ssh fatal: buffer_get: trying to get more bytes than in buffer

The issue

You are using ssh to login to a server with ssh key authentication and you get connection closed. On the server you are logging into the syslog shows as messages like

Oct 17 11:30:02 myserver sshd[27687]: [ID 800047 auth.crit] fatal: buffer_get: trying to get more bytes than in buffer

The fix

Check your authorized_keys file on the remote server. Use ssh-keygen -l -f  ~/.ssh/authorized_keys

ssh-keygen -l -f ~/.ssh/authorized_keys
buffer_get: trying to get more bytes than in buffer

The above shows there is at least one  key in your file that is the wrong format – usually because it is  split over several lines rather than being just one long line. (note it could be any key in the file – not the one you are using from your server ) Once you fix the key then confirm with ssh-keygen that all is well – it should return a md5 checksum.
ssh-keygen -l -f authorized_keys
md5 1024 5d:35:7e:ad:3d:e6:70:6d:6f:1d:76:1a:46:ee:c1:c9 authorized_keys

Now retry your ssh access

TSM ANS4042E one or more unrecognised characters and is not valid , Linux client

When backing up on a Linux client to TSM getting the error :-

ANS4042E Object name  contains one or more unrecognised characters and is not valid

In our case we had file names based on surnames – some of which had non english characters.

The fix was :-

export LANG=C

In our backup script.


E437: terminal capability “cm” required in Redhat or Centos 6

If you try to use vi or another curses based application in Redhat or Centos 6 and you get the error :-

E437: terminal capability “cm” required
Press ENTER or type command to continue
And your TERM type is something other than a vt100 like a dtterm then you need to install additional terminfo

The fix

yum install ncurses-term

Now ls /usr/share/terminfo/d   shows lots of entries rather than dumb


Install websm client on Linux to access HMC

Install websm client on Linux

From your Linux box copy over /usr/websm/pc_client/wsmlinuxclient.exe  from your AIX LPAR.

For Centos x86_64 I needed additional RPMs :-

yum groupinstall “GNOME Desktop Environment”     ( only needed if you don’t have X11 installed )
yum install libXmu.i386
yum install libXp.i386

Note the libs have to be the i386 version even though the Linux is x86_64

Install websm

./wsmlinuxclient.exe -console

If you accept the defaults then after teh install satrt it up :-


If it bombs out with errors like :-

java.lang.UnsatisfiedLinkError: /opt/websm/_jvm/bin/ canno
t open shared object file: No such file or directory
Then install the missing library RPM ( it needs to be the i386 version )

Setup SAMBA on Ubuntu for XBMC shares

Like a lot of people I have a central computer which stores my pictures , videos etc, and have a home theater server with XBMC in the living room. To enable XBMC to display pictures and stream videos from your central computer you can use SAMBA. These instructions are for Ubuntu but apart from the actual SAMBA package install they should work for any Linux flavor.

Install SAMBA

On your server you want to share out the media from install SAMBA

sudo apt-get install samba

Create a nice easy directory structure

To make things easy for XBMC create a directory structure with symlinks to your media directories that can be shared out. e.g. within XMBC I want to have my media split into movies , videos, music_videos , music and pictures. The real directories for these on my central server are /videos/movies , /misc/vids, /misc/music_vids , /music , /camera . So I created a top level /xbmc directory with /xbmc/movies /xbmc/videos /xbmc/music_videos /xbmc/pictures

sudo mkdir /xbmc

sudo ln -s /videos/movies /xbmc/movies
sudo ln -s /misc/vids  /xbmc/videos
sudo ln -s /misc/music_vids /xbmc/music_videos
sudo ln -s /music  /xbmc/music
sudo ln -s /camera  /xbmc/pictures

Now when I share out /xbmc everything is nicely organized.

Configure SAMBA

sudo vi /etc/samba/smb.conf

Ensure your network interfaces are in the interfaces =   line and remove the ; at the beginning of the line.

Add these lines after the interfaces line , where the IP address after is the IP address of your XBMC box assuming it has a static IP, if you are using DHCP for the XBMC server then put in the DCHP subnet e.g.

hosts allow =,
hosts deny =

Remove the ; from the line bind interfaces only = yes

If using symlinks then add this line :-

unix extensions = no

Remove the hash at the beginning of the line security = user

Search for socket and add the line


At the end of the file add :-

comment = XBMC share
path = /xbmc
read only = yes
guest ok = no
user = xbmc
follow symlinks = yes
wide links = yes

Save the file

Create a linux user with enough permissions to be able to read your media files and a shell of  /bin/false – do not create a linux password for the user – we only want the user to login via SAMBA

sudo groupadd xbmc

sudo useradd -d /xbmc -c “XBMC SAMBA user” -g xbmc -s /bin/false xbmc

sudo smbpasswd -a xbmc

Restart SAMBA

sudo /etc/init.d/smbd restart

Add the share in XBMC

Video – Add Source

Path is  smb://        ( use the IP address of your SAMBA server )

OK – it will then ask for a username and password and if you select

Living the Linux dream – installing XMBC on an Acer Revo 3700

Installing XBMC on the Acer Revo 3700

After years of waiting for the price of quiet small form factor PCs to come down to a reasonable price point the Acer Revo 3700 has appeared. I purchased one to install XBMC on. I also purchased an add on external USB DVD drive as I also wanted to replace my DVD player.

Because I wanted to use the Revo to do other things besides XBMC I decided to do a normal Ubuntu install rather than a minimum install with XBMC. I selected Ubuntu 10.04 LTS 32 bit to install.

I decided to make things easy and do the install with a wired Ethernet connection and enable wireless afterwards.

As I had an USB DVD drive I thought I would use this to do the install – big mistake it failed after the splash screen with :-

(initramfs) mount mounting /dev/loop0 on filesystem.squashfs failed: Input/Output error Cannot mount /dev/loop0 (/cdrom/casper/filesystem.squashfs on // filesystem.squashfs

Looking at the forums it appeared that boot from a USB memory stick would be a better solution. To make a bootable USB stick go here

Power on the Revo and hit DEL to enter the BIOS. Select Advance BIOS Features  – cursor down to 1st Boot Device and use the – key to select Removable Device.

F10 to save your settings and the Revo will reboot.

In spite of selecting Removable Device as the 1st boot it still booted from the hard disk – so I booted again and hit F12 to go into the boot menu then I could select the USB Flash to boot from.

Select erase and use the entire disk

Login name xbmc

Set a password and select Log in automatically

Once the installation is complete it will prompt you to reboot  – click Restart Now. Hit DEL to go into the BIOS again and select the hard disk as the 1st Boot Device . Remove the USB memory stick you booted from. Hit F10 to save and exit. It should now boot from the hard disk into Ubuntu.

Open up a terminal and do netstat -rn to check the network looks right.

Stop the screen saver from locking the screen with a password – System – Preference – Screensaver – untick lock screen when screensaver is active.

Install the Nvidia binary drivers -see here

Turn off compiz  – Preferences – Appearance – Visual Effects – None

Update manager should appear on the bottom toolbar advising that updates are available. Install the updates and once installed reboot the Revo.

Wireless network

I had a lot of problems getting the wireless network to work. First set it up in Network Manager , go to  System – Preferences – Network Connections

Select Wireless – Add  and add your wireless details.  Choose Infrastructure rather than addhoc and select the tick box to allow all users access. Reboot the Revo and if like me the wireless does not work check in /var/log/messages for failure to open a file :-

May 24 09:34:03 xbmc-desktop kernel: [   15.933794] Read file “/etc/Wireless/RT2860STA/RT2860STA.dat” failed(errCode=0)!

To fix :-

sudo mkdir -p  /etc/Wireless/RT2860STA

sudo touch /etc/Wireless/RT2860STA/RT2860STA/RT2860STA.dat

Reboot the Revo – you will be prompted for your password to start the network and now you should get a message about the wireless network has established a connection.

Now go to System – Preference – Network Connections

You will see a new connection with Last Used of now

Edit this and ensure the mode is Infrastructure , Connect automatically is ticked and available to all users is ticked. Apply the changes – it will disconnect the wireless connection. Reboot the Revo and this time you should not be prompted for a password and the wireless network should connect successfully.

I would advise you to setup a static IP address for the Revo as this will make things easy for using NFS mounts and using an Android phone app as a remote.

To setup a static IP address go to the Network Manager, select the Wireless connection 1 and add a static IP ( your router should have details of the DHCP range of IPs it gives out so select an IP address outside of this range ). Fill in the gateway ( e.g. the address of your router , the DNS servers ( either use your ISP’s one or use a public DNS service like Google’s one ). Reboot the Revo and check with netstat -rn and ifconfig -a that all is well.

Install flash and other media codecs

As this server is going to be able to play multiple video and sounds formats install the restricted extras for Ubuntu – see here

Sound over HDMI in the Revo 3700

I had lots of problems with this and there are lots of remedies posted on forums, the fix does seem to depend on what version of Ubuntu you install. To have sound over HDMI working you need X up and be connected to a HDMI display so plug your TV into the HMDI port.

Update the Alsa packages – instructions are  here – you need to reboot after updating.

After installing a newer version of ALSA you now see the Nvidia devices :-

xbmc@xbmc-desktop:~$ aplay -l
**** List of PLAYBACK Hardware Devices ****
card 0: Intel [HDA Intel], device 0: ALC662 rev1 Analog [ALC662 rev1 Analog]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 0: Intel [HDA Intel], device 1: ALC662 rev1 Digital [ALC662 rev1 Digital]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 1: NVidia [HDA NVidia], device 3: HDMI 0 [HDMI 0]
Subdevices: 0/1
Subdevice #0: subdevice #0
card 1: NVidia [HDA NVidia], device 7: HDMI 0 [HDMI 0]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 1: NVidia [HDA NVidia], device 8: HDMI 0 [HDMI 0]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 1: NVidia [HDA NVidia], device 9: HDMI 0 [HDMI 0]
Subdevices: 1/1
Subdevice #0: subdevice #0

Startup alsamixer and use F6 key to select the Nvidia card – it should look like :-

alsamixer with muted channels

You now need to unmute the channels shown as MM – use the cursor keys to navigate to the MM boxes and use the m keys to toggle them to 00 . The display should now look like :-

alsamixer with channels unmuted
alsamixer with channels unmuted

Hit ESC to exit alsamixer

To test :-

xbmc@xbmc-desktop:~$ aplay -D plughw:1,7 /usr/share/sounds/alsa/Front_Center.wav

Sound should come out of the TV.

Now you need to setup Pulse audio

sudo vi /etc/pulse/

Search for the hashed out line #load-module module-pipe-sink

Add a line :-

load-module module-alsa-sink device=plughw:1,7

Remove any local user pulse config files :-

rm -rf ~/.pulse ~/.asound* ~/.pulse-cookie

Create a new /etc/asound.conf

sudo vi /etc/asound.conf
pcm.pulse {
type pulse
ctl.pulse {
type pulse
pcm.!default {
type pulse
ctl.!default {
type pulse

Reboot the Revo and now you should be greeted by Tom-Toms when Ubuntu starts and playing a video from a website in Firefox the sound will now come out of the TV. Don’t worry about the slow performance playing a Video in Firefox – the fixes are later in this guide.

Install XBMC

instructions are here

Ensure you install NVidia hardware acceleration (VDPAU)  in the above instructions.

Open a terminal and type xbmc to start it up. Go to System – Settings and configure :-

Audio Output

Audio output              HDMI
Speaker configuration      2.0
Boost volume level on downmix
Audio output device         Defaults
Passthrough output device      hdmi

Video Playback

Render method           Auto detect
Allow hardware acceleration (VDPAU)
Adjust display refresh rate to match video
Sync playback to display
A/V sync method                 video clock (drop/dupe audio)
VDPAU studio level color conversion

Power saving

Shutdown function       shutdown

Weather – General  change area code 1 – set it to your local city

Speedup video playback

Ensure you installed NVidia hardware acceleration (VDPAU) when you did the XBMC install above. To allow flash videos ( like Youtube ) to run in full screen you need a version of flash that supports hardware acceleration – this currently means getting a beta version. The easiest way is to install Flash Aid Firefox plugin , once installed click on the Flash Aid symbol in the top right hand corner of Firefox and just let the wizard install the best version of flash for the hardware.  I did notice that Youtube videos played faster in the XBMC plugin than in Firefox which is fine as the XBMC plugin is nice to use.

If you are in the UK then install the BBC Iplayer XBMC plugin – follow the instructions here . The XBMC BBC  Iplayer plugin plays  programs much better full screen than in Firefox.

Remote Control

As I have an Android phone I looked for a remote app for XBMC and downloaded the official XBMC app

On the Revo start up XBMC and go to System – Network . enable Allow control of XBMC via HTTP , Allow programs on other systems to control XBMC, set a user name and password. Then go to System – Settings – Input Devices and enable Remote control sends keyboard presses.

Assuming you already have your Android phone setup so it is connected to your WIFI :-

Download the XBMC Android app, Once downloaded press menu and fill in the IP address of the Revo , username and password you setup in XBMC above ( not the Linux username / password ) , tick WIFI only. press the back button and OK the settings. Now you should be able to control XBMC from your phone.

setup XBMC to autostart

To setup XBMC to autostart but still have the Gnome desktop available if you click exit rather than shutdown in XBMC  :-

System – Preferences – Startup Applications. Click add and fill in name: xbmc , Command: xbmc  , Comment xbmc

Now when the Revo boots it will run xbmc but you still have the option to exit to the desktop by selecting exit in XBMC or to shutdown the Revo by selecting shutdown in XBMC

Sound no longer works after updates that include a new kernel

If you install updates ( security fixes etc. ) and it includes a new kernel the HDMI sound won’t work and XBMC will say cannot open audio device.

Update the alsa packages as above, make a copy of your /etc/asound.conf , create a new /etc/asound.conf  :-

pcm.!default {
type plug
slave.pcm “dmix:0,3”

If you don’t do this then you will get an error when starting alsamixer after the reboot ALSA lib pulse.c:229:(pulse_connect) PulseAudio: Unable to connect: Connection refused cannot open mixer: Connection refused

rm -rf ~/.pulse ~/.asound* ~/.pulse-cookie

Now reboot and check aplay -l sees the Nvidia sound card as in the install instructions above.

Startup alsamixer and unmute the channels as in the install instructions

Copy back your original /etc/asound.conf , reboot and your sound should be back.

Installing Citrix client on Linux

I need to use Citrix for remote support and I want to use my normal Linux desktop to do it.

Access to Citrix is via XenApp ( used to be called MetaFrame ) hosted on your companies web site and accessed via a browser.

For the current version of the Citrix client on 64bit Ubuntu you also needs lots of 32bit libraries so if you have not already installed the 32 bit multiarch then

sudo dpkg --add-architecture i386
sudo apt-get update

Now download the Linux client. Go to , downloads , Download receiver.  Open up the question “Where can I download Citrix Receiver on other platforms and devices” and select Linux, Debian Packages , Full Package ( Self support ). Receiver for Linx ( X86_64 )

In Ubuntu firefox will ask what you want to do with the file – select the default which is to open with GDebi Package Installer. The package installer will then start up and click on Install Package.

The installer incorrectly configures the Firefox plugin to run via nspluginwrapper rather than native 64bit. To correct this :-

sudo rm -f /usr/lib/mozilla/plugins/ /usr/lib/firefox/plugins/
sudo rm -f /usr/lib/mozilla/plugins/
sudo ln -s /opt/Citrix/ICAClient/ /usr/lib/mozilla/plugins/
sudo ln -s /opt/Citrix/ICAClient/ /usr/lib/firefox-addons/plugins/

Setup firefox so it always activates the plugin. Open up firefox , Tools – Add_ons – Plugins. Ensure that the “Citrix Receiver for Linux” is set for always activate

Use Firefox to go to your companies Citrix site , login in and access a Citrix service – the Citrix Receiver will startup on your desktop but you will often get an error such as

You have not chosen to trust “/C=US/ST=/L=/0=Equifax Secure Certificate Authority/CN=”, the issuer of the server’s security certificate (SSL error 61).

Citrix certicate error

The error is caused by the Citrix client not having the required certificate. You can download the root certificate from the authority – see below – or it is often worth trying to copy over the certificates Firefox has as it has many of the common ones.

sudo ln -s /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/

sudo c_rehash /opt/Citrix/ICAClient/keystore/cacert

Citrix should now work just fine.

If you really do need to install the root certificate then go to the certificate authority’s ( the one mentioned in the error message – i.e. Equifax ) website and download the root certificate

For the Equifax one above go to and download  Equifax_Secure_Certificate_Authority_DER.cer

For VeriSign Class 3 :-

You have not chosen to trust “VeriSign Class 3 Public Primary Certification Authority – G5”, the issuer of the server’s security certificate (SSL error 61).



To get the VeriSign G5 cert save the PCA-3G5.pem to your home directory – rename it to PCA-3G5.crt

Copy the certificate to opt/Citrix/ICAClient/keystore/cacerts/  using sudo and rename it to .crt from .cer or .pem

Prevent Citrix from using the whole screen

On Ubuntu I had a problem where I could not minimise the Citrix window or get back to the desktop.

The following changes in ~/.ICAClient/wfclient.ini     solved the problem



Now the Citrix window does not come up full screen

Problem with Control key sticking

I had an issue with the control key sticking in a Citrix session. i.e. if I used ^D to log out of a putty session then all my following keystrokes are prefixed by the control key ! The only way around it was to logout of Citrix and log back it. Citrix has fixed this in later versions so upgrade to the latest version ( you need to do the nspluginwarapper fix above after you upgrade otherwise the Citrix plugin will not launch )


Yum hangs when checking updates with epel repo

Redhat 5

In /var/log/mesages lots of :-

May 20 09:50:01 Server1 : error getting update info: Cannot retrieve repository metadata (repomd.xml) for repository: epel. Please verify its path and try again

If I run yum -d 9 check-update it hangs at Setting up Package Sacks

Found out that another admin had added epel.repo in /etc/yum.repos.d

As we use a proxy to connect to Redhat it appears there is a feature that if you add repos then you need to update /etc/yum.conf  yum will not pick up the proxy settings from /etc/sysconfig/rhn/up2date

Adding proxy=  to /etc/yum.conf soleved the problem.

Checking when a SSL/TLS certificate for an email server expires

Check if the SSL/TLS certificate for SMTP email has expired on the local server

echo ‘”‘ | openssl s_client -connect localhost:25 -starttls smtp > /var/tmp/jik

depth=0 /C=GB/ST=Hampshire/L=Farnborough/O=Tuqix/
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=GB/ST=Hampshire/L=Farnborough/O=Tuqix/
verify error:num=10:certificate has expired
notAfter=Feb  9 16:03:39 2010 GMT
verify return:1
depth=0 /C=GB/ST=Hampshire/L=Farnborough/O=Tuqix/
notAfter=Feb  9 16:03:39 2010 GMT
verify return:1
250 DSN
–  As you can see it has! After making a new one with genken –days 1825  and restarting dovecot ; service dovecot restart:-
-bash-3.2# echo ‘”‘ | openssl s_client -connect localhost:25 -starttls smtp > /var/tmp/jik
depth=0 /C=GB/ST=Hampshire/L=Farnborough/O=Tuqix/
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=GB/ST=Hampshire/L=Farnborough/O=Tuqix/
verify return:1
250 DSN