cloud-init: Automatically import your public SSH keys into LXD Instances


, , , , , , , ,

While provisioning LXD instance; we can define post deployment task using cloud-init. This will help us to import your public SSH keys, add new user, update packages and install new packages if required. To do that we use lxc profile.

First check what lxc profile you have. There should be one default profile.

# lxc profile list

Copy default profile and create new one

# lxc profile copy default production

Edit newly created profile

# lxc profile edit production

Use the following configuration. This is YAML file and for better formatting please download it from here Continue reading

recover corrupt /etc/sudoers file over SSH


, ,

Recently I have faced issue where I mistakenly edit the file under /etc/sudoers.d/. When ever I am trying to sudo; I am getting following error:

fakrul@fakrul-server01:~/.config$ sudo su
>>> /etc/sudoers.d/fakrul_sudo: syntax error near line 1 <<<
sudo: parse error in /etc/sudoers.d/fakrul_sudo near line 1
sudo: no valid sudoers sources found, quitting
sudo: unable to initialise policy plugin

Unfortunately I don’t have any other sudo user. I have googled and got a solution.


1. Open two ssh sessions to the target server.

2. In the first session, get the PID of bash by running:
fakrul@fakrul-server01:~/.config$ echo $$

3. In the second session, start the authentication agent with:

pkttyagent --process (pid from step 2)

4. Back in the first session, run:

fakrul@fakrul-server01:~/.config$ pkexec rm /etc/sudoers.d/fakrul_sudo

5. In the second session, you will get the password prompt. “fakrul_sudo” file will be removed in the first session. In same way you can add new file.

Screen Shot 2020-01-10 at 1.49.10 pm.png


Mikrotik as NBN CPE


, , , , , ,

My service provider (iPrimus) provided Huawei CPE (HG659) for my NBN connection. The modem was not bad (I have used it for my old ADSL link) but for some reason it’s not working properly with new NBN connection. The link dropped randomly and it not resolved until and unless I power cycle the modem. Was not even able to ping CPE IP.

I am big fan of Mikrotik and thought I would be great to have MT as CPE.  I bought a MikroTik RB760iGS hEX S. It has decent hardware and comes with 5 Gig ports + 1 SFP port.

All the configuration is straight forward; but only catch is VLAN. iPrimus uses VLAN 100. Below is the Huawei CPE configuration:

iprimus.png Continue reading

Mikrotik ssh key authentication


, ,

We can use SSH key to authenticate Mikrotik box.

Step 1: Check you SSH key pairs. We will copy the public key (

bash-3.2$ ls
config id_rsa known_hosts

Step 2: Copy public key ( to the MT. In this case MT IP is and username is admin
bash-3.2$ scp admin@

Step 3: Login to MT and check whether the public key has been copied successfully
[admin@mt] > file print
0 flash disk jan/01/1970 11:00:07
1 id_rsa file 1896 dec/18/2019 10:19:45
2 flash/skins directory jan/01/1970 11:00:08
3 flash/mt-20191217-0031.backup backup 18.3KiB dec/17/2019 00:31:20

Step 4: Now enable ssh-key login for user admin. Run the following command from MT
[admin@mt] > user ssh-keys import user=admin

Step 5: Verify it. Run the following command from MT
[admin@mt] > user ssh-keys print
Flags: R - RSA, D - DSA
0 R admin 2048 fakrul@au-mohammad-macbook.local

Step 6: Try to ssh to you MT box. It will ask for passphrase
bash-3.2$ ssh admin@
Enter passphrase for key '/Users/fakrul/.ssh/id_rsa'

Setup a Site to Site IPsec VPN With Strongswan & Meraki MX (IKEv1)


, , , , ,

Recently I am trying to build Site 2 Site IPSEC VPN with Azure VPN gateway and Meraki MX firewall. Meraki start supporting (27th May 2019) IKEv2 in their beta firmware MX 15.13 but it’s not stable.

Please check and

Azure Policy Based VPN gateway (IKEv1) is ok but it only suppotrs one Site 2 Site VPN tunnel.

To overcome the issue; I have created one Ubuntu Server which works as VPN gateway and added User-defined route to route all VPN traffic via Ubuntu Server.

A. Azure Configuration

1. Create a virtual machine. I my case I have created VM with Ubuntu 18.04 LTS with following specification


2. After creating VM go to VM > Networking > Network Interface and Enable IP forwarding settings


3. From NSG make sure UDP/500 and UDP/4500 has been allowed.

4. Create Route Table. is the remote subnet and is the IP address of Ubuntu Server.


5. Make sure you associate it with existing network/VNET


Continue reading