Use SSH key stored on GitHub instead of an SSH password to access your WLAN Pi

By default WLAN Pi, and Linux in general, uses a username and password-based SSH authentication. It involves quite some typing, some brain capacity to remember the password, and it is not the most secure method either.

You can create a public and private key pair. Your SSH client automatically logs in using the private key. The SSH server uses the public key to confirm that you possess the right private key. No password needed, and it also is more secure. The private key is never sent over the network, and this method protects you against man-in-the-middle attacks.

The beauty of this GitHub method is that GitHub stores your SSH public key centrally, which you can easily update, and you can install it to the machine you want to SSH to, by a single command ssh-import-id-gh. You can even add this to a startup script so that it automatically updates your trusted keys.

Let’s do this

ssh-keygen is the program that generates a public/private key pair on your local system. The private key is stored in ~/.ssh/id_rsa, and the public key is stored in ~/.ssh/id_rsa.pub.

The security of this method depends on keeping the private key safe and secure. Make sure not to leave the private key behind.

ssh-keygen -t rsa -C "your@email.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/jiri/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/jiri/.ssh/id_rsa
Your public key has been saved in /Users/jiri/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:.....
The key's randomart image is:
+---[RSA 3072]----+
.....
+----[SHA256]-----+

Display the public key, which is a text file at the end of the day, and copy its content to clipboard:

cat ~/.ssh/id_rsa.pub
ssh-rsa
.....

Save this public key to your GitHub account. Browse to github.com, log in, and open Settings:

Click New SSH key, name the key, paste your public key from the clipboard and save it:

To verify that your key has been added you can browse to https://api.github.com/users/jiribrejcha/keys, where jiribrejcha is your GitHub username:

The last step is to SSH into your WLAN Pi or Linux machine and tell it to use this public key from my GitHub, where jiribrejcha is my GitHub username:

ssh-import-id-gh jiribrejcha

If the command isn’t installed, you can fix that by:

sudo apt install ssh-import-id

Passwordless SSH access

When you authenticate to a server using public key authentication, the SSH client offers a copy of the public key to the server and the server then compares it against the keys listed in your ~/.ssh/authorized_keys file. This key was added automatically by the ssh-import-id-gh command. If the key matches, the server indicates that it is able to proceed with the authentication. The private key is then used to sign a message that includes data specific to the SSH session. The server can then use its copy of the public key to verify the signature.

We have just SSH’d to the Pi without a password prompt.

Special thanks

To Colin Vallance for sharing this tip.

Cisco Catalyst C-ANT9103 antenna unboxing

If you have not had a chance to see the new Cisco Catalyst antennas for Catalyst 9130AXE access points, here are a few photos of the C-ANT9103 antenna for your reference.

Size, weight, mounting options

The official installation guide provides all this information and much more.

The optional access point “pocket”

Optionally, you can order an AP + antenna collocation “pocket”, which the Catalyst 9130AXE slides nicely in. It is aesthetically pleasing it, and all it takes to install the AP and antenna is a single mounting bracket. You don’t have to worry about mounting the access point and antenna separately. This drastically simplifies temporary deployments – just think about Cisco Live for example.

Previous generation with a separate AP bracket and antenna bracket
The new collocated, and aesthetically pleasing, solution with AP installed just behind the antenna

Unboxing

Please always refer to the official Cisco documentation for the latest information and package contents.

Multigigabit Ethernet on the Raspberry Pi 4

With the first consumer Wi-Fi 6E routers already shipping, and enterprise access points being worked on, I think it is now time to up my iperf3 game. While the standard 1 Gbps adapters push around 950 Mbps of TCP traffic, the iperf3 server will sooner or later become a bottleneck for throughput measurements.

Raspberry Pi 4 (RPi4) is widely available, and there is a chance that you might already own one. So, the question is, can it support multigigabit speeds?

Although it does not have any PCI Express slot available, it does have a couple of USB 3.0 ports. I researched USB 3.0 multigigabit NBASE-T Ethernet adapters, and purchased a few. At the time of writing, Linux kernel 5.10 is the Raspberry Pi OS gold standard, and that’s what I used for all tests.

TL;DR … give me the short answer

The maximum TCP throughput Raspberry Pi 4 iperf3 server can handle with a 5 Gbps USB 3.0 Ethernet adapter. These were 90-second iperf3 tests with standard 1500-byte MTU and a single iperf3 stream.

  • Download (from RPi4 server to a client): 2.05 Gbps
  • Upload (from a client to RPi4 server): 528 Mbps

If you can enable 9000-byte Jumbo frames on all devices involved in the data path, the upload speed becomes much healthier.

  • Download (from RPi4 server to a client): 2.05 Gbps
  • Upload (from a client to RPi4 server): 1.73 Gbps

USB multigigabit adapters

There are a few available on the market. After reading a dozen of reviews, I decided to get 3 adapters from a company called Sabrent. They make adapters with nice metal cases, which helps with dealing with the heat they dissipate.

Left to right: 2.5 GE USB 3.0 Sabrent NT-S25G, 5 GE USB 3.1 Sabrent NT-SS5G, 10 GE Thunderbolt 3 Sabrent TH-S3EA

The 5 GE USB 3.1 Sabrent NT-SS5G is the only I recommend for use with the RPi4:

  • It uses the Marvell Aquantia AQC111U chipset
  • It works out of the box with Raspberry Pi OS and
  • It works on Windows 10 after you install the driver
  • It ships with USB-C and USB-A cables so you can connect it to your laptop using USB-C or RPi4 using USB-A
  • Unlike other brands it does not overhead or disconnect due to instability

Here is what’s in the box

5 GE USB 3.1 Sabrent NT-SS5G ships with both USB-A and USB-C cables

RPi4 for scale

ServeTheHome team did a great job of comparing the 5 GE adapters using the same chipset as the 5 GE USB 3.1 Sabrent NT-SS5G. It came out as a clear winner:

USB 3.1 Gen1 To 5GbE Comparison Table AQC111U Based Q1 2021
Credit and kudos to ServeTheHome

Why not use the cheaper 2.5 GE USB 3.0 Sabrent NT-S25G? Because it uses Realtek 8156 chipset, and there is no suitable Linux driver available at the time of writing.

Why not the 10 GE Thunderbolt 3 Sabrent TH-S3EA? Although it has a USB-C connector, it is not a USB adapter. It uses Thunderbolt 3 protocol, which is not supported by the RPi4.

Test setup

I use RPi4 with PoE HAT, because it has a fan on it, and I power the unit by a USB-C charger. Both multigigabit adapters involved in the test are 5-Gigabit Ethernet capable Sabrent NT-SS5G. The best part is that these work out of the box on the Raspberry Pi OS with no action required on your part.

But, if you are considering the purchase of these adapters for your Mac, please stop. After you plug the adapter in, it uses Apple’s 1 Gigabit Ethernet adapter driver, and it would only auto-negotiate 1 Gbps. To enable 2.5 and 5 Gigabit speeds, and support for Jumbo frames on Mac, you have to disable Apple System Integrity Protection (SIP) tool, and install a legacy kext Sabrent driver. I would discourage you from making these security compromises. If you are interested in a multigigabit adapter that works with macOS out of the box, tune in later and read this review (link to be added).

How to increase the MTU and enable Jumbo frames?

On the Raspberry Pi:

sudo ip link set dev eth1 mtu 9000

On the Cisco Catalyst switch running IOS:

Configure, save config, reload
Verify after reloading
System Preferences > Network > Adapter settings > Hardware > MTU on macOS

Conclusion

The RPi4 allows you to test download-only throughput up to 2 Gbps with standard MTU. Upload speeds are really poor and you would be better off using the built-in 1 Gibabit Ethernet adapter. You can use the RPi4 to run a few other tools, scripts, or take wall attenuation measurements.

With Jumbo frames enabled, 2 Gbps/1.7 Gbps is good enough for lab use or demonstrations. Keep in mind that you would have to enable Jumbo frames on all devices (RPi4, MacBook and the switch in my case).

The main cause of the relatively low performance is the storm of IRQ hammering the RPi4 CPU:

In a computer, an interrupt request (or IRQ) is a hardware signal sent to the processor that temporarily stops a running program and allows a special program, an interrupt handler, to run instead. Hardware interrupts are used to handle events such as receiving data from a modem or network card, key presses, or mouse movements.

Source: Wikipedia.org

If your use case requires a powerful iperf3 server, Apple’s Mac Mini with built-in 10 Gigabit Ethernet adapter would be something to consider today. It won’t be the cheapest option, but you won’t have to worry about performance or USB dongles. From what I’ve found, it uses Marvell AQC 1113 chipset and does 9.4 Gbps with 4 parallel iperf3 streams.

Disclosure

I purchased these adapters myself. No one asked me, or paid me, to write this blog post. I was as curious as you to see how the RPi4 performs when it comes to multigigabit Ethernet.

Hot-swappable tripod adapter for Cisco Aironet 1560 outdoor access points

If you have followed my hot-swappable series, my goal was to find a solution to swapping multiple outdoor AP + antenna combinations and a variety of AP models on the same tripod. What is the use case? I only wanted to carry a single tripod on the site survey day while still having the flexibility to survey with variety of antennas and different AP models.

After making the adapter for MR86 and MA-ANT-20 dipoles and MR86 with two MA-ANT-25 directional antennas, I realised I needed one for Aironet 1560, which, at the time of the writing, is my go-to outdoor AP.

Please excuse the DYI approach. I did this during UK’s second COVID-19 lockdown. Shops were closed, access to tools was limited and I had no access to my lab.

How it turned out?

It went surprisingly well this time as I’ve already built a similar adapter for Cisco Meraki MR APs and this time it was even easier. Same as last time, the alu tube slides inside the top tripod tube and we are ready to roll.

The actual steps

I stocked up on M6 x 30 mm bolts, cut the 16 mm aluminium tube to the right length and reused the last bit of decking from a different project.

M6 x 30 mm bolt

I thought I will try making a template, which I then transferred onto the wood. That wasn’t the best idea and it seems to work best when you watch someone using this “trick” on YouTube. Next time I will go for an analog pencil and ruler, lesson learned;-)

That trick did not go as well as I thought :)

The decking is quite thick so I ended up shaving few millimeters off it. And here is the final adapter.

Ready to go on a tripod

Did you say tripod?

Yes, here is more about this 4-meter tripod I use.

How to achieve down tilt?

Thanks to Alan Wang, who suggested I use the official articulating pole mount AIR-ACC1530PMK2 and attach it to my “back board”. Obviously azimuth you can adjust by rotating the tripod, and this allow you to change the elevation angle.

Articulating pole mount
Articulating pole mount

Tern GSD self-adhesive silicon case for Apple AirTag

I enjoyed testing the under-seat and water bottle bike mounts for AirTags on our Tern GSD bike, and thought I should explore other mounting options.

This self-adhesive sleeve looks like a universal option, as it can be attached practically to any flat surface.

It has a silicone sleeve on one side and self-adhesive on the other.

Silicon sleeve with AirTag
Detail of the slot

The self-adhesive layer seems to be a good choice. It is not extremely sticky as some other products, it does not seem to leave marks, and I actually managed to remove the case from the Storm Box on our Tern GSD bike, move it to a more suitable spot and re-apply it.

Self-adhesive layer
That sounds of peeling off the protective plastic sheet

It fits nicely inside the sleeve and as far as I can tell, there is no chance of it slipping out. The silicone keeps it from moving. In fact, it takes some effort to insert and remove the AirTag, which is great.

Fully inserted AirTag

There are many accessories available for the GSD. Storm Box is a great candidate for an AirTag in this sleeve. Mine is still holding tight. It has a few internal pockets and you can easily attach a dozen of AirTags to it and still have some space left for more;-)

Tern GSD with Storm Box

Bottom of the front rack might also be a good place for an AirTag.

A word of caution

Wherever you mount it, please keep your own safety in mind. Don’t mount it near the motor or anywhere near the chain/belt. It might cause you some bumpy ride should the self-adhesive fail.

Where can I buy one?

I bought mine on eBay and it was very affordable. Here is a link if you are considering getting one or two.

Other bike mounts

If you are looking for inspiration, I tested an under-seat and water bottle bike mounts. Here are a couple of photos and you can find more of them in the respective blog posts.

Water bottle mount with more mounting options available on the GSD
Under-saddle mount

Tern GSD water bottle bike mount for Apple AirTag

I’ve recently tested an under-saddle mount. On its own, it is an easy target and it can be easily found if the thief knows where to look. To make the most out of AirTags, I also have one inside my Storm Box.

To complement the two, I am now also using this AirTag mount, which can either sit between your water bottle and the bike frame. Alternatively, if you do not have a bottle, it can sit directly on the frame secured using the bottle holder bolts.

Mounted using the “too-easy-to-spot” water bottle bolts
Let’s unzoom to put its size into perspective

Let’s play hide and seek!

Here is where the GSD comes to the rescue. It has a couple of other mounting options with the exact same distance between the bolts as the water bottle bolts.

Can you spot the AirTag?
What about now? Look between the pedal and battery.

Note the two silver bolts inside the triangle on the right hand side. They can be used for this AirTag mount.

Assembly and installation

It is super easy to install. The original Tern screws are too short. So, let’s replace them with the 2 bolts supplied with the mount. The only tool you need is a standard hex head 3 mm screwdriver bit.

On Tern GSD Generation 2, you can choose between the upper or lower position. Personally, I prefer the upper one.

Installed in the upper position
Installed in the lower position
It is not much thicker than the AirTag itself

Where can I buy one?

I am in the UK and I purchased one on eBay. Here is the link if you want to check it out and get yours.

What other mounts are available?

I’ve also tested an under-saddle mount. You can see more photos of it and read more about it here.

Comparison of the under-saddle and water bottle mounts

Tern GSD under-saddle bike mount for Apple AirTag

If you ever experienced the helpless feeling of returning to an empty spot at the bike rack, you know how it feels when you realise that your bike has been stolen. I’ve been there twice. When Apple introduced AirTags, I thought that I should attach a couple to my bike and see how well they work. Here is my real-life test from iPhone SE user’s perspective if you are interested in the user experience and location accuracy.

AirTag does not come with any mount, let alone one suitable for bikes. So, I purchased a few and tested them.

This under-saddle mount caught my eye, and became my favourite.

It is practically invisible
The rear handle on the saddle remains fully accessible
Only a very close look allows you to spot it
Bottom of the saddle

Why/why not this mount?

  • Compact size
  • Easy to install under your saddle – I tested it on Tern GSD Generation 2
  • You won’t notice it, unless you know what you are looking for
  • Ideal placement from Bluetooth radio perspective with not too many metal parts around it
  • Very affordable
  • It is 3D printed, which means that its surface is not 100% smooth. This is expected and nothing to worry about, considering the mount spends most of its life under the saddle.

Assembly and installation

Bolts are supplied with the mount. The only tool you need is a standard hex head 3 mm screwdriver bit.

All it takes is 3 bolts
Assembled mount

Here is a tip for you: Remove the saddle from the bike, put it in between your thighs and install the mount. This makes it really easy with no bolts flying around.

Saddle before
Saddle with the AirTag mount
I can’t see it, can you?
A very close look

Where can I buy one?

I am in the UK and I purchased it on eBay. Here is the link if you want to check it out and get yours.

Summary

As I mentioned, this mount is my favourite. Having said that, I recommend attaching another AirTag or two to your bike. I am testing a couple of other mounts and I will share the links here. Stay tuned, please.

Tripod mounting adapter for Cisco Meraki MR outdoor access points

I needed to find a solution to swapping multiple outdoor AP and antenna combinations on the same tripod. Specifically MR86 with MA-ANT-20 dipoles and MR86 with two MA-ANT-25 directional antennas. Quick swapping was a key requirement. Some coverage areas required directional pattern while other locations with low traffic and low client density would really benefit from omnidirectional coverage.

MRs ship with standard pole mounting hardware, which is great for permanent installation, but it didn’t allow fast swapping of the AP and antenna sets. Also, pole mounting kit requires tools, which is not practical as it add additional weight to your survey backpack.

Please excuse the DYI approach. I did this during UK’s second COVID-19 lockdown. Shops were closed, tools were limited and I had no access to my lab.

You are smart people, so I don’t need to stress this point, but please don’t take this write-up as Cisco’s official guide or recommendation. This is just me trying to find a solution to a problem.

So, what’s the solution?

Let me show you the final adapter and we can then look into the detail.

MR86 with MA-ANT-20 dipoles and we also had some snow here down south;-)
MR86 with MA-ANT-25 antennas

Under the hood

It all started when I spotted my wife’s aluminium 16 mm gardening tubes;-) I realised they were perfect fit for my tripod. They slide nicely inside the top tripod tube about a couple of inches (5 cm) or so.

16 mm aluminium tube
Tripod and mounting adapter with the standard AP bracket
Grooves in the decking board helped me align the tube
Two drill bits later: Directional adapter with AP mounted on the back for stability

What would I improve?

If I were to build a second iteration of this adapter, I would add a safety wire and attach the AP mounting bracket to the tripod. I would call this mandatory, especially if you are not the only user of these adapters or if there is going to be a person stood underneath the tripod.

Safety wire

Apart from that, it works really well, it is rock-solid, and allows me to swap the MR with omnis and MR with directional antennas in less than 10 seconds.