majorlinux
34d9ee42b1
New troubleshooting article for the recurring 'security wants to access Claude Code-credentials' prompt that persists even after Always Allow (ACL invalidation on binary-signature change / token refresh / post-boot churn). Covers triage, the reset-and-relogin fix, and the file-based credentials workaround with its plaintext tradeoff. Registered in SUMMARY + troubleshooting index; cross-linked with the corrupt-credential login-failure article (distinct symptom).
16 KiB
16 KiB
| created | updated |
|---|---|
| 2026-04-02T16:03 | 2026-05-15T09:00 |
- Home
- Linux & Sysadmin
- Linux File Permissions
- Managing Linux Services with systemd
- SSH Config & Key Management
- Package Management Reference
- Ansible Getting Started
- Bash Scripting Patterns
- SnapRAID & MergerFS Storage Setup
- mdadm — Rebuilding a RAID Array After Reinstall
- Linux Distro Guide for Beginners
- WSL2 Instance Migration to Fedora 43
- WSL2 Training Environment Rebuild
- WSL2 Backup via PowerShell
- WSL2 In-Place Upgrade to Fedora 44
- Self-Hosting & Homelab
- Self-Hosting Starter Guide
- Docker vs VMs for the Homelab
- Debugging Broken Docker Containers
- Docker Healthchecks
- Watchtower SMTP via Localhost Postfix Relay
- Setting Up Caddy as a Reverse Proxy
- Tailscale for Homelab Remote Access
- Network Overview
- Wake-on-LAN via Router SSH
- Pi-hole v6 Group Management — Per-Client DNS Rules
- AWS S3 Cost Management
- VPS Migration Baseline Checklist
- rsync Backup Patterns
- Tuning Netdata Web Log Alerts
- Tuning Netdata Docker Health Alarms
- Deploying Netdata to a New Server
- Netdata SELinux AVC Denial Monitoring
- Netdata n8n Enriched Alert Emails
- Logwatch Fleet Setup — Surviving Package Upgrades
- Updating n8n Running in Docker
- Mastodon Instance Tuning
- Mastodon Post-Install Hardening (Permissions + Account)
- Mastodon — The
--prune-profilesTrap and How to Recover - Mastodon on S3 — Silent Upload Failures (BucketOwnerEnforced/ACLs)
- Ghost Email Configuration with Mailgun
- Inbound Spam Filtering: spamass-milter + SpamAssassin Bayes
- Claude Code Remote Control — Mobile Access to a Persistent Host Session
- Linux Server Hardening Checklist
- Standardizing unattended-upgrades with Ansible
- Fail2ban Custom Jail: Apache 404 Scanner Detection
- Fail2ban Custom Jail: Apache PHP Webshell Probe Detection
- Fail2ban Custom Jail: WordPress Login Brute Force
- wp-fail2ban Plugin Logpath on Debian/Ubuntu (auth.log not syslog)
- SELinux: Fixing Fail2ban grep execmem Denial
- UFW Firewall Management
- Firewall Hardening with firewalld on Fedora Fleet
- Fail2ban Custom Jail: Nginx Bad Request Detection
- Fail2ban Custom Jail: Apache Bad Request Detection
- SSH Hardening Fleet-Wide with Ansible
- ClamAV Fleet Deployment with Ansible
- Fail2Ban Digest Mode — Fleet-Wide Quiet Alerts
- Apache CVE-2026-23918 — HTTP/2 Double Free Mitigation
- Open Source & Alternatives
- SearXNG: Private Self-Hosted Search
- FreshRSS: Self-Hosted RSS Reader
- Gitea: Self-Hosted Git
- rmlint: Duplicate File Scanning
- tmux: Persistent Terminal Sessions
- screen: Simple Persistent Sessions
- rsync: Fast, Resumable File Transfers
- Ventoy: Multi-Boot USB Tool
- Vaultwarden: Self-Hosted Password Manager
- yt-dlp: Video Downloading
- Streaming & Podcasting
- Troubleshooting
- Wi-Fi Game Streaming Stutter: 160 MHz Channel Width Saturating the 5 GHz Radio
- Apache Outage: Fail2ban Self-Ban + Missing iptables Rules
- Postfix + SendGrid: TLS Handshake Failure (Port 465 vs 587)
- Mail Client Stops Receiving: Fail2ban IMAP Self-Ban
- firewalld: Mail Ports Wiped After Reload
- Dovecot IMAP Clients Fail to Sync: vsz_limit OOM from a Bloated Index Log
- Postfix header_checks Can't Act on Milter-Added Headers (Use Sieve)
- Dovecot Phantom Mailboxes from .dovecot.lda-dupes (mail_home Overlapping the Maildir Root)
- Tailscale SSH: Unexpected Re-Authentication Prompt
- ssh.socket Unreachable After Reboot (Tailscale Race Condition)
- Fail2ban & UFW Rule Bloat Cleanup
- Custom Fail2ban Jail: Apache Directory Scanning
- Tuning Netdata
web_log_1m_successfulfor Redirect-Heavy WordPress Sites - Castopod: Stale Federated Avatar URLs After Remote Profile Updates
- Castopod Posts Don't Appear on Mastodon — Diagnosing the Federation Path
- Nextcloud AIO Unhealthy 20h After Nightly Update
- n8n Behind Reverse Proxy: X-Forwarded-For Trust Fix
- Docker & Caddy Recovery After Reboot (Fedora + SELinux)
- ISP SNI Filtering with Caddy
- Obsidian Vault Recovery — Loading Cache Hang
- Qwen2.5-14B OOM on RTX 3080 Ti (12GB)
- LoRA adapter — GGUF conversion fails with 'config.json not found'
- yt-dlp YouTube JS Challenge Fix on Fedora
- Gemini CLI Manual Update
- MajorWiki Setup & Publishing Pipeline
- Gitea Actions Runner: Boot Race Condition Fix
- Forgejo: Account Recovery & CLI Admin When Locked Out of the GUI
- Cron Heartbeat False Alarm: /var/run Cleared by Reboot
- SELinux: Fixing Dovecot Mail Spool Context (/var/vmail)
- SELinux: Wrong /etc/localtime Label Silently Breaks Timezone Changes
- mdadm RAID Recovery After USB Hub Disconnect
- Windows OpenSSH Server (sshd) Stops After Reboot
- Windows OpenSSH: WSL Default Shell Breaks Remote Commands
- Pi-hole AI Blocklist Blocks Claude Desktop (ERR_CONNECTION_REFUSED)
- Claude Desktop MCP Server Started via wsl.exe Sees Empty Environment (WSLENV)
- Claude Desktop MCP Mass-Disconnect After Blocking SSH Reboot
- Patching PHP 8.4 Implicit-Nullable Deprecations in Vendor Packages
- Ollama Drops Off Tailscale When Mac Sleeps
- Ollama:
ollama runwith Piped Stdin Bypasses Chat Template + SYSTEM Prompt - Claude Code Won't Log In (Warp & iTerm2) — Corrupt Keychain Credential
- Claude Code Keychain Prompt Keeps Reappearing on macOS (ACL Invalidation)
- iPhone Mirroring Hangs on 'Connecting…' — AWDL Data Stall (27.0 Beta)
- rsync over Tailscale: Hung in TCP Teardown After Transfer Completes
- iOS Tailscale Clients Report HostName="localhost" — Breaks /etc/hosts Generators
- macOS: Repeating Alert Tone from Mirrored iPhone Notification
- OBS Studio: Stale Script Paths After Windows Profile Rename
- ClamAV CPU Spike: Safe Scheduling with nice/ionice
- Logwatch Falsely Reports 'No freshclam updates' in ClamAV Daemon Mode
- Fedora CA Bundle Missing Symlink — TLS Breaks Fleet-Wide
- Netdata apps-group FD-utilisation false 100% (silenced fleet-wide)
- Ansible: Vault Password File Not Found
- Ansible: ansible.cfg Ignored on WSL2 Windows Mounts
- WSL2: PyTorch Training Deadlocks on Windows Filesystem Checkpoint Saves
- Ansible: SSH Timeout During dnf upgrade on Fedora Hosts
- Ansible: regex_search Capture-Group Argument Fails in set_fact
- Ansible: Ubuntu Reboot Detection Misses Kernel Upgrades
- Ansible: reboot.yml become Timeout on WSL2 Hosts (Exclude Them)
- Fedora Networking & Kernel Troubleshooting
- Systemd Session Scope Fails at Login
- wget/curl: URLs with Special Characters Fail in Bash
- Ansible: Check Mode False Positives in Verify/Assert Tasks
- Ansible Fails with Permission Denied While
ssh <alias>Works (Host Alias Bypass) - SSH Alias Falls Through to MagicDNS — Host-Key Verification Failure (No
HostBlock) - MagicDNS Names vs Pinned IPs for Tailscale SSH (After a Fleet Migration)
- Ansible UNREACHABLE: Host Key Verification Failed After a Host Rebuild or Migration
- Logwatch Reports the Wrong Hostname (
<host>-hetzner) After a Migration - Ghost EmailAnalytics Lag Warning — What It Means and When to Worry
- claude-mem: --setting-sources Empty Arg Bug (Claude Code 2.1.x)