what’s the field before ssh-rsa in know_hosts on Raspbian GNU/Linux 9 (stretch)

ssh-gen by default creates a public key like

ssh-rsa AAAAB3NzaC1yc2E…6OEBTVwLRP1Ocyr user@DESKTOP-8BL3U5O

The Raspbian 9 has a different format

|1|dMpV8+ILjAAD11mhp57Q7hVk/4A=|pvCuzPyguQCwV9cN908uBz6CZLE= ssh-rsa AAAAB3NzaC1yc2E…6OEBTVwLRP1Ocyr

What is the field before ssh-rsa. How to generate it so id_rsa.pub can be inserted into know_hosts?

How To Create a DNS Server On Debian Stretch

The DNS or Domain Name System is the distributed database that allows zone records, such as IP addresses, to be associated with domain names. When a computer, such as your laptop or phone, needs to communicate with a remote computer, such as a web server, over the internet they use each others IP addresses. People are not very good at remembering IP addresses but they are good at remembering the words and phrases in domain names. The DNS system allows people to use domain names when they interface with computers whilst still allowing computers to use IP addresses when they communicate.

In this guide, we will examine how you can install and configure a DNS server that will be the authoritative DNS server for your domain names. This will allow you to have complete control over your DNS information and make immediate changes to your DNS records whenever you need to make them.


In order to follow this guide you will need:

  • A Debian Stretch server.
  • A domain name.
  • A non-root sudo enabled user on the server.

In order to begin this guide, you must log into your server as the non-root user.


The DNS server that we will use in this guide is BIND. BIND is the most deployed and one of the oldest DNS servers in use on the internet.

Before we install BIND you should ensure that your server up-to-date with the latest packages:

sudo apt update sudo apt upgrade 

BIND is available from the default Debian repositories and is installed with the following command:

sudo apt install bind9 bind9utils bind9-doc dnsutils 

BIND is now installed so we can move on to configuring it.

Global BIND Settings

Making BIND function as a DNS server falls into two parts. The first is setting the global parameters which will make BIND function in the manner we desire. The second is to create the domain-specific DNS information that BIND will serve. This information is known as “zone information” or “zone records”.

In this section, we will configure the global parameters.

The first configuration file that we will edit is located at /etc/bind/named.conf.options and configures how bind will operate. Open this file with your favorite text editor, here nano is used:

sudo nano /etc/bind/named.conf.options 

Edit named.conf.options so that it looks like the following:

options {         directory "/var/cache/bind";         auth-nxdomain no;         listen-on port 53 { any; };         recursion no; }; 

The options used here mean as follows:

  • directory – This sets a filesystem path variable. It does not need to be changed.
  • auth-nxdomain no – BIND will not answer authoritatively for domains that are not configured on this server.
  • listen-on port 53 { any; }; – This sets the port that BIND will listen on for incoming DNS requests. Port 53 is the default DNS port. The any options is used here instead of an IP address. This instructs BIND to attach to all available interfaces, private and public.
  • recursion no – This option configures BIND to only respond with information about domains that it has configuration files for. If this is set to yes then BIND will become a recursive DNS which means it will look up any request it receives a request for like Google’s recursive server at This should always be set to no when BIND is also configured to respond to requests from any IP as we have set it up above for security reasons. This is because it can be used for DNS amplification attacks or other nefarious purposes.

The second configuration file we will create sets which domains BIND is responsible for and where the files that contain their zone information are located. Open this file with a text editor:

sudo nano /etc/bind/named.conf.local 

Edit this file so that it looks like:

zone    "exmaple.com"   {         type master;         file    "/etc/bind/forward.example.com";  };  zone   ""  {        type master;        file    "/etc/bind/reverse.example.com";  }; 

The lines in this file mean as follows:

  • zone – This is the domain name or IP address that BIND will answer requests for.
  • type master – BIND will read the zone information from the local storage and provides authoritative information for the domain listed on the zone line.
  • file – The file that contains the zone information.

As you can see there are two sections to this file that have the same syntax. The first section lists the domain (example.com) and is the so-called, forward DNS record. This means that it will convert domain information to IP addresses.

The second is the reverse or PTR record of the server’s IP address. This converts in the opposite direction, i.e. IP addresses to domain names. The zone line for the reverse record looks a little strange because the IP address is in reverse. The IP address that this is the reverse record for is

Reverse records are important to have because many security systems such as spam filters will be less likely to accept mail sent from an IP address that has no reverse record.

Now that BIND’s global configuration is set we can create the zone files that will hold the forward and reverse DNS information.

Zone File Configuration

The first zone file that we will create is the forward information for the domain name. Open and create the file with a text editor:

sudo nano /etc/bind/forward.example.com 

And use the following as your template:

$  TTL 1d @               IN      SOA     dns1.example.com.    hostmaster.example.com. (                 1        ; serial                 6h       ; refresh after 6 hours                 1h       ; retry after 1 hour                 1w       ; expire after 1 week                 1d )     ; minimum TTL of 1 day ; ; ;Name Server Information  @               IN      NS      ns1.example.com. ns1             IN      A ; ; ;Mail Server Information example.com.    IN      MX      10      mail.example.com. mail            IN      A ; ; ;Additional A Records:    www             IN      A site            IN      A ; ; ;Additional CNAME Records: slave           IN      CNAME   www.example.com. 

The first configuration block beginning $ TTL 1d has only a single line that you need to edit by changing the domain to your domain:

example.com.    IN      SOA     dns1.example.com.    hostmaster.example.com. ( 

This line means from left to right:

  • @ – This is replaced with the domain from the named.conf.local file i.e. example.com.
  • IN – The type of record, in this case, INternet records.
  • SOA – The record is the Start Of Authority record. This is the authoritative record for this domain.
  • dns1.example.com. – The nameserver where the DNS records are found.
  • hostmaster.example.com. – The email address of the administrator of the nameserver. The @ symbol is replaced with a dot.

The rest of the lines here set values such as Time To Live’s which you can copy from the example.

You should note the dots at end of the domains and hostnames e.g. example.com. This final dot stops the domain getting added automatically. We want this to happen with, for example, the www’s in the following line www IN A as this will resolve www.example.com to the IP address.

The next section – Name Server Information – is mandatory and should be edited to use the hostname of this nameserver and its IP address. It is customary to label the first nameserver ns1.domain.com but you can choose any hostname you want.

The remaining sections are optional and are included as examples. The first of these, Mail Server Information, is an example of how an email will get sent to an email server at the IP MX records should always resolve to hostnames so the required A record for mail.example.com is included in the mail records section for ease of understanding.

The final two sections are further examples of A and CNAME records.

Next, we need to create a reverse zone file. Open and create the file with a text editor:

sudo nano /etc/bind/reverse.example.com 

Use the following example as your template:

$  TTL 1d @               IN      SOA     dns1.example.com.    hostmaster.example.com. (                 1        ; serial                 6h       ; refresh after 6 hours                 1h       ; retry after 1 hour                 1w       ; expire after 1 week                 1d )     ; minimum TTL of 1 day ; ; ;Name Server Information  @               IN      NS      ns1.example.com. ns1             IN      A ; ; ;Reverse IP Information      IN      PTR       ns1.example.com.      IN      PTR       mail.example.com.      IN      PTR       www.example.com. 

The first two sections are the same as the forward zone file. The last section is where the reverse maps are configured.

The IP is set down in the backward format with the hostname you want it to resolve to at the end of the line. Here the reverse maps are set for all three IP addresses used in the forward zone file as examples.

Check Your Configuration For Errors

BIND provides a pair of tools to check that its configuration files do not contain any errors that would prevent BIND from starting.

The first checks the global configuration files and is used as follows:

sudo named-checkconf /etc/bind/named.conf.options sudo named-checkconf /etc/bind/named.conf.local 

The second tool will check the zone files and is used as follows:

sudo named-checkzone <DOMAIN-NAME> <ZONE-FILE> e.g. sudo named-checkzone example.com /etc/bind/forward.example.com 

When you have finished editing these files and they do not throw any errors when you check BIND must be restarted and enabled so that it starts on boot:

sudo systemctl enable bind9.service sudo systemctl restart bind9.service 

Configure Systemd To Keep BIND Running

When you start using your own nameservers for your domain it is critical that it keeps running. If it stops then anything that uses your domain e.g. email, website etc will stop working. Systemd is the program that, amongst other services, starts and stops programs like BIND on your server. In addition to starting and stopping it can be configured to ensures that a program is re-started if it stops for any reason.

First, make a copy of the BIND systemd service file that we will edit:

sudo cp /lib/systemd/system/bind9.service /etc/systemd/system/ 

This will ensure that the edits will not be lost in future system updates. Next, open the file in an editor:

sudo nano /etc/systemd/system/bind9.service 

And add the following two lines to the [Service] section:

Restart=always RestartSec=3 

Then prompt Systemd to reload all its service files:

sudo systemctl daemon-reload 

And restart BIND:

sudo systemctl restart bind9.service 

Now, if BIND stop running for any reason, systemd will restart it again automatically.

Testing The DNS Server

Before you begin using your new DNS server you need to test that it works correctly i.e. BIND serves the correct DNS information for your domain.

The DNS inspection tool dig was included with the packages we installed at the beginning of this guide. dig is one of the powerful and flexible DNS testing and investigation command line tools available on Linux and should be your goto tool for looking up DNS records.

dig has the ability to ignore the system configured resolvers (set in /etc/resolv.conf) and request DNS information directly from a nameserver i.e. the DNS server you have just created.

The syntax of a dig query is as follows:


If we replace this information with the details of the example server in this guide we get:

dig @ -t A www.example.com. 

This will return quite a bit of information. The result that we are interested in is always contained in the ANSWER SECTION e.g.:

;; ANSWER SECTION: example.com.         86400   IN      A 

We can also check the reverse map record by using the -x flag:

dig @ -x 

Which will produce the result:

;; ANSWER SECTION:      IN      PTR       ns1.example.com. 

You can perform similar queries against all of the zone records you have created for your domain. When they all return the correct information you are ready to start using your DNS server.


You have now successfully installed, configured and tested your own DNS server you are now ready to start using it. In order to do this, you will need to transfer your domain to your DNS server. This is done with the company that registered your domain for you. When you log into their site you will find somewhere in their control panel an option to transfer the domain to new authoritative nameservers.

Some companies require that a domain has more than one authoritative nameserver. In this guide, we only created one, i.e. ns1.example.com. If an additional nameserver is required then you need to obtain a second virtual machine and copy the configuration substituting ns2 for ns1.

Alternatively, you can request a second IP address for your existing server and duplicate the ns1 records changing them to ns2.


The post How To Create a DNS Server On Debian Stretch appeared first on Low End Box.

Could not install apache2 on Raspberry 3 B+ with Raspbian stretch, can’t find /etc/apache2.conf

I’m new to raspberry Pi, I just followed a tutorial to setup Raspberry pi 3 b+ with raspbian stretch OS. And I was trying to install apache2 with apt-get install apache2 the following error occurred:

apache2.service - The Apache HTTP Server    Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)    Active: failed (Result: exit-code) since Sun 2019-06-23 01:06:15 CDT; 51ms ago   Process: 26477 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)  Jun 23 01:06:15 raspberrypi systemd[1]: Starting The Apache HTTP Server... Jun 23 01:06:15 raspberrypi apachectl[26477]: apache2: Could not open configuration file /etc/apache2/apache2.conf: No such file or directory Jun 23 01:06:15 raspberrypi apachectl[26477]: Action 'start' failed. Jun 23 01:06:15 raspberrypi apachectl[26477]: The Apache error log may have more information. Jun 23 01:06:15 raspberrypi systemd[1]: apache2.service: Control process exited, code=exited status=1 Jun 23 01:06:15 raspberrypi systemd[1]: Failed to start The Apache HTTP Server. Jun 23 01:06:15 raspberrypi systemd[1]: apache2.service: Unit entered failed state. Jun 23 01:06:15 raspberrypi systemd[1]: apache2.service: Failed with result 'exit-code'. 

when cd to /etc/apache2 there’s no apache2.conf file or anything else. What should I do??

How can I have a single image stretch across both monitors for wallpaper?

I have looked on askUbuntu but there are only old answers to this question that I can find.

I have a wide image that is designed for two monitors. I am on Ubuntu 18.04. I choose the wallpaper and it has it displayed twice, once on each monitor.

How can I get it to stretch across both monitors?

Thank you

How To Install and Use A Plex Media Server On Raspbian Stretch

Plex is a media streaming application that allows you to keep your media collection – movies, music, photos – on a server attached to your local network and access them from a browser-based interface or app. Plex even streams a wide variety of podcasts and shows directly from the internet and by upgrading to the Premium (paid) tier Plex offers many more services. You can use the free version of Plex if you only want to view your own media and free to view streaming content.

In this guide, we will install Plex on a Raspberry PI minicomputer. Raspberry PI’s make grade Plex streaming servers because:

  1. They are low power and fan-less. You can leave them running 24/7 without worrying about your energy bills.
  2. They are sufficiently powerful to stream HD movies to your computer.
  3. They are full computers with a desktop environment so you can log and use GUI tools to manage them.
  4. They are $ 35 USD!

These reasons make a Raspberry PI an ideal home streaming server and a great introduction to using Linux if you haven’t already taken the plunge.


You will need a few things to get your Plex server up and running. They are as follows:

  1. Raspberry PI 3 (any version).
  2. 16GB microSD card.
  3. Micro-USB Android phone charger (for the Raspberry PI).
  4. USB keyboard.
  5. HDMI monitor or TV to use a monitor.
  6. USB storage device which is large enough to hold your media.
  7. A Plex user account (optional). You will need to this to claim your Plex media server and lock it to your account with your user name and password. You can register a Plex user account (for free) at https://www.plex.tv/

You will use the keyboard and mouse to access the Raspberry PI during the installation and configuration. You will not need them later during normal use of Plex as we will configure the Raspberry PI be accessible via a VNC remote desktop connection.

Installing The Operating System

Your first job is to get the operating installed onto the microSD card that will hold the OS of the Raspberry PI. The operating system that we will install is Raspbian. Raspbian is based on the Debian operating system and compiled for the ARM CPU that the Raspbian uses.

Browse to the download page here and download the Raspbian Stretch with desktop image. This is a large, 1.1GB, file that you need to save to your computer. Do not unzip this file. The software we will use to flash it to the microSD card will do this for you.

If you are an experienced Linux user the command line instructions for flashing the Raspbian image are here

Everyone else needs to download and install the software that we will use to flash the microSD card – balenaEtcher. This software is a beautiful cross-platform (Windows, OSX, and Linux) application that flashes SD cards and USB thumb drives.

Note, you will erase any data on the microSD card in the next step so make sure you have a copy of any data on it before you proceed.

Insert your microSD card into your computer and start up balenaEtcher. The simple screen that you will see looks like this:

Click on the Select image button and browse to the Raspbian image you downloaded and select it. balenaEtcher will search for and automatically select the microSD card that plugged into your computer. Check that the size listed next to the device that balenaEtcher has selected is the same size as your micoSD card just to be sure you are using the right device.

When you are ready hit Flash!. It will take several minutes to flash the microSD card. When balenEtcher has finished remove the microSD card and load it into your Raspberry PI.

Plug the screen and keyboard into your Raspberry PI and then plug in the phone charger. The Raspberry PI will now power on. Log in with the following details:

  • Username – pi
  • Password – raspberry

Follow the first-boot, on-screen instructions until you get to the desktop.

You will need to open a terminal to continue the guide.

System Users and Groups

When you install Plex later in this guide a new system user will be created called plex. We are going to create this user now so that we can use it before we install Plex.

In the terminal you have open on the Raspberry PI run the following command to create the new user called plex:

sudo useradd plex 

This command will not create a home directory at /home/plex it will only add the user to the system. Now that plex exists we are going to add them to the users group. This will allow us to mount the USB storage device using the users group which will allow both plex and pi to read and write to the device.

The following command will add plex to the users group:

sudo usermod -a -G users plex 

Auto-Mounting The USB Device

Raspbian will always give the device name /dev/sda to the first USB device that you plug into the Raspberry PI. This allows us to create an entry in the file that configures device mounting, /etc/fstab, so that the USB you have your media on will always get automatically mounted at the same location.

Before you edit /etc/fstab you need to get the UID (User ID) of pi and the GID (Group ID) of users. First, get the UID of pi by running this command:

sudo grep "pi" /etc/passwd 

This will give output that looks like the following:


pi‘s UID is the first number i.e. 1000. The following command will get the UID of users:

sudo grep "users" /etc/group 

This prints the output:


The UID of users is 100. Using this information open /etc/fstab with a text editor. Here nano is used:

sudo nano /etc/fstab 

Add a line that has the following format:

/dev/sda1  /media/pi/Media  vfat  umask=0002,gid=<GID>,uid=<UID>  0  0 

Substituting the values we discovered earlier:

/dev/sda1  /media/pi/Media  vfat  umask=0002,gid=100,uid=1000  0  0 

You must use the values from your Raspberry PI.

Finally, we need to create the directory we have set as the mount point and change its user and group:

sudo mkdir -p /media/pi/Media sudo chown -R pi:users /media/pi sudo chmod -R 775 /media/pi 

Plug in your USB device and confirm that it has been automatically mounted at /media/pi/Media. You will be prompted to open a file manager when you plug in the USB device that will open to its mount point i.e. /media/pi/Media.

Installing Plex

Plex is not installable from the default Raspbian repositories. As a result, you will need to add the Plex repository and their APT signing key.

Add their APT key with the following command:

sudo wget https://downloads.plex.tv/plex-keys/PlexSign.key -O - | sudo apt-key add - 

Next, open a new APT sources file that will contain the address of the Plex repository:

sudo nano /etc/apt/sources.list.d/plex.list 

Add this line:

deb https://downloads.plex.tv/repo/deb public main 

Save and exit. Before installing new software a good policy is to first perform a system update. This will help avoid any installation errors. Run these two commands to get your Raspberry PI up to date:

sudo apt update sudo apt upgrade 

When they have completed install Plex with this command:

sudo apt install plexmediaserver 

Plex is now installed and ready to start serving media. You should, if you haven’t already done so, plug in your USB device that contains your media now.

Logging into Plex

Plex is now running and listening on the public IP address of the Raspberry PI. You will need to get the IP of the Raspberry PI so that you can log into Plex. In the terminal you have open run this command:

hostname -I 

The IPv4 IP address will be the first one listed. Take this IP address and create a URL that has the same format as the following one:


Substituting <IP> with an example private network IP gives us the example URL: 

Enter that into a browser on your computer on the same local network as your Raspberry PI.

Here, if you have signed up for a Plex account, you need to use those credentials to log into your Plex server. The Plex server will verify the user name and password with the Plex servers. You do not need to do this but not doing so will disable functionality including some security features.

Adding Your Media Library

During the initial login and setup you will be prompted to add your own media library with the following dialog:

You can also do this from the Plex desktop after the initial setup by clicking on the Add Library link in the side navigation panel.

When you click “Add Library” dialog box will open:

Choose the type of media on your USB device and change the name of the library by clicking on the Name field. Then click Next.

Now click on the BROWSE FOR MEDIA FOLDERS button on the page that follows:

This will open a new dialog:

Select the Media folder and click ADD. This is the folder we created to mount your USB cevice e.g. /media/pi/Media. Finally, confirm that this is correct by clicking the ADD LIBRARY button. All your media on the USB device will now appear on the Plex desktop and be ready to stream to any device on your local network.

Enabling The VNC Remote Desktop

VNC is an open source version of the Windows Remote Desktop Protocol. It enables a person to log into the desktop environment of a remote computer such as your Raspberry PI. When you have enabled VNC you will not have to use a keyboard and mouse to access your Raspberry PI’s desktop.

The default Raspbian image contains all the VNC components so you don’t need to install anything but you do need to enable it.

Open a terminal on the Raspbian desktop and enter the following command:

sudo raspi-config 

This will open a command line menu. Use the up and down arrows and enter to navigate the menus. Proceed as follows:

  1. Highlight Interfacing Options and hit enter.
  2. Highlight P3 VNC and hit enter.
  3. Hit enter for <Yes>.
  4. Confirm <OK>.
  5. Use the TAB key to highlight <Finish> and hit enter to exit the program.

You can now log into your Raspberry PI desktop using the VNC Viewer. Downland and install this application on your local computer and use the IP address of your Raspberry PI to log in as the pi user.

Adding New Media To Your Library

When you need to update the media on your USB device so that you have new movies or shows to watch there are two ways to get this done.

Moving The USB Device

The first method is to unplug the USB device from your Raspberry PI, plug it into your local computer, copy the data onto it and move it back.

The following procedure will ensure that you do not corrupt the data on the USB device.

  1. Log into your Raspberry PI’s desktop via the VNC Viewer application linked to in the Enabling The VNC Remote Desktop section.
  2. Shutdown the Raspberry PI.
  3. Unplug the USB.
  4. Plug the USB device into your local computer.
  5. Copy your data on the device.
  6. Eject or unmount the USB device.
  7. Unplug the USB device.
  8. Plug the USB device into the Raspberry PI.
  9. Unplug and plug back in the power cable to the Raspberry PI.

When your Raspberry PI boots up log back into Plex click on the three dots next to your Media Library then click on Scan Library Files. This will prompt Plex to review the contents of the USB device and add the new media files to your Library.

Copying Files Over The Network

Your Raspberry PI is connected to the local network so you can transfer your media to it over the network instead of manually moving the USB to your computer to copy the files.

The best program to get files securely from your Windows computer to the Raspberry PI is called WinSCP. Follow that link to download, install and open WinSCP.

WinSCP will open the following dialoge box:

Fill in the boxes as follows:

  • Host – Enter the IP of your Raspberry PI.
  • Username – Enter pi.
  • Password – Enter the password for user pi.

Click Save and create a bookmark for the Raspberry PI. Finally, hit Login to log into your Raspberry PI.

Use the address bar in the right-hand panel to navigate to /media/pi/Media:

You can create directories to organize your media in there and the Plex server will automatically index everything.

Accessing Your Media

In this guide, you have accessed your Plex with a browser from your local computer. You are also able to access your Plex server from your phone or tablet via the official Plex app. This link will install if for Android. If you are using an iPhone or an iPad search for “Plex” in the AppStore on your device.


You have now got a Raspberry PI installed and running as your Plex media server on your local home network. This article covered the basic installation and configuration to get a Plex up and running. Now that you have done that you should read some of the articles on the Plex website that cover how to get the most of your Plex server: https://support.plex.tv/articles/ .


The post How To Install and Use A Plex Media Server On Raspbian Stretch appeared first on Low End Box.

OpenRCT2 cmake configuration failed on Debian Stretch: cmake isn’t desired version

I was trying to build OpenRCT2 on Debian Stretch (9.9.0 amd64) with cmake, following the guide on https://github.com/OpenRCT2/OpenRCT2/wiki/Building-OpenRCT2-on-Linux, but unfortunately I have an invalid cmake version. After running the command sudo cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo, the terminal spits out:

  CMake 3.9 or higher is required.  You are running version 3.7.2   -- Configuring incomplete, errors occurred! 

I have tried to reinstall cmake, but I still have ver. 3.7.2. How do I update cmake’s version in Stretch?

debian stretch + bind 9

trying to setup a secondary authoritative name server, no recursions. I get the following when running named-checkconf.

  /etc/default# named-checkconf /etc/bind/named.conf 

/etc/bind/named.conf.default-zones:2: unknown option ‘zone’ /etc/bind/named.conf.default-zones:10: unknown option ‘zone’ /etc/bind/named.conf.default-zones:15: unknown option ‘zone’ /etc/bind/named.conf.default-zones:20: unknown option ‘zone’ /etc/bind/named.conf.default-zones:25: unknown option ‘zone’

it is the default named.conf.default-zones files from the installation. I wonder if I even need that ‘include’ as there isn’t any recursion and just an authoritative name server .

Debian Stretch IPv6 prioritization

I have a Debian Stretch system with both IPv4 and IPv6 addresses and default gateway. IPv4 and IPv6 addresses in the internet are reachable. When I start a ping to a domain which has an A and AAAA DNS record the system pings the IPv4 address from the A record. In the packet capture of the DNS request I can see that both A and AAAA are requested and answered. When I remove the IPv4 address from the system obviously everything works as expected….

How is the prioritization, I thought IPv6 will be preferred. If not, is there a option to change it?

A google search has not really helped me out because everyone asks to disable IPv6 and not want to use it…