Archy's Blog

I prefer to use the respective config files for services in order to configure them. An example here is ssh where if you configure for example Ciphers, KexAlgorithms, and MACs in the sshd_config it most likely won't take effect. RHEL8 has switched to system-wide crypto policies which also affect sshd.  To make sshd ignore the crypto policies, uncomment the 'CRYPO_POLICY=' line in /etc/sysconfig/sshd: [archy@server ~]$ sudo sed -i 's/^#\ CRYPTO_POLICY=/CRYPTO_POLICY=/g' /etc/sysconfig/sshd Restart sshd: [archy@server ~]$ sudo systemctl restart sshd.service Check with nmap to see if the settings have been applied: [archy@server ~]$ nmap -sV -Pn -p 22 -open -script ssh2-enum-algos 127.0.0.1 Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-26 19:40 CET Nmap scan report for 127.0.0.1 Host is up (0.00096s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.0 (protocol 2.0) | ssh2-enum-algos: | kex_algorithms: (1) | curv...

Creating a floating IP between 2 hosts is very handy when dealing with High Availability in dependency of one or more services. I'll use a floating IP between 2 IPA Servers in Order to create an HA-DNS Endpoint so that servers can be upgraded independently. Here's a short description: ipa01.archyslife.lan:   - ip: 172.31.10.5   - service: named-pkcs11   - keepalived-state: MASTER ipa02.archyslife.lan   - ip: 172.31.10.6   - service: named-pkcs11   - keepalived-state: BACKUP First of all, install the 'keepalived' package on all servers: [archy@ipa01 ~]$ sudo yum -y install keepalived [archy@ipa02 ~]$ sudo yum -y install keepalived Now, create the configuration for the main Instance first: [archy@ipa01 ~]$ sudo vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { admins@archyslife.lan } notification_email_from root@ipa01.archyslife.lan smtp_server 127.0.0.1 smtp...