=== TheLordOfTime is now known as LordOfTime|EC2 === arrrghhh is now known as arrrghhhAWAY [02:17] hi, any idean when openfire 3.8.2 will be available in the repos? thanks [02:18] soy_el_pulpo: it might be a while, I don't see it in debian (packages.debian.org/openfire) and that's the easiest way to get it into ubuntu.. [02:20] sarnold: hi, thanks. I really like the fact that is part of repos, it make keeping things updated a lot easier [02:21] have you noticed my nick is in parenthesis? do you know why? [02:59] I have installed cups on ubuntu-server, printer is shared on some windows 7 machine, Printer name/model is SureMark 4610, after telling to my service via browser, "smb://192.168.1.148" for adding printer, press continue ..in the make list-->IBM--SureMark 4610 is not listed, What I have to do in here now? [03:37] !stats === sygnous_ is now known as sygnous [06:33] Hello [06:33] I need some ssh help [06:40] Can anyone help me with my ubuntu server? [06:40] hi BroUnicorn [06:40] yes? [06:41] I keep getting a "connection refused" when trying to ssh into my server [06:41] I can ssh into it locally [06:41] but I can't from outside the local network [06:42] locally you mean from you internal lan? [06:43] and from the outside, from a machine not in the same network? [06:44] BroUnicorn: hello? [06:44] Yes [06:44] That is correct [06:44] ok [06:44] except I'm attempting to connect from the outside as if I'm not inside of the network [06:44] you are discussing this same topic on the #ubuntu channel [06:45] how are you trying to ssh into your server form the outside? [06:46] It's on a computer inside the network [06:46] but I'm trying to connect through the router's public ip [06:46] so that I can simulate connecting from a computer not in the network [06:47] which ip you are using to connect internally? [06:47] 192.168.2.12 [06:47] which is my server's ip [06:47] and form the outside? 75.92.217.70 ? [06:47] from [06:47] Yes [06:48] have you opened a port on your internet router? [06:48] Yes [06:48] I have attempted to [06:48] that will allow request to port 23 to go to the correct server? [06:49] it seems that it is not setup properly [06:49] 23 [06:49] ? [06:49] I have it set to 22 [06:49] I also have DMR on [06:49] could it be in my /etc/network/interfaces file? [06:49] ss22 [06:50] 22, my bad [06:50] it being the "error" [06:50] why? [06:51] ssh is port 22 [06:51] if your network works it should be fine. [06:51] idk [06:51] my internal network does [06:51] ok... [06:51] but I changed my port at one point [06:51] and decided to change it back [06:51] i tried to ssh and it gave me a time out [06:51] I tried to assign a static ip [06:51] port of? [06:52] I changed the sshd_config file back to port 22 [06:52] where it was? [06:52] huh? [06:53] you changed from what to what? [06:53] your /etc/ssh/sshd_config [06:54] I changed port 22 to another number originally [06:54] if you can ssh from another machine from your network it should be fine [06:54] then I changed it back [06:54] ok [06:54] but then [06:54] ... [06:55] in the /etc/network/interfaces file I changed stuff [06:55] to try and add a static ip address [06:55] and I don't know if I did it correctly [06:55] did you kept a copy of the original file? [06:56] no I did not [06:56] haha [06:56] but [06:56] h/o [06:56] ? [06:57] I'm going to paste bin the file [06:57] ok [06:57] http://pastebin.com/Ugj1H0JA [06:58] except for gateway and name server are 192.168.2.1 [06:58] 2.4 is your router? [06:58] so you have already changed those 2 on your current file? [06:58] on the serve [06:58] r [06:58] yes, except it's now 2.1 [06:59] yes [06:59] ok [06:59] have you restarted the network after those changes? [06:59] yes I did [06:59] ok [06:59] Is that the incorrect way to do it? [06:59] Or are you unsure [06:59] can you ping your router? [07:00] unsure of what? [07:00] right after restarting the network, did you restart the sshd server? [07:00] whether that file is correct or not [07:00] no [07:00] I don't know how to restart the sshd server [07:00] if it has the las changes you said it is fine [07:01] "/etc/init.d/ssh restart" [07:01] anyway to blink the led on a drive? [07:01] e.g. I want to blink /dev/sdd because it needs to be replaced. [07:01] no raid. [07:02] for the network: "/etc/init.d/networking restart" [07:03] can we solve the ssh first [07:03] ? [07:04] Yes please [07:04] ok... [07:04] I restarted the network and the ssh [07:04] good... [07:04] ssh before the network though [07:05] network should be first, so the ssh now [07:05] do the ssh [07:05] and then ssh from anothe machine on your network [07:06] ok? [07:07] your server is connected directly to your internet router? [07:09] It is directly connected [07:09] ok [07:10] did you try from another machine? ssh to your server [07:10] after all we did [07:10] with this we will rule out server configuration [07:10] Not yet [07:10] please try [07:10] I have not yet [07:10] one second [07:11] also on the server do: netstat -atn|grep "22 " [07:11] while ssh'ing form the other machine [07:11] connection refused [07:12] or should I just ssh using the 192.168.2.XX IP address [07:12] I tried using my external IP [07:12] try using the internal one [07:12] then we will move to your router [07:13] I can ssh in locally [07:13] I could before though [07:13] I just cannot externally [07:13] do: netstat -atn|grep "22 " [07:14] paste the results please [07:15] also do: iptables -L [07:15] and paste the results [07:15] okay [07:16] (I am almost sure it is your internet router but I need to clear al this first) [07:17] ... [07:17] okay here's netstat [07:17] http://pastebin.com/yvVY4zPd [07:17] great [07:18] and here's the iptable [07:18] you see there your active internal connection, keep that command for the future [07:18] http://pastebin.com/4kXLFz8P [07:19] Sweet [07:19] good, so no fw on your server and ssh is listening to all [07:19] 0.0.0.0:22 means that [07:19] ok [07:19] lets move to the router [07:19] brand and model please? [07:20] I check form here and port 22 is not open [07:20] okay [07:20] Belkin [07:20] model... [07:20] one second [07:21] F9K1103 v1 (01C) [07:24] i am checking the manual... [07:24] Thank you! [07:24] manual has nothing about port forwarding... [07:25] Check Virtual Servers [07:25] under Firewall [07:26] how you did it? check this guide: http://www.justanswer.com/mac-computers/6hj82-set-port-forwarding-belkin-f9k1103-osx-lion-serve.html [07:27] check the ip of your server [07:27] and the ports [07:28] !imagepastebin [07:28] Okay [07:28] the local ip of my server? [07:29] goto step 4 [07:29] on the table [07:29] is there something already? [07:29] or it is empty? [07:30] Enable=yes [07:30] Description=Server ssh [07:31] helo? [07:31] There's something that I put there [07:31] !pastebin [07:31] For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic. [07:31] use imagebin to show me a screenshot [07:35] ... [07:35] http://imagebin.org/259899 [07:36] got it [07:36] inbound is wrong... [07:37] remove it.. [07:37] and put "kronos ssh" on the description [07:37] will help in the future [07:37] Okay I removed it [07:37] save [07:37] Nvm [07:37] it [07:37] won't let me [07:37] Gave me an error [07:38] ok.. it says somethins that needs to be in between 1 and 6xxxxx? [07:38] No 1.The number in port entry box should be between 1 - 65535. [07:38] Yes [07:38] it does [07:39] put those numbers: 1-6xxxx [07:39] i do not remember the last number... [07:40] wait, put what? [07:40] inbound: "1-65000" [07:40] that means all incoming.. [07:42] Okay I applied it [07:42] ok... [07:43] it did not ask to restart the router? [07:44] Nope! [07:44] Connection refused again though [07:46] that is correct.. [07:46] bad but correct.. [07:46] hmm [07:48] hold on [07:49] okay [07:49] can you send me the full screen capture of that page? [07:49] Of the router page? [07:50] yes please [07:52] http://imagebin.org/259900 [07:54] can you click on more info? [07:55] It brought up a very large page [07:55] external link? [07:55] or from your router? [07:57] From my router [07:57] mmm does it say anything about incoming ports? [07:57] check your external ip: http://www.whatismyip.com/ [07:59] if the ip still correct, my worst feeling is that your provider is blocking the access [08:00] also, may check if the firmware is upto date... [08:00] if not patch it and try again [08:00] but so far everything is right [08:00] okay well thanks anywayts [08:00] what the page syas? [08:01] said? [08:01] your ip still correct? [08:02] 75.92.217.70? [08:03] is it? === arrrghhhAWAY is now known as arrrghhh === koolhead17 is now known as koolhead17|afk === arrrghhh is now known as arrrghhhAWAY [10:23] uh... umounting this xfs filesystem and running a check, xfs_check tells me it's still mounted?!? [10:24] I'm using htop to monitor my db-server. The server has 32GB RAM and is a dedicated db-server. 19.7G is used by mysql and that's about the main usage. http://screencast.com/t/1P6vu5wnom3 <-- that's a screenshot of the complete htop tree. What I don't understand is, why does the server still swap 189MB? [10:24] linux starts swapping out garbage early [10:25] better use the RAM for something useful than keeping stuff not in use in memory [10:25] you can tune this with the vm.swappiness sysctl setting [10:26] default is 60 (0-100). setting it to 1 or something will make linux only start swapping out when it really have to, but the default setting is probably good [10:26] RoyK, I just saw that most of it is mysql which uses the swap but that's not something I should worry about then? [10:28] ndee: I don't think you can see what's using the swap [10:28] iirc linux will normally swap out pages that hasn't been referenced much === wedgwood_away is now known as wedgwood [11:15] HI, CUPs intalled, but I am unable to add Epson LX-300 Dotmatrix printer to my ubuntu-server machine, Printer is shared on some Win7 Machine, and I can access via other ubuntu-Desktop machine, working fine. Help please. [11:20] "Session setup failed: NT_STATUS_LOGON_FAILURE" where can I write login/password for the shared printer using cups? [11:31] sarthor: dot matrix printer?!? like the ones we used in the eightees? ;) [11:32] sarthor: anyway - sounds to me like a cups or samba issue - not sure [11:33] RoyK: Yes. Why in Eightees.. its In now a days for multiple copies. [11:34] this is the righ way for inter the url for the smb printer.. smb://[username:password@][workgroup/]server[:port]/printer [11:40] looks right === wedgwood is now known as wedgwood_away === cads is now known as the === the is now known as cads [13:34] hi [13:35] how do I have more and more "/usr/sbin/apache2 -k start" in my pa aux listing with the time ? [13:36] when I have too much it seems my websites get slower, and at some point I need to restart apache [13:53] Want to export a ssl certificate to another server but it is not valid [14:07] I'm having an issue creating a local repo... I've run the apt-mirror command and it downloaded the 95gb+ to the local drive, but it seems like parts of the mirror are missing when running `apt-get update` [14:07] any help? [14:07] I'm not sure if my entry in sources.list is bad or that the apt-mirror command needs some more parameters added [14:08] Somebody experience with certificates and Nginx, need to convert it from another server === arrrghhhAWAY is now known as arrrghhh [15:33] Hi guys, I´m looking for an OS that can server as a home media NAS. It should be able to handle ZFS fylesystem, samba shares and should work with popular plugins such as Sickbeard/Transmission/Couchpotato. Am i in the right place? [15:34] * ball wonders what plug-ins are. [15:34] Ah, it´s the dumbed down way of saying software :) [15:35] WouterNLD: I'm about to build something along those lines myself. [15:35] Tried to buy a case for it yesterday but the local computer shop was out of stock. [15:35] Heres the deal, I used to be on OpenMediaVault NAS software, wich was based on linux and was fine. I used to have 2 disks and that was all good. Mirror raid > no problemo. [15:35] I have a HP Microserver N40L with 8gb ram [15:36] It does however not come with a hardware raid controller, so i´m stuck to software raid [15:36] People seem to like the N40L. [15:36] Yea it´s a neat little thing, and i got it really cheaply [15:36] WouterNLD: Not having hardware RAID isn't much of a limitation. [15:36] ...I know some people actually prefer it. [15:36] i´ve upgraded the box to 4 disks. While mdadm is fine for 2 disks, it´s too processor intensive for a little 1.4 dual core AMD NEO processor [15:37] And with the lack of battery pack of the box, Raid-5 is suicide [15:37] So i decided to go with ZFS [15:37] Shouldn't be processor intensive if you're doing RAID 1+0 [15:38] True however I think ZFS is secure enough and gives me more space [15:38] Well, seeing as OMV doesn´t support zfs, i went to FreeNAS [15:38] and to be honest, [15:38] FreeBSD is a pain in the ass [15:39] *mind the language* [15:39] It´s nice as a basic nas with zfs, but as a media server is is simply horrific [15:40] So i thought, why not ubuntu server. I like ubuntu, i like linux much better then freebsd, it´s easier, zfs is availble, i´m sure i can install some of the media software fairly easily because it´s around for the desktop version aswell [15:40] zfs is available on Linux? [15:40] WouterNLD: Ah, I have no idea about Ubuntu Server. I was planning to use OpenIndiana. [15:41] https://wiki.ubuntu.com/ZFS [15:41] not sure I'd want to use ZFS in that state... just me. [15:41] Yes i read https://wiki.ubuntu.com/ZFS, i don´t really see the downside? [15:42] WouterNLD, it's not availalbe in Linux. You have to use it as a FUSE module [15:42] I guess you can add a kernel module... still would concern me that a file system is not natively supported. [15:43] There is a native kernel module..? [15:43] did you read that page? lol [15:43] What is the downside of a fuse module? [15:43] it's not part of the OS [15:43] arrrghhh, yes i did, lol -.- [15:43] I used to access NTFS thru the FUSE module, was turrible. [15:43] oo i remember using that [15:43] yea that ain [15:43] ´t good [15:44] granted NTFS is also turrible [15:44] Is mdadm the Linux software RAID thing? I imagine that could do RAID 1+0 without too much CPU overhead. [15:44] yes mdadm is the linux software raid doohickey [15:44] Thanks. [15:44] How can I output a description/visualization of my entire OpenLDAP tree, recursively? [15:44] (Specifically, all DNs and objectClasses) [15:45] WouterNLD, I would just be cautious about using ZFS. It's a great concept, but until it's "part of" Linux, I wouldn't trust it with my critical data. [15:45] tohuw, I know the CTO of OpenLDAP, but no clue how to use it xD sorry [15:45] Or you could run it on an OS that it /is/ part of. ...just saying. [15:45] trying to think if there's a better channel for that... [15:45] like REISER, he went crazy and now is in jail [15:46] real jail, not CHROOT one [15:46] ReiserFS is promising [15:46] Brtfs or whatever [15:46] but yea the dev went nuts and murdered his wife [15:46] Maybe what i´ll do is.. I have a 4 disk zfs pool and a 1 disk backup pool. I´ll run the 4 disks in zfs for linux and back it up to a 1 disk seperate disk (non raid) [15:46] ReiserFS != Brtfs [15:46] he will kill his FS anytime!!! [15:46] with our files too [15:47] hi all btw [15:47] tohuw, oh I thought brtfs came out of reiser? [15:47] Btrfs also has "a number of the same design ideas that reiser3/4 had". [15:49] No, not really. Chris Mason is the principal on btrfs, and while some inspiration from ReiserFS was taken, it bears little real resemblance. ReiserFS is effectively dead and not recommended. [15:49] yes [15:49] I realize this... lol [15:49] I just thought some crap from btrfs was borne out of ideas used in ReiserFS... that's all. [15:51] thanks for the input guys, off to a bbq :) [15:51] n [15:51] p [15:52] wow. so this is kinda OT, but related to what we were talking about... Reiser's wife was a mail-order bride bwhahaha [15:52] I did not know it was a Russian mail-order bride... [17:02] anyone that knows a decent SATA HBA that actually works? I have this old LSI 1068 controller, but my mobo won't detect it in the 16x pci-e bus. I just need something that works - no need for hw raid [17:33] RoyK, I have two of these in my file server: http://www.newegg.com/Product/Product.aspx?Item=N82E16816118112 [17:33] the brackets are backwards though [17:33] any idea if those will work in a standard desktop mobo's 16x slot? [17:33] wait, actually that one has the right bracket [17:34] I got mine from a different site with the wrong bracket [17:34] I'm using them in a gigabyte AMD desktop board [17:34] hold on, I'll find the exact one I bought [17:34] thanks [17:36] http://www.atacom.com/program/print_html_new.cgi?Pagecode=SEARCH_ALL&Item_code=CONB_SUPE_SA_L8&USER_ID=www&cart_id=6436767_66_188_36_22 [17:36] I got it from there because it's cheaper, but it's the same chipset [17:36] it just has a non-ATX bracket on it, had to do a little hacking [17:39] qman__: http://www.ebay.com/itm/LSI-SAS-9211-8i-6Gbps-8-Ports-SAS-SATA-8-Port-PCI-e-RAID-Controller-Card-/190848825358?pt=US_Server_Disk_Controllers_RAID_Cards&hash=item2c6f79f80e ? [17:46] qman__: any idea why this 1068 won't get detected by my mobo? perhaps some mobos have specially crafted 16x slots for display cards only? [17:47] I haven't run into that, but some of them have configuration on which slots to provide the lanes [17:47] many boards will have 2 or more x16 slot and be in a 16/4 or 8/8 configuration, and it may be manually configurable or autodetected [17:48] this one only has one 16x slot [17:48] card isn't even detected by bios [17:48] seen posts about this issue other places on the net [17:48] hmm [17:49] maybe the card is 2.0 or 3.0 and not back compatible, the board is an older version? [17:49] the main difference between the versions is bandwidth [17:50] mobo is pci-ex 1.0, I think, so is the hba [17:51] does the board have all the lanes? [17:52] iirc the 1068 is 8 lanes [17:53] I've used those rather a bit on some opensolaris servers [17:53] ok [17:53] I haven't seen any boards that will go less than 8 on the only x16 slot [17:53] but then, on mobos with 8-lane slots [17:54] the 16x slot works with a 2-lane card, though [18:12] hey, somethings happend to my VPS. I cant acces it anymore. And I have no idea why not. [18:12] hi. how can I restore all the /etc/pam.d/common-* config files to their defaults? [18:12] nicekiwi_, contact your provider? [18:12] Ubuntu 12.04 64bit, apache is runing wihtout issues, but I cant ping it or SSH into it anymore [18:12] nicekiwi_: your best option is probably contacting your host, rather than wasting hours trying to figure out what's going on [18:13] that's why you pay for it, right? :P [18:13] unless its something I did? [18:13] or, can someone paste them? [18:14] sw, I don't think I've changed mine... [18:14] arrrghhh: oh, could you maybe pastebin? [18:14] nicekiwi_, we don't know what you've done :D [18:14] sw, I will 1 sec [18:14] -auth, -account, -password? [18:15] nicekiwi_: what did you last do before things broke? [18:16] sw, http://pastebin.com/FJg9MAEH [18:16] sw: disabled ufw and added a entry to my hosts file. [18:17] sw, http://pastebin.com/qBuaxH2E [18:17] sw, last one http://pastebin.com/AswW7BCU [18:20] o/ [18:20] I am Running Ubuntu 12.04 on HPM110g6 on static ip address assigned by provider. I would like to install Jabber2 starttls on port 5222 with MYSQL database. Has anyone done something like this before? Steps I have completed. 1) sudo apt-get install jabberd2 2) ? [18:21] hello how long will S12.04 be supported? [18:21] Beltechs, for a full matrix see here [18:21] https://wiki.ubuntu.com/Releases [18:22] arrrghhh: thanks! think you had some samba parts in there, I removed them and it seems to be working now *wipes forehead* [18:22] server edition of 12.04 is April 2017 [18:22] sw, np ;) [18:24] so about 4 years left... === arrrghhh is now known as arrrghhhAWAY [18:25] what a nightmare I just getting the hang of this and its time to switch up again. [18:30] I would like to see the Jabber2 info updated for the common deployment Jabberd2, MYSQL, require STARTLS, jabber.mydomain.com ,port 5222 without register enable. This setup should be in the guide for the SMB or SME market. [18:33] jacksonka: Out of curiosity, what basis do you have for that being the common dployment? === hggdh_ is now known as hggdh [18:36] Well, I think that a script to deploy this that would ask the questions and you provide the answers would make deployment straight forward. Standard deployment scenarios such as the one I just mentioned helps small business deploy world class solutions cost effectively. Ubuntu did a great job with mail ie postfix-dovecot for example. [18:37] The postfix-dovecot package is the gold standard although manual installation is also possible. [18:38] This is was Ubuntu is all about. sudo apt-get install bang! [18:39] jacksonka: I don't doubt the benefit of such a thing, was mostly curious about the specifics, for example why a MySQL backend would be more common/better than say a sqlite, especially for the smaller setups you seem to be refering to. [18:39] Except crypto laws limit deployment efforts from providers [18:41] Here is the reason. When an SMB runs Accounting, Sales, Inventory, CRM, etc on Mysql then having other services on the same db reduces learning curve and makes SQL reporting thru MYSQL beautiful. [18:41] Its all about solution topology. [18:42] So, SugarCRM, MYSQL, Postfix MYSQL, Jabberd2 Mysql, Drupal or news MYSQL etc. [18:44] When generating reports the sql programmer can access the MYSQL databases all collectively and generate a report on a resource such as an employee. If I want a performance report on an employee I can create a query report to access ALL databases for that employees activities for the day. [18:47] By the way it doesn't have to be MYSQL but could be Oracle or sqlite or other db but most programs work well with MYSQL. [18:48] If you want to do statistics, sales forecasting, or similar analysis this is quite valuable. [18:49] They did a great job with mail I just thought in other services as well the guide could be improved. Just a humble suggestion. [18:51] jacksonka: Again, not arguing the main point, was mostly curious about that detail. [18:52] Guess the main problem is finding that Someone motivated enough to do the actual legwork. [18:54] Ok detail. MySQL has loadable storage engines, SSL on port 3306, high scalability, large records and table capability. [18:57] MySQL is already the defacto standard of the open source DB industry. Would it not be sensible to take full advantage of this by providing MySQL and of course starttls in almost all the apps in the server guide. [18:58] jacksonka: no, it's not. mysql is a lousy dbms compared to postgresql [18:59] I agree PostgreSql is more flamboyant but few company's standardize on it. Facebook uses MYSQL MEMCACHE. [19:00] I don't care what facebook uses [19:00] Alternatively, if the guide provided both MYSQL and POSTGRES scripts or options over starttls or ssl then presto. [19:02] For example, the guide provides lan and berkeley db install instructions yet today workers work at home and telecomute. Oh, mobile is also very important. [19:04] If you deploy ssl or secure tunneling then public infrastructure can be used and workers would be free to engage clients and associates and more ergonomic, flexible and productive was. This conserves office space. Another plus! [19:06] This open computing idea synergizes well with Ubuntu Server, Desktop, Tablet, large screen tv and obviously Ubuntu phone. [19:07] I love the Ubuntu concept and would like to see it grow. [19:10] Anyway I will be attempting to manually install Jabberd2, MYSQL, STARTTLS port 5222 with no registry enabled. Pre-registry by admin would be required in the DB. [19:10] I fill you guys in on my success or failure. === arrrghhhAWAY is now known as arrrghhh === hallyn_ is now known as hallyn === Jever| is now known as Jevermeister [21:01] hey all. I'm trying to get my server, which is running OpenVPN as a client, to split traffic... [21:01] as I can ssh just fine when the OpenVPN client is not running... but when the tunnel is up, I can't ssh from other remote locations [21:14] Hello [21:18] I need help with my server. [21:18] I cannot ssh to it through my router's external ip address, meaning that I cannot connect to it without a local connection [21:19] A music messaging session has been requested. Please click the MM icon to accept. [21:19] c:D [21:21] cppCzar: if you can connect to it over the LAN, it's a problem with the router config [21:21] Only way is go to server with monitor and use password auth [21:22] use password auth? [21:22] for? [21:22] and okay RoyK [21:22] But, then you can enable ssh for both cert and pam etc for options [21:22] RoyK: Do I need to have a static ip address? and jacksonka what are vert and pam? [21:23] I use Elliptic Curve DSA encryption for ssh authentication. [21:24] Elliptic Curve DSA 521 is military grade encryption approved by the United States government for top secret classification e docs. [21:24] Cert is certificate authentication so you don't have to use a password to log in. [21:25] Ubuntu currently recommends ECDSA certificate authentication for Ubuntu Servers. [21:25] Use Openssh and google to find sesson on ECDSA521 [21:26] Okay! Could you help me to set that up (once I get it connectable worldwide)? [21:26] Yes you just need the script which you can get of the net. [21:26] It is very fast [21:26] Sounds great. But I'm still having trouble figuring this problem out [21:27] I don't remember the exact procedure but it is easy to find on the net. [21:27] You must go to the server with a monitor and cable and log in through localhost [21:28] I can ssh in locally [21:28] You must be physically at the server. [21:28] but I'm also physically at the server [21:28] oh [21:28] I'm logged onto the server [21:28] good [21:28] Ok I will find session for you on net. One minute [21:29] First, sudo vim /etc/ssh/sshd_config [21:30] This is the daemon configuration file. [21:30] okay [21:30] Be careful. [21:30] Here you can use alt ports [21:30] Instead of port 22 you can use port 2222 [21:30] or any other to improve security. [21:31] Okay [21:31] cool [21:31] I have it at 22 [21:31] So if you want standard port leave it at 22 [21:31] I had changed it to something else last night [21:32] But everyone knows it is 22 [21:32] but I changed it back because I couldn't ssh into the server over internet outside of local [21:32] then I'll change it again [21:32] OK sudo apt-get install nmap [21:33] on my server? [21:33] very important [21:33] yes [21:33] or on your pc client laptop or server [21:33] Cool, that's the port searcher correct? [21:33] yes [21:33] It will tell you whether the port is listening. [21:34] hmm [21:34] I'm getting errors [21:34] after install then nmap mydomain.com [21:34] what is the error [21:34] a bunch of lines saying "Failed to fetch http://"... [21:35] with different websites [21:35] absolutely [21:35] because you are not on the internet [21:35] but I managed to install openssh [21:35] O.o [21:35] you need to reboot dsl or cable modem or other ip access [21:35] how do I reboot dsl? [21:36] and should I just turn off my modem and router and turn them back on? [21:36] Or do I need to reboot something in command line? [21:36] yes [21:36] hard [21:36] hardware [21:36] okay [21:36] then wait [21:36] and pray [21:36] shut down everything gracefully if you can. [21:39] Hey [21:39] I'm back now [21:40] k [21:40] I restarted it [21:40] I have an important question though [21:40] I have a wireless card on my server [21:40] ping a public domain [21:40] and in the installation I have no idea if it installed using the wireless or the lan [21:40] it being the server [21:41] Never use wireless on a server [21:41] ALWAYS USE TOP QUALITY ETHER CABLES CONNECT DIRECTLY TO YOUR UBUNTU SERVER. [21:41] Right [21:41] so I want to change that [21:41] and disable it from command line [21:41] :O [21:41] NO DOUBT [21:42] Can you help me do that? [21:42] FIRST ORDER OF BUSINESS SB TO hardwire your box to your router [21:42] I have it locally connected [21:43] Do you have a ether cable going from your server to your router [21:43] I had it locally connected when I installed it, but I also had the wireless card inserted and on [21:43] Yes [21:43] turn of the wireless card [21:43] you do not need it [21:43] Okay, but how? [21:44] Do I just need to completely take it out of the computer? [21:44] I s your machine an actual server or just a desktop? [21:44] desktop [21:44] That is the problem. Servers don't come with wireless garbo [21:44] ^.^ [21:44] lol [21:44] cppCzar_: Error: ".^" is not a valid command. [21:45] Ok, but you can still improvise server services [21:45] Okay, so do I need to completely remove it from the desktop, or is there a way to disable wireless from CLI? [21:45] Completely remove the wireless card from the server. [21:46] Unless your internet service is wireless. [21:46] Okay [21:46] Your service sb from dsl or cable modem with a static ip address for server class operations. [21:46] sb?* [21:46] What is sb? [21:46] should be [21:47] Okay, how can I make sure it has a static ip address? [21:47] I will begin removing the wireless card [21:47] It should cost more from your provider and they should have given you a fixed ip if you requested one. [21:47] Mine is $10 a month. [21:48] Ah, I haven't requested one [21:48] No free lunches. This is real world class internet services bud. [21:49] If your are on dynamic stop right here and get a fixed ip. I will help you with everything else. Where are you from ccpCzar [21:49] United states [21:50] How do I get a fixed ip? [21:50] I assume I have to contact my isp [21:50] yep [21:50] Do I just call and ask? haha [21:51] You want IPV4 with four octets something like 93.22.200.33 [21:51] And they won't give the server a static IP, but they'll give the router a static ip right? [21:51] well when I look at my Network setting under TCP/IP [21:51] No they usually give you two one for the router and one for the server [21:51] I have an IPV4 address [21:52] fixed? [21:52] on my laptop, not the server [21:52] What do you mean? [21:52] no you want to configure the server for the fixed ip not the laptop [21:52] sudo vim /etc/network/interfaces [21:52] I know, but I don't know how since it's only command line [21:53] I'm not sure if it's right though [21:53] The router provides DHCP Dynamic Host Controller Program services for ip leases. [21:53] because it's like, 192.168.2.4 [21:54] Okay, so what does that mean? [21:54] What is your public fixed ip address given from your ip provider? [21:54] Not 192.168...... [21:55] Fixed public ip [21:55] I'm not sure [21:55] how do I find out [21:55] Call your ip service provided to ensure they gave you one or ask them to. [21:55] Oh this is the 10$ a month thing? [21:55] yes [21:56] bottom line [21:56] So just because we have internet doesn't mean we have a public fixed ip address [21:56] correct [21:56] Alright. Do I just ask for a public fixed ip address? [21:56] yes [21:57] Make sure it is ip4 [21:57] ipv4 [21:57] okay [21:57] well I guess I'll come back when I do that [21:57] haha [21:57] thank you [21:57] k [21:57] bye [21:59] Can someone assist me in understanding why apparently none of the entries in this LDIF load? http://pastebin.ca/2387803 contains the LDIF. The ldapadd syntax and error messages are at http://pastebin.ca/2387804. This is a freshly installed slapd from the provided package for Ubuntu 12.04. [22:08] I failed to enter my LVM decryption phrase in time and I was presented with an initramfs tool called BusyBox. Could anyone help me with, A, shutting down the computer from this terminal, and B, reinitiating the LVM decryption process without restarting my machine? === Jikan is now known as Jikai === Jikai is now known as Jikan [22:33] hey all. I'm trying to get my server, which is running OpenVPN as a client, to split traffic... [22:33] as I can ssh just fine when the OpenVPN client is not running... but when the tunnel is up, I can't ssh from other remote locations [22:48] Is open vpn adding a default route via the tunnel? [22:49] VSpike, yes. It appears to add a route for it, and put a metric of 100 on my "normal" default route [22:49] this is fine, I would prefer it to tunnel by default... but there's a few services like ssh and ddclient perhaps that I would like to place "outside" of this tunnel [22:55] arrrghhh, do you mean incoming connections only? [22:56] qman__, well for example... if I force dyndns.org to point to my actual IP instead of the tunnel IP [22:56] I can 'see' the SSH connections coming in... but it never establishes a connection. [22:56] if I tear down tun0, all is well. [22:56] so what's happening is, the connection comes in directly, but your default route is over the tunnel and it sends the return traffic out that way === Jikan is now known as Jikai [22:57] if you tweak routing settings the same way you would for dual wan, it will fix that problem [22:58] correct. can you help me with this, or perhaps show me a guide to do this? [22:58] I would think a separate routing table would do this, and I would mark the packets with iptables? [22:58] http://lartc.org/howto/lartc.rpdb.multiple-links.html [22:59] cool [22:59] that's obviously the way to do it live, you'd have to add it with the appropriate additions in /etc/network/interfaces to get it on boot [23:00] hm ok [23:00] qman__, can I do this with a dynamic tun0 address? [23:00] eth0 is static, but tun0 gets a new address everytime the tunnel is started [23:00] you could, might have to do some tricks putting it in if-up.d for that interface or something [23:01] well the vpn is started with a init.d script [23:02] then you could just add it to the end of that [23:02] you can do something like this to get your IP in the script [23:02] ip a s tun0 | grep inet\ | awk {'print $2'} [23:14] qman__, does this guide work for Ubuntu Server? [23:14] Maybe I'm not understanding how to enter these routes (entirely possible, I am a routing n00b) [23:14] it's generally applicable to the linux kernel [23:16] qman__, the first route add command is failing... [23:16] sudo ip route add 192.168.0.0 dev eth0 src 192.168.0.99 table T1 [23:17] that's because you're not giving it a network address [23:17] if you're in a class C, it should be 192.168.0.0/24 [23:17] giving what a network address? [23:17] oh [23:17] right, I needed the mask [23:18] hm. I still get "Error: argument "T1" is wrong: "table" value is invalid" [23:18] derp, remove the T [23:19] so basically what you're doing is telling linux to return traffic from whence it came, instead of just using the default route [23:19] and then configuring your default route to be over your actual preferred interface === Jikai is now known as Jikan [23:26] I failed to enter my LVM decryption phrase in time and I was presented with an initramfs tool called BusyBox. Could anyone help me with, A, shutting down the computer from this terminal, and B, reinitiating the LVM decryption process without restarting my machine? [23:27] ctrl+alt+del should reboot it [23:28] if you've been dropped to busybox, I don't think you can go back and continue [23:28] I honestly don't know why they put it in there, I have yet to find any use for it at all [23:29] Ability to manually choose which drivers get loaded [23:29] Atleast, that's my understanding of it [23:29] But yeah, thanks for that cad, I'll give it a go next time. [23:30] On the reinitiating the decryption, well, it seems to start in initramfs so there must be a way [23:30] qman__, sorry not sure what messages went thru. do I only need to setup ths return path on the non-tunnel interface? and does this ensure all other traffic is still tunneled..? [23:32] arrrghhh, it needs to be set up for each interface which has a gateway [23:32] so, how I'd try it [23:33] add the part that creates a table for the interface to the main interface's config [23:33] and have it select that as the default route from the beginning [23:33] then, in the VPN config, have it set up the second table on tun0 and then select that one as the default instead [23:34] hm. I wonder if I need more complicated policy rules... [23:35] I want to make sure the tunnel is the default for everything else, except ssh [23:35] I already removed ddclient and put it on the router [23:38] oh well, I'll have to come back to this. thx for the help! === arrrghhh is now known as arrrghhhAWAY === micahg_ is now known as micahg [23:55] Ok, is there a way to use a PAM module when you use keys to login via ssh instead of a password?