Ok, three incredibly annoying things finally tracked down early this morning:
Unifi Intrusion Protection blocks Github SSH connections
The net of it is that Intrusion Prevention has been great (at least I haven't seen many ill effects except this one). It makes Github basically unusable.
- I've been having horrible problems with running GitHub commands. If I run a bunch quickly, I get timeouts. At first, I thought it was GitHub availability but everyone else is fine and Github Status is good. Finally, got a hint when trying to do the test ssh email@example.com and it was failing. But in debugging it there was no problem with ssh -p 443 firstname.lastname@example.org so it works fine with HTTPS access.
- A post said it had to be your firewall and I suddenly remembered that I did click our Unifi Dream Machine Pro from "Intrusion Detection" to "Intrusion Prevention".
- Looking that the Security logs (which are really hard to find on the web UI now by the way), I see that there is this error "ET Scan SSH Port scanning Outbound". Look in Threat Management > Traffic Log and you will get a whole mess of these, but it is a medium security threat of type "Attempted Information Leak"
- In looking at the Internet, Unifi uses open-source scanning, and apparently, this is triggered if a client does a lot of different SSH accesses in a short period of time. That is five in two minutes. This is exactly the behavior of frequent GitHub pushes since it is using a pool of IP addresses. I get this a lot when running git submodules foreach and it throttles.
- The brute force solution is just to go back to Detection, but the right solution is to figure out how to white list Github.com. As an aside, the Intrusion Detection log is SCARY and I really do want prevention. These are options you can toggle in Settings > Security and the first entry is "Detect" or "Automatically" block. I confirmed that by turning it to Detect, the GitHub issues went away, but that's pretty brute force.
- This security has a bunch of things that are hard to understand, but there is sensitivity which is between 1 and 5, I have it set at balanced. Then there is Customize Threat Management so apparently the number indicate how many checks are turned on. So ones to think about are allow TOR
- It is strange in that SSH is not an option when it comes to turning on and off security, you can do things like unblock TOR, but there is no mention of SSH. And also blocking DOS attacks. The 3 default also doesn't deal with any Internet Traffic attacks so I turned these on
- I'm also guessing this goes away if I were to use a VPN tunnel to do this, but that kind of defeats the purpose of intrusion detection.
- The other thing is that the interface has an "allow list" so I wonder if this is the white list. I checked on it just to see. There are apparently a few things to do, first is signature suppression where you don't see the alert, the other is to white list an IP address so you allow a machine like my dev machine. In any case just one click on allow and now it is greyout.
- It is unclear if that is the same as white listing. The documentation is terrible! But in the Security section it does have signature supression and refers to the Threat Management section so there is hope!
The exact log entry is:
Date 03/03/2021 Time 11:56:55 AM Severity Medium Type Attempted Information Leak Category IPS_VALUES_CATEGORY_EMERGING-SCAN Interface br0 Source 10.0.xxx.xxx : 51290 Country United States Destination 184.108.40.206 : 22 ASN 36459 GITHUB
Where is mouse shake on Razor and Logitech mice?
OK, this one is also more annoying and strange, but one nice feature of the MacOS is mouse shake. This means if you have a huge screen, when you shake the mouse, the cursor gets bigger.
This works fine with the Mousepad, but with a regular Logitech mouse it is very intermittent. You have to shake really fast to make this work.
Apparently, there is a mouse driver somewhere down in the guts of and some say it's the fault of the Logitech mouse driver. In looking at
brew search logitech I see an awful lot of drivers down there. I have also noticed it doesn't happen with my Razor Mouse either. But Logitech Options and Logitech G Hub appear to let you set Mouse options. I already install Logitech Camera Settings to change the zoom on my Brio.
Losing Bluetooth with Razor Darkcore RGB and Keychron v2
OK, I seem to lose connection and there are two different problems that are intermittent. First is the Razor connects, but the connection type becomes regular Bluetooth and not a mouse type. So something is up. The only solution appears to be to delete the Bluetooth profile and restart. It happens once every week or so.
Then I had a single event with the Keychron. The keyboard just showed it was seeking and the Mac said no connection no matter what I did. I finally had to delete the Keychron profile and then on the Keychron, hold down the
FN and the
1 key simultaneously (not the F1) to force it to Bluetooth profile 1 and deleted and reconnected.
Kind of annoying and a good reason to stick with Apple hardware. I like the Magic Mouse, but the Magic Keyboard is just not that good 🙂 The main reason I have the Corsair is that it charges wirelessly and then feel of the Logitech mouse is just nicer although you lose gestures.