[00:02] <igneus> updated the pastebin with the results (at the top) http://pastebin.com/QFuQ3H90
[00:03] <igneus> though, I ran the same commands on my working Ubuntu-Mate VM (on this machine) and notice the server is missing some information, though I don't know the importance of it
[00:04] <tarpman> i'm right, there is no route via 192.168.1.1
[00:04] <igneus> sweet! .... what do we do about it? lol
[00:04] <tarpman> like I said, comment out the gateway while you take down the interface
[00:05] <tarpman> it can't delete a route that doesn't exist - that's the 'no such process' you got
[00:05] <igneus> ok, so comment out the gateway line, then run "sudo ifdown eth0"?
[00:05] <tarpman> yeah, then assuming that works, restore it before ifup
[00:06] <igneus> gotch ya, here's hoping!
[00:11] <igneus> ok, running ifdown with gateway commented out worked (I suppose) because it did not state anything, however, running ifup after removing the comment on gateway reported network unreachable
[00:29] <igneus> so, using the interface dhcp setup plus the line "post-up route add default via 192.168.1.1 dev eth0" that allows it to almost get up, I can now ping the gateway, but cannot ping the server from another device
[00:32] <tarpman> if it reported "network unreachable", it probably had a good reason for doing so ...
[00:32] <igneus> so route now contains the gateway, but it also contains a record for "192.68.1.0" and "192.168.1.0", not sure where that false record/route is coming from
[00:32] <tarpman> 192.68. sounds like a typo somewhere
[00:32] <igneus> that's what I thought, but I do not see one in my interfaces file
[00:32] <tarpman> 192.168.1.0 - traffic to things on the same subnet is direct, no gateway involved
[00:33] <igneus> know of another place I might need to check out?
[00:33] <tarpman> cruft left over from previous attempts?  did you ever try just rebooting with a sane interfaces file in place? ("sane" - none of this "post-up route" stuff :P)
[00:33] <igneus> yes, I did
[00:34] <igneus> I tried with a basic dhcp setup and the basic static setup from the pastebin
[00:35] <igneus> I am considering too, given the time looking into this, of trying to just reload the ubuntu-server onto the HDD
[00:35] <igneus> it's a fresh install, that was working, and when I moved the server, it decided to not want to work
[05:44] <cpaelzer> good morning
[11:20] <Razva> it seems that my LAN servers cannot detect MAAS DHCP. any ideas of how to debug this?
[11:20] <Razva> dhcpd     6631  0.0  0.0  32916 13324 ?        Ss   13:04   0:00 dhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/maas/dhcp/dhcpd.pid -cf /var/lib/maas/dhcpd.conf -lf /var/lib/maas/dhcp/dhcpd.leases eno2
[11:20] <Razva> eno2 being the LAN nic
[11:34] <rbasak> stgraber: lxd seems to ignore http_proxy and https_proxy. I can't get it to hit the proxy server instead of going direct when launching an image.
[11:34] <rbasak> http://paste.ubuntu.com/15090404/
[12:17] <zants> hi
[13:07] <Razva> is there any way for me to see what commands is executing a user via bash, real-time?
[13:19] <BlackDex> Razva: `ps fauxww | less` but not that realtime
[13:57] <stgraber> rbasak: hmm, I remember seeing code that was handling this, could be that it's not covering all code paths...
[14:13] <med_> jamespage, what OVS version and kernel are you running in the OIL lab? We're having packet loss issues.
[14:13] <med_> s/you/Ubuntu & Canonical/
[14:14] <jamespage> med_, probably the same as you
[14:14] <jamespage> med_, which ovs release are you on?
[14:14] <jamespage> os release rather
[14:14] <med_> trusty
[14:14] <med_> +UCA
[14:15] <jamespage> which pocket?
[14:15] <med_> liberty testin (kilo in prod)
[14:15] <med_> we've been using -proposed for this testing
[14:15] <med_> we've tried a number of kernels and OVS including the xenial proposed kernel and wily
[14:16] <jamespage> actually the kernel version might be more pertinent here
[14:17] <med_> yep
[14:17] <med_> we've tried the lts trusty kernel (3.0.13 series) the wily and the xenial proposed
[14:17] <med_> kernels
[14:18] <jamespage> I have a cloud where I'm running liberty with the wily 4.2 kernel - do you see errors with that combo?
[14:18] <jamespage> med_, ^^ ?
[14:18] <med_> checking
[14:18] <med_> 3.19.0-32 showed the errors
[14:19] <med_> jamespage, ^
[14:19] <med_> so correction jamespage, the bulk of our testing has been with Kilo at this point, not liberty
[14:19] <jamespage> hmm ok
[14:19] <med_> but that kernel is correct (t, w, and x)
[14:34] <jamespage> med_, so you saw the problem as a result of a kernel update? just trying to id the point when things changed for the worse
[14:34] <med_> we started anaylysing the problem due to tenant complaints of lost packets.
[14:35] <med_> kinf of an all out effort now. No real changes had occurred. Just better trained, more sophisticated tenants asking better questions with more data, jamespage
[15:36] <frickler> is anyone working on a fixed release for https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html already?
[15:37] <arrrghhh> hey all.  I have a cron.daily job setup to email me a 'status report' on the server - this works fine, but a few minutes after the report I sent I always get a second email about the "Reported file <x> generated in current directory" - how can I suppress this second email?
[15:44] <rbasak> frickler: see #ubuntu-hardened. "no eta yet".
[16:00] <jgrimm> meeting time
[16:38] <jak2000> hi all how to use, ssh-keygen -t rsa -b 4096   ? i want use scp command without ask me a password, thanks
[16:40] <cpaelzer> jak2000: that should give you the right details https://help.ubuntu.com/community/SSH/OpenSSH/Keys
[16:40] <cpaelzer> jak2000: it is not only creating but also putting the key on the remote server which is the req for PW-less login (and scp)
[16:47] <frickler> rbasak: thx for the pointer
[16:54] <jak2000> cpaelzer i try connect ssh@ip and ask and ask me the password
[16:54] <jak2000> why?
[16:55] <arrrghhh> jak2000, did you disable password auth on the server?
[16:56] <jak2000> wait pls
[16:56] <jak2000> creating pastie
[16:56] <arrrghhh> "PasswordAuthentication no" in /etc/ssh/sshd_config
[16:56] <jak2000> in wich server?
[16:56] <arrrghhh> on THE server
[16:56] <jak2000> but i want work with ssh keys
[16:56] <arrrghhh> we're just talking about a client and a server here
[16:56] <arrrghhh> I know
[16:56] <arrrghhh> so disable password auth
[16:56] <arrrghhh> it'll force keys
[16:57] <arrrghhh> jak2000, perhaps I didn't ask an essential question... are you using the key when you try to auth?
[17:01] <jak2000> arrrghhh: http://pastie.org/10724337
[17:01] <jak2000> here the steps...
[17:02] <jak2000> see last step? ask me again the password, why?
[17:02] <jak2000> need sisable password auth?
[17:03] <arrrghhh> jak2000, you don't have to no
[17:03] <arrrghhh> but that would force only key-based auth
[17:05] <arrrghhh> sigh... I guess let me parse through all of this...
[17:05] <jak2000> ok you see any BAD steps?
[17:05] <arrrghhh> not yet
[17:06] <arrrghhh> I don't do this every day tho, I setup keys on my server a year or two ago... lol
[17:06] <arrrghhh> jak2000, did you check the troubleshooting section?
[17:06] <arrrghhh> perms need to be right
[17:06] <arrrghhh> if you do disable password auth I would leave a SSH session open in case it doesn't work
[17:07] <jak2000> man in this case the host is swMAnzana right?
[17:07] <arrrghhh> you tell me...
[17:07] <arrrghhh> which is the client which is the server?
[17:07] <arrrghhh> based on your paste, I would assume swManzana is the client
[17:07] <arrrghhh> and svrChao1 is the server
[17:08] <jak2000> i generate the key on swManzana
[17:08] <arrrghhh> you also already had keys in .ssh
[17:08] <arrrghhh> may want to rm .ssh and start over... although that shouldn't be necessary
[17:10] <jak2000> ok
[17:10] <arrrghhh> jak2000, also why did you ssh-copy-id -i?
[17:10] <arrrghhh> I need to lookup what -i does... I don't see that in the guide
[17:10] <arrrghhh> ah that is to specify the identity file
[17:11] <jak2000> i want copy a file with scp, from swManzana to svrChaol
[17:11] <jak2000> start over again
[17:12] <jak2000> deleteing on swManzana, the dir: ~/.ssh
[17:13] <arrrghhh> so wait
[17:13] <arrrghhh> swManzana is the client or the server?
[17:14] <jak2000> i want copy a file with scp, from swManzana(i think it the client) to svrChaol (i think is the server)
[17:16] <arrrghhh> so the file is on swManzana?  I mean you can transfer the file in either direction using SCP I believe, just curious how you want this paradigm to work
[17:16] <jak2000> yes the file is on swManzana
[17:17] <arrrghhh> yea so SCP doesn't care really, you can flip local and remote and either upload or download depending
[17:18] <arrrghhh> jak2000, cat .ssh/authorized_keys and make sure your client pubkey is there
[17:19] <arrrghhh> should say "ssh-rsa badskgohweorfiajsdfokj user@host
[17:19] <arrrghhh> "
[17:21] <jak2000> in wich  sever (swManzana)?
[17:21] <arrrghhh> weird looking at my sshd_config the AuthorizedKeysFile is commented out... I wonder if it just defaults to the one in %h
[17:21] <arrrghhh> jak2000, swManzana you said was the client I thought
[17:22] <arrrghhh> so the authorized_keys is on the server side
[17:24] <jak2000> arrrghhh: http://pastie.org/10724370
[17:24] <jak2000> now copy the file with ssh-copy-id  ?
[17:25] <arrrghhh> authorized_keys is not on the client
[17:25] <arrrghhh> it's on the server
[17:25] <arrrghhh> also if you want to manually update the file, use >> to append
[17:25] <arrrghhh> cat id_rsa.pub >> authorized_keys
[17:26] <arrrghhh> but I would just use ssh-copy-id as it's easier
[17:27] <jak2000> ok
[17:27] <jak2000> erasing
[17:27] <jak2000> and then ssh-copy
[17:29] <jak2000> error: http://pastie.org/10724378
[17:29] <jak2000> why?
[17:30] <jak2000> the command would be: ssh-copy-id ~/.ssh/id_rsa.pub jak@162.252.242.4/.ssh/authorized_keys      ?
[17:33] <arrrghhh> jak2000, if you are specifying the file you need -i lol
[17:33] <arrrghhh> I just went over that above.......
[17:33] <arrrghhh> if you don't specify the file, no need for -i
[17:34] <jak2000> i dont specify the filename
[17:35] <arrrghhh> uhm.  look at the command you're passing...
[17:35] <arrrghhh> ~/.ssh/id_rsa.pub would be sepcifying the filename ;)
[17:35] <arrrghhh> specifying even
[17:36] <jak2000> then the command is simple: ssh-copy-id  jak@162.252.242.4     ?
[17:37] <arrrghhh> yes
[17:37] <jak2000> done
[17:37] <jak2000> now: on swManzana     ssh jak@162.252.242.4    ?
[17:38] <jak2000> ask me a password
[17:38] <jak2000> exit
[17:38] <arrrghhh> ok
[17:38] <jak2000> and retype the command:  ssh jak@162.252.242.4
[17:38] <jak2000> and ask me again the password :(
[17:38] <arrrghhh> so on the server, check authorized_keys
[17:38] <jak2000> ok
[17:38] <arrrghhh> does it look good?
[17:39] <RoyK> an check if authorized_keys is 0600
[17:39] <RoyK> 0644 or something won't be tolerated
[17:39] <arrrghhh> yea I mentioned perms
[17:39] <jak2000> comparing:swManzan .ssh/id_rsa.pub    with svrChaol: authorized_keys        the file -rw------- 1 jak jak 739 Feb 16 12:35 authorized_keys
[17:40] <RoyK> sshd will tell in the logs
[17:40] <arrrghhh> I also mentioned checking the authorized_hosts file
[17:40] <arrrghhh> er keys
[17:41] <jak2000> exact files: swManzana id_rsa.pub     svrChaol authorized_keys  exact files
[17:42] <arrrghhh> jak2000, walk through the troubleshooting section please
[17:42] <arrrghhh> there's checks for perms, looking at logs, etc
[17:42] <jak2000> ok, RoyK mentioned: "sshd will tell in the logs"
[17:42] <jak2000> in wich log check wich is the problem?
[17:43] <arrrghhh> jak2000, please... read... the TS section
[17:43] <jak2000> ok
[17:43] <arrrghhh> https://help.ubuntu.com/community/SSH/OpenSSH/Keys
[17:43] <arrrghhh> go through that whole section
[17:43] <arrrghhh> at the end you'll come to the debugging part.... go through all of it first
[18:00] <jak2000> arrrghhh: http://pastie.org/10724410
[18:00] <arrrghhh> jak2000, missing begin marker...?  did you check your private key?
[18:04] <jak2000> i have the file
[18:04] <jak2000> but how to check?
[18:05] <arrrghhh> nano or cat?
[18:22] <jak2000> ok cat
[18:24] <jak2000> see please: http://pastie.org/10724446
[18:25] <arrrghhh> ok you'll want to create a new key just FYI
[18:25] <arrrghhh> let me look at mine
[18:25] <jak2000> the files is: /home/jak/.ssh/     cat id_rsa
[18:25] <jak2000> ok erase and recreate the key?
[18:27] <arrrghhh> well you should never share your private keys
[18:27] <arrrghhh> jsut FYI
[18:27] <arrrghhh> I didn't mean for you to paste all of the key sorry :)
[18:27] <jak2000> i modified it :)
[18:27] <jak2000> no problem
[18:27] <jak2000> but th key is generated
[18:28] <arrrghhh> I think something is wrong with the header
[18:28] <arrrghhh> which doesn't make sense the ssh-keygen should create a valid private key...
[18:31] <arrrghhh> jak2000, I don't have this header in mine
[18:33] <arrrghhh> Proc-Type and DEK-Info
[18:33] <arrrghhh> I just have the ----BEGIN---- the key, then ---END----
[18:35] <arrrghhh> jak2000, you did -t rsa right when you did rsa-keygen?
[18:35] <arrrghhh> ssh-keygen rather
[18:36] <arrrghhh> looks like you did in your paste
[18:36] <jak2000> i generate: ssh-keygen -t rsa -b 4096
[18:36] <arrrghhh> I wonder if -b 4096 would cause the header to appear different...?  either way, I would remove that header
[18:38] <jak2000> ok
[18:55] <arrrghhh> jak2000, worked?
[19:00] <apes> Anyone know the state of the glibc update for Ubuntu?
[19:00] <ogra_> apes, in the works
[19:02] <ogra_> apes, assuming you talk about http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7547.html
[19:07] <jdstrand> it is in progress
[19:07] <jdstrand> it should be out within a couple/few hours
[19:19] <arrrghhh> jak2000, Imma head out, still curious tho if it fixed it for you
[19:20] <rbasak> Daviey: do you know who has ops on this channel? I'd like to set the topic to point to #ubuntu-hardened's topic for glibc CVE questions, as that seems to be an FAQ today.
[19:21] <rbasak> (soren set it last but isn't here)
[19:27] <apes> ogra_: Yes
[19:50] <rbasak> Thanks Pici!
[19:50] <Pici> np
[20:53] <Sling> wtb libc6 update!
[20:53] <Sling> ( https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html )
[20:55] <arlen> topic
[20:56] <mdeslaur> Sling: it'll be out soon
[20:57] <Sling> ah
[20:57] <Sling> my window isn't that wide ;)
[20:57] <Sling> but alright, i'll keep an eye out
[22:21] <sarnold> http://www.ubuntu.com/usn/usn-2900-1/
[22:21] <Sling> The following packages will be upgraded: libc-bin libc-dev-bin libc6 libc6-dev multiarch-support
[22:21] <Sling> yey
[22:21] <Sling> (14.04)
[23:03] <OerHeks> Pici, i think you can remove the glibc part in the topic, updates are out.