[00:02] updated the pastebin with the results (at the top) http://pastebin.com/QFuQ3H90 [00:03] though, I ran the same commands on my working Ubuntu-Mate VM (on this machine) and notice the server is missing some information, though I don't know the importance of it [00:04] i'm right, there is no route via 192.168.1.1 [00:04] sweet! .... what do we do about it? lol [00:04] like I said, comment out the gateway while you take down the interface [00:05] it can't delete a route that doesn't exist - that's the 'no such process' you got [00:05] ok, so comment out the gateway line, then run "sudo ifdown eth0"? [00:05] yeah, then assuming that works, restore it before ifup [00:06] gotch ya, here's hoping! === thumper-dogwalk is now known as thumper [00:11] ok, running ifdown with gateway commented out worked (I suppose) because it did not state anything, however, running ifup after removing the comment on gateway reported network unreachable [00:29] so, using the interface dhcp setup plus the line "post-up route add default via 192.168.1.1 dev eth0" that allows it to almost get up, I can now ping the gateway, but cannot ping the server from another device [00:32] if it reported "network unreachable", it probably had a good reason for doing so ... [00:32] so route now contains the gateway, but it also contains a record for "192.68.1.0" and "192.168.1.0", not sure where that false record/route is coming from [00:32] 192.68. sounds like a typo somewhere [00:32] that's what I thought, but I do not see one in my interfaces file [00:32] 192.168.1.0 - traffic to things on the same subnet is direct, no gateway involved [00:33] know of another place I might need to check out? [00:33] cruft left over from previous attempts? did you ever try just rebooting with a sane interfaces file in place? ("sane" - none of this "post-up route" stuff :P) [00:33] yes, I did [00:34] I tried with a basic dhcp setup and the basic static setup from the pastebin [00:35] I am considering too, given the time looking into this, of trying to just reload the ubuntu-server onto the HDD [00:35] it's a fresh install, that was working, and when I moved the server, it decided to not want to work === baggar11_ is now known as baggar11 === unreal_ is now known as unreal === inteus_ is now known as oheresy === oheresy is now known as inteus === cryptodan_deskto is now known as cryptodan [05:44] good morning === vbotka_ is now known as vbotka === kickinz1|afk is now known as kickinz1 [11:20] it seems that my LAN servers cannot detect MAAS DHCP. any ideas of how to debug this? [11:20] dhcpd 6631 0.0 0.0 32916 13324 ? Ss 13:04 0:00 dhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/maas/dhcp/dhcpd.pid -cf /var/lib/maas/dhcpd.conf -lf /var/lib/maas/dhcp/dhcpd.leases eno2 [11:20] eno2 being the LAN nic [11:34] stgraber: lxd seems to ignore http_proxy and https_proxy. I can't get it to hit the proxy server instead of going direct when launching an image. [11:34] http://paste.ubuntu.com/15090404/ [12:17] hi [13:07] is there any way for me to see what commands is executing a user via bash, real-time? [13:19] Razva: `ps fauxww | less` but not that realtime [13:57] rbasak: hmm, I remember seeing code that was handling this, could be that it's not covering all code paths... === Guest76507 is now known as med_ [14:13] jamespage, what OVS version and kernel are you running in the OIL lab? We're having packet loss issues. [14:13] s/you/Ubuntu & Canonical/ [14:14] med_, probably the same as you [14:14] med_, which ovs release are you on? [14:14] os release rather [14:14] trusty [14:14] +UCA [14:15] which pocket? [14:15] liberty testin (kilo in prod) [14:15] we've been using -proposed for this testing [14:15] we've tried a number of kernels and OVS including the xenial proposed kernel and wily [14:16] actually the kernel version might be more pertinent here [14:17] yep [14:17] we've tried the lts trusty kernel (3.0.13 series) the wily and the xenial proposed [14:17] kernels [14:18] I have a cloud where I'm running liberty with the wily 4.2 kernel - do you see errors with that combo? [14:18] med_, ^^ ? [14:18] checking [14:18] 3.19.0-32 showed the errors [14:19] jamespage, ^ [14:19] so correction jamespage, the bulk of our testing has been with Kilo at this point, not liberty [14:19] hmm ok [14:19] but that kernel is correct (t, w, and x) [14:34] med_, so you saw the problem as a result of a kernel update? just trying to id the point when things changed for the worse [14:34] we started anaylysing the problem due to tenant complaints of lost packets. [14:35] kinf of an all out effort now. No real changes had occurred. Just better trained, more sophisticated tenants asking better questions with more data, jamespage [15:36] is anyone working on a fixed release for https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html already? [15:36] sourceware.org bug 2016 in libc "argp --help infloop, via ARGP_HELP_FMT envvar" [Normal,Reopened] [15:37] hey all. I have a cron.daily job setup to email me a 'status report' on the server - this works fine, but a few minutes after the report I sent I always get a second email about the "Reported file generated in current directory" - how can I suppress this second email? [15:44] frickler: see #ubuntu-hardened. "no eta yet". [16:00] meeting time [16:38] hi all how to use, ssh-keygen -t rsa -b 4096 ? i want use scp command without ask me a password, thanks [16:40] jak2000: that should give you the right details https://help.ubuntu.com/community/SSH/OpenSSH/Keys [16:40] jak2000: it is not only creating but also putting the key on the remote server which is the req for PW-less login (and scp) [16:47] rbasak: thx for the pointer [16:54] cpaelzer i try connect ssh@ip and ask and ask me the password [16:54] why? [16:55] jak2000, did you disable password auth on the server? [16:56] wait pls [16:56] creating pastie [16:56] "PasswordAuthentication no" in /etc/ssh/sshd_config [16:56] in wich server? [16:56] on THE server [16:56] but i want work with ssh keys [16:56] we're just talking about a client and a server here [16:56] I know [16:56] so disable password auth [16:56] it'll force keys [16:57] jak2000, perhaps I didn't ask an essential question... are you using the key when you try to auth? [17:01] arrrghhh: http://pastie.org/10724337 [17:01] here the steps... [17:02] see last step? ask me again the password, why? [17:02] need sisable password auth? [17:03] jak2000, you don't have to no [17:03] but that would force only key-based auth [17:05] sigh... I guess let me parse through all of this... [17:05] ok you see any BAD steps? [17:05] not yet [17:06] I don't do this every day tho, I setup keys on my server a year or two ago... lol [17:06] jak2000, did you check the troubleshooting section? [17:06] perms need to be right [17:06] if you do disable password auth I would leave a SSH session open in case it doesn't work [17:07] man in this case the host is swMAnzana right? [17:07] you tell me... [17:07] which is the client which is the server? [17:07] based on your paste, I would assume swManzana is the client [17:07] and svrChao1 is the server [17:08] i generate the key on swManzana [17:08] you also already had keys in .ssh [17:08] may want to rm .ssh and start over... although that shouldn't be necessary [17:10] ok [17:10] jak2000, also why did you ssh-copy-id -i? [17:10] I need to lookup what -i does... I don't see that in the guide [17:10] ah that is to specify the identity file [17:11] i want copy a file with scp, from swManzana to svrChaol [17:11] start over again [17:12] deleteing on swManzana, the dir: ~/.ssh [17:13] so wait [17:13] swManzana is the client or the server? [17:14] i want copy a file with scp, from swManzana(i think it the client) to svrChaol (i think is the server) [17:16] so the file is on swManzana? I mean you can transfer the file in either direction using SCP I believe, just curious how you want this paradigm to work [17:16] yes the file is on swManzana [17:17] yea so SCP doesn't care really, you can flip local and remote and either upload or download depending [17:18] jak2000, cat .ssh/authorized_keys and make sure your client pubkey is there [17:19] should say "ssh-rsa badskgohweorfiajsdfokj user@host [17:19] " [17:21] in wich sever (swManzana)? [17:21] weird looking at my sshd_config the AuthorizedKeysFile is commented out... I wonder if it just defaults to the one in %h [17:21] jak2000, swManzana you said was the client I thought [17:22] so the authorized_keys is on the server side [17:24] arrrghhh: http://pastie.org/10724370 [17:24] now copy the file with ssh-copy-id ? [17:25] authorized_keys is not on the client [17:25] it's on the server [17:25] also if you want to manually update the file, use >> to append [17:25] cat id_rsa.pub >> authorized_keys [17:26] but I would just use ssh-copy-id as it's easier [17:27] ok [17:27] erasing [17:27] and then ssh-copy [17:29] error: http://pastie.org/10724378 [17:29] why? [17:30] the command would be: ssh-copy-id ~/.ssh/id_rsa.pub jak@162.252.242.4/.ssh/authorized_keys ? [17:33] jak2000, if you are specifying the file you need -i lol [17:33] I just went over that above....... [17:33] if you don't specify the file, no need for -i [17:34] i dont specify the filename [17:35] uhm. look at the command you're passing... [17:35] ~/.ssh/id_rsa.pub would be sepcifying the filename ;) [17:35] specifying even [17:36] then the command is simple: ssh-copy-id jak@162.252.242.4 ? === kickinz1 is now known as kickinz1|afk [17:37] yes [17:37] done [17:37] now: on swManzana ssh jak@162.252.242.4 ? [17:38] ask me a password [17:38] exit [17:38] ok [17:38] and retype the command: ssh jak@162.252.242.4 [17:38] and ask me again the password :( [17:38] so on the server, check authorized_keys [17:38] ok [17:38] does it look good? [17:39] an check if authorized_keys is 0600 [17:39] 0644 or something won't be tolerated [17:39] yea I mentioned perms [17:39] comparing:swManzan .ssh/id_rsa.pub with svrChaol: authorized_keys the file -rw------- 1 jak jak 739 Feb 16 12:35 authorized_keys [17:40] sshd will tell in the logs [17:40] I also mentioned checking the authorized_hosts file [17:40] er keys [17:41] exact files: swManzana id_rsa.pub svrChaol authorized_keys exact files [17:42] jak2000, walk through the troubleshooting section please [17:42] there's checks for perms, looking at logs, etc [17:42] ok, RoyK mentioned: "sshd will tell in the logs" [17:42] in wich log check wich is the problem? [17:43] jak2000, please... read... the TS section [17:43] ok [17:43] https://help.ubuntu.com/community/SSH/OpenSSH/Keys [17:43] go through that whole section [17:43] at the end you'll come to the debugging part.... go through all of it first [18:00] arrrghhh: http://pastie.org/10724410 [18:00] jak2000, missing begin marker...? did you check your private key? [18:04] i have the file [18:04] but how to check? [18:05] nano or cat? [18:22] ok cat [18:24] see please: http://pastie.org/10724446 [18:25] ok you'll want to create a new key just FYI [18:25] let me look at mine [18:25] the files is: /home/jak/.ssh/ cat id_rsa [18:25] ok erase and recreate the key? [18:27] well you should never share your private keys [18:27] jsut FYI [18:27] I didn't mean for you to paste all of the key sorry :) [18:27] i modified it :) [18:27] no problem [18:27] but th key is generated [18:28] I think something is wrong with the header [18:28] which doesn't make sense the ssh-keygen should create a valid private key... [18:31] jak2000, I don't have this header in mine [18:33] Proc-Type and DEK-Info [18:33] I just have the ----BEGIN---- the key, then ---END---- [18:35] jak2000, you did -t rsa right when you did rsa-keygen? [18:35] ssh-keygen rather [18:36] looks like you did in your paste [18:36] i generate: ssh-keygen -t rsa -b 4096 [18:36] I wonder if -b 4096 would cause the header to appear different...? either way, I would remove that header [18:38] ok [18:55] jak2000, worked? [19:00] Anyone know the state of the glibc update for Ubuntu? [19:00] apes, in the works [19:02] apes, assuming you talk about http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7547.html [19:07] it is in progress [19:07] it should be out within a couple/few hours [19:19] jak2000, Imma head out, still curious tho if it fixed it for you [19:20] Daviey: do you know who has ops on this channel? I'd like to set the topic to point to #ubuntu-hardened's topic for glibc CVE questions, as that seems to be an FAQ today. [19:21] (soren set it last but isn't here) === Pici changed the topic of #ubuntu-server to: Ubuntu Server discussion and support | For general (not server specific) support, try #ubuntu | IRC Guidelines: https://wiki.ubuntu.com/IrcGuidelines | https://wiki.ubuntu.com/ServerTeam/GettingInvolved | Docs and resources: https://help.ubuntu.com/14.04/serverguide/ | See http://ubottu.com/y/cve20157547 for glibc CVE status, or #ubuntu-hardened for more information [19:27] ogra_: Yes [19:50] Thanks Pici! [19:50] np === dax is now known as rww === rww is now known as dax [20:53] wtb libc6 update! [20:53] ( https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html ) [20:55] topic [20:56] Sling: it'll be out soon [20:57] ah [20:57] my window isn't that wide ;) [20:57] but alright, i'll keep an eye out === Luke_ is now known as Luke [22:21] http://www.ubuntu.com/usn/usn-2900-1/ [22:21] The following packages will be upgraded: libc-bin libc-dev-bin libc6 libc6-dev multiarch-support [22:21] yey [22:21] (14.04) [23:03] Pici, i think you can remove the glibc part in the topic, updates are out. === Luke_ is now known as Luke === neunon_ is now known as neunon === teward- is now known as teward === akaWolf1 is now known as akaWolf === clayton_ is now known as clayton === EmilienM_ is now known as EmilienM === EmilienM is now known as Guest28836 === fidothe_ is now known as fidothe === AMZ__ is now known as AMZ_ === bekks_ is now known as bekks === OliPicard_ is now known as OliPicard === robher_ is now known as robher === jrgifford_ is now known as jrgifford === Guest28836 is now known as EmilienM === tgm4883_ is now known as tgm4883 === X-Rob_ is now known as X-Rob === stgraber_ is now known as stgraber