[00:21] <Pinkamena_D> when using the program 'glances', which some of you may be familiar with, the disk usage monitor is messed up because there are a bunch of devices like ram0, ram13, ram1, etc so I can not see the actual disks at the bottom of the list
[00:21] <Pinkamena_D> does anyone know if you can reorder this or disable these devices?
[00:23] <Pici> Pinkamena_D: I think you can specify some options in the conf file: https://glances.readthedocs.org/en/latest/aoa/fs.html
=== alexisb-afk is now known as alexisb
[03:50] <FManTropyx> "deferring update (hook will be called later)" wat
=== prince is now known as keng
=== keng is now known as jombojo
=== jombojo is now known as prince
=== JanC_ is now known as JanC
=== kickinz1|eod is now known as kickinz1
[06:35] <frickler> jamespage: regarding TasksMax, I agree that for ceph-osd/mon, there should be no limit at all from systemd probably.
[06:35] <frickler> jamespage: as to why the limit is not enforced after booting, this seems to be a systemd issue, not only affecting ceph
[06:36] <frickler> jamespage: and thanks for the other fixes, I'll try to verify the new packages today
[08:00] <aotea> I'm trying to set my server up to only accept connections with ssh id keys, but one I set PasswordAuthentication no in sshd config I can't connect to it anymore. Is this due to another rule that says not to allow empty passwords (if the user has a id key without password) or what am I lookin for?
[08:09] <RoyK> aotea: no, the server has no way of knowing if the private key is password protected or not
[08:09] <RoyK> aotea: did key authentication work before the change?
[08:18] <aotea> RoyK: I think so, looked through ssh in verbose mode and seemed like key was ok'd to authorized_keys
[08:18] <aotea> RoyK: looking through my auth log now to see if I might find a clue there though
[08:21] <lordievader> aotea: Perhaps wrong permissions on ~/.ssh?
[08:22] <aotea> lordievader: could be, should be 700 on the /ssh and 600 on the autorized keys right?
[08:23] <lordievader> Yes, but if it would be wrong, you'd see it in the servers auth log.
[08:27] <RoyK> aotea: if you try to change back, can you then login without getting a password prompt?
[08:30] <aotea> No, tried setting passauth to no in sshd and couldn't then log on at all so had to get to the server and reset the config
[08:31] <aotea> http://pastie.org/10787181 this is the log after the change at first, still asking me for password.
[08:32] <aotea> seeing as there is an added thing about RSA I'm guessing it is checking my key then at least?
[09:00] <yossarianuk> hi - on ubuntu 15.10 when I use virt-manager to create a QCOW2 disk image it is not thin provisioned by default  - i'm sure on previous versions it was, any ideas how I can make it thin provisioned by default >
[09:07] <yossarianuk> actually - forgive me, it is thin provisioned - just ls showing the virtual size.
=== twoface89 is now known as twoface88
[10:09] <aotea> Still having issues getting ssh to work with keys, this is the verbose output I get http://pastie.org/10787305 - sshd is set to still prompt me for password as last I removed that I had to visit the server but I want to remove this option soon I get this working.
[10:11] <lordievader> Your public key is in the authorized keys file and the ssh daemon has read that file?
[10:12] <aotea> not sure about that last bit, but yes I got a warning after doing ssh-copy-id that my pub was already in my authorized_keys. How do I check that the daemon read the file?
[10:13] <lordievader> aotea: Check what is configured as the authorized keys file.
[10:13] <aotea> "%h/.ssh/authorized_keys" lordievader
[10:14] <lordievader> And your key is in there?
[10:15] <aotea> it's in the .ssh/ folder of the user I'm trying to log yes - never seen the %h for home before thought
[10:16] <lordievader> Hmm, then I'd like to see the server sshd log as to see why the rsa key is not accepted.
[10:26] <aotea> http://pastie.org/10787326 lordievader last login seem to have accepted a pub key, but no idea what changed, only did ssh-copy-id and was told nothing happened seeing as key was already in authorized_keys :s
[10:32] <aotea> lordievader: http://pastie.org/10787350 logged out and back in and no sight of the pubkey again
[10:47] <cpaelzer> anybody an idea how I'd get a vivid lxd container?
[10:48] <cpaelzer> it is already out of images.linuxcontainers.org
[11:20] <markc> testing a xenial setup on a hp microserver by booting from the internal usb drive, just hangs at initramfs prompt with no usb drivers (I guess) so no keyboard access to do anything... kubuntu xenial desktop installer boots okay in the same slot... just spins on /scripts/local/block... what is atht?
[11:21] <markc> * /scripts/local-block what or where is that script?
[11:23] <markc> wily was booting up the same server from the same slot a month ago.
[11:32] <cpaelzer> markc: do you mean /usr/share/initramfs-tools/scripts/local-block ?
[11:32] <cpaelzer> markc: in the initramfs that could be your path
[11:33] <cpaelzer> it is only a dir, but then the only thing remotely matching the file name you asked for
[11:34] <cpaelzer> it is part of cryptsetup
[11:34] <cpaelzer> wild guess - maybe it is showing a popup on a screen somewhere (or think it does so)?
[11:36] <markc> cpaelzer: thanks for the hint... it's a fresh install and I didn't ask for encrypted anything... unfortunately there is only usb keyboard access and that is not working
[11:37] <cpaelzer> markc: so the install went through and now it is hanigng after reboot - or is the install itself blocked?
[11:38] <markc> I did the install on my laptop (usb stick to usb stick) then put the new install into the hp microserver
[11:38] <cpaelzer> markc: unfortunately I'm no expert on that, but I really think it might ask you something on a framebuffer
[11:38] <cpaelzer> markc: are you having only serial console access atm?
[11:39] <markc> boots up but just spinds on /scripts/local-block for half a minute then drops to the initramfs prompt, also says the UUID of the usb stick is not detected but I've double checked that the usb boot stick is indeed that UUID
[11:43] <markc> cpaelzer: just using a "normal" vga screen, not serial
[11:44] <markc> seeing that it can't seem to see the ext4 boot partition UUID and no usb keyboard it's like the right usb drivers have not been installed into the kernel
[11:45] <markc> perhaps if I do a fresh install onto the usb drive on this server then perhaps the instll process will figure out it needs to install usb drivers, but I would have thought that was part of any "normal" ubsuntu server install these days
[11:59] <markc> nope, that same usb stick does the same thing on my laptop, just spins on "Begin: Running /scripts/local-block ... done." for 30 secs then goes to a initramfs prompt.. so it's not the hp microserver hardware at fault, something is wrong with a stock standard xenial ubuntu server install onto a usb stick
[12:01] <cpaelzer> markc: :-/ i'm out of ideas, if nothing else can help you I'd ask you to file a bug with as much detail on the HW and the instal process as possible
[12:08] <markc> at least I have keyboard access on the laptop and the only odd thing I can see is that normally the usb stick would be /dev/sdb1 etc and there is no /dev/sdb* at all
[12:12] <markc> bizarre, from the initramfs blkid shows the internal sata drive but not the (usb) device it just booted from... I've done this 100s of times before and never struck anything like this kind of problem before
[12:13] <lordievader> aotea: I'
[12:13] <lordievader> I'd set the loglevel a bit higher and try again.
[12:34] <rbasak> jgrimm: bug 1505839 probably needs assigning
[12:34] <ubottu> bug 1505839 in debian-installer (Ubuntu) "Unable to install from text mode interface" [High,Triaged] https://launchpad.net/bugs/1505839
[12:34] <rbasak> jgrimm: along with a report in the ubuntu-server ML just now
[14:02] <wsirccc> https://uec-images.ubuntu.com/releases I want to run these images on qemu. One problem is to login. They say this is done by ssh keys. But I do not find explicitly how to do it? Given I have the instance running, what should I do?
[14:05] <wsirccc> who can Help me?
[14:06] <rbasak> wsirccc: cloud images have no access by default to avoid the obvious security vulnerability. You can feed an ssh key or password when booting using cloud-init using various mechanisms, or alter the image manually first.
[14:07] <rbasak> wsirccc: uvtool handles all of this for you - see the server guide. Or use cloud-localds manually.
[14:11] <wsirccc> ok, I good it is, about preseeding ssh-keys in the guest. Thanks as well for the pointer.
[14:13] <wsirccc> Another question: how would one best prepare a arbitrary ubuntu image with working ssh keys, given ssh-keys-login is the best choice for remote controlling the guest?
[14:13] <wsirccc> good/got/
[14:14] <rbasak> mount-image-callback is handy. But I wouldn't use that in production.
[14:14] <rbasak> In production, use cloud-init.
[14:14] <rbasak> With cloud-localds. Stop thinking about rolling your own images :)
[14:14] <wsirccc> rolling?
[14:14] <rbasak> Creating
[14:15] <rbasak> Of course, you can do what you want.
[14:15] <rbasak> But this philosophy is that you don't prepare your own images. Instead you use the same official image everywhere, and it sets itself up as you wish on boot.
[14:15] <rbasak> Using cloud-init.
[14:16] <rbasak> And you give it your ssh key on boot via one of the available mechanisms.
[14:16] <rbasak> On EC2, that is the metadata service, etc.
[14:16] <rbasak> For local qemu, you can use a "config drive" which cloud-localds can prepare for you.
[14:16] <rbasak> uvtool does this automatically for you for local use.
[14:17] <rbasak> Then you don't have to maintain your own images, which inevitably don't get updated with security updates.
[14:17] <wsirccc> I do not get it, create means what? And what to do instead?
[14:18] <wsirccc> create: install one's on system from a iso
[14:19] <wsirccc> instead: download them from ubuntu-uec, and manipulate them?
[14:19] <wsirccc> ?
[14:21] <wsirccc> I need them guests for trying out (X) user configuration and such things it is to say. ..
[14:22] <wsirccc> rbasak
[14:22] <wsirccc> rbasak
[14:22] <wsirccc> rbasak:?
[14:25] <rbasak> wsirccc: please explain what you're trying to do. Is this for testing, production or both?
[14:27] <wsirccc> lets say experiments
[14:27] <rbasak> Use uvtool.
[14:30] <wsirccc> ok, save this conversation and go for it. Thanks for point me.
[14:32] <wsirccc> point/pointing
[14:47] <jgrimm> rbasak, i couldn't find ML post for bug 1505839?
[14:47] <ubottu> bug 1505839 in debian-installer (Ubuntu) "Unable to install from text mode interface" [High,Triaged] https://launchpad.net/bugs/1505839
[14:48] <rbasak> jgrimm: not the same bug, but a different report that made me thing the installer needs a little attention: https://lists.ubuntu.com/archives/ubuntu-server/2016-April/007248.html
[14:48] <rbasak> think
[14:49] <jgrimm> ah, yeah, i didn't get a connection from what you wrote
[14:50] <jgrimm> rbasak, also noticed you marked that triaged, but i didn't see obvious corresponding explanation of what was determined wrong?
[14:51] <rbasak> jgrimm: matsubara confirmed. Triaged doesn't need a root cause analysis. As long as it can be tackled by a developer (eg. valid bug and reproducible), it's Triaged.
[14:51] <rbasak> (and ideally no dupes)
[14:51] <jgrimm> oh, i would see that as confirmed
[14:52] <rbasak> https://wiki.ubuntu.com/Bugs/Bug%20statuses
[14:52] <jgrimm> rbasak, thanks
[14:58] <jgrimm> matsubara, want to take a look at the bug 1505839?
[14:58] <ubottu> bug 1505839 in debian-installer (Ubuntu) "Unable to install from text mode interface" [High,Triaged] https://launchpad.net/bugs/1505839
[15:03] <matsubara> jgrimm, I can give it a try
[15:03] <jgrimm> matsubara, thanks
=== kickinz1 is now known as kickinz1|eod
[16:01] <dr4c4n_> hi there, I am trying to define a management network on one nic, and connect my vm guests to a network unattached to the host, and has access out
[16:02] <dr4c4n_> I'm running ubuntu server 14.04 with kvm
[16:07] <crazybluek> TJ- hello u there ?
[16:08] <crazybluek> TJ-  could u message me with details about how to make a script to keep mine router on net despise problems/errors on dhcp server (ISP) ?
[16:09] <dr4c4n_> I understand I need to create a bridge interface, but I want to ensure it doesn't allow the host to access the internet, only the vm guests.
[16:10] <sdeziel> dr4c4n_: what do you mean by "a network unattached to the host" ?
[16:12] <dr4c4n_> sdeziel: ok, so my requirements are that the host hypervisor (kvm running on ubuntu 14.04) shouldn't access the internet, it should only be setup with the default network (provided by libvirt) to connect to it's guests. I would like the guests to be able to access the external network and the internet as I need to create a vm to make a build environment, to compile openvswitch to move to the host os
[16:12] <dr4c4n_> is this a firewall setting? and not a network setup step?
[16:13] <sdeziel> dr4c4n_: if you need openvswitch in the host why not apt-get install it?
[16:13] <dr4c4n_> sdeziel: I'm not allowed to have the host running the hypervisor kvm attach itself to the internet
[16:13] <sdeziel> dr4c4n_: also if you are using the default virbr0, this requires your host to have Internet connectivity to make it available to the guests
[16:14] <sdeziel> dr4c4n_: understood but in that case the host probably have access to an HTTP proxy, isn't it?
[16:15] <TJ-> crazybluek: did you collect the dhclient debug log?
=== rattking is now known as syncsyncsync
=== twoface89 is now known as twoface88
[16:22] <dr4c4n_> sdeziel: the host doesn't have access at all
[16:22] <sdeziel> dr4c4n_: then how will you install security updates?
[16:23] <dr4c4n_> what I mean is I can plug in the host to an internet accessible network, but that is not what I need to do
[16:23] <sdeziel> dr4c4n_: yeah I understood you don't want direct Internet access for the host. That's best practice and what I do too
[16:24] <sdeziel> dr4c4n_: but you need some form of Internet access
[16:27] <dr4c4n_> sdeziel: which I am not allowed to have. what I am requesting, is some sort of reference that can show me how to setup networking to enable a management interface for the kvm host (which might eventually be connected to the internet) but for now let's assume it doesn't have access.
[16:27] <dr4c4n_> on one nic, and setup another bridge to interface with the vmnics and a different physical nic on the box
[16:27] <dr4c4n_> which can connect to the internet
[16:30] <sdeziel> dr4c4n_: so you have 2 NICs on the host, one is the management NIC and has an IP and a default route. The other NIC is only used by a bridge that you hook your VMs to. That bridge and the underlying NIC must not have any IP in the host.
[16:30] <sdeziel> dr4c4n_: the NIC used for bridging should be hooked to a network that has a router/DHCP/etc to provide your guests full connectivity with the outside world
[16:31] <dr4c4n_> that I understand, I can create an entry for em1 in /etc/networking to setup a static ip
[16:32] <sdeziel> dr4c4n_: if em1 is your management NIC, yes
[16:32] <dr4c4n_> and I understand how to physically connect the nic for bridging, but I do'nt know how to tell ubuntu how to a) create bridge and b) hook a vm to it
[16:32] <dr4c4n_> <- I'm new at this, and understood using ubuntu on a desktop
[16:33] <sdeziel> ah OK, sec
[16:33] <dr4c4n_> I did try reading the kvm networking information on ubuntu page, and the libvirt page, but I'm confused by the different options they are putting up there
[16:34] <dr4c4n_> and technically I have 4 nics on the host, but once I can configure these two, figuring out the other two should be a) easier, and b) I will have to do the management of the virtual network from openvswitches, which will change this initial setup
[16:34] <dr4c4n_> as I will be creating a bunch of vlans to individual vms. eventually
[16:35] <dr4c4n_> btw, thanks a lot for your help
[16:37] <sdeziel> dr4c4n_: what I typically do is define my bridge in /etc/network/interfaces and make sure to NOT assign any IP. Something like this http://paste.ubuntu.com/15655200/
[16:38] <dr4c4n_> ok, then when defining / creating your vms, you pass the bridge name to them correct?
[16:38] <sdeziel> dr4c4n_: then I define a p2p network using virsh and this: http://paste.ubuntu.com/15655225/
[16:39] <sdeziel> dr4c4n_: then I add a NIC to a VM like this: http://paste.ubuntu.com/15655249/
[16:40] <dr4c4n_> and any vms with the nic defined in that way are connected to that network
[16:40] <dr4c4n_> thanks
[16:41] <sdeziel> dr4c4n_: yeah, any VM with an interface using the same source network will end up in the bridge
[16:42] <dr4c4n_> ok. I get it now :) I really appreciate your help.
[16:42] <sdeziel> dr4c4n_: you are welcome
[16:43] <sdeziel> dr4c4n_: when you move to using VLANs, the concept will be the same except that you will bridge over VLAN devices instead of raw NICs
[16:44] <patdk-wk> depending :)
[16:44] <sdeziel> well, yeah, many variations are possibles especially with OVS involved
[16:45] <patdk-wk> if you your doing vm's that are limited to 1 or just a few vlans, sure
[16:45] <patdk-wk> if your vm's need most all or all, and you don't need to worry about vlan security for the vm's
[16:45] <patdk-wk> might be simpler to to bridge the nic, vlans and all
[16:45] <patdk-wk> but ya, not normally a *secure method
[16:46] <sdeziel> true
[16:46] <patdk-wk> unless security is controlled else where, like anything on that box, is allowed all those vlans anyways
[16:50] <FManTropyx> I am trying rsync as daemon and it cannot access files that do not have o+r even though I started it as root
[17:22] <DirtyCajun> does anyone know what the commands are after autopart in kickstart to automatically accept changes?
[17:25] <nacc> DirtyCajun: how do you mean?
[17:26] <DirtyCajun> well when the automation process partitions the entire disk using autopart. there are 2 questions it asks you after it partitions "confirming" what you are doing.
[17:26] <DirtyCajun> i dont want to have to click ok 2x. defeats the purpose lol
[17:35] <DirtyCajun> im doing it in a vm to get you the exact pages
[17:39] <DirtyCajun> actually there are 3. there is the possible "there are already mounted partitions would you like to umount? there is Finish and write partitions to disk, and there is write? (yes)
[17:43] <FManTropyx> which FTP daemon should I employ?
[17:43] <DirtyCajun> found it nacc i need to preseed the answers.
[17:45] <nacc> DirtyCajun: yeah you need to preseed
[17:45] <nacc> DirtyCajun: i think that's the limit of kickstart, presumig you're actually using a kickstart file
[17:46] <DirtyCajun> i am. i just did preseed partman/confirm boolean true
[17:46] <DirtyCajun> in my kickstart
[17:46] <nacc> yeah
[17:46] <nacc> DirtyCajun: at that point, you might be better off using a proper preseed, but it's a matter of preference :)
[17:47] <DirtyCajun> true. less work to just stick the 2 lines in the already made kickstart file tho XD
[17:47] <nacc> DirtyCajun: yep, it all depends on if you're deploying more than just ubuntu/debian, imo
[17:47] <DirtyCajun> such blasphemy in #ubuntu-server
[17:48] <DirtyCajun> ;)
[17:51] <nacc> DirtyCajun: :)
[18:57] <DirtyCajun> ok. i got preseed to do 2 of those 3. i cant find the partman/(some command) for already mounted partitions
[19:08] <sb_9> ext3 needs journal recovery.    can any one help on this..
[19:21] <wsirccc> Question: connecting to the qemu-installed-out-of-box-guest from host, first choice is ssh, first, and secondly how  is this possible in so called default network mode? For a decent communication with the guest, one needs to switch to be root for first time, is that right?
[19:26] <sarnold> hunh?
=== syncsyncsync is now known as rattking
[19:42] <DirtyCajun> for anyone interested the preseed issue with a drive already existing it is a current bug! https://bugs.launchpad.net/ubuntu/+source/debian-installer/+bug/1347726
[19:42] <ubottu> Launchpad bug 1347726 in debian-installer (Ubuntu) "ubuntu14.04 installation hang on "The installer has detected that the following disks have mounted partitions"" [Undecided,Confirmed]
[19:59] <supNow> Hello all, without sounding like a complete noob I could use some help with a small issue. I setup ubuntu server a few years back for this company and since left, so nothing has been touched or updated in years. I came in today to run some updates on the websites I had running on it and to update the server itself but I'm having no luck. Weather I
[19:59] <supNow> try sudo upgrade or the software manager (using gui) both return failed download attempts but network connection is fine.
[20:16] <patdk-wk> supNow, sounds like you have an unsupported version of ubuntu on it
[20:52] <supNow> @patdk-wk thank you... do you know if ubuntu-server is a rolling release? Is there an easy way to upgrade to the latest?
[20:54] <patdk-wk> it's not rolling
[20:54] <patdk-wk> and no, I have no idea, since we have no idea what release you are using
[20:55] <patdk-wk> cat /etc/issue could be a clue
[20:55] <patdk-wk> or whatever is in your /etc/apt/sources.list file
[21:00] <RoyK> supNow: you can do a do-release-upgrade -d
[21:00] <RoyK> supNow: upgrade to the latest non-lts-release
[21:01] <RoyK> supNow: or even 16.04 beta
[21:01] <RoyK> supNow: I don't do that for servers
[21:01] <RoyK> supNow: but then - you're the one running it
[21:01] <qman__> !eol
[21:01] <ubottu> End-Of-Life is the time when security updates and support for an Ubuntu release stop, see https://wiki.ubuntu.com/Releases for more information. Looking to upgrade from an EOL release? See https://help.ubuntu.com/community/EOLUpgrades
[21:01] <qman__> the latter, there, will tell you how to upgrade an EOL release
[21:02] <qman__> but you need to know which release you're running first
[21:02] <qman__> lsb_release -a or cat /etc/issue
[21:03] <qman__> from what you're saying you didn't set it up all that long ago, so you're probably not running an LTS release
[21:03] <qman__> which I don't recommend
[21:06] <RoyK> 8.04 was an LTS ;)
[21:07] <qman__> yeah, but it's also 8 years old
[21:08] <RoyK> yeah - old things are always better
[21:08] <qman__> I actually just got rid of my last 8.04 a few weeks ago, it was a mail server and my postfix+dovecot configuration wouldn't survive the upgrade
[21:08] <qman__> I had to rebuild from scratch and import the mailboxes
[21:13] <patdk-wk> very strange
[21:13] <patdk-wk> mine has servived upgrades from 8.04 to 14.04 so far just fine
[21:14] <patdk-wk> well, if he was running non-lts, upgrades are much harder :)
[21:15] <patdk-wk> I do have 5 production 16.04 I have been running for 2 months now
[21:26] <DirtyCajun> 16.04 BETA *
[21:41] <qman__> all my other servers survived upgrades just fine, it was just that postfix+dovecot vmail configuration that refused to work
[22:37] <aotea> Could someone help me understand why when I ssh to my server, I get to skip typing password (so ssh key obviously works) but once I set "PasswordAuthentication no" my key is suddenly not working?
[22:43] <sarnold> aotea: sshd authentication is a bit annoying .. there's a dozen different controls that interact. the easiest way for someone else to help debug is if you pastebin your sshd_config
[22:44] <pmatulis> and the auth.log of the server
[22:50] <coderanger> Is there a way to tell the Server installer to not use a UEFI boot setup?
[22:51] <coderanger> and/or to not use a GPT?
[22:51] <sarnold> easiest may be to set the bios to 'legacy' mode before booting
[22:52] <coderanger> Okay, the installer is smart enough to not use EFI if it was loaded in legacy?
[22:53] <patdk-lap> heh, kindof hard
[22:53] <patdk-lap> if your disk is >2tb you need gpt
[22:53] <sarnold> yeah, I think so; I ran the installer with my bios set to "dual" the other day and wound up with a system that wouldn't boot. so I changed it to uefi, re-ran the installer, and it noticed the difference and behaved differently
[22:53] <patdk-lap> if the bios is set to uefi, it will setup uefi
[22:53] <sarnold> I suspect going the other way is probably something it'd notice too
[22:53] <patdk-lap> I have been unable to do uefi boot correctly
[22:53] <patdk-lap> when also interacting with grub luks boot disk
[22:54] <coderanger> Heh, big disks are not a risk factor for this. I think there is a way to go MBR-mode grub on a GPT but I just don't care. This is just to get Xen running on a babby machine.
[22:54] <coderanger> Will try it out and report back, thanky :)
[22:54] <patdk-lap> well, gpt will install a mbr compatable header
[22:55] <patdk-lap>  Iwonder if it's boot compatable though, not sure I have tried that
[22:55] <patdk-lap> or bothered to look into it even
[22:55] <aotea> sarnold: http://termbin.com/asw6 for the auth.log
[22:56] <sarnold> heh my usual goal is to get the stupid thing booting with as little of my mental energy as possible :)
[22:56] <patdk-lap> well, I want fully encryped disk
[22:56] <patdk-lap> but I wanted uefi also
[22:56] <sarnold> then you have a different problem than I do ;)
[22:56] <patdk-lap> ya, interactions with hippa stuff
[22:57] <sarnold> aotea: wow, the internet is a brutal place to put an sshd..
[22:57] <patdk-lap> and I totally do not trust fully, SED disks
[22:57] <aotea> sarnold: What do you mean? http://termbin.com/9yqj
[22:57] <patdk-lap> did someone not install fail2ban or the likes?
[22:58] <patdk-lap> what is the *problem*? :)
[22:58] <sarnold> aotea: the number of brute-force password guessing attempts is astonishing
[22:58] <aotea> sarnold: got fail2ban set up proper to hopefully help me on that front :P
[22:59] <patdk-lap> I forgot to isntall fail2ban once
[22:59] <aotea> but yeah, tons more than last I tried tinkering with a server
[22:59] <patdk-lap> the T1 line would get routinely *overloaded*
[23:00] <aotea> or well I 'hope' I got fail2ban set correct at least, it says each IP only should get 3 tries but I see way more than that :S Figured setting ssh key for log in would be 'safer'
[23:01] <patdk-lap> ya, but it won't cut down on bandwidth/log usage
[23:03] <patdk-lap> aotea, maybe also UsePAM no
[23:04] <sarnold> o_O
[23:04] <sarnold> I think all kinds of things break if you set that to 'no'
[23:04] <patdk-lap> maybe
[23:04] <sarnold> do you have it set to 'no' on any of you rlinux boxes?
[23:04] <patdk-lap> yes
[23:04] <sarnold> interesting
[23:04] <patdk-lap> but I don't have passwordauth disabled
[23:04] <patdk-lap> and I do customize my pam stack
[23:05] <patdk-lap> but thinks like, encfs, for homedir's and stuff like that, will break, yes
[23:05] <sarnold> do you have this on any wily-or-newer systems? I've got a vague feeling that withuot pam_systemd_logind_lennartd or whtaver you'll wind up in funny situations
[23:06] <patdk-lap> no, I don't have it on any systemd though
[23:06] <sarnold> e.g. 1564451
[23:10] <coderanger> Yep, that worked. Booting the installer with EFI disabled in the BIOS it did everything old-school :)
[23:10] <coderanger> Thanks all.
[23:10] <sarnold> \o/