| igneus | updated the pastebin with the results (at the top) http://pastebin.com/QFuQ3H90 | 00:02 |
|---|---|---|
| igneus | though, I ran the same commands on my working Ubuntu-Mate VM (on this machine) and notice the server is missing some information, though I don't know the importance of it | 00:03 |
| tarpman | i'm right, there is no route via 192.168.1.1 | 00:04 |
| igneus | sweet! .... what do we do about it? lol | 00:04 |
| tarpman | like I said, comment out the gateway while you take down the interface | 00:04 |
| tarpman | it can't delete a route that doesn't exist - that's the 'no such process' you got | 00:05 |
| igneus | ok, so comment out the gateway line, then run "sudo ifdown eth0"? | 00:05 |
| tarpman | yeah, then assuming that works, restore it before ifup | 00:05 |
| igneus | gotch ya, here's hoping! | 00:06 |
| === thumper-dogwalk is now known as thumper | ||
| igneus | ok, running ifdown with gateway commented out worked (I suppose) because it did not state anything, however, running ifup after removing the comment on gateway reported network unreachable | 00:11 |
| igneus | so, using the interface dhcp setup plus the line "post-up route add default via 192.168.1.1 dev eth0" that allows it to almost get up, I can now ping the gateway, but cannot ping the server from another device | 00:29 |
| tarpman | if it reported "network unreachable", it probably had a good reason for doing so ... | 00:32 |
| igneus | so route now contains the gateway, but it also contains a record for "192.68.1.0" and "192.168.1.0", not sure where that false record/route is coming from | 00:32 |
| tarpman | 192.68. sounds like a typo somewhere | 00:32 |
| igneus | that's what I thought, but I do not see one in my interfaces file | 00:32 |
| tarpman | 192.168.1.0 - traffic to things on the same subnet is direct, no gateway involved | 00:32 |
| igneus | know of another place I might need to check out? | 00:33 |
| tarpman | cruft left over from previous attempts? did you ever try just rebooting with a sane interfaces file in place? ("sane" - none of this "post-up route" stuff :P) | 00:33 |
| igneus | yes, I did | 00:33 |
| igneus | I tried with a basic dhcp setup and the basic static setup from the pastebin | 00:34 |
| igneus | I am considering too, given the time looking into this, of trying to just reload the ubuntu-server onto the HDD | 00:35 |
| igneus | it's a fresh install, that was working, and when I moved the server, it decided to not want to work | 00:35 |
| === baggar11_ is now known as baggar11 | ||
| === unreal_ is now known as unreal | ||
| === inteus_ is now known as oheresy | ||
| === oheresy is now known as inteus | ||
| === cryptodan_deskto is now known as cryptodan | ||
| cpaelzer | good morning | 05:44 |
| === vbotka_ is now known as vbotka | ||
| === kickinz1|afk is now known as kickinz1 | ||
| Razva | it seems that my LAN servers cannot detect MAAS DHCP. any ideas of how to debug this? | 11:20 |
| Razva | dhcpd 6631 0.0 0.0 32916 13324 ? Ss 13:04 0:00 dhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/maas/dhcp/dhcpd.pid -cf /var/lib/maas/dhcpd.conf -lf /var/lib/maas/dhcp/dhcpd.leases eno2 | 11:20 |
| Razva | eno2 being the LAN nic | 11:20 |
| rbasak | stgraber: lxd seems to ignore http_proxy and https_proxy. I can't get it to hit the proxy server instead of going direct when launching an image. | 11:34 |
| rbasak | http://paste.ubuntu.com/15090404/ | 11:34 |
| zants | hi | 12:17 |
| Razva | is there any way for me to see what commands is executing a user via bash, real-time? | 13:07 |
| BlackDex | Razva: `ps fauxww | less` but not that realtime | 13:19 |
| stgraber | rbasak: hmm, I remember seeing code that was handling this, could be that it's not covering all code paths... | 13:57 |
| === Guest76507 is now known as med_ | ||
| med_ | jamespage, what OVS version and kernel are you running in the OIL lab? We're having packet loss issues. | 14:13 |
| med_ | s/you/Ubuntu & Canonical/ | 14:13 |
| jamespage | med_, probably the same as you | 14:14 |
| jamespage | med_, which ovs release are you on? | 14:14 |
| jamespage | os release rather | 14:14 |
| med_ | trusty | 14:14 |
| med_ | +UCA | 14:14 |
| jamespage | which pocket? | 14:15 |
| med_ | liberty testin (kilo in prod) | 14:15 |
| med_ | we've been using -proposed for this testing | 14:15 |
| med_ | we've tried a number of kernels and OVS including the xenial proposed kernel and wily | 14:15 |
| jamespage | actually the kernel version might be more pertinent here | 14:16 |
| med_ | yep | 14:17 |
| med_ | we've tried the lts trusty kernel (3.0.13 series) the wily and the xenial proposed | 14:17 |
| med_ | kernels | 14:17 |
| jamespage | I have a cloud where I'm running liberty with the wily 4.2 kernel - do you see errors with that combo? | 14:18 |
| jamespage | med_, ^^ ? | 14:18 |
| med_ | checking | 14:18 |
| med_ | 3.19.0-32 showed the errors | 14:18 |
| med_ | jamespage, ^ | 14:19 |
| med_ | so correction jamespage, the bulk of our testing has been with Kilo at this point, not liberty | 14:19 |
| jamespage | hmm ok | 14:19 |
| med_ | but that kernel is correct (t, w, and x) | 14:19 |
| jamespage | med_, so you saw the problem as a result of a kernel update? just trying to id the point when things changed for the worse | 14:34 |
| med_ | we started anaylysing the problem due to tenant complaints of lost packets. | 14:34 |
| med_ | kinf of an all out effort now. No real changes had occurred. Just better trained, more sophisticated tenants asking better questions with more data, jamespage | 14:35 |
| frickler | is anyone working on a fixed release for https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html already? | 15:36 |
| ubottu | sourceware.org bug 2016 in libc "argp --help infloop, via ARGP_HELP_FMT envvar" [Normal,Reopened] | 15:36 |
| arrrghhh | hey all. I have a cron.daily job setup to email me a 'status report' on the server - this works fine, but a few minutes after the report I sent I always get a second email about the "Reported file <x> generated in current directory" - how can I suppress this second email? | 15:37 |
| rbasak | frickler: see #ubuntu-hardened. "no eta yet". | 15:44 |
| jgrimm | meeting time | 16:00 |
| jak2000 | hi all how to use, ssh-keygen -t rsa -b 4096 ? i want use scp command without ask me a password, thanks | 16:38 |
| cpaelzer | jak2000: that should give you the right details https://help.ubuntu.com/community/SSH/OpenSSH/Keys | 16:40 |
| cpaelzer | jak2000: it is not only creating but also putting the key on the remote server which is the req for PW-less login (and scp) | 16:40 |
| frickler | rbasak: thx for the pointer | 16:47 |
| jak2000 | cpaelzer i try connect ssh@ip and ask and ask me the password | 16:54 |
| jak2000 | why? | 16:54 |
| arrrghhh | jak2000, did you disable password auth on the server? | 16:55 |
| jak2000 | wait pls | 16:56 |
| jak2000 | creating pastie | 16:56 |
| arrrghhh | "PasswordAuthentication no" in /etc/ssh/sshd_config | 16:56 |
| jak2000 | in wich server? | 16:56 |
| arrrghhh | on THE server | 16:56 |
| jak2000 | but i want work with ssh keys | 16:56 |
| arrrghhh | we're just talking about a client and a server here | 16:56 |
| arrrghhh | I know | 16:56 |
| arrrghhh | so disable password auth | 16:56 |
| arrrghhh | it'll force keys | 16:56 |
| arrrghhh | jak2000, perhaps I didn't ask an essential question... are you using the key when you try to auth? | 16:57 |
| jak2000 | arrrghhh: http://pastie.org/10724337 | 17:01 |
| jak2000 | here the steps... | 17:01 |
| jak2000 | see last step? ask me again the password, why? | 17:02 |
| jak2000 | need sisable password auth? | 17:02 |
| arrrghhh | jak2000, you don't have to no | 17:03 |
| arrrghhh | but that would force only key-based auth | 17:03 |
| arrrghhh | sigh... I guess let me parse through all of this... | 17:05 |
| jak2000 | ok you see any BAD steps? | 17:05 |
| arrrghhh | not yet | 17:05 |
| arrrghhh | I don't do this every day tho, I setup keys on my server a year or two ago... lol | 17:06 |
| arrrghhh | jak2000, did you check the troubleshooting section? | 17:06 |
| arrrghhh | perms need to be right | 17:06 |
| arrrghhh | if you do disable password auth I would leave a SSH session open in case it doesn't work | 17:06 |
| jak2000 | man in this case the host is swMAnzana right? | 17:07 |
| arrrghhh | you tell me... | 17:07 |
| arrrghhh | which is the client which is the server? | 17:07 |
| arrrghhh | based on your paste, I would assume swManzana is the client | 17:07 |
| arrrghhh | and svrChao1 is the server | 17:07 |
| jak2000 | i generate the key on swManzana | 17:08 |
| arrrghhh | you also already had keys in .ssh | 17:08 |
| arrrghhh | may want to rm .ssh and start over... although that shouldn't be necessary | 17:08 |
| jak2000 | ok | 17:10 |
| arrrghhh | jak2000, also why did you ssh-copy-id -i? | 17:10 |
| arrrghhh | I need to lookup what -i does... I don't see that in the guide | 17:10 |
| arrrghhh | ah that is to specify the identity file | 17:10 |
| jak2000 | i want copy a file with scp, from swManzana to svrChaol | 17:11 |
| jak2000 | start over again | 17:11 |
| jak2000 | deleteing on swManzana, the dir: ~/.ssh | 17:12 |
| arrrghhh | so wait | 17:13 |
| arrrghhh | swManzana is the client or the server? | 17:13 |
| jak2000 | i want copy a file with scp, from swManzana(i think it the client) to svrChaol (i think is the server) | 17:14 |
| arrrghhh | so the file is on swManzana? I mean you can transfer the file in either direction using SCP I believe, just curious how you want this paradigm to work | 17:16 |
| jak2000 | yes the file is on swManzana | 17:16 |
| arrrghhh | yea so SCP doesn't care really, you can flip local and remote and either upload or download depending | 17:17 |
| arrrghhh | jak2000, cat .ssh/authorized_keys and make sure your client pubkey is there | 17:18 |
| arrrghhh | should say "ssh-rsa badskgohweorfiajsdfokj user@host | 17:19 |
| arrrghhh | " | 17:19 |
| jak2000 | in wich sever (swManzana)? | 17:21 |
| arrrghhh | weird looking at my sshd_config the AuthorizedKeysFile is commented out... I wonder if it just defaults to the one in %h | 17:21 |
| arrrghhh | jak2000, swManzana you said was the client I thought | 17:21 |
| arrrghhh | so the authorized_keys is on the server side | 17:22 |
| jak2000 | arrrghhh: http://pastie.org/10724370 | 17:24 |
| jak2000 | now copy the file with ssh-copy-id ? | 17:24 |
| arrrghhh | authorized_keys is not on the client | 17:25 |
| arrrghhh | it's on the server | 17:25 |
| arrrghhh | also if you want to manually update the file, use >> to append | 17:25 |
| arrrghhh | cat id_rsa.pub >> authorized_keys | 17:25 |
| arrrghhh | but I would just use ssh-copy-id as it's easier | 17:26 |
| jak2000 | ok | 17:27 |
| jak2000 | erasing | 17:27 |
| jak2000 | and then ssh-copy | 17:27 |
| jak2000 | error: http://pastie.org/10724378 | 17:29 |
| jak2000 | why? | 17:29 |
| jak2000 | the command would be: ssh-copy-id ~/.ssh/id_rsa.pub jak@162.252.242.4/.ssh/authorized_keys ? | 17:30 |
| arrrghhh | jak2000, if you are specifying the file you need -i lol | 17:33 |
| arrrghhh | I just went over that above....... | 17:33 |
| arrrghhh | if you don't specify the file, no need for -i | 17:33 |
| jak2000 | i dont specify the filename | 17:34 |
| arrrghhh | uhm. look at the command you're passing... | 17:35 |
| arrrghhh | ~/.ssh/id_rsa.pub would be sepcifying the filename ;) | 17:35 |
| arrrghhh | specifying even | 17:35 |
| jak2000 | then the command is simple: ssh-copy-id jak@162.252.242.4 ? | 17:36 |
| === kickinz1 is now known as kickinz1|afk | ||
| arrrghhh | yes | 17:37 |
| jak2000 | done | 17:37 |
| jak2000 | now: on swManzana ssh jak@162.252.242.4 ? | 17:37 |
| jak2000 | ask me a password | 17:38 |
| jak2000 | exit | 17:38 |
| arrrghhh | ok | 17:38 |
| jak2000 | and retype the command: ssh jak@162.252.242.4 | 17:38 |
| jak2000 | and ask me again the password :( | 17:38 |
| arrrghhh | so on the server, check authorized_keys | 17:38 |
| jak2000 | ok | 17:38 |
| arrrghhh | does it look good? | 17:38 |
| RoyK | an check if authorized_keys is 0600 | 17:39 |
| RoyK | 0644 or something won't be tolerated | 17:39 |
| arrrghhh | yea I mentioned perms | 17:39 |
| jak2000 | comparing:swManzan .ssh/id_rsa.pub with svrChaol: authorized_keys the file -rw------- 1 jak jak 739 Feb 16 12:35 authorized_keys | 17:39 |
| RoyK | sshd will tell in the logs | 17:40 |
| arrrghhh | I also mentioned checking the authorized_hosts file | 17:40 |
| arrrghhh | er keys | 17:40 |
| jak2000 | exact files: swManzana id_rsa.pub svrChaol authorized_keys exact files | 17:41 |
| arrrghhh | jak2000, walk through the troubleshooting section please | 17:42 |
| arrrghhh | there's checks for perms, looking at logs, etc | 17:42 |
| jak2000 | ok, RoyK mentioned: "sshd will tell in the logs" | 17:42 |
| jak2000 | in wich log check wich is the problem? | 17:42 |
| arrrghhh | jak2000, please... read... the TS section | 17:43 |
| jak2000 | ok | 17:43 |
| arrrghhh | https://help.ubuntu.com/community/SSH/OpenSSH/Keys | 17:43 |
| arrrghhh | go through that whole section | 17:43 |
| arrrghhh | at the end you'll come to the debugging part.... go through all of it first | 17:43 |
| jak2000 | arrrghhh: http://pastie.org/10724410 | 18:00 |
| arrrghhh | jak2000, missing begin marker...? did you check your private key? | 18:00 |
| jak2000 | i have the file | 18:04 |
| jak2000 | but how to check? | 18:04 |
| arrrghhh | nano or cat? | 18:05 |
| jak2000 | ok cat | 18:22 |
| jak2000 | see please: http://pastie.org/10724446 | 18:24 |
| arrrghhh | ok you'll want to create a new key just FYI | 18:25 |
| arrrghhh | let me look at mine | 18:25 |
| jak2000 | the files is: /home/jak/.ssh/ cat id_rsa | 18:25 |
| jak2000 | ok erase and recreate the key? | 18:25 |
| arrrghhh | well you should never share your private keys | 18:27 |
| arrrghhh | jsut FYI | 18:27 |
| arrrghhh | I didn't mean for you to paste all of the key sorry :) | 18:27 |
| jak2000 | i modified it :) | 18:27 |
| jak2000 | no problem | 18:27 |
| jak2000 | but th key is generated | 18:27 |
| arrrghhh | I think something is wrong with the header | 18:28 |
| arrrghhh | which doesn't make sense the ssh-keygen should create a valid private key... | 18:28 |
| arrrghhh | jak2000, I don't have this header in mine | 18:31 |
| arrrghhh | Proc-Type and DEK-Info | 18:33 |
| arrrghhh | I just have the ----BEGIN---- the key, then ---END---- | 18:33 |
| arrrghhh | jak2000, you did -t rsa right when you did rsa-keygen? | 18:35 |
| arrrghhh | ssh-keygen rather | 18:35 |
| arrrghhh | looks like you did in your paste | 18:36 |
| jak2000 | i generate: ssh-keygen -t rsa -b 4096 | 18:36 |
| arrrghhh | I wonder if -b 4096 would cause the header to appear different...? either way, I would remove that header | 18:36 |
| jak2000 | ok | 18:38 |
| arrrghhh | jak2000, worked? | 18:55 |
| apes | Anyone know the state of the glibc update for Ubuntu? | 19:00 |
| ogra_ | apes, in the works | 19:00 |
| ogra_ | apes, assuming you talk about http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7547.html | 19:02 |
| jdstrand | it is in progress | 19:07 |
| jdstrand | it should be out within a couple/few hours | 19:07 |
| arrrghhh | jak2000, Imma head out, still curious tho if it fixed it for you | 19:19 |
| rbasak | Daviey: do you know who has ops on this channel? I'd like to set the topic to point to #ubuntu-hardened's topic for glibc CVE questions, as that seems to be an FAQ today. | 19:20 |
| rbasak | (soren set it last but isn't here) | 19:21 |
| === Pici changed the topic of #ubuntu-server to: Ubuntu Server discussion and support | For general (not server specific) support, try #ubuntu | IRC Guidelines: https://wiki.ubuntu.com/IrcGuidelines | https://wiki.ubuntu.com/ServerTeam/GettingInvolved | Docs and resources: https://help.ubuntu.com/14.04/serverguide/ | See http://ubottu.com/y/cve20157547 for glibc CVE status, or #ubuntu-hardened for more information | ||
| apes | ogra_: Yes | 19:27 |
| rbasak | Thanks Pici! | 19:50 |
| Pici | np | 19:50 |
| === dax is now known as rww | ||
| === rww is now known as dax | ||
| Sling | wtb libc6 update! | 20:53 |
| Sling | ( https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html ) | 20:53 |
| arlen | topic | 20:55 |
| mdeslaur | Sling: it'll be out soon | 20:56 |
| Sling | ah | 20:57 |
| Sling | my window isn't that wide ;) | 20:57 |
| Sling | but alright, i'll keep an eye out | 20:57 |
| === Luke_ is now known as Luke | ||
| sarnold | http://www.ubuntu.com/usn/usn-2900-1/ | 22:21 |
| Sling | The following packages will be upgraded: libc-bin libc-dev-bin libc6 libc6-dev multiarch-support | 22:21 |
| Sling | yey | 22:21 |
| Sling | (14.04) | 22:21 |
| OerHeks | Pici, i think you can remove the glibc part in the topic, updates are out. | 23:03 |
| === Luke_ is now known as Luke | ||
| === neunon_ is now known as neunon | ||
| === teward- is now known as teward | ||
| === akaWolf1 is now known as akaWolf | ||
| === clayton_ is now known as clayton | ||
| === EmilienM_ is now known as EmilienM | ||
| === EmilienM is now known as Guest28836 | ||
| === fidothe_ is now known as fidothe | ||
| === AMZ__ is now known as AMZ_ | ||
| === bekks_ is now known as bekks | ||
| === OliPicard_ is now known as OliPicard | ||
| === robher_ is now known as robher | ||
| === jrgifford_ is now known as jrgifford | ||
| === Guest28836 is now known as EmilienM | ||
| === tgm4883_ is now known as tgm4883 | ||
| === X-Rob_ is now known as X-Rob | ||
| === stgraber_ is now known as stgraber | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!