/srv/irclogs.ubuntu.com/2014/08/07/#ubuntu-server.txt

=== CripperZ is now known as CripperZ-
d4c7	Anyone working on an OpenSSL package?	01:12
sarnold	d4c7: we'll publish an update for it tomorrow	01:13
d4c7	sarnold: cool, tomorrow what TZ? :)	01:15
sarnold	d4c7: hehe :) probably less than twenty four hours from now anyway..	01:15
d4c7	sarnold: got it, thanks!	01:16
sarnold	thanks d4c7 :)	01:16
MavKen	anyway to prevent port scans? using ubuntu 14.04	01:31
MavKen	and any recommendation of fail2ban vs denyhosts?	01:32
=== peter is now known as Guest52559
=== CripperZ- is now known as cripperz
=== cripperz is now known as CripperZ
=== CripperZ is now known as CripperZ-
=== Seveaz is now known as Seveas
=== tom][ is now known as tom[]
=== dasjoe_ is now known as dasjoe
=== ivoks_ is now known as ivoks
=== Azelphur_ is now known as Azelphur
=== kaydo_ is now known as kaydo
monokrome	Does anyone here have experience with MaaS and VMs?	04:50
monokrome	I've been trying to run Ubuntu's OpenStack for the last week to no avail	04:51
Mallot1	Hello	05:03
Mallot1	How would I go about creating a public SQL server with ubuntu?	05:03
cfhowlett	Mallot1, https://www.digitalocean.com/community/tutorials/how-to-migrate-a-mysql-database-to-a-new-server-on-ubuntu-14-04 <<this?<<	05:04
Mallot1	cfhowlett: I'm learning MySql for my iOS app ao i new to make new server	05:05
cfhowlett	Mallot1, ah. OK.	05:05
Mallot1	")	05:05
Mallot1	:)	05:05
cfhowlett	Mallot1, https://duckduckgo.com/?q=public+mysql+server+ubuntu&t=canonical	05:05
cfhowlett	Mallot1, 12.04 but should be about the same for 14.04 >>> https://help.ubuntu.com/12.04/serverguide/mysql.html	05:06
Mallot1	wow! great help thanks thats just what I needed	05:06
arrrghhh	hello, anyone mind helping with some dpkg/apt issues? Tried to install some packages for setting up a build environment, and seemingly have broken apt...	05:07
arrrghhh	this is what happens when I try to run dpkg --configure -a	05:09
arrrghhh	http://hastebin.com/pukoloniyi.vhdl	05:09
=== CripperZ- is now known as cripperz
R0ckET	hola	05:32
cfhowlett	!es \| R0ckET	05:33
ubottu	R0ckET: En la mayoría de los canales de Ubuntu, se habla sólo en inglés. Si busca ayuda en español entre al canal #ubuntu-es; escriba " /join #ubuntu-es " (sin comillas) y presione intro.	05:33
Abhijit	he went to #ubuntu	05:36
R0ckET	sorry cfhowlett	05:38
cfhowlett	R0ckET, no worries	05:38
cfhowlett	R0ckET, please state your issue	05:38
R0ckET	my issue is with bash, can you help me?	05:40
cfhowlett	R0ckET, choose ONE channel. no crossposting please	05:40
R0ckET	ok	05:41
Sierra	Unless there's a rule about it somewhere I missed... What's wrong with asking in multiple channels? One might have the answer where another might now	05:42
Abhijit	exactly.	05:43
cfhowlett	!crossposting	05:43
ubottu	Please don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support.	05:43
monokrome	I do "sudo apt-get install docker" and it says it's already installed	05:44
monokrome	I do: docker	05:44
monokrome	and it says "The program 'docker' is currently not installed."	05:44
arrrghhh	it dilutes the community effort, crossposting - similar to forums.	05:44
monokrome	wat?	05:44
R0ckET	there is a security certification for servers?	06:06
=== yofel_ is now known as yofel
=== khaitanya is now known as Guest74626
=== mswart_ is now known as mswart
lordievader	Good morning.	07:05
phuh	Is it a good idea to put ssl pem file in /etc/ssl/certs?	07:06
phuh	or /etc/ssl/private?	07:07
=== arrrghhh is now known as arrrghhhAWAY
six86	Hello. Is there a way to see "behind the progress bar" in an ubuntu server installation? Problem is that I have a problem with my preseed, but I can't see what's going wrong because it just is stuck on the progress bar.	08:49
kklimonda	try different consoles	08:51
kklimonda	one of the should be displaying progress	08:52
=== cripperz is now known as CripperZ
maxb	This is the purple text mode installer? (d-i)	08:52
maxb	You want to look at tty4	08:52
maxb	And, if you're debugging preseed, you probably want the DEBCONF_DEBUG=5 kernel boot param	08:52
six86	Thanks.	09:01
six86	I could see that it is stuck when I do apt-get install xubuntu desktop in a shell script I call with late_command	09:01
six86	I have no idea why it's stuck there...	09:01
six86	It worked before, when I had everything in the preeseed file itself	09:02
six86	maybe it is not good to use /bin/bash in a late_command script?!	09:05
six86	maxb: Is there a way to automatically switch to tty4 during installation?	09:09
maxb	Alt+F4	09:09
six86	I mean to switch to this view automatically in an unattended installation	09:10
=== CripperZ is now known as CripperZ-
six86	Is there a way to see the output of a shell script started in late_command?	10:00
jpds_	six86: Log it to a syslog server?	10:00
six86	no local quick way?	10:00
jpds_	six86: It's probably in /var/log/installer/	10:07
=== kickinz1\|away is now known as kickinz1
=== Pici` is now known as Pici
six86	Hm my late_command preseed script just hangs without any indication why....	10:56
=== ogra_` is now known as ogra_
six86	Is something deprecated in this howto: https://fak3r.com/2011/08/18/howto-automate-debian-installs-with-preseed/ ?	11:17
six86	I am doing almos the same and it gets stuck when i want do install a apckage	11:17
mwhudson	i'm too tired to read the details but i think it's more or less right	11:20
mwhudson	i've certainly done fully preseeded installs of trusty a bunch of times	11:20
mwhudson	six86: what are you doing and what happens?	11:20
Gargoyle	Is there a way to delete a filesystem from a disk (no partitions)?	11:21
six86	I think only the bottom part with late_command is relevant. I'm trying to install xubuntu-desktop in the script called by late-command but it never ends. I put some outputs in the script and I see them in a log file, but "apt-get -y --force-yes install xubuntu-desktop" just hangs.	11:22
mwhudson	ah	11:22
mwhudson	maybe something is asking a question via debconf?	11:22
six86	Before i just installed it in the preseed file directyl without chroot to /target, and it worked fine	11:23
mwhudson	hm	11:23
mwhudson	six86: is there some reason to not d-i pkgsel/include string xubuntu-desktop?	11:25
mwhudson	in any case, it's bed time here, good luck	11:26
six86	mwhudson: Yes. I'm also isntalling some other packages that are not authenticated, so it would just move my problem	11:26
mwhudson	ah	11:27
six86	mwhudson: good n8.	11:27
mwhudson	yes that would do it	11:27
=== Lcawte is now known as Lcawte\|Away
=== Lcawte\|Away is now known as Lcawte
=== jimi_ is now known as Guest60327
=== Lcawte is now known as Lcawte\|Away
=== Lcawte\|Away is now known as Lcawte
=== Guest60327 is now known as jimi_
hallyn	sarnold: jdstrand: so, last night my kvm vm with qcow2 snapshot rootfs woulnd't boot. i shut down my thinkpad. just booted now. the vm starts!	12:23
hallyn	jdstrand: sarnold: is it possible that your qcow corruptions would have disappeared after a reboot, or have you tried that?	12:24
hallyn	I know it makes no sense...	12:24
hallyn	I'm going to disable KSM, for starters	12:24
=== kickinz1 is now known as kickinz1\|brb
jdstrand	hallyn: I never tried that	12:43
Yevgeny	Hello	12:49
Yevgeny	i get a PXE error	12:49
Yevgeny	when I try to boot with PXE image boot	12:49
Abhijit	what error?	12:50
Yevgeny	I get an error with DHCP: "No dhcp or proxy dhcp offers recieved"	12:50
progre55	Hi guys. I need to aggregate some logs (java application logs) from multiple servers into a single server. Using logstash could be an overkill (just for aggregating, no analysis or even filtering). Any suggestions?	12:52
progre55	Could rsyslog be right in this scenario?	12:53
=== LarsN_ is now known as LarsN
jpds_	progre55: Yep.	12:55
progre55	jpds_: thanks! Never used rsyslog before, but will dive into the documentation (although so far, the documentations seems a bit too difficult to digest)	12:57
jpds_	progre55: $ cat /etc/rsyslog.conf	12:58
jpds_	progre55: A quarter of the way down are the settings to enable the UDP server.	12:58
progre55	jpds_: UDP? As far as I understand it, rsyslog supports TCP and TLS? These logs could be a little too sensitive to be sent over UDP	12:59
progre55	but I’ll look into it	12:59
jpds_	progre55: And to send traffic, you just do; ". @IP.ADD.HOS.T" on the sender.	13:00
jpds_	progre55: Oh, right, that's the complicated bit.	13:00
=== kickinz1\|brb is now known as kinkinz1
=== thumax_ is now known as thumax
mdeslaur	If anyone is feeling adventurous, I just uploaded untested openssl packages here: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages	13:38
RoyK	mdeslaur: what sort of fixes are there in this?	13:40
mdeslaur	RoyK: https://www.openssl.org/news/secadv_20140806.txt	13:41
RoyK	mdeslaur: ouch - I hope the libressl progress is good...	13:43
mdeslaur	I gather most of those issues also apply to libressl	13:43
mdeslaur	cleaning up code doesn't necessarily fix security issues...it just makes them marginally easier to spot	13:44
RoyK	"marginally"?	13:45
hallyn	sarnold: jdstrand: I've also gotten quite a few hangs (only of utopic, not precise, vm) over a laptop suspend. I have to virsh destroy and virsh restart. but in this case it restarts fine, dn't have to reboot host.	13:45
jdstrand	hallyn: see that even with old saucy kvm	13:48
jdstrand	hallyn: not everytime, but every now and again	13:48
mdeslaur	RoyK: it depends what the security issues are, if they are traditional C coding errors, sure, you'll uncover a few of them...but a lot of the crypto security issues are because of packet ordering or related to the complexities of ssl negotiation...those types of issues won't typically be spotted by cleaning up code	13:50
* mdeslaur shrugs		13:50
hallyn	jdstrand: I really get the feeling something about suspend/resume just doesn't get along with kvm on thinkpads. anyway disabling ksm didn't help that particualr problem, let's se eif i get the disk corruption (which apparently was really page table corruption) again over the course of the day	13:51
RoyK	mdeslaur: agreed	13:56
=== Lcawte is now known as Lcawte\|Away
=== No_one_a1_all is now known as No_one_at_all
=== Lcawte\|Away is now known as Lcawte
=== ashleyd is now known as ashd
=== Lcawte is now known as Lcawte\|Away
alexrussell	I have Ubuntu 12.04 with fully up-to-date packages, and on login there’s a message about the HWE being no longer supported. It suggests doing an LTS update and to be honest I wanted to anyway, so it’s all good. I do a `sudo do-release-upgrade` and get back “No new release found”. A cursory Google search suggests I have to wait for the .1 point release, but then looking at http://www.ubuntu.com/download/server 14.04.1 is out, so is there	15:24
alexrussell	something I’m doing wrong? I know I can install update-manager and run `update-manager -d` to kinda force it to update anyway, but before I go down that route is there something I’m not considering?	15:24
rbasak	alexrussell: sorry, that is confusing. I'll raise it.	15:29
rbasak	alexrussell: you can do an upgrade to 14.04 now if you wish - it's just not automatically recommended. That's coming soon.	15:29
rbasak	alexrussell: alternatively, you can just upgrade to the latest HWE kernel.	15:29
dasjoe	rbasak: that's because http://changelogs.ubuntu.com/meta-release-lts doesn't refer to 14.04.1 yet	15:31
=== psivaa is now known as psivaa-afk-bbl
=== Lcawte\|Away is now known as Lcawte
Nivex	dasjoe: do we have any idea why that hasn't been updated yet?	15:32
rbasak	dasjoe: right. Nivex: I think it's just final QA etc. on flipping the switch. Not sure of the exact reasons.	15:33
dasjoe	Nivex: it's coming "soon", according to 14.04.1's release notes	15:34
Nivex	rbasak: FWIW arrrghhhAWAY and I have been tracking this for the last two weeks: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1344762	15:34
uvirtbot	Launchpad bug 1344762 in update-notifier "update-notifier tells me to upgrade from 12.04.4 LTS to 14.04 LTS (because of HWE), but that release is not found" [Undecided,Confirmed]	15:34
rbasak	Nivex: ah, that'll be the same bug here then - thanks.	15:34
alexrussell	Sorry got pulled away form my desk right after asking that. Thanks guys for getting back to me. I’ll hang on till it can be done automatically then.	15:36
Nivex	I've been tempted to pull the trigger on the do-release-upgrade -p, but I've been desparately trying to find out what the blocker is so I can know what problems I'll run into.	15:37
Nivex	There seems to be a black hole between me and whoever is making that decision.	15:38
alexrussell	Interesting...	15:38
Nivex	I'd recommend to whoever is writing those release announcements to define "soon" as a tangible time range (eg: X days, weeks, months). I parsed "soon" as a few days and we're up to two weeks.	15:39
alexrussell	yeah that seems a bit odd	15:40
Nivex	at this point it's less about not having the bits on time and more about the lack of transparency for me	15:40
alexrussell	And/or, as you say, get an idea of if there’s a reaosn it’s not released for upgrade yet (maybe someone forgot to update something, maybe it’s a big blocker)	15:40
rbasak	I understand the concern that there's some reason for holding it back that you don't know about, and thus don't want to do it yet.	15:41
rbasak	I will ask.	15:41
rbasak	I suspect it's just that 12.04.5 is being worked on first, and the same devs are working on both, so it's easier to do one after the other.	15:41
TJ-	I emailed Adam Conrad about this issue after his release announcement but got no reply, and the ubuntu-release team mailing list had an RFC back in February about the 12.04.5 release, and there's an email from yesterday saying 14.04.1 is going to be available from "Thursday"	15:43
TJ-	The key issue is here that support for current HWEs goes out of support today and with no 12.04.5/14.04.1 upgrade its as if everyone is expected to upgrade on the same day... there needs to be a month of overlap from availability of the upgrade until the previous HWE goes EOL	15:45
=== mjohnson151 is now known as mjohnson15
=== darkness is now known as Guest54417
zereraz	Hello, I have a question , What are the lower level working of a web servers? If this is not the right channel please direct us.	16:27
=== arrrghhhAWAY is now known as arrrghhh
arrrghhh	Nivex, I hate to say it... but I had to install 14.04 :/	16:31
arrrghhh	I got a little trigger happy with some bind mounts and managed to hose the entire 12.04 install.	16:31
user123321	What is the setting I need to set in interfaces file to enable networking between my VM's without a router?	16:39
=== matsubara is now known as matsubara-lunch
monokrome	user123321: I think that you need to masquerade on that network with iptables	16:56
user123321	Aha	17:00
=== Lcawte is now known as Lcawte\|Away
pmatulis	user123321: by default KVM guests are on the same network, so nothing to do	17:21
user123321	pmatulis, But VM's get different IP's if I use bridged adapter in VM settings (with router, ofc), no chance with this method too?	17:28
sarnold	hallyn: I never tried rebooting my laptop to see if that would allow my VMs to boot when they were corrupted beyond booting	17:31
sarnold	hallyn: I did see two or three times different VMs refusing to restart after laptop suspend/resume but never investigated those. I figured it was a miracle they worked at all after suspend/resume of the host. :)	17:32
sarnold	s/refusing to restart/hanging and not responding and requiring a VM reboot/	17:32
pmatulis	user123321: do you want your guests to be contacted from outside the host? if so, use a bridge. if not, use the default NAT	17:34
user123321	pmatulis, Even with a bridge, I must need a router for assigning IP's for VM's, right?	17:36
user123321	I mean, including networking between VM's.	17:36
hallyn	sarnold: the next time you find corruption, please do try reboot and see if it works after that	17:37
hallyn	not only did my vm boot, the disk image was fsck-clean	17:37
hallyn	so this seems like some page cache badness	17:38
pmatulis	user123321: with a bridge you effectively put your guest on the same lan as the host	17:38
user123321	pmatulis, Even if I don't have a router connected to my ethernet port?	17:39
pmatulis	user123321: yep	17:40
user123321	pmatulis, Oh, so I shouldn't be having a problem for networking between my VM's, right?	17:40
user123321	without a router*	17:41
pmatulis	user123321: well, do they get an IP from a DHCP server on the lan?	17:41
sarnold	hallyn: wow. leaping right to conclusions, I wonder if it was that KSM bug...	17:41
hallyn	sarnold: does your laptop have numa?	17:42
hallyn	i've disabled ksm here this morning, will have to see if i end up with corruption in the next two days	17:42
sarnold	hallyn: unlikely, just dual-core i7	17:43
user123321	pmatulis, It didn't work the last time I checked without a router. Well, if I set 2 static IP's to 2 VM's, say, 192.168.1.3 and 192.168.1.4, is there a way to ping from the 1st VM (192.168.1.3) to the second VM (192.168.1.4).	17:44
hallyn	sarnold: i've only got i5. aren't you cool	17:50
hallyn	arges: hi, i just pushed a new 1.2.2-0ubuntu13.1.4 libvirt to trusty-proposed, bc the 1.2.2-0ubuntu13.1.3 fix was incomplete. Could you please accept into trusty-proposed (deleting the 1.2.2-0ubuntu13.1.3 currently there)?	17:51
arges	hallyn: sure i'll review it	17:51
pmatulis	user123321: are those addresses part of the lan?	17:52
hallyn	thanks arges	17:52
user123321	pmatulis, I would like to create a LAN.	17:53
user123321	without a router.	17:53
user123321	Wondering if it's possible.	17:53
sarnold	hallyn: hehe, when my laptop refresh comes around I might be looking at eurocom.com :)	17:53
pmatulis	user123321: the host must be on a lan already	17:53
arges	hallyn: ok done	17:54
hallyn	sarnold: i've got two years to my next one, but the toshiba rharper pointed to looked sweet	17:54
hallyn	trackpoint, trackpad, and real mouse buttons. sign me up!	17:54
sarnold	hallyn: oh right, I meant to go look that one up..	17:54
hallyn	hm, eurocom gaming laptop perhaps	17:55
user123321	pmatulis, Aha. By the way, here's the scenario. I have 4 VM's running at the moment, each assigned with a unique IP address by the router. And I could ping my VM's from my host. I'm wondering if I'm able to achieve the same functionality without a router connected to the ethernet port.	17:56
sarnold	hallyn: nine pounds? what could go wrong? :)	17:56
hallyn	shoulder injury? :)	17:56
pmatulis	user123321: i have a feeling by 'router' you mean DHCP	17:56
sarnold	hallyn: lol	17:57
user123321	pmatulis, Ah, I have connected my ADSL router to my machine.	17:57
pmatulis	hallyn: i'm always on the lookout for a decent lappy. what toshiba is it? can't find in scrollback	17:57
user123321	pmatulis, Yes, the router has DHCP.	17:58
hallyn	pmatulis: check warthogs list	17:58
pmatulis	hallyn: ah ok	17:58
hallyn	he couldn't find the i7 in the us. but that's ok, my week-old tp is i5, does fine	17:59
hallyn	all right, back to libvirt and systemd-shim. \o	17:59
sarnold	good luck	17:59
Rug	I have squid3 running on one of my servers and it is working as a proxy. BUT as soon as I enable 'transparent' it fails to operate. any suggestions?	18:05
Rug	http_port 8888 <- works http_port 8888 transparent <- does not work	18:05
Rug	I have also tried these variations (none work): 192.168.0.241:8888 transparent http_port 192.168.0.241:8888 intercept http_port 8888 intercept	18:05
TJ-	Rug: how does it "fail to operate" ?	18:06
TJ-	Rug: Is it accompanied by a netfilter rule that redirects port 80 traffic to port 8888, with an exception if the source is the IP or process ID of squid?	18:06
Rug	TJ-: the access.log fail shows no activity. The web-browsers don't fetch any pages	18:07
Rug	TJ-: no (about the netfilter rules	18:07
TJ-	Rug: transparent proxy intercepts non-proxy requests and forwards them if needed. That requires netfilter rules to redirect transparently as far as the clients are concerned.	18:08
Rug	TJ-: ok I'll look into that. Thanks.	18:09
TJ-	Rug: Or, do you mean squid is in transparent mode and the clients have the proxy port 888 configured and the proxy fails to return	18:09
Rug	TJ-: When in transparent mode, the proxy server (as evidenced by the access.log) shows no activity.	18:10
pmatulis	user123321: if they're on the same subnet and use the host's bridge then they should be able to see each other	18:10
TJ-	Rug: Are the clients configured to use the proxy on port 8888 or are they sending requests directly to the target?	18:11
Rug	TJ-: port 8888	18:11
TJ-	Rug: For transparent read: http://www.tldp.org/HOWTO/TransparentProxy-6.html	18:12
=== matsubara-lunch is now known as matsubara
user123321	pmatulis, Aha, so if I set static IP's and same subnets for VM's, I'm good to go?	18:13
TJ-	Rug: read also http://wiki.squid-cache.org/SquidFaq/InterceptionProxy	18:13
pmatulis	user123321: and the bridge, yeah	18:13
Rug	ok thanks.	18:13
user123321	pmatulis, Cool, thanks.	18:13
dw1	how can i change the default interface to the main ip? everything (php, sendmail) seems to be sending out with a secondary ip (added/used for SSL on a specific web site)	18:15
=== Lcawte\|Away is now known as Lcawte
=== Lcawte is now known as Lcawte\|Away
dw1	i think i prob set up my secondary IP wrong https://pastee.org/44agb	18:38
dw1	i want the first one as default for outgoing connections	18:38
sarnold	dw1: can you configure your services to bind to eth0 instead of wildcard binds?	18:39
dw1	i can configure each individual program/outgoing PHP socket to use the IP i want, yes	18:40
dw1	but id rather it use the eth0 ip by default	18:40
sarnold	I know of no mechanism to ask the kernel to prefer one IP over another when a wildcard bind is used	18:42
dw1	wildcard bind.. thats the 0.0.0.0 i see in route -n i guess	18:44
=== chaitanya is now known as kaitanya
dw1	https://pastee.org/pfbxh	18:44
=== kaitanya is now known as Guest23798
sarnold	dw1: that's a default route; slightly different ;) hehe	18:45
dw1	what makes it a wildcard bind in /etc/network/interfaces ?	18:46
sarnold	dw1: nothing; applications will just use int fd = socket(AF_INET, SOCK_STREAM, 0); connect(fd, ...); without using bind(fd, ...) first	18:48
dw1	ahh hmm	18:49
dw1	so its normal then.	18:50
dw1	thanks for input	18:51
sarnold	dw1: actually... if you're up for some research, this might be promising: http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.simple.html	18:53
=== chuck_ is now known as zul_
=== Guest23798 is now known as kaitanya
stetho	Hi. Does any have any recommendations for a directory server for home use? I'm tempted to just go with OpenLDAP but I'm nervous of its fragility and my inexperience. Locking my kids out of their computers wouldn't go down well. I've looked at other things like FusionDirectory and FreeIPA but I am wondering if there's other options that I haven't found yet before I choose one of them.	20:12
sarnold	stetho: 389ds? sssd? (never tried either one, just trying to give more choics :)	20:12
stetho	SSSD is an authentication daemon. I had forgotten about 389DS - I'll go and have a look.	20:15
sarnold	no directory component? thanks :)	20:16
zartoosh__	HI I am using ubuntu 14.04. The system harddisk is GPT partition. I need a tool to label the disk partition. I used to use e2label before but it seems e2label does not work with GPT partition disks? thx	20:23
gorelative	im using nginx to rev proxy in front of my blog (Ghost), it uses SSL, but i cant figure out why gzip isnt working for static assets. I've included my nginx config files here: https://gist.github.com/mikedevita/75b130119c2251154fe1	20:27
Forex	hey folks	20:29
Forex	who here used ovh us cloud ubuntu servers?	20:30
=== fridayne_ is now known as fridaynext
delinquentme	so I've got a build script which ... oddly enough .. .is not running a single $ apt-get install salt-master ... its seems like q very pecular thing to be failing	20:35
rberg	I am a little confused about the Ubuntu 12.04 hardware enablement situation.. will the 3.2 kernel series still be patched? or do I need to consider going to 3.13?	20:58
rberg	the wiki talks about Ubuntu versions 12.04.5 (3.13) wile I have 12.04.5 with 3.2 still	21:06
zartoosh__	hi on ubuntu 14.04, in the file /etc/fstab could I use actual partitions rather than uuid, and if so do I need to modify my grub.cfg? thx	21:09
chriys	hi guys, I just installed openssh-server but for some reason I get connection refused when to connect (ftp and ssh)	21:10
chriys	hi guys, I just installed openssh-server but for some reason I get connection refused when to connect (ftp and ssh)	21:15
guntbert	chriys: did you try locally?	21:34
arrrghhh	chriys, ftp would be something different	21:34
chriys	nope I installed it on a vps	21:36
guntbert	chriys: well, "locally" from that vps :)	21:37
chriys	Yeah I also tried that same issue	21:37
guntbert	chriys: what does ssh -vv localhost result in?	21:38
chriys	guntbert: I remove some line in the config file now ssh works but I can't make work the ftp	21:43
guntbert	chriys: I am about to go to bed: what ftp server did you install?	21:44
chriys	well openssh-server	21:46
chriys	guntbert: what do you advised.	21:46
guntbert	chriys: that is no ftp server, you need something like pureftp, or vsftpd,...	21:46
guntbert	chriys: type aptitude search ftp	21:47
guntbert	to get a list of packages	21:47
chriys	what's the best	21:47
arrrghhh	chriys, both the ones mentioned are fine	21:49
arrrghhh	ftp is inherently insecure and should not be used, if it can be avoided	21:49
guntbert	!best \| chriys	21:49
guntbert	sorry, ubottu failed me :-(	21:49
arrrghhh	lol	21:49
chriys	Then what protocol can I use to transfer files to the vps	21:50
chriys	arrrghhh	21:52
arrrghhh	chriys, sftp/scp is my preference	21:53
arrrghhh	and you already have openssh installed, so you can use that right now. just depends on the client machines you're working with	21:53
chriys	well I'll use filezilla. How can I set up the ftp of openssh-server	21:54
arrrghhh	sigh. as mentioned previously, ftp != openssh	21:55
arrrghhh	as for filezilla, it has the ability to connect to sftp servers, just choose that from the protocol dropdown when adding the site	21:56
arrrghhh	(sftp = ssh file transfer protocol)	21:56
chriys	ok I see	21:56
arrrghhh	or you can think of it as 'secure' ftp. just like ssh is secure telnet.	21:56
chriys	Got it	21:57
chriys	guntbert: thx for help	21:57
arrrghhh	since you already have openssh, you should be able to just use sftp :)	21:57
sarnold	best not to -- there is also an ftps, which is ftp over ssl or tls. (I'd avoid that though, combining two horrible protocols doesn't make one good protocol..)	21:57
sarnold	so best to just think of sftp as sftp and be content :)	21:57
chriys	arrrghhh: how ?	21:57
arrrghhh	chriys, I explained it above on how to use it in filezilla	21:57
arrrghhh	what's the issue?	21:57
arrrghhh	if you're just using a username/password it's really easy. if you're using keys, it's a bit trickier but still do-able.	21:59
chriys	arrrghhh: I can now connect throught sftp	22:00
arrrghhh	cool. much more secure than plain FTP, and it's already setup :)	22:00
chriys	cool	22:06
chriys	arrrghhh: I heard that it's not a good idea to create a symlink to /var/www	22:07
chriys	is there an alternative	22:07
arrrghhh	what are you creating symlinks for? what are you trying to achieve?	22:08
chriys	create a folder called html inside /home/user/ so that all the file related to the website will go there	22:08
arrrghhh	you can bind mount	22:08
arrrghhh	but I'm not sure either option is more/less secure than the other	22:09
sarnold	or set the docroot to /home/user/www or whatever	22:09
chriys	Since I disabled access for root no one will be able to access /var/www	22:09
arrrghhh	/var/www is owned by www-data on my box	22:09
arrrghhh	but resetting the docroot would probably be a better idea ^^	22:10
chriys	ok let me do that	22:11
chriys	arrrghhh: is it normal that I can create ftp and I can see what's inside home/user	22:16
arrrghhh	you'll have to elaborate on "create ftp"	22:17
arrrghhh	but you're connecting with the same rights as the user you ssh with	22:18
arrrghhh	so you'll have the same permissions/rights that user has	22:18
chriys	arrrghhh: directories*	22:18
arrrghhh	see above ^^	22:18
chriys	inside ssh I can create directories	22:18
arrrghhh	you're connecting with the same perms as your user	22:19
arrrghhh	so whatever rights that user has, you will have via sftp	22:19
arrrghhh	chriys, if you want to limit rights, you can setup a 'chroot jail' and login as a different user	22:29
arrrghhh	that setup is a bit more complex, just depends on what your needs are.	22:30
=== quix_ is now known as pdostal
idefine	hi, I'd like to have my upstart scripts log to one of the ephemeral drives on my boxes. How can I specify this?	23:15
chriys	sorry arrrghhh I had to handle an emergency	23:30

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!