[00:00] a) install the security update b) replace all your ssh keys (both dsa and rsa) [00:00] b) does not include the host keys as those will be handled by the security update itself. [00:02] InsomniaCity: An added benefit of your advice is that in composing the message I made a generic version which made me think of other past clients who may be affected and who may not have a current sysadmin. [00:07] how do i regenerate my keys on my dev boxes (keys i will copy over to the server's ~/.ssh/authorized_keys file)? [00:08] ssh-keygen [00:08] do i need to restart my computer before doing that agian [00:09] my dev boxes which are running ubuntu [00:10] Nope, reboots are only needed for kernel upgrades. [00:12] ok great [00:18] Enter passphrase (empty for no passphrase): necessary or not? [00:19] Yes! passphrase-less keys are A Bad Thing [00:20] Without a passphrase anyone who gets your private key will be able to access any server which has your public key. [00:30] what is a .phtml file and why all of a sudden is my web server severing this file and not my normal index.php file [00:36] i was ssh'd into a gutsy box and was running: sudo apptitue update; sudo apptitude dist-upgrade; then accidentally closed the ssh window. now i see: E: Could not get lock /var/lib/dpkg/lock - open (11 Resource temporarily unavailable); E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? (what should i do? is update still running)? [00:36] ps ax | grep aptitude [00:40] LeChacal: .phtml is usually a PHP file. [00:41] LeChacal: Assuming you are using apache it will serve index files in the order specified with the DirectoryIndex directive. [00:45] arooni-mobile, just rm the lock file, and kill all apt process, and restart the dist-upgrade, if it gives you more errors, clean out the cached packages in /var/cache/apt/archives/* and /var/cache/apt/archives/partial/* [00:47] And run in screen :) [00:47] yes, that too [00:47] Has anyone had troubles with sshd after upgrade, newly generated keys from updated ssh/ssl gives errors when trying to auth via key on ssh, http://pastie.caboo.se/197206 [00:47] what does run in screen mean [00:47] screen is your best friend [00:48] http://www.kuro5hin.org/story/2004/3/9/16838/14935 [00:48] when using ssh, as soon as you login type "screen", then do your stuff, to disconnect from ssh, and not loose your terminal type crtl a+d or accidental disconnects leave your terminal running [00:48] then ssh back in, and screen -r to resume, if you have more thanone screen running it'll give you pid's [00:49] sweet action [00:49] yah [00:49] arooni-mobile, you tried mod_rails yet? [00:49] macd, nope still running mongrel clusters [00:49] have you? [00:50] no, I use that upload_progress plugin for mongrel, and can't figure out any other way to handle that [00:50] If I could find a way to route uploads themselves to mongrel and have mod_rails handle everything else I'd be in good luck [00:52] hads: got all your boxes in order now? :) [00:54] ajmitch: Yeah, finally :) Except one SSL cert that's getting re-signed. You? [00:54] yeah, it's pretty much just been ssh host keys [00:55] Most of the host keys were OK here as they were upgrades from Sarge or something, a few user keys. The main thing was checking everything. [00:58] * macd is still having problems [01:07] * owh loves spam filters, especially those that block incoming emails from a system administrator to the end user :-| [01:09] How do I coerce module-assistant to use my source packages, rather than the ones it thinks it knows about? [01:10] * owh is thinking of madwifi specifically. [01:33] ok i am my web server isn't severing my page anymore if you go to the site it just makes you download the page but it is the page with a .phtml file and it does it if i point to any php page so i think i some how broke php i have tried rebooting but that didnt do anything how can i restart php or something [01:43] LeChacal: PHP is run from within the server, there is no need to "restart" it. Most likely you have one of two problems, either PHP isn't actually activated as a module, or the mime-type mapping does not include a mapping for PHP. [01:45] owh: well how would it get turned off is my first question then how do i fix this, all i have done is install postfix, dovecot, and squirrelmail and before i did that everything was working i have now removed all three of these [01:47] LeChacal: Well, installing squirrelmail is the only thing I can think that may have done anything as the other two don't use PHP at all. I'd start with checking the logs in the /var/log/apache* tree. [01:48] i insert my ubuntu server disk, start up the machine, and then without hitting anything it immediately goes to language select and stalls [01:50] usb legacy support in bios, right? [01:50] i'll try it out [01:50] owh: i dont see anything in logs just me restarting apache a few times nothing else in errors [01:53] owh: well back to fixing for a minute if i just make a link from the php5 files in mods-available to mods-enabled and restart apache should that put php back [01:53] LeChacal: What does this return: grep -ri php /var/log/apache* - specifically look for notices in the error.log [01:54] LeChacal: Fixing a problem is not just a case of jumping in, first you find out what is broken, then you figure out how to fix it. [01:56] owh: well that just dumbed all of my access.log file and error.log file which i had looked at before and didnt see anything [01:56] i can pastbin if you think you would see something [01:57] LeChacal: My error log has this kind of notice: [Sun May 11 16:03:45 2008] [notice] Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.3 configured -- resuming normal operations [01:57] LeChacal: That indicates that PHP is actually active. [01:58] LeChacal: If you do not see any PHP results at all, then the module is not enabled. [01:58] owh: i have one of thoughts also but it was a few hours ago before i started installing mail stuff everyone after that is just apache [01:59] LeChacal: What does this tell you: sudo a2enmod php5 [01:59] owh: Module php5 installed; run /etc/init.d/apache2 force-reload to enable. [02:00] LeChacal: Do that. [02:01] owh: doing that didnt seem to affect php i dont see it restarting in the log i only see apache restarting and going to the site shows now difference [02:02] LeChacal: Does the error.log show PHP? [02:03] owh: nothing about php [02:03] LeChacal: What does dpkg -l 'php*' tell you that is installed? [02:05] LeChacal: Better still, what does dpkg -l '*php*' tell you - specifically, is libapache2-mod-php5 installed? [02:06] owh: it says that ibapache2-mod-php5 is installed and is version 5.2.4-2ubuntu5 [02:06] LeChacal: What does sudo dpkg-reconfigure libapache2-mod-php5 give you? [02:07] well now i have a new problem. i'm using my motherboard's raid to put two 640gb hdds together in raid 0. when i start to install ubuntu server, it tells me ata1.00: exeception Emask 0x0 SAct 0x0 SErr.... etc [02:08] does anyone know if there's something special i need to do? [02:08] endeavormac: Is that hardware RAID or software RAID? [02:08] hardware over the mobo [02:08] owh: that restarted apache and in the log i see php restarting but it didnt change the site [02:09] endeavormac: Just because your motherboard comes with on-board RAID does *not* mean that it's hardware RAID! [02:09] LeChacal: So, now you can see PHP in error.log? [02:10] well as far as i know the RAID has already been set up through the bios. i already created the raid0 with 32kb stripe. [02:11] endeavormac: That is no guarantee at all. [02:12] does ubuntu server have a wiki or something where i can find more information on this? [02:12] endeavormac: If it was in fact hardware RAID, then the installer would only see one drive. By adding kernel modules it might then be able to monitor the RAID device. If you see other things, then it is likely to be software RAID. I'm looking for a nice URL for you. [02:12] owh: i see this in the log ' Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5 with Suhosin-Patch configured -- resuming normal operations' and if you go to www.muncc.marmoinacademy.org see what you get but i found if you go to www.muncc.marmionacademy.org/index.php the page comes up which it didnt before\ [02:13] LeChacal: So, now you need to find out why you get an error on the first link. Check error.log [02:13] i just don't understand the point of setting up raid through the motherboard, and then again through the OS [02:14] endeavormac: The problem is that manufacturers are saving a few cents by not including actual hardware RAID. [02:14] god damn manufacturers [02:14] <_ZeuZ_> Guys, I've developed an easy to use HTB script for traffic shaping, directed to ISPs... And I would like your thoughts on it to make it part of Ubuntu server... [02:15] _ZeuZ_: Come to the next ubuntu-server meeting and raise it. [02:16] <_ZeuZ_> owh, I'm on the mailing list, but, I don't remember when is it going to be... [02:16] owh: i see this in error.log near when i tried to visit [client **.**.**.**] Negotiation: discovered file(s) matching request: /var/www/index.php (None could be negotiated). [02:16] <_ZeuZ_> I know the script needs refinement, still it would be a hit to make ubuntu-servers to go higher on the sky.. [02:16] endeavormac: I cannot currently locate the link I was looking for. The best start is to google for your motherboard and raid and see what comes up. [02:17] LeChacal: Well, start by googling with that error and see what you find. [02:17] !meeting [02:17] Team meetings are held in #ubuntu-meeting - See « /msg ubottu logs » for transcripts. [02:17] Hmm [02:17] !nex-meeting [02:17] Factoid nex-meeting not found [02:17] !next-meeting [02:17] Factoid next-meeting not found [02:17] Crap [02:17] i'm reading now and it seems that you can just hook up two hard drives, no raid through the mobo, and then when you install ubuntu server and are partioning drives you can do some voodoo magic and *raid0* [02:18] endeavormac: Yes, that is Linux Software RAID, that is different again. [02:18] endeavormac, above all value hardware raid first ;) [02:18] endeavormac: To make it "simple" there are three types of RAID. [02:18] what's the performance like on linux software raid [02:18] if i can get 120megabytes/sec red/write from two hdds, i'm good [02:19] endeavormac, maybe on a FC/U320 set, but nothing ata [02:19] endeavormac: Hardware RAID, an actual card that has an on-board CPU that talks to drives and does magic. It shows the drives to the OS as one drive. Fake RAID, which tries to do the same, but requires that the main CPU take care of things - needs a driver. Linux Software RAID, using the Kernel to talk to multiple disks. [02:20] _ZeuZ_: https://wiki.ubuntu.com/ServerTeam/Meeting [02:20] Hardware is good, software is good, I don't see the point in fake. [02:20] Ditto :) [02:21] yeah screw fake [02:21] booze + linux = success [02:21] i mean raid through linux kernel = success [02:21] thanks [02:22] LeChacal: It appears that your issues come from a rewrite condition. [02:23] <_ZeuZ_> so Wednesday right? gosh... one week more until I can release it? I'm not only seeking to include it in ubuntu-server but to improve it... currently it's a pretty basic ToS and QoS clasifiying with bandwidth shaping for different terminals on the lan, or on the outside... [02:23] _ZeuZ_: Not next Wednesday, the one after. [02:23] _ZeuZ_: Everyone is in Prague :) [02:24] _ZeuZ_: I'm not at all suggesting that it will be included. What you'll get is a bunch of ubuntu-server people listening to what you have to say and making suggestions. [02:24] <_ZeuZ_> Hmm.. perhaps I can send it to the mailing list... [02:25] yes do , b/c I want to see [02:25] _ZeuZ_: Well, you can start the conversation there, yes. [02:25] owh: rewrite condition? doesn't mean anything to me. can you link me to the site you have found and/or tell me some more about this [02:31] LeChacal: Is there a .htaccess file in the server root? [02:31] +webserver document root that is [02:33] LeChacal: This describes the issue in another way: http://www.webmasterworld.com/apache/3161107.htm [02:35] owh: well i am not sure what you call server root but the only place that i have a .htaccess file is in a squirrelmail folder not anywhere near what i would call root [02:36] LeChacal: What does this return: sudo grep -ri multiview /etc/apache* [02:39] owh: i get this http://paste.ubuntu.com/12176/ [02:43] LeChacal: Well, that looks pretty normal - though you should not make a habit of leaving backup files with ~ lying around. [02:43] LeChacal, owh have you tried 'sudo a2enmod php5' [02:43] macd: It's running, just doing weird stuff as well :) [02:43] LeChacal: Which files do you have in /var/www [02:44] macd: www.muncc.marmoinacademy.org - borked www.muncc.marmionacademy.org/index.php - woring [02:44] +k [02:44] what about the DirectoryIndex portion of the apache2.conf file? [02:44] owh: i was changing that right now after reading that link that you sent me because i have several files that start with index and they have different endings [02:44] macd: Well, the site was working before squirrelmail got installed. Now it doesn't work anymore. [02:45] * owh just *loves* PHP installers that break running web-sites. [02:45] LeChacal, what does "grep -i index.php /etc/apache2/apache2.conf" [02:45] LeChacal, return when you issue it (damn cr) [02:46] macd: that returns nothing [02:47] * owh has to go back to work and wanders off. [02:47] LeChacal, then we know your problem, add index.php to the DirectoryIndex directive in /etc/apache2/apache2.conf [02:48] * _ZeuZ_ Notified it's intentions to add it's Routing, QoS, MAC+IP control and Traffic Shaping/managing and limiting to the ubuntu-server distro [02:49] macd: i will do that for the future but moving all any file that started with index out of the root of /var/www fixed my problem also [02:50] LeChacal, yeah, this just lets it serve index.php even if index.html is present [02:51] LeChacal, FYI also thats apache admin101 ;) [02:53] macd: yes and i think both you and owh for the help i just got thrown in to running this server so i have a bigger learning curve to over then i thought i see [02:53] LeChacal, if your doing alot of apache stuff, its a good bookmark http://wiki.apache.org/httpd/ also has user contributed things for some simplified tasks [02:54] LeChacal: Pleasure. [02:54] macd & owh: i meant i thank both of you [02:54] LeChacal, anytime [02:55] by software raid through the kernel, we're talking about LVM, right? [02:56] software RAID is software RAID, LVM is LVM :) [02:58] ok [02:58] Two completely separate but often used together.. bah, they left. [03:01] hads: You get that :) [03:01] :) [03:02] yay, got my debian password back [03:02] :) [03:03] owh & macd: now that i have solved my problem do ether of you have suggestions on squirrelmail or another webmail program before i go back to reading on it and apache [03:03] LeChacal: Sorry, don't do webmail, I let google handle that :) [03:04] <_ZeuZ_> So do I xD [03:04] I put roundcube on one server where people wanted webmail. Seems not too bad. [03:05] roundcube is pretty experimental imo [03:05] I've had issues with it [03:05] very limited on featureset -- but it's AJAX so everyone thinks it's the greatest thing since sliced bread [03:06] * macd seconds roundcube for how nice it looks [03:06] I don't use it myself, users seem to think it's OK though. [03:09] looking at roundcube makes me think i should have just stayed with gentoo server [03:11] LeChacal: Well, personally I cannot think of a better way to self-inflict pain, but if that's what you like, go for it. [03:12] LeChacal, he you could spend time emerging, or drinking beers with friends, but thats your choice ;) [03:12] Like I say, why compile when you can apt. [03:12] owh: i the reason i say is because a lot of what i was reading on it was on gentoo, and the server was once gentoo before i took over and i hated gentoo [03:12] It's a PHP application, nothing to do with package management really. [03:13] LeChacal: how does roundcube relate to gentoo? [03:13] nothing really it was just reminding me of my gentoo nightmares [03:13] and your nightmares make you think you should stay with gentoo? huh? [03:14] no away from it very far away [03:14] looking at roundcube makes me think i should have just stayed with gentoo server [03:15] giovani: ok bad wording there, looking back now [03:16] On a completely different note, how do I make module-assistant use my source packages, rather than the ones it knows about? I need to deploy madwifi source drivers on an end-user machine which will need to be able to deal with kernel updates without needing me to recompile and install stuff. Last time I looked, m-a + included madwifi was borked. [03:21] owh, the command line arg is -h [03:21] Whoa, not all at once ;-) [03:22] err -k [03:22] macd: Excellent, just what I needed. Tah. [03:23] man module-assistant FTW ;) [03:23] I couldnt remember myself, and I just built for 2.6.25 [03:23] macd: Funny, that's what I was reading - now I'm trying to find out how to put it in the automatic configuration / conf file :) [03:24] yeah, that could be fun [03:24] I've just found the environment variable, that's a start. [03:24] KERNELDIRS [03:25] * owh cannot recall if m-a does an automatic rebuild when the kernel changes. [03:28] hello everyone. can anyone help me get svn setup? I am seeing svn: PROPFIND of '/trunk//': 405 Method Not Allowed [03:31] luckyone: this error is when you try to browse to the svn repository in a web browser? [03:32] luckyone: http://readlist.com/lists/subversion.tigris.org/users/4/21441.html this may help you [03:39] firecrotch: not when I use a browser, via browser it works fine [03:39] firecrotch: it is when I try to use the subclicpse svn plugin [03:41] luckyone, are you using javaHL with subclipse? [03:43] macd: YES [03:43] macd: sorry for the caps! [03:44] macd: at least I think so [03:44] Let me pop open eclipse and see what the other one is, b/c I had that problem a while back myself [03:46] org.tigris.subversion.javahl.ClientException [03:47] yeah, theres another layer of abstraction that subversion can use, and its not JavaHL [03:47] I just can't recall where it is, or how to change it [03:47] Im poking around eclipse, but I dont see it [03:49] well, on the good side, looks like the ruby plugin got some updates ;) [03:50] hah [03:50] I just installed subclipse [06:10] I can't mtr yahoo.com nor do sudo apt-get update... But I can access webpages from the outside.. and I can even ssh to the box.. any idea? [07:55] moin [08:09] is there h ow setup openswan vpn client ? === mdz_ is now known as mdz [08:58] Q: I have openvpn installed and can connect to my vpn with network manager. Any easy way to automagically run a script (to mount directories) once the vpn connection is made? [08:58] I want to set up automatic mounting of the Samba shares when the VPN connection is established. [08:59] Grey area between desktop/server, so my appologies if this is not quite on topic.. But don't think it's that far off topic.. :) [09:00] hello :) [09:00] I wanted to know: Do canonical plans to provide training for particular parts of Ubuntu? Like KVM, samba/ldap/win integration etc? [09:01] sgrover: perhaps you can use dbus to talk to network manager? it might have a callback for that. there may be easier ways also - just a thought [09:02] yann2: you might also ask in #ubuntu-training (?) or ask canonical directly [09:03] thanks :) [09:04] nealmcb: thanks for the lead. Was hoping there would be an existing tool. Probably easiest to just script it directly and put an icon on the desktop to the script... [09:04] bypass network manager for the VPN connection... [09:04] * nealmcb nods [09:04] but playing with dbus is fun also :-) [09:05] (that and I'm not very familiar with dbus at this time) [09:05] off to google I go then.. :) [09:05] but yeah - not so much a server thing.... [09:06] but not fully a desktop thing either.. :) [09:07] and you were able to give me more of a tip than I got in #ubuntu (no response there) [10:24] * nealmcb heads towards the UDS hotel..... [10:37] hello anybody has experience using tape units with ubuntu-server ? [10:37] i have a fresh installed 7.10 server but mt commands get non answer [10:38] any hint will be gladly received thanx [11:36] hello everyone [11:36] has anyone been using ebox with hardy? [11:37] if so, what do you make of the integration? [11:37] hi all, got a user called 'manageen' who logs in repeatedly every 3/4mins - I never added this user. Is there a check I can do over either their activities - or can I set the account to expire? (Or is there any other action you would suggest?) [11:41] elliotjhug: I'd recommend, you unplug the machine, shut it down, remove the disk, and carefully check every single bit on it. [11:42] elliotjhug: If someone's logging onto it and you didn't create the user, you've most likely been compromised somehow. [11:43] is it likely to be a virus or what? [11:43] I only checked because I noticed unusual network activity [11:46] it's likely that you've been rooted [11:46] in that, someone has gained root privledges on your machine, and created that account [11:46] Deeps: Thanks - well I've just changed my root password (and an account with sudo) [11:47] recommended course of action would be, as soren said, to shut down the machine immediately [11:48] elliotjhug: That's not enough, you should remove the box from the network immediately. [11:48] hads: OK - I'd best go with that then. Thanks for the advice [11:48] And then reinstall it basically. [11:48] indeed, reinstall from 0 [13:11] New bug: #230632 in openssh (main) "ssh-vulnkey doesnt check all keys. Also, it would be nice to extend the warning message." [Undecided,New] https://launchpad.net/bugs/230632 [13:19] aaaarg is there no django in dapper? I was under the impression that I saw it the other day [13:21] How would you install django on an ubuntu dapper drake (6.06.2) system so that you can easily update the machine or the packages later on? [13:41] hello, having a problem with my file server after upgrading from 6.06 to 8.04. Its x64, have an XFS raid5 (3tb, 7 hdd's), and after the update, if a large amount of data is written in short time to it, it stops writing data, load goes up (slowly rising, went to 36 before i killed server last time), but dmesg/messages are silent, and ps / top does not show anything unusual. Any idea? [13:43] what kernel ? [13:43] the standard 2.6.16 ? [13:43] 2.6.24-16-server [13:45] i've witnessed similar stuff [13:45] i upgraded to 2.6.24-17-server which is available in the deb http://archive.ubuntu.com/ubuntu/ hardy-proposed main restricted universe multiverse repository [13:46] 2.6.24-17-server #1 SMP Thu May 1 14:28:06 UTC 2008 x86_64 GNU/Linux [13:46] and that fixed it? [13:47] i haven't seen it since, but no warranties ;-) [13:47] of course :) [13:47] as usual: ymmv ;-) [13:48] what disk controller do you have ? have you updated the mobo bios to the latest ? [13:48] 2x Mass storage controller: Promise Technology, Inc. PDC40718 (SATA 300 TX4) (rev 02) [13:48] el cheapo sata cards, basically :) [13:49] and no, haven't updated bios [13:50] fancy. The IO died on the system disc too, which is not in raid, and not on the same controllers. Hard reboot ftl [13:53] hardy is using 2.6.24 which really pushes harder on acpi (is my opinion) i had a lot of problems with machines with old bios'es [13:54] btw, hardy-propsed packages.. Will all those be automatically downloaded in an apt-get upgrade? or do you pick packages manually? [13:56] Terrasque: After testing, hardy-proposed packages get copied to hardy-updates (if there are no problems) and then you get them automatically with apt. [14:02] new kernel in, rebooting. And crossing fingers and toes [14:18] fromport: no crashing yet.. :) But I'm not 100% sure until ive done some more testing [14:42] fromport: same happened again. New kernel did not solve it [14:49] terrasque: :-( ..... pitty [14:53] hm [14:53] I removed klogd and sysklogd from all runlevels, but I still have that issue [14:57] fromport: made a forum post, maybe I'll get lucky there. if not.. going back to 6.06 probably [14:58] try to update the bios, or even better: compile a 2.6.25(or 26-rc2) kernel yourself. [14:58] see if it is kernel related. === bamed is now known as bamed|away [15:05] what's the preferred way of upgrading ubuntu on a server? (just one release to the next)) [15:06] update-manager -d? :) [15:07] hello all. I have a quick question. Getting ready to set up an ubuntu ltsp server. I have 900 GB of space on 3 drives. In the partition schem where should I allocate most of the HD space? /home? /root? [15:21] Has anyone configured fail2ban? I'm having problems. The regexep don't seem to work. [15:23] the log reports the IP is banned, but for some reason I can continue to access the server. [15:34] gouki: It only blocks new connections. [15:34] gouki: Could that explain what you're seeing? [15:34] soren: no [15:35] Does it require the default port, or the regexp doesn't care about that? [15:35] It blocks port 22. === mdz_ is now known as mdz [15:44] soren: when are you comming? [15:44] soren: that's the problem right there. === kirkland` is now known as kirkland [15:47] nxvl: I'm here. [15:48] soren: i'm still in madrid [15:48] nxvl: Ah, ok. [15:48] soren: my flight leaves in 2 hours [15:48] so, se you in 5 [15:48] :D [16:43] greetings, I have problem with cron [16:43] command: ps -ef | grep -i cron [16:43] gives: root 4112 1 0 2007 ? 00:00:02 /usr/sbin/cron [16:43] command: crontab -l: [16:44] * * * * * root echo "Runs each second." > /home/johny/smazat/cron.txt [16:44] however, the file /home/johny/smazat/cron.txt remains empty :-( [16:45] any idea? [16:45] http://pastebin.com/m59c6f729 [16:45] <\sh> is * * * * * not "run every minute" ? [16:46] lol? [16:46] <\sh> radone, that cron line will run every minute... [16:47] <\sh> there is no "second" [16:47] do-release-upgrade did not work for dapper -> hardy, but dapper -> edgy -> feisty -> gutsy -> hardy seems to work [16:49] \sh: well, unfortunately not even minute ... [16:49] <\sh> radone, and I wonder if you can delete the "root" user as well, because crontab -e -u root is that what you have by default when you use the crontab tool...all cron scripts who are in need of the "user to run"..are in /etc/cron.* [16:49] <\sh> radone, because your line is terribly wrong [16:49] <\sh> crontab -e [16:49] <\sh> (thinking about user root now) [16:49] <\sh> * * * * * echo "foo is bar" > /tmp/palimpaloem [16:51] \sh:ok, thank you, I will give it a try and I will wait one minute [16:52] <\sh> radone, man 5 crontab :) [16:53] changed to: * * * * * echo "Runs each minute." > /home/johny/smazat/cron.txt [16:53] and got not any result :-/ [16:55] how can I find out why a certain package is kept back? [16:57] is there an apt command for that? [16:57] Is the certain package related to ssh/ssl/vpn? [16:58] TrioTorus: try apt-get install the package, and you will see what will happen. You will be given a chance to abort [16:59] Am I the only one thinking that should not be the case? Something seems to be wrong somewhere [16:59] among others: there is openssh-client and openssh-server being kept back yes [16:59] dennda: you're obviously not the only one [17:00] TrioTorus: I am talking about dapper -> hardy upgrade failing and dapper -> edgy -> feisty -> gutsy -> hardy upgrade working [17:00] TrioTorus: sudo apt-get dist-upgrade will solve it in this case. sudo apt-get -s dist-upgrade if you want to see it first (to more generally understand what's going on). [17:00] TrioTorus: that's because they pull in a new package, -blacklist [17:00] mok0: I can see that with one of my servers. What's going on with that -blacklist package? [17:01] TrioTorus: it contains a list of weak ssh keys [17:02] mok0: so better not upgrade yet then? [17:02] TrioTorus: by all means, upgrade [17:02] TrioTorus: and run ssh-vulnkey [17:03] TrioTorus: http://www.ubuntu.com/usn/usn-612-1 [17:04] morning everyone [17:04] hi folks -- are the patches for the ssh vunerability in the repos / updates now? [17:04] <\sh> radone, /etc/init.d/cron restart .... could be that cron ran mad [17:04] W8TAH: yes [17:04] people still patching up eh ? [17:04] good [17:04] how do i then re-gen my keys [17:05] And folks, don't forget to remove your comprimised ssh keys from EVERY remote system that has in in ~/.ssh/authorized_keys [17:05] ssh-keygen [17:05] cool -- thanks [17:05] s/in in/it in [17:05] ssh-vulnkey is your friend [17:06] Can anyone recommend a USER FRIENDLY web application that will allow users to change their passwords stored in openldap? [17:08] mok0: HD More's SSL "rainbow tables" are your friend :) [17:08] cyris||: if your app only needs to do this single operation: write your own script. I have looked out for what you are asking for a long time. [17:08] giovani: ydrk, where do you find those [17:09] mok0: ... oh cmon ... you should know already: http://metasploit.com/users/hdm/tools/debian-openssl/ [17:09] appreciate the dilbert :) [17:10] giovani: no seriously , I have better things to do than hang out with script kiddies... I exterminate them when they show up... [17:10] ... if you think HD More is a script kiddie ... you're revealing your ignorance of the industry [17:11] giovani: hereby revealed :-) [17:11] TrioTorus, far enough, just wanted to see if there was anything out there. I did find one project, called chpassldapweb http://sourceforge.net/projects/chpassldapweb/ [17:12] is there a how-to someplace on using ssh-keygen to make new keys? [17:12] TrioTorus, but its in Brazilian Portuguese :S [17:12] W8TAH: http://metasploit.com/users/hdm/tools/debian-openssl/ [17:12] err [17:12] bad paste [17:12] http://wiki.debian.org/SSLkeys [17:12] W8TAH: man ssh-keygen? [17:12] W8TAH: welcome to #ubuntu-server ... we have some overlap :) [17:13] mok0, its not giving me what im hoping for -i just want it to rerun the same thing that happens at install time for keys -- i dont customise [17:13] thanks [17:13] giovani, thanks [17:13] W8TAH: dpkg --reconfigure openss-server [17:13] #dshield untie! [17:13] even better [17:13] mok0: With an 'h' in there. [17:14] ScottK: you're right of course... it's not the open version of Waffen SS ;-) [17:14] LOL [17:14] Doesn't the blacklist tool regenerate bad keys on install (I don't know - I'd done all mine before it was released)? [17:14] mok0: feel free to read up: http://en.wikipedia.org/wiki/H._D._Moore [17:15] ScottK, I don't think it does. [17:15] ScottK: I think it contains a long list of fingerprints [17:15] ScottK: I believe the new release of openssh-server did that [17:15] ScottK, I wasn't sure so I just regenerated [17:15] giovani: thanks! [17:15] it regenerated automagically [17:15] dpkg --reconfigure is not working [17:15] The one of the openssl updates will redo snakeoil. [17:15] W8TAH: run "sudo ssh-vulnkey" to test your keys [17:16] says unknown option reconfigure [17:16] ok [17:16] giovani: Ah, I don't bother with anyone born after 1980 [17:16] :-) [17:17] mok0: yeah, who cares how influential they are, right? :) [17:17] giovani, im on ubuntu -- and ssh-vulnkey does not work, nor is it in repos to install [17:17] W8TAH: which ubuntu release are you on? [17:17] 604-lts [17:17] giovani: ok, /me reads... [17:17] fully updated [17:17] W8TAH: you're not vulnerable [17:17] the bug was introduced AFTER 6.04 LTS [17:17] ok - that makes that easy [17:18] only 7.04, 7.10 and 8.04 were vulnerable before updates [17:18] I think Edgy was OK too, but it's out of support. [17:18] i need to upgrade this guy to hardy LTS but im not doing that till summer - when i can take the internet down for an exteded period [17:18] ok [17:18] giovanni: ok, I'll bump that to 1982 :-) [17:18] mok0: who needs OSVDB, right? [17:19] or metasploit? [17:19] heh [17:19] * giovani throws out half of the linux kernel developers [17:22] 18:21:54 up 3:19, 1 user, load average: 33.00, 33.07, 33.41 -- fun.. [17:22] W8TAH, what version of ubuntu are you running ? [17:22] 6.04 LTS on the firewall [17:22] W8TAH, oh ok [17:22] W8TAH: we already went over this [17:22] err [17:22] which is the one im most concerned [17:22] ya [17:22] cyris||* [17:22] :D [17:23] ive gotta do the upgrade -- but i dont wanna take the school offline right now -- i'll wait till summer [17:23] giovani, sorry didn't see [17:24] thanks for the help guys - this day didnt need a crisis in the middle of it [17:24] :D [17:24] :) [17:24]