[00:12] <krys> any vmlinuz or initrd gurus out there? I feel like mine might be corrupted and thats why i cant boot
[02:29] <yofun> how can i search for "Failed launched: No such file or directory" in *.log files in ssh?
[04:10] <mardraum> yofun: grep
[15:05] <bigbrovar> Hi guys trying to incease the ulimt on ubuntu for a tomcat user I created
[15:06] <bigbrovar> ulimit -n for this users hows 1024
[15:06] <bigbrovar> but when I cat /proc/sys/fs/file-max the limit is set to 599191
[15:20] <enraged> If I have, let's say, 10 servers that I want to control over SSH from a remote location, would it be more secure to have 1 server act as a key server which I access over the internet, and then after connecting to the key server, port forward to the other 9 servers OR simply carry keys for all 10 servers and connect to each one independantly?
[15:25] <RoyK> well, if that one server is compromised, the attacker will have full access to the others ;)
[15:26] <enraged> Exactly my concern.
[15:26] <enraged> So you would agree it would be better to have each server accessed independantly?
[15:26] <RoyK> maybe
[15:26] <RoyK> but if you have a common ssh server, you can close ssh from the net from the others
[15:26] <RoyK> not sure what's best
[15:28] <enraged> Theoretically couldn't I run clusterSSH to shutdown all 10 servers at the same time?
[15:29] <enraged> Ofcourse I'd need to be local to bring them all back online, but in an emergency situation where security rather then accessibility is the concern, that should work?
[15:31] <RoyK> if  an attacker gets root, he or she probably won't shut down the systems but rather plant a rootkit there
[15:31] <RoyK> I guess a common login server should be easier to manage
[15:31] <RoyK> then setup the others to block ssh access from the net
[15:31] <RoyK> setup the login server with denyhosts/fail2ban/something
[15:32] <RoyK> and make sure it's updated regularly, and not running any other services
[15:34] <enraged> Exactly my thinking
[15:35] <enraged> Whatever the setup for security was on the key server I was going to install on each of the 10 servers independantly if I didn't bother going with the key server
[15:35] <enraged> And then I hoped to manage them over cluster SSH
[15:35] <enraged> So yeah, fail2ban, SSHkeys with no password access, standard stuff
[15:36] <RoyK> denyhosts may be better - supports distributed ban lists
[15:36] <enraged> mm
[15:40] <enraged> 1 last question - Since this is my first time having to remote SSH to my servers, I can normally run clusterSSH on a Ubuntu desktop which has a GUI, however, I am travelling with a Windows laptop. If I connect by SSH to the key server, with Putty, can I run clusterSSH in the terminal because all references I can find to it online mention the opening of a terminal for each server with 1 terminal acting as the main,
[16:00] <enraged> Sorry, does Cluster SSH work over a Putty terminal?
[16:00] <enraged> Assumably if I connect to a key server with ClusterSSH installed
[17:26] <RoyK> http://paste.ubuntu.com/5681058/ <-- nice drive size
[17:27] <qman__> nice
[17:27] <RoyK> seems a disk died :)
[18:25] <Jeruvy> Trying to ping INTO server, noticed shorewall is installed, is there a quick way to disable this for testing?
[18:35] <RoyK> Jeruvy: iptables -F INPUT
[18:35] <RoyK> or something
[18:39] <Jeruvy> RoyK thank you that worked.
[18:40] <Jeruvy> I see I'm going to have to brush up on this.  Cheers!
[19:54] <Syria> Hello! I have a VPS , Can I know if other users are using Tunnels and browsing websites using socks proxy through it?
[19:57] <RoyK> User Capacity:        600,332,565,813,390,450 bytes [600 PB]
[22:51] <James_Epp> How can I make the tftpd-hpa service start on boot? I edited /etc/default/tftpd-hpa to include 'RUN_DAEMON="yes"' but this does not resolve my issue.