Restore of Checkpoint Fails with “The following hotfixes seem to be missing”

Ran into a slight snag when attempting to restore a production backup into a VM(*VMware*) image of Checkpoint R77.30. I was using the Gaia WebUI to restore image returns a message: “The following hotfixes seem to be missing”.

The message points me to a log file located under /tmp/ which indicates missing updates to the firewall I am restoring to. To get around this the following steps were taken.


  1. Log into the Checkpoint firewall via SSH to access the console (You could also console in  (i’m using a vm so the terminal would work also).
  2. Enter ‘Expert’ mode (password required.)
  3. The the command: dbset backup:override_hfs t’ from  the expert mode.
  4. Go back into Gain WebUI and attempt the restore of the backup.

Wait … Wait… The system will reboot and the configuration will be restored.

All done.

Cause of this issue was the backup file was taken from a system which had a version different from the system I was restoring into. In some cases, this message can be safely ignored and the restore can be performed without incident.

Please take time to review your configuration after you restore.

Capture PuTTY Session Logs

In the past week I have had my good share of working on remote systems where I needed to utilize the tool PuTTY to issue commands; not all of them documented. To assist me in documenting my steps I often use the session logs. However this normal has been a manual process in the heat of the moment and sometimes enabling logging is an afterthought.

To guarantee that this is done I have preformed the following steps to the default configuration of my PuTTY client and all saved sessions so that logs are saved and dated for future reference. I wish to record those here for any of you who would like to do the same.

[Press Start]


Open PuTTy

Under Category, choose Logging

Under Session Logging, choose the option “All session output”

Under file name: choose a directory and log filename

Using the PuTTY log parameters I configure my logs to consists of host, year, month, data and time for each session.

I also selected the option to “Always append to the end” of the session log which is currently open”

Finally, saving this new log settings to the Default Settings profile in putty making this the default logging option for all future connections and saved profiles.

Note: Profiles that existed before this change will need to be modified if you wish to also log the session output.

Log Parameters:

  • &H = hostname for the session
  • &Y = year
  • &M = month
  • &D = day
  • &T = time

Example Log’s:

Short Video on how to do this

Tech Short: How To Disable and Enable Ports HP ProCurve

Troubleshooting an issue with a switch I needed to disable a port.  Why not share my steps.

To disable a single or multiple ports we do the following

Log into your switch via console (in my case I SSH in using Putty)

When connected type: configure

Then issue the following command (note you can tab complete)

If you were to enable a disabled port you simply you use the enable command.

Before existing the console issue the following to save changes.

You can now exit form the console; the port you specified has been disabled



HowTo Upgrade OpenMediaVault

Here are some quick and simple steps to upgrade your OpenMediaVault (OMV) to the latest version; OMV 1.0  (Kralizec).

SSH into your OpenMediaVault server; in my case I am running OMV 0.5 and run the following command:

apt-get update && apt-get dist-upgrade && omv-update

Then type the following command:


Once completed you can either restart the web services or reboot the system and your all set.


Using SSH as VPN Solution in Linux

Looking for a quick simple way to have VPN access to your network or simply to secure your connection when you are on a remote network you don’t complete truest such as a public hot-spot.

And while there are many solutions I have one which is simple to use.

It’s called ‘sshuttle’ and all you need a remote server that you have remote SSH access to and a bit of software on your Linux computer.

To install ‘sshuttle’ on Debian releases you simple apt-get install sshuttle

To use sshuttle you just use the following command:

sshuttle -r user@remote_host –dns

This will initiate a SSH VPN connection and send all your traffic security from the network your on out of the remote network your trust.

Simple and easy to setup and use.


Note: You do require to have access to a remote SSH server. Setting up an openSSH server is simple to do in Linux and even on a Windows host. — Search Google, you’ll find plenty of info, and perhaps it may even take you back to here if I get around to writing up something.  Best of luck to ya.

Disable warnings when SSH is enabled vSphere ESXi 5

The following steps are what I used to disable this warning on top of my VSphere Client to manage my ESXi 5.x servers.

  1. Select the ESXi 5.x host server in your Inventory
  2. Select Configuration
  3. Select Advanced Settings on the left under the Software menu
  4. Once selected find your way to the bottom where UserVars is located.
  5. Change the value of UserVars.SuppressShellWarning from 0 to 1
  6. Click OK

Cluster warning for ESXi Shell and SSH appear on an ESXi 5.x

Another way to resolve this is to use the esxcli command via the local console or over ssh.

Connect to the ESXi host using the root credentials and run the following command:

esxcli system settings advanced set -o /UserVars/SuppressShellWarning -i 1




For the source of this info and additional steps please check out the VMware KB 2003637

SSH into ESXi 5 host using public key authentication


I do this with my other linux host over here @ so why not with my ESXi 5 hosts. Using OpenSSH Public Key Authentication on ESXi 5 required a few things.

  1. You need to enable SSH
  2. You need an SSH client (I use putty)
  3. If you already have a authorized_keys file handy use it or make a new one
  4. And Filezilla or WinSCP handy will also help.

Now all you need to do is locate the following directory on your ESXi 5 host: /etc/ssh/keys-root and copy your authorized_keys file to this location. Unlike standard linux system where the file is located /.ssh/ ESXi has a different layout.

I used WinSCP to do my file copies to my system here, use whatever you feel is best for you. And that’s about it, you can now ssh into yourself w/o the need of entering your password.

Next I think I will attempt my hand at some scripting to automate some tasks; when I do, you will all be the first to know.

Feel free to leave and head over to this link on Public-key cryptography. The more you know the better we all are

Attach and Reattach to screen session

While using ssh to connect to my home systems to mange my servers (such as Minecraft) I use screen to keep my session(s) open so that if I get disconnected or simply forget and close my putty session I can later resume.  I sometimes find myself in the situation where I go home and later want to attache to my session to only find that I am already attached and this is where I again use screen to join the session that is already in progress.

Here are some sample commands I use normally while during my daily activities.

Attach the running session of screen
screen -r

Attach a specific screen session, you need to use screen -ls to list the running screen’s sessions.
screen -r [name]

and if you are attaching again (reattaching to a session in progress)
screen -d -r

“Permissions are too open”

No man is above the law and no man is below it: nor do we ask any man’s permission when we ask him to obey it. – Theodore Roosevelt

You are attempting to automate your ssh session to a remote system using keys and you get the following “Permissions are too open” message.

The problem is, that the private key you are using must remain private. If you permit others to read it, that condition is not satisfied. So when you type something such as ssh -i ~/.ssh/rsa_key you get the classic Warning: Unprotected Private Key File!

To change this you simply do the following (make it so only you the owner can read and write to the private key:

This worked for me, it should work for you.

– Jermal

Unsupported Console and SSH on ESXi 4

I haven done this in a long time and took a short while to remember.  So I said why not list the steps here

alt-f1 (Note:  you will not see your typing on this screen).
root pw (password)
vi /etc/inetd.conf
delete the “#” from ssh for the IPv4 and IPv6 (If your using it) restart