Category: CentOS

SSH no hostkey alg
When connecting to an Ubuntu 24.04 server from CentOS 6 server, i got error “no hostkey alg”
```
root@server12:~# ssh [email protected]
no hostkey alg
root@server12:~#
```
To fix this error, edit /etc/ssh/sshd_config on Ubuntu server and add followng to end of the file
```
HostKeyAlgorithms +ssh-rsa,ssh-dss
PubkeyAcceptedKeyTypes +ssh-rsa,ssh-dss
```
Restart ssh service on Ubuntu
```
systemctl restart ssh
```
Now you should be able to connect to Ubuntu server from CentOS 6 using SSH. If you are using ssh key auth, use RSA key, newer keys like ed25519 won’t work and result in following error message
```
root@server12:~# ssh [email protected]
key_from_blob: remaining bytes in key blob 36
key_to_blob: unsupported key type 11
Permission denied (publickey).
root@server12:~# 
```
Once the ile transfer is done, edit /etc/ssh/sshd_config on ubuntu server and remove the older (less secure) algorithms.

Back to ssh
November 22, 2024
CentOS 7 yum update HTTP Error 404: Not found
If you’re still running CentOS 7 on your systems, you may have recently encountered errors when trying to run `yum update`.
```
http://mirror.centos.org/centos/7/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
```
This error occurs because CentOS 7 reached its end-of-life (EOL) on June 30, 2024. As a result, the main CentOS mirrors no longer host packages for this version.

CentOS maintains an archive of older repositories at vault.centos.org. To fix the YUM update errors, we need to point our system to these archive repositories. You can do this using sed command. First take a backup of your current yum.repo.d folder.
```
cd /etc/
tar -cvf yum-backup.tar yum.repos.d
```
Do a search and replace with sed command
```
sed -i 's/mirror\.centos\.org/vault.centos.org/g' /etc/yum.repos.d/*
```
If your repo files are modified by server provider, above command may not fix it as repo urls are pointing to local repository provided by data center. In that case, you can edit file manually and use following config
```
vi /etc/yum.repos.d/CentOS-Base.repo
```
In the file, add following content
```
[base]
name=CentOS-7 - Base
baseurl=https://vault.centos.org/7.9.2009/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

[updates]
name=CentOS-7 - Updates
baseurl=https://vault.centos.org/7.9.2009/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

[extras]
name=CentOS-7 - Extras
baseurl=https://vault.centos.org/7.9.2009/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

[centosplus]
name=CentOS-7 - Plus
baseurl=https://vault.centos.org/7.9.2009/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
```
Clear the YUM cache and regenerate it:
```
yum clean all
yum makecache
```
Now “yum update” command should work.
```
yum update
```
Keep using CentOS 7 is insecure. You should upgrade to RHEL 8 based OS like AlmaLinux 8 or RockyLinux to keep your server secure.

Back to CentOS
July 2, 2024

OVH CentOS 7 server grub rescue prompt

On an OVH Cpanel server running CentOS 7, the server won’t boot. When accessing the server console using IPMI, I found the following error.

I booted the server into rescue mode, checked the disk partitions with the command parted -l

Disk /dev/nvme0n1: 450GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags: 

Number  Start   End     Size    File system     Name     Flags
 1      1049kB  537MB   536MB   fat32           primary  boot, esp
 2      537MB   1073MB  536MB   ext4            primary  raid
 3      1073MB  53.5GB  52.4GB  ext4            primary  raid
 4      53.5GB  450GB   396GB   ext4            primary  raid
 5      450GB   450GB   536MB   linux-swap(v1)  primary


Disk /dev/nvme1n1: 450GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags: 

Number  Start   End     Size    File system     Name     Flags
 1      1049kB  537MB   536MB   fat32           primary  boot, esp
 2      537MB   1073MB  536MB   ext4            primary  raid
 3      1073MB  53.5GB  52.4GB  ext4            primary  raid
 4      53.5GB  450GB   396GB   ext4            primary  raid
 5      450GB   450GB   536MB   linux-swap(v1)  primary

The server had 2 NVMe disks configured as RAID 1 mirrors. The first partition with fat32 filesystem is used for boot.

To fix the problem, I chrooted to the server file system with the following command (this may be changed based on your server’s partition scheme).

mount /dev/md3 /mnt
mount /dev/md2 /mnt/boot/
mount /dev/md4 /mnt/home
mount --bind /dev /mnt/dev
mount --bind /sys /mnt/sys
mount --bind /proc /mnt/proc
mount --bind /dev/pts /mnt/dev/pts/
chroot /mnt

Reinstalled the kernel with

yum reinstall kernel

Then reinstalled grub loader. This server used UEFI, so used following commands

mkdir /nvme0n1p1
mkdir /nvme1n1p1
mount /dev/nvme0n1p1 /nvme0n1p1
mount /dev/nvme1n1p1 /nvme1n1p1
grub2-install --target=x86_64-efi --efi-directory=/nvme0n1p1 --bootloader-id=GRUB
grub2-install --target=x86_64-efi --efi-directory=/nvme1n1p1 --bootloader-id=GRUB

grub boot loaded is installed on both disks, so server will be able to boot when either one of the disk is selected as boot device.

Back to grub

January 4, 2023

access denied: tty ‘tty1’ is not secure

On a CentOS 7 server, when login as user root on the console, login fails. If I log in as a normal user, then I am able to switch to user root with the command “su – root”.

On checking /var/log/secure, I found the following error.

Nov 10 03:44:42 localhost login: pam_securetty(login:auth): access denied: tty 'tty1' is not secure !
Nov 10 03:44:45 localhost login: pam_succeed_if(login:auth): requirement "uid >= 1000" not met by user "root"
Nov 10 03:44:47 localhost login: FAILED LOGIN 1 FROM tty1 FOR root, Authentication failure

To fix the error, edit the file

vi /etc/securetty

In the file, add

tty1

On CentOS 7 server, the contents of the file are

[root@localhost ~]# cat /etc/securetty 
console
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
ttyS0
ttysclp0
sclp_line0
3270/tty1
hvc0
hvc1
hvc2
hvc3
hvc4
hvc5
hvc6
hvc7
hvsi0
hvsi1
hvsi2
xvc0
[root@localhost ~]#

Permission for the file is 600, in case you have the wrong permission, change it with

chmod 600 /etc/securetty

Back to CentOS 7

November 10, 2022

How to install cwebp on CentOS 7
cwebp is a command line program used to convert images into webp format.

To install cwebp on CentOS 7, run
```
sudo yum -y install libwebp-tools
```
WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently.

To see files in this package, run the command “rpm -q –filesbypkg libwebp-tools”
```
[root@ns540127 ~]# rpm -q --filesbypkg libwebp-tools
libwebp-tools             /usr/bin/cwebp
libwebp-tools             /usr/bin/dwebp
libwebp-tools             /usr/bin/gif2webp
libwebp-tools             /usr/bin/webpmux
libwebp-tools             /usr/share/man/man1/cwebp.1.gz
libwebp-tools             /usr/share/man/man1/dwebp.1.gz
libwebp-tools             /usr/share/man/man1/gif2webp.1.gz
libwebp-tools             /usr/share/man/man1/webpmux.1.gz
[root@ns540127 ~]# 
```
Back to CentOS 7
November 8, 2022
How to reset CentOS 7 root password using console
If you have lost the root password of your CentOS 7 system and have access to the console directly or using KVM, you can reset the password following the instructions below.

1) Reboot the server, you will see the grub menu.

2) Press “e” to edit. You will see the edit screen as shown below.

3) Find the line starting with linux16
```
linux16 /boot/vmlinuz-3.10.0-1160.76.1.el7.x86_64 root=UUID=1c419d6c-5064-4a2b-953c-05b2c67edb15 ro no_timer_check console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 elevator=noop crashkernel=auto LANG=en_US.UTF-8
```
In the fine, find
```
ro
```
Delete everything after that and replace with “rd.break”, so the line looks like the following
```
linux16 /boot/vmlinuz-3.10.0-1160.76.1.el7.x86_64 root=UUID=1c419d6c-5064-4a2b-953c-05b2c67edb15 ro rd.break
```
4) Boot the system to the emergency mode by pressing CTRL + X, you will get a prompt like the following

5) Mount /sysroot in read-write mode. and chroot to the file system
```
mount -o remount,rw /sysroot
chroot /sysroot
```
6) Reset the root password with passwd command
```
passwd
```
7) SELinux won’t allow modifying system files like /etc/shadow, to allow the change, create a file
```
touch /.autorelabel
```
7) Now reboot the system by typing the “exit” command two times
```
exit
exit
```
After rebooting, you will be able to log in to the system with the new root password.

Back to CentOS 7
November 8, 2022

CentOS Error checking for OpenSSL library … not found

When installing Nginx from source on a CentOS 7 server, I got the following error

checking for OpenSSL library ... not found
checking for OpenSSL library in /usr/local/ ... not found
checking for OpenSSL library in /usr/pkg/ ... not found
checking for OpenSSL library in /opt/local/ ... not found

To fix the error, install openssl-devel package with the command

yum install openssl-devel -y

Back to Errors

September 21, 2022

CentOS 8 Error: Failed to download metadata for repo ‘appstream’
When updating packages on CentOS 8 server, I got the following error
```
[root@instance-20220409-2340 ~]# dnf update
Failed loading plugin "osmsplugin": No module named 'librepo'
CentOS Linux 8 - AppStream                                                                                                                                                  51  B/s |  38  B     00:00    
Error: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: No URLs in mirrorlist
[root@instance-20220409-2340 ~]# 
```
This is because CentOS 8 have reached its End of life.

To fix the dnf error, you can change the repository baseurl to vault.centos.org
```
sed -i -e "s|mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-*
sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-*
```
You may need to convert CentOS 8 to one of the supported Linux distributions.

Convert CentOS 8 to CentOS 8 Stream

To convert CentOS 8 to CentOS 8 Stream, run
```
dnf --disablerepo '*' --enablerepo=extras swap centos-linux-repos centos-stream-repos
dnf distro-sync
```
Convert CentOS 8 to AlmaLinux 8

AlmaLinux is RHEL 8 based (same as CentOS 8) Linux operating system. They provide easy way to convert CentOS 8 server to AlmaLinux.

How to Migrate CentOS 8 to AlmaLinux

Convert CentOS 8 to Rocky Linux 8

Rocky Linux is an open-source enterprise operating system designed to be 100% bug-for-bug compatible with Red Hat Enterprise Linux.

How to Convert CentOS 8 to Rocky Linux

Convert CentOS 8 to Oracle Linux 8

Oracle Linux 8 is free and open source, based on RHEL 8

https://docs.oracle.com/en/learn/switch_centos8_linux8/index.html

Convert CentOS 8 to RHEL 8

RedHat provides Convert2RHEL script to convert CentOS 8 to RHEL 8. RHEL is now FREE for production up to 16 servers.

https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/migration-process/convert2rhel-how-to-convert-from-centos-linux-to-red-hat-enterprise-linux

See CentOS 8
April 11, 2022
How to install MySQL 5.7 on CentOS 7 Server
To install MySQL 5.7 on CentOS 7 server, install the repository
```
rpm -ivh http://repo.mysql.com/mysql57-community-release-el7.rpm
```
import MySQL GPG key with
```
rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
```
Install MySQL with the command
```
yum install mysql-community-server.x86_64
```
Enable MySQL to start on boot
```
systemctl enable mysqld
```
Start MySQL with
```
systemctl start mysqld
```
Find the initial MySQL password with the command
```
grep 'password' /var/log/mysqld.log
```
This initial password is expired, you should change this password before you can start using MySQL server.

To set MySQL password and secure MySQL server, run the command
```
mysql_secure_installation
```
April 4, 2022

How to Install Supervisord on CentOS 7

Supervisor is a program used to monitor and control programs. It can auto startup application on server boot time, and restart if the application fails.

http://supervisord.org

To install supervisors on CentOS 7, first, enable epel repository.

yum install -y epel-release

Once EPEL repository is enabled, you can install supervisors with the yum command

yum install -y supervisor

Enable supervisord to start on boot, run

systemctl enable supervisord

Start supervisord

systemctl start supervisord

To start a python application on boot time, I created file

vi /etc/supervisord.d/telegram-bot.ini

With the following content

[program:telegram_bot]
command=/root/bots/telegram_bot/bot.py
directory=/root/bots/telegram_bot
;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
numprocs=1
autostart=true
autorestart=true
stdout_logfile=/var/log/telegram-bot.log
stdout_logfile_maxbytes=1MB
stdout_logfile_backups=10
stdout_capture_maxbytes=1MB
stdout_events_enabled=false
stderr_logfile=/var/log/telegram-bot-error.log
stderr_logfile_maxbytes=1MB
stderr_logfile_backups=10
stderr_capture_maxbytes=1MB
stderr_events_enabled=false

Started application with

supervisorctl reload

See supervisord

February 16, 2022

Install Tomcat on CentOS 7

Apache Tomcat is an open source implementation of the Java Servlet and Java Server Pages. To install Apache Tomcat on CentOS 7, run

yum install tomcat

To enable tomcat start on boot

systemctl enable tomcat

You can manage tomcat with

systemctl stop tomcat
systemctl start tomcat
systemctl status tomcat
systemctl restart tomcat

To see the ports used by tomcat

[root@tomcat ~]# netstat -lntp| grep java
tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN      31423/java          
tcp6       0      0 :::8009                 :::*                    LISTEN      31423/java          
tcp6       0      0 :::8080                 :::*                    LISTEN      31423/java          
[root@tomcat ~]#

webapps are stored in the directory

/var/lib/tomcat/webapps

Create the default page with

mkdir /var/lib/tomcat/webapps/ROOT
echo "Hello Cat" > /var/lib/tomcat/webapps/ROOT/index.html

Tomcat web server can be accessed using

http://your-server-ip:8080

To open 8080 port on the firewall, use commands

firewall-cmd --permanent --zone=public --add-port=8080/tcp
firewall-cmd --reload

Tomcat configurations are available in the directory.

/etc/tomcat/

Install tomcat Manager

To install the Tomcat manager GUI application, run

yum install tomcat-admin-webapps.noarch -y

To create user, edit file

vi /etc/tomcat/tomcat-users.xml

Inside ““, add

USER_NAME_HERE and PW_HERE – replace with the username and password you need.

Restart tomcat to activate Tomcat Manager GUI.

systemctl restart tomcat

To access GUI, go to

http://your-server-ip-here:8080/manager/

November 2, 2021

Install Caddy Webserver on CentOS 7
To install Caddy Webserver on CentOS 7, run
```
yum install yum-plugin-copr
yum copr enable @caddy/caddy
yum install caddy
```
Enable caddy start on boot
```
systemctl enable caddy
```
To start caddy, run
```
systemctl start caddy
```
Caddy configuration file available at
```
/etc/caddy/Caddyfile
```
See Caddy
July 10, 2021

Category: CentOS

Convert CentOS 8 to CentOS 8 Stream

Convert CentOS 8 to AlmaLinux 8

Convert CentOS 8 to Rocky Linux 8

Convert CentOS 8 to Oracle Linux 8

Convert CentOS 8 to RHEL 8

Install tomcat Manager