=== CripperZ is now known as CripperZ-
d4c7Anyone working on an OpenSSL package?01:12
sarnoldd4c7: we'll publish an update for it tomorrow01:13
d4c7sarnold: cool, tomorrow what TZ?  :)01:15
sarnoldd4c7: hehe :) probably less than twenty four hours from now anyway..01:15
d4c7sarnold: got it, thanks!01:16
sarnoldthanks d4c7 :)01:16
MavKenanyway to prevent port scans? using ubuntu 14.0401:31
MavKenand any recommendation of fail2ban vs denyhosts?01:32
=== peter is now known as Guest52559
=== CripperZ- is now known as cripperz
=== cripperz is now known as CripperZ
=== CripperZ is now known as CripperZ-
=== Seveaz is now known as Seveas
=== tom][ is now known as tom[]
=== dasjoe_ is now known as dasjoe
=== ivoks_ is now known as ivoks
=== Azelphur_ is now known as Azelphur
=== kaydo_ is now known as kaydo
monokromeDoes anyone here have experience with MaaS and VMs?04:50
monokromeI've been trying to run Ubuntu's OpenStack for the last week to no avail04:51
Mallot1How would I go about creating a public SQL server with ubuntu?05:03
cfhowlettMallot1, https://www.digitalocean.com/community/tutorials/how-to-migrate-a-mysql-database-to-a-new-server-on-ubuntu-14-04                      <<this?<<05:04
Mallot1cfhowlett: I'm learning MySql for my iOS app ao i new to make new server05:05
cfhowlettMallot1, ah.  OK.05:05
cfhowlettMallot1, https://duckduckgo.com/?q=public+mysql+server+ubuntu&t=canonical05:05
cfhowlettMallot1, 12.04 but should be about the same for 14.04    >>>   https://help.ubuntu.com/12.04/serverguide/mysql.html05:06
Mallot1wow! great help thanks thats just what I needed05:06
arrrghhhhello, anyone mind helping with some dpkg/apt issues?  Tried to install some packages for setting up a build environment, and seemingly have broken apt...05:07
arrrghhhthis is what happens when I try to run dpkg --configure -a05:09
=== CripperZ- is now known as cripperz
cfhowlett!es | R0ckET05:33
ubottuR0ckET: En la mayoría de los canales de Ubuntu, se habla sólo en inglés. Si busca ayuda en español entre al canal #ubuntu-es; escriba " /join #ubuntu-es " (sin comillas) y presione intro.05:33
Abhijithe went to #ubuntu05:36
R0ckETsorry cfhowlett05:38
cfhowlettR0ckET, no worries05:38
cfhowlettR0ckET, please state your issue05:38
R0ckETmy issue is with bash, can you help me?05:40
cfhowlettR0ckET, choose ONE channel.  no crossposting please05:40
SierraUnless there's a rule about it somewhere I missed... What's wrong with asking in multiple channels? One might have the answer where another might now05:42
ubottuPlease don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support.05:43
monokromeI do "sudo apt-get install docker" and it says it's already installed05:44
monokromeI do: docker05:44
monokromeand it says "The program 'docker' is currently not installed."05:44
arrrghhhit dilutes the community effort, crossposting - similar to forums.05:44
R0ckETthere is a security certification for servers?06:06
=== yofel_ is now known as yofel
=== khaitanya is now known as Guest74626
=== mswart_ is now known as mswart
lordievaderGood morning.07:05
phuhIs it a good idea to put ssl pem file in /etc/ssl/certs?07:06
phuhor /etc/ssl/private?07:07
=== arrrghhh is now known as arrrghhhAWAY
six86Hello. Is there a way to see "behind the progress bar" in an ubuntu server installation? Problem is that I have a problem with my preseed, but I can't see what's going wrong because it just is stuck on the progress bar.08:49
kklimondatry different consoles08:51
kklimondaone of the should be displaying progress08:52
=== cripperz is now known as CripperZ
maxbThis is the purple text mode installer? (d-i)08:52
maxbYou want to look at tty408:52
maxbAnd, if you're debugging preseed, you probably want the DEBCONF_DEBUG=5 kernel boot param08:52
six86I could see that it is stuck when I do apt-get install xubuntu desktop in a shell script I call with late_command09:01
six86I have no idea why it's stuck there...09:01
six86It worked before, when I had everything in the preeseed file itself09:02
six86maybe it is not good to use /bin/bash in a late_command script?!09:05
six86maxb: Is there a way to automatically switch to tty4 during installation?09:09
six86I mean to switch to this view automatically in an unattended installation09:10
=== CripperZ is now known as CripperZ-
six86Is there a way to see the output of a shell script started in late_command?10:00
jpds_six86: Log it to a syslog server?10:00
six86no local quick way?10:00
jpds_six86: It's probably in /var/log/installer/10:07
=== kickinz1|away is now known as kickinz1
=== Pici` is now known as Pici
six86Hm my late_command preseed script just hangs without any indication why....10:56
=== ogra_` is now known as ogra_
six86Is something deprecated in this howto: https://fak3r.com/2011/08/18/howto-automate-debian-installs-with-preseed/  ?11:17
six86I am doing almos the same and it gets stuck when i want do install a apckage11:17
mwhudsoni'm too tired to read the details but i think it's more or less right11:20
mwhudsoni've certainly done fully preseeded installs of trusty a bunch of times11:20
mwhudsonsix86: what are you doing and what happens?11:20
GargoyleIs there a way to delete a filesystem from a disk (no partitions)?11:21
six86I think only the bottom part with late_command is relevant. I'm trying to install xubuntu-desktop in the script called by late-command but it never ends. I put some outputs in the script and I see them in a log file, but "apt-get -y --force-yes install xubuntu-desktop" just hangs.11:22
mwhudsonmaybe something is asking a question via debconf?11:22
six86Before i just installed it in the preseed file directyl without chroot to /target, and it worked fine11:23
mwhudsonsix86: is there some reason to not d-i pkgsel/include string xubuntu-desktop?11:25
mwhudsonin any case, it's bed time here, good luck11:26
six86mwhudson: Yes. I'm also isntalling some other packages that are not authenticated, so it would just move my problem11:26
six86mwhudson: good n8.11:27
mwhudsonyes that would do it11:27
=== Lcawte is now known as Lcawte|Away
=== Lcawte|Away is now known as Lcawte
=== jimi_ is now known as Guest60327
=== Lcawte is now known as Lcawte|Away
=== Lcawte|Away is now known as Lcawte
=== Guest60327 is now known as jimi_
hallynsarnold: jdstrand: so, last night my kvm vm with qcow2 snapshot rootfs woulnd't boot.  i shut down my thinkpad.  just booted now.  the vm starts!12:23
hallynjdstrand: sarnold: is it possible that your qcow corruptions would have disappeared after a reboot, or have you tried that?12:24
hallynI know it makes no sense...12:24
hallynI'm going to disable KSM, for starters12:24
=== kickinz1 is now known as kickinz1|brb
jdstrandhallyn: I never tried that12:43
Yevgenyi get a PXE error12:49
Yevgenywhen I try to boot with PXE image boot12:49
Abhijitwhat error?12:50
YevgenyI get an error with DHCP: "No dhcp or proxy dhcp offers recieved"12:50
progre55Hi guys. I need to aggregate some logs (java application logs) from multiple servers into a single server. Using logstash could be an overkill (just for aggregating, no analysis or even filtering). Any suggestions?12:52
progre55Could rsyslog be right in this scenario?12:53
=== LarsN_ is now known as LarsN
jpds_progre55: Yep.12:55
progre55jpds_: thanks! Never used rsyslog before, but will dive into the documentation (although so far, the documentations seems a bit too difficult to digest)12:57
jpds_progre55: $ cat /etc/rsyslog.conf12:58
jpds_progre55: A quarter of the way down are the settings to enable the UDP server.12:58
progre55jpds_: UDP? As far as I understand it, rsyslog supports TCP and TLS? These logs could be a little too sensitive to be sent over UDP12:59
progre55but I’ll look into it12:59
jpds_progre55: And to send traffic, you just do; "*.* @IP.ADD.HOS.T" on the sender.13:00
jpds_progre55: Oh, right, *that's* the complicated bit.13:00
=== kickinz1|brb is now known as kinkinz1
=== thumax_ is now known as thumax
mdeslaurIf anyone is feeling adventurous, I just uploaded untested openssl packages here: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages13:38
RoyKmdeslaur: what sort of fixes are there in this?13:40
mdeslaurRoyK: https://www.openssl.org/news/secadv_20140806.txt13:41
RoyKmdeslaur: ouch - I hope the libressl progress is good...13:43
mdeslaurI gather most of those issues also apply to libressl13:43
mdeslaurcleaning up code doesn't necessarily fix security issues...it just makes them marginally easier to spot13:44
hallynsarnold: jdstrand: I've also gotten quite a few hangs (only of utopic, not precise, vm) over a laptop suspend.  I have to virsh destroy and virsh restart.  but in this case it restarts fine, dn't have to reboot host.13:45
jdstrandhallyn: see that even with old saucy kvm13:48
jdstrandhallyn: not everytime, but every now and again13:48
mdeslaurRoyK: it depends what the security issues are, if they are traditional C coding errors, sure, you'll uncover a few of them...but a lot of the crypto security issues are because of packet ordering or related to the complexities of ssl negotiation...those types of issues won't typically be spotted by cleaning up code13:50
* mdeslaur shrugs13:50
hallynjdstrand: I really get the feeling something about suspend/resume just doesn't get along with kvm on thinkpads.  anyway disabling ksm didn't help that particualr problem, let's se eif i get the disk corruption (which apparently was really page table corruption) again over the course of the day13:51
RoyKmdeslaur: agreed13:56
=== Lcawte is now known as Lcawte|Away
=== No_one_a1_all is now known as No_one_at_all
=== Lcawte|Away is now known as Lcawte
=== ashleyd is now known as ashd
=== Lcawte is now known as Lcawte|Away
alexrussellI have Ubuntu 12.04 with fully up-to-date packages, and on login there’s a message about the HWE being no longer supported. It suggests doing an LTS update and to be honest I wanted to anyway, so it’s all good. I do a `sudo do-release-upgrade` and get back “No new release found”. A cursory Google search suggests I have to wait for the .1 point release, but then looking at http://www.ubuntu.com/download/server 14.04.1 is out, so is there15:24
alexrussellsomething I’m doing wrong? I know I can install update-manager and run `update-manager -d` to kinda force it to update anyway, but before I go down that route is there something I’m not considering?15:24
rbasakalexrussell: sorry, that is confusing. I'll raise it.15:29
rbasakalexrussell: you can do an upgrade to 14.04 now if you wish - it's just not automatically recommended. That's coming soon.15:29
rbasakalexrussell: alternatively, you can just upgrade to the latest HWE kernel.15:29
dasjoerbasak: that's because http://changelogs.ubuntu.com/meta-release-lts doesn't refer to 14.04.1 yet15:31
=== psivaa is now known as psivaa-afk-bbl
=== Lcawte|Away is now known as Lcawte
Nivexdasjoe: do we have any idea why that hasn't been updated yet?15:32
rbasakdasjoe: right. Nivex: I think it's just final QA etc. on flipping the switch. Not sure of the exact reasons.15:33
dasjoeNivex: it's coming "soon", according to 14.04.1's release notes15:34
Nivexrbasak: FWIW arrrghhhAWAY and I have been tracking this for the last two weeks: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/134476215:34
uvirtbotLaunchpad bug 1344762 in update-notifier "update-notifier tells me to upgrade from 12.04.4 LTS to 14.04 LTS (because of HWE), but that release is not found" [Undecided,Confirmed]15:34
rbasakNivex: ah, that'll be the same bug here then - thanks.15:34
alexrussellSorry got pulled away form my desk right after asking that. Thanks guys for getting back to me. I’ll hang on till it can be done automatically then.15:36
NivexI've been tempted to pull the trigger on the do-release-upgrade -p, but I've been desparately trying to find out what the blocker is so I can know what problems I'll run into.15:37
NivexThere seems to be a black hole between me and whoever is making that decision.15:38
NivexI'd recommend to whoever is writing those release announcements to define "soon" as a tangible time range (eg: X days, weeks, months). I parsed "soon" as a few days and we're up to two weeks.15:39
alexrussellyeah that seems a bit odd15:40
Nivexat this point it's less about not having the bits on time and more about the lack of transparency for me15:40
alexrussellAnd/or, as you say, get an idea of if there’s a reaosn it’s not released for upgrade yet (maybe someone forgot to update something, maybe it’s a big blocker)15:40
rbasakI understand the concern that there's some reason for holding it back that you don't know about, and thus don't want to do it yet.15:41
rbasakI will ask.15:41
rbasakI suspect it's just that 12.04.5 is being worked on first, and the same devs are working on both, so it's easier to do one after the other.15:41
TJ-I emailed Adam Conrad about this issue after his release announcement but got no reply, and the ubuntu-release team mailing list had an RFC back in February about the 12.04.5 release, and there's an email from yesterday saying 14.04.1 is going to be available from "Thursday"15:43
TJ-The key issue is here that support for current HWEs goes out of support today and with no 12.04.5/14.04.1 upgrade its as if everyone is expected to upgrade on the same day... there needs to be a month of overlap from availability of the upgrade until the previous HWE goes EOL15:45
=== mjohnson151 is now known as mjohnson15
=== darkness is now known as Guest54417
zererazHello, I have a question , What are the lower level working of a web servers? If this is not the right channel please direct us.16:27
=== arrrghhhAWAY is now known as arrrghhh
arrrghhhNivex, I hate to say it... but I had to install 14.04 :/16:31
arrrghhhI got a little trigger happy with some bind mounts and managed to hose the entire 12.04 install.16:31
user123321What is the setting I need to set in interfaces file to enable networking between my VM's without a router?16:39
=== matsubara is now known as matsubara-lunch
monokromeuser123321: I think that you need to masquerade on that network with iptables16:56
=== Lcawte is now known as Lcawte|Away
pmatulisuser123321: by default KVM guests are on the same network, so nothing to do17:21
user123321pmatulis, But VM's get different IP's if I use bridged adapter in VM settings (with router, ofc), no chance with this method too?17:28
sarnoldhallyn: I never tried rebooting my laptop to see if that would allow my VMs to boot when they were corrupted beyond booting17:31
sarnoldhallyn: I did see two or three times different VMs refusing to restart after laptop suspend/resume but never investigated those. I figured it was a miracle they worked at all after suspend/resume of the host. :)17:32
sarnolds/refusing to restart/hanging and not responding and requiring a VM reboot/17:32
pmatulisuser123321: do you want your guests to be contacted from outside the host? if so, use a bridge.  if not, use the default NAT17:34
user123321pmatulis, Even with a bridge, I must need a router for assigning IP's for VM's, right?17:36
user123321I mean, including networking between VM's.17:36
hallynsarnold: the next time you find corruption, please do try reboot and see if it works after that17:37
hallynnot only did my vm boot, the disk image was fsck-clean17:37
hallynso this seems like some page cache badness17:38
pmatulisuser123321: with a bridge you effectively put your guest on the same lan as the host17:38
user123321pmatulis, Even if I don't have a router connected to my ethernet port?17:39
pmatulisuser123321: yep17:40
user123321pmatulis, Oh, so I shouldn't be having a problem for networking between my VM's, right?17:40
user123321without a router*17:41
pmatulisuser123321: well, do they get an IP from a DHCP server on the lan?17:41
sarnoldhallyn: wow. leaping right to conclusions, I wonder if it was that KSM bug...17:41
hallynsarnold: does your laptop have numa?17:42
hallyni've disabled ksm here this morning, will have to see if i end up with corruption in the next two days17:42
sarnoldhallyn: unlikely, just dual-core i717:43
user123321pmatulis, It didn't work the last time I checked without a router. Well, if I set 2 static IP's to 2 VM's, say, and, is there a way to ping from the 1st VM ( to the second VM (
hallynsarnold: i've only got i5.  aren't you cool17:50
hallynarges: hi, i just pushed a new 1.2.2-0ubuntu13.1.4 libvirt to trusty-proposed, bc the 1.2.2-0ubuntu13.1.3 fix was incomplete.  Could you please accept into trusty-proposed (deleting the 1.2.2-0ubuntu13.1.3 currently there)?17:51
argeshallyn: sure i'll review it17:51
pmatulisuser123321: are those addresses part of the lan?17:52
hallynthanks arges17:52
user123321pmatulis, I would like to create a LAN.17:53
user123321without a router.17:53
user123321Wondering if it's possible.17:53
sarnoldhallyn: hehe, when my laptop refresh comes around I might be looking at eurocom.com :)17:53
pmatulisuser123321: the host must be on a lan already17:53
argeshallyn: ok done17:54
hallynsarnold: i've got two years to my next one, but the toshiba rharper pointed to looked sweet17:54
hallyntrackpoint, trackpad, and real mouse buttons.  sign me up!17:54
sarnoldhallyn: oh right, I meant to go look that one up..17:54
hallynhm, eurocom gaming laptop perhaps17:55
user123321pmatulis, Aha. By the way, here's the scenario. I have 4 VM's running at the moment, each assigned with a unique IP address by the router. And I could ping my VM's from my host. I'm wondering if I'm able to achieve the same functionality without a router connected to the ethernet port.17:56
sarnoldhallyn: nine pounds? what could go wrong? :)17:56
hallynshoulder injury? :)17:56
pmatulisuser123321: i have a feeling by 'router' you mean DHCP17:56
sarnoldhallyn: lol17:57
user123321pmatulis, Ah, I have connected my ADSL router to my machine.17:57
pmatulishallyn: i'm always on the lookout for a decent lappy.  what toshiba is it?  can't find in scrollback17:57
user123321pmatulis, Yes, the router has DHCP.17:58
hallynpmatulis: check warthogs list17:58
pmatulishallyn: ah ok17:58
hallynhe couldn't find the i7 in the us.  but that's ok, my week-old tp is i5, does fine17:59
hallynall right, back to libvirt and systemd-shim.  \o17:59
sarnoldgood luck17:59
RugI have squid3 running on one of my servers and it is working as a proxy. BUT as soon as I enable 'transparent' it fails to operate.  any suggestions?18:05
Rughttp_port 8888  <- works      http_port 8888 transparent  <- does not work18:05
RugI have also tried these variations (none work): transparent   http_port intercept   http_port 8888 intercept18:05
TJ-Rug: how does it "fail to operate" ?18:06
TJ-Rug: Is it accompanied by a netfilter rule that redirects port 80 traffic to port 8888, with an exception if the source is the IP or process ID of squid?18:06
RugTJ-: the access.log fail shows no activity.  The web-browsers don't fetch any pages18:07
RugTJ-: no (about the netfilter rules18:07
TJ-Rug: transparent proxy intercepts non-proxy requests and forwards them if needed. That requires netfilter rules to redirect transparently as far as the clients are concerned.18:08
RugTJ-: ok I'll look into that.  Thanks.18:09
TJ-Rug: Or, do you mean squid is in transparent mode and the clients have the proxy port 888 configured and the proxy fails to return18:09
RugTJ-: When in transparent mode, the proxy server (as evidenced by the access.log) shows no activity.18:10
pmatulisuser123321: if they're on the same subnet and use the host's bridge then they should be able to see each other18:10
TJ-Rug: Are the clients configured to use the proxy on port 8888 or are they sending requests directly to the target?18:11
RugTJ-: port 888818:11
TJ-Rug: For transparent read: http://www.tldp.org/HOWTO/TransparentProxy-6.html18:12
=== matsubara-lunch is now known as matsubara
user123321pmatulis, Aha, so if I set static IP's and same subnets for VM's, I'm good to go?18:13
TJ-Rug: read also http://wiki.squid-cache.org/SquidFaq/InterceptionProxy18:13
pmatulisuser123321: and the bridge, yeah18:13
Rugok thanks.18:13
user123321pmatulis, Cool, thanks.18:13
dw1how can i change the default interface to the main ip? everything (php, sendmail) seems to be sending out with a secondary ip (added/used for SSL on a specific web site)18:15
=== Lcawte|Away is now known as Lcawte
=== Lcawte is now known as Lcawte|Away
dw1i think i prob set up my secondary IP wrong https://pastee.org/44agb18:38
dw1i want the first one as default for outgoing connections18:38
sarnolddw1: can you configure your services to bind to eth0 instead of wildcard binds?18:39
dw1i can configure each individual program/outgoing PHP socket to use the IP i want, yes18:40
dw1but id rather it use the eth0 ip by default18:40
sarnoldI know of no mechanism to ask the kernel to prefer one IP over another when a wildcard bind is used18:42
dw1wildcard bind.. thats the i see in route -n i guess18:44
=== chaitanya is now known as kaitanya
=== kaitanya is now known as Guest23798
sarnolddw1: that's a default route; slightly different ;) hehe18:45
dw1what makes it a wildcard bind in /etc/network/interfaces ?18:46
sarnolddw1: nothing; applications will just use int fd = socket(AF_INET, SOCK_STREAM, 0); connect(fd, ...);  without using bind(fd, ...) first18:48
dw1ahh hmm18:49
dw1so its normal then.18:50
dw1thanks for input18:51
sarnolddw1: actually... if you're up for some research, this might be promising: http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.simple.html18:53
=== chuck_ is now known as zul_
=== Guest23798 is now known as kaitanya
stethoHi. Does any have any recommendations for a directory server for home use? I'm tempted to just go with OpenLDAP but I'm nervous of its fragility and my inexperience. Locking my kids out of their computers wouldn't go down well. I've looked at other things like FusionDirectory and FreeIPA but I am wondering if there's other options that I haven't found yet before I choose one of them.20:12
sarnoldstetho: 389ds? sssd? (never tried either one, just trying to give more choics :)20:12
stethoSSSD is an authentication daemon. I had forgotten about 389DS - I'll go and have a look.20:15
sarnoldno directory component? thanks :)20:16
zartoosh__HI I am using ubuntu 14.04. The system harddisk is GPT partition.  I need a tool to label the disk partition. I used to use e2label before but it seems e2label does not work with GPT partition disks? thx20:23
gorelativeim using nginx to rev proxy in front of my blog (Ghost), it uses SSL, but i cant figure out why gzip isnt working for static assets. I've included my nginx config files here: https://gist.github.com/mikedevita/75b130119c2251154fe120:27
Forexhey folks20:29
Forexwho here used ovh us cloud ubuntu servers?20:30
=== fridayne_ is now known as fridaynext
delinquentmeso I've got a build script which ... oddly enough .. .is not running a single $ apt-get install salt-master   ... its seems like q very pecular thing to be failing20:35
rbergI am a little confused about the Ubuntu 12.04 hardware enablement situation.. will the 3.2 kernel series still be patched? or do I need to consider going to 3.13?20:58
rbergthe wiki talks about Ubuntu versions 12.04.5 (3.13) wile I have 12.04.5 with 3.2 still21:06
zartoosh__hi on ubuntu 14.04, in the file /etc/fstab could I use actual partitions rather than uuid, and if so do I need to modify my grub.cfg? thx21:09
chriyshi guys, I just installed openssh-server but for some reason I get connection refused when to connect (ftp and ssh)21:10
chriyshi guys, I just installed openssh-server but for some reason I get connection refused when to connect (ftp and ssh)21:15
guntbertchriys: did you try locally?21:34
arrrghhhchriys, ftp would be something different21:34
chriysnope I installed it on a vps21:36
guntbertchriys: well, "locally" from that vps :)21:37
chriysYeah I also tried that same issue21:37
guntbertchriys: what does      ssh -vv localhost  result in?21:38
chriysguntbert: I remove some line in the config file now ssh works but I can't make work the ftp21:43
guntbertchriys: I am about to go to bed: what ftp server did you install?21:44
chriyswell openssh-server21:46
chriysguntbert: what do you advised.21:46
guntbertchriys: that is no ftp server, you need something like pureftp, or vsftpd,...21:46
guntbertchriys: type    aptitude search ftp21:47
guntbertto get a list of packages21:47
chriyswhat's the best21:47
arrrghhhchriys, both the ones mentioned are fine21:49
arrrghhhftp is inherently insecure and should not be used, if it can be avoided21:49
guntbert!best | chriys21:49
guntbertsorry, ubottu failed me :-(21:49
chriysThen what protocol can I use to transfer files to the vps21:50
arrrghhhchriys, sftp/scp is my preference21:53
arrrghhhand you already have openssh installed, so you can use that right now.  just depends on the client machines you're working with21:53
chriyswell I'll use filezilla. How can I set up the ftp of openssh-server21:54
arrrghhhsigh.  as mentioned previously, ftp != openssh21:55
arrrghhhas for filezilla, it has the ability to connect to sftp servers, just choose that from the protocol dropdown when adding the site21:56
arrrghhh(sftp = ssh file transfer protocol)21:56
chriysok I see21:56
arrrghhhor you can think of it as 'secure' ftp.  just like ssh is secure telnet.21:56
chriysGot it21:57
chriysguntbert: thx for help21:57
arrrghhhsince you already have openssh, you should be able to just use sftp :)21:57
sarnoldbest not to -- there is also an ftps, which is ftp over ssl or tls. (I'd avoid that though, combining two horrible protocols doesn't make one good protocol..)21:57
sarnoldso best to just think of sftp as sftp and be content :)21:57
chriysarrrghhh: how ?21:57
arrrghhhchriys, I explained it above on how to use it in filezilla21:57
arrrghhhwhat's the issue?21:57
arrrghhhif you're just using a username/password it's really easy.  if you're using keys, it's a bit trickier but still do-able.21:59
chriysarrrghhh: I can now connect throught sftp22:00
arrrghhhcool.  much more secure than plain FTP, and it's already setup :)22:00
chriysarrrghhh: I heard that it's not a good idea to create a symlink to /var/www22:07
chriysis there an alternative22:07
arrrghhhwhat are you creating symlinks for?  what are you trying to achieve?22:08
chriyscreate a folder called html inside /home/user/ so that all the file related to the website will go there22:08
arrrghhhyou can bind mount22:08
arrrghhhbut I'm not sure either option is more/less secure than the other22:09
sarnoldor set the docroot to /home/user/www or whatever22:09
chriysSince I disabled access for root no one will be able to access /var/www22:09
arrrghhh/var/www is owned by www-data on my box22:09
arrrghhhbut resetting the docroot would probably be a better idea ^^22:10
chriysok let me do that22:11
chriysarrrghhh: is it normal that I can create ftp and I can see what's inside home/user22:16
arrrghhhyou'll have to elaborate on "create ftp"22:17
arrrghhhbut you're connecting with the same rights as the user you ssh with22:18
arrrghhhso you'll have the same permissions/rights that user has22:18
chriysarrrghhh: directories*22:18
arrrghhhsee above ^^22:18
chriysinside ssh I can create directories22:18
arrrghhhyou're connecting with the same perms as your user22:19
arrrghhhso whatever rights that user has, you will have via sftp22:19
arrrghhhchriys, if you want to limit rights, you can setup a 'chroot jail' and login as a different user22:29
arrrghhhthat setup is a bit more complex, just depends on what your needs are.22:30
=== quix_ is now known as pdostal
idefinehi, I'd like to have my upstart scripts log to one of the ephemeral drives on my boxes. How can I specify this?23:15
chriyssorry arrrghhh I had to handle an emergency23:30

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!