igneusupdated the pastebin with the results (at the top) http://pastebin.com/QFuQ3H9000:02
igneusthough, I ran the same commands on my working Ubuntu-Mate VM (on this machine) and notice the server is missing some information, though I don't know the importance of it00:03
tarpmani'm right, there is no route via
igneussweet! .... what do we do about it? lol00:04
tarpmanlike I said, comment out the gateway while you take down the interface00:04
tarpmanit can't delete a route that doesn't exist - that's the 'no such process' you got00:05
igneusok, so comment out the gateway line, then run "sudo ifdown eth0"?00:05
tarpmanyeah, then assuming that works, restore it before ifup00:05
igneusgotch ya, here's hoping!00:06
=== thumper-dogwalk is now known as thumper
igneusok, running ifdown with gateway commented out worked (I suppose) because it did not state anything, however, running ifup after removing the comment on gateway reported network unreachable00:11
igneusso, using the interface dhcp setup plus the line "post-up route add default via dev eth0" that allows it to almost get up, I can now ping the gateway, but cannot ping the server from another device00:29
tarpmanif it reported "network unreachable", it probably had a good reason for doing so ...00:32
igneusso route now contains the gateway, but it also contains a record for "" and "", not sure where that false record/route is coming from00:32
tarpman192.68. sounds like a typo somewhere00:32
igneusthat's what I thought, but I do not see one in my interfaces file00:32
tarpman192.168.1.0 - traffic to things on the same subnet is direct, no gateway involved00:32
igneusknow of another place I might need to check out?00:33
tarpmancruft left over from previous attempts?  did you ever try just rebooting with a sane interfaces file in place? ("sane" - none of this "post-up route" stuff :P)00:33
igneusyes, I did00:33
igneusI tried with a basic dhcp setup and the basic static setup from the pastebin00:34
igneusI am considering too, given the time looking into this, of trying to just reload the ubuntu-server onto the HDD00:35
igneusit's a fresh install, that was working, and when I moved the server, it decided to not want to work00:35
=== baggar11_ is now known as baggar11
=== unreal_ is now known as unreal
=== inteus_ is now known as oheresy
=== oheresy is now known as inteus
=== cryptodan_deskto is now known as cryptodan
cpaelzergood morning05:44
=== vbotka_ is now known as vbotka
=== kickinz1|afk is now known as kickinz1
Razvait seems that my LAN servers cannot detect MAAS DHCP. any ideas of how to debug this?11:20
Razvadhcpd     6631  0.0  0.0  32916 13324 ?        Ss   13:04   0:00 dhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/maas/dhcp/dhcpd.pid -cf /var/lib/maas/dhcpd.conf -lf /var/lib/maas/dhcp/dhcpd.leases eno211:20
Razvaeno2 being the LAN nic11:20
rbasakstgraber: lxd seems to ignore http_proxy and https_proxy. I can't get it to hit the proxy server instead of going direct when launching an image.11:34
Razvais there any way for me to see what commands is executing a user via bash, real-time?13:07
BlackDexRazva: `ps fauxww | less` but not that realtime13:19
stgraberrbasak: hmm, I remember seeing code that was handling this, could be that it's not covering all code paths...13:57
=== Guest76507 is now known as med_
med_jamespage, what OVS version and kernel are you running in the OIL lab? We're having packet loss issues.14:13
med_s/you/Ubuntu & Canonical/14:13
jamespagemed_, probably the same as you14:14
jamespagemed_, which ovs release are you on?14:14
jamespageos release rather14:14
jamespagewhich pocket?14:15
med_liberty testin (kilo in prod)14:15
med_we've been using -proposed for this testing14:15
med_we've tried a number of kernels and OVS including the xenial proposed kernel and wily14:15
jamespageactually the kernel version might be more pertinent here14:16
med_we've tried the lts trusty kernel (3.0.13 series) the wily and the xenial proposed14:17
jamespageI have a cloud where I'm running liberty with the wily 4.2 kernel - do you see errors with that combo?14:18
jamespagemed_, ^^ ?14:18
med_3.19.0-32 showed the errors14:18
med_jamespage, ^14:19
med_so correction jamespage, the bulk of our testing has been with Kilo at this point, not liberty14:19
jamespagehmm ok14:19
med_but that kernel is correct (t, w, and x)14:19
jamespagemed_, so you saw the problem as a result of a kernel update? just trying to id the point when things changed for the worse14:34
med_we started anaylysing the problem due to tenant complaints of lost packets.14:34
med_kinf of an all out effort now. No real changes had occurred. Just better trained, more sophisticated tenants asking better questions with more data, jamespage14:35
frickleris anyone working on a fixed release for https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html already?15:36
ubottusourceware.org bug 2016 in libc "argp --help infloop, via ARGP_HELP_FMT envvar" [Normal,Reopened]15:36
arrrghhhhey all.  I have a cron.daily job setup to email me a 'status report' on the server - this works fine, but a few minutes after the report I sent I always get a second email about the "Reported file <x> generated in current directory" - how can I suppress this second email?15:37
rbasakfrickler: see #ubuntu-hardened. "no eta yet".15:44
jgrimmmeeting time16:00
jak2000hi all how to use, ssh-keygen -t rsa -b 4096   ? i want use scp command without ask me a password, thanks16:38
cpaelzerjak2000: that should give you the right details https://help.ubuntu.com/community/SSH/OpenSSH/Keys16:40
cpaelzerjak2000: it is not only creating but also putting the key on the remote server which is the req for PW-less login (and scp)16:40
fricklerrbasak: thx for the pointer16:47
jak2000cpaelzer i try connect ssh@ip and ask and ask me the password16:54
arrrghhhjak2000, did you disable password auth on the server?16:55
jak2000wait pls16:56
jak2000creating pastie16:56
arrrghhh"PasswordAuthentication no" in /etc/ssh/sshd_config16:56
jak2000in wich server?16:56
arrrghhhon THE server16:56
jak2000but i want work with ssh keys16:56
arrrghhhwe're just talking about a client and a server here16:56
arrrghhhI know16:56
arrrghhhso disable password auth16:56
arrrghhhit'll force keys16:56
arrrghhhjak2000, perhaps I didn't ask an essential question... are you using the key when you try to auth?16:57
jak2000arrrghhh: http://pastie.org/1072433717:01
jak2000here the steps...17:01
jak2000see last step? ask me again the password, why?17:02
jak2000need sisable password auth?17:02
arrrghhhjak2000, you don't have to no17:03
arrrghhhbut that would force only key-based auth17:03
arrrghhhsigh... I guess let me parse through all of this...17:05
jak2000ok you see any BAD steps?17:05
arrrghhhnot yet17:05
arrrghhhI don't do this every day tho, I setup keys on my server a year or two ago... lol17:06
arrrghhhjak2000, did you check the troubleshooting section?17:06
arrrghhhperms need to be right17:06
arrrghhhif you do disable password auth I would leave a SSH session open in case it doesn't work17:06
jak2000man in this case the host is swMAnzana right?17:07
arrrghhhyou tell me...17:07
arrrghhhwhich is the client which is the server?17:07
arrrghhhbased on your paste, I would assume swManzana is the client17:07
arrrghhhand svrChao1 is the server17:07
jak2000i generate the key on swManzana17:08
arrrghhhyou also already had keys in .ssh17:08
arrrghhhmay want to rm .ssh and start over... although that shouldn't be necessary17:08
arrrghhhjak2000, also why did you ssh-copy-id -i?17:10
arrrghhhI need to lookup what -i does... I don't see that in the guide17:10
arrrghhhah that is to specify the identity file17:10
jak2000i want copy a file with scp, from swManzana to svrChaol17:11
jak2000start over again17:11
jak2000deleteing on swManzana, the dir: ~/.ssh17:12
arrrghhhso wait17:13
arrrghhhswManzana is the client or the server?17:13
jak2000i want copy a file with scp, from swManzana(i think it the client) to svrChaol (i think is the server)17:14
arrrghhhso the file is on swManzana?  I mean you can transfer the file in either direction using SCP I believe, just curious how you want this paradigm to work17:16
jak2000yes the file is on swManzana17:16
arrrghhhyea so SCP doesn't care really, you can flip local and remote and either upload or download depending17:17
arrrghhhjak2000, cat .ssh/authorized_keys and make sure your client pubkey is there17:18
arrrghhhshould say "ssh-rsa badskgohweorfiajsdfokj user@host17:19
jak2000in wich  sever (swManzana)?17:21
arrrghhhweird looking at my sshd_config the AuthorizedKeysFile is commented out... I wonder if it just defaults to the one in %h17:21
arrrghhhjak2000, swManzana you said was the client I thought17:21
arrrghhhso the authorized_keys is on the server side17:22
jak2000arrrghhh: http://pastie.org/1072437017:24
jak2000now copy the file with ssh-copy-id  ?17:24
arrrghhhauthorized_keys is not on the client17:25
arrrghhhit's on the server17:25
arrrghhhalso if you want to manually update the file, use >> to append17:25
arrrghhhcat id_rsa.pub >> authorized_keys17:25
arrrghhhbut I would just use ssh-copy-id as it's easier17:26
jak2000and then ssh-copy17:27
jak2000error: http://pastie.org/1072437817:29
jak2000the command would be: ssh-copy-id ~/.ssh/id_rsa.pub jak@      ?17:30
arrrghhhjak2000, if you are specifying the file you need -i lol17:33
arrrghhhI just went over that above.......17:33
arrrghhhif you don't specify the file, no need for -i17:33
jak2000i dont specify the filename17:34
arrrghhhuhm.  look at the command you're passing...17:35
arrrghhh~/.ssh/id_rsa.pub would be sepcifying the filename ;)17:35
arrrghhhspecifying even17:35
jak2000then the command is simple: ssh-copy-id  jak@     ?17:36
=== kickinz1 is now known as kickinz1|afk
jak2000now: on swManzana     ssh jak@    ?17:37
jak2000ask me a password17:38
jak2000and retype the command:  ssh jak@
jak2000and ask me again the password :(17:38
arrrghhhso on the server, check authorized_keys17:38
arrrghhhdoes it look good?17:38
RoyKan check if authorized_keys is 060017:39
RoyK0644 or something won't be tolerated17:39
arrrghhhyea I mentioned perms17:39
jak2000comparing:swManzan .ssh/id_rsa.pub    with svrChaol: authorized_keys        the file -rw------- 1 jak jak 739 Feb 16 12:35 authorized_keys17:39
RoyKsshd will tell in the logs17:40
arrrghhhI also mentioned checking the authorized_hosts file17:40
arrrghhher keys17:40
jak2000exact files: swManzana id_rsa.pub     svrChaol authorized_keys  exact files17:41
arrrghhhjak2000, walk through the troubleshooting section please17:42
arrrghhhthere's checks for perms, looking at logs, etc17:42
jak2000ok, RoyK mentioned: "sshd will tell in the logs"17:42
jak2000in wich log check wich is the problem?17:42
arrrghhhjak2000, please... read... the TS section17:43
arrrghhhgo through that whole section17:43
arrrghhhat the end you'll come to the debugging part.... go through all of it first17:43
jak2000arrrghhh: http://pastie.org/1072441018:00
arrrghhhjak2000, missing begin marker...?  did you check your private key?18:00
jak2000i have the file18:04
jak2000but how to check?18:04
arrrghhhnano or cat?18:05
jak2000ok cat18:22
jak2000see please: http://pastie.org/1072444618:24
arrrghhhok you'll want to create a new key just FYI18:25
arrrghhhlet me look at mine18:25
jak2000the files is: /home/jak/.ssh/     cat id_rsa18:25
jak2000ok erase and recreate the key?18:25
arrrghhhwell you should never share your private keys18:27
arrrghhhjsut FYI18:27
arrrghhhI didn't mean for you to paste all of the key sorry :)18:27
jak2000i modified it :)18:27
jak2000no problem18:27
jak2000but th key is generated18:27
arrrghhhI think something is wrong with the header18:28
arrrghhhwhich doesn't make sense the ssh-keygen should create a valid private key...18:28
arrrghhhjak2000, I don't have this header in mine18:31
arrrghhhProc-Type and DEK-Info18:33
arrrghhhI just have the ----BEGIN---- the key, then ---END----18:33
arrrghhhjak2000, you did -t rsa right when you did rsa-keygen?18:35
arrrghhhssh-keygen rather18:35
arrrghhhlooks like you did in your paste18:36
jak2000i generate: ssh-keygen -t rsa -b 409618:36
arrrghhhI wonder if -b 4096 would cause the header to appear different...?  either way, I would remove that header18:36
arrrghhhjak2000, worked?18:55
apesAnyone know the state of the glibc update for Ubuntu?19:00
ogra_apes, in the works19:00
ogra_apes, assuming you talk about http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7547.html19:02
jdstrandit is in progress19:07
jdstrandit should be out within a couple/few hours19:07
arrrghhhjak2000, Imma head out, still curious tho if it fixed it for you19:19
rbasakDaviey: do you know who has ops on this channel? I'd like to set the topic to point to #ubuntu-hardened's topic for glibc CVE questions, as that seems to be an FAQ today.19:20
rbasak(soren set it last but isn't here)19:21
=== Pici changed the topic of #ubuntu-server to: Ubuntu Server discussion and support | For general (not server specific) support, try #ubuntu | IRC Guidelines: https://wiki.ubuntu.com/IrcGuidelines | https://wiki.ubuntu.com/ServerTeam/GettingInvolved | Docs and resources: https://help.ubuntu.com/14.04/serverguide/ | See http://ubottu.com/y/cve20157547 for glibc CVE status, or #ubuntu-hardened for more information
apesogra_: Yes19:27
rbasakThanks Pici!19:50
=== dax is now known as rww
=== rww is now known as dax
Slingwtb libc6 update!20:53
Sling( https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html )20:53
mdeslaurSling: it'll be out soon20:56
Slingmy window isn't that wide ;)20:57
Slingbut alright, i'll keep an eye out20:57
=== Luke_ is now known as Luke
SlingThe following packages will be upgraded: libc-bin libc-dev-bin libc6 libc6-dev multiarch-support22:21
OerHeksPici, i think you can remove the glibc part in the topic, updates are out.23:03
=== Luke_ is now known as Luke
=== neunon_ is now known as neunon
=== teward- is now known as teward
=== akaWolf1 is now known as akaWolf
=== clayton_ is now known as clayton
=== EmilienM_ is now known as EmilienM
=== EmilienM is now known as Guest28836
=== fidothe_ is now known as fidothe
=== AMZ__ is now known as AMZ_
=== bekks_ is now known as bekks
=== OliPicard_ is now known as OliPicard
=== robher_ is now known as robher
=== jrgifford_ is now known as jrgifford
=== Guest28836 is now known as EmilienM
=== tgm4883_ is now known as tgm4883
=== X-Rob_ is now known as X-Rob
=== stgraber_ is now known as stgraber

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!