[00:00] can anybODY help ME ? [00:01] calling huston are you there [00:04] When I try to install a package using pear or pecl on ubuntu server 9.10 pear/pecl stops after downloading the file. Tried apc and symfony, neither works.. Any ideas? [00:05] gp: What do you mean "fstab is not mounting it"? What command are you typing? What is the result? [00:07] Could someone take a look at this? http://paste.ubuntu.com/308037/ As you can see, the package is never installed. [00:21] Anybody who could tell me how to solve sudo fuser -vki /var/lib/dpkg/lock;sudo dpkg --configure -a gives me this : http://pastebin.com/m46588684 How can I fix this? [00:25] i bought a vintage 1U compaq proliant from the bargain bin at an electronics recycler and it ran ubuntu great for about a year, then all of a sudden it started having segmentation faults at random times and shutting down. then it seemed to have gotten worse and now wont boot up at all. I'm wondering what would cause this, bad disk, bad memory? where to start with troubleshooting? [00:27] is there a server guide for 9.10 ? [00:36] bventura: start with the memtest [00:37] orudie: http://doc.ubuntu.com/ubuntu/serverguide/C/index.html [00:38] thx zoopster, am running it now. anything to check besides memory and disk? i can't think of anything besides power supply that would wear out over time [00:40] no bventura could be anything I suspect - those are hard to troubleshoot so it's random === omani2 is now known as omani [00:40] ok [00:51] New bug: #471975 in bind9 (main) "package bind9 1:9.6.1.dfsg.P1-3 [modified: usr/share/bind9/bind9-default.md5sum] failed to install/upgrade: sub-processo script post-installation instalado foi morto por sinal (Interrupção)" [Undecided,New] https://launchpad.net/bugs/471975 [01:14] Hey [01:16] is anyone not idle [01:16] Michael123, just ask [01:21] How would I go about installing IRC server on my server? [01:22] Michael123, sudo apt-get install [irc server of your choice] [01:22] to get a list, apt-cache search ircd [01:26] hey all, i'm getting an error processing "ffado-mixer-qt4" when i try to update... i can't purge it, i'm not sure what to do with it! [01:40] I trying to use UEC [01:40] I just setup eucalyptus but I cant get a instance up and running [01:40] euca:UnassignAddress> [01:41] thats the error I get [01:44] that's not very telling of what you are doing when you get that error supertyco [01:46] I am trying to start my first instance [01:47] I am running non-managed vlan mode [01:47] I am assuming the instance is looking for a dhcp server [01:48] but if you follow these instructions [01:48] https://help.ubuntu.com/community/UEC/PackageInstall [01:48] a dhcp server is never started [01:49] which I assume is needed [01:49] am I correct [01:51] no supertyco [01:51] so supertyco what are you doing when you get an error [01:52] euca-run-instances emi-DFA2106F -k mykey -t c1.medium [01:52] running that command [01:53] and it comes back with that cryptic error message? [01:54] that error shows up in the log files [01:54] my instance goes from pending to terminated [01:56] and are you sure you have enough disk space to perform the operation? you will need 2-3x the size of the image [01:56] yes I have 200 gigs free [01:57] image is only 180 megs [01:59] 200g free in the SC [02:00] yes [02:00] its my first instance [02:01] 4006864 253767628 2% / [02:01] its 98% empty [02:03] here is the error on the nc [02:03] Domain not found: no domain with matching name 'i-53E608B6' (code=42) [02:09] hey all, i'm trying to upgrade my server and it dies on "ffado-mixer-qt4", says it's unable to process it. i can't purge it with aptitude, what do i do? [02:10] crap i thought freenode was a separate network, sorry [02:10] supertyco: no other errors in the log anything related to hvm? [02:10] on the nc or main [02:11] nc [02:11] nope last 2 lines are these [02:11] [Mon Nov 2 21:02:39 2009][019311][EUCADEBUG ] walrus_request(): writing GET/GetDecryptedImage output to /var/lib/eucalyptus/instances/admin/i-53E608B6/disk [02:11] [Mon Nov 2 21:02:44 2009][019311][EUCAERROR ] libvirt: Domain not found: no domain with matching name 'i-53E608B6' (code=42) [02:12] if I look in /var/lib/euca/inst/admin [02:12] wondering if it's not vt related...that's the only place I see that error pop up [02:12] there is nothing there [02:12] vt? [02:15] hi all ... I'm trying to get apache2 to handle mod_rewrite. I have used 'a2enmod rewrite' and it looks like rewrite is loaded but it is not working in the browser. Any ideas? [02:15] zoopster what is vt? [02:15] btw, this is a new ubuntu server installation and I'm a bit new to ubuntu. [02:16] virtualization technology [02:16] vt is needed on the node controller [02:18] gray: use webmin to intall apahe modules [02:18] solves my problems usually [02:18] graytech: mod_rewrite engine needs to be turned on...did you do that? [02:19] zoopster, well .. that might be the problem ;) [02:19] supertyco: so w/o going through everything I'm not sure where your problem resides... [02:20] a2enmod only enables the module to be loaded... graytech [02:20] I have xeon processors I can check bios to see if anything is shut off [02:20] or just look in dmesg output supertyco [02:20] that will tell you if it's turned off in the bios [02:21] zoopster, if you are talking about the 'RewriteEngine On' directive in apache2.conf ... I forgot, I already did that [02:22] graytech, that is the correct way to enable mod_rewrite [02:22] are you sure your rewrite rules are correct? [02:22] I'm pretty sure. I'm using the .htaccess file form a drupal install ... didn't touch a thing [02:23] also, ensure that /etc/apache2/mods-available/rewrite.load exists [02:23] that's probably where the problem is [02:23] you need to configure it to allow you to define rewrite rules in .htaccess files [02:23] IIRC that's not allowed by default [02:24] qman, /etc/apache2/mods-available/rewrite.load exists and there is a symbolic link to it in /etc/apache2/mods-enabled [02:25] then the module is definitely enabled [02:25] does anyone have experience in setting up a ftp file server? I'm new to ubuntu server, I'm using an old powerBook G4 with ubuntu 9.04 ppc [02:25] it's probably an htaccess problem [02:25] you need to allow htaccess to override the main settings [02:25] I forget how [02:25] hmm ... I'm stumped here as it looks like everything is as it should be. [02:25] to test, you could set up a rewrite rule in the site configuration [02:26] qman, there is a directive for htaccess in apache2.conf [02:26] if it works, mod_rewrite is working properly and it's definitely an htaccess issue [02:26] It's set [02:26] hmmm ... I'm going to try some tests with htaccess and see if I can track it down. [02:27] you can enable htaccess, but you still have to set up the site to allow htaccess to change any given settings [02:27] qman__: you talking about AllowOverride All [02:27] if you configure a site with certain settings and allow override none (I think that's the terminology) htaccess won't work [02:28] hmmm ... I haven't looked for that [02:28] you can fine tune what is and isn't allowed to be changed with htaccess files [02:28] I worked for several hours last night with 'dapper' and decided to re-install 9.04, so I'm starting over from scratch. [02:28] graytech: enable logging and that may help track it down [02:29] drupalscott: sure there's experience in here...just ask the question [02:29] I'm going through the conf files from top to bottom right now [02:30] I just want to be able to access photos, videos, etc remotely, is 9.04 ready 'out of the box' for ftp access? [02:30] what 'apt's' would you recommend? [02:30] so no takers on ffado-mixer-qt4? i don't even know what i need this for, but i can't remove it and it won't let update because it's failing. [02:30] one sec ... brb ... I'm going to switch to a different machine with the irc client [02:31] drupalscott, you'd have to setup ftp, no version of ubuntu will come with that installed/ready-to-go "out of the box" [02:31] okay thanks, what would you recommend I use? I looked at 'proftpd'? [02:32] any recommendations? [02:32] drupalscott, doesn't really matter. i use vsftp. [02:32] I'm back [02:32] I'm behind an Airport Extreme 802.11n, will I have to adjust settings for this? [02:33] ok ... I'm looking at the conf file and looking for overrides [02:33] my server will be hard wired to the router [02:33] drupalscott, if you want to open up access to the "world", then yes. you would have to setup a port on the firewall on ubuntu (i use ufw) and you'd have to open the port on your router. [02:34] arrrghhh: what prevents removal of ffado? [02:34] zoopster, i've tried using aptitude purge and apt-get remove, it fails. let me get the exact error. [02:35] zoopster, http://pastebin.com/d6e5c73a8 [02:36] arrrghhh: is there anything that will help security wise when I do this? [02:36] i get the same "error while processing" when i try to update my server. [02:36] and reinstalling it fails arrrghhh [02:37] zoopster, yep. want that output? :P [02:37] oh sure [02:37] drupalscott, it's a bad idea to open up ftp to the world, if you can help it. [02:38] zoopster, http://pastebin.com/d4e1018a8 [02:38] how else would I set up a file server? I want to allow access for family mainly. [02:38] I found the problem ... it WAS the AllowOverride setting in the default virtual host file [02:39] drupalscott, well there's other protocols depending on what you're doing. [02:39] drupalscott, http is probably the easiest... but uploading gets complex. [02:40] I'm basically trying to get all family photos in one place. I would like anyone I want to allow access, to be able to download and upload photos. [02:40] I'm not sure who gave me that sugestion as I'm on a diff machine ... but thanks a bunch! [02:40] arrrghhh: wild...it depends on ffado-dbus-server, but that isn't installed...so it appears the best fix is to install ffado-dbus-server then reinstall ffado-mixer-qt4 then you can remove both [02:40] drupalscott, you can open up ftp, just keep in mind it's a very insecure protcol. i'm not sure how sftp works, but i know it's much more secure... [02:40] graytech: np [02:41] arrrghhh: would I have to create a 'frontend' or site to allow access. If I used htt; [02:41] zoopster, interesting... i was thinking about trying that, just sounded nuts. [02:41] http: [02:41] drupalscott, essentially, yes. and you'd have a much better system... but it would take more work. you could do it in drupal :P [02:42] arrrghhh: it is nuts...ffado-mixer-qt4 depends on ffado-dbus-server so the question is how did it manage to get installed w/o ffado-dbus-server? [02:42] zoopster, and of course, i can't install ffado-dbus-server. [02:42] I'm actually a drupal developer, just too busy to do it, maybe you're right [02:42] maybe i need to purge ffado-dbus-server, not ffado-mixer-qt4... [02:42] arrrghhh: arrrgggghhhh [02:42] good point [02:43] drupalscott, you know how it works... you know how powerful it is. i'm not saying you definitely shouldn't use ftp, i just recommend against it. [02:43] let me re-phrase, I've had about a year's experience. I mainly work with the dashMediaPlayer [02:43] damnit, i can't purge any of these pacakges zoopster... [02:44] drupalscott, that's cool. i know my boss threw together a wiki in a weekend using drupal. love it. [02:44] what about ssh, could I go that route [02:44] I'm new to servers, with the exception of setting up a mail server [02:44] drupalscott, kinda awkward to share files with ssh... [02:44] oh, okay [02:44] ssh is more a replacement for telnet... it would work, but it would be... well, awkward lol. [02:45] is there any way to tap into flickster, or any web based photo bucket [02:45] but using scp is an option...just as awkward as ftp [02:45] if you setup ftp, just do it as a temporary solution. [02:45] zoopster, i dunno, with the ftp clients for firefox like fireftp... [02:46] i haven't found anything that works as well, except for the paid-for sftp pro, which is windows only. kinda ironic it connects to sftp and scp/ssh servers. [02:46] but you have those for nautilus and scp too and putty for windows [02:46] I think I'm going the drupal route, it would be nice for the users-'family'. It would make it easier [02:46] can you use putty to easily share files? i guess i've never tried. [02:46] drupalscott, ssh, scp, and sftp are all part of the openssh-server [02:46] share? no..scp, yes [02:46] if you need ftp-like access, ssh/scp/sftp is the most secure option [02:47] drupalscott, i think for a more polished product, that would be the best. obviously not the easiest, but probably the best. [02:47] however, it's probably not the best interface for the situation you describe [02:47] a web interface would probably be better [02:47] qman__, i didn't know sftp was part of ssh-server... you could go that route pretty easily it sounds like drupalscott. i've ust never set it up. [02:47] arrrghhh: what error do you get purging the ffado-dbus-server? [02:48] arrrghhh: http://www.expandrive.com/windows but it isn't free [02:48] yea [02:48] zoopster, lemme paste... [02:48] pretty much the same thing from the looks of it [02:48] i agree, thanks for the input. Sometimes you just have to talk it out [02:48] you can use winscp or filezilla to connect to sftp on windows [02:48] both free [02:49] zoopster, http://pastebin.com/d22b209a7 [02:49] qman__, yea, i forget about winscp. i used to use it all the time [02:50] gftp is what I use on linux desktops [02:50] not the prettiest client out there but it has bandwidth throttling [02:50] qman__: You wanna talk not pretty, try lftp [02:53] what is gftp [02:53] what do i do to enable RewriteEngine other than specifying "RewriteEngine on" in /etc/apache2/sites-enabled/mysite.com ? [02:53] a GUI FTP/SFTP/variants client [02:53] based on gtk/gnome [02:54] arrrghhh: did you see this ffado-mixer-qt4: Depends: ffado-dbus-server (= 2.0~rc1-0ubuntu2) but 2.0~rc2+svn1569-2ubuntu1 is installed [02:54] can i use that on the ubuntu 9.04 server [02:54] zoopster, i didn't. what can i do? [02:54] drupalscott, no, you'd use that on the client [02:54] on the server you use openssh-server [02:54] ok [02:55] orudie: use a .htaccess file [02:55] i access our servers everyday, they are secure as far as i know [02:55] if you need a client on ubuntu-server, use the built in 'sftp' program [02:56] we use key-pair [02:56] zoopster, let me know if you find anything, i have to get going but i'll bbl. [02:56] New bug: #472080 in krb5 (main) "Installs symlinks to files in non-dependency libkadm5clnt6" [Undecided,New] https://launchpad.net/bugs/472080 [02:56] arrrghhh: ok...I can't hang too much longer [02:58] thanks arrrghhh: [03:00] now on to my next problem, I access servers all the time, but I have all the right information: ip address, login, etc.. This may sound stupid but how do I set that up from ubuntu [03:00] what do you mean "set up" [03:00] arrrghhh: here's the problem -you have karmic's ffado-dbus-server installed and jaunty's ffado-mixer-qt4 so the only suggestion I have is either back-rev the server or upgrade the mixer to make them match...if you are still at jaunty, I would revert the ffado-dbus-server [03:01] arrrghhh: something blew up in your upgrade it appears [03:03] just a moment qman__: and I'll explain. I'm in the middle of a new install and it gives me the option to install predefined collections of software: DNS server, LAMP server, Mail server, OpenSSH server, PostgreSQL database, Print server, Samba file server, Tomcat Java server, Virtual Machine host.....any help on what I might need? [03:04] drupalscott, it depends entirely on what you intend to do [03:04] if all you need is sftp, then just choose openssh [03:04] if you want a web page, choose lamp [03:04] if you want local file sharing with windows and linux clients, choose samba [03:04] by web page you mean if I'm going to install drupal [03:05] yes, any web site [03:05] what is a VM host? [03:05] that's KVM [03:05] for virtual machines [03:05] I know what a VM is, but host? [03:05] chances are you don't want that [03:05] how would I use that? [03:05] a VM host hosts virtual machines [03:06] ok, probably won't be doing that [03:07] where do I find the 'settings' I would need to sftp into my server from ftp client? [03:07] you use local system accounts [03:07] you create users on the system, and ssh uses those as logins [03:08] the only catch here is they're not jailed, so you have to trust your users to not screw up your system, or go and set up a jail [03:08] ok, what about the ip of the server? [03:08] whatever your IP is [03:08] that depends entirely on your network configuration [03:08] jail, is definitely a must [03:09] I'm behind a Airport Extreme [03:09] I've never used one of those [03:09] if it's like any other home router, you just need to port forward port 22 to the server [03:09] my main ip right? 67.xx.xx.x [03:09] and use your main IP [03:10] ahhh ok [03:10] how would a DNS server come in handy? [03:10] as for the jail, it takes a little work, but it's not too hard [03:10] I will look into jail [03:10] if you need a local zone, or want caching or root hints, you'd install DNS server [03:11] a DNS server is completely irrelevant to the file server setup you're working on [03:11] if you want to hand out a domain name instead of an IP, you'd need a dynamic DNS service like afraid.org or dyndns [03:12] for the jail, I use jailkit [03:12] drupal uses a database, do I need PostgreSQL then, we use mysqli? [03:12] no, mysql is included in LAMP [03:12] great! [03:12] postgres is only if you want postgres instead of mysql [03:12] awesome [03:13] the Samba file server is good for local access only, right? [03:13] or in conjunction, I suppose [03:13] right [03:13] got it [03:13] samba is basically an open source implementation of windows file sharing [03:13] so it has the advantage that it works with just about everything, but it's a LAN-only system [03:14] right now my domain name is at goDaddy, can I move it over to my server with DNS [03:14] or do I have that wrong [03:14] that's a big maybe [03:14] my understanding of DNS is minimal [03:14] it depends on your ISP, your DNS provider, and what kind of setup you're really looking for [03:14] I've moved a couple of them to our business server, EC2 cloud [03:15] if you don't have a static IP at home, you will need a dynamic DNS service [03:15] I would like to host my own site, if I'm going to build it with drupal [03:15] I don't have a static [03:15] DHCP [03:15] also, you will need to ensure that your ISP doesn't block any important ports [03:16] at&t dsl, I'll have to try a search for blocked ports [03:16] 80 and 443 most notably [03:17] I believe we access our servers through ssh, that's what I would be doing through drupal right? openSSH server [03:17] so, to use it on a dynamic address, I would sign up for an account on afraid.org, point my domain to afraid.org name servers, and use their dynamic DNS to update my address [03:17] I don't know a lot about drupal, but for a web interface, you would not be accessing through SSH [03:18] it would be over HTTP(S) [03:18] drupal's file system resides on the server, I have to have access to it to add [03:19] 'modules', add ons, etc [03:19] if you mean access to the files the site uses, you could use openssh/sftp to upload/download files [03:19] that's what I'll install then [03:20] I really appreciate your input qman__ [03:20] no problem [03:20] I was messing with this last night for hooouurrrrs [03:21] I was afraid I junked it up too much, so I re-installed [03:21] another question if you don't mind: apache2, when would I need this [03:21] apache is the web server [03:21] it's included in the LAMP configuration [03:22] once again, great, that makes it easy [03:23] thanks again for your expertise! if I have any more glitches I'll check in [03:23] yep [03:23] make sure when you look up documentation, that you use ubuntu or debian specific stuff [03:24] other systems use vastly different config file setups and can lead to a lot of confusion [03:24] I may have already run into that [03:24] not that other guides aren't useful, but if you don't understand the differences it can cause you trouble [03:26] I don't need anymore trouble than I have, I have to say I love linux though [03:27] oh, I thought of something else...you still there qman__ [03:28] will I be able to add external storage to the server? I would like to store all files on an external drive if I can [03:31] sure [03:35] whats a good way to isntall postfix/dovecot , is it with tasksel ? [03:35] orudie, yes [03:35] qman__, what would it be then ? [03:35] tasksel install postfix ? [03:35] orudie, the mail server task installs postfix and dovecot [03:36] tasksel install mailserver ? [03:36] not sure, hang on [03:36] sudo tasksel install mail-server [03:37] yep, that's it [03:39] will ubuntu recognize the drive? how do mount it [03:45] if i have a domain name and want to set up postfix to use 'user@mydomain.com', can i do that? [03:45] what else is required? [03:46] drupalscott: A static public IP is pretty much required for a real email server. [03:46] if you have a fixed IP and you can set the MX for that domain, then yes [03:46] fixed public IP indeed ;) [03:46] can i, how do i set it static [03:48] if you have a consumer DSL/cable line, it's most likely dynamic, if you are in a datacenter or with some business DSL/cable lines it's static [03:48] You buy a connection to the Internet with a static IP from your ISP, ... unless you *are* the ISP :) [03:49] jmarsden: unfortunately, most ISPs make you pay through the nose for that... [03:49] ahhh I see [03:51] it's actually often cheaper to put/rent a server in a DC than at home :P [03:52] DC? [03:52] DC = datacenter [03:53] I've seen getting a static IP cost US$10 or US$15 more than dynamic; it's hard to find colo for US$15/month -- but yes, at about US$20/month you might as well just get a small virtual private server at linode.com or similar and use that for a small scale email server. [03:53] i should be able to send mail right after intalling postfix right ? [03:54] orudie: Given working Internet connectivity and a sane configuration, yes. [03:55] jmarsden: depends, but e.g. in Belgium no consumer offerings have static IP [03:56] jmarsden, hmm.. The ubuntu server box is behind the router [03:56] and business offerings include (supposedly) better support & all that, so they are expensive [03:56] jmarsden, i am not seeing any errors in mail.log , however i'm not receiving mail to my gmail account [03:57] Does your ISP block outgoing TCP traffic to port 25 except to its own mail servers, and did you configure postfix to use a smarthost or not...? [03:57] jmarsden, if you still around, do you mind ? http://pastebin.com/m5e8e406f [03:59] orudie: Looks fine at the transport/SMTP level, but the domain name mail.svovausa.home looks odd... and doe snot appear to exist on the public Internet. So Google probablu threw your message away. [04:00] Yep. That log message means the message got to Gmail and whatever happened to it, they did it. [04:00] oh i see [04:01] i can test with a different domaini ? [04:01] ScottK: But they had no way to tell you what they did, because the email has a non-existent domain name... [04:01] my goal is to have multiple email domains on this host [04:01] orudie: Use a real existing domain that you own and control DNS for, and it should work better [04:01] jmarsden: I think your speculation about why they vanished it is likely valid, but it's hard to tell anything for sure. Whatever happens after 250 is a guess. [04:02] yup i'll try it now [04:06] actually, use something that points to the public IP of the server ;) [04:08] JanC: Well, while nice, that shouldn't be 100% necessary just for sending email out, unless the domain concerned uses strict SPF and the receiving mailserver checks SPF. [04:12] right, forgot that he can't receive answers through that server [04:13] OTOH, google should implement such policies during receiving IMO ;) [04:13] and AFAIK they do [04:13] (with similar things) [04:15] jmarsden, how can i send a test mai lfrom bash ? [04:16] how do i send a mail message from within shell? [04:16] with telnet or netcat [04:19] e.g. http://www.village-elder.com/blog/archives/1-How-to-test-a-mail-server-by-sending-mail-with-telnet.html [04:19] hi. So i'm definitely not a noob to ec2, but i've got a problem i just cant get around... "I can't connect to my server on Amazon EC2" ... I just went through this article pretty throughly: http://alestic.com/2009/08/ec2-connectivity and I've had no luck... can anyone provide any advice? [04:23] I've ssh'd into my instance many times (it's been running for several months), but within the last several hours, im getting "port 22: Operation timed out"... the last thing i tried was rebooting (about 10 mins ago)... but still no luck [04:35] New bug: #472156 in mysql-dfsg-5.1 (main) "delete key generates ~ in mysql-client" [Undecided,New] https://launchpad.net/bugs/472156 [04:54] so, I'm trying to figure out what my best course of action is [04:54] today, I had mdadm claim two disks failed an hour apart [04:54] using mdadm -Af got the array to assemble in a degraded state, and the data is not corrupted at all [04:54] according to smartctl, all the disks pass self-tests [04:55] two disks have a lot of SMART errors logged, one has a few, and the rest have none [04:55] should I replace all three disks? only replace the two with a lot of errors? mark them as OK and keep using them? [04:59] most of the data is replaceable, and the critical stuff is all backed up [04:59] so total failure would be massively inconvenient, but not catastrophic [05:17] also, is there a good way to determine which disk is which? as in, which physical disk is sda, sdb, etc... [05:17] they're all the same make and model [05:21] ah, answered my own question, lshw is helpful there [05:22] qman__: hdparm -I and look at the serial numbers [05:22] lshw ought to have the same info, as you say [05:26] how to i renew dhcp from the command line [05:26] smackdaddy: ifdown ethX; ifup ethX [05:27] thanks.. [05:28] agc: That article asks a number of questions to which you should provide answers if you are seeking help with an EC2 connectivity problem. [05:31] agc, ec2-authorize default -P tcp -p 22 -s 0.0.0.0/0 ? [05:31] agc: You'll probably want to provide the instance id, traceroute, and complete console output on the EC2 forum http://ec2forum.notlong.com [05:31] i go to bed now. [05:32] * erichammond heads home [05:32] smoser: Client.InvalidPermission.Duplicate: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group [05:33] THe result of "ec2-get-console-output i-1f542676" is here: http://pastie.org/681122 [05:34] agc: What's the AMI id? [05:35] erichammond: ami-398d6b50 (thanks for the help, btw...) [05:36] That appears to be a private AMI(?) [05:36] ssh / telnet all time out.. [05:36] agc: Can you ping the instance? [05:36] erichammond: yeah, sorry i was clear about that [05:37] What release is it running? [05:37] erichammond: ping times out [05:37] ? [05:37] er, Ubuntu 9.10, etc [05:38] agc: Can you ping the instance from another EC2 instance? [05:38] I bundled from this ami: ami-0d729464 [05:38] to create the private ami... [05:40] erichammond: pinging from another instance times out as well... both instances on in 'us-east-1c' [05:40] agc: Did you try to upgrade the instance to Karmic? [05:41] erichammond: no... i read your article too :-) [05:42] agc: Is there any chance somebody might have complained about your instance sending spam or being the URL in spam or phishing attacks? [05:43] erichammond: hmmmm.... my instance is running django, and it sends emails semi-often [05:44] erichammond: would amazon send me a warning email? [05:44] agc: Step 1: start working on a new replacement instance. Step 2: Post the instance id and as much info as you can to the EC2 forum and perhaps Amazon can investigate. [05:44] agc: Yes, as far as I know they generally do send an abuse report notice. [05:45] when im starting bind i get this error.... [05:45] rndc: connect failed: 127.0.0.1#953: connection refused [05:46] ...but there have been mistakes recently where they were not sent. Amazon's cleaning up their abuse process flow. [05:46] what is that.... [05:47] agc: It could also be a hardware issue, but only Amazon can determine that. [05:47] erichammond: i wonder if I should ask them, do you know the best place to ask? [05:47] agc: http://ec2forum.notlong.com (or pay for premium service) [05:48] related post (maybe?) around the same time: http://developer.amazonwebservices.com/connect/thread.jspa?threadID=38129&tstart=0 [05:50] agc: With as many servers and customers Amazon has, somebody is experiencing problems all the time. Even though it is a very small percentage of users, sometimes it's *you*. [05:50] er, hardware problems that is. [05:50] nooooooooo ;-) [05:51] With EC2, however, can you simply fire up a new server and throw away the old one. You don't even have to worry if it was a hardware problem or not (until it happens several times in a row). [05:52] well, on a positive note, i've been using your ec2ubuntu amis for over a year now, and they are extremely awesome. [05:52] ok i am looking for some good 1 on one help with setting up my ubuntu server, i am already familiar with desktop edition, anyone want to help? [05:53] agc: Glad to hear they've been working for you. Since you're using Jaunty, I'd recommend migrating over to the Karmic AMIs which were just released. [05:54] erichammond: ok, will do... thanks for all the help [05:56] ralphmichael17; What is it you want the server to do? [05:57] what would be causing this error, bind9 ---------- [05:57] rndc: connect failed: 127.0.0.1#953: connection refused [05:57] [fail] === nxvl_ is now known as nxvl [06:00] ok, i have 1 server, 1 network hub, and 7 computers, i want to use ubuntu to network them together on an intranet where all client computers login through the server and can be monitered [06:04] can anyone help with that? [06:06] So you want the server to act as a internet gate way that logs the activity of the other 7 computers? [06:07] yes, and make it so any user can log onto their account from any of the 7 computers to access their files [06:12] so i was wonering if i actually needed somthing like fail2ban or denyhosts. theres only 1 user atm that can login via ssh and i have a long password thats a strong password(upper, lower, and symbols) [06:12] ralphmichael17; Sorry, I did something dumb and my computer disliked it. Had to reboot. Were you able to find help? [06:13] ralphmichael17, kinda overboard but look into ltsp [06:13] still no but found some interesting things on google [06:13] ltsp talked about edubuntu, but thats an educational program [06:13] ralphmichael17, the other thing you can do is have them login using something like ldap+kerberos [06:13] ralphmichael17, yes... but you can use that too [06:14] hi um i used the server upgrade release tool thingy to upgrade from 9.04 to 9.10 [06:14] and said server hasn't come back on a reboot [06:14] looks like LTSP is what he is looking for [06:15] any ideas what could have gone wrong? [06:15] im looking to use these computers in a business envirement, and i dont want the computers to use the all the servers memory, i would like them to use their own memory too, can ltsp do that? === joseph_ is now known as crohakon [06:15] ralphmichael17, my understanding is that it can... though I have never used ltsp [06:15] so I dont know for sure [06:16] anyone here ever used ltsp? [06:16] http://www.ltsp.org/ [06:16] read up on the sight [06:16] it seems the basic goal is to allow the clients to run diskless. [06:17] I am sure some of the processing and such must take place on the client though. [06:18] ok if i put server edition on my server, do i need to install desktop edition on the other computers or any certain program [06:18] ralphmichael17, again like I said... if all you are looking to do is login using the server then that can be accomplished with ldap+kerberos [06:18] ralphmichael17, and then mount the /home as an iscsi or NFS [06:19] so that you can have same profile across all the desktops [06:19] https://help.ubuntu.com/9.04/serverguide/C/kerberos-ldap.html [06:20] Heh, not going to recommend him LTS? [06:20] Ash-Fox, lts? [06:22] ok... so no ideas from anyone... [06:22] The Long Term Support versions of ubuntu - five year support. Just thought it was suprising you were showing a manual for 9.04 is all. [06:22] Five-year support for *some* packages [06:22] The packages in main :) [06:22] Nope [06:22] Some packages in main, installed on an 8.04 LTS server, do not get five years of support [06:22] I stand corrected. [06:23] Ash-Fox; ralphmichael17 is using 9.04 I believe, that is why I posted that link for 9.04 [06:23] http://bazaar.launchpad.net/%7Enijaba/ubuntu-maintenance-check/trunk/ [06:23] d1b, we need more information than that [06:23] logs, error messages, something [06:24] Ash-Fox: that's a little script that tells you what gets what support [06:24] qman__: 9.04 system running just apache etc. i can't get at the box because it is not up atm and i don't have remote vmware access to the console [06:24] qman__: it moved to 9.10, it had a static ip config etc. [06:24] had no firewall / iptables configured. [06:25] d1b, yes, but any number of things could have failed during the upgrade, so until you can get access to the console, there's really no way to determine what went wrong [06:25] ralphmichael17, look into ltsp fat clients [06:25] qman__: "a number" ... [06:25] d1b: a stock install will not have any netfilter rules active by default. [06:26] it is booting my kernel erh a 2.6.31.5 or according to the grub list before i rebooted it was. [06:26] i just let it update grub .. [06:26] so the kernel isn't an issue / shouldn't be... [06:27] * crohakon has heard about enough 9.10 upgrade failure stories to keep him from upgrading for a long while... [06:27] crohakon: orly [06:27] upgrading my desktop took some manual fixing [06:28] though I did upgrade to the RC, not the final release [06:28] like it has no real to fail.... is kind of my point atm. ill know when persons other than me poke at the vmware console. [06:28] I'm going to wait a month or two before upgrading my jaunty server [06:33] great... [06:52] qman__, heh me too [07:16] New bug: #472257 in samba (main) "package samba-common 2:3.4.0-3ubuntu5 failed to install/upgrade: - even before the upgrade the unistallation/installation didn't work. (I think I removed the directory /etc/smb/ and thereafeter it is impossible to unistalll or reinstall the packet) " [Undecided,New] https://launchpad.net/bugs/472257 [07:22] i have installed postgresql-8.3 but i can't find its dir in /etc, all i see is postgresql-common in there which contain no pg_hba.conf file [07:22] if i do locate, the only one found is the pg_hba.sample one [07:24] anyone? [07:25] i have tried it even with --reinstall [07:26] error404notfound, you can do a purge [07:26] poningru, did that, no use... [07:26] aptitude purge packagename [07:26] did it spit out what was left alone? [07:27] because if the folder isnt empty... as in if you have a modified file then it will not delete that file [07:27] and will tell you about it [07:27] I think the dpkg log or the aptitude log should tell you about that [07:29] no errors or such... === _eB is now known as ebolorama [08:26] New bug: #472318 in libapache2-mod-perl2 (main) "apache segfaults when performing stress test" [Undecided,New] https://launchpad.net/bugs/472318 [08:39] hi all [08:39] whats up [08:40] what is ubuntu cluad , is it like vmware esx? [08:41] drcode, ubuntu cloud is most like amazon ec2 [08:42] I can put ubuntu worksation or server in the cloud? [08:42] os is like grid? [08:44] its virtualization with fancy marketing terms [08:44] atleast i havent figured out the benefit yet [08:44] it's basically clustered virtualization [08:44] I see [08:44] but the resources arent clustered [08:44] I can load also windows os? [08:44] rather you can move the vmws to other nodes [08:45] or its more for appliction developement [08:45] if kvm can load win so can that cloud [08:46] I see [08:46] it's more for running servers [08:46] is there something like vmware esx in opensource? [08:47] the primary application is when you need a lot of virtual servers, and want to make the most of your hardware by having less actual servers [08:47] I see [08:47] qman__, can you move the virtual servers, painlessly from node to node ? [08:47] or at least that's how I understand it [08:47] I was under the impression it handled that automatically [08:48] linux has project same like vmware esx? [08:48] drcode, if you want vmware go for vmware esxi [08:48] its free [08:48] drcode, if you want just one server hosting VMs, go for KVM [08:49] ok [08:49] tahxn [11:06] * soren lunches [11:35] to run hardy under kvm do i need to install a special kernel like with 9.xx ? [12:01] Well, I have a server running karmic and kvm here. Curerntly in production. What is this simple test that needs be done? [12:03] (...and then I pressed the close button on Quassel.) [12:03] New bug: #466315 in bind9 (main) "bind9 missed a dependency with apparmor-profiles" [Undecided,Confirmed] https://launchpad.net/bugs/466315 [12:06] New bug: #472472 in bind9 (main) "Start Fails - Permission denied (dup-of: 466315)" [Undecided,New] https://launchpad.net/bugs/472472 === dendrobates is now known as dendro-afk [12:39] I've found a strange bug with kvm 9.10 hosting a 8.04 with kernel 2.6.24-25, hard to explain as there is no error, the vm just vaporises 2.6.24-24 works fine [12:40] not sure if it was there in 9.04 [12:45] nijaba, "nodes need to have virtualization extentsions (Intel VT or AMD-V) active to work, which is not the case within any virtualization technology that we know of." [12:45] thats not exactly true, right? http://www.linux-kvm.com/content/kvm-82-released-nested-virtualization [12:58] smoser, iirc you need it for hosting 64bit OS's [12:58] incorrect, you do need vt extensions for UEC. that is true. [12:59] i guess i didn't quote enough. [12:59] i do not know [12:59] best to ask in libvirt i guess [12:59] no, i'm stating. that *is* true. for UEC you *do* need nodes to have vt extensions. [13:00] nijaba, was responding to someone in an email that said (paraphrase) "nodes must be physical rather than virtual machines because" .. ... [see above quote]" [13:01] a 'node' is the the thing that hosts the guests. [13:07] morning [13:08] yo :) === aubre_afk is now known as aubre [13:23] good morning [13:25] smoser: lots of virtualization solutions, while not requiring VT-x or the AMD counterpart work much faster and more efficiently when they are available, and I think it would be folly for anyone to build a solution on hardware without it because what if you decide to change strategies over time? [13:26] smoser: regarting nested virtualizatin with KVM, have you tried it? I would be a very happy fellow if it did work, but I must say that I have not tried :) [13:26] i have not tried it, nijaba but in theory... [13:27] it is something i would like to try.l.. i would like to spend some time on setting up a single machine (amd64) as a cloud, with vm for CC and node [13:27] smoser: in any case, it would be nice for testing, but not really for deployment [13:27] agreed. i dont think anyone is thinking about nested virt as a production solutoin [13:27] I visualize pointing mirrors at each other :P [13:28] smoser: if you can document this, I am sure everyone that need to do a demo once in a while would just start sending you flowers (or virtual beers) for no apparent reasons :) [13:28] yeah. it would rock for testing. [13:28] i've set this up, and it somewhat works for xen in kvm [13:29] i had karmic host running rhel 5.3 xen guest running xen karmic paravirt kernels [13:30] have you guys played with any of the overlaying technologies such as RightScale/Cohesive or even using Landscape? [13:30] I did a free register with RightScale, but i haven't done much, I know it doesn't support storage management yet [13:31] i think it would even be worth making an effort to get euc to be able to run qemu rather than kvm. at one point i'd done some of that also. again, not a production solution. [13:31] aubre, there are people here who have done landscape, i've not used rightscale, but have interacted some with their developers, giving them info on how they could use our karmic images. [13:32] New bug: #471468 in nagios3 (main) "should recognize that exit code 126 means plugin is not executable" [Wishlist,Triaged] https://launchpad.net/bugs/471468 [13:33] smoser: ok, I'm just looking at getting to the next level, since I have UEC working well right now, to show the "powers that be" [13:34] smoser: so we can get the go-ahead to build a large hopefully multi-rack Canonical supported system [13:35] smoser: and go into production [13:35] well of course that sounds good :) [13:35] i'm sure the landscape folks would love to help you [13:35] smoser: I'll have to contact them [13:36] smoser: it would be nice to have a total solution that included autoscaling and the like === erichammond1 is now known as erichammond [13:41] New bug: #466018 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Low,Incomplete] https://launchpad.net/bugs/466018 [13:41] New bug: #472681 in samba (main) "Samba returns NT_STATUS_NOT_SUPPORTED when trying to view list of shares" [Undecided,New] https://launchpad.net/bugs/472681 [13:48] soren, is it intended that vmbuilder require 2.5 ? [13:49] python 2.5 or better, that is. [13:49] bug 472090 is why i ask. [13:49] Launchpad bug 472090 in ec2-init "package ec2-init 0.4.999-0ubuntu7 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/472090 [13:56] hi, I fail to use the ChrootDirectory directive for ssh server, could someone help me ? [13:57] hmm, seems like a bug with kvm in 9.10, it can't run a stable 8.04 [14:02] incorrect: what does it do ? [14:02] just goes bang, no error, just stops [14:02] process gone [14:02] not error i can't see [14:03] you mean when your start it, it just dies ? [14:03] only thing i can see different is that its running with slightly different options that the other vm's running 9.10 [14:03] after some time it dies [14:03] started happening after i upgraded from 04 to 10 [14:04] i created a fresh 8.04 and it also crashed [14:04] incorrect: I'll install a 8.04 guest later tonight. I've installed 8.10, 9.04 and 9.10 guests and I didn't see any problems [14:04] i downgraded to an earlier kernel and it was more stable [14:05] i noticed there is no LTS virtual kernel package like the one provided in 9.10 etc [14:06] -M pc-0.11 seems to be the only difference [14:07] but pc is an alias for pc-0.11 [14:08] is there a server guide for 9.10 ? [14:08] i'm having trouble finding it [14:09] orudie: https://help.ubuntu.com/9.10/serverguide/C/ perhaps [14:19] i installed postfix with tasksel , and configured it the usual way with dpkg-reconfigure postfix [14:19] sending out mail to external works - there is no errors in mail.log However every mail message gets recognized as spam by the mail receiver [14:19] is this a good location to ask about ubuntu private clouds? [14:19] its not even poshing it to the spam folder, it just blocks it [14:20] i tried sending to gmail. and also another mail server that i set up myself [14:20] for some reason spam assassin doesnt like it at all, and just blocks it [14:20] orudie: is your server on a dial-up line or DSL or the like? [14:20] kblin: yeah - verizon fios [14:21] using private cloud, is there a way to have snapshots be save to a different device to the volume [14:21] kblin: you think that could be the problem ? [14:21] orudie, have you verified receipt of said mail? what did you mean by "works" above. [14:22] smoser: i'm watching the logs on both servers - one says gets sent successfully, the other says - receiving mail - blocked spam :) [14:22] smoser: both ubuntu servers :) [14:22] ah. ok. well then its getting there. :) [14:23] smoser: yeah but i dont know wtf [14:23] orudie: yeah. most spammers are using trojans on windows PCs. most of those sit behind a dial-up line. not accepting stuff that comes from a dial-up line is a common approach [14:23] you need to set up a smarthost config that'll hand of your mail to a server with a static IP address [14:23] its not a dial up line [14:23] well, DSL is the new dialup, cable is pretty much the same [14:24] yeah i dont remember having this problem with a static ip [14:24] it worked right after install [14:24] what you actually filter on is "dynamic IP address ranges" [14:24] I can't send emails from my server at home either [14:25] kblin: the way the router is set up is 10 and above is dynamic [14:25] 1-9 is static [14:25] orudie, make sure that your 'From' address is resolvable. [14:25] the server has ip address 5 [14:25] no, that's not what I'm talking about [14:25] and that it resolves to what that address. [14:26] err.. maybe not the second part. i'll go away, kblin likely knows more. i've not done this in quite some time. [14:26] kblin: i dont get it :) [14:27] orudie: people tend to not accept mails that come in from IP addresses that e.g. Verizon hands out to their customers [14:28] kblin: is there a work around ? [14:29] depends [14:29] I once set up my local mail server to hand off all my local mails to gmail [14:29] if you only ever send from a gmail address, that works [14:30] woot... Netcraft references 1.4 Million web servers running Ubuntu... [14:30] or rather, if you only ever send from a single gmail address [14:31] speaking of web servers, I've got a lighty here that crashes (without anything logged) when one user is trying to connect to it [14:31] other people can use it just fine [14:32] I'm having issues with LDAP, pam_ccreds and apache2 http-auth, if I log in to a system via ssh using my LDAP credentials, I can see that my info is cached via 'sudo cc_dump' however for users authenticating with http-auth on our site, their LDAP info is not being cached. Any ideas? [14:32] I have apache2 set up to use /etc/pam.d/common-auth (which is where I have the caching configured) [14:34] kblin: so there is actually no work around ? [14:34] kblin: :) [14:35] well, you could set up a server on a static IP address and configure your local servers to hand off email to that server with the static IP [14:35] and of course configure the server on the static IP to only accept emails from your servers at home [14:36] or whereever your trying to send mail from [14:37] kblin: ok i get it, i'll try [14:37] kblin: this will be a little project for me though :) [14:37] I've not done this myself yet, hasn't been important enough so far [14:38] it's easier to tell my email program to deliver right to my provider's servers, depending on the identify it's using [14:38] kblin: yeah same here, i administer a VPS at work, its hosted in a data center never had a problem like this with it [14:38] you could check if your current external IP is blacklisted [14:38] but usually that's sort of a losing battle [14:39] blacklisted where ? [14:39] dunno, depends on what blacklists your filters are using [14:40] my servers use the RBL, iirc [14:40] spamassassin has that set [14:40] hello. I using Open LDAP and am able to add users to a group, but when I try and remove a user from a group using usermod I get {user} not found in /etc/passwd [14:40] kblin: i understand i can whitelist it on my own server, what about the rest of the world :) [14:40] which is true, so I was wondering how to remove a user from a group with ldap [14:42] I'm having issues with LDAP, pam_ccreds and apache2 http-auth, if I log in to a system via ssh using my LDAP credentials, I can see that my info is cached via 'sudo cc_dump' however for users authenticating with http-auth on our site, their LDAP info is not being cached. Any ideas? [14:42] I have apache2 set up to use /etc/pam.d/common-auth (which is where I have the caching configured) [14:44] kblin: what about setting up certificates ? [14:47] orudie: that's what I'd do for authenticating the mailservers to the smarthost [14:52] kblin: i'm looking here https://help.ubuntu.com/9.10/serverguide/C/certificates-and-security.html#creating-a-self-signed-certificate [14:52] kblin: this command returns error server.csr: No such file or directory [14:52] won't help you for sending email [14:53] k [15:07] I'm having issues with LDAP, pam_ccreds and apache2 http-auth, if I log in to a system via ssh using my LDAP credentials, I can see that my info is cached via 'sudo cc_dump' however for users authenticating with http-auth on our site, their LDAP info is not being cached. Any ideas? [15:22] hi all, i installed a minimal virtual 9.10 server, now i'm trying to install the vmware tools, but this fails already at mounting the cdrom woth the following error: mount: unknown filesystem type 'iso9660' [15:22] can't figure out what i have to install to get iso9660 support, any idea? [15:24] I'm new to linux servers but how did you burn the iso? [15:24] are you on mac or pc? [15:25] I ask because I had some trouble getting a 'good' ISO to use to set up my server on a G4 that I have [15:25] I ask because I've had this problem [15:25] fox__, does your kernel have support for iso9660 built into it, or is it a module? [15:26] if module, is it loaded? [15:26] i think the minimal kernel loads the cdrom support as module [15:26] but which module to look for? [15:27] it used to be iso9660.ko ;) [15:29] there is no iso9660.ko on this minimal system, so my next question how to i find out what i have to install to get iso9660.ko [15:31] fox__: try running "sudo lsmod" and see if iso9660 is in the list [15:32] no it's not [15:32] if it isn't you may need to run "sudo modprob iso9660" to load the module [15:32] FATAL: Module iso9660 not found. [15:33] sorry run modprobe not modprob ^^ [15:35] i installed so far: fuseiso9660 and xfsprogs but none of those contains the module or a dependency to it [15:36] fox__: what kernel are you running? [15:37] uname -r [15:38] it looks like it recently changed to isofs instead of iso9660 [15:38] i'm not sure when though [15:39] fox__: try running .. [15:40] sudo find /lib/modules/`uname -r`/ -name isofs.ko [15:40] see if it returns a path to the module [15:40] if it does try "sudo modeprobe isofs" [15:42] nope there is also no isofs.ko [15:42] nijaba, ping [15:42] smoser: pong [15:42] is there a iso9660.ko? [15:42] fox__: ^ [15:42] is it ok if i add a 'tips' entry to UEC documentation from https://help.ubuntu.com/community/UEC ? [15:43] smoser: fire away [15:43] no there is no iso9660.ko [15:43] smoser: sure. Feel free. It's a wiki, so it is meant to be changed by anyone [15:44] smoser: I am subscribed to it anyway, so if I don't like it, I'll kill it :P [15:44] oh my god...you killed the wiki! [15:44] you bastard! [15:45] fox__: what kernel are you running? "uname -r" [15:45] nijaba, well, maybe i'll get 15 seconds of fame before you delete me comments :) [15:45] hehe [15:45] 2.6.31-14-generic-pae [15:45] fox__: the following should work sudo mount /dev/cdrom [15:46] no it doesn't: sudo mount /dev/cdrom [15:46] mount: unknown filesystem type 'iso9660' [15:47] it's a ubuntu 9.10 server 32 -> F4 -> minimal virtual machine installation, it is really minimal which is great (appart from the cdrom support) [15:49] that's interesting.. my minimal intalls of 9.10 include the isofs.ko module [15:49] my kernel is 2.6.31-14-server though and it is 64 bit [15:49] did you choose the minimal or the minimal virtual option? [15:50] did you select the minimal install or the virtual machine minimal install? [15:50] oh.. I see it is the virtual machine sorry [15:50] i did "virtual machine minimal" [15:50] fyi: More Ubuntu Server Edition statistics: http://bit.ly/4CKV0m [15:50] hmm.. I have never used that.. even on virtual machines [15:51] ok i'll reinstall with just "minimal" [15:51] someone else my be able to explain what the minimal virutal machine is all about [15:52] ubuntu has a jeos that is more geared towards vm [15:53] Reepicheep: http://www.ubuntu.com/products/whatisubuntu/serveredition/jeos [15:53] nijaba: bogeyd6 thanks [15:54] I've built jeos images with vmbuilder.. I kinda was thinking that is what the virtual marchine install option was for [15:54] but I wasn't sure [15:56] but i can't find a description what's the difference between the two minimal options, will search a little bit more.... [15:56] so yeah.. fox__ accounding to that page the JEOS edition has a "tuned kernel that only contains the base elements needed to run within a virtualized environment" [15:56] fox__: see the link that nijaba posted [15:57] and where does it explain the difference, sorry cant see it [15:59] fox the ubuntu server minimal option is the default option and installs with no GUI, the virtualized option has the ability the install even more minimally and doing away with certain packages that are unneccesary in an VM. [15:59] for a specific website to detail everything please visit http://www.ubuntu.com/products/whatisubuntu/serveredition/jeos [15:59] !jeos [15:59] JeOS (pronounced "Juice") is Just enough Operating System. It is an efficient variant of the Ubuntu Server operating system, configured specifically for virtual appliances. See http://www.ubuntu.com/products/whatisubuntu/serveredition/jeos for more information. [16:04] so what you try to tell me is that "minimal" is minimal and "virtual machine minimal" is jeos === dendro-afk is now known as dendrobates [16:10] fox__, yeah you got it [16:10] the jeos is to create appliances [16:12] ok so back to my inital problem the, how to get cdrom support in the 9.10 jeos install? [16:12] kirkland, are you registered to attend UDS in launchpad? on the sprint page? [16:14] fox__, mount [16:14] fox__, btw are you sure youre needing to use the jeos version right [16:15] sorry mount fails with: mount: unknown filesystem type 'iso9660' [16:15] * VirtualDisaster has has never had to mount a cdrom, i always mount a iso and it just works === drupalscott is now known as newbuntu [16:17] I have my new server setup on my old G4, and I am able to sftp in, but I'm have permission issues. Can anyone tell me the right way to set up a secure sftp for a user [16:18] newbuntu, http://www.google.com/search?client=opera&rls=en&q=sftp+multiple+users&sourceid=opera&ie=utf-8&oe=utf-8 [16:19] thanks, I'll check it out [16:19] fox__ sudo mount /dev/cdrom /media/cdrom [16:20] sftp as in the ssh protocol addition or ftp/ssl? [16:20] yes [16:20] Isn't ftp + ssl ftps? [16:20] ssh [16:20] !ssh @ newbuntu [16:20] Sorry, I don't know anything about ssh @ newbuntu [16:21] lol [16:21] !scp @ newbuntu [16:21] Sorry, I don't know anything about scp @ newbuntu [16:21] wtf [16:21] bogeyd6: you want | not @ [16:21] ah [16:21] !ssh | newbuntu [16:21] newbuntu: SSH is the Secure SHell protocol, see: https://help.ubuntu.com/community/SSHHowto for client usage. PuTTY is an SSH client for Windows; see: http://www.chiark.greenend.org.uk/~sgtatham/putty/ for it's homepage. See also !scp (Secure CoPy) and !sshd (Secure SHell Daemon) [16:23] thanks, I thought I would have access as the user I setup on initial install. [16:23] you should [16:28] I tried adding a folder via sftp client and it wouldn't let me [16:28] I can only add as 'root' on server machine [16:29] I'm using ubottu's first link to set it up now [16:30] newbuntu: The issue is probably who owns the directory inside which you were trying to create your new one. [16:31] I was within /var/www trying to create /html. I'm setting up a drupal install [16:31] I can do it on the server directly but need ssh access [16:31] newbuntu: /var/www is now likely to have been owned by your ordinary user, hence the need for root to create stuff in there [16:32] *is not likely* [16:33] it's owned by 'root' [16:33] that's why, huh? [16:33] Indeed. [16:33] okay, I'll just specify which accounts can use SSH [16:34] including my own [16:35] would you agree it's important to choose a random port for ssh to listen on? [16:39] newbuntu: a non-standard port you mean (not 22), not a random port. yes, that can help confuse automated tools [16:39] yes, that's what i mean [16:39] I plan on setting up a key-pair [16:40] use some high port, by default many scanners do not check very high ports [16:40] yes, key-pair, that goes without saying === StrangeCharm_ is now known as StrangeCharm [16:42] * kblin shrugs [16:43] I use denyhosts with the blacklist [16:43] I don't get many attacks these days [16:43] I've found information on disabling key authentication, not creating one. kblin- what's blacklist? [16:44] denyhosts-blacklist? === dendrobates is now known as dendro-afk [16:46] newbuntu: http://denyhosts.sourceforge.net/ check the "synchronization" feature [16:46] thanks [16:47] nijaba, kirkland i added ref about MAC filtering at https://help.ubuntu.com/community/UEC/Tips [16:49] smoser: neat. I modified /UEC a bit, hope you still like it that way [16:50] oh, i hate it! let the wiki war begin [16:50] i mean, it looks fine [16:50] smoser: ROFL [16:51] I think we should start a little FAQ too. Maybe I'll work on this tomorrow. [16:52] New bug: #472969 in qemu-kvm (main) "installs a broken man-page symlink" [Undecided,New] https://launchpad.net/bugs/472969 [17:02] does anyone know the right syntax for terminal to access myserver: ie. ssh -i xx.xx.xxx.x@user..... [17:03] <\sh> ssh @ [17:04] smoser: cheers for uec-tools [17:04] cursor dropped to next line but does not ask for password [17:04] nijaba: What are uec-tools? [17:05] ninjah: https://code.launchpad.net/~ubuntu-on-ec2/ubuntu-on-ec2/uec-tools [17:05] https://code.launchpad.net/~ubuntu-on-ec2/ubuntu-on-ec2/uec-tools [17:05] oops. slow [17:05] and the index updating in bzr is slow too. like hours slow [17:06] i have redmine configured with mod_passenger. Since i configured that sometimes like in once a month or so, apache seems to fork a lot, causing memory to get full, any idea where cna i locate the cause if this issue? [17:06] can i restrict the amount of ram apache can use? [17:06] hmm, has the partitioning syntax changed for kickseed in karmic? [17:06] smoser: yep, I cheered, then felt dispointed by the commit not being there yet :P [17:06] ninjaba: Ah.... I have an EC2 server but I can't remember what tools I used. [17:07] a config that worked fine for Jaunty doesn't seem to take affect, I get the dialog prompting me [17:07] i changed my ssh port so I get port:22 Connection refused [17:07] a tried to append to the end of ip--xxx.xx.xx.x:port [17:07] newbuntu: ssh user@host:port then [17:08] ninjah, not a lot of tools there. right now just two. one to resize an image, one to take a tarball and put it into uec [17:08] smoser: I don't think I used these tools [17:08] ninjah: they are quite new... [17:10] ssh user@host:port gets : nodename nor servname provided, or not known [17:11] nijaba, there are much more extensive tools at https://code.launchpad.net/~ubuntu-on-ec2/ubuntu-on-ec2/ec2-publishing-scripts [17:12] newbuntu: try "ssh -p port user@host" [17:13] they are what are used for ec2 publishing of nightly builds. they're 'ec2-*' dependent right now (rather than euca2ools), but at some point i want to make 'xc2' (the abstraction layer) support euca and ec2 [17:13] Is there anything in ubuntu that will execute a bunch of applications in a directory on power events? Such as, switching to battery mode, executes scripts/programs, in directory X. On AC power, executes scripts in directory Z etc? If so, what are those paths/ [17:13] that worked! [17:13] newbuntu; of course it did [17:13] why would it show me my RSA key??? [17:14] it spelled it out for me, isn't that bad for security [17:14] hehe [17:14] hehe? [17:14] newbuntu; Its because we linux users believe in a free and open internet... [17:15] smoser: do we reference those anywhere? [17:15] Ash-Fox, hthere are. http://live.gnome.org/GnomePowerManager/FAQ#head-a49ff0426bd01079d4f1ae269701b27a5f43ea33 thats for gnome-power-manager... not sure about for server (but 'battery mode' doesn't seem very "server" ish) [17:15] newbuntu; Why would you ever want to keep someone out? =) [17:15] smoser; UPS maybe... not why run a server on a laptop o.0 [17:15] newbuntu: it's just showing you the public key that that machine your connecting to uses? [17:15] nijaba, no. they're not sufficient for euca at the moment. but they're used a.) by me for ec2 b.) by the build scripts and some of them are quite generic. [17:15] hi, I'm getting locale errors, I tried /etc/environment, locale-gen command, actually I'm getting same issues with this post: http://ubuntuforums.org/showthread.php?t=1236418&highlight=locale,+locales .... I set tr_TR.UTF8 but I don't care it is turkish or english. I just don't want to see warnings or errors. any help? [17:16] b1ack78 [17:16] crohakon, no reason not to run a server on a laptop.. i was just figuring you were actually asking aobut a desktop. [17:16] are you in here? [17:16] smoser: ah, ok, too bad [17:16] smoser, thanks for the link, but yeah, not very helpful with regards to a system that doesn't use a GUI. I'm essentially running a server off a laptop in what can be considered an unstable environment (the laptop in question was built to work in extreme conditions). [17:17] i think if you're not running gnome-power-manager (then you want acpid [17:17] smoser; I was not asking anything... just commenting on the laptop/server comment you made [17:17] Ash-Fox, /etc/acpi [17:17] Ash-Fox; oh, I guess that makes sense... [17:17] /etc/acpi appears to only have the power button === jfluhmann_ is now known as jfluhmann [17:17] One of the first places I looked :) [17:18] * Ash-Fox checks through ubuntu's packages, perhaps there is some laptop tools or something needed. [17:18] Ash-Fox, i think that should work. [17:19] at least on my laptop here, acpid is running, it is what passes events to gnome-power-manager (if it is running) [17:19] Ash-Fox, maybe you want acpi-support [17:20] pkg [17:20] Nevermind, I missunderstood the /etc/acpi/events layout :) [17:23] I have a retarded problem. When I had ubuntu-desktop installed I could get the wifi working. But using iwconfig, the damn thing just doesnt associate [17:23] I'm on a mac trying to transfer my RSA key to it, ssh-copy-id @....what is the host? [17:23] I'm giving it every damn param to iwconfig, but when i type iwconfig again, it looses it all [17:25] I've tried my computer name and my ip [17:26] I'm trying to do this: [17:26] f you can log in to a computer over SSH using a password, you can transfer your RSA key by doing the following from your own computer: [17:26] ssh-copy-id @ [17:26] Where and should be replaced by your username and the name of the computer you're transferring your key to. [17:27] can anyone tell me where I can find the correct value for [17:28] newbuntu: host is the computer that you want to copy your ssh key to. [17:28] FUK!!!!!!!!! It was Network-Manager, once i killed that, it all worked [17:28] cxo: Please mind your language here. [17:28] * cxo spent 5 hours on that [17:28] Why the hell does network-manager keep messing with my wireless [17:28] Pici, sorry [17:28] Pici: is it referring to or ? [17:29] newbuntu: doesn't matter [17:29] I've tried both of those? [17:29] Is it because I changed my ssh port? [17:29] was 22, now XXXXX [17:30] newbuntu: are you trying to run ssh-copy-id from the Mac or to the Mac? [17:30] I only changed it on the server [17:30] newbuntu: That would cause an issue. I don't see an arugment for ssh-copy-id to specify the port number. [17:30] I'm trying to run ssh-copy on my MacPro through terminal, connected to my G4 server [17:31] newbuntu: They're both running Ubuntu/ [17:31] ? [17:31] I'm logged into the server with password [17:31] no [17:31] k.. the reason I ask is because OS X does not have the ssh-copy-id command [17:31] macPro is OSX [17:31] oh [17:31] but you can always just copy it the old fashion way [17:31] any ideas on copying RSA to my macPro off the server [17:32] okay [17:32] from the machine that you want to copy the key from run: [17:33] I want the ssh_host_rsa_key.pub, right? [17:33] scp -p port ~/.ssh/id_rsa.pub user@host:/tmp/ [17:33] thanks [17:33] then from the target machine run: [17:34] cat /tmp/id_rsa.pub >> ~/.ssh/authorized_keys [17:34] as the user you want to login as ^ [17:35] how do I look at the .ssh hidden dir [17:35] on server [17:35] cd ~ [17:35] ls [17:35] nothing there [17:35] ls -a [17:35] I just upgraded my Jaunty server and for some reason it installed the generic kernel. Does this sound right? I'm still fairly new to Ubuntu server. thx. [17:35] ahhh thank you [17:37] which file do I want? id_rsa or id_rsa.pub [17:37] private or public? i gues [17:38] never mind, I see your post above [17:40] Reepicheep: connection refused on port 22 [17:40] maybe need to change the ssh port back to 22 on server? [17:41] then back again? [17:42] newbuntu: you set the port with -p on scp correct? [17:42] no [17:42] thanks [17:43] newbuntu: because you are not running the ssh server on the standard port you always need to tell your client to use the none standard port. whether the client is ssh or scp or some other client that uses ssh [17:43] Wow, getting things to work via the /etc/acpi/events way is quite.. messed up [17:44] oh.. and newbuntu: "man" is your friend. learn to use the man pages [17:46] it's telling me the connection to the target machine is refused on port:22 [17:47] might be my router, checking that [17:54] New bug: #473062 in eucalyptus (main) "new node has eucalyptus-nc down (apache config ?)" [Undecided,New] https://launchpad.net/bugs/473062 [17:55] kirkland: hi! [17:55] mathiaz: yo [17:55] kirkland: I've got a source package ready for the eucalyptus SRU [17:55] mathiaz: sweet [17:55] kirkland: seems like the PPAs are backlogged [17:55] mathiaz: i'm leading an OpenWeek session in 4 minutes on Byobu [17:56] mathiaz: i'll review/test it after [17:56] kirkland: ok - will you have some tiem for testing later? [17:56] kirkland: great - thanks [17:56] mathiaz: sure [17:56] kirkland, just a few minutes until your session [17:56] kirkland: I won't push to a PPA because of the long queue [17:56] #ubuntu-server: come join us in #ubuntu-classroom for a session on Byobu including a live demo in EC2!!! [17:56] heh [17:57] mathiaz: just do it, and ask an admin to bump the build prio [17:57] jcastro: i'm on it, cap'n [17:57] disconnected [17:58] Reepicheep: I've opened up ssh on my router, but I still get- :No route to host? [17:58] kirkland, I have to hop on a call, just take over when jono is done [17:58] you're all voiced up [17:58] jcastro: word [17:58] thanks! [17:59] newbuntu: keey in mind you router thinks ssh is running on port 22 and your aren't running it on port 22 anymore.. [17:59] you may need to open the other none standard port.. I am away now.. [17:59] I changed everything back to 22, to take it out of the mix [18:02] thanks for all you help [18:04] hey, i've installed ubuntu-server on a P2. The problem is that the font size is huge [18:04] does anyone know how to fix this? [18:06] tharis20 you need to edit /etc/default/console-setup [18:06] if memory serves correct [18:07] tharis20, it's more likely the console resolution that's too low, you change that in /boot/grub/menu.lst [18:07] tharis20 you can also do a dpkg-reconfigure console-setup [18:07] it defaults to an 80x25 terminal [18:09] smoser: are you doing a hardy refresh? [18:09] add vga=791 to the kopts line, and run sudo update-grub [18:09] :) [18:09] zul, i was looking at that right now. [18:09] when you reboot it should be 1024x768 [18:10] smoser: coolness let me know if you need my advice [18:12] i need to build a kernel module for karmic on ec2 that wasn't built. what's the best way to go about that? [18:18] I just reinstall mysql-server and mysql-common. Is it normal to see "cannot access /sys/module/apparmor: No such file or directory"? [18:21] hey guys, I know this isn't too ubuntu specific (although I don't know whom else to ask). Is there a way to setup a pair of file servers to act as a raid 1 to each other? Not DRBD but something more hardware related like through host bus adapters? [18:22] jetole, DRBD is network raid1 [18:23] or whats that other one... [18:28] !google [18:28] While Google is useful for helpers, many newer users don't have the google-fu yet. Please don't tell people to "google it" when they ask a question. [18:30] VirtualDisaster: I know DRBD is [18:30] VirtualDisaster: I use it [18:30] Looking for some hardware related way [18:31] In all honesty, I have done some research on Host Bus Adapters (HBA) but I am honestly still not sure what they are for. [18:34] jetole, they are network cards designed for storage thats all [18:34] VirtualDisaster: and what do they do that a normal network card doesn't? [18:35] wikipedia it for a complete understanding [18:35] I have. Have you? [18:35] That article doesn't tell me much [18:35] mainly are used for SAN environments that need a lot of network storage like for virtualization [18:36] which is exactly where I am but I don't know what it does. [18:36] how does it differ from a network card if that is what it is closest to? [18:36] simplest way to understand it is that it is just a network card for primarily storage related tasks [18:36] ok [18:37] * jetole still doesn't get it but doesn't matter since thats not really what I need to know [18:37] still trying to find a native way to keep disks in perfect sync on two different file servers [18:37] I know DRBD does but I would hardly call that a native way === newbuntu__ is now known as newbuntu [18:44] newbuntu; Every find what you were looking for lastnight? [18:44] ever* [18:45] hey crohakon [18:45] I almost have it working, ran into a problem I've been trying to fix for over an hour though [18:46] I am setting up a id_rsa but can't get it copied over to my target machine [18:47] are you there? [18:47] I don't know much about that, but I am sure someone in this massive room does. [18:47] If you can log in to a computer over SSH using a password, you can transfer your RSA key by doing the following from your own computer: [18:47] ssh-copy-id @ [18:47] Where and should be replaced by your username and the name of the computer you're transferring your key to. [18:48] I get this error: port 22 Connection refused [18:48] newbuntu: ssh-copy-id -i id_rsa.pub computer.domain.com [18:48] oh well thats easy [18:48] the port is closed [18:48] yup [18:48] lol [18:48] I opened it up on my router? [18:48] Airport Extreme [18:48] connection refused means it's not firewalled but instead getting a RST/ACK packet [18:48] port mapping [18:48] newbuntu: I believe you [18:48] can anyone say why I shouldn't be using Karmic on EC2 as my production server? [18:48] oh [18:49] ajaya: it's not LTS [18:49] RST/ACK? not sure what that means [18:49] it means the computer, not the firewall or router but the computer is saying the port is closed [18:49] @ newbuntu [18:49] how do I open it? [18:50] start ssh daemon [18:50] if you don't mind [18:50] sudo /etc/init.d/ssh start [18:50] jetole wonder it makes huge deal for a basic LAMP OR Rails server. [18:50] ajaya: don't think it should [18:50] in my terminal, right? I already tried to start it that way, no success [18:50] zul, ping. [18:50] smoser: pong [18:51] looking at ec2-init in ec2-init-0.3.4ubuntu7~hardy1 [18:51] newbuntu: netstat -tpeln | grep 22 [18:51] newbuntu: run that on the server [18:51] also on the server try connecting to your ssh locally [18:51] i.e. ssh 127.0.0.1 [18:52] the init script runs (i think) after ssh [18:52] $ ls -altr /etc/rc2.d/ | egrep "ssh|ec2-init" [18:52] lrwxrwxrwx 1 root root 13 2009-04-25 06:25 S16ssh -> ../init.d/ssh [18:52] lrwxrwxrwx 1 root root 18 2009-04-25 06:25 S90ec2-init -> ../init.d/ec2-init [18:52] smoser: why -t [18:52] but ec2-init regenerates ssh keys. and doesn't restart ssh. [18:52] thats date based [18:52] and yes it runs after ssh [18:52] jetole, no reason... my fingers just type that any time they see a '-l' [18:53] ssh 127.0.0.1 returns: port 22: Connection refused. [18:53] smoser: yep feel free to backport the karmic version to hardy [18:53] anything in rc2 (or any other rc) suns based on number [18:53] I changed my port [18:53] i.e. S16 runs before S99 [18:53] on the server anyway [18:53] newbuntu: then you need to tell your client to connect to a different port [18:53] either ssh -p port [18:53] or change ~/.ssh/config [18:54] I run all my ssh on different ports so I store it in config [18:54] zul, ok, so thats a known bug then. [18:54] smoser: i think so [18:55] I'm a bit slow, so give me a minute to check your posts [18:56] newbuntu: if you changed the server port to say 54321 then type "ssh -p 54321 my.server" [18:57] My server runs ssh on say... port 99... so when I log in I use: ssh -p 99 192.168.1.xxx [18:58] on my server I've typed: scp -p 54321 ~/.ssh/id_rsa.pub @:/tmp [18:58] I get port 22: connection refused [18:58] is that refusal on the client or server? [18:59] ubuntulog: I don't think -p works in scp [18:59] first off, thats not how you add a key [18:59] you add a key using ssh-copy-id [18:59] ssh-copy-id -i my.key my.server [18:59] which was mentioned once before... [18:59] secondly, since you are doing that [18:59] newbuntu: ssh-copy-id -i id_rsa.pub computer.domain.com [19:00] create a file called config in the ~/.ssh directory [19:00] chmod 600 config [19:00] then add the lines: [19:00] Host * [19:00] Port 54321 [19:00] also if you only want this for one host you can use: [19:00] Host my.server [19:00] instead of Host * [19:00] close the file and then ssh to the server [19:01] if ssh works but asks you for a key then you know it knows the port [19:01] I mean if it works but asks for a passwords [19:01] once that works then run ssh-copy-id to place the key [19:01] thank you, trying now [19:01] let me know when it works [19:02] I will!:) [19:02] * crohakon pats Jetole on the back [19:02] Nice work. [19:03] thanks [19:03] lol [19:04] no offense to newbuntu but this is childs play [19:04] smoser: When you say vmbuilder, do you actually mean ec2-init or is there a connection to vmbuilder in that bug that I'm just not seeing? [19:04] I've only been at this for a few days, new to this [19:04] jetole; Yes, in terms of knowledge, but not everyone has grown out of their linux pampers. Me for example, I just started walking. =) [19:04] newbuntu, its a learning experience [19:04] i'm using ubuntu 9.4version,how do i configure apt-get server in my machine [19:05] newbuntu: like I said, no offense to you [19:05] please give me steps [19:05] newbuntu, ive been using linux for 5 years and still have to get help [19:05] 9.04? [19:05] I remember my first beer [19:05] ;) [19:05] jhan, read the documentation on the ubuntu web site [19:05] gotta start somewhere, not claiming to have the knowledge you all have [19:05] lol @ jetole [19:05] soren, you're referring to something i said like 8 hours ago, right? i thikn youi're right, that that shoudl have said ec2-inti [19:05] k [19:05] newbuntu; your fine, no worries. [19:05] newbuntu: I know. I am not saying anything bad about it/you [19:05] that's why I'm here, thanks for your help though [19:05] instead I am helping [19:06] I appreciate it! [19:06] smoser: Uh, yeah, it's been a while. I've been internet deprived. [19:06] sure [19:07] stupid question? The following is done on the server/client: create a file called config in the ~/.ssh directory [19:07] chmod 600 config [19:07] then add the lines: [19:07] right, from the terminal, type chmod 600 config [19:07] config is the actual config file [19:07] so you will need to be in the .ssh directory of your home [19:07] chmod 600 means make this file read/write by me and only me [19:07] soren: going through withdrawls? [19:07] sudo nano ~/.ssh/config [19:07] otherwise ssh will not accept it [19:08] * jetole rolls eyes @ nano [19:08] okay, thanks [19:08] he, I like nano [19:08] vi is the editor of the gods [19:08] yeah, but you also need a book to learn it. [19:08] nano is easy, so for him it is good. [19:08] zul: It's getting upgraded and there was some sort of problem, so now I'm leeching off of a neighbours open wifi :) [19:08] I know I know [19:08] I work with a programmer who can't stand vi [19:08] soren: good on you ;) [19:08] * VirtualDisaster loves vi [19:08] simple [19:08] and a dozen other programmers that don't know what it is [19:09] jetole, lol [19:09] jetole; I know what is is... but prefer nano as it is really simple and I don't need much more. [19:09] VirtualDisaster: it is the most capable editor I know [19:09] smoser: But no, clearly no reason to fail on python2.4. I didn't even think we shipped 2.4 anymore, but I see that we do. [19:09] crohakon: I know, just saying I agree with you sorta since I know lots of people feel the same [19:09] vi is not simple [19:09] *nods* [19:09] vi is instead complete [19:10] jetole, agreed [19:10] yeah, i think for /usr/bin/python to be 2.4 it was probably a upgrade from something old [19:10] Well, time to go get food. [19:10] I'm thinking time for bed [19:10] I'm taking today off after working 70+ hours in the last 8 days [19:11] soren: quick question for you does window 7 work as a kvm guest? [19:12] yeah, not fun. My last job I was managing two restaurants. I was working 130 hours a pay period (every two weeks) between march and october [19:12] Now, I am un-employed and poor. =) [19:12] bye [19:13] Virtual, wow! [19:13] jetole: Port 22 [19:13] Host alias [19:13] IdentifyFile [19:13] HostName [19:13] User root [19:13] I'm setting up a new cloud and SAN infrastructure [19:13] :D [19:13] I already have this info in that file, can I just add to it? [19:13] for the love of god don't use root [19:13] or IdentityFile [19:14] Identity file is not a big deal but if you have ~/.ssh/id_rsa.pub then ssh uses it automatically [19:14] zul: don't know for sure. I think I've heard of someone who did it, but I'm sure I heard about someone for whom it failed. [19:14] smoser: Probably, yeah. [19:14] soren: reason im asking is so I can test samba for lucid better [19:14] smoser: ...so why the heck is he installing ec2-init? :) [19:14] and yes, you can append to that file but also don't specify IdentityFile until after you know it's working before the identity file is needed [19:15] zul: Well... Try it and let me know :) [19:15] yeah, and why did he install it on that old distro and thn upgrade [19:15] mathiaz: okay [19:15] mathiaz: done with my session [19:15] mathiaz: should i just pull your branch and build locally? [19:16] do I add: Host 1 2 3 4 or... [19:16] host 1 [19:16] host 2 [19:16] host 3 [19:16] smoser: People are nuts. :) [19:16] soren: I just need a copy of it [19:16] umm...legal copy of it [19:16] newbuntu: all commands apply for the host hey are listed under... [19:16] Hi, I can't connect to ssh using nautilus or gftp (other than terminal) except root user. I'm using jaunty [19:17] * smoser thinks zul watched the windows 7 torrent party video [19:17] so if you want something to apply to all hosts, list it under Host * and make sure Host * is at the bottom [19:17] smoser: mayyyybe [19:17] Host is like the group breaker [19:17] smoser: maybe im just converting all my boxes to windows [19:17] each Host line represents a new machine [19:17] for everything under it until the next host line [19:17] oh, got it [19:17] thanks [19:18] zul, all my boxes are already upgraded to windows 7. [19:24] okay, I'm connected to my server through ssh in Terminal!!! [19:24] lol [19:24] cool [19:24] now how do I get access through ftp/ssh client [19:24] newbuntu: nice.. did you get your public key copied over? [19:24] newbuntu: don't use ftp [19:24] use scp [19:24] doing that now [19:25] trying... anyway [19:25] scp file my.server: (copies file to home directory on server) [19:25] scp my.server:/home/newbuntu/this.file ~ (copies this.file on server to your ~ directory) [19:25] newbuntu: also look at sshfs + afuse [19:26] newbuntu: do you still have sshd listening on a different port? [19:26] yes [19:27] i do [19:27] I think I told you incorrectly how to switch ports with scp earlier [19:27] use -P not -p [19:27] it's all in the man page [19:27] so "scp -P port user@hostname:/path/to/file [19:27] man scp [19:27] Reepicheep: he is using a proper ssh config file now though so I don't think he needs it [19:28] newbuntu: also man ssh_config for more things to change [19:28] so newbuntu set it up to so his clients use it system wide in the /etc/ssh config files? [19:29] Hii i have a problem when i try config exim4 with smarthost, somebody can helpme? [19:29] New to Linux in general, Ubuntu in particular: new 9.1 server install, single OS, ok till Grub install, at which point the install menu loops on that selection till I select 'no bootloader' and then the server won't start after the install. Any pointers? Thanks. [19:29] Reepicheep: he could but instead place it in ~/.ssh/config instead of /etc/ssh/config [19:30] /etc/ssh/config should only be used for all users [19:30] yeah.. that would probably be better anyway [19:30] I thought I had to use ssh-copy-id @ [19:30] newbuntu: no [19:30] Hii i have a problem when i try config exim4 with smarthost, somebody can helpme? [19:30] ssh-copy-id -i key.file your.host [19:30] newbuntu: are you still trying to copy the public key from your Mac? [19:30] for example ssh-copy-id -i ~/.ssh/id_rsa.pub my.server.com [19:31] did you just say mac? [19:31] I am trying to copy the public key from my server to my mac so I can have access [19:31] I created the key on my server [19:31] is that right? [19:31] so you want your server to be able to connect to your mac via the ssh keys? [19:31] yes [19:31] ok, I don't know much about ssh on mac other then my dad has one and the configs in /etc don't work the way they do on every other computer [19:31] Hii i have a problem when i try config exim4 with smarthost, somebody can helpme? [19:32] BerRMaNyA: can you paste your exim router configs in a paste bin? [19:33] newbuntu: I just want to make it clear you want to connect from your ubuntu server to your mac not vice versa? [19:33] no, I'm sorry...I want to be able to access the server via the mac [19:33] that's what I thought [19:34] you need to generate the key on the client.. not the server [19:34] so in your instance the client is your Mac [19:34] What is the file of configuration?, i execute sudo dpkg-reconfugyre exim4-config [19:35] newbuntu: and OS X does not have ssh-copy-id so you have to do it by hand.. the old fashion way [19:36] oh, I was thinking of it backwards! [19:36] BerRMaNyA: I use exim but I have never used the configs made via dpkg-reconfigure so I don't know if I can help a lot [19:37] I can help you edit the files by hand.. but you may want to do it the ubuntu way as you have tried with dpkg-reconfigure [19:38] Reepicheep wait, i'll upload the config file [19:38] when you run dpkg-reconfugyre exim4-config does it give you an option to set it up using a smarthost as postfix does? BerRMaNyA [19:38] newbuntu: the first thing you need to make sure is that you have a public private key generated for your user an your mac? [19:39] I generated both, but on the server [19:39] newbuntu: from the terminal type "ls ~/.ssh/" and is there an id_rsa.pub or id_tsa.pub file? [19:40] when i run dpkg-reconfigure, askme the ip of smarthost, but i dont know de smarthost ip [19:40] no just my a config file and known_hosts file [19:40] s/id_tsa.pub/id_dsa.pub/ ^ sorry [19:40] I try put ip of isp [19:40] but dont work [19:40] BerRMaNyA: you will defiantly need that info to set up the smart host [19:40] I have set this up with another server before [19:41] appearantly [19:41] BerRMaNyA: you may be able to use the DNS name of the smarthost you would like to use [19:42] newbuntu: then you need to generate a key pair for your user on you Mac first.. use ssh-keygen [19:42] i.e ssh-keygen -t rsa [19:42] Reepicheep: I don't remember why but the file contains the other RSA I use for another server, not sure why I set it up that way [19:43] but i dont understand, i 'll try use the DNS of ISP, that is ok? [19:43] that's ok.. the known host contains the public key for every ssh server you have connected to and trusted said ssh servers keys [19:43] newbuntu: ^ [19:43] ahhhh [19:44] BerRMaNyA: do you understand what a "Smarthost" is? [19:45] BerRMaNyA: basically it is a server that will relay your mail to and from your existing server depending on your situation. [19:45] is that what you are after? [19:46] New bug: #473218 in sysstat (universe) "Please sync sysstat-9.0.5-1 from Debian unstable." [Undecided,New] https://launchpad.net/bugs/473218 [19:46] mmm i think that smathost is a service when i run mail() in php for example, mi smtp server relay the mail to smarthost, and smarthost redirect this mail to email account what specify in mail function [19:46] sorry my inglish is bad [19:50] kirkland: avahi and eucalyptus uploaded to my ppa - https://launchpad.net/~mathiaz/+archive/eucalyptus/+packages [19:50] BerRMaNyA: are you setting up exim to host local inboxes? or just to send mail out to external email account? [19:50] kirkland: so you can probably grab the source code from there and build them localy [19:50] so I just created a key on my client computer [19:51] reepicheep [19:51] ls -a [19:51] newbuntu: sweet. now you need to get the contents of the ~/.ssh/id_rsa.pub file into the ~/.ssh/authorized_keys file on the server [19:52] okay, doing that now [19:52] replace rsa with dsa if you created the keys that way ^ [19:52] no they are rsa, what's the diff [19:52] the easiest way is to use "scp" [19:53] scp -P port ~/.ssh/id_rsa.pub user@hostname:/tmp/ [19:53] Reepicheep: I try config the local pc as server, i have static ip, when mi work now is config this machine with smtp server and pop3 server, I installed exim as smtp server, i try send the mail with PHP to my email account, and I recibe this mail in spam inbox [19:53] newbuntu: that will get the pub file over to your server in the /tmp/ directory [19:54] When i think that if setup smarthost i will recibe mail in inbox and NO spam [19:54] newbuntu: then just concatenate it to the end of the authorized_keys file [19:54] cat /tmp/id_rsa.pub >> ~/.ssh/authorized_keys [19:55] now for a really dumb question? is my host name not what I see when I'm logged into my server ie. root@testserver [19:56] BerRMaNyA: are you receiving this mail on an account hosted on the server with exim on it or in an existing email account that is hosted elsewhere? [19:56] nevermind [19:56] got it [19:57] i recive mail on gmail [19:57] it asks for root@'s password? my pass doesn't work [19:58] newbuntu: that concatenate command should be run on the server as the user that you wish to login as after the key has been copied to the servers /tmp/ directory [19:58] when i enter to http://localhost/mail.php?to=bernacas@gmail.com i recive mail in spam [19:58] on gmail [19:59] BerRMaNyA: you may not need to run exim on your machine at all if you are sending to a gmail account [19:59] Hey guys. Y'all know where I can get the raw Docbook XML for the server guide? [19:59] php should be able to use a smtp server provided by your ISP [19:59] it wants the root password [20:00] I use php to check if my smtpserver is running [20:00] if (mail("bernacas@gmail.com","test","test")) : echo "The mail is sent"; endif; [20:01] newbuntu: assuming that you have heard the warning about sshing to a root account... you can copy the file to the server as a non root user [20:01] This way check if my smtp server is on [20:01] then copy the contents to /root/.ssh/authorized_keys with sudo or as the root user [20:02] newbuntu: by default ubuntu does not set a root password [20:02] hmmm, ok [20:04] BerRMaNyA: if you are just trying to send mail from php.. I'm not sure you really need a full MTA like exim running. there probably are better ways of sending that mail out. [20:05] sorry for the confusion but I created the 'id_rsa.pub' file in ~/.ssh/ logged in as my root, was that a mistake? Should I have created the keys in ~/.ssh/ logged in as my user? [20:05] Reepicheep [20:06] Reepicheep: Now i just config the smtp server, but i now install pop3 server, i can create for example bermanya@IPSTATIC ? [20:06] got it [20:06] newbuntu: it's usually best to connect to your server as an unprivileged user, then use sudo to execute things that need root privileges [20:07] so in the command I gave you .. "user" in "user@hostname" would by your username not root [20:07] than run the concatenate command as your user on the server [20:07] BerRMaNyA: in that case you do need an MTA [20:08] so should the key files on my clientMac be stored in the root ~/.ssh/ or my User ~/.ssh/ [20:08] exim is MTA true? [20:08] user ssh [20:08] the one's I just created? [20:08] @ newbuntu [20:08] ok [20:08] newbuntu: as the user [20:08] well I messed up then, I did it as root [20:08] so /Users//.ssh/ [20:08] I can just delete and redo, huh? [20:09] newbuntu: that only applies if you want the root user to be able to ssh which you can but that is against a lot of BOFH regulations [20:09] newbuntu: I wasn't paying attention but you can delete and re create your certs as many times as you like [20:09] it doesn't hurt to have those keys in the /root/.ssh/ you just won't use them :newbuntu [20:09] deleting and re-creating [20:10] now [20:10] Reepicheep: do you have some tutorial that explain me that i looking for? [20:10] that is also where I put the config file, need to change that [20:10] if [ ${UID} -eq 0 ]; then echo "not as root"; exit 1; fi; sudo rm -rf /root/.ssh; ssh-keygent -t rsa; ssh-copy-id -i ~/.ssh/id_rsa.pub my.server [20:10] @ newbuntu [20:11] that needs a little work but thats the general idea of how to do it all over again [20:11] BerRMaNyA: not of the top of my head.. why is it that you settled on "exim" was it from a tutorial? [20:11] a little over my head but thanks [20:11] the if statement anyway [20:12] jetole: I like that.. that's a cute way to put it [20:12] newbuntu: that should actually do it all except at the end change my.server to your server [20:12] newbuntu: that will delete the root .ssh dir [20:12] and recreate the new keys [20:12] and copy them over [20:12] assuming passwords still work on the server [20:12] jetole: the only issue is that OS X doesn't have ssh-copy-id :( [20:13] I have them on for now, will turn them off when I get this working [20:13] * jetole doesn't allow passwords on ssh on his servers but it's all corporate and I have keys backed up around the corner [20:13] Reepicheep: wow... uh... that sucks [20:13] * jetole points to www.openssh.org [20:13] can download and compile from there [20:13] as part of the openssh package [20:14] newbuntu: just make sure you have backed up your keys very well before you do [20:14] I have opened 100000 tutorials but i cant make work exim, but I now open https://help.ubuntu.com/9.04/serverguide/C/exim4.html [20:14] I will [20:14] jetole: that is why I was having newbuntu us scp to copy the public key to the server.. but I didn't realize it was the root user [20:14] BerRMaNyA: the problem is exim != postfix [20:14] ;) [20:15] yeah me either [20:15] never use root [20:15] won't from now on [20:15] jetole which is the diference of exim and postfix? [20:15] BerRMaNyA: I love exim ... it is my MTA of choice .. but in your instance postfix may be better [20:16] newbuntu: that away to here the warning about using the root user ;-) [20:16] which is the diference between exim and postfix? [20:17] BerRMaNyA: what is the difference between windows and linux? You are asking the difference between two different peices of software. You can put sendmail and the microsoft mail package in the question too. If you want a complete answer download both source packages and run diff -ur against the two directories [20:17] BerRMaNyA: they both accomplish the same thing.. [20:17] out of curiosity, why is it soooo bad for me to be logged in as root [20:17] but the ubuntu way tends to be use postfix.. so you will find more documentation that way [20:17] newbuntu: because you don't need to be and by typing the wrong command as root you will destroy your system [20:17] enough said [20:18] * jetole has been using postfix for years and it just works [20:18] thanks [20:18] newbuntu: also you don't want the root user accessible via ssh incase someone cracks in [20:18] Ok reepicheep, so i run apt-get remove exim and i 'll install postfix is that ok? [20:18] * Reepicheep has been using exim for years .. but in this instance .. Reepicheep thinks BerRMaNyA should use postfix [20:18] BerRMaNyA: great idea [20:20] BerRMaNyA: you will find plenty of tutorials showing you ubuntu-server + postfix + (dovecot | courier | cyrus | your choice of software) [20:20] BerRMaNyA: also #postfix is an informative room [20:20] * jetole votes for dovecot which also functions as the LDA [20:20] * Reepicheep votes the same.. [20:21] well I'm gonna go poo [20:21] bbiab [20:21] newbuntu: .. basicly you just need to run those two commands on your mac as you unprivileged user (ssh-keygen and the scp one) [20:22] Reepicheep thanks so much for your help, jetole same for you [20:22] BerRMaNyA: I didn't offer much but enjoy [20:22] I'm in the process now.... [20:22] now i try install postfix and dovecat [20:22] dovecot [20:23] newbuntu: then concatenate the /tmp/id_rsa.pub file (make sure it's the new one and not roots) to the users .ssh/authorized_keys file [20:24] BerRMaNyA: find a walk through to help you with the configuration steps need [20:24] mathiaz: yo [20:24] mathiaz: okay, i'm downloading now [20:26] I've got the key in my /tmp on server! moving on... [20:27] when I try to cd .shh (logged in as me) it tells me permission denied [20:28] what about "cd ~/.ssh" ? [20:28] it's owned by root, why? [20:29] denied [20:29] "pwd" returns your users home directory not "/root" correct? [20:29] yes, correct [20:29] k.. lets start over on the server side.. [20:29] k [20:30] type "sudo rm -r /home//.ssh" [20:30] make sure it is the correct directory :[| [20:30] :-| [20:30] it's gone.. [20:31] k.. create a new one .. like by for instance typing "ssh -p port localhost" [20:31] and accepting the public key [20:31] kirkland: well - I think everything is built now [20:31] mathiaz: yup, i'm installed [20:31] mathiaz: did you put together SRU testing instructions yet? [20:32] kirkland: not for all the bugs [20:32] kirkland: some of them have the testing instructions already [20:32] made new /.ssh, it's owned by me now [20:32] sweet.. now lets make sure the id_rsa.pub file you your users and not root's [20:33] type "cat /tmp/id_rsa.pub" it should be the key [20:33] at the end it should have "username@your.mac.hostname" not "root@your.mac.hostname" [20:34] it does [20:34] sweet.. k.. now: [20:34] cat /tmp/id_rsa.pub >> ~/.ssh/authorized_keys [20:35] ok [20:35] how do we check [20:35] and when that completes you should see the public key in /home/ if it's there you should have it setup.. now back on your Mac [20:36] it's there!! [20:36] great [20:36] wow, I really appreciate all your time [20:36] mathiaz: i'll write the SRU testing for mine (the powernap one) [20:37] ssh -p port username@server.hostname [20:37] from the Mac ^ [20:37] kirkland: ok [20:37] ok [20:37] I'm having issues with LDAP, pam_ccreds and apache2 http-auth, if I log in to a system via ssh using my LDAP credentials, I can see that my info I'm having issues with LDAP, pam_ccreds and apache2 http-auth, if I log in to a system via ssh using my LDAP credentials, I can see that my info is cached via 'sudo cc_dump' however for users authenticating with http-auth on our site, their LDAP info is not being c [20:37] ached. Any ideas?is cached via 'sudo cc_dump' however for users authenticating with http-auth on our site, their LDAP info is not being cached. Any ideas? [20:37] I have apache2 set up to use /etc/pam.d/common-auth (which is where I have the caching configured) [20:37] if the username is the same on both you don't need the "username@" part [20:38] I'm having issues with LDAP, pam_ccreds and apache2 http-auth, if I log in to a system via ssh using my LDAP credentials, I can see that my info is cached via 'sudo cc_dump' however for users authenticating with http-auth on our site, their LDAP info is not being cached. Any ideas? [20:38] (sorry, something got chopped up in my last message) [20:39] it asked me for my server password? does that mean it didn't work? [20:39] should it still ask for that? [20:40] time to edit sshd_config [20:40] newbuntu: no it should just log you in [20:40] had to enter password [20:41] double check to make sure that the key on your Mac /Users//.ssh/id_rsa.pub matches the key on your server /home//.ssh/authorized_keys [20:42] also make sure that it is still enable in the sshd_config file on the server [20:43] looks as though they match, looking at a few characters in the beginning and end [20:44] at the end of the RSA it has = user@computername.local [20:44] should this be the ip? [20:45] nah.. that should be fine [20:45] have you edited /etc/sshd_config on the server? [20:45] I want to be able to access this whether I'm on my home network or away, I guess that doesn't matter [20:46] i will check the /etc/sshd_config [20:46] PubkeyAuthentication = yes [20:47] all I changed is the port [20:47] hmm. that should work.. [20:47] what is this: # HostKeys for protocol version2 [20:47] let me make sure I can get it to work .. what version of OS X are you running? [20:48] my has: HostKey /etc/ssh/ssh/host/rsa/key [20:48] wait mis type [20:49] usually it is something like: [20:49] t [20:49] HostKey /etc/ssh/ssh_host_rsa_key [20:49] that's what I meant to type [20:49] thanks [20:50] I have a /know_hosts on my mac? does that mean anything? [20:50] I'm running 10.6 [20:51] reepicheep [20:52] is ubuntu server have "official" support on Sparc boxen? or is it "officially" just i386/x64? [20:52] err, * does [20:53] k.. let me test that.. btw. if you want you can have ssh listen on multiple ports. just put on "Port " line per port [20:53] newbuntu: ^ [20:54] I see a line in sshd_config: #AuthorizedKeysFile %h/.ssh/authorized_keys. [20:54] there is nothing under it [20:54] Reepicheep^ [20:54] does my key path need to be there? [20:54] newbuntu: by chance is it asking you for the password you gave when generating the ssh key pairs with the ssh-keygen command? [20:55] no, just my user pass [20:55] well, they might be the same? [20:55] i'm not sure [20:56] was that not my user pass? [20:56] I figured it was trying to authenticate me as a user before generating [20:56] Reepicheep^ [20:56] because if you give a set a password when creating the keys with ssh-keygen it will prompt you for that password every time you use the key [20:57] can I turn off the password authentication in the sshd_config file and try to login again? [20:57] will that tell me anything [20:57] if you want to connect in "Passwordless" if that's a word.. you need to create the ssh_key pair without a password.. but .. there are security concerns doing it that way also [20:58] i don't mind typing in the password, just wanted to make sure I was actually connecting with the key pair [20:58] Reepicheep^ [20:59] you probably are.. it is just prompting you for your key pair password not your user password on the server [21:00] btw.. it works fine for me from a 10.6.1 Mac to an ubuntu server 9.10 [21:01] I just turned of pass auth in sshd_conf on server [21:01] restarted ssh [21:01] tried to log in from mac [21:01] permission denied (publickey) [21:02] confused [21:02] New bug: #473332 in openipmi (universe) "Startup failed to load ipmi_devintf module" [Undecided,New] https://launchpad.net/bugs/473332 [21:02] ls [21:03] do I need the key in known_hosts? [21:03] Reepicheep^ [21:04] on my mac [21:04] oh wait, it's there [21:04] yeah.. that is the servers public key [21:04] it's there [21:04] nevermind [21:04] that is what you are prompted to accept the first time you connect to a host [21:05] do I need the config file on my mac or the server? [21:05] I don't have it on my mac [21:05] Reepicheep^ [21:06] you don't need to adjust anything on your Mac.. you just need the user to generate a key pair .. which you have done [21:06] k [21:11] DrNick_: I don't think sparc hardware is officially supported [21:11] any ideas? Reepicheep [21:12] ok. however it still has community support currently? [21:12] newbuntu: I must of missed the question.. is it still not working? [21:12] no it's not working [21:12] DrNick_: I would suppose.. as best you can get [21:13] I just turned off pass auth in sshd_conf on server [21:13] only i seem to remember a time when ubuntu was officially supported on x86/x64, ppc and sparc. i can understand them dropping ppc, with apple going intel but sparc i would have hoped might continue [21:13] restarted ssh [21:13] tried to log in from mac [21:13] permission denied (publickey) [21:14] there was some fanfare a while ago about ubuntu-sun lovin', i guess that is no more. esp' with sun going to oracle [21:14] newbuntu: so it prompts you for the password for your keys.. you enter that .. then it gives your the "permission denied (publickey)" error? [21:15] no- I enter: ssh -p port user@ip hit enter [21:16] Permission denied (publickey) [21:16] DrNick_: I have run linux (not ubuntu though) on sparc hardware for awhile .. but I have taken most of them out of production in the last couple years.. it worked pretty well though [21:17] well, thanks for the info anyway Reepicheep [21:18] * newbuntu Invalid PEM structure, '-----BEGIN...' missing. [21:18] cdimage.ubuntu.com seem to have a variety of different architecture's to install, all community supported. there's even one for the ps3 lol [21:19] this is what I get when I try to get in using ftp client [21:19] ssh [21:19] sftp [21:19] whatever [21:19] newbuntu: have you mess with the keys in /etc/ssh on the server? [21:19] even PA-RISC is there [21:19] no I haven't [21:20] DrNick_: yeah I have seen that .. I have used the PPC one a few times .. I even have download the sparc one. burned the disk .. it's sitting on top of an old sunfire machine on my bench.. but I have yet to install it.. :-| [21:20] :-) [21:21] boot it, see what happens [21:21] newbuntu: your scp command worked earlier to copy the id_rsa.pub file from the mac to the server correct? [21:21] at the end of my ssh_host_rsa_key.pub..... it is root@myserver [21:21] DrNick_: I will sometime.. I just haven't got around to it [21:21] is that wrong [21:22] yes it did work [21:22] newbuntu: that is fine.. that is the system keys used via the openssh server [21:23] oh [21:23] they are auto generated when you install the openssh-server package [21:23] you shouldn't need to mess with them [21:23] ok, i see [21:23] the only keys you need to care about are the keys in your home directory's .ssh/ folder [21:24] newbuntu: can you try running the scp command from the mac again.. just copy any file to the server's /tmp/ folder [21:24] my key is in the file authorized_keys [21:24] yes [21:25] newbuntu: correct .. the public key for the user on the client (your Mac) should be in your user's authorized_keys file on the server [21:27] permission denied (publickey) [21:27] Reepicheep^ [21:28] I will have to turn passAuth back on i guess [21:28] in sshd_config [21:37] what is invalid PEM structure [21:37] Reepicheep^ [21:37] the other key I'm using is keypair.pem [21:37] this on is keypair.pub [21:37] could that be anything? [21:37] Reepicheep^ === mdz` is now known as mdz [21:50] newbuntu: afaik. pem files are files that combine the public and signed certificate in ssl .. I have never used them in the ssh realm [21:50] hm.... it'd be fine the day linux has something like zfs [21:50] where is it that you see the keypair.pem file? [21:50] ok [21:50] I use one to log into another server I use, for business [21:51] if any of you work with storage, take a little look at what's in opensolaris [21:51] it eats linux for breakfast [21:51] I also get this error when trying to sftp: into my server: [21:51] RoyK: I agree I really wish sun could release zfs with a linux compatible license [21:52] Reepicheep^Invalid PEM structure, '-----BEGIN...' missing. [21:53] newbuntu: does it happen to be secure ftp like ftp over ssl ... which is different then sftp over ssh [21:53] it might be [21:53] have a question [21:54] Reepicheep: well, they don't want to, so I'll stick with opensolaris for storage [21:54] if I'm getting 'Permission denied (publickey) when I try to scp to the server? On which side does the problem lie? [21:54] newbuntu: for copying files from your make to a machine with ssh you should look at Macfusion .. it uses fuse to make the connection but it integrates into your finder [21:54] cool [21:55] did you see the post just above your last? [21:55] newbuntu: is the /etc/ssh/sshd_config and /etc/ssh/ssh_config files pretty standard on your server other then the port change? [21:55] the nfs4 stuff in opensolaris is quite a bit better than what's in linux, so ....... [21:58] yes, I changed nothing from the install except port: and passwordAuthorization [21:59] try changing passwordAuthorization back .. and see what it does [22:00] k [22:00] smoser: any news from upstream on bug 461156? [22:00] Launchpad bug 461156 in euca2ools "User data is not parsed correctly by Eucalyptus in some cases" [High,In progress] https://launchpad.net/bugs/461156 [22:00] kirkland: ^^? [22:01] mathiaz: latest i know is in that bug [22:01] mathiaz: i'm still testing your ppa packages [22:01] mathiaz: i'm running into some weirdness [22:01] mathiaz: but i don't know if it's your fault yet :-) [22:02] kirkland: weirdness? [22:02] kirkland: do you have issue with dns resolution to connect to the cc? [22:02] Reepicheep^ [22:02] mathiaz: haven't tried that [22:03] mathiaz: i'm testing the little powernap one, which should be a no-op really at this point [22:03] this is what I get when I restart ssh: Could not load host key [22:03] mathiaz: but i couldn't get powersave working at all at first [22:03] start stop dameo: warning: failed to kill: operation not permitted [22:03] Reepicheep^ [22:03] this is what I get when I restart ssh [22:04] [ok] [22:04] mathiaz: which ones have SRU test instructions already? [22:04] kirkland: bug 458904 [22:04] Launchpad bug 458904 in eucalyptus "When installing a node, euca_find_cluster fails to locate the cluster controller if instances are running" [High,In progress] https://launchpad.net/bugs/458904 [22:05] newbuntu: what does "sudo netstat -tlpn | grep sshd" return ? [22:05] anyone know why, after swapping switches, a 9.04 server box will refuse connections via ssh? [22:05] kirkland: yeah - that's all - I'm writing up the other SRUs [22:06] mathiaz: i filled in most of https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/458163 [22:06] Launchpad bug 458163 in eucalyptus "[regression] euca_rootwrap fixes affected eucalyptus power management (powerwake)" [Wishlist,Fix committed] [22:07] tcp 0.0.0.0.0:myPort [22:07] is that what you were looking for [22:07] newbuntu: now stop the ssh server and run the same command see if it goes away [22:07] my ip isn't there [22:07] ok [22:08] newbuntu: 0.0.0.0 is all ipv4 interfaces [22:08] mathiaz: SRUs are so much fun :-) [22:08] operation not permitted [22:08] cant' stop [22:08] still there [22:08] what command are you using to stop ssh? [22:09] g [22:09] hang on [22:10] [22:10] wouldn't let me type without <> [22:10] try: "sudo service ssh stop" [22:11] did it [22:11] output grep | not there any more [22:11] k.. now start it [22:12] replace "stop" with "start" [22:12] k [22:12] started [22:13] now that I have turned my passwordAuth on in sshd_conf I can transfer files via scp [22:14] newbuntu: check out the Macfusion .. it may be what you want [22:15] i will, thanks for all your help [22:21] New bug: #473439 in mailman (main) "can´t start mailman" [Undecided,New] https://launchpad.net/bugs/473439 [22:25] could it be because I used a passPhrase when I created the key [22:25] Reepicheep [22:25] do i need a passphrase? [22:43] newbuntu: you can try creating a new key without a passphrase if you want, it would be one less layer of security.. but it would then allow you to login with out being prompted for a password [22:44] I've already tried [22:44] did it work? [22:45] I started over from scratch, following all your instructions, created new key and everything.....when I try to access the server through terminal ssh -p 5555 ............ I get [22:45] Permission Denied [22:45] (publickey) [22:45] still [22:46] resetting router, be right back [22:47] removing port mapping on router [22:47] I'm at a loss, if you have any idea I would appreciate it [22:48] I can get in with the password, but not the publickey [22:50] I've got to figure this out because I'm going to have to set this up on about 10 other machines. PC and MAC [22:50] they all need access to the server [22:50] newbuntu_: you're not getting your home dir mounted during login or fanyc crap like that? [22:51] home dir mounted? [22:51] at university the /home share is on a network mount, so there's no access to $HOME/.ssh during login [22:52] at my university, that is [22:53] I'm at my house, I'm behind a router if that matters [22:53] I can get through with my password, just not the publicKey [22:53] ok, so no network shares for /home? [22:53] key pair [22:53] by network shares you mean, other machines on the network sharing my /home [22:54] yeah [22:54] no, I don't have it shared on my local network [22:55] what's the name of the private key you're using? [22:55] key_pair.pub [22:56] I made one up [22:56] newbuntu: would it be to much to start completely over even with the ssh server and keys on the server? [22:56] and the config files in /etc/ssh/ [22:56] and what's your ssh command? [22:56] the full command line? [22:57] New bug: #236757 in postfix (main) "openldap2 vs openldap when installing kolabd" [Undecided,New] https://launchpad.net/bugs/236757 [22:57] no, I'd be willing to try anything. I would like to rule out my router though, could it be causing me problems? [22:57] for you testing is the router between you and your server? [22:58] kblin: ssh -p user@ [22:58] aha [22:58] Reepicheep: yes [22:58] well I think [22:58] try ssh -p -i key_pair user@ [22:58] is your Mac and server on the same network? [22:59] they are [22:59] I'm trying to access as if I am not on same network though [22:59] how? [23:00] let's get it working internally before you through the router/port forwarding into the mix [23:00] yeah, and try the -i key_pair thing [23:01] kblin: that worked!! [23:01] figures [23:01] no password needed, not denied permissions [23:01] you've used a non-standard name for the key file, so you need to tell ssh to use it [23:01] so how does that work [23:01] newbuntu_: have you messed with any of the system ssh settings on your Mac? [23:02] see the -i option in man ssh [23:02] system ssh settings, no I don't think so , let me look [23:03] newbuntu_: what is the name of your key_pair? [23:03] kblin: how do I log in from my sftp client? [23:03] have you edited anything in /etc/ssh_config on the Mac? [23:04] Reepicheep: key_pair/key_pair.pub, newbuntu_ said so a few minutes ago [23:04] that has nothing to do with the ssh_config [23:04] newbuntu_: what sftp client? === newbuntu_ is now known as newbuntu [23:04] scp? [23:04] cyberDuck [23:04] on mac [23:04] never heard of that [23:04] like fileZilla [23:04] kblin: sorry I missed that [23:05] it'll have an option to specify a key pair, if it's any good [23:05] Reepicheep: happens, no worries :) [23:05] it does, but does it matter that I named it diff [23:05] newbuntu: I have used cyberduck.. let me see if you can set it to use a non standard key pair [23:05] that's what I was wondering [23:05] Reepicheep [23:06] newbuntu: it may be easier to use the standard key pair names thought... [23:06] this may be my whole problem, that's what I get for trying to organize things [23:06] if that is possible [23:06] yea, I can redo it, if that will fix my problem [23:06] no worries, now that I know what caused it [23:07] I only need one key per machine, right: [23:07] ? [23:07] "In the Connection Dialog or the Bookmark editor in Cyberduck select Use Public Key Authentication and select the private key in your .ssh directory. " [23:07] can I use the same key for every machine? [23:07] I have about 10 I need to connect to the server? [23:07] btw.. newbuntu cyberduck lets you select a key to use. [23:07] under "more options" [23:08] I saw that and tried to select it, it wouldn't work [23:08] "use public key authentication" [23:08] let me try again.....one minute [23:08] newbuntu: I tend to create one key per machine [23:08] better option then passing around one key? [23:08] kblin^ [23:08] newbuntu: then I can selectively allow/disallow logins from specific machines [23:09] * Reepicheep does the same as kblin.. one key pair per machine [23:09] got it, I like that option [23:09] I like to have control [23:09] newbuntu: you just need to add the public key from each machine to the authorized_keys file on the server [23:10] so, when setting up a new machine though, I will have to leave the passwordAuthorization set to 'yes' while I am setting up all the machines? [23:10] usually it is ~/.ssh/id_rsa.pub on the client [23:10] I won't be able to access the server remotely on a machine that doesn't have a keyPair? [23:11] you may.. you just need some way to get the public key onto the server [23:11] qman__: which line is the kopts line? [23:11] copy and paste works also.. [23:11] or copy over the public key from a machine that can log in :) [23:11] all the machines are at diff locations [23:12] to make it easier should I turn off password after they are set up? [23:12] newbuntu: that may be the easiest way [23:12] then it wouldn't matter, right? [23:12] newbuntu: so put the existing public keys somewhere you can get at without password..eg. on a web server [23:12] ok, just checking [23:12] get it set up then make it more secure .. [23:12] that's a good idea kblin [23:13] read-only, obviously [23:13] Reepicheep: I think I'll do that [23:13] right kblin" [23:13] i'm going to try to cyberDuck it [23:13] that's true.. the public section of the key can be printed on a bus if you wish.. it doesn't need to be kept secret [23:14] but yeah, I tend to switch off password-based auth after copying over my key file [23:14] i just created a uec setup and my instances are hanging on the "waiting for meta-data" when they are starting. all of the bug reports i have read say this should be fixed. am I just messing something up? [23:14] you can even email it to your self if you choose .. then put in on the server from a machine that is already set up [23:14] on cyberDuck: here's the error... [23:14] I/O Error: Connection failed [23:14] Invalid PEM structure, '-----BEGIN...' missing. [23:15] ugh [23:15] that tool seems to use a different key format then [23:15] anyway, bedtime for me, good luck with that duck [23:16] Reepicheep [23:16] thanks kblin [23:16] let me see if I can get cyberduck working with standard keys.. I had to update cyberduck.. it's been awhile since i used it [23:17] cool, thanks [23:18] qman__: I added vga=791 and some green squares appear on the screen and I can't do nothing... [23:18] even when I select the key from my ~/.ssh it doesn't work [23:19] newbuntu: it works fine [23:19] these are the settings I used [23:20] with id_rsa.pub [23:21] Open Connection -> SFTP (SSH File Transfer Protocal) -- I set hostname & Port # under more options I checked "Use Public Key Authentication" then I selected .ssh/id_rsa [23:22] use id_rsa on the client side.. that is the secret one [23:22] id_rsa.pub is for the other machine to use [23:22] and make sure it is SFTP and not FTPS [23:23] FTPS is FTP over SSL not what your after [23:23] when i go into `screen`, i can't see bash prompts and error messages, only what i type and what programs output.. wtf? [23:23] (it was fine before i restarted) [23:23] uuughhhh I was using the .pub [23:23] thanks, Reepicheep, I assumed I used the same one [23:23] I'm in!!!! [23:24] sweet.. you will figure it out.. that is how key pairs work [23:25] okay, last thing, well for now anyway....I'm using a 10.x.x.x IP to connect to the server, that's through my router, right? Do I use the same when I'm at a remote location? [23:25] the client uses the secret key.. while anyone you connect to uses the public key which doesn't need to be secured as long as you don't let anyone else have you secret key.. [23:25] Reepicheep^ [23:25] newbuntu: that is a whole nother ball game.. [23:25] well crap [23:26] I assume that both your client and server have a 10.x.x.x address atm correct? [23:26] and they are both in the same subnet [23:26] yes, they are both on the router [23:26] www.ipchicken.com [23:26] so they can talk to each other without involving the router [23:26] will tell you your external addy [23:26] I have to be able connect remote machines though [23:27] true.. you will need to use your external address.. as iarp has shown one way to get your external IP [23:27] I know my external, but how do get through the router [23:27] that IP is the IP that your NAT router has on it's external interface [23:27] that's for a diff IRC [23:28] yes, I know that one [23:28] you will need to make sure that you forward a port from the external interface to the internal server:port that ssh is on [23:28] can I just substitute it? Not that easy I'm sure [23:28] then connect to your external IP when you are not inside your NAT router [23:29] can I give it a name, instead of typing 67.xx.xxx.xxx [23:29] is it a dynamic address? [23:29] www.no-ip.org you can make up host redirects(fre) [23:29] if so you may need to look at some dynamic DNS client [23:29] yes it's dynamic [23:30] they also have a software download to keep host redirects updates to your proper ip adress [23:31] www.no-ip.org is free? [23:31] ya, but you'd need to use one of thier domains, so like i have on for vent.myvnc.com [23:33] newbuntu: you can use something like zoneedit if you wish to use your own domain [23:33] I also use dyndns.. although I believe it's not free anymore [23:34] some routers even support some dynamic dns providers on the router itself [23:34] we have an account with dns made easy I think [23:35] see if they have a dynamic client you can use.. [23:35] for instance I use ddclient [23:36] but I don't see dns made easy as a supported provider for that [23:36] so I need a nameserver IP [23:37] I already have name servers assigned to one of my domains, is that what we are talking about? [23:38] it's more difficult than that.. you need a nameserver that supports dynamic updating of the records from the client when the client realizes that it's external IP has changed [23:38] are you hosting the website on a server yourself or do you pay for someone to host [23:39] I'm trying to do this on my server that I've been setting up today [23:39] not just any nameserver will work, that's where one of the dynamic dns providers come in [23:40] DNS made easy has Dynamic DNS, is that what I need? [23:40] I see it turned on in our settings [23:40] do they provide or recommend a client to use? [23:42] I can create an A Record there, and give an IP [23:43] I'm looking at our main site, that is set up there, It's an A Record [23:46] the problem with setting a static "A" record is that it doesn't change when your router changes IP addresses [23:47] newbuntu: ^^ [23:47] i see [23:48] so how can I get around hosting my domain with a 3rd party, can I do it on my newly created server? [23:49] buy the domain through a provider like no-ip.org and install eithor software which updates their records to your external ip address [23:50] when i go into `screen`, i can't see the bash prompt or any error messages, only what i type and what programs i run are outputting.. any suggestions? [23:51] deizel: what profile are you using for screen [23:51] deizel: you may try moving your .screenrc file out of the way and start over with it .. if you haven't put much into it [23:52] something like "mv ~/.screenrc ~/.screenrc.old [23:53] iarp: well thats a problem actually, i installed it long ago and it just worked .. so i can't remember [23:53] iarp: since it wasn't working just there, i removed screen and reinstalled it [23:53] deizel: just follow what Reepicheep said lol that's faster and easier [23:53] move the .screen-profiles out of the way also [23:54] iarp: well, this time it installed some screen-profile stuff and i get stuff like: /usr/bin/select-screen-profile: 176: cannot create /dev/null: Permission denied [23:54] Reepicheep: will try [23:57] okay, there wasn't a .screenrc, and moving the .screen-profile directory didn't work either [23:58] deizel: and it used to work? did screen get updated or anything? [23:59] yeh it was working fine like an hour ago before i restarted my jaunty vps