/srv/irclogs.ubuntu.com/2008/06/02/#ubuntu-server.txt

bimberi	The_Kernel: Yes, Ubuntu installs with no root password set so logins to it are disabled.	01:21
bimberi	The_Kernel: Not sure about the denied login. It could be in the sshd configuration on that server. Or /etc/hosts.[allow\|deny]	01:23
Kamping_Kaiser	The_Kernel, try with -vv you might have been blacklisted	01:30
christefano	has anyone known ssl-blacklist to have false positives?	02:20
Kamping_Kaiser	i've heard of it, but not with any sort of proof	02:21
christefano	hmm.	02:21
christefano	how do I test my SSL certificate against the openssh-blacklist?	02:43
Kamping_Kaiser	openssl-vulnkey ?	02:43
christefano	I'm not sure how to pass a certificate to openssh-vulnkey. it seems to only check SSH keys	02:44
Kamping_Kaiser	ssl. not ssh	02:45
christefano	ah, I don't have that.	02:45
Kamping_Kaiser	hm.	02:45
Kamping_Kaiser	openssl-blacklist: /usr/sbin/openssl-vulnkey	02:45
Kamping_Kaiser	Installed: 0.1-0ubuntu0.7.10.4	02:46
emgent	morning	02:50
=== jjesse_ is now known as jjesse
m11	hello	05:28
Litefire	morning all	09:47
Litefire	i am having a little trouble with my server instal recognizing a sata2 hd	09:48
Litefire	i have an ibm 330 server i installed ubuntu on and cant seem to figure it out when i start it up i get ata2: srst failed errno-16 for the data hd	09:49
Litefire	the raid that ubuntu is installed on starts up fine but the sata2 drive i have attached to a pci card isnt discoverable from what i can figure out	09:50
osmosis	anyone know if it is possible to do a raid 10 with software raid?	09:51
_ruben	osmosis: yes .. there's a raid10 kmod .. or you could do it 'manually' with raid1 and raid0	09:52
osmosis	_ruben: is it reliable?	09:53
osmosis	_ruben: can you recommend some instructions ?	09:53
_ruben	the basics are as simple as : sudo mdadm --build /dev/md0 --level=10 -- raid-devices=4 /dev/sda1 /dev/sdb1 /dev/sdc1 /dev/sdd1	09:56
_ruben	oops, kill the space between -- and raid-devices	09:56
_ruben	the installer doesnt support raid10, so if you want to install the system to raid10, you'll have to drop down to a shell during the install to give that command	09:56
_ruben	and reliable, well, the raid10 kmod is one of there newer raid kmods, so hasnt aged as much as plain raid1+0, but offers some nice enhancements as well (like doing raid10 over 3 disks for example)	09:58
_ruben	http://cgi.cse.unsw.edu.au/~neilb/01093607424	09:58
=== fredrik__ is now known as frippz
NineTeen67Comet	Hello, is there a way to get aptitude to install smartmontools w/out exim4, mailx etc etc etc?	12:43
* NineTeen67Comet sudo aptitude install smartmontools = exim4 exim4-base exim4-config exim4-daemon-light liblockfile1 mailx		12:43
ikonia	nealmcb: it just needs an mta	12:45
ikonia	oops	12:45
ikonia	NineTeen67Comet: it just needs an mta	12:45
NineTeen67Comet	aha .. no mail on this server, but I guess it can just use it as it pleases ..	12:45
* NineTeen67Comet would have e-mail if me isp would crack the ports open ..		12:46
ikonia	NineTeen67Comet: let it install exim and then use local mail only	12:46
NineTeen67Comet	ikonia: prolly what I'll do ..	12:47
ikonia	NineTeen67Comet: make it easy on yourself	12:47
cjsstables	hello all. I can't resolve internal names on my network. I'm able to resolve external names. If I do a lookup on my internal nameserver I get an SOA record for prisoner.iana.org. Can someone help here	12:53
cjsstables	btw I used lookup with an ip address of my name server	12:53
ikonia	cjsstables: ok - so if your domain is "domain1" your saying you can't resolve box1.domain1	13:10
cjsstables	that's correct	13:10
cjsstables	but I can resolve anything on the outside	13:10
ikonia	cjsstables: ok - so have you setup your own domain zone file ?	13:12
ikonia	cjsstables: are you using anything like views ?	13:12
cjsstables	no views. I have dns forwarding zone	13:13
ikonia	cjsstables: so where is the domain your wanting to resolve kept	13:14
cjsstables	dns server addy is 192.168.0.1, lynksys router is 192.168.0.2	13:14
ikonia	ok - but where is your domain zone file ?	13:15
cjsstables	it is kept on 192.168.0.1 / srv1.soho.cjs	13:15
cjsstables	internal private network	13:15
ikonia	cjsstables: ok, so if you do nslookup server=192.168.0.1 then "box1.soho.cjs" does it respond ?	13:16
ikonia	cjsstables: do you have "ns" lines in your one file ?	13:16
ikonia	zone	13:16
cjsstables	hold on	13:17
cjsstables	nslookup srv1.soho.cjs	13:17
cjsstables	Server: 192.168.0.1	13:17
cjsstables	Address: 192.168.0.1#53	13:17
cjsstables	** server can't find srv1.soho.cjs: NXDOMAIN	13:17
ikonia	cjsstables: no - type nslookup	13:18
ikonia	cjsstables: then do server=192.168.0.1	13:18
ikonia	cjsstables: then do serv1.soho.cjs	13:18
ikonia	oops srv1.soho.cjs	13:18
ikonia	just want to check it step by step	13:19
ikonia	(I appriciate thats the same as your output)	13:19
cjsstables	server=192.168.0.1	13:19
cjsstables	Server: 192.168.0.1	13:19
cjsstables	Address: 192.168.0.1#53	13:19
cjsstables	** server can't find server=192.168.0.1: NXDOMAIN	13:19
cjsstables	> srv1.soho.cjs	13:19
cjsstables	Server: 192.168.0.1	13:19
ikonia	cjsstables: does your zone file contain ns records, does it have an entry for srv1	13:19
cjsstables	Address: 192.168.0.1#53	13:19
cjsstables	** server can't find srv1.soho.cjs: NXDOMAIN	13:19
cjsstables	yes it has an entry for srv1	13:19
ikonia	server=192.168.0.1 ; ** server can't find server=192.168.0.1: NXDOMAIN	13:20
ikonia	thats worrying	13:20
ikonia	does your zone file have ns lines ?	13:20
cjsstables	what are ns lines?	13:20
ikonia	cjsstables: the say the name servers for the zone	13:20
cjsstables	I can't answer that i'll have to look.	13:21
cjsstables	where do I look at?	13:21
cjsstables	I have webmin installed to administer the name server	13:21
ikonia	ughhh webmin	13:21
ikonia	and this is me backing away	13:21
cjsstables	its ok. i can use command line also	13:22
ikonia	cjsstables: I can't support products with webmind - it's the devils tool	13:22
ikonia	cjsstables: webmin changes the way things can work	13:22
cjsstables	so do you want me to open bind.conf	13:23
ikonia	not really	13:23
ikonia	I wanted you to look at your zone file for "NS" entries	13:23
ikonia	but it certainly wouldn't hurt to look if your bind.conf file contains an entry for your domain either	13:24
ikonia	that way you can see where it expects the zone file to be	13:24
cjsstables	ok.	13:24
cjsstables	brb	13:24
cjsstables	exit	13:24
cjsstables	oops.. sorry	13:24
cjsstables	ikonia: my named conf doesn't point to any zones. looks like the zones are included through named.conf.options	13:27
ikonia	cjsstables: ok - so follow that through	13:28
cjsstables	k brb	13:28
cjsstables	ok. in my named.conf.local I have the following zone	13:31
cjsstables	zone "soho.cjs" {	13:31
cjsstables	type master;	13:31
cjsstables	file "/etc/bind/soho.cjs.hosts";	13:31
cjsstables	};	13:31
sommer	morning all	13:34
jjesse	morning sommer	13:35
ikonia	cjsstables: ok, do you have /etc/bind/soho.cjs.hosts	13:35
cjsstables	ikonia: inside my soho.cjs.hosts file I have a SOA record for srv1.soho.cjs	13:35
ikonia	cjsstables: ok, I suggest you put an NS line in	13:35
ikonia	cjsstables: I'm worried at why nslookup; server=192.168.0.1 tried to resolve server= rather than set the server to be used	13:36
cjsstables	ok . there is an ns line for srv1.soho.cjs and an A record for 192.168.0.1	13:36
cjsstables	what bothers me is this line.....soho.cjs. IN SOA srv1.soho.cjs. cjsadmin.soho.cjs. (	13:37
cjsstables	because there is no machine anywhere called cjsadmin.soho.cjs	13:38
cjsstables	cjsadmin is actually a username on the server	13:38
cjsstables	ikonia: can I instant message you?	13:42
ikonia	cjsstables: I'm not signed into one at the moment, sorry	13:42
ikonia	cjsstables: don't worry about the cjsadmin.soho.cjs. line	13:43
cjsstables	ok	13:43
ikonia	cjsstables: can you pastebin the zone file please ?	13:44
cjsstables	youl'll have to re-instruct me on using pastebin. i forget how to use it.	13:44
cjsstables	is it pastbin.org or com	13:45
cjsstables	actually. I'll paste all of my bind config files	13:47
=== mdz_ is now known as mdz
cjsstables	ikonia: ok named.conf...http://pastebin.com/m648cf8b9	13:49
ikonia	no - the zone file	13:50
cjsstables	which one would that be?	13:50
ikonia	the one with cjsadmin.soho.cjs line in it	13:50
cjsstables	ok...	13:50
cjsstables	Ikonia: http://pastebin.com/d4728359f	13:51
ikonia	cjsstables: did you incriment the serial when you changed it ?	13:52
cjsstables	yes	13:52
cjsstables	I sent a whole new pastebin	13:52
ikonia	cjsstables: no the serial on the zone file	13:52
cjsstables	then no I didn't. I haven't changed it at all	13:53
ikonia	but you did add the "NS" line ?	13:55
cjsstables	no. those ns and a records were already there	13:55
ikonia	oh right	13:55
ikonia	thats odd	13:55
ikonia	cjsstables: I suggest you restart bind, look at the file /var/log/messages and check out if it loadds your file ok	13:55
cjsstables	ok	13:56
cjsstables	brb	13:56
cjsstables	ikonia: looking at the message log I show no messages since last boot at7:22 am. (Oh I did restart the bind9 server like you said)	13:59
cjsstables	is there any other log that I can look at for bind errors?	14:00
ikonia	you see no updates on restarting bind ?	14:01
cjsstables	nope. none	14:01
ikonia	thats worrying you should at least see bind shutdown / start time stamps	14:01
cjsstables	ok I'll look again	14:02
cjsstables	ikonia: sorry... I thought messages were listed latest first. hold on while I page to the bottom of the file	14:04
ikonia	no problem	14:07
cjsstables	ikonia: believe it or not there are no other entries in the log after June 2 08:45	14:08
ikonia	I do believe it, but that is quite worrying	14:08
cjsstables	why?	14:08
ikonia	there should be a time stamp for bind stopping and starting	14:08
cjsstables	. I have rebooted multiple times since 8:45 also. no of those are in there either	14:09
cjsstables	unless Jun 2 08:45:53 srv1 -- MARK -- is a valid entry for reboot	14:09
cjsstables	I'll restart bind again and see if the messages is updated	14:11
cjsstables	ikonia: I did a restart on bind, and there was no new entry....	14:13
ikonia	cjsstables: one moment	14:14
cjsstables	k	14:14
ikonia	cjsstables: thats my mistake - bind in ubuntu doesn't log	14:15
ikonia	cjsstables: I may log that as an enchancment	14:15
cjsstables	wheh... I was worrying	14:15
cjsstables	it is funny. I am ssh'ing into the server with ssh cjsadmin@192.168.0.1, I then sudo su, and my terminal window from my client shows root@srv1.soho.cjs	14:17
ikonia	cjsstables: sudo su ???	14:18
ikonia	cjsstables: you shouldn't be doing that	14:18
ikonia	cjsstables: your client name is probably being picked up form your host file resoution	14:19
cjsstables	I know, but I'm not on a production environment yet and also on a private net right now	14:19
cjsstables	one other bit of info when logged onto the server, I can ping srv1 and get resulst returned.	14:21
cjsstables	ping soho.cjs	14:21
cjsstables	returns no host found	14:21
cjsstables	ping srv1.soho.cjs returns good results	14:22
cjsstables	so the server itself is resolving names to ip's	14:22
cjsstables	but my clients cannot resolve names to ip on the local net	14:23
ikonia	cjsstables: and your using the FQD on your clients ?	14:24
cjsstables	yes	14:24
ikonia	cjsstables: have you setup the recersive permissions correctly (they should be ok by default for SOA zones)	14:24
cjsstables	I don't think there is a reverse zone ...I don't know what recursive permissions are	14:25
ikonia	you don't need reverse zone	14:31
cjsstables	ikonia: should I have a file called soho.cjs.db in my /etc/bind/ directory? because I don't. the only thing I have is a db.0	14:32
ikonia	cjsstables: thats normally a cache file (I don't have an ubuntu server to hand to verify this, hence why I'm working from memory)	14:32
cjsstables	ah ok.	14:32
cjsstables	ikonia: I found a how to to manually create a caching name server in ubuntu. I'm going to stop dns and rebuild using that.	14:36
cjsstables	hopefully that works	14:36
ikonia	caching name server isn't for hosting zones	14:36
cjsstables	no but it will still allow me to resolve local IP's won't it?	14:36
cjsstables	oops local names...	14:37
_ruben	no, only non-local ones	14:37
ikonia	cjsstables: your problem is that your box doesn't seem aware that it's hosting the domain	14:40
cjsstables	it looks as though this how to has a revers lookup file that has named.conf.local that specifies the zone	14:40
cjsstables	and then referes to a reverse zone	14:40
cjsstables	also has the forwarders in it	14:40
ikonia	cjsstables: ahhhhh I have it	14:41
cjsstables	ok...	14:41
ikonia	cjsstables: your server can do it because it's doing the lookup locally	14:41
cjsstables	ok	14:42
cjsstables	makes sense	14:42
ikonia	your clients hit the box - get forwarded on, but the NS record is 192.168.0.1, which is non-routable so routes to no-where	14:42
Libertine-	hi	14:42
ikonia	cjsstables: take the forward of that zone	14:42
cjsstables	you mean remove the forwarding part	14:42
ikonia	on that domain	14:43
ikonia	so that it knows its local to the box	14:43
cjsstables	hold on I gotta think though this a sec....	14:44
cjsstables	and recall what file holds the forarder	14:44
cjsstables	ikonia: Ok I'm lost.	14:47
ikonia	cjsstables: one moment	14:47
ikonia	I'm going to see if I can gain access to an ubuntu box from where I am	14:47
cjsstables	ok	14:47
cjsstables	ikonia: I have to go outside for a minute... smoke break.. LOL. I'll be back	14:48
=== ewook_ is now known as ewook
cjsstables	ikonia: back now	15:01
=== good_dana1 is now known as good_dana
cyris\|	morning everyone	15:30
=== jjesse_ is now known as jjesse
zul	jdstrand: ping	16:22
jdstrand	zul: pong	16:24
zul	jdstrand: you were the last one to touch openldap2.3 in hardy do you mind if I take the merge off your hands?	16:25
jdstrand	zul: that would be very much appreciated :)	16:25
zul	jdstrand: consider it done :)	16:25
jdstrand	\o/	16:25
jdstrand	thanks	16:25
emgent	heya :)	16:26
=== jjesse_ is now known as jjesse
uvirtbot	New bug: #236830 in samba (main) "cifs does not support kerberos authentication" [Undecided,New] https://launchpad.net/bugs/236830	17:06
afief_	Could someone tell me what's wrong with the following crontab? 53 18* * *rootmysqldump --all-databases -uroot -pmightyrhapsody \| bzip2 > /media/backup/mysql/`date \+%d-%m-%y`.bz2	17:07
InsomniaCity	you might be better off moving the commands out into a script somewhere	17:14
afief_	InsomniaCity, thanks, I'll try that	17:15
InsomniaCity	also, my crontab doesn't have usernames in it	17:15
delcoyote	hi all	17:19
delcoyote	have an issue to connect lan server through putty or ssh, server has monitor, mouse,keyboard, through a kvm switch(4 pc's) if its connected it connects, if its disconnected from monitor, mouse, keyboard, can't connect to it, and if keyboard and mouse(not monitor) are connected I can connect also, what is wrong, what I shold be looking for?	17:20
hackeron	hey, I'm trying to text kexec to boot another kernel on kernel panic, the documentation says to echo c > /proc/sysrq-trigger but it isn't causing a kernel panic on my ubuntu server - how do I cause a kernel panic?	17:42
hackeron	err, I mean I'm trying to get kexec to boot another kernel on kernel panic	17:42
=== kees_ is now known as kees
spiekey_	Hi	18:16
spiekey_	is anyone here using some tool to monitor the CPU, Harddrive and motherboard teperature?	18:17
mathiaz	sommer: is there anything about nss-ldap and how to setup an ubuntu client to use an ldap server instead of NIS in the docs ?	18:34
sommer	mathiaz: nope, not in the serverguide, but there are some good guides in help.u.c	18:39
timboy	ssh stopped working on my my main computer... when I try to connect it says connection refused...	18:39
sommer	mathiaz: expanding the LDAP section is on the list for Intrepid though :)	18:40
timboy	i removed it with apt-get remove and reinstalled it but still no go... is there something else I should look at?	18:41
sommer	timboy: is the sshd service running?	18:42
timboy	sommer, in /etc/init.d/ there is no ssh there is ssh though	18:44
timboy	i restarted it and it said ok but still says refused	18:45
sommer	timboy: try ps -ef \| grep sshd, and see if it gives you some process numbers	18:45
sommer	timboy: you could also try ssh -vvv hostname, to give more debugging output	18:45
timboy	root 25684 1 10:50 ? 00:00:00 /usr/sbin/sshd	18:46
timboy	same message. connection refused no more useful data	18:47
timboy	not running a firewall	18:47
sommer	timboy: did you use the -vvv option? you might also check /var/log/auth.log on the server	18:48
timboy	sommer, in /var/lob/auth.log it says error: bind to port 22 on 0.0.0.0 failed: address already in use. I'm sure that's from when I restarted ssh	18:49
timboy	so something is already using ssh port?	18:49
sommer	timboy: you might have another service running on that port then	18:49
timboy	ok how do I tell	18:49
blue-frog	mathiaz: very simple. install ldap-auth-client, make sure you enter the ldap admin passord during conf, run: sudo auth-client-config -a -p lac_ldap, change bind_policy hard by bind_policy soft in /etc/ldap.conf and off you go	18:49
sommer	timboy: I'd try sudo /etc/init.d/ssh stop, and then ps -ef \| grep ssh to make sure all the process are stopped	18:50
timboy	6583 6545 0 may 30 ? 00:00:00 /usr/bin/ssh-agent x-session-manager	18:51
timboy	sommer, what's that mean?	18:55
timboy	can someone help me troubleshoot my ssh issues?	18:59
timboy	something appears to be hogging port 22...	19:00
sommer	timboy: is that ssh-agent running on the server?	19:04
timboy	i don't know... it's in my init.d directory	19:05
timboy	ok nevermind it's not in my init.d directory	19:07
sommer	timboy: which machine did you run find the process on? the one you're trying to connect to or the machine you're trying to connect from?	19:07
sommer	timboy: I'd try restarting ssh on the machine you're trying to connect to	19:07
timboy	the one i'm trying to connect to	19:07
timboy	i've done that several times though...	19:08
sommer	timboy: are there any errors in /var/log/syslog after you restart ssh?	19:09
timboy	no just the error I get in auth.log	19:10
timboy	i just purged the ssh and openssh-server programs with aptitude and reinstalled them and no go. so there is something else using port 22	19:11
ScottK	timboy: Does netstat list anything?	19:12
sommer	can you pastebin the output of ssh -vvv servername ? replacing servername with the host you're trying to connect to	19:12
timboy	sommer, http://rafb.net/p/2yFLIv70.html	19:16
sommer	timboy: have you upgraded both the server and the client... it may be because of the week sshkey issue	19:18
timboy	not upgraded client but have upgraded server...	19:19
timboy	sommer, I can't even do ssh localhost	19:20
sommer	timboy: as ScottK said try netstat -a and see what is listening	19:21
timboy	sommer, doesn't appear that anything is...	19:23
sommer	and you still get the error about something already listening on port 22?	19:24
timboy	yes	19:25
timboy	weird	19:25
sommer	hrrmmm, maybe try restarting... that'll be sure and stop all the services	19:25
timboy	ok...	19:26
sommer	timboy: you might also try setting the LogLevel attribute in /etc/ssh/sshd_config to DEBUG, to produce more output	19:27
timboy	sommer, still no go	19:45
timboy	ssh localhost is working but in my auth.log i still get the error about binding to port 22	19:45
timboy	sommer, took so long because i had the joyous fsck check	19:46
sommer	timboy: you might also try setting the LogLevel attribute in /etc/ssh/sshd_config to DEBUG, to produce more output	19:48
sommer	timboy: netstat -nlp may reveal more about which process are using which ports	19:50
timboy	sommer, shows nothing with port 22 in netstat	19:51
timboy	actually now it's showing up hold on	19:52
sommer	timboy: and sshd is running? you should see output from ps -ef \| grep sshd listing a proces number	19:53
timboy	sommer, ok purged it again!@ and now it doesn't show up...	19:54
sommer	timboy: so try starting it again (/etc/init.d/ssh start)	19:55
sommer	timboy: can you pastebin the output of ps -ef ? after trying to start ssh	19:56
timboy	i'll need to install it again	19:56
sommer	yep you'll need openssh-server installed in order to connect	19:57
timboy	root 14604 1 0 12:02 ? 00:00:00 /usr/sbin/sshd	19:57
timboy	Jun 2 12:02:25 ubuntu sshd[14604]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.	19:57
timboy	is this because i'm installing both ssh and openssh-server?	19:57
timboy	what's weird is that it says it is running but at the same time tells me that it can't bind to port 22. same PID	19:58
timboy	I can do ssh localhost now though	19:58
dena_	sommer, about to reformat...	20:03
=== dena_ is now known as timboy_
nealmcb	. o O (timboy needs to run sudo netstat -ltp to find out who has the port open)	20:47
=== emgent_ is now known as emgent
genii	Is there some CLI update-notifier? Aside from the obvious way of just running something like apt-get update or such that is.	21:07
blue-frog	genii: what is your need?	21:14
InsomniaCity	genii: I'd imagine apt has exit codes or something for non-interative operation	21:15
InsomniaCity	*interactive	21:15
genii	blue-frog: Basically to have the CLI equivelent of update-notifier feauture which exists otherwise.	21:17
genii	When run unattended perhaps to email admin of which are available	21:18
blue-frog	as I don't know if it exits (certainly es) I would use a workaround myself, apt-get update && apt-get -s dist-upgrade and email the result (or log)	21:19
blue-frog	email upon conditions, only if one of the result has something else than 0 in (0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded)	21:20
blue-frog	well at least 0 upgraded in fact	21:21
osmosis	whats the alternative CD for ?	21:22
blue-frog	install GUI Ubuntu	21:22
osmosis	blue-frog: for server ?	21:23
blue-frog	well if you want a GUI server	21:24
blue-frog	but more for desktop	21:24
blue-frog	genii: have a look at man apt-get. what about the -u option?	21:26
Erosion	Just installed ubuntu server, is there a guide about what I should install when I first get it?	21:28
blue-frog	I would say that only you know what service you want.	21:29
blue-frog	genii: or maybe apt-show-versions -u	21:31
genii	Hmm, perhaps download-only with -u then pipe that to a file which emails off	21:31
genii	You'd think there might be a simpler way though	21:31
blue-frog	in that case -s would be enough, no need to download	21:32
Erosion	Isn't there a guide, showing the best software for FTP, Web Server, Mail Server etc	21:32
Erosion	In ubuntu server when I hit the <-- KEY, (backspace), it treats it like I've hit the DEL Key, and removes the character infront (instead of behind)	21:33
blue-frog	genii: apt-show-versions from universe looks nice	21:36
genii	blue-frog: I'm formulating a plan in which if already downloaded, a return email may be parsed and packages indicated there upgraded	21:36
blue-frog	yes yes understood, apt-show-versions -u will list all the upgradeable packages	21:37
blue-frog	and apprently exit 0 if none	21:37
lukehasnoname	erosion:	21:37
lukehasnoname	During install you should have been prompted on what type of server you wanted, then it would install the latest supported software for that task	21:38
lukehasnoname	It's possible to bring up that menu again, but I don't know the command.	21:38
blue-frog	tasksel	21:38
lukehasnoname	boosh	21:38
Erosion	Is there any way of getting into my remote ubuntu-server located in the US, from my iMac in the UK?	21:41
Erosion	Apart from SSH.	21:41
blue-frog	magic?	21:43
nealmcb	erosio	21:43
JanC	Erosion: there are a zillion ways, but you have to prepare them before you leave of course ツ	21:43
nealmcb	...oops	21:43
Erosion	JanC: You cannot do it in SSH?	21:44
Erosion	I have root SSH access to it from here	21:44
JanC	so, then you can install anything you want I guess, but what's the problem if SSH works ?	21:44
nealmcb	look at the options available with the "tasksel" command	21:44
Erosion	JanC: I'd like to be able to view the desktop, so I get the full environment.	21:45
nealmcb	vnc?	21:46
Erosion	What's the quickest way?	21:46
Erosion	Through an iMac?	21:46
nealmcb	!servergui	21:46
ubottu	Ubuntu server does not install a desktop environment or X11 by default in order to enhance security, efficiency and performance. !eBox provides a GUI system management option via a web interface. See https://help.ubuntu.com/community/ServerGUI for more background and options.	21:46
blue-frog	Erosion: have you installed a server or desktop?	21:46
Erosion	Server	21:46
Erosion	I run OSX here though	21:46
Erosion	Is it possible?	21:47
JanC	run X through ssh -X / ssh -Y or run VNC through ssh or ssl ?	21:47
blue-frog	then to do what you want you would need to install a GUI first	21:47
JanC	well, at least the X libs...	21:47
blue-frog	otherwise with ssh you already see the the full environment	21:47
JanC	and some X client programs	21:48
Erosion	OK	21:48
JanC	Erosion: why do you need a GUI?	21:49
Erosion	Was just a thought, it's not necessary, JanC	21:52
Erosion	What does this mean?: Package libmysqlclient12-dev is not available, but is referred to by another package.	21:54
JanC	it means what it says...	21:55
lukehasnoname	Does Xen have any sort of GUI for administration or any formal manual that discusses remote administration?	21:56
JanC	libmysqlclient12 is actually pretty old ?	21:56
nealmcb	lukehasnoname: virt-manager does xen	21:56
Erosion	JanC: Just got it from a guide.	21:57
lukehasnoname	k	21:58
JanC	Erosion: I guess that's a guide tah twasn't updated for Ubuntu 8.04	21:58
lukehasnoname	nealmcb thanks	21:58
kirkland	kees: hey, you around?	21:58
kees	kirkland: yup, what's goin' on?	21:58
JanC	'libmysqlclient12-dev' was in dapper & edgy	21:59
kirkland	kees: hey, was wondering if you might give another spec a once-over	21:59
kees	sure, url?	21:59
JanC	Erosion: you can probably just use the latest libmysqlclient library?	22:00
kirkland	kees: https://wiki.ubuntu.com/EncryptedPrivateDirectory	22:00
kirkland	kees: I tried to follow your use case examples more closely in this spec	22:05
lukehasnoname	sounds interesting	22:06
lukehasnoname	I don't know enough to judge how complicated it would be to implement an encrypted fs like that	22:07
kees	kirkland: on a nit-pick, use case 3 seems entirely addressed by DAC (remote users). Not sure how to improve that one, since case 4 seems more compelling (local users). Also, I would recommend discussion of how it relates to the xdg-user-dirs package (see /etc/xdg/user-dirs.defaults). Does it perhaps belong in there? I'd like to see (maybe with another use-case) the option for people to NOT have to have an encrypt ~/Private (i.e. I trust DAC e	22:07
lukehasnoname	I've always thought that at minimum a 700 folder should be in each uer's dir	22:07
kirkland	kees: so the only difference between 3 and 4 I intended (in my mind anyway) was SSH logins versus Desktop logins	22:09
kirkland	kees: and by Desktop, I even mean Remote Desktop or VNC connections	22:09
kirkland	kees: graphical vs. command line only	22:09
kirkland	lukehasnoname: thanks.	22:10
emgent	heya	22:10
kirkland	kees: so with respect to 3 & 4, this gives you some cryptographic protection of your data (in addition to DAC) when you're not logged into the system, and a whole lot of protection if someone steals the physical hardware and it's powered off	22:11
kees	kirkland: perhaps add the "stolen hardware" bit? just to help defend it. :)	22:11
kees	kirkland: what do you think of the "allow people to not have an encrypted mount point" option?	22:12
kirkland	kees: physical abduction of a server is of course unlikely in any major corporate environment; but small to medium business, say a mom-and-pop shop or a dentist office....	22:12
kirkland	kees: yeah, i think that's a good idea	22:12
kirkland	kees: i will definitely add that one	22:12
kirkland	kees: give me a moment to think on that one.........	22:12
kees	kirkland: cool. yeah, for theft, I think it's a valuable use-case, so it's good to highlight it. :)	22:12
kirkland	kees: so i was planning on handling this as an "Opt-In" in adduser	22:13
kirkland	"Do you want an encrypted ~/Private directory for this user?"	22:13
kees	kirkland: oh! even better.	22:13
kees	I'd like to see ~/Private added to xdg-user-dirs regardless	22:13
kees	(and to see the ~/Desktop perms changed for that too)	22:13
kirkland	kees: perhaps what would be useful is an "undo" operation. basically a reverse of ecryptfs-setup-confidential	22:13
kirkland	kees: i need to research xdg-user-dirs as I'm not familiar	22:14
kees	kirkland: yeah, it was provides ~/Desktop, Documents, Templates etc	22:14
kirkland	kees: cool	22:14
kirkland	kees: if you think it's necessary (or if someone else requests it), i can add an option to ecryptfs-setup-confidential --reverse	22:16
kirkland	which would kill the entry in /etc/fstab, copy the cleartext data to ~/Private, remove the encrypted .Private directory, and remove the entries from .bash_profile, .bash_logout, and .config/autostart	22:17
kees	it might be nice, yeah. It would certainly make it more complete.	22:17
kirkland	kees: actually, that would be useful for my testing	22:17
kirkland	kees: i've been doing that schtuff by hand every time I fvt my scripts :-)	22:17
kirkland	kees: okay, i added a blanket statement about physical theft and crypto+DAC below the Use Cases, since it actually applies to all of the Use Cases	22:23
kirkland	kees: i'll add a bit about undoing the cryptographic mountpoint of ~/Private	22:23
kees	cool	22:26
kirkland	wiki is so painfully sloooooooow :-/	22:32
kirkland	kees: fyi, use case 7 added (undo ~/Private encryption), as well as a note below all Use Cases regarding physical theft	22:47
kirkland	kees: https://wiki.ubuntu.com/EncryptedPrivateDirectory	22:47
kirkland	kees: I'm going to push it onto ubuntu-server@ for comments	22:47
kees	kirkland: sounds good. :)	22:49
kirkland	kees: i even found (in retrospect) a bug report supporting this BluePrint: https://bugs.edge.launchpad.net/bugs/210179	22:49
uvirtbot	Launchpad bug 210179 in ecryptfs-utils "encrypting part of a file system is way too hard" [Wishlist,In progress]	22:49
kees	haha, nice.	22:51
nijaba	nealmcb, ajmitch: thanks a lot for your support on my ubuntu membership!	23:02
hackeron	hey, I'm trying to get kexec to boot another kernel on kernel panic, the documentation says to echo c > /proc/sysrq-trigger to trigger a kernel panic to test if kexec starts another kernel, but it isn't causing a panic :( - how do I cause a kernel panic to test if kexec is working?	23:07
uvirtbot	New bug: #236931 in openssh (main) "openssh-server does not find dsa keys authorized_keys file" [Undecided,New] https://launchpad.net/bugs/236931	23:11
ajmitch	nijaba: not that I really helped :)	23:12
mathiaz	nijaba: congrats !	23:18
* nealmcb appreciates nijaba		23:57

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!