[01:21] <bimberi> The_Kernel: Yes, Ubuntu installs with no root password set so logins to it are disabled.
[01:23] <bimberi> The_Kernel: Not sure about the denied login.  It could be in the sshd configuration on that server.  Or /etc/hosts.[allow|deny]
[01:30] <Kamping_Kaiser> The_Kernel, try with -vv you might have been blacklisted
[02:20] <christefano> has anyone known ssl-blacklist to have false positives?
[02:21] <Kamping_Kaiser> i've heard of it, but not with any sort of proof
[02:21] <christefano> hmm.
[02:43] <christefano> how do I test my SSL certificate against the openssh-blacklist?
[02:43] <Kamping_Kaiser> openssl-vulnkey ?
[02:44] <christefano> I'm not sure how to pass a certificate to openssh-vulnkey. it seems to only check SSH keys
[02:45] <Kamping_Kaiser> ssl. not ssh
[02:45] <christefano> ah, I don't have that.
[02:45] <Kamping_Kaiser> hm.
[02:45] <Kamping_Kaiser> openssl-blacklist: /usr/sbin/openssl-vulnkey
[02:46] <Kamping_Kaiser>   Installed: 0.1-0ubuntu0.7.10.4
[02:50] <emgent> morning
[05:28] <m11> hello
[09:47] <Litefire> morning all
[09:48] <Litefire> i am having a little trouble with my server instal recognizing a sata2 hd
[09:49] <Litefire> i have an ibm 330 server i installed ubuntu on  and cant seem to figure it out when i start it up i get  ata2: srst failed errno-16  for the data hd
[09:50] <Litefire> the raid that ubuntu is installed on starts up fine but the sata2 drive i have attached to a pci card isnt discoverable from what i can figure out
[09:51] <osmosis> anyone know if it is possible to do a raid 10 with software raid?
[09:52] <_ruben> osmosis: yes .. there's a raid10 kmod .. or you could do it 'manually' with raid1 and raid0
[09:53] <osmosis> _ruben: is it reliable?
[09:53] <osmosis> _ruben: can you recommend some instructions ?
[09:56] <_ruben> the basics are as simple as : sudo mdadm --build /dev/md0 --level=10 -- raid-devices=4 /dev/sda1 /dev/sdb1 /dev/sdc1 /dev/sdd1
[09:56] <_ruben> oops, kill the space between -- and raid-devices
[09:56] <_ruben> the installer doesnt support raid10, so if you want to install the system to raid10, you'll have to drop down to a shell during the install to give that command
[09:58] <_ruben> and reliable, well, the raid10 kmod is one of there newer raid kmods, so hasnt aged as much as plain raid1+0, but offers some nice enhancements as well (like doing raid10 over 3 disks for example)
[09:58] <_ruben> http://cgi.cse.unsw.edu.au/~neilb/01093607424
[12:43] <NineTeen67Comet> Hello, is there a way to get aptitude to install smartmontools w/out exim4, mailx etc etc etc?
[12:43]  * NineTeen67Comet sudo aptitude install smartmontools = exim4 exim4-base exim4-config exim4-daemon-light liblockfile1 mailx
[12:45] <ikonia> nealmcb: it just needs an mta
[12:45] <ikonia> oops
[12:45] <ikonia> NineTeen67Comet: it just needs an mta
[12:45] <NineTeen67Comet> aha .. no mail on this server, but I guess it can just use it as it pleases ..
[12:46]  * NineTeen67Comet would have e-mail if me isp would crack the ports open ..
[12:46] <ikonia> NineTeen67Comet: let it install exim and then use local mail only
[12:47] <NineTeen67Comet> ikonia: prolly what I'll do ..
[12:47] <ikonia> NineTeen67Comet: make it easy on yourself
[12:53] <cjsstables> hello all.  I can't resolve internal names on my network.  I'm able to resolve external names.  If I do a lookup on my internal nameserver I get an SOA record for prisoner.iana.org.  Can someone help here
[12:53] <cjsstables> btw I used lookup with an ip address of my name server
[13:10] <ikonia> cjsstables: ok - so if your domain is "domain1" your saying you can't resolve box1.domain1
[13:10] <cjsstables> that's correct
[13:10] <cjsstables> but I can resolve anything on the outside
[13:12] <ikonia> cjsstables: ok - so have you setup your own domain zone file ?
[13:12] <ikonia> cjsstables: are you using anything like views ?
[13:13] <cjsstables> no views.  I have dns forwarding zone
[13:14] <ikonia> cjsstables: so where is the domain your wanting to resolve kept
[13:14] <cjsstables> dns server addy is 192.168.0.1,  lynksys router is 192.168.0.2
[13:15] <ikonia> ok - but where is your domain zone file ?
[13:15] <cjsstables> it is kept on 192.168.0.1 / srv1.soho.cjs
[13:15] <cjsstables> internal private network
[13:16] <ikonia> cjsstables: ok, so if you do nslookup server=192.168.0.1 then "box1.soho.cjs" does it respond ?
[13:16] <ikonia> cjsstables: do you have "ns" lines in your one file ?
[13:16] <ikonia> zone
[13:17] <cjsstables> hold on
[13:17] <cjsstables> nslookup srv1.soho.cjs
[13:17] <cjsstables> Server:         192.168.0.1
[13:17] <cjsstables> Address:        192.168.0.1#53
[13:17] <cjsstables> ** server can't find srv1.soho.cjs: NXDOMAIN
[13:18] <ikonia> cjsstables: no - type nslookup
[13:18] <ikonia> cjsstables: then do server=192.168.0.1
[13:18] <ikonia> cjsstables: then do serv1.soho.cjs
[13:18] <ikonia> oops srv1.soho.cjs
[13:19] <ikonia> just want to check it step by step
[13:19] <ikonia> (I appriciate thats the same as your output)
[13:19] <cjsstables> server=192.168.0.1
[13:19] <cjsstables> Server:         192.168.0.1
[13:19] <cjsstables> Address:        192.168.0.1#53
[13:19] <cjsstables> ** server can't find server=192.168.0.1: NXDOMAIN
[13:19] <cjsstables> > srv1.soho.cjs
[13:19] <cjsstables> Server:         192.168.0.1
[13:19] <ikonia> cjsstables: does your zone file contain ns records, does it have an entry for srv1
[13:19] <cjsstables> Address:        192.168.0.1#53
[13:19] <cjsstables> ** server can't find srv1.soho.cjs: NXDOMAIN
[13:19] <cjsstables> yes it has an entry for srv1
[13:20] <ikonia> server=192.168.0.1 ; ** server can't find server=192.168.0.1: NXDOMAIN
[13:20] <ikonia> thats worrying
[13:20] <ikonia> does your zone file have ns lines ?
[13:20] <cjsstables> what are ns lines?
[13:20] <ikonia> cjsstables: the say the name servers for the zone
[13:21] <cjsstables> I can't answer that i'll have to look.
[13:21] <cjsstables> where do I look at?
[13:21] <cjsstables> I have webmin installed to administer the name server
[13:21] <ikonia> ughhh webmin
[13:21] <ikonia> and this is me backing away
[13:22] <cjsstables> its ok. i can use command line also
[13:22] <ikonia> cjsstables: I can't support products with webmind - it's the devils tool
[13:22] <ikonia> cjsstables: webmin changes the way things can work
[13:23] <cjsstables> so do you want me to open bind.conf
[13:23] <ikonia> not really
[13:23] <ikonia> I wanted you to look at your zone file for "NS" entries
[13:24] <ikonia> but it certainly wouldn't hurt to look if your bind.conf file contains an entry for your domain either
[13:24] <ikonia> that way you can see where it expects the zone file to be
[13:24] <cjsstables> ok.
[13:24] <cjsstables> brb
[13:24] <cjsstables> exit
[13:24] <cjsstables> oops.. sorry
[13:27] <cjsstables> ikonia:  my named conf doesn't point to any zones.  looks like the zones are included through named.conf.options
[13:28] <ikonia> cjsstables: ok - so follow that through
[13:28] <cjsstables> k brb
[13:31] <cjsstables> ok.  in my named.conf.local I have the following zone
[13:31] <cjsstables> zone "soho.cjs" {
[13:31] <cjsstables>         type master;
[13:31] <cjsstables>         file "/etc/bind/soho.cjs.hosts";
[13:31] <cjsstables>         };
[13:34] <sommer> morning all
[13:35] <jjesse> morning sommer
[13:35] <ikonia> cjsstables: ok, do you have /etc/bind/soho.cjs.hosts
[13:35] <cjsstables> ikonia:  inside my soho.cjs.hosts file I have a SOA record for srv1.soho.cjs
[13:35] <ikonia> cjsstables: ok, I suggest you put an NS line in
[13:36] <ikonia> cjsstables: I'm worried at why nslookup; server=192.168.0.1 tried to resolve server= rather than set the server to be used
[13:36] <cjsstables> ok .  there is an ns line for srv1.soho.cjs and an A record for 192.168.0.1
[13:37] <cjsstables> what bothers me is this line.....soho.cjs.       IN      SOA     srv1.soho.cjs. cjsadmin.soho.cjs. (
[13:38] <cjsstables> because there is no machine anywhere called cjsadmin.soho.cjs
[13:38] <cjsstables> cjsadmin is actually a username on the server
[13:42] <cjsstables> ikonia: can I instant message you?
[13:42] <ikonia> cjsstables: I'm not signed into one at the moment, sorry
[13:43] <ikonia> cjsstables: don't worry about the cjsadmin.soho.cjs. line
[13:43] <cjsstables> ok
[13:44] <ikonia> cjsstables: can you pastebin the zone file please ?
[13:44] <cjsstables> youl'll have to re-instruct me on using pastebin.  i forget how to use it.
[13:45] <cjsstables> is it pastbin.org or com
[13:47] <cjsstables> actually.  I'll paste all of my bind config files
[13:49] <cjsstables> ikonia: ok named.conf...http://pastebin.com/m648cf8b9
[13:50] <ikonia> no - the zone file
[13:50] <cjsstables> which one would that be?
[13:50] <ikonia> the one with cjsadmin.soho.cjs line in it
[13:50] <cjsstables> ok...
[13:51] <cjsstables> Ikonia:  http://pastebin.com/d4728359f
[13:52] <ikonia> cjsstables: did you incriment the serial when you changed it ?
[13:52] <cjsstables> yes
[13:52] <cjsstables> I sent a whole new pastebin
[13:52] <ikonia> cjsstables: no the serial on the zone file
[13:53] <cjsstables> then no I didn't.  I haven't changed it at all
[13:55] <ikonia> but you did add the "NS" line ?
[13:55] <cjsstables> no.  those ns  and a records were already there
[13:55] <ikonia> oh right
[13:55] <ikonia> thats odd
[13:55] <ikonia> cjsstables: I suggest you restart bind, look at the file /var/log/messages and check out if it loadds your file ok
[13:56] <cjsstables> ok
[13:56] <cjsstables> brb
[13:59] <cjsstables> ikonia:  looking at the message log I show no messages since last boot at7:22 am.  (Oh I did restart the bind9 server like you said)
[14:00] <cjsstables> is there any other log that I can look at for bind errors?
[14:01] <ikonia> you see no updates on restarting bind ?
[14:01] <cjsstables> nope.  none
[14:01] <ikonia> thats worrying you should at least see bind shutdown / start time stamps
[14:02] <cjsstables> ok I'll look again
[14:04] <cjsstables> ikonia: sorry...  I thought messages were listed latest first.  hold on while I page to the bottom of the file
[14:07] <ikonia> no problem
[14:08] <cjsstables> ikonia:  believe it or not there are no other entries in the log after June 2 08:45
[14:08] <ikonia> I do believe it, but that is quite worrying
[14:08] <cjsstables> why?
[14:08] <ikonia> there should be a time stamp for bind stopping and starting
[14:09] <cjsstables> .  I have rebooted multiple times since 8:45 also.  no of those are in there either
[14:09] <cjsstables> unless Jun  2 08:45:53 srv1 -- MARK --  is a valid entry for reboot
[14:11] <cjsstables> I'll restart bind again and see if the messages is updated
[14:13] <cjsstables> ikonia: I did a restart on bind, and there was no new entry....
[14:14] <ikonia> cjsstables: one moment
[14:14] <cjsstables> k
[14:15] <ikonia> cjsstables: thats my mistake - bind in ubuntu doesn't log
[14:15] <ikonia> cjsstables: I may log that as an enchancment
[14:15] <cjsstables> wheh...  I was worrying
[14:17] <cjsstables> it is funny.  I am ssh'ing into the server with ssh cjsadmin@192.168.0.1,  I then sudo su, and my terminal window from my client shows root@srv1.soho.cjs
[14:18] <ikonia> cjsstables: sudo su  ???
[14:18] <ikonia> cjsstables: you shouldn't be doing that
[14:19] <ikonia> cjsstables: your client name is probably being picked up form your host file resoution
[14:19] <cjsstables> I know, but I'm not on a production environment yet and also on a private net right now
[14:21] <cjsstables> one other bit of info when logged onto the server, I can ping srv1 and get resulst returned.
[14:21] <cjsstables> ping soho.cjs
[14:21] <cjsstables> returns no host found
[14:22] <cjsstables> ping srv1.soho.cjs returns good results
[14:22] <cjsstables> so the server itself is resolving names to ip's
[14:23] <cjsstables> but my clients cannot resolve names to ip on the local net
[14:24] <ikonia> cjsstables: and your using the FQD on your clients ?
[14:24] <cjsstables> yes
[14:24] <ikonia> cjsstables: have you setup the recersive permissions correctly (they should be ok by default for SOA zones)
[14:25] <cjsstables> I don't think there is a reverse zone ...I don't know what recursive permissions are
[14:31] <ikonia> you don't need reverse zone
[14:32] <cjsstables> ikonia:  should I have a file called soho.cjs.db in my /etc/bind/ directory?  because I don't.  the only thing I have is a db.0
[14:32] <ikonia> cjsstables: thats normally a cache file (I don't have an ubuntu server to hand to verify this, hence why I'm working from memory)
[14:32] <cjsstables> ah ok.
[14:36] <cjsstables> ikonia:  I found a how to to manually create a caching name server in ubuntu.  I'm going to stop dns and rebuild using that.
[14:36] <cjsstables> hopefully that works
[14:36] <ikonia> caching name server isn't for hosting zones
[14:36] <cjsstables> no but it will still allow me to resolve local IP's won't it?
[14:37] <cjsstables> oops local names...
[14:37] <_ruben> no, only non-local ones
[14:40] <ikonia> cjsstables: your problem is that your box doesn't seem aware that it's hosting the domain
[14:40] <cjsstables> it looks as though this how to has a revers lookup file that has named.conf.local that specifies the zone
[14:40] <cjsstables> and then referes to a reverse zone
[14:40] <cjsstables> also has the forwarders in it
[14:41] <ikonia> cjsstables: ahhhhh I have it
[14:41] <cjsstables> ok...
[14:41] <ikonia> cjsstables: your server can do it because it's doing the lookup locally
[14:42] <cjsstables> ok
[14:42] <cjsstables> makes sense
[14:42] <ikonia> your clients hit the box - get forwarded on, but the NS record is 192.168.0.1, which is non-routable so routes to no-where
[14:42] <Libertine-> hi
[14:42] <ikonia> cjsstables: take the forward of that zone
[14:42] <cjsstables> you mean remove the forwarding part
[14:43] <ikonia> on that domain
[14:43] <ikonia> so that it knows its local to the box
[14:44] <cjsstables> hold on I gotta think though this a sec....
[14:44] <cjsstables> and recall what file holds the forarder
[14:47] <cjsstables> ikonia:  Ok I'm lost.
[14:47] <ikonia> cjsstables: one moment
[14:47] <ikonia> I'm going to see if I can gain access to an ubuntu box from where I am
[14:47] <cjsstables> ok
[14:48] <cjsstables> ikonia:  I have to go outside for a minute...  smoke break..  LOL.  I'll be back
[15:01] <cjsstables> ikonia:  back now
[15:30] <cyris|> morning everyone
[16:22] <zul> jdstrand: ping
[16:24] <jdstrand> zul: pong
[16:25] <zul> jdstrand: you were the last one to touch openldap2.3 in hardy do you mind if I take the merge off your hands?
[16:25] <jdstrand> zul: that would be very much appreciated :)
[16:25] <zul> jdstrand: consider it done :)
[16:25] <jdstrand> \o/
[16:25] <jdstrand> thanks
[16:26] <emgent> heya :)
[17:07] <afief_> Could someone tell me what's wrong with the following crontab? 53 18	* * *	root	mysqldump --all-databases -uroot -pmightyrhapsody | bzip2 > /media/backup/mysql/`date \+%d-%m-%y`.bz2
[17:14] <InsomniaCity> you might be better off moving the commands out into a script somewhere
[17:15] <afief_> InsomniaCity, thanks, I'll try that
[17:15] <InsomniaCity> also, my crontab doesn't have usernames in it
[17:19] <delcoyote> hi all
[17:20] <delcoyote> have an issue to connect lan server through putty or ssh, server has monitor, mouse,keyboard, through a kvm switch(4 pc's) if its connected it connects, if its disconnected from monitor, mouse, keyboard, can't connect to it, and if keyboard and mouse(not monitor) are connected I can connect also, what is wrong, what I shold be looking for?
[17:42] <hackeron> hey, I'm trying to text kexec to boot another kernel on kernel panic, the documentation says to echo c > /proc/sysrq-trigger but it isn't causing a kernel panic on my ubuntu server - how do I cause a kernel panic?
[17:42] <hackeron> err, I mean I'm trying to get kexec to boot another kernel on kernel panic
[18:16] <spiekey_> Hi
[18:17] <spiekey_> is anyone here using some tool to monitor the CPU, Harddrive and motherboard teperature?
[18:34] <mathiaz> sommer: is there anything about nss-ldap and how to setup an ubuntu client to use an ldap server instead of NIS in the docs ?
[18:39] <sommer> mathiaz: nope, not in the serverguide, but there are some good guides in help.u.c
[18:39] <timboy> ssh stopped working on my my main computer... when I try to connect it says connection refused...
[18:40] <sommer> mathiaz: expanding the LDAP section is on the list for Intrepid though :)
[18:41] <timboy> i removed it with apt-get remove and reinstalled it but still no go... is there something else I should look at?
[18:42] <sommer> timboy: is the sshd service running?
[18:44] <timboy> sommer, in /etc/init.d/ there is no ssh there is ssh though
[18:45] <timboy> i restarted it and it said ok but still says refused
[18:45] <sommer> timboy: try ps -ef | grep sshd, and see if it gives you some process numbers
[18:45] <sommer> timboy: you could also try ssh -vvv hostname, to give more debugging output
[18:46] <timboy> root 25684 1 10:50 ? 00:00:00 /usr/sbin/sshd
[18:47] <timboy> same message. connection refused no more useful data
[18:47] <timboy> not running a firewall
[18:48] <sommer> timboy: did you use the -vvv option?  you might also check /var/log/auth.log on the server
[18:49] <timboy> sommer, in /var/lob/auth.log it says error: bind to port 22 on 0.0.0.0 failed: address already in use. I'm sure that's from when I restarted ssh
[18:49] <timboy> so something is already using ssh port?
[18:49] <sommer> timboy: you might have another service running on that port then
[18:49] <timboy> ok how do I tell
[18:49] <blue-frog> mathiaz: very simple. install ldap-auth-client, make sure you enter the ldap admin passord during conf, run: sudo auth-client-config -a -p lac_ldap, change bind_policy hard by bind_policy soft in /etc/ldap.conf and off you go
[18:50] <sommer> timboy: I'd try sudo /etc/init.d/ssh stop, and then ps -ef | grep ssh to make sure all the process are stopped
[18:51] <timboy> 6583 6545 0 may 30 ? 00:00:00 /usr/bin/ssh-agent x-session-manager
[18:55] <timboy> sommer, what's that mean?
[18:59] <timboy> can someone help me troubleshoot my ssh issues?
[19:00] <timboy> something appears to be hogging port 22...
[19:04] <sommer> timboy: is that ssh-agent running on the server?
[19:05] <timboy> i don't know... it's in my init.d directory
[19:07] <timboy> ok nevermind it's not in my init.d directory
[19:07] <sommer> timboy: which machine did you run find the process on?  the one you're trying to connect to or the machine you're trying to connect from?
[19:07] <sommer> timboy: I'd try restarting ssh on the machine you're trying to connect to
[19:07] <timboy> the one i'm trying to connect to
[19:08] <timboy> i've done that several times though...
[19:09] <sommer> timboy: are there any errors in /var/log/syslog after you restart ssh?
[19:10] <timboy> no just the error I get in auth.log
[19:11] <timboy> i just purged the ssh and openssh-server programs with aptitude and reinstalled them and no go. so there is something else using port 22
[19:12] <ScottK> timboy: Does netstat list anything?
[19:12] <sommer> can you pastebin the output of ssh -vvv servername ?  replacing servername with the host you're trying to connect to
[19:16] <timboy> sommer, http://rafb.net/p/2yFLIv70.html
[19:18] <sommer> timboy: have you upgraded both the server and the client... it may be because of the week sshkey issue
[19:19] <timboy> not upgraded client but have upgraded server...
[19:20] <timboy> sommer, I can't even do ssh localhost
[19:21] <sommer> timboy: as ScottK said try netstat -a and see what is listening
[19:23] <timboy> sommer, doesn't appear that anything is...
[19:24] <sommer> and you still get the error about something already listening on port 22?
[19:25] <timboy> yes
[19:25] <timboy> weird
[19:25] <sommer> hrrmmm, maybe try restarting... that'll be sure and stop all the services
[19:26] <timboy> ok...
[19:27] <sommer> timboy: you might also try setting the LogLevel attribute in /etc/ssh/sshd_config to DEBUG, to produce more output
[19:45] <timboy> sommer, still no go
[19:45] <timboy> ssh localhost is working but in my auth.log i still get the error about binding to port 22
[19:46] <timboy> sommer, took so long because i had the joyous fsck check
[19:48] <sommer> timboy: you might also try setting the LogLevel attribute in /etc/ssh/sshd_config to DEBUG, to produce more output
[19:50] <sommer> timboy: netstat -nlp may reveal more about which process are using which ports
[19:51] <timboy> sommer, shows nothing with port 22 in netstat
[19:52] <timboy> actually now it's showing up hold on
[19:53] <sommer> timboy: and sshd is running?  you should see output from ps -ef | grep sshd listing a proces number
[19:54] <timboy> sommer, ok purged it again!@ and now it doesn't show up...
[19:55] <sommer> timboy: so try starting it again (/etc/init.d/ssh start)
[19:56] <sommer> timboy: can you pastebin the output of ps -ef ?  after trying to start ssh
[19:56] <timboy> i'll need to install it again
[19:57] <sommer> yep you'll need openssh-server installed in order to connect
[19:57] <timboy> root     14604     1  0 12:02 ?        00:00:00 /usr/sbin/sshd
[19:57] <timboy> Jun  2 12:02:25 ubuntu sshd[14604]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
[19:57] <timboy> is this because i'm installing both ssh and openssh-server?
[19:58] <timboy> what's weird is that it says it is running but at the same time tells me that it can't bind to port 22. same PID
[19:58] <timboy> I can do ssh localhost now though
[20:03] <dena_> sommer, about to reformat...
[20:47] <nealmcb> . o O (timboy needs to run sudo netstat -ltp to find out who has the port open)
[21:07] <genii> Is there some CLI update-notifier? Aside from the obvious way of just running something like apt-get update or such that is.
[21:14] <blue-frog> genii: what is your need?
[21:15] <InsomniaCity> genii: I'd imagine apt has exit codes or something for non-interative operation
[21:15] <InsomniaCity> *interactive
[21:17] <genii> blue-frog: Basically to have the CLI equivelent of update-notifier feauture which exists otherwise.
[21:18] <genii> When run unattended perhaps to email admin of which are available
[21:19] <blue-frog> as I don't know if it exits (certainly es) I would use a workaround myself, apt-get update && apt-get -s dist-upgrade and email the result (or log)
[21:20] <blue-frog> email upon conditions, only if one of the result has something else than 0 in (0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded)
[21:21] <blue-frog> well at least 0 upgraded in fact
[21:22] <osmosis> whats the alternative CD for ?
[21:22] <blue-frog> install GUI Ubuntu
[21:23] <osmosis> blue-frog: for server ?
[21:24] <blue-frog> well if you want a GUI server
[21:24] <blue-frog> but more for desktop
[21:26] <blue-frog> genii: have a look at man apt-get. what about the -u option?
[21:28] <Erosion> Just installed ubuntu server, is there a guide about what I should install when I first get it?
[21:29] <blue-frog> I would say that only you know what service you want.
[21:31] <blue-frog> genii: or maybe  apt-show-versions -u
[21:31] <genii> Hmm, perhaps download-only with -u then pipe that to a file which emails off
[21:31] <genii> You'd think there might be a simpler way though
[21:32] <blue-frog> in that case -s would be enough, no need to download
[21:32] <Erosion> Isn't there a guide, showing the best software for FTP, Web Server, Mail Server etc
[21:33] <Erosion> In ubuntu server when I hit the <-- KEY, (backspace), it treats it like I've hit the DEL Key, and removes the character infront (instead of behind)
[21:36] <blue-frog> genii: apt-show-versions from universe looks nice
[21:36] <genii> blue-frog: I'm formulating a plan in which if already downloaded, a return email may be parsed and packages indicated there upgraded
[21:37] <blue-frog> yes yes understood, apt-show-versions -u will list all the upgradeable packages
[21:37] <blue-frog> and apprently exit 0 if none
[21:37] <lukehasnoname> erosion:
[21:38] <lukehasnoname> During install you should have been prompted on what type of server you wanted, then it would install the latest supported software for that task
[21:38] <lukehasnoname> It's possible to bring up that menu again, but I don't know the command.
[21:38] <blue-frog> tasksel
[21:38] <lukehasnoname> boosh
[21:41] <Erosion> Is there any way of getting into my remote ubuntu-server located in the US, from my iMac in the UK?
[21:41] <Erosion> Apart from SSH.
[21:43] <blue-frog> magic?
[21:43] <nealmcb> erosio
[21:43] <JanC> Erosion: there are a zillion ways, but you have to prepare them before you leave of course  ツ
[21:43] <nealmcb> ...oops
[21:44] <Erosion> JanC: You cannot do it in SSH?
[21:44] <Erosion> I have root SSH access to it from here
[21:44] <JanC> so, then you can install anything you want I guess, but what's the problem if SSH works ?
[21:44] <nealmcb> look at the options available with the "tasksel" command
[21:45] <Erosion> JanC: I'd like to be able to view the desktop, so I get the full environment.
[21:46] <nealmcb> vnc?
[21:46] <Erosion> What's the quickest way?
[21:46] <Erosion> Through an iMac?
[21:46] <nealmcb> !servergui
[21:46] <blue-frog> Erosion: have you installed a server or desktop?
[21:46] <Erosion> Server
[21:46] <Erosion> I run OSX here though
[21:47] <Erosion> Is it possible?
[21:47] <JanC> run X through ssh -X / ssh -Y or run VNC through ssh or ssl ?
[21:47] <blue-frog> then to do what you want you would need to install a GUI first
[21:47] <JanC> well, at least the X libs...
[21:47] <blue-frog> otherwise with ssh you already see the the full environment
[21:48] <JanC> and some X client programs
[21:48] <Erosion> OK
[21:49] <JanC> Erosion: why do you need a GUI?
[21:52] <Erosion> Was just a thought, it's not necessary, JanC
[21:54] <Erosion> What does this mean?: Package libmysqlclient12-dev is not available, but is referred to by another package.
[21:55] <JanC> it means what it says...
[21:56] <lukehasnoname> Does Xen have any sort of GUI for administration or any formal manual that discusses remote administration?
[21:56] <JanC> libmysqlclient12 is actually pretty old ?
[21:56] <nealmcb> lukehasnoname: virt-manager does xen
[21:57] <Erosion> JanC: Just got it from a guide.
[21:58] <lukehasnoname> k
[21:58] <JanC> Erosion: I guess that's a guide tah twasn't updated for Ubuntu 8.04
[21:58] <lukehasnoname> nealmcb thanks
[21:58] <kirkland> kees: hey, you around?
[21:58] <kees> kirkland: yup, what's goin' on?
[21:59] <JanC> 'libmysqlclient12-dev' was in dapper & edgy
[21:59] <kirkland> kees: hey, was wondering if you might give another spec a once-over
[21:59] <kees> sure, url?
[22:00] <JanC> Erosion: you can probably just use the latest libmysqlclient library?
[22:00] <kirkland> kees: https://wiki.ubuntu.com/EncryptedPrivateDirectory
[22:05] <kirkland> kees: I tried to follow your use case examples more closely in this spec
[22:06] <lukehasnoname> sounds interesting
[22:07] <lukehasnoname> I don't know enough to judge how complicated it would be to implement an encrypted fs like that
[22:07] <kees> kirkland: on a nit-pick, use case 3 seems entirely addressed by DAC (remote users).  Not sure how to improve that one, since case 4 seems more compelling (local users).  Also, I would recommend discussion of how it relates to the xdg-user-dirs package (see /etc/xdg/user-dirs.defaults).  Does it perhaps belong in there?  I'd like to see (maybe with another use-case) the option for people to NOT have to have an encrypt ~/Private (i.e. I trust DAC e
[22:07] <lukehasnoname> I've always thought that at minimum a 700 folder should be in each uer's dir
[22:09] <kirkland> kees: so the only difference between 3 and 4 I intended (in my mind anyway) was SSH logins versus Desktop logins
[22:09] <kirkland> kees: and by Desktop, I even mean Remote Desktop or VNC connections
[22:09] <kirkland> kees: graphical vs. command line only
[22:10] <kirkland> lukehasnoname: thanks.
[22:10] <emgent> heya
[22:11] <kirkland> kees: so with respect to 3 & 4, this gives you some cryptographic protection of your data (in addition to DAC) when you're not logged into the system, and a whole lot of protection if someone steals the physical hardware and it's powered off
[22:11] <kees> kirkland: perhaps add the "stolen hardware" bit?  just to help defend it.  :)
[22:12] <kees> kirkland: what do you think of the "allow people to not have an encrypted mount point" option?
[22:12] <kirkland> kees: physical abduction of a server is of course unlikely in any major corporate environment; but small to medium business, say a mom-and-pop shop or a dentist office....
[22:12] <kirkland> kees: yeah, i think that's a good idea
[22:12] <kirkland> kees: i will definitely add that one
[22:12] <kirkland> kees: give me a moment to think on that one.........
[22:12] <kees> kirkland: cool.  yeah, for theft, I think it's a valuable use-case, so it's good to highlight it.  :)
[22:13] <kirkland> kees: so i was planning on handling this as an "Opt-In" in adduser
[22:13] <kirkland> "Do you want an encrypted ~/Private directory for this user?"
[22:13] <kees> kirkland: oh! even better.
[22:13] <kees> I'd like to see ~/Private added to xdg-user-dirs regardless
[22:13] <kees> (and to see the ~/Desktop perms changed for that too)
[22:13] <kirkland> kees: perhaps what would be useful is an "undo" operation.  basically a reverse of ecryptfs-setup-confidential
[22:14] <kirkland> kees: i need to research xdg-user-dirs as I'm not familiar
[22:14] <kees> kirkland: yeah, it was provides ~/Desktop, Documents, Templates etc
[22:14] <kirkland> kees: cool
[22:16] <kirkland> kees: if you think it's necessary (or if someone else requests it), i can add an option to ecryptfs-setup-confidential --reverse
[22:17] <kirkland> which would kill the entry in /etc/fstab, copy the cleartext data to ~/Private, remove the encrypted .Private directory, and remove the entries from .bash_profile, .bash_logout, and .config/autostart
[22:17] <kees> it might be nice, yeah.  It would certainly make it more complete.
[22:17] <kirkland> kees: actually, that would be useful for my testing
[22:17] <kirkland> kees: i've been doing that schtuff by hand every time I fvt my scripts :-)
[22:23] <kirkland> kees: okay, i added a blanket statement about physical theft and crypto+DAC below the Use Cases, since it actually applies to all of the Use Cases
[22:23] <kirkland> kees: i'll add a bit about undoing the cryptographic mountpoint of ~/Private
[22:26] <kees> cool
[22:32] <kirkland> wiki is so painfully sloooooooow :-/
[22:47] <kirkland> kees: fyi, use case 7 added (undo ~/Private encryption), as well as a note below all Use Cases regarding physical theft
[22:47] <kirkland> kees: https://wiki.ubuntu.com/EncryptedPrivateDirectory
[22:47] <kirkland> kees: I'm going to push it onto ubuntu-server@ for comments
[22:49] <kees> kirkland: sounds good.  :)
[22:49] <kirkland> kees: i even found  (in retrospect) a bug report supporting this BluePrint: https://bugs.edge.launchpad.net/bugs/210179
[22:51] <kees> haha, nice.
[23:02] <nijaba> nealmcb, ajmitch: thanks a lot for your support on my ubuntu membership!
[23:07] <hackeron> hey, I'm trying to get kexec to boot another kernel on kernel panic, the documentation says to echo c > /proc/sysrq-trigger to trigger a kernel panic to test if kexec starts another kernel, but it isn't causing a panic :( - how do I cause a kernel panic to test if kexec is working?
[23:12] <ajmitch> nijaba: not that I really helped :)
[23:18] <mathiaz> nijaba: congrats !
[23:57]  * nealmcb appreciates nijaba