[00:00] I'm pretty new to this whole remote ssh computing. How do I copy a file from one computer to another using ssh access in terminal? [00:00] scp file computer: [00:01] Bookman: scp file user@computer:/path/where/to/put/the/file [00:01] my method is shorter! [00:01] * domas giggles [00:03] Thank you kindly. [00:03] That is from local to remote, correct? How about reverse? [00:04] A simple reverse would work? [00:04] scp user@computer:/file file [00:04] yes [00:04] rsync -Paz localfile user@computer:/remotefile [00:04] rsync -Paz user@computer:/remotefile localfile [00:04] :) [00:04] lots of ways, eh? [00:05] rsync can do compression and is super-smart about updating files which have minor changes. [00:11] also rsync is smarter about copying symlinked directories [00:11] hmmm....having trouble with scp though. [00:12] probably need to to do -r to have it copy recursively if you're doing directories [00:12] what issue are you seeing with scp? [00:13] I'm having trouble copying a file with spaces in the name. [00:13] I have it between quotes === scratched_ is now known as scratched [00:19] Here is what I tried http://pastebin.ca/1561630 [00:20] ya spaces in scp is a mess, I sometimes end up using * [00:20] Just a wildcard? [00:21] I had that same issue a few days ago and never got it figured out, just did the wildcard to get the dir [00:21] should be able to \ before the space right [00:21] that would make too much sense though [00:21] I guess I can rename the file..... [00:22] Not sure if I have those permissions in that directory though. [00:22] might try to google a little about scp with a space in the filename [00:23] or use some wildcards to get it [00:23] just replace each space with a * it should be ok [00:23] gotta go, good luck [00:24] Thanks! === ktk_ is now known as KurtKraut [00:32] Anyone else know how to scp a file with spaces in its name? [00:35] you need to escape the spaces [00:36] I tried that [00:36] here is a link: http://www.thingy-ma-jig.co.uk/blog/14-05-2007/how-to-scp-a-path-with-spaces [00:37] Ah, let me try again..... [00:38] KillMeNow: Thank you kindly. Got it. PITA though. [00:40] mdeslaur: C version of HOTP and TOTP done. [00:40] yes it is [00:40] I'm pretty sure you can use quotes, but you have to format it like this [00:41] scp -r user@host:"/path/to/file" user@host:"/path/to/file" [00:51] No problem, escaping the spaces works. I just have to remember. [01:06] Thank you all for your help this evening. Much appreciated. [01:35] soren: you rock :) [01:53] soren, around ? [01:54] Bookman, other option is probably to use lftp . i dont know why, but recently i'm really high on how nice lftp is (it supports scp) [01:55] I have to look that up! [02:00] smoser: i wonder whether adding an application layer on top of ssh is a good thing [02:01] pmatulis, i dont really understand. [02:02] lftp does some really nice things. tab completion, caching of server side data. it does these things for http, ftp, ftps, https, ssh . really helpful. [02:02] smoser: well if you connect with keys you're entrusting them with another program [02:02] the one major benefit of it is 'pget' (parallel get) [02:02] which does multiple opens/concurrent downloads . on high bandwidth and high latency links (like my cable modem) 5 parallel gets scales almost linearly in many cases. [02:03] pmatulis, lftp meerly invokes ssh. [02:03] so i dont think you're entrusting it to the key more than any other app that could potentially read it from ~/.ssh/... [02:04] (at least i know for "fish" support it invokes ssh). [02:05] smoser: i guess it's a matter of principle, it's the reason why i don't use gui programs to "help" me with my keys, it's bad enough the ssh-agent invokes some weird sub-process (seahorse-agent?) [02:06] but thanks for the info on lftp and scp. didn't know that [02:44] Hey guys [02:44] Can I use the default Ubuntu server ISO or the alternate install ISO and define my own boot args? [02:44] I'm trying to use my own preseeding file and I'd really rather not have to setup a TFTP server and all that jazz... Can I just use the media you guys provide? [02:45] At the moment I'm not sure how to just edit the boot parameters on the cd [02:45] Is there an easy way to break out of the retarded isolinux gui? === robd is now known as Guest2188 [03:29] Heya, so I have a mini server play around that I am taking to class and I have only a network card installed on it (eth port burned up) I managed to get the wireless card on, but i do not know how to manage its connection through terminal. Is there a tool to help me do this? [03:29] Only has a wireless card i mean [03:36] kahrg: that depends on what wifi infrastructure you have installed. [03:36] If NetworkManager is installed, for example, you must talk to it using XML via dbus. [03:37] If only wpa-supplicant is installed, and you have configured it as a "wpa-roam" interface in /etc/network/interfaces as described in wpasupplicant's README.Debian, then you can use the wpa_cli and wpa_action to talk to it like a shell. === mushroomb1ue is now known as mushroomblue [04:24] hey , is the vmware support just announced by Eucalyptus only available in their commercial product, or is it coming to UEC as well? [05:16] I have a site with a small LAN (about ten workstations give or take a laptop or three). We pay someone off site to host our Web site and email. Given suitable hardware, would Ubuntu Server enable us to bring Web hosting and email in-house, as well as hosting our document files? [05:18] ball: Yes, but suitable also includes, connectivity, backups, offsite storage, and a lot of other stuff too. [05:18] * ball nods [05:18] rsync is great for off-site backups. [05:18] ...also need to replace my tape drive :-/ [05:19] What about easy administration? [05:19] ball, to host a website or an email server it would be rather important to have a static IP address and low demand on traffic on those services. [05:19] KurtKraut: we have that. [05:20] ball, the IP address has a reverse domain? [05:20] KurtKraut: Not recently, but in the past I've had a domain pointed to it. [05:20] (we would again) [05:22] soren: python-mhash accepted. Some packaging improvements can be found in Bug #427692. Please review and upload if you're good with the changes. [05:22] Launchpad bug 427692 in python-mhash "Please build python-mhash for all supported Python versions" [Undecided,New] https://launchpad.net/bugs/427692 [05:23] is there a way i can log all commands executed by any user on shell and then email those to a certain email address at the end of day, delete the log? [05:28] soren: I acceptedt the binaries that were done too. [06:11] * ball thinks about giving up [06:19] IMO it's not worth the hassle of maintaining your own hardware in your own office. [06:20] Particularly here in .au, where bandwidth is expensive. [06:20] If I had a company, I'd stick the website and MTA on a VPS in .us, that I have root on. [06:21] twb: depends on who your web audience is, right? [06:21] giovani: yes [06:21] clearly if 99% of your visitors are .au -- then you won't want to be hosting in .us [06:21] Mainly I just hate dealing with read hardware :-) [06:21] *real [06:22] abstractionist! [06:22] vpses are evil [06:22] Certainly most VPS technology I've seen has been evil [06:23] and it's all totally insecure [06:23] I mean, I wouldn't trust any security-sensitive server on a virtualized system at this point [06:23] giovani: web and mail are sensitive now? ;-) [06:23] also depends on where the majority of your mail is going. if it's predominantly internal, having a mail server at your office makes sense (esp. given how expensive bandwidth is here) [06:23] twb: depends on what they're hosting, right? [06:23] giovani: yep [06:24] for us, mail is critical security-wise [06:24] end-to-end s/mime? ;-) [06:24] depends on the individual [06:24] but yes [06:24] and everything is tlsed with client certs [06:25] mail is only accessible from within the network, no webmail, etc [06:25] vpn in is your only option [06:25] and only authorized devices can vpn in [06:25] Local hosting is also a lot nicer if you have a dedicated machine room with a rack, proper ac, proper case, hot-swappable drives, etc. [06:26] volume is what kills it for us.. and why we host our own mail. that said, we've thought about hosting the primary MX outside and having it do the main grunt of spam/whatever (and face the brunt of DDOS), and then forward stuff to the real server here at the office [06:26] As opposed to a lot of what I am exposed to, which is an ATX tower stuck under someone's desk [06:26] haha [06:26] yeah, that would suck, twb [06:26] heh.. ours are ATX towers stuck on desks next to the rack cos the rack is full. ;) [06:27] It's hard to justify rack mounting when your client only has a dozen staff [06:27] twb: I've rack mounted for companies of 2 [06:27] twb: I dunno, it's nice to keep things tidy [06:27] giovani: yeah, but in YOUR rack, or their rack? [06:27] theirs [06:27] ...same rack-mount UPS are expensive though [06:27] s/same/shame/ [06:27] I had them buy a 22U half-height locking APC cab [06:27] and we installed 2 servers, 1 router, 1 switch, 1 patch panel [06:27] giovani: yeah, that could work [06:27] fully locked, and controlled [06:28] environmental monitoring, etc [06:28] I've never visited the site since [06:28] it's all IPMI managed [06:28] A lot of our customers are also running FC3 or CentOS4.2 still, too :-/ [06:28] yeah, that company I have running ubuntu [06:28] Set up by the previous generation of sysadmins [06:29] yeah, at my day job ... we have a shitton of that [06:29] 1,100 servers [06:29] set up over the past 10 years [06:29] I tell myself "at least it's not solaris" [06:29] 90% of it from the past 3 years [06:29] Or AIX [06:30] Is there some way to make Ubuntu Server easy to manage? [06:30] heh [06:30] (for my successor?) [06:30] yeah, learn to use linux [06:30] ball: document what you're doing [06:30] esp. etckeeper [06:31] twb: I don't know what an etckeeper is. [06:31] ball: apt-get install etckeeper [06:31] It keeps a history of /etc in version control [06:32] I don't have Ubuntu Server installed on a production machine. I've thought about it, but I'm worried about the people who come after me. [06:32] ball: what are you using instead? [06:33] NetBSD. Need to replace that, obviously. [06:33] Heh. [06:33] One of our customers has half a dozen staff... each has a FreeBSD workstation, which is also running part of their core services [06:33] awesome [06:34] we do that too [06:34] e.g. one is running NFS, one is running NIS, etc. [06:34] we have desktops that trade a few million dollars [06:34] it's horrific [06:34] And their last admin compiled stuff from source, with his own patches, "to make it more secure" [06:34] twb: ... sure ... why wouldn't you? [06:34] twb: did he leave you the source? [06:34] * JanC wants to know IPs to blacklist certain companies :P [06:35] ball: I dunno, I'm not directly involved with those poor bastards [06:35] JanC: blacklist for what reason? [06:35] twb: that seems like something to be thankful for. [06:36] Yeah... mostly I work on building desktop SoEs for use by remanded prisoners in DoJ gaols. Requirements elicitation and security analysis is FUN. [06:36] how do you do your "security analysis"? [06:36] As is getting new copies of the SoE onto their airgapped network [06:37] giovani: mainly by proactively adding layers and layers of cruft [06:37] how is that analysis? [06:37] analysis isn't action ... it's passive [06:37] Like removing gettys and xterms and gedit to make it harder to write sh scripts. [06:37] oh god [06:37] giovani: yeah, OK, so not analysis [06:38] I'm so going to break into a prison network just to prove a point [06:38] You can still write sh scripts using oowriter and putting "exec >output" at the top, saving them in /tmp (which isn't mounted -o noexec), and then chmodding and executing them in nautilus. [06:39] well, if you have a mail client, you can always mail scripts and save them ;-) [06:39] twb: why would I have oowriter or nautilus on a server? [06:39] giovani: this is on the desktop [06:39] oh, why do you care if people write shell scripts? [06:39] The server I have managed to prevent them putting x on at all, thank the gods. [06:39] giovani: like I said, layers and layers of cruft [06:40] but why do you care? [06:40] If they can write their own sh scripts, they are one step closer to getting root on the local desktop. [06:40] what is the shell script going to do? [06:40] uh [06:40] that's just false [06:40] Once they get root on the local desktop, they can remove the local firewall [06:40] this is a disconnected chain of events [06:41] anything you can write in a shell script file can be written directly into a bash shell -- trying to prevent them from writing to a file is foolish and simply security theater [06:41] there's nothing in a shell script that's dangerous [06:41] They have no tty, so they can't run bash interactively. [06:41] it's just a series of commands they can type manually [06:41] twb: they don't have a shell? that's unlikely if they can start x [06:42] They have a *shell*, they don't have a terminal to run it in. [06:42] this is a windows-like view on security [06:42] there is nothing dangerous in a shell [06:42] please stop this silliness [06:42] That's just one layer. [06:42] no, it's not a layer [06:42] it's theater [06:42] "if they can't -see- the command line, then they clearly can't use it!" [06:42] it's absurd [06:43] No, it just means it takes them longer to see the output [06:43] no, it doesn't [06:43] anyway, why can't I single-user the machine? [06:43] eh? [06:43] reboot it and place it into single user [06:43] change the root password, and now I own the box [06:43] Because you'd need to open the case to reset the BIOS password [06:43] period [06:44] Or to boot it off local media [06:44] the bios is not related to single user mode [06:44] the boot manager is [06:44] most bioses have generic passwords anyway [06:44] The bootloader (pxelinux) does not allow you to change anything on the client side. [06:44] ok, so I either use a generic bios password, or I pop the jumper [06:44] now what? [06:44] I still own the box [06:44] You can't open the case without a torx screwdriver. [06:45] right, because I can't buy those at any hardware store [06:45] giovani: not if you're in prison [06:45] you've placed all the wrong security measures [06:45] oh this is a prisoner-accessed computer? [06:45] I thought it was just a regular computer in the prison [06:45] As I said initially, this SOE is for remanded prisoners. [06:45] I don't know what SOE is [06:46] SOE just means a standardized environment [06:46] twb: considering that prisoners succeed in getting knives, files, mobile phones, drugs, etc., why not a torx screwdriver? ;-) [06:47] you don't even need a torx screwdriver to take off a torx screw [06:47] JanC: OK, so smuggle in a torx screwdriver AND a hard disk with an OS on it [06:47] Do you use ltsp terminals? [06:47] a flat piece of metal of the right size will work fine [06:47] ball: no, but something broadly similar [06:48] Sun Ray? ;-) [06:48] ball: custom x86 hardware and a netbootized version of the LTS desktop live CD [06:49] twb: Ah, there you go. [06:49] I'm thinking of rolling out ltsp, but I'm worried about ongoing support. [06:49] ball: I would like to switch to LTSP, but right now it's a little too much effort. [06:50] twb: honestly, I'm sure this setup is 99.9% secure, but I won't bet any money on it unless it's never used without supervision... [06:50] heh [06:50] 99.9%? [06:50] are you smoking crack? [06:50] no, I'm just making up a number :P [06:51] it sounds very inadaquately secure [06:51] and I think it's mostly secure considering most users probably don't know the difference between IE & the internet [06:52] Certainly the system we *replaced* was a bunch of Windows desktops [06:52] Where some guy's entire job was to go around opening them up, checking for contraband, putting them back together, reinstalling Windows [06:52] lol [06:53] I would *like* to spend more time locking it down more, but what we've rolled out is orders of magnitude tighter than what they had [06:54] and it's probably possible to automaticly detect tampering if you want too [06:55] Yeah, that'd be good. [07:35] New bug: #427718 in samba (main) "owner of sticky directory cannot delete files created by others" [Undecided,New] https://launchpad.net/bugs/427718 === Maelos` is now known as Maelos === cjwatson_ is now known as cjwatson [08:56] New bug: #418112 in qemu "qemu-img should give reasons for failing" [Wishlist,In progress] https://launchpad.net/bugs/418112 [09:35] How to change a limit of UNIX sockets within Ubuntu system? [09:35] googling it, but can't find it [09:47] PecisDarbs: man limits? [09:48] man limits.conf, rather. [09:48] But that doesn't seem to cover it, so I guess it's an option in the kernel? [09:52] yes [09:52] but I can't find it [09:52] twb: limits.conf is for files [09:53] Well, it also specifies core size and fork count, for example [09:53] Doesn't matter [09:53] it specifies amount of memory how much you can use on socket messages [09:54] I think you can create as much sockets as you want [09:55] btw, HOW do you create sockets? [09:55] I couldn't work it out the other day [09:56] in application or from command line? [09:56] twb: You just start listening on them. [09:56] soren: I mean when the socket file doesn't exist yet [09:56] So do I [09:56] qemu didn't like that [09:57] e.g. qemu -serial unix:/tmp/x [09:59] twb: It tries to /connnect/, not listen. [09:59] qemu -serial unix:/tmp/x,server [09:59] is what you ant. [09:59] want, even. [09:59] soren: oh, duh, thanks [10:00] As it happens, I found -serial pty was more awesome [10:00] Then connect to it with "screen pts/27" === garymc_ is now known as garymc [11:25] * soren lunches [11:35] hi, anybody knows about how can i obtain stats from an apt mirror? [11:35] I have an apt mirror, and would like to see the monthly hits === garymc_ is now known as garymc [12:35] stas: awstats? [12:35] wc ? [12:38] Jeeves_: I got it nevermind. I used visitors :) [12:58] Sam-I-Am: hey [12:58] Sam-I-Am: are you still having problems with sudo+ldap in karmic? [13:06] New bug: #427826 in openvpn (universe) "openvpn 2.1~rc7-1ubuntu3.5 bug" [Undecided,New] https://launchpad.net/bugs/427826 [13:22] kirkland: thank you for your manpages.ubuntu.com...I use it every week. [13:22] mdeslaur: :-) awesome! [13:23] mdeslaur: i have a new one for you, in case you're interested ... [13:23] mdeslaur: linuxsearch.org [13:23] mdeslaur: helps find resources across several linux distributions [13:23] mdeslaur: ie, you can search for a bug, and then narrow that search to ubuntu, fedora, debian, gentoo, etc [13:24] mdeslaur: really helps me as upstream maintainer of projects, and ubuntu maintainer of certain packages [13:24] kirkland: wow...that is _so_ cool [13:26] mdeslaur: :-) [13:26] kirkland: your site? [13:26] mdeslaur: yeah [13:26] cool [13:43] kees, lool - can one of you guys gimme some MIR review for linux-ec2? bug #427658 [13:43] Launchpad bug 427658 in ubuntu "Main Inclusion Request: linux-ec2" [Undecided,New] https://launchpad.net/bugs/427658 [13:56] soren: Thanks for quickly following up on my suggestions about mhash. You're correct that the XS-foo doesn't make a practical difference in this case, but from a python packaging best practices case it is preferred to have it there. [14:10] rtg: not even in the archive! [14:11] rtg: And I dont see it in NEW [14:35] ahasenack: not particularly with ldap, but sudo itself... that weird permission denied issue [14:35] Sam-I-Am: ah, so you narrowed it down. I ask because I was just messing around with sudo-ldap yesterday and it's working [14:35] at least for my test case [14:35] yeah === lamont` is now known as lamont [14:36] the things i've found broken with ldap enabled in nsswitch.conf (but not necessarily used) are su, sudo, and passwd [14:36] so whether or not i have sudoers: ldap doesnt seem to matter... but passwd: ldap does [14:37] Sam-I-Am: you still using "compat" there? Tried changing it to "files"? [14:37] tried both [14:38] ordering sometimes fixes one or the other [14:38] spent most of last friday banging my head on the desk trying to figure out why my PAM passwd stack wasnt working... turns out passwd could not write /etc/.pwd.lock [14:38] unless i called passwd as root [14:39] which is strange since passwd is suid root [14:39] ScottK: No worries. Thanks for pointing it out. [14:39] soren, ping. [14:40] uec/ec2 images failed last night. [14:41] New bug: #427873 in qemu-kvm (main) "Please enable vde support" [Wishlist,New] https://launchpad.net/bugs/427873 [14:41] package dependency problems [14:41] http://pastebin.com/f6e968b36 [14:42] smoser: We should be shipping the euca2tools anyway. [14:42] well the issues are greater than that [14:43] ruby is not able to be installed? curl? upstart? [14:44] I would't worry that much about it. Archive inconsistencies are not rare in development releases. [14:45] i will agree that we should ship euca2ools [14:45] i wouldn't have noticed other than i was hoping to put a new set of images up with the new kernels [14:48] smoser: You can always check http://people.canonical.com/~ubuntu-archive/testing/karmic_probs.html and if you see the same issues there (e.g. upstart in this case) you know this issue isn't unique to your images. [14:49] ScottK, thanks for that link [14:52] I don't believe that's the issue we're seeing, really. I don't think only main is enabled at that point of the ubild. [14:52] build,even. [14:58] smoser: I can't see what else it would be, though. [14:58] soren, i'm going to re-try here in a bit from my account [14:59] smoser: alright. chances are it will just work. [14:59] yeah. [14:59] soren, please look at that bug i requested sponsorship of . it currently is marked as alpha6 milestone [15:01] smoser: Can you push them as branches on Launchpad? That makes my life so much easier. [15:02] soren, yeah, easy enough [15:02] let me do that. [15:05] smoser: ta [15:11] New bug: #427842 in openldap (main) "[karmic] frontend DB needs ACLs for base="" and cn=schema" [Wishlist,Triaged] https://launchpad.net/bugs/427842 [15:15] hi anyone used zimbra opensource email system. [15:18] soren, branches for karmic and trunk attached to bug 420581 [15:18] smoser: Bug 420581 on http://launchpad.net/bugs/420581 is private [15:18] well pfft to you uvirtbot [15:18] Morning guys [15:19] * ball waves [15:19] soren: Does this ring any bells: [15:19] $ euca-describe-images [15:19] Warning: failed to parse error message from AWS: :1:0: syntax error [15:19] EC2ResponseError: 403 Forbidden [15:22] niemeyer, what do you have for EC2_URL ? [15:23] smoser: Some background: this was working fine, and it suddenly stopped working [15:23] smoser: No changes in the configuration or anything [15:25] If I login to the admin interface, it works.. [15:25] I then ask for a credentials zip file, and it returns a 0 bytes file [15:25] lool, its never been clear to me that you're supposed to upload a package prior to MIR review. will do so now. [15:26] niemeyer, so this is not ec2. i didn't know if you were talking ec2 or uec/eucalyptus [15:26] smoser: Oh, yeah, it's Eucalyptus indeed [15:27] rtg: The process is a) upload source b) NEW source and binary c) MIR d) seed e) promotion [15:28] rtg: The problem with MIRing stuff in NEW or out of archive is that the uploaded thing can differ and we cant even compare them [15:28] lool, ok, it'll be uploaded in a bit [15:28] What did you expect me to review exactly? :-) [15:29] lool, well, slangasek wanted an MIR before I uploaded the ec2 kernel package. pro forma? [15:29] Odd [15:29] slangasek: ^ I dont understand how we're supposed to review such a MIR [15:31] lool, linux-ec2 uploaded [15:31] rtg: I prefer getting to it when it's through NEW in case it gets rejected + reuploaded [15:32] I dont think there's any hurry anyway; we can promote before MIRing [15:32] ok, its the server dudes taht are hot for this [15:33] Yeah the server team certainly knows how to keep us busy with MIRs ;-) [15:34] lool: sorry [15:34] my bad [15:35] zul: Eh I'm just kidding [15:35] It's certainly right to file MIRs [15:35] lool: yeah so am i [15:42] Good morning all! Does anyone have experience with FOG imaging on Ubuntu Server? [15:48] soren, i'm hitting the same error now as the nightly hit earlier [15:48] smoser: Interesting. [15:48] or a bummer, depends on how you look at it [15:50] its definitely not a universe/multiverse-not-enabled issue [15:50] ec2-ami-tools is in multiverse [15:50] Precisely. [15:50] ruby is in main [15:50] Oh! [15:50] I know what's wrong. [15:50] Look further up in the build log [15:50] 2009-09-11 05:12:42,243 [15:51] yep [15:52] It's the upstart thing. [15:53] It'll get fixed shortly. No doubt. [15:53] lool: you're supposed to decide whether it's reasonable to add another kernel source package to main, because I don't want that on me :) [15:55] A trap. [15:56] I'll pretend I dont know what linux-ec2 til I'm forced to keep my eye lids open [15:56] ec2 is a trap. there is no doubt about that [15:57] jjohansen1, are we to have the karmic-kernel/ec2 status meeting in 3 minutes here? [15:57] smoser: yes [15:57] succobus [15:58]