ca.crt cert.crt

Verify Private Key Matches Certificate

openssl x509 -modulus -noout -in cert.crt | openssl md5openssl rsa -modulus -noout -in priv.key | openssl md5

All credits of this OpenSSL cheat sheet go to the original author.

Convert SSH key from PuTTY to OpenSSH


Recently I’ve had to migrate an SSH key that was generated on a Windows 10 machine to a Debian workstation. The instructions on how to convert an SSH key generated on PuTTY to OpenSSH are as simple as:

sudo apt install putty-tools
puttygen your-windows-10-private-key.ppk -O private-openssh -o your-openssh-private-key-name

And that’s it! This will get your private key on a format that openssh will recognize.
To check your public key just run:

puttygen your-windows-10-public-key -L

Put it wherever you like!

Use virt-manager without root password on Debian 9


After installing virt-manager on Debian 9 you’ll notice that every time you try to open it it will ask for your root password.
In order to avoid that you’ll just need to add your user to the libvirt group:

sudo usermod -aG libvirt dferreira

Logout and login again. You can now open virt-manager without your root password.

Fix "dig: command not found" on Debian 9


A default Debian 9 installation doesn’t have the dig command available. If you try to use it:

dig +short example.com

You’ll be greeted with this error:

bash: dig: command not found

The solution for this is simple:

sudo apt install dnsutils

And it’s done!

dig +short example.com
93.184.216.34