| webfox | Is there a know setting for a timing out on ssh sessions by any chance? | 00:14 |
|---|---|---|
| sarnold | webfox: what problem are you trying to solve? | 00:15 |
| webfox | sarnold: I got a Brocken Pipe error from time to time when connecting to Ubuntu Server via ssh. | 00:17 |
| webfox | First I thought it could be realted to the sleep time of the Host OS (because this server is a client at a VM) but now I've changed the sleep time to forever it still Breaking Pipe. :/ | 00:18 |
| sarnold | webfox: ah; many NAT firewalls will drop a connection from their state tables if the connection is unused for too long | 00:19 |
| sarnold | webfox: take a look at ServerAliveInterval option in the ssh_config manpage; you might need to set that to a lower limit to prevent firewalls from killing your session | 00:20 |
| webfox | sarnold: and after a disconnection, is it normal to a refusing to new connections? | 00:21 |
| webfox | and sometimes it is weird, in the middle of something. | 00:21 |
| sarnold | webfox: no, new connections should happen immediately | 00:21 |
| sarnold | webfox: oh? o_O that's very strange | 00:21 |
| webfox | let me pay some attention to this ans see how it really works. | 00:21 |
| webfox | and besides, it is a Brocken Pipe not a disconnection allowed by OS | 00:22 |
| webfox | and after that no new connection available. | 00:23 |
| sarnold | broken pipe, eh? that feels even stranger still. | 00:24 |
| webfox | yeah.. | 00:24 |
| sarnold | webfox: wait, what was that you said about 'sleep' earlier? I skimmed that oo quickly.. | 00:26 |
| webfox | sarnold: I first thought it could be related to the Host machine sleep process which brooked the connection but then I set it to a longer period and it just still the same. | 00:28 |
| sarnold | webfox: so one or more machine is powered down from time to time? | 00:29 |
| webfox | sarnold: yes, the Host machine. | 00:30 |
| sarnold | webfox: aha! sorry to steer you wrong earlier. | 00:31 |
| sarnold | webfox: you could try -increasing- the ServerAliveInterval and ServerAliveCountMax variables to try to prevent ssh from killing the connection, but the TCP stack might kill it for you if there's data sent .. | 00:32 |
| sarnold | webfox: look into the 'mosh' program, it'll happily re-establish connections between client and server even if the client changes IP | 00:32 |
| sarnold | webfox: (mosh uses UDP packets, so the data from server->client is -always- being sent, perhaps to stale IP addresses. mosh isn't for everyone. but _I_ like not having to re-login to my irc host and re-attach my tmux session all the time. :) | 00:33 |
| webfox | sarnold: but it change, udsed to be different | 00:35 |
| sarnold | webfox: i've recovered ssh sessions when machines slept before, but it depends upon so many variables.. | 00:36 |
| sarnold | webfox: if one or the other endpoint sends a packet, it'll hit tcp retransmit mechanisms, and after a certain number of retransmit attempts (using exponential fallback timing..) if there's no ACK for the packet, the connection will be torn down. | 00:36 |
| sarnold | webfox: so if you leave ssh sitting on a shell prompt with no activity, it might survive for a long time when the connection is broken or a machine is put to sleep. if it's an active irc window, you'll have a few minutes, tops. | 00:37 |
| webfox | sarnold: actually ssh is sitting on a shell just wating. Bot busy. | 00:38 |
| sarnold | webfox: how long can you sleep it? :) | 00:38 |
| webfox | I think less then 5 minutes and the connection is gonne. | 00:40 |
| webfox | sarnold: AND the host machine cannot access this client ssh as well. | 00:42 |
| webfox | sarnold: somhow the ssh service got blocked. | 00:43 |
| sarnold | webfox: does the client have openssh-server installed? is there any firewalling that prevents the client from opening the port? are the two machines on different sides of a firewall or router? | 00:44 |
| webfox | sarnold: I've installed like apt-get install ssh, not openssh, and one machine shares the router with the host at the wifi router. | 00:46 |
| sarnold | webfox: check dpkg -l openssh-server | 00:48 |
| webfox | sarnold: worst is I am currently unable to install anything because of an network issue I am having. | 00:49 |
| sarnold | webfox: ah perhaps that needs to be sorted out first :) | 00:49 |
| webfox | sarnold: I think this ssh I am using just came with the ubuntu Server 13.10, no? | 00:50 |
| sarnold | webfox: your client may not have it installed. | 00:50 |
| webfox | sarnold: I remember having installed it but I think it was on Client (which is Ubuntu 13.10) | 00:50 |
| webfox | sarnold: I mean the host. :P | 00:51 |
| sarnold | webfox: oh, I thought you said you were having trouble connecting from the host to the client? | 00:51 |
| webfox | sarnold: no, actually it it the other way around. | 00:54 |
| sarnold | webfox: oh, okay | 00:54 |
| webfox | sarnold: I can connect from Host to client (via ssh) and from another machine at same network, but cannot connect from Client. | 00:54 |
| sarnold | webfox: maybe set up a ping from client to server in another terminal, just leave it running. when things break it might be useful to see if the ping is also broen.. | 00:55 |
| === arosales__ is now known as arosales | ||
| === PeterS is now known as Guest46833 | ||
| IOerror | Hi all, anyone got experience with domain.com and hosting your own web server? | 04:18 |
| IOerror | anyone know any good channels for website administration? | 04:36 |
| vedic | Hi friends, I need best practices suggestions. I have multiple machines running Databases, Geo signal analysis, Server to host REST API requests, backup etc. In all of these, security of the data is most critical and after that latency and fault tolerance. What are you suggestions to look for when deciding on tools/lib/topology | 04:38 |
| vedic | Security when data is lying on the server disks and when it is traveling on wire between machine and between machine to user | 04:39 |
| === freeflying_away is now known as freeflying | ||
| slowe | I'm having the strangest issue running 12.04 as a guest on a 12.04 KVM host. The installation works fine, but the guest then hangs on first boot. As far as I've been able to tell, it's somehow related to a swapon/mountall issue with the swap partition. Any suggestions? | 05:31 |
| sarnold | vedic: you can use luks to provide on-disk encryption, though note that is only useful against e.g. hard drive theft of server theft; it doesn't provide much protection when the machine is alive and running.. | 06:06 |
| sarnold | vedic: you could protect connections with tls if your capplications support it, or you can use ipsec between machines if your applications don't syupport tls well | 06:07 |
| vedic1 | sarnold: Thanks. What I was thinking is: VPN between all machines and TLS for end customers to access services. | 07:26 |
| sarnold | vedic1: nice. just think, that's already more effort than tjmaxx used to protect their point of sale systems.. :) | 07:27 |
| vedic1 | sarnold: Didn't get what you mean by tjmaxx | 07:31 |
| sarnold | vedic1: http://www.nbcnews.com/id/17871485/ns/technology_and_science-security/t/tj-maxx-theft-believed-largest-hack-ever/ | 07:33 |
| sarnold | no wep, no wpa, no per-message encryption, no session encryption, no ipsec.. | 07:34 |
| vedic1 | sarnold: wow. That was biggest data hack ever heard after CIA edward case | 07:39 |
| sarnold | vedic1: haha :) | 07:40 |
| vedic1 | sarnold: so disk encryption, VPN and TLS should be sufficient? | 07:41 |
| sarnold | vedic1: it's a good start, anyway. if your applications are wide-open or misconfigured or so forth, you could still be trouble | 07:42 |
| vedic1 | sarnold: What would you consider air tight security? Provided that there will be servers talking to each others and users will need API and web access to the app | 07:43 |
| sarnold | vedic1: no such thing exists; you can only mitigate so much. for my own systems, every application that connects to the network is confined with an apparmor profile; most applications that process data from the network are also confined with apparmor profiles | 07:45 |
| sarnold | (well, my ssh client isn't apparmor confined.. I might fiddle with that at some point in the future) | 07:46 |
| vedic1 | sarnold: I see. AFAIK, many just disable apparmor | 07:46 |
| sarnold | vedic1: pity, in my experience I can teach sysadmins how to use apparmor in about two hours, and the next day after they've confined a few applications, cover the advanced topics :) | 07:48 |
| vedic1 | Could you send me your email in private msg | 07:49 |
| vedic | sarnold: brb after lunch | 08:00 |
| eugenmayer | Hello. Installed to 12.04 servers on my proxmox ( KVM ) hypervysor. Both seem to work very slow, logging in even takes for ever. Debian Guests though work without issues | 08:47 |
| eugenmayer | Iam using virtio / cache off as storage bus | 08:47 |
| eugenmayer | and raw as a format. | 08:47 |
| eugenmayer | No sorry, i use qemu2 as format, not raw | 08:49 |
| === a1berto_ is now known as a1berto | ||
| === hachre_ is now known as ahchre | ||
| === ahchre is now known as hachre | ||
| lebafar | Hello folks! | 13:26 |
| lebafar | Could someone help me figure how to change the font size of the display please? | 13:26 |
| RoyK | font size on a server console? | 13:29 |
| lebafar | no, te main terminal, we are at #server channel, right? | 13:30 |
| RoyK | erm - main terminal as in console? | 13:31 |
| RoyK | sudo dpkg-reconfigure console-setup | 13:31 |
| lebafar | yes RoyK ! That is what I was taking about! Thank you a lot! | 13:33 |
| m3t4lukas | hey guys, when I try to install the packages "postgresql" and "default-jdk" I get a 404 on "http://us.archive.ubuntu.com/ubuntu/ precise-updates/main" and "http://security.ubuntu.com/ubuntu/ precise-security/main" | 13:55 |
| m3t4lukas | this is the complete output http://pastebin.com/LhueZxhE | 13:56 |
| cfhowlett | m3t4lukas, because precise has ended support | 13:56 |
| cfhowlett | !precise | 13:56 |
| ubottu | Ubuntu 12.04 LTS (Precise Pangolin) is the current !LTS release of Ubuntu. Download http://releases.ubuntu.com/12.04/ - Release Info: http://www.ubuntu.com/getubuntu/releasenotes/1204 | 13:56 |
| cfhowlett | eeek. retract and ignore my stupidity | 13:57 |
| m3t4lukas | 12.04 LTS is supported | 13:57 |
| cfhowlett | sorry | 13:57 |
| ogra_ | precise is supported until 2017 | 13:57 |
| ogra_ | m3t4lukas, did you update your package lists first (apt-get update) ? | 13:57 |
| m3t4lukas | there's no newer LTS :P | 13:57 |
| cfhowlett | m3t4lukas, true true - keyboard tourette's. mea culpa to all | 13:57 |
| === Den_Beiren is now known as DenBeiren | ||
| === balloons_ is now known as balloons | ||
| === jrgifford_ is now known as jrgifford | ||
| === gazoombo_ is now known as gazoombo | ||
| === fhd___ is now known as fhd__ | ||
| === three18ti is now known as 20WABA16N | ||
| === Pici` is now known as Guest7580 | ||
| === RoyK^ is now known as RoyK | ||
| === TDog__ is now known as TDog | ||
| === lebafar is now known as 92AAAIQQS | ||
| === robher_ is now known as robher | ||
| === micahg is now known as 92AAAIQ31 | ||
| === miceiken_ is now known as miceiken | ||
| === markthomas_ is now known as markthomas | ||
| === DaIRCKing is now known as GTAXL | ||
| === huttan_ is now known as huttan | ||
| === PeterS is now known as 17SAAH6D3 | ||
| === ValicekB_ is now known as ValicekB | ||
| === markthomas_ is now known as markthomas | ||
| === DaIRCKing is now known as GTAXL | ||
| === kantlive- is now known as kantlivelong | ||
| === Raboo_ is now known as Raboo | ||
| === PaulW2U is now known as Guest65916 | ||
| === Ursinha is now known as Ursinha-afk | ||
| === Ursinha-afk is now known as Ursinha | ||
| === jrgifford_ is now known as Guest66371 | ||
| === ValicekB_ is now known as ValicekB | ||
| === daveops is now known as Guest44563 | ||
| === cfhowlett is now known as | | ||
| === | is now known as Guest87869 | ||
| === _bjf is now known as bjf | ||
| === DaIRCKing is now known as GTAXL | ||
| === huttan_ is now known as huttan | ||
| === jrgifford_ is now known as Guest39297 | ||
| === roo_ is now known as roo | ||
| === MannerMan is now known as 16WAATJ5D | ||
| === PeterS is now known as 16WAATI90 | ||
| === rodarvus is now known as 23LAA6O40 | ||
| === RobbyF is now known as 16WAATMLO | ||
| === yofel is now known as Guest6792 | ||
| === ogra_ is now known as ogra | ||
| === Guest6792 is now known as yofel | ||
| === IdleOne is now known as Guest87974 | ||
| === Guest87974 is now known as io | ||
| === io is now known as Guest52137 | ||
| === Guest52137 is now known as io | ||
| === IdleOne- is now known as IdleOne | ||
| === dcosnet1 is now known as dcosnet | ||
| === lifeless is now known as 7JTAAALD7 | ||
| phunyguy | so I have a question about postfix, and smtp relays. I am trying to set up an outbound relay on a VPS that I have, and rather than do user authentication, is it possible to just use certificates to authenticate to the relay? | 21:48 |
| phunyguy | sweet, http://majic.rs/book/free-software-x509-cookbook/setting-up-postfix-using-x509-client-certificates-for-authenticatio | 21:55 |
| === i3luefire__ is now known as i3luefire | ||
| === larva is now known as Guest68758 | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!