fan speed control/monitor

Install the lm-sensors Install lm-sensors and fancontrol Install fancontrol packages.
# Configure lm-sensors; respond with yes for everything below (will modify /etc/modules):
sudo sensors-detect
# Monitoring programs won't work until the needed modules are
# loaded. You may want to run '/etc/init.d/kmod start' to load them.
/etc/init.d/kmod start
# Configure fancontrol
sudo pwmconfig
# Set up fancontrol service
sudo service fancontrol start
# show sensors command line

/var/mail && thunderbird


Create the account
Thunderbird -> Edit -> Account settings -> Account Action -> Add Another Account -> Unix Mailspool (Movemail)
Your Name: adr (mailspool)
Email Address: adr@localhost
Browse your mails
Open Thunderbird then press Get Messages button; you can now see the messages from /var/mail/adr.

See your mails in console
cat /var/mail/adr

Redirect cron mails to you
When running cron jobs with other user (e.g. root) configure MAILTO****@adr-desktop to received a cron-status.

command for sending a mail to adr@localhost
/usr/bin/printf "%b" "***** your mail body here *****" | /usr/bin/mail -s "** your mail subject here **" adr@adr-desktop


# change user & password in passwd-file specified by /etc/nagios3/apache2.conf
# change nagiosadmin to the user chosen
sed -i s/"nagiosadmin"/"adr"/ /etc/nagios3/cgi.cfg
# Edit the disk.cfg file located in /etc/nagios-plugins/config and add the arguments
# -A -i '.gvfs'
# at the end of the command line arguments for the command check_disk and check_all_disks. 
service nagios3 restart

Angularjs project setup (NODE & YEOMAN)

# see also

# general setup
sudo ln -s /usr/bin/nodejs /usr/bin/node	-> when node file is not found
sudo npm install -g yo bower grunt-cli generator-karma generator-angular
# see
# npm help list
# sudo npm list -gp grunt-wiredep@3.0.1
sudo npm list -gp --depth=0
# in project's path immediately after checkout from svn/git
npm install
bower install
# bower cache list, clean
bower cache list
bower cache clean

Linux errors/problems, tips & tricks

# error
# adr@adr-desktop:~$ su-to-root -X -c zenmap
(gksu:24352): Gtk-WARNING **: cannot open display: 
adr@adr-desktop:~$ echo $DISPLAY
... showing nothing ...
adr@adr-desktop:~$ export DISPLAY=:0.0 -> add this in .bashrc
adr@adr-desktop:~$ su-to-root -X -c zenmap
... now is working ...

# vmware security problem; closing ports 443 and 902 opened by VMware Authentication Daemon
sudo service vmware-workstation-server status
sudo nmap -T4 -A -v localhost
1. In /etc/init.d/vmware
Comment out the line:
         vmware_exec 'VMware Authentication Daemon' vmware_start_authdlauncher
Add the following line:
         echo 'Skipping: VMware Authentication Daemon'
2. In /etc/init.d/vmware-workstation-server
After the line:
          ### END INIT INFO
Add two new lines:
          echo Aborting launch of vmware-workstation-server
          exit 0
2. or (not tested) better use this to disable vmware-workstation-server autostart
sudo service vmware-workstation-server stop
sudo update-rc.d vmware-workstation-server disable
sudo service vmware-workstation-server status
sudo update-rc.d vmware-workstation-server defaults
2. VMware Workstation -> Edit -> Preferences -> Shared VMs
uncheck "Enable virtaul machine sharing and remote access" 

# error at apache2 startup
	AH01574: module dav_module is already loaded, skipping
# solution; edit /etc/apache2/mods-available/dav.load
	<IfModule !mod_dav.c>
		LoadModule dav_module /usr/lib/apache2/modules/

# error
Fetched 759 kB in 8s (91.2 kB/s)
W: Failed to fetch  Hash Sum mismatch
W: Failed to fetch  Hash Sum mismatch
E: Some index files failed to download. They have been ignored, or old ones used instead.
Error executing command, exiting
# solution
Check that everything is on in Synaptic Package Manager -> Settings -> Repositories.
sudo rm /var/lib/apt/lists/* -vf
sudo apt-get update

# error
Dash (from Unity) does not showing Applications.
Message presented is "Sorry, there is nothing that matches your search".
# solution
sudo apt-get install desktop-file-utils
# list the files containing errors:
desktop-file-validate ~/.local/share/applications/*.desktop | grep -i "desktop: error" | awk '{sub(/:$/,"",$1); print $1}' | uniq
desktop-file-validate ~/.gnome/apps/*.desktop | grep -i "desktop: error" | awk '{sub(/:$/,"",$1); print $1}' | uniq
desktop-file-validate /usr/share/applications/*.desktop | grep -i "desktop: error" | awk '{sub(/:$/,"",$1); print $1}' | uniq
# in order to see the errors run:
desktop-file-validate ~/.local/share/applications/*.desktop
desktop-file-validate ~/.gnome/apps/*.desktop
desktop-file-validate /usr/share/applications/*.desktop
# move the error-desktop-files to a temporary location:
mkdir -p ~/temp/error-desktop-files1 ~/temp/error-desktop-files2 ~/temp/error-desktop-files3
desktop-file-validate ~/.local/share/applications/*.desktop | grep -i "desktop: error" | awk '{sub(/:$/,"",$1); print $1}' | uniq | xargs sudo mv -t ~/temp/error-desktop-files1/ {}
desktop-file-validate ~/.gnome/apps/*.desktop | grep -i "desktop: error" | awk '{sub(/:$/,"",$1); print $1}' | uniq | xargs sudo mv -t ~/temp/error-desktop-files2/ {}
desktop-file-validate /usr/share/applications/*.desktop | grep -i "desktop: error" | awk '{sub(/:$/,"",$1); print $1}' | uniq | xargs sudo mv -t ~/temp/error-desktop-files3/ {}
# At this point your problem is solved but some application still are missing (the ones for whom you moved the *.desktop files).
# What's strange is that after moving back the *.desktop files to where they originally were the problem still remains solved.
# I suppose you have to first access the dash in order to show the applications before
# moving them back to where they originally were, otherwise would be more than strange.

# Enable *.sh executing on double-click for Xfce (thunar 1.6.6 minimal):
# see then created: Settings -> Settings Editor -> thunar -> misc-exec-shell-scripts-by-default
xfconf-query --channel thunar --property /misc-exec-shell-scripts-by-default --create --type bool --set true

# video card info
# see also
# using chromium navigate to chrome://gpu/
lspci | grep VGA
sudo lshw -C video
# That's because your hardware is newer than Trusty's copy of the PCI ID database of names. 
# Run this (once, with internet connection on) to update to the most current database of 
# PCI/USB device names, and then run lspci again:
sudo update-pciids
sudo update-usbids
# other video test
export LIBGL_DEBUG=verbose
glxgears -info
# display info about a GLX extension and OpenGL renderer
# display information from VA API driver

# Disable The User List Or Guest Session In Ubuntu 15.10
# see also
# when using lightdm login manager:
gksu gedit /etc/lightdm/lightdm.conf
[SeatDefaults]		-> existing line
allow-guest=false	-> append this line
sudo systemctl restart lightdm

# show current login manager
cat /etc/X11/default-display-manager

# list available login managers
update-alternatives --list x-window-manager

# Enable password-less login
# Use "Users and Groups" utility.

# XFCE Whisker Menu (
# search whisker in Synaptic for maybe other related useful packages
sudo apt-get install xfce4-whiskermenu-plugin xfce4-goodies
# then add the Whisker Menu in Panel 1 and remove the Application menu

# XFCE + annoying security popups
In /usr/share/polkit-1/actions/org.freedesktop.accounts.policy configure:
# or at XFCE Settings -> Session and Startup (Application Autostart TAB):
# uncheck PolicyKit Authentication Agent but with this side effect e.g.:
# when starting Synaptic you won't longer be prompted for password so you'll have to start it with gksudo synaptic

# public key authentication not working (Permission denied (publickey))
# possible solution:
sudo chown -Rv $USER: ~/.ssh
sudo chmod -v 700 ~/.ssh
sudo chmod -v 600 ~/.ssh/*
# also remove any other user from the group named as the $USER (the base group)

	VMWare says something like "vmware kernel module updater ..." and requires pressing Install button then nothing happens.
	After some Ubuntu updates the vmware network adapters are gone.
	sudo vmware-modconfig --console --install-all

# problem: masked service
# This will prevent the service from being started, automatically or manually, for as long as it is masked.
sudo service transmission-daemon status
● transmission-daemon.service
   Loaded: masked (/dev/null)
   Active: inactive (dead)
sudo service transmission-daemon start
Failed to start transmission-daemon.service: Unit transmission-daemon.service is masked.
sudo systemctl unmask transmission-daemon.service
Removed symlink /etc/systemd/system/transmission-daemon.service.
sudo service transmission-daemon status
● transmission-daemon.service - LSB: Start or stop the transmission-daemon.
   Loaded: loaded (/etc/init.d/transmission-daemon)
   Active: inactive (dead)
     Docs: man:systemd-sysv-generator(8)

# show open ports:
sudo nmap localhost
# use zenmap gui:
sudo zenmap

# how to install vmware tools on linux:
sudo apt-get install open-vm-tools

# get hdd partition uuid
sudo blkid /dev/sda2
# result e.g: /dev/sda2: LABEL="Windows7_OS" UUID="4250D1BE50D1B8BD" TYPE="ntfs" PARTUUID="33ca1039-02"

Unity Tweak Tool - usefull tweaks:
select Launcher -> "Show Desktop" icon
select Search -> Search online sources
select Panel -> Date & time

Compiz Config Settings Manager (compizconfig-settings-manager) - settings:
General Options -> Display Settings (for default monitor selection)
Ubuntu Unity Plugin -> Launcher -> Minimize Single Window Applications (check in order to maximize/minimize window when clicking on it's launcher icon)

After updating an Ubuntu server I occasionally see the message you 
may need to re-run your boot loader[grub] after updating the kernel:
sudo update-grub

# Remote desktop + XFCE + terminal auto complete commands
edit ~/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml
find the line
<property name="custom" type="empty">
	<property name="&lt;Super&gt;Tab" type="string" value="switch_window_key"/>
and change it to
<property name="custom" type="empty">
	<property name="&lt;Super&gt;Tab" type="empty"/>
reboot or whatever and then tab will work properly!

# download from https with public/private key and user/password
# see also
wget --no-hsts --no-check-certificate --user=uuu --password=ppp --certificate=xxx_pub.pem --private-key=xxx_key.pem https://svn-ubuntu/zzz/yyy.xml
PS: make sure "certificate common name" match host name (e.g. svn-ubuntu); put it in /etc/hosts in order to match

# clear HSTS data for chrome

# umount: /mnt/adrhc-davp: target is busy
# list open files in /mnt/adrhc-davp:
sudo lsof | grep /mnt/adrhc-davp
# or identify processes using /mnt/adrhc-davp:
fuser -u /mnt/adrhc-davp

# convert m4a or m4b to mp3
# use soundconverter:
sudo apt-get install soundconverter

# nomodeset
The newest kernels have moved the video mode setting into the kernel. So all the programming of the hardware specific clock rates and registers on the video card happen in the kernel rather than in the X driver when the X server starts.. This makes it possible to have high resolution nice looking splash (boot) screens and flicker free transitions from boot splash to login screen. Unfortunately, on some cards this doesnt work properly and you end up with a black screen. Adding the nomodeset parameter instructs the kernel to not load video drivers and use BIOS modes instead until X is loaded.

# ssh with pre-configured port and user name
# create/edit ~/.ssh/config:
Host gigi
    Port 22
    User gigikent
    ServerAliveInterval 30
# now you can login with: ssh gigi
Host gigi18375
    Port 18375
    User gigikent
    ServerAliveInterval 30
# now you can login with: ssh gigi18375

# RAM info
sudo dmidecode -t memory

# generate nive html reports on computer access for a custom period of time
# see also /etc/cron.daily/epylog
# see also /etc/epylog/modules.d/*.conf
# see /etc/epylog/epylog.conf for configuration:
# [file]
# method = file
# path = /var/www/html/epylog
sudo epylog --last day

# access samba share; put this in your File Manager tab:

# teamviewer setup:

# Errors in /var/log/syslog:
# Too many open files
# TCP: request_sock_TCP: Possible SYN flooding on port 8080. Dropping request.  Check SNMP counters.
netstat -tuna | wc -l
watch --interval=1 'netstat -tuna | grep "SYN_RECV" | wc -l'
# /etc/sysctl.conf:
net.ipv4.tcp_max_syn_backlog = 2048
less /etc/sysctl.conf
sysctl -a
# /etc/security/limits.conf:
# -: changes both soft and hard limit
username soft nofile 2048
username hard nofile 65536
username - memlock 524288
@groupname soft nofile 2048
@groupname hard nofile 65536
# shows all limits for current user:
ulimit -a
# xrdp ignores /etc/security/limits.conf
# Edit /etc/pam.d/common-session and add the following line:
session    required
# e.g. change memlock limit then login with current user:
# won't work with only "ulimit -l 1024"
sudo sh -c "ulimit -l 1024 && exec su $LOGNAME"
# e.g. print limits set for the process with pid 1831:
cat /proc/1831/limits
# To count the number of open file handles of any sort, type the following command:
lsof | wc -l
# see also nginx setup:
worker_rlimit_nofile, worker_connections, proxy_read_timeout
# see also limits for sslh and sshttp:
ps -e -o pid,comm,cmd | grep [s]shttp
ps -e -o pid,comm,cmd | grep [s]slh

# wget console output
wget --no-check-certificate -qO-

# nginx ssl configuration:
# ttps://

# ERROR: sudo apt-get install ttf-mscorefonts-installer
# ttf-mscorefonts-installer: processing...
# ttf-mscorefonts-installer: downloading
# Get:1 [198 kB]
# Fetched 198 kB in 1s (184 kB/s)                                                              
# W: Can't drop privileges for downloading as file '/var/lib/update-notifier/package-data-downloads/partial/andale32.exe' couldn't # be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
# ttf-mscorefonts-installer: downloading
# see
apt-cache policy ttf-mscorefonts-installer
ll /var/lib/update-notifier/package-data-downloads/partial
sudo rm /var/lib/update-notifier/package-data-downloads/partial/*
sudo apt-get --purge --reinstall install ttf-mscorefonts-installer

# Adding CAcert root certificate to Debian/Ubuntu
# see: curl-config --ca
sudo mkdir /usr/local/share/ca-certificates/svn-ubuntu-2017
sudo cp -v svn-ubuntu.cer-chain.b64-ascii.crt /usr/local/share/ca-certificates/svn-ubuntu-2017/
sudo update-ca-certificates
# or this way:
sudo bash -c "echo -n | openssl s_client -showcerts -connect host-name-here:443 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> /etc/ssl/certs/ca-certificates.crt"
Frozen linux restart
cat /proc/sys/kernel/sysrq
Ctrl + Alt + SysRq + key
Under graphical environments (such as Gnome or KDE) 'Alt'+'PrintScrn/SysRq'+key combination generally only leads to a screenshot being dumped. To avoid this Print Screen feature the magic SysRq combination should include the Ctrl, becoming 'Ctrl'+'Alt'+'SysRq'+key. For the same purposes the AltGr key, if present, can be used in place of the Alt key.

#54: Protect log files

angularjs errors

# error (e.g. in project named projectx)
Running "imagemin:dist" (imagemin) task
Fatal error: Cannot read property 'contents' of undefined
# solution 1
remove node_modules/grunt-contrib-imagemin from projectx
copy node_modules/grunt-contrib-imagemin to projectx from another working project
run again grunt build
# solution 2
comment imagemin in Gruntfile.js:
dist: [
//    'imagemin',

# error
Images are optimized and renamed to something like 8c5d3fdb.logout-16x16.png but not in html too (they are still referenced as e.g. logout-16x16.png).
# solution 1
Patch node_modules\grunt-usemin\lib\htmlprocessor.js:
if (srcfile !== file) {
  self.log(match + ' changed to ' + res);
while(res.indexOf('../images/') > -1){	
	res = res.replace("../","");
return res
# solution 2 (srcFile might be srcfile)
Patch node_modules\grunt-usemin\lib\fileprocessor.js:
var srcFile = filterIn(src);	-> already exisnting line
debug('Let\'s replace ' + src);
while(srcFile.indexOf('../images/') > -1){	
	srcFile = srcFile.replace("../","");
debug('Looking for revved version of ' + srcFile + ' in ', assetSearchPath);

# error (when running "npm install" in project dir)
npm ERR! Error: EACCES, mkdir '/********/.npm/minimatch/1.0.0'
npm ERR!     at Error (native)
npm ERR!  { [Error: EACCES, mkdir '/********/.npm/minimatch/1.0.0']
npm ERR!   errno: -13,
# solution
Run as administrator:
sudo npm install


# npm cache data directory
npm config get cache
# npm cache list, clean
npm cache ls
npm cache clean

# list local node modules (project/node_modules)
npm ls --depth=0
# list global node modules (/usr/lib/node_modules)
npm ls -gp --depth=0

# install global package, specific version
sudo npm install -g webpack@2.2.0-rc.4

# uninstall global package (don't specify the version)
sudo npm uninstall -g -verbose webpack-dev-server

npm search angular-in-memory-web-api

# show the dependencies of the typings package at version 1.4.0 (or just check its package.json file)
npm view typings@1.4.0 dependencies

	npm WARN retry will retry, error on last attempt: Error: certificate has expired
	npm config set strict-ssl false

Node js

# see
# First, you need to install the PPA in order to get access to its contents
# curl -sL | sudo bash -
curl -sL | sudo bash -
# then install nodejs
sudo apt-get install nodejs

# initialize a node.js project (creates package.json):
node init

Ubuntu useful software/packages

# info about package_name
dpkg -l package_name

sudo apt-get install git-gui (run then "git gui")
sudo apt-get install mesa-utils (see glxgears)
sudo apt-get install alarm-clock-applet
sudo apt-get install unity-tweak-tool -> Unity Tweak Tool
sudo apt-get install compiz -> Compiz Config Settings Manager
seahorse - Passwords and Keys
systemadm - Graphical frontend for the systemd system and service manager
transgui - GUI program to remotely control the Transmission daemon
psensor - Temperature monitoring application
zenmap - Graphical Nmap frontend and results viewer
svn-workbench - SVN GUI
mysql-workbench - MySQL Database Design, Administration and Development Tool
imagemagick - image manipulation programs
subversion - Advanced version control system
xrdp - Remote Desktop Protocol (RDP) server
vnc4server - Virtual network computing server software
lua5.1 - Simple, extensible, embeddable programming language
luajit - Just in time compiler for Lua programming language version 5.1
luarocks - deployment and management system for Lua modules
preload - adaptive readahead daemon
gufw - graphical user interface for ufw (program for managing a Netfilter firewall)
sudo apt-get install ubuntu-restricted-extras
sudo apt-get install lm-sensors
sudo apt-get install rabbitvcs-core
sudo apt-get install rabbitvcs-nautilus
UNetbootin - Universal Netboot Installer (makes bootable USB from ISO)
sudo apt-get install pavucontrol (PulseAudio Volume Control)
sudo apt-get install rcconf (Debian Runlevel configuration tool)
sudo aptitude install sshfs (mounts sftp location)
sudo apt install members (shows group members)
sudo apt-get install adobe-flashplugin (

# Intel® Graphics Installer 1.4.0 for Linux (see
sudo dpkg -i intel-linux-graphics-installer_1.4.0-0intel1_amd64.deb
# run the intel-linux-graphics-installer:
# 2016.11.27 update:

# Shrew Soft VPN Client:
sudo apt-get install ike
sudo apt-get install ike-qtgui

# desktop streaming
# see
sudo apt-get install python-fuse
python -s -f /********/Videos/DesktopStream

# install/repair vmware
sudo ./VMware-Workstation-Full-12.0.0-2985596.x86_64.bundle
# -l, --list-products
# -u NAME, --uninstall-product=NAME
sudo ./VMware-Workstation-Full-12.0.0-2985596.x86_64.bundle -l
sudo ./VMware-Workstation-Full-12.0.0-2985596.x86_64.bundle -u vmware-workstation

Ubuntu: apache

# print apache version
apache2 -v
# install module
sudo apt-get install libapache2-svn
# enable apache module
sudo a2enmod headers
sudo a2enmod dav_fs
sudo a2enmod dav_svn
# disable apache module
sudo a2dismod php5
# apache status
systemctl -l status apache2
# apache start
sudo systemctl start apache2
# apache restart
sudo systemctl restart apache2
# list apache modules
sudo apache2ctl -M
# configuration
# /etc/apache2/apache2.conf
# /etc/apache2/envvars
export APACHE_RUN_USER****
# /etc/apache2/sites-available/000-default.conf
<Location /svn>
        Header set X-UA-Compatible "IE=edge"
        DAV svn
        SVNParentPath /mnt/500GB/SVNRepoLinux
        SVNListParentPath on
        AuthName "Subversion repository"
        AuthType Basic
        AuthUserFile /********/apps/etc/basic.auth.apache.passwords.txt
        Require valid-user
        SVNPathAuthz on
        AuthzSVNAccessFile /********/apps/etc/svn-authz
        Header set Cache-Control "public,must-revalidate"

# how to share a directory with DAV and apache 2.2.29
# win7 url:
# make sure WebClient windows service is started
DavLockDB /ffp/var/dav/DavLock
Alias /webdav /i-data/md0/seagate-ext4/DAV-shares
<Directory /i-data/md0/seagate-ext4/DAV-shares>
	Options -Indexes FollowSymLinks

	Order Allow,Deny
	Allow from all
	Dav On

	AuthType Basic
	AuthName "webdav"
	AuthUserFile "/ffp/etc/basic.auth.apache.passwords.txt"
	Require valid-user

#        Allow from all
#	</Limit>
#	<LimitExcept GET POST OPTIONS>
#		Require user adr
#	</LimitExcept>

# how to share a directory with DAV and apache 2.4
# win7 url:
# make sure WebClient windows service is started
Alias /webdav /********/Documents/DAV-shares
DavLockDB /var/tmp/DAV-shares-DavLockDB
<Directory "/********/Documents/DAV-shares">
	Options -Indexes +FollowSymLinks
	Require all granted
	Dav On

	AuthType Basic
	AuthName "NSA310 admin"
	AuthUserFile "/********/apps/etc/basic.auth.apache.passwords.txt"

# how to connect from win 7 to share dav directory:
# right-click on Network icon on desktop and choose "map network drive" menu
# fill in "Folder" field with ""
# check "Connect using different credentials"
# press Finish

Ubuntu: X11 forward to putty

install X11 package

configure /etc/ssh/sshd_config
sudo grep -nri X11 /etc/ssh
X11Forwarding yes
X11DisplayOffset 10

Cygwin-X config
make sure XWin Server shortcat contains the command below:
F:\cygwin64\bin\run.exe --quote /usr/bin/bash.exe -l -c "cd; /usr/bin/startxwin -- -listen tcp"

configure putty
- goto Connection -> SSH -> X11
- check "Enable X11 forwarding", save putty session
- fill in "X display location": localhost:0
- start putty
- start from windows start menu: Cygwin-X -> XWin Server (this will create windows - .Xauthority)
- close putty (won't close till closing XWin Server too!)
- goto again Connection -> SSH -> X11
- fill in "X authority file for local display" with the local windows-path (e.g: F:\cygwin64\home\******.*****\.Xauthority), save putty session
- close putty

run it (order below is important)
- start from windows start menu: Cygwin-X -> XWin Server
- start putty

run it (only when having throubles)
- start putty
- xauth list
- run "xauth add" with any line from "xauth list" output (e.g. xauth add adr-desktop/unix:11  MIT-MAGIC-COOKIE-1  erhe5j56jefhere4hr4j5jrthdte4yergerher)
- close putty (won't close till closing XWin Server too!)
- start from windows start menu: Cygwin-X -> XWin Server
- start putty

Ubuntu: creating an init.d service

#create then put your script (e.g. nginx) into /etc/init.d with root as user & group
sudo update-rc.d nginx defaults		-> loads the script
sudo update-rc.d nginx enable		-> enable the script to run at system sturtup/boot
service nginx start					-> starts the service
service nginx status
systemctl -l status nginx
service --status-all				-> shows status for all services
systemctl							-> shows all active units
systemctl list-units --type=service	-> shows all active services (--all to see loaded but inactive services too)

# reload service's configuration:
sudo systemctl reload nginx.service

Ubuntu: login with certificate

# See also for how to create public-pub.openssh.

# Configure server
# Uncomment in /etc/ssh/sshd_config:
AuthorizedKeysFile	%h/.ssh/authorized_keys
# public-key in openssh format
cat public-key.openssh.pem > ~/.ssh/authorized_keys

# Configure client
# id_rsa -> mandatory name
# private-key.pem.des3.bitvise must start similar to:
# Proc-Type: 4,ENCRYPTED
# DEK-Info: DES-EDE3-CBC,26D2920A0A1A7AA6
# it's not ok if starts with:
cp -v private-key.pem.des3.bitvise .ssh/id_rsa
# in order to connect with Remmina + ssh you also need the public key:
# public-key in openssh format
cp -v public-key.openssh.pem .ssh/

# ERROR "key_load_public: invalid format"
ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/

# fix ssh permissions
cd $HOME
sudo chown -Rv $USER: .ssh
sudo chmod -v 700 .ssh
sudo chmod -v 600 .ssh/*
if [ "`members $USER`" != "$USER $USER" ]; then
	echo -e "\nMake sure only $USER is the member of group $USER!"
	echo "Actual setup is: `members $USER`"

# "sign_and_send_pubkey: signing failed: agent refused operation
# Permission denied (publickey)."
cd ~/.ssh
ssh-add -l
restart ssh service
sudo systemctl restart ssh
sudo systemctl status ssh

login with ssh

sftp location syntax

#50: Password-less ssh