[01:12] <d4c7> Anyone working on an OpenSSL package?
[01:13] <sarnold> d4c7: we'll publish an update for it tomorrow
[01:15] <d4c7> sarnold: cool, tomorrow what TZ?  :)
[01:15] <sarnold> d4c7: hehe :) probably less than twenty four hours from now anyway..
[01:16] <d4c7> sarnold: got it, thanks!
[01:16] <sarnold> thanks d4c7 :)
[01:31] <MavKen> anyway to prevent port scans? using ubuntu 14.04
[01:32] <MavKen> and any recommendation of fail2ban vs denyhosts?
[04:50] <monokrome> Does anyone here have experience with MaaS and VMs?
[04:51] <monokrome> I've been trying to run Ubuntu's OpenStack for the last week to no avail
[05:03] <Mallot1> Hello
[05:03] <Mallot1> How would I go about creating a public SQL server with ubuntu?
[05:04] <cfhowlett> Mallot1, https://www.digitalocean.com/community/tutorials/how-to-migrate-a-mysql-database-to-a-new-server-on-ubuntu-14-04                      <<this?<<
[05:05] <Mallot1> cfhowlett: I'm learning MySql for my iOS app ao i new to make new server
[05:05] <cfhowlett> Mallot1, ah.  OK.
[05:05] <Mallot1> ")
[05:05] <Mallot1> :)
[05:05] <cfhowlett> Mallot1, https://duckduckgo.com/?q=public+mysql+server+ubuntu&t=canonical
[05:06] <cfhowlett> Mallot1, 12.04 but should be about the same for 14.04    >>>   https://help.ubuntu.com/12.04/serverguide/mysql.html
[05:06] <Mallot1> wow! great help thanks thats just what I needed
[05:07] <arrrghhh> hello, anyone mind helping with some dpkg/apt issues?  Tried to install some packages for setting up a build environment, and seemingly have broken apt...
[05:09] <arrrghhh> this is what happens when I try to run dpkg --configure -a
[05:09] <arrrghhh> http://hastebin.com/pukoloniyi.vhdl
[05:32] <R0ckET> hola
[05:33] <cfhowlett> !es | R0ckET
[05:36] <Abhijit> he went to #ubuntu
[05:38] <R0ckET> sorry cfhowlett
[05:38] <cfhowlett> R0ckET, no worries
[05:38] <cfhowlett> R0ckET, please state your issue
[05:40] <R0ckET> my issue is with bash, can you help me?
[05:40] <cfhowlett> R0ckET, choose ONE channel.  no crossposting please
[05:41] <R0ckET> ok
[05:42] <Sierra> Unless there's a rule about it somewhere I missed... What's wrong with asking in multiple channels? One might have the answer where another might now
[05:43] <Abhijit> exactly.
[05:43] <cfhowlett> !crossposting
[05:44] <monokrome> I do "sudo apt-get install docker" and it says it's already installed
[05:44] <monokrome> I do: docker
[05:44] <monokrome> and it says "The program 'docker' is currently not installed."
[05:44] <arrrghhh> it dilutes the community effort, crossposting - similar to forums.
[05:44] <monokrome> wat?
[06:06] <R0ckET> there is a security certification for servers?
[07:05] <lordievader> Good morning.
[07:06] <phuh> Is it a good idea to put ssl pem file in /etc/ssl/certs?
[07:07] <phuh> or /etc/ssl/private?
[08:49] <six86> Hello. Is there a way to see "behind the progress bar" in an ubuntu server installation? Problem is that I have a problem with my preseed, but I can't see what's going wrong because it just is stuck on the progress bar.
[08:51] <kklimonda> try different consoles
[08:52] <kklimonda> one of the should be displaying progress
[08:52] <maxb> This is the purple text mode installer? (d-i)
[08:52] <maxb> You want to look at tty4
[08:52] <maxb> And, if you're debugging preseed, you probably want the DEBCONF_DEBUG=5 kernel boot param
[09:01] <six86> Thanks.
[09:01] <six86> I could see that it is stuck when I do apt-get install xubuntu desktop in a shell script I call with late_command
[09:01] <six86> I have no idea why it's stuck there...
[09:02] <six86> It worked before, when I had everything in the preeseed file itself
[09:05] <six86> maybe it is not good to use /bin/bash in a late_command script?!
[09:09] <six86> maxb: Is there a way to automatically switch to tty4 during installation?
[09:09] <maxb> Alt+F4
[09:10] <six86> I mean to switch to this view automatically in an unattended installation
[10:00] <six86> Is there a way to see the output of a shell script started in late_command?
[10:00] <jpds_> six86: Log it to a syslog server?
[10:00] <six86> no local quick way?
[10:07] <jpds_> six86: It's probably in /var/log/installer/
[10:56] <six86> Hm my late_command preseed script just hangs without any indication why....
[11:17] <six86> Is something deprecated in this howto: https://fak3r.com/2011/08/18/howto-automate-debian-installs-with-preseed/  ?
[11:17] <six86> I am doing almos the same and it gets stuck when i want do install a apckage
[11:20] <mwhudson> i'm too tired to read the details but i think it's more or less right
[11:20] <mwhudson> i've certainly done fully preseeded installs of trusty a bunch of times
[11:20] <mwhudson> six86: what are you doing and what happens?
[11:21] <Gargoyle> Is there a way to delete a filesystem from a disk (no partitions)?
[11:22] <six86> I think only the bottom part with late_command is relevant. I'm trying to install xubuntu-desktop in the script called by late-command but it never ends. I put some outputs in the script and I see them in a log file, but "apt-get -y --force-yes install xubuntu-desktop" just hangs.
[11:22] <mwhudson> ah
[11:22] <mwhudson> maybe something is asking a question via debconf?
[11:23] <six86> Before i just installed it in the preseed file directyl without chroot to /target, and it worked fine
[11:23] <mwhudson> hm
[11:25] <mwhudson> six86: is there some reason to not d-i pkgsel/include string xubuntu-desktop?
[11:26] <mwhudson> in any case, it's bed time here, good luck
[11:26] <six86> mwhudson: Yes. I'm also isntalling some other packages that are not authenticated, so it would just move my problem
[11:27] <mwhudson> ah
[11:27] <six86> mwhudson: good n8.
[11:27] <mwhudson> yes that would do it
[12:23] <hallyn> sarnold: jdstrand: so, last night my kvm vm with qcow2 snapshot rootfs woulnd't boot.  i shut down my thinkpad.  just booted now.  the vm starts!
[12:24] <hallyn> jdstrand: sarnold: is it possible that your qcow corruptions would have disappeared after a reboot, or have you tried that?
[12:24] <hallyn> I know it makes no sense...
[12:24] <hallyn> I'm going to disable KSM, for starters
[12:43] <jdstrand> hallyn: I never tried that
[12:49] <Yevgeny> Hello
[12:49] <Yevgeny> i get a PXE error
[12:49] <Yevgeny> when I try to boot with PXE image boot
[12:50] <Abhijit> what error?
[12:50] <Yevgeny> I get an error with DHCP: "No dhcp or proxy dhcp offers recieved"
[12:52] <progre55> Hi guys. I need to aggregate some logs (java application logs) from multiple servers into a single server. Using logstash could be an overkill (just for aggregating, no analysis or even filtering). Any suggestions?
[12:53] <progre55> Could rsyslog be right in this scenario?
[12:55] <jpds_> progre55: Yep.
[12:57] <progre55> jpds_: thanks! Never used rsyslog before, but will dive into the documentation (although so far, the documentations seems a bit too difficult to digest)
[12:58] <jpds_> progre55: $ cat /etc/rsyslog.conf
[12:58] <jpds_> progre55: A quarter of the way down are the settings to enable the UDP server.
[12:59] <progre55> jpds_: UDP? As far as I understand it, rsyslog supports TCP and TLS? These logs could be a little too sensitive to be sent over UDP
[12:59] <progre55> but I’ll look into it
[13:00] <jpds_> progre55: And to send traffic, you just do; "*.* @IP.ADD.HOS.T" on the sender.
[13:00] <jpds_> progre55: Oh, right, *that's* the complicated bit.
[13:38] <mdeslaur> If anyone is feeling adventurous, I just uploaded untested openssl packages here: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages
[13:40] <RoyK> mdeslaur: what sort of fixes are there in this?
[13:41] <mdeslaur> RoyK: https://www.openssl.org/news/secadv_20140806.txt
[13:43] <RoyK> mdeslaur: ouch - I hope the libressl progress is good...
[13:43] <mdeslaur> I gather most of those issues also apply to libressl
[13:44] <mdeslaur> cleaning up code doesn't necessarily fix security issues...it just makes them marginally easier to spot
[13:45] <RoyK> "marginally"?
[13:45] <hallyn> sarnold: jdstrand: I've also gotten quite a few hangs (only of utopic, not precise, vm) over a laptop suspend.  I have to virsh destroy and virsh restart.  but in this case it restarts fine, dn't have to reboot host.
[13:48] <jdstrand> hallyn: see that even with old saucy kvm
[13:48] <jdstrand> hallyn: not everytime, but every now and again
[13:50] <mdeslaur> RoyK: it depends what the security issues are, if they are traditional C coding errors, sure, you'll uncover a few of them...but a lot of the crypto security issues are because of packet ordering or related to the complexities of ssl negotiation...those types of issues won't typically be spotted by cleaning up code
[13:50]  * mdeslaur shrugs
[13:51] <hallyn> jdstrand: I really get the feeling something about suspend/resume just doesn't get along with kvm on thinkpads.  anyway disabling ksm didn't help that particualr problem, let's se eif i get the disk corruption (which apparently was really page table corruption) again over the course of the day
[13:56] <RoyK> mdeslaur: agreed
[15:24] <alexrussell> I have Ubuntu 12.04 with fully up-to-date packages, and on login there’s a message about the HWE being no longer supported. It suggests doing an LTS update and to be honest I wanted to anyway, so it’s all good. I do a `sudo do-release-upgrade` and get back “No new release found”. A cursory Google search suggests I have to wait for the .1 point release, but then looking at http://www.ubuntu.com/download/server 14.04.1 is out, so is there
[15:24] <alexrussell> something I’m doing wrong? I know I can install update-manager and run `update-manager -d` to kinda force it to update anyway, but before I go down that route is there something I’m not considering?
[15:29] <rbasak> alexrussell: sorry, that is confusing. I'll raise it.
[15:29] <rbasak> alexrussell: you can do an upgrade to 14.04 now if you wish - it's just not automatically recommended. That's coming soon.
[15:29] <rbasak> alexrussell: alternatively, you can just upgrade to the latest HWE kernel.
[15:31] <dasjoe> rbasak: that's because http://changelogs.ubuntu.com/meta-release-lts doesn't refer to 14.04.1 yet
[15:32] <Nivex> dasjoe: do we have any idea why that hasn't been updated yet?
[15:33] <rbasak> dasjoe: right. Nivex: I think it's just final QA etc. on flipping the switch. Not sure of the exact reasons.
[15:34] <dasjoe> Nivex: it's coming "soon", according to 14.04.1's release notes
[15:34] <Nivex> rbasak: FWIW arrrghhhAWAY and I have been tracking this for the last two weeks: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1344762
[15:34] <rbasak> Nivex: ah, that'll be the same bug here then - thanks.
[15:36] <alexrussell> Sorry got pulled away form my desk right after asking that. Thanks guys for getting back to me. I’ll hang on till it can be done automatically then.
[15:37] <Nivex> I've been tempted to pull the trigger on the do-release-upgrade -p, but I've been desparately trying to find out what the blocker is so I can know what problems I'll run into.
[15:38] <Nivex> There seems to be a black hole between me and whoever is making that decision.
[15:38] <alexrussell> Interesting...
[15:39] <Nivex> I'd recommend to whoever is writing those release announcements to define "soon" as a tangible time range (eg: X days, weeks, months). I parsed "soon" as a few days and we're up to two weeks.
[15:40] <alexrussell> yeah that seems a bit odd
[15:40] <Nivex> at this point it's less about not having the bits on time and more about the lack of transparency for me
[15:40] <alexrussell> And/or, as you say, get an idea of if there’s a reaosn it’s not released for upgrade yet (maybe someone forgot to update something, maybe it’s a big blocker)
[15:41] <rbasak> I understand the concern that there's some reason for holding it back that you don't know about, and thus don't want to do it yet.
[15:41] <rbasak> I will ask.
[15:41] <rbasak> I suspect it's just that 12.04.5 is being worked on first, and the same devs are working on both, so it's easier to do one after the other.
[15:43] <TJ-> I emailed Adam Conrad about this issue after his release announcement but got no reply, and the ubuntu-release team mailing list had an RFC back in February about the 12.04.5 release, and there's an email from yesterday saying 14.04.1 is going to be available from "Thursday"
[15:45] <TJ-> The key issue is here that support for current HWEs goes out of support today and with no 12.04.5/14.04.1 upgrade its as if everyone is expected to upgrade on the same day... there needs to be a month of overlap from availability of the upgrade until the previous HWE goes EOL
[16:27] <zereraz> Hello, I have a question , What are the lower level working of a web servers? If this is not the right channel please direct us.
[16:31] <arrrghhh> Nivex, I hate to say it... but I had to install 14.04 :/
[16:31] <arrrghhh> I got a little trigger happy with some bind mounts and managed to hose the entire 12.04 install.
[16:39] <user123321> What is the setting I need to set in interfaces file to enable networking between my VM's without a router?
[16:56] <monokrome> user123321: I think that you need to masquerade on that network with iptables
[17:00] <user123321> Aha
[17:21] <pmatulis> user123321: by default KVM guests are on the same network, so nothing to do
[17:28] <user123321> pmatulis, But VM's get different IP's if I use bridged adapter in VM settings (with router, ofc), no chance with this method too?
[17:31] <sarnold> hallyn: I never tried rebooting my laptop to see if that would allow my VMs to boot when they were corrupted beyond booting
[17:32] <sarnold> hallyn: I did see two or three times different VMs refusing to restart after laptop suspend/resume but never investigated those. I figured it was a miracle they worked at all after suspend/resume of the host. :)
[17:32] <sarnold> s/refusing to restart/hanging and not responding and requiring a VM reboot/
[17:34] <pmatulis> user123321: do you want your guests to be contacted from outside the host? if so, use a bridge.  if not, use the default NAT
[17:36] <user123321> pmatulis, Even with a bridge, I must need a router for assigning IP's for VM's, right?
[17:36] <user123321> I mean, including networking between VM's.
[17:37] <hallyn> sarnold: the next time you find corruption, please do try reboot and see if it works after that
[17:37] <hallyn> not only did my vm boot, the disk image was fsck-clean
[17:38] <hallyn> so this seems like some page cache badness
[17:38] <pmatulis> user123321: with a bridge you effectively put your guest on the same lan as the host
[17:39] <user123321> pmatulis, Even if I don't have a router connected to my ethernet port?
[17:40] <pmatulis> user123321: yep
[17:40] <user123321> pmatulis, Oh, so I shouldn't be having a problem for networking between my VM's, right?
[17:41] <user123321> without a router*
[17:41] <pmatulis> user123321: well, do they get an IP from a DHCP server on the lan?
[17:41] <sarnold> hallyn: wow. leaping right to conclusions, I wonder if it was that KSM bug...
[17:42] <hallyn> sarnold: does your laptop have numa?
[17:42] <hallyn> i've disabled ksm here this morning, will have to see if i end up with corruption in the next two days
[17:43] <sarnold> hallyn: unlikely, just dual-core i7
[17:44] <user123321> pmatulis, It didn't work the last time I checked without a router. Well, if I set 2 static IP's to 2 VM's, say, 192.168.1.3 and 192.168.1.4, is there a way to ping from the 1st VM (192.168.1.3) to the second VM (192.168.1.4).
[17:50] <hallyn> sarnold: i've only got i5.  aren't you cool
[17:51] <hallyn> arges: hi, i just pushed a new 1.2.2-0ubuntu13.1.4 libvirt to trusty-proposed, bc the 1.2.2-0ubuntu13.1.3 fix was incomplete.  Could you please accept into trusty-proposed (deleting the 1.2.2-0ubuntu13.1.3 currently there)?
[17:51] <arges> hallyn: sure i'll review it
[17:52] <pmatulis> user123321: are those addresses part of the lan?
[17:52] <hallyn> thanks arges
[17:53] <user123321> pmatulis, I would like to create a LAN.
[17:53] <user123321> without a router.
[17:53] <user123321> Wondering if it's possible.
[17:53] <sarnold> hallyn: hehe, when my laptop refresh comes around I might be looking at eurocom.com :)
[17:53] <pmatulis> user123321: the host must be on a lan already
[17:54] <arges> hallyn: ok done
[17:54] <hallyn> sarnold: i've got two years to my next one, but the toshiba rharper pointed to looked sweet
[17:54] <hallyn> trackpoint, trackpad, and real mouse buttons.  sign me up!
[17:54] <sarnold> hallyn: oh right, I meant to go look that one up..
[17:55] <hallyn> hm, eurocom gaming laptop perhaps
[17:56] <user123321> pmatulis, Aha. By the way, here's the scenario. I have 4 VM's running at the moment, each assigned with a unique IP address by the router. And I could ping my VM's from my host. I'm wondering if I'm able to achieve the same functionality without a router connected to the ethernet port.
[17:56] <sarnold> hallyn: nine pounds? what could go wrong? :)
[17:56] <hallyn> shoulder injury? :)
[17:56] <pmatulis> user123321: i have a feeling by 'router' you mean DHCP
[17:57] <sarnold> hallyn: lol
[17:57] <user123321> pmatulis, Ah, I have connected my ADSL router to my machine.
[17:57] <pmatulis> hallyn: i'm always on the lookout for a decent lappy.  what toshiba is it?  can't find in scrollback
[17:58] <user123321> pmatulis, Yes, the router has DHCP.
[17:58] <hallyn> pmatulis: check warthogs list
[17:58] <pmatulis> hallyn: ah ok
[17:59] <hallyn> he couldn't find the i7 in the us.  but that's ok, my week-old tp is i5, does fine
[17:59] <hallyn> all right, back to libvirt and systemd-shim.  \o
[17:59] <sarnold> good luck
[18:05] <Rug> I have squid3 running on one of my servers and it is working as a proxy. BUT as soon as I enable 'transparent' it fails to operate.  any suggestions?
[18:05] <Rug> http_port 8888  <- works      http_port 8888 transparent  <- does not work
[18:05] <Rug> I have also tried these variations (none work): 192.168.0.241:8888 transparent   http_port 192.168.0.241:8888 intercept   http_port 8888 intercept
[18:06] <TJ-> Rug: how does it "fail to operate" ?
[18:06] <TJ-> Rug: Is it accompanied by a netfilter rule that redirects port 80 traffic to port 8888, with an exception if the source is the IP or process ID of squid?
[18:07] <Rug> TJ-: the access.log fail shows no activity.  The web-browsers don't fetch any pages
[18:07] <Rug> TJ-: no (about the netfilter rules
[18:08] <TJ-> Rug: transparent proxy intercepts non-proxy requests and forwards them if needed. That requires netfilter rules to redirect transparently as far as the clients are concerned.
[18:09] <Rug> TJ-: ok I'll look into that.  Thanks.
[18:09] <TJ-> Rug: Or, do you mean squid is in transparent mode and the clients have the proxy port 888 configured and the proxy fails to return
[18:10] <Rug> TJ-: When in transparent mode, the proxy server (as evidenced by the access.log) shows no activity.
[18:10] <pmatulis> user123321: if they're on the same subnet and use the host's bridge then they should be able to see each other
[18:11] <TJ-> Rug: Are the clients configured to use the proxy on port 8888 or are they sending requests directly to the target?
[18:11] <Rug> TJ-: port 8888
[18:12] <TJ-> Rug: For transparent read: http://www.tldp.org/HOWTO/TransparentProxy-6.html
[18:13] <user123321> pmatulis, Aha, so if I set static IP's and same subnets for VM's, I'm good to go?
[18:13] <TJ-> Rug: read also http://wiki.squid-cache.org/SquidFaq/InterceptionProxy
[18:13] <pmatulis> user123321: and the bridge, yeah
[18:13] <Rug> ok thanks.
[18:13] <user123321> pmatulis, Cool, thanks.
[18:15] <dw1> how can i change the default interface to the main ip? everything (php, sendmail) seems to be sending out with a secondary ip (added/used for SSL on a specific web site)
[18:38] <dw1> i think i prob set up my secondary IP wrong https://pastee.org/44agb
[18:38] <dw1> i want the first one as default for outgoing connections
[18:39] <sarnold> dw1: can you configure your services to bind to eth0 instead of wildcard binds?
[18:40] <dw1> i can configure each individual program/outgoing PHP socket to use the IP i want, yes
[18:40] <dw1> but id rather it use the eth0 ip by default
[18:42] <sarnold> I know of no mechanism to ask the kernel to prefer one IP over another when a wildcard bind is used
[18:44] <dw1> wildcard bind.. thats the 0.0.0.0 i see in route -n i guess
[18:44] <dw1> https://pastee.org/pfbxh
[18:45] <sarnold> dw1: that's a default route; slightly different ;) hehe
[18:46] <dw1> what makes it a wildcard bind in /etc/network/interfaces ?
[18:48] <sarnold> dw1: nothing; applications will just use int fd = socket(AF_INET, SOCK_STREAM, 0); connect(fd, ...);  without using bind(fd, ...) first
[18:49] <dw1> ahh hmm
[18:50] <dw1> so its normal then.
[18:51] <dw1> thanks for input
[18:53] <sarnold> dw1: actually... if you're up for some research, this might be promising: http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.simple.html
[20:12] <stetho> Hi. Does any have any recommendations for a directory server for home use? I'm tempted to just go with OpenLDAP but I'm nervous of its fragility and my inexperience. Locking my kids out of their computers wouldn't go down well. I've looked at other things like FusionDirectory and FreeIPA but I am wondering if there's other options that I haven't found yet before I choose one of them.
[20:12] <sarnold> stetho: 389ds? sssd? (never tried either one, just trying to give more choics :)
[20:15] <stetho> SSSD is an authentication daemon. I had forgotten about 389DS - I'll go and have a look.
[20:16] <sarnold> no directory component? thanks :)
[20:23] <zartoosh__> HI I am using ubuntu 14.04. The system harddisk is GPT partition.  I need a tool to label the disk partition. I used to use e2label before but it seems e2label does not work with GPT partition disks? thx
[20:27] <gorelative> im using nginx to rev proxy in front of my blog (Ghost), it uses SSL, but i cant figure out why gzip isnt working for static assets. I've included my nginx config files here: https://gist.github.com/mikedevita/75b130119c2251154fe1
[20:29] <Forex> hey folks
[20:30] <Forex> who here used ovh us cloud ubuntu servers?
[20:35] <delinquentme> so I've got a build script which ... oddly enough .. .is not running a single $ apt-get install salt-master   ... its seems like q very pecular thing to be failing
[20:58] <rberg> I am a little confused about the Ubuntu 12.04 hardware enablement situation.. will the 3.2 kernel series still be patched? or do I need to consider going to 3.13?
[21:06] <rberg> the wiki talks about Ubuntu versions 12.04.5 (3.13) wile I have 12.04.5 with 3.2 still
[21:09] <zartoosh__> hi on ubuntu 14.04, in the file /etc/fstab could I use actual partitions rather than uuid, and if so do I need to modify my grub.cfg? thx
[21:10] <chriys> hi guys, I just installed openssh-server but for some reason I get connection refused when to connect (ftp and ssh)
[21:15] <chriys> hi guys, I just installed openssh-server but for some reason I get connection refused when to connect (ftp and ssh)
[21:34] <guntbert> chriys: did you try locally?
[21:34] <arrrghhh> chriys, ftp would be something different
[21:36] <chriys> nope I installed it on a vps
[21:37] <guntbert> chriys: well, "locally" from that vps :)
[21:37] <chriys> Yeah I also tried that same issue
[21:38] <guntbert> chriys: what does      ssh -vv localhost  result in?
[21:43] <chriys> guntbert: I remove some line in the config file now ssh works but I can't make work the ftp
[21:44] <guntbert> chriys: I am about to go to bed: what ftp server did you install?
[21:46] <chriys> well openssh-server
[21:46] <chriys> guntbert: what do you advised.
[21:46] <guntbert> chriys: that is no ftp server, you need something like pureftp, or vsftpd,...
[21:47] <guntbert> chriys: type    aptitude search ftp
[21:47] <guntbert> to get a list of packages
[21:47] <chriys> what's the best
[21:49] <arrrghhh> chriys, both the ones mentioned are fine
[21:49] <arrrghhh> ftp is inherently insecure and should not be used, if it can be avoided
[21:49] <guntbert> !best | chriys
[21:49] <guntbert> sorry, ubottu failed me :-(
[21:49] <arrrghhh> lol
[21:50] <chriys> Then what protocol can I use to transfer files to the vps
[21:52] <chriys> arrrghhh
[21:53] <arrrghhh> chriys, sftp/scp is my preference
[21:53] <arrrghhh> and you already have openssh installed, so you can use that right now.  just depends on the client machines you're working with
[21:54] <chriys> well I'll use filezilla. How can I set up the ftp of openssh-server
[21:55] <arrrghhh> sigh.  as mentioned previously, ftp != openssh
[21:56] <arrrghhh> as for filezilla, it has the ability to connect to sftp servers, just choose that from the protocol dropdown when adding the site
[21:56] <arrrghhh> (sftp = ssh file transfer protocol)
[21:56] <chriys> ok I see
[21:56] <arrrghhh> or you can think of it as 'secure' ftp.  just like ssh is secure telnet.
[21:57] <chriys> Got it
[21:57] <chriys> guntbert: thx for help
[21:57] <arrrghhh> since you already have openssh, you should be able to just use sftp :)
[21:57] <sarnold> best not to -- there is also an ftps, which is ftp over ssl or tls. (I'd avoid that though, combining two horrible protocols doesn't make one good protocol..)
[21:57] <sarnold> so best to just think of sftp as sftp and be content :)
[21:57] <chriys> arrrghhh: how ?
[21:57] <arrrghhh> chriys, I explained it above on how to use it in filezilla
[21:57] <arrrghhh> what's the issue?
[21:59] <arrrghhh> if you're just using a username/password it's really easy.  if you're using keys, it's a bit trickier but still do-able.
[22:00] <chriys> arrrghhh: I can now connect throught sftp
[22:00] <arrrghhh> cool.  much more secure than plain FTP, and it's already setup :)
[22:06] <chriys> cool
[22:07] <chriys> arrrghhh: I heard that it's not a good idea to create a symlink to /var/www
[22:07] <chriys> is there an alternative
[22:08] <arrrghhh> what are you creating symlinks for?  what are you trying to achieve?
[22:08] <chriys> create a folder called html inside /home/user/ so that all the file related to the website will go there
[22:08] <arrrghhh> you can bind mount
[22:09] <arrrghhh> but I'm not sure either option is more/less secure than the other
[22:09] <sarnold> or set the docroot to /home/user/www or whatever
[22:09] <chriys> Since I disabled access for root no one will be able to access /var/www
[22:09] <arrrghhh> /var/www is owned by www-data on my box
[22:10] <arrrghhh> but resetting the docroot would probably be a better idea ^^
[22:11] <chriys> ok let me do that
[22:16] <chriys> arrrghhh: is it normal that I can create ftp and I can see what's inside home/user
[22:17] <arrrghhh> you'll have to elaborate on "create ftp"
[22:18] <arrrghhh> but you're connecting with the same rights as the user you ssh with
[22:18] <arrrghhh> so you'll have the same permissions/rights that user has
[22:18] <chriys> arrrghhh: directories*
[22:18] <arrrghhh> see above ^^
[22:18] <chriys> inside ssh I can create directories
[22:19] <arrrghhh> you're connecting with the same perms as your user
[22:19] <arrrghhh> so whatever rights that user has, you will have via sftp
[22:29] <arrrghhh> chriys, if you want to limit rights, you can setup a 'chroot jail' and login as a different user
[22:30] <arrrghhh> that setup is a bit more complex, just depends on what your needs are.
[23:15] <idefine> hi, I'd like to have my upstart scripts log to one of the ephemeral drives on my boxes. How can I specify this?
[23:30] <chriys> sorry arrrghhh I had to handle an emergency