cryptsetup “No key available with this passphrase.” even though you are 100% certain its the right key (Debian Buster)

Something I stumbled upon today. I tried to unlock a LUKS container and was 100% certain that the passphrase is correct. Still, cryptsetup would not unlock the container:

# cryptsetup luksOpen /container_file container
Enter passphrase for /container_file: 
No key available with this passphrase.

Digging around, references can be found to either a problem with the character encoding of the shell or to a bug with cryptsetup and Samsung EVO SSDs with certain older 5.1 kernels. None of these were the case.

After some trial and error, I upgraded the cryptsetup packages from 2:2.1.0-5+deb10u2 (from buster/main repo) to 2:2.3.5-1~bpo10+1 (buster-backports/main repo). Suddenly the container would unlock.

I think most of the time people either get their passphrase wrong or their header was corrupted somehow, but in this case: Some bug in cryptsetup. (Not reported yet, no existing report found yet.)

Sync time on Linux via GSM

The RaspberryPi and many similar single-board computers do not have an RTC or “Real Time Clock” and without internet connectivity cannot retain their time setting. Therefore most RaspberryPi Linux-distributions employ NTP to sync the time right after boot. If you are not able to use an internet connection and therefore no NTP, but have a GSM modem or phone and a valid sim card at hand, this guide may be suitable for your needs.

Continue reading Sync time on Linux via GSM

Securing the RabbitMQ Management Console with SSL before version 3.7.10

This article was previously posted on gettingcirrius.com, a blog of Richard Clayton, who released it under Attribution 3.0 Unported (CC-BY 3.0). His old blog recently went offline, therefore I am reposting this useful how-to on setting up SSL for the RabbitMQ management console.

This is an article in the RabbitMQ Configuration and Management Series.  For more articles like this, please visit the series’ index.

Continue reading Securing the RabbitMQ Management Console with SSL before version 3.7.10

Change Plesk spam-settings in bulk

Since Plesk per default uses the static userdb-driver of Dovecot, it may seem difficult to easily iterate through all mailboxes on the server, for example in order to change the spam-settings of all mailboxes on the systems at once while keeping the “individual settings per-mailbox” functionality enabled.

The following one-liner may be helpful in such case:

while read domain; do (while read user; do plesk bin spamassassin --update $user@$domain -status true -personal-conf true -action move -hits 6; done < <(ls -1 /var/qmail/mailnames/$domain)); done < <(ls -1 /var/qmail/mailnames/)

In this case, the domains and mailboxes are placed in/var/qmail due to a previous upgrade from qmail to Dovecot. If the directory in your case differs, make sure to change it in the one-liner, too.