[00:10] this live disk doesn't have smartctl, how can I get the serial number of a drive? I'm not sure which one I just wiped :) [00:11] try lshw? [00:12] there we go, thanks :) [00:19] so, I booted my machine back into its original os (the same hardware that just had a working array) and on startup I get: mdadm: superblock on /dev/sdd doesn't match others - assembly aborted. then a bit further down [....] Cleaning up temporary files... [00:19] but it seems hung there [00:31] it eventually booted but theres no sign of the array here... :\ [00:31] nothing in /proc/mdstat or mdadm --detail [00:37] having an issue with dovecot.. it's not sending AUTH LOGIN. if anyone can check if my configs are wrong thatd be great: https://dpaste.de/aqcb [00:40] ebonics: is there anything inthe logs? [00:42] sarnold, not in mail.log or mail.err, but i have a feeling it's just configured wrong [00:42] ebonics: does dovecot have its own log file? [00:43] sarnold, afaik it just logs to those two [00:43] ebonics: it often does. rsyslogd has a config file that routes some syslog traffic to different files [00:43] anyone have any thoughts as to why the live CD auto assembled my array, but an older debian install won't due to the non-matching superblock? [00:44] or how I can safely correct it? [00:44] hmm ok ill investigate zerowaitstate thanks [00:46] ok sarnold zerowaitstate it's just using method=PLAIN [00:47] is there some reason why it would default to that? [00:48] as opposed to what? [00:48] auth_mechanisms = plain login [00:48] isn't login a method? [00:49] what type of login mechanism do you want? [00:49] i thought that "LOGIN" was a mechanism, which explains the AUTH LOGIN smtp packet header [00:49] i had it working before but i guess i broke something [00:51] are we talking about SMTP or dovecot? [00:51] dovecot [00:51] SMTP is Postfix, not dovecot [00:51] so when i telnet to port 587 what protocol is that ? [00:52] ESMTP [00:52] which is dovecot right? [00:52] which is being handled by Postfix, as shown in your dpaste [00:52] oh.. [00:52] i thought that it just meant that dovecot was delegating to postfix [00:53] shouldn't it be going through dovecat? [00:53] there is some interaction yes, because dovecot needs to know where postfix is storing messages for that domain [00:53] postfix handles SMTP, dovecot handles POP3/IMAP [00:53] I realize it's confusing [00:54] like for a mail client i have it configured to port 587 and under imap [00:54] and yet when i telnet to port 587 it's using ESMTP [00:54] so i don't really understand [00:54] SMTP is what your mail client is using to SEND MAIL. IMAP is what your client is using to CHECK MAIL. [00:54] oh wow my mail client is using port 143.. what the [00:55] they are two totally different protocols. for historical reasons, mostly, they are handled by two different software packages [00:55] okay i understand now zerowaitstate thanks [00:56] so really postfix is my problem zerowaitstate? [00:56] are you having problems sending mail, or checking mail? [00:57] i'm hitting spambox in my tests when i send mail. so i tried telnetting and realised it wasnt sending the AUTH LOGIN packet so i assume that has to do with it [00:57] hitting spambox...i don't follow [00:57] my mail is being sent to spam [00:58] because of some auth or validation related reason [00:58] ie. it wasn't hitting spam earlier and it was using AUTH LOGIN [00:58] mail you are sending is being sent to the spam folder when someone else receives it? [00:58] when i receive it [00:58] yes [00:58] my server -> my gmail account [00:58] ah, so you are testing by sending to yourself? [00:58] gmail spamboxes it [00:59] yes [00:59] okay. unfortunately, the answer is "it's complicated" [00:59] ebonics: your smtp server is functioning, however, Google does not fully trust it [00:59] ebonics: there are a number of reasons that can happen. [01:00] ebonics: lack of DKIM / SPF records for the domain can be one reason [01:00] ebonics: the lack of SSL support server-to-server can be another [01:01] zerowaitstate, shouldn't it be using SSL [01:01] i implemented a cert [01:01] ebonics: also, if you are sending from an IP block that is a previous known abuser, it may be blacklisted [01:02] and zerowaitstate thanks for the info, however i wasn't hitting spambox earlier and i noticed in my telnet adventures that it was sending AUTH LOGIN, while now it's not [01:02] so i feel like that's likely the problem at hand at this moment [01:03] zerowaitstate, are you saying the AUTH LOGIN is handled by postfix? [01:03] ebonics: AUTH LOGIN is what the client sends, not the server [01:03] zerowaitstate, how :| i swear it was sending AUTH LOGIN earlier.. === markthomas is now known as markthomas|away [01:04] ebonics: and yes, SMTP is handled by postfix, so the config you're interesting in is there [01:04] ebonics: ah, yeah, you definitely have a postfix problem [01:04] ebonics: it looks like you are operating an open SMTP without authentication [01:04] lol [01:04] :| [01:07] ebonics: however there is a little caveat. It may be that postfix is set up to support pop-before-smtp which allows you to use smtp from an ip address without authentication if you used pop/imap from that same address recently [01:08] zerowaitstate, i haven't enabled pop3 as far as i know [01:08] zerowaitstate, shall i post my postfix conf? [01:08] yeah, but the same is true for imap I believe [01:09] zerowaitstate, https://dpaste.de/yObJ [01:09] I actually have to go in a sec. However, I would recommend you check smtp from a different IP address that has not checked mail via POP/IMAP to that server recently. [01:09] zerowaitstate, okay, thanks for the help. [01:10] ebonics: based on my prior experience with dovecot, my guess is you checked mail from your computer, then ran your smtp test and it didn't attempt to authenticate you due to dovecot telling postfix via SASL that you were already legit. [01:11] ebonics: the reason imap-before-smtp is used is so people putting in their email stuff on their phones, etc, don't have to enter a username/password twice for both imap and smtp [01:11] zerowaitstate, that's possible. i'm using thunderbird so it will be using my ip [01:12] ebonics: i think it's poor security personally [01:12] ebonics: but it's a very popular default configuration [01:12] zerowaitstate, it seems good for large scale systems for performance [01:12] http://en.wikipedia.org/wiki/POP_before_SMTP [01:13] http://wiki2.dovecot.org/HowTo/PopBSMTPAndDovecot [01:13] zerowaitstate, do you know how i can flush the session or whatever it is so i can do proper testing [01:13] no idea, but it's probably in the dovecot docs [01:13] since dovecot is handling the user database [01:14] ebonics: performance has nothing to do with it. there is very little performance hit in checking a password, especially compared to doing things like TLS [01:15] zerowaitstate, there could be if the database isn't threadsafe [01:15] ebonics: also, NAT screws up POP before SMTP [01:15] ebonics: username/password databases are key value stores. it's very easy to make a key-value store threadsafe [01:15] ebonics: anyway, I got to eat. take it easy [01:16] seeya zerowaitstate thanks for the help [01:37] patdk-lap: as I suspected, mdadm says the 2TB is too small to replace the 3, so i'm going commando [01:37] hi guys, trying to set up munin cgi using this guide: http://munin-monitoring.org/wiki/MuninConfigurationMasterCGI but all i get is 403 forbidden :S any help on what to do [01:37] hmm [01:37] is it basically fail & remove /dev/sdX1, then add /dev/sdX [01:38] no format in between? [01:38] you can [01:39] from your reply i gather there is a better way? [01:39] not really [01:39] have two options [01:39] get a larger disk to rotate with [01:39] or make your raid array with your 2tb, and copy it all over [01:39] and copy it all back [01:40] would be the only 100% safe way [01:40] i'll take my chances with the swaps [01:40] doing a drop and add is ok [01:40] but there can be risk during the time [01:40] by doing that as I said above, it will use the full disk instead of a partition, and I'll get the full 3tb each once it's all done? [01:41] it will see the full 3tb [01:41] but it won't use it till you tell it to grow [01:41] and it won't grow till your done [01:42] ok I just saw something frightening [01:43] resync claims to be WAY faster than last time, and if I'm reading it right, mdadm says there's only 2tb of data instead of 5ish [01:44] Used Dev Size: is that per disk? or total occupied space? [01:44] per disk I think [01:44] I guess I can mount it and see if anything is missing? [01:44] it seem wierd that a ton of data would just disappear like that [01:44] but i'm also worried about how the previous OS wouldn't reassemble the array [01:45] ya, per disk [01:45] phew [01:45] Array size is total [01:46] the resync is gonna take 350 mins.. last time it was 1200 [01:46] i dont think these disks are that much faster [01:46] newer faster disks [01:47] possible I guess... [01:47] scary.. I should have looked closer at the files to make sure they were all there === zz_DenBeiren is now known as DenBeiren === NiTeMaRe is now known as NiTe === NiTe is now known as NiTeMare === NiTeMare is now known as NiTeMaRe === sl0wz is now known as slowz === slowz is now known as Guest63161 === slowz_ is now known as slowz [05:20] hi guys [05:20] i have an existing ubuntu server with apps - when i do apt-get update does it effect the other apps installed or update them also..? [05:20] any idea guys [05:21] ruben23: how did you install those other apps? [05:21] i worry my server might get broken when i run - apt-get update [05:21] they are install by package, some are by source [05:22] when you built packages by source, did you install them into /opt/ or /usr/local or did you install them into /usr? [05:22] /usr/local some are /usr/src [05:23] okay, those should be left alone, packages should leave /usr/local alone, some packages od install into /usr/src but that's mostly kernel headers, I think... [05:24] now, the packages, how did you install those packages? did you download .deb files and use dpkg -i on them? or did you add new repositories to your /etc/apt/sources* files? === Lcawte|Away is now known as Lcawte === Lcawte is now known as Lcawte|Away === cipi is now known as CiPi [08:55] i did chmod -R 700 /home/user and now all files are green [08:55] Good morning. [09:08] arcsky: dont' do that. :) [09:08] anyone know if its common for GNU mailman with default settings to be hitting gmail spambox on postfix (DKIM + SPF enabled) setup? i don't hit spambox when just sending through postfix [09:31] jrwren: how should i make it then? if i dont want other users to list my home dir? === Lcawte|Away is now known as Lcawte === 20WAA3BE8 is now known as misty_g3ar === misty_g3ar is now known as g3ar === g3ar is now known as misty_gear === misty_gear is now known as gear === misty_g3ar is now known as g3ar [09:53] arcsky: without the -R [09:54] arcsky: -R means recurse. It sets mode on all files and dirs in that dir recursiverly [10:04] jrwren: danke [10:06] jrwren: how can i switch back fist to default mode? [10:12] arcsky: you cannot. [11:06] Hello guys i tried to setup postfix/dovecot with virtual emails but i recieve the following error "status=bounced (cannot update mailbox /home/admin//var/vmail for user admin unable to create lock file /home/username//var/vmail.lock: No such file or directory)" [11:06] The mailbox path is wrong but i can't find it to change it , where is it located? [11:16] Any ideas? === Lcawte is now known as Lcawte|Away [11:34] Hello guys i tried to setup postfix/dovecot with virtual emails but i recieve the following error "status=bounced (cannot update mailbox /home/admin//var/vmail for user admin unable to create lock file /home/username//var/vmail.lock: No such file or directory)" [11:34] The mailbox path is wrong but i can't find it to change it , where is it located? [11:49] spyridonas: http://www.postfix.org/postconf.5.html#home_mailbox [11:49] 'Optional pathname of a mailbox file relative to a local(8) user's home directory.' [11:50] Oh , how i see the user home directory? [12:00] strikov : cat /etc/passwd says vmail:x:2000:2000:Virtual Mailboxes,,,:/var/vmail:/usr/sbin/nologin [12:03] strikov: can i modify it so its /var/vmail? [12:05] spyridonas: it depends on what you want to achieve; 'If set, mail_spool_directory specifies an absolute path where mail gets delivered. Alternatively, if set, home_mailbox specifies a mailbox relative to the user's home directory where mail gets delivered.' [12:08] spyridonas: you seems to have home_mailbox=/var/vmail which is probably wrong [12:08] strikov: thanks this seems to fix it but no i don't recieve the email at all, and no errors to be found [12:08] spyridonas: what did you do exactly? [12:09] strikov: the logs says everything is ok [12:09] strikov: i commented out the home_mailbox and set mail_spool_directory to be /var/vmail [12:09] spyridonas: i think you receive mail w/o any issues now but it gets placed to some unexpected folder [12:09] spyridonas: it should be placed into /var/vmail then [12:10] strikov: but i have virtual mailboxes that defined like that mail_location = maildir:/var/vmail/%d/%n/Maildir:INDEX=/var/vmail/%d/%n/Maildir/indexes [12:11] strikov: but that's inside dovecot [12:12] strikov: i also have "virtual_mailbox_base = /var/vmail" [12:12] strikov: on postfix [12:12] spyridonas: i'm not an expert but i assume that you have two options [12:12] spyridonas: you either store mail for user X inside /home/X/ [12:13] spyridonas: or you store all the mail inside /var/vmail/ and do sorting there [12:13] spyridonas: which way you want? [12:13] If you want 1st way (which is simpler) you do home_mailbox = Maildir/ [12:13] strikov: the 1st because virtual emails are stored like so "/var/vmail/domain/user/" [12:14] and then (when you receive mail) mutt -f ~/Maildir [12:14] this dir should exist i think [12:15] strikov: that means i have to delete everything postfixadmin created and redo the whole virtual mail boxes setup.... [12:15] spyridonas: you want 2nd way then (I think) not 1st [12:16] strikov: the problem is that the directories are variables [12:17] strikov: i don't want all emails to /var/vmail , i want the email from admin@example.com to be on /var/example/admin/ and the email from admin@example2.com to be on /var/example2/admin. [12:18] spyridonas: try to comment out both mail_spool_directory and home_mailbox [12:19] spyridonas: it seems to me that you have a working config but this home_mailbox thing simply broke everything [12:20] strikov: hmm... still nothing [12:21] spyridonas: define 'nothing' [12:21] strikov: i wonder why virtual_mailbox_base doesn't simple override everything [12:21] spyridonas: check /var/vmail/* [12:21] spyridonas: i assume that you should get mail to /var/vmail/%d/%n/Maildir as you defined in the config [12:21] strikov: /var/vmail has nothing delivered to it and the domain folders i cant understard if something was just added [12:22] strikov: the Maildir has .Archive, .Drafts etc... [12:22] strikov: but nothing delivered to it [12:23] spyridonas: Maildir is used only when home_mailbox is set [12:23] spyridonas: you either use it or not [12:23] spyridonas: we came to conclusion that you don't want to have it [12:24] strikov: ok i dont want it then [12:24] strikov: sure [12:24] spyridonas: so, you don't have home_mailbox in the config? [12:24] spyridonas: you don't forget to restart the thing, right? [12:25] strikov: i do have it commented out because its relative the user [12:25] strikov: home_mailbox [12:27] strikov: relative to user means /home/vmail but i have it on /var/vmail. Should i just delete the Maildir part of "mail_location = maildir:/var/vmail/%d/%n/Maildir:INDEX=/var/vmail/%d/%n/Maildir/indexes" [12:27] strikov: but then indexes doesn't exist... [12:29] strikov: should i simply copy the folder to /home/vmail instead ? [12:30] spyridonas: /var/vmail/%d/%n/Maildir means that mail will be stored at /var/vmail///Maildir [12:30] spyridonas: you either want this or not [12:30] info@example.com will be store at /var/vmail/example.com/info/Maildir [12:31] strikov: i don't mind if i copy it to the parrent folder, the problem is the parrent folder doesn't have indexes folder which its used latter [12:31] spyridonas: i don't understand you problem [12:31] strikov: "mail_location = maildir:/var/vmail/%d/%n/Maildir:INDEX=/var/vmail/%d/%n/Maildir/indexes" [12:31] strikov: says on dovecot [12:32] strikov: i can simple made it "mail_location = maildir:/var/vmail/%d/%n" [12:32] strikov: but i wont have the indexes part [12:32] spyridonas: for what reason? [12:32] strikov: because i dont want to user Maildir [12:33] spyridonas: you want to 'convert' existing mail database into a new hierarchy of folders? [12:33] strikov: no i don't care the existing mail database is empty [12:34] spyridonas: i don't know if Maildir name is required or not by some other components [12:34] spyridonas: i'd stick with a regular way and don't invent the wheel [12:34] strikov: i will delete i then [12:35] strikov: if that doesn't work i will re-do it [12:39] strikov: it doesn't work.. i will re-do it again, thanks for helping me out [12:39] spyridonas: yw [13:42] Hello guys is there any way to track a directory when new files are created? [13:46] inotify? [13:47] Hi looking for some help on a strange problem with ubuntu server and apache2 [13:48] I have the system set up and there is an index.html being served in /var/www/ [13:48] spyridonas: yeah, inotify could be used for this, you can let it 'monitor' a specific location [13:48] use the google power to find out how exactly [13:49] I have tried to remove the index.html to try and use an index.php but no matter what I do it always returns the content of the index.php even if I move it out of the way ??? [13:49] purplehorace: most likely due to browser caching [13:49] Sling: Thanks, i can't recieve emails but i can't understand where the files end up. [13:49] purplehorace: or do you mean it returns the contents of index.html instead of index.php ? [13:49] purplehorace: purge your browser cache and retry [13:54] The browser is rendering the index.html and the server isn't serving the index.php even though its there. I thought it should use the php if the html isn't there [13:55] purplehorace: check /etc/apache2/sites-enabled/ for enabled sites and their docroot [13:56] OK I'll have a check of settings, thanks [13:59] purplehorace: make sure DirectoryIndex lists index.php before index.html [13:59] but still, if index.html doesn't exist and your browser still 'gets' the index.html contents, its definitely caching [14:07] How do I know which screen session i am connected to from within a screen session, assuming have multiple screen sessions running and I am connected to others too from same machine. [14:15] Error404NotFound: screen -list will show the PID's [14:15] so from within one of the screens do echo $PPID [14:15] and that should correspond to one of them [14:15] hmmm, let me try [14:15] assuming your shell is a child process of the screen process [14:17] Sling: awesome [14:17] thanks [14:20] Hey guys how can i change postfix default email save location? [14:21] spyridonas: postfix is usually not the daemon 'saving' email [14:21] its an MTA [14:21] if i change home_mailbox = it only appends whatever i type to /home/username/whatever/i/typed/ [14:22] ah [14:22] spyridonas: the most flexible would be letting postfix deliver it to procmail [14:22] and then each user can have its own procmail rules [14:23] Sling: i have already setup dovecot/postfix, currently it doesn't work because emails end up on wrong directories [14:23] Sling: i have them setup with virtual domains and emails [14:24] spyridonas: so what does your main.cf look like? [14:24] you would normally have something like "virtual_transport = lmtp:unix:private/dovecot-lmtp" for a postfix+dovecot stack [14:25] and then have lmpt listed in the 'protocols' section in dovecot.conf [14:25] Sling: like this http://pastebin.com/mFjyh5uG [14:27] Sling: i dont have what you said [14:27] I see that [14:28] is this a new setup you're building or/ [14:28] Sling: it's new i dont care if i loose emails, i followed this guide http://serion.co.nz/howto/howto-setup-mailserver-using-postfix-mysql-dovecot-postfixadmin-amavis-new [14:28] Sling: i need postfixadmin [14:28] why? [14:30] Sling: map files are exactly the same with this guide [14:30] Sling: i need to have multiple hosts with accounts end up in the same server [14:31] what I use is mysql for storing the domains/maps/aliases [14:31] like, virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf [14:31] which then contains something like http://paste2.org/I1BUI5O4 [14:32] then you can use SQL to manage your postfix stuff, or phpmyadmin, etc [14:32] but maybe this is a topic for #postfix :) [14:33] Sling: well i only need to change the directory , everything else works [14:33] Sling: i can send emails , all emails have ssl, dmarc,dkim, and a bunch of stuff [14:33] dovecot should be storing your incoming mails [14:33] not postfix [14:34] Sling: i can't recieve them because that config doens't work... :S [14:34] .. === Lcawte|Away is now known as Lcawte === markthomas|away is now known as markthomas === utlemming is now known as utlemming_kitche [16:25] anyone know if you can configure unattended upgrades to notify only, but not actually upgrade? [16:26] i can't seem to find it in docs [16:29] tash: maybe --dry-run? [16:30] tash: you might have to modify /etc/cron.daily/apt though [16:30] tash: also note that you can run /usr/lib/update-manager/apt-check from a script [16:31] (I'm not sure that's "official" API though) === martins-afk is now known as martinst [16:48] is it normal for mailman to be getting spam filtered by gmail with default settings (im using postfix with DKIM and SFP setup)? note: i dont get the same results with just postfix alone. === martinst is now known as martins-afk === ruben_ is now known as Guest34824 === martins-afk is now known as martinst === martinst is now known as martins-afk [19:17] Hello [19:17] I have a KVM with 238MB.... Webmin fits nicely but when it runs apt-show-versions... OOM get's excuted [19:18] I am just curious, apt-show-versions needs a lot memory to run? I assume it loading stuff into MEM? === lhorace is now known as Negor === Negor is now known as lhorace [19:21] lhorace, https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04 [19:22] ebonics: I know how... The KVM came with template but since you mention that [19:22] I am going to see if I can add swap [19:29] lhorace: Is apache running on the same box? [19:30] Nope, just mail box [19:30] just Postfix, webmin [19:31] sshd [19:31] There extra process that I am not using and I am going to kill [19:32] dbus,init, and kernel pids [19:33] I don't recall how to resize EXT4 so I am looking up that information [19:33] resize2fs [19:33] Anyhow 238Mb is really tiny... [19:33] The assigned size is... 9.9GB total with 1.1Gb in use [19:34] Assigned size of what? [19:34] For the plan that I have [19:34] What? [19:34] It's 238MB with 9,9GB [19:34] I am renting a KVM from a hoster and they assigned me 238MB with 9.9GB [19:35] Can you pastebin "free -m" please? [19:36] I am also renting another KVM, which is 512MB, a bit bigger but I am using for something else [19:37] They are Cloud Service [19:37] http://pastie.org/10098764 [19:37] Both have Ubuntu 14.04 [19:38] !webmin [19:38] webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. [19:38] bekks: I don't have issues with Webmin on Ubuntu [19:38] For a small mailserver, the 154M free would be ok. For nothing else. [19:39] Well, it isnt supported anymore on Ubuntu. [19:39] Okay, thanks [19:39] Umm, where you get 154M? [19:39] You adding the cache and free? [19:39] BTW, This box relays mail to another box [19:39] Yes. Because thats the RAM available to applications. [19:40] http://www.linuxatemyram.com/ [19:40] That does the actual deveilvery [19:40] bekks: Thanks, I read up Linux memory management actually [19:41] If I sound dumb, not trying to be [19:44] I think swap of size 300MB should be good enough [19:48] I can't resize2fs, it's online [19:50] "resize2fs: On-line shrinking not supported", I am going to have to ask the admins to do it for me [19:55] What kind of filesystem is it? [19:56] Ext4, I am going to look into a swap file [19:58] Ah, shrinking... live extending is supported. Read that wrong... [19:58] yeah [19:59] I was going to make room for a swap partition since that's most recommended [19:59] swapfile is the most easiest fixed and the admins are not in the mood [20:06] bekks: lordievader http://pastie.org/10098824 [20:07] And? [20:07] Thanks for the suggestion, that really helped me a lot, wasn't sure how to solve the problem... I was thinking of disabling Webmin from running apt-show-version... When it runs, it jumps, then processes based on score start to be killed [20:07] bekks: Just show you I resolve the problem [20:07] bekks: Better? [20:09] So you added a swap file then? [20:09] yup [20:10] Did you change swappiness too, as well as changing the default behaviour of the OOM killer? [20:10] Uh, I was thinking about swappiness but as for OOM killer behavior.. I still have more to read [20:11] I think, with 60, that should be good enough, I am not sure I really want to go for agressive swappiness [20:11] KVM is on SSD [20:11] Well, you actually dontwant to swap at all, if it can be avoided. So set vm.swappiness=5 or 10 in /etc/sysctl.conf [20:12] Hmmm, good point [20:13] I will see [20:13] And set vm.oom_kill_allocating_task=1 too [20:13] What does that do? [20:14] When you are running out of memory, the OOM killer starts to randomly kill processes until the situation is resolved. You actually never want that. You want the process which causes the situation to be killed. [20:15] bekks: Okay, my observation, apt-show-versions get's killed [20:15] Then, I have tmux [20:15] So, I don't see ramdoniess, thus far [20:16] webmin which is the parent, get's killed but the time span [20:16] The parent of 'apt-show-versions' [20:16] So if tmux causes the OOM situation, and webmin gets killed, thats random death. [20:16] lol [20:17] Okay [20:17] I so a lot of tmux inovked OOM [20:17] s/so/saw/ [20:17] For now, my critical serices keep running [20:18] services* [20:19] bekks: Actually, the template, so swapiness to 0 [20:19] s/so/set/ I don't have great spelling skills [20:20] So if tmux is causing the OOM, set vm.oom_kill_allocating_task=1 to make sure tmux gets killed then. [20:20] okay, set === SJrX is now known as SJr === NomadJim_ is now known as NomadJim === Lcawte is now known as Lcawte|Away [22:45] I’m logged in to a server that is rejecting all new connections. In /var/log/auth.log I’m seeing the following message: Connection closed by myipaddress [preauth] [22:46] I’ve restarted ssh and verified authorized_keys hasnt been changed. [22:51] Peiniger: not enough information [22:51] SSHD might be closing the connection just becaust [22:51] What other info would you like? [22:52] You can put SSHD in DEBUG mode [22:53] Can I put it in debug mode without losing my current connection? [22:54] Peiniger: openSSH spawns SSH clients [22:54] so, you can restart SSHD witout affecting your current session [22:54] Peiniger: pastebin what you get with the client in verbose mode (ssh -v). could be a number of things. like permissions of .ssh directory or key files [22:54] no problem. 1 minute please [22:55] more v's are possible but one is usually good (ssh -vvv) [22:56] http://pastebin.com/YXbp1ZGC [22:57] Peiniger: so could be a few things. but i would first check auth.log on the server. pastebin the last few lines [22:57] Umm pmatulis you explain or can I? [22:57] Uhhh [22:57] lhorace: go ahead [22:57] Well, the authentication mentods is publickey [22:58] That's why it faied [22:58] oops, failed* [22:58] There is not other method to try [22:59] lhorace: ? [22:59] Well, with my SSHD, I might keep it to just publickey [23:00] But if you lose it, you need to find another way [23:00] Peiniger: anyway, provide auth.log. otherwise, this error can occur if you're connecting to the wrong user account or the public key is not installed in the remote ubuntu user's home directory [23:00] pmatulis: the only sshd error im getting in /var/log/auth.log is Connection closed by myipaddress [preauth] [23:01] What SSHD tells me now is enough to know what is the problem [23:01] Some of you need to read the openSSH docs [23:01] It's clear as day in the pastebin [23:02] debug1: identity file /Users/someuser/Documents/someorg/ssh-keys/someorg-east.pem type -1 ? [23:03] that might be the problem [23:04] lhorace: can you elaborate? [23:04] lhorace: but the command line asked for -i ~/Documents/someorg/ssh-keys/someorg-server1.pem and it appears it was tried.. debug1: Trying private key: /Users/someuser/Documents/someorg/ssh-keys/someorg-server1.pem [23:05] I keep my private key safe [23:07] On, I have Arch Linux, Ubuntu, etc severs... I usally disable the password or any other mechnasim of auth on SSH [23:07] Peiniger: are you confident the public portion of /Users/someuser/Documents/someorg/ssh-keys/someorg-server1.pem is in the authorized_keys of the user account on the remote server you're tryingt ouse? [23:07] I will double check [23:07] Except for publickey [23:09] sarnold: All the AUTH methods failed [23:09] the output of my .pem file is a private key. [23:09] what do you mean the public section? [23:10] I didn't know that you keep private keys in PEM format [23:10] Peiniger: most ssh clients store the privkey ina file named e.g. id_rsa and the public portion in afile named id_rsa.pub [23:10] Must be a new SSH feature [23:10] lhorace: I think the .pem format was a feature of the ancient commercial ssh [23:10] The .pem file contains a SSL certificate, which is not a SSH key. [23:11] Isnt it? [23:11] “The private key file is automatically downloaded by your browser. The base file name is the name you specified as the name of your key pair, and the file name extension is .pem. Save the private key file in a safe place.” [23:11] Peiniger: _browser_? [23:11] from the amazon docs [23:11] As long of SSH that I have, I never seen SSH encode it in PEM format [23:11] lhorace: be thankful :) [23:12] sarnold: i would ignore the browser piece [23:12] must download instructions [23:12] lhorace: the old commercial ssh was verybadterrible [23:12] I want to help Peiniger [23:12] Its for Amazon EC2 key pairs [23:12] make sure he solved his issue [23:12] lhorace: .. but this sounds like some funky amazonery rather than the old commercial ssh [23:13] sarnold: Don't care about the backround [23:13] http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html [23:13] Peiniger: i can connect to Amazon instances with such a .pem key [23:13] Peiniger: the problem is probably you didn't choose the proper key when you created your instance [23:13] It might end with .pem [23:14] pmatulis: the instance has been around for a while now [23:14] the contents is different [23:14] ssh suddenly stopped working [23:14] i just happened to be logged in to it [23:14] interesting, "suddenly stopped working" [23:15] Peiniger: you have console access right? [23:15] SSH will spawn a process [23:15] yes…i should have said stopped receiving new connections [23:15] It stop working doesn't mean the deamon stopped [23:16] I said, before, but SSHD in debug mode [23:16] lhorace: can i put it in debug mode without disconnecting my current session? [23:17] Peiniger: It could be your SHELL that disconnect you [23:17] others are experiencing this problem too [23:17] Peiniger: If you currently logged and ROOT authority .. yes [23:18] SSHD spawns new process for clients under their priviledge [23:19] Peiniger: When you say others, I need to know what Ubuntu Version? [23:20] lhorace: server is 14.04.1 [23:21] Okay, I have 4 14.04.1 [23:21] and Arch Linux.. etc [23:22] You asked me a few times if making changes will destro your current session [23:23] SSHD spawns Processes [23:24] It means depends on how the program is program that one process shouldn't effect another [23:26] im with you. thanks for the explination [23:29] I wanted to make sure everthing was goign alright with you Peiniger [23:32] I just finish reading up on SSH and PEM [23:32] I need to get a port opened to run in debug mode [23:32] That debug1: identity file /Users/someuser/Documents/someorg/ssh-keys/someorg-east.pem type -1 [23:32] that was your problem [23:33] I took at my key, it's in PEM format [23:33] It's not* [23:34] what is the problem? [23:35] PEM and SSH key are both base64 but when you decode it.. it means something else [23:36] I really don't think that's it; the command line asked for a specific (different) key, and that other key was tested later [23:37] here's a successful login to my isp with half-dozen of those "type -1" lines: http://paste.ubuntu.com/10841461/ [23:37] I think you're better off putting that sshd into debug mode and hoping for more verbose messages that way [23:38] RIGHT [23:38] Ill give that a shot once I can open another port [23:38] thanks for your help [23:41] unforuntately I don't see much in the way of debugging messages when I search for "Connection reset by", they all show up on len==0 results from socket reads, e.g. http://sources.debian.net/src/openssh/1:6.7p1-3/packet.c/?hl=1137#L1137 [23:42] so debug mode may not help much, but it's worth trying [23:50] Peiniger: i asked before, did you confirm the public key is installed in the remote ubuntu user's home directory? even though it "suddenly stopped working", it is good to check [23:51] yes i did [23:54] Peiniger: check ls -ld output for ~ ~/.ssh ~/.ssh/authorized_keys on the remote server; if owners, groups, or permissions are the least bit wrong, sshd will refuse to use it; I'd expect it to log something about it on the server, but the client often has no visibility about why the public key didn't work