Found an NBase-T solution, maybe

So I’ve been very depressed over the last week, not seeing anything that looked like it would provide a good solution for my newest 1st world problem of not being able to leverage a new 5GB ethernet connection.  I finally found a provider for an NBase-T NIC that does 1GB/2.5GB/5GB/10GB connection speeds!

Of course, no good solution is truly a solution if you can’t be aggravated by the two most common issues in today’s day and age: pricing and availability.
Continue reading

Tried a new box but it was incompatible with NBase-T!

I have attempted to use a system based on a SuperMicro X10SLH-N6-ST031 motherboard, but it was confirmed only after I installed pfSense 6.20 on it that it was incompatible with the “multi-gigabit” NBase-T standard that AT&T is using for it’s copper RJ45 handoff.   It only wanted to connect at either 10G or 1G, and since I didn’t have anything in the 10G range, it stuck to 1G, which was no better than my existing VM of pfSense.    But, that was entirely my bad for not asking the seller if it was compatible, so I’ll own this failure.

Decided on getting a dedicated 10G/5G box

After all the hoops I had to jump thru to keep the network up and working while I performed maintenance on my server, it became clear that I really need to invest in a dedicated “bare metal” pfsense box.   The timing is good too because a new upgrade in the AT&T Fiber to the Home has improved my base connection from 1GB to 5GB.   So I’ll be reviewing the available tech to see what I can line-up in the next month or so.

Adventures in Server Admin (aka Installing my new HBA card)!

So the new HBA card arrived last week, but I was way too busy to deal with it then.   Plus, I like to plan things out when doing installations like this.

Anyways, I woke up earlier than expected this morning, and since my wife was still asleep, I decided that it would be a great time to get the new HBA installed and configured. I figured that should only take about 30 minutes. Little did I know, the universe had other plans.

Continue reading

G-Suite Legacy Free is expiring

I’d been hearing this in the tech news for the last couple of weeks, but had never gotten the actual e-mail warning me of this impending date.  Today as a user of G-Suite Free (Legacy), I finally received that e-mail notification.

I don’t really use the G-Suite tools at all, but it does sound like I’ll have to give-up my Google custom Domain e-mail addresses.  If so, then I’ve decided I’ll just add a new e-Mail Server VM or Container to my growing list of things to add:

  • E-Mail Server
  • WordPress
  • Infinite WP Updater

Once I get new HBA & Cables setup, I can add:

  • PLEX Multimedia Server for my music and videos.
  • Automatic Ripping Machine for ripping all of my Music CDs, Movie DVDs, and BluRays.
  • Backup Server to back up my PCs, databases, etc.
  • Blue Iris for managing and storing Video Surveillance streams
  • NextCloud Server

Got my new 2.5″ SAS drives for the server

I had placed an order a week ago for the new 2.5″ 1TB SAS drives, and today they arrived.   So looking forward to plugging these drives in and getting some larger storage pool going for the server.

As mentioned in my September posting, I’ve only just recently realized that the hardware RAID card that came with the Dell PowerEdge R610 was less useful in today’s homelab.

So, I’ll need to source a new HBA (Host Bus Adapter) card in order to leverage ZFS, but everything I’ve read since shows that I should be good to order an HBA with IT (Initiator Target) Mode and the drives I’ve selected will then automatically pass-thru to TrueNAS and be capable of using software RAID-Z.

The drives I can slot immediately, but will I play with the PERC 6/i and use a hardware-based RAID for the time being?  I don’t know.  It seems I bought these last two components in the wrong order…

SSH Error “Unprotected Private Key file” in Windows

So today I copied my private key file to a different Windows desktop machine that I use frequently, but got this error when trying to initiate a new SSH session from that desktop:

I know this should work on any number of different machines.   PUB Key goes into any Server, and the PRIV Key goes into any client machine you’ll be using to access those servers.  And my PUB Key worked fine on several different Servers, so this proves that both files themselves were fine, so the trouble had to be some kind of permission aspect.

The main error is “Unprotected Private Key”, but there was a secondary warning about how the file was “too open”.  What this means is that there are too many people, groups, or teams who have access to the file.  This supports the theory that it was a permission issue.   What I did to resolve this issue is to:

  • Locate the newly copied-over file in the SSH directory (under Users\YourUsername\.ssh), right-click on it, and pick Properties.
  • Then, click on the Security tab, then the Advanced button towards the bottom to get this screen:

  • Now, disable inherited permissions by clicking on the Disable Inherited > Convert inherited permissions
  • Now, try running your SSH command again to see if this remedied the issue.  If it didn’t, we’ll take the next step.
  • Back at the above screen, make sure your intended profile is listed as OWNER at the top.  If not, click Change and make it the appropriate username.  Try SSH again.
  • If this again doesn’t fix the issue, then go to the middle section and remove unnecessary users, one by one, until you can SSH into your box successfully.

As for myself, I only needed to disable inherited permissions.

I hope this works to assist you further in your Mobile World!

 

 

Today I Hardened some of my Servers

I have been slowly getting to know Linux commands on the Command Line Interface (CLI) over the last few months.  And today was truly a great day, as I got to “harden” some of my servers by following these steps:

  1. Turn-on Automatic Updates
  2. Add a new limited (non-root) user
  3. Setup SSH Key-pairs
  4. Modify /etc/ssh/sshd_config to
    1. lockout all passwords
    2. change to only recognize IPv4
    3. change the default SSH port
  5. Add a Firewall

I won’t be able to follow all of these steps for all Servers, because some of them require Root for other installed packages/software (like Proxmox, etc) to continue working, but I’m endeavoring to at least get all of my servers completed up to Step-3.  So, progress!

Some Updates on my future NAS project

A lot of the research I’ve been doing lately has revealed that most NAS Server Admin’s today are not using a Hardware RAID controller anymore.

Instead, they are using a Host Bus Adapter (HBA) in place of the dedicated Hardware RAID Controller Card.  This allows them to leverage their Server’s CPU to provide the computational power for a Software RAID, using a new Advanced File System called ZFS.  ZFS of course has it’s own version of RAID called RAID-Z.   I intend to use this for my main storage going forward, but I’ll have to order some new stuff, like the afore-mentioned HBA card to replace my PERC 6/i, as well as some new cables to feed the backplane as the old PERC 6/i used a different connector.

 

Also just added pfSense Router and Firewall to Proxmox

I actually added this to my Proxmox Server a couple of weeks ago, but today I finally changed the IP addresses of my ASUS RT-AC5300 primary Router to make my pfSense Router the primary Router at 192.168.1.1.  Then I demoted the ASUS role from Router to Access Point, and now pfSense is running the show!