/srv/irclogs.ubuntu.com/2016/07/10/#ubuntu-server.txt

=== xlogik_ is now known as xlogik
=== ptx0 is now known as Guest50168
=== the_ktosiek is now known as ktosiek
=== Guest50168 is now known as ptx0
LeMikehello. I am not good enough with servers so I have a question. Is it correct, that HTTP (TCP) always allows SNI? So would it be possible to multiplex the HTTP-Port and divide SSH-Logins by their hostname (due to incoming SNI)?14:53
tomreynLeMike: so... SNI (server name indication) is an extension to the TLS (transport layer security) transport encryption. TLS can be wrapped around any TCP based application protocol, such as HTTP. For it to be useful, all of the application protocol, server and client implementation, need to be modified to be able to communiacte with this TLS extension (SNI). to my knowledge thia has only been done for HTTP so far.15:18
tomreyni.e. you can probably not wrap SSH into TLS + SNI, using the SNI hostname as part of the SSH authentication, unless you also modify the SSH protocol and server and client implementations.15:20
tomreynmaybe you should discuss where you're coming from / what your actual goal is.15:20
patdk-lap2heh?15:23
patdk-lap2didn't think ssh actually used ssl/tls15:23
tomreynit doesn't, except for openvpn functionality, i think15:29
tomreynbut i think lemike meant to wrap ssh in https/tls somehow15:30
LeMikeyee tomreyn . I was hoping for some solution to redirect SSH Logins to their endpoints. I have one "proxy" which should handle the redirects but the SSH protocol gives me nothing usable to distinguish the clients. Except for their ssh-key but this is a thing I should not use.15:33
patdk-lap2openvpn!=openssh15:34
tomreynLeMike: use ipv6 or NAT15:36
LeMikeoh okay. can you please explain this a bit tomreyn ? I am weak at networking and resolving this issue. Just about to learn managing server ;) What has IPv6 and NAT that will help here?15:39
LeMikeI think I only have one IPv6 to the server15:40
tomreynLeMike: you have just oine server? you were referring to multiple "endpoints", though?15:58
LeMikethe endpoints are docker container within that server, tomreyn.15:59
tomreynoh, and they all run on the same ip address?15:59
tomreynisnt docker meant to run just one task within a container as non root user? setting up ssh access to those containers makes me think you want to use those as a cheap and insecure virtualization replacement.16:01
tomreynif you plan to do actual virtualization then most providerrs will allocate / route several ipv6 to you for free.16:04
compdocmy server has a bunch of ram disks created somehow. how can I find whats using them, or remove them:  Disk /dev/ram116:52
=== JanC is now known as Guest45777
=== JanC_ is now known as JanC
XinZhaocompdoc; set your server on fire with petrol17:18
XinZhaooops sorry wrong window17:19
compdoccan I use regular petro, or do I need premium?17:19
XinZhaocrude oil would be best17:20
OerHekscompdoc, sounds like GPT to me, reading with fdisk17:32
OerHekstry parted -l17:32
jrwrenLeMike: there is no solution for that. You can use different ports than 22 in the host and map them to 22 in the container.18:03
antonispgshey guys21:54
antonispgs2TB, 16GB RAM how much swap and how big of a / directory would you suggest?21:54
jrwrenzero swap partition (or accept default, because its a hassle to do in installer) and install swapfile later to allow swapping as needed.  everything in /, no other partitions,  unless you tell us what you will be doing. ;]21:57
antonispgsintended as a seedbox, there is a control panel that does the original installation, i have the option to remove the /home directory and has 512MB of swap by default. not to be shared22:00
jrwrenif it is from a VPS reseller who specializes in seedboxes, I'd use their defaults.22:01
antonispgsyea makes sense22:02
antonispgsthats what i thought, i see the old double the ram rule is no longer suggested22:02
jrwrenno, I think that has not been true for a LONG time.22:09
LaserAllananyone in here any familiar with postfix and smtp?22:54
=== GitGud is now known as FitBud
JanCLaserAllan: there are several people who use it, but you better ask whatever question you have22:59
LaserAllanJanC: ok so i ahve setup my own mailserver and I seem to have some issues with my xymon monitoring and fail2ban to send stuff to my new email. not sure what logs to look through23:00
LaserAllanJanC: I am not sure where to look, what log files to check, I have checked mail.log and the email in question seems to have been processed but I am not sure what has happened to it after that23:02
JanCpostfix normally logs to /var/log/mail.log & /var/log/mail.err23:02
LaserAllanJanC: Lemme check mail.err23:02
LaserAllanthe err log has no activity since lik 6-7 hours back23:03
JanCif mail.log says that it was processed correctly you should check where it sends it too?23:03
LaserAllanit sends it to the correct domain but i cannot see it in thunderbird23:08
JanCcan you check the logs on the mail server for that other domain?23:09
LaserAllanHmm, do I have to setuip a myssql user for the failbvan mailing?23:10
LaserAllanthey Ive done it this far is having it mail my MS mail and the just forward it to my other email but its not a good solution23:10
JanCMS mail?23:11
LaserAllanMicrosoft23:11
JanCas in live.com/hotmail stuff?23:11
LaserAllanYes23:11
LaserAllanbut i now want it to you know be like "fail2ban" atmy domain23:11
JanCmake sure the domain you use in the From: allows sending mail from your server...23:11
LaserAllanWell it should since theyre both on the same server, i have tried sending to other emails and its worked so far23:12
JanCMicrosoft probably requires you to set up SPF and/or DKIM23:13
LaserAllanWell the reason I wanna change is so i dont hav eto deal with Microsoft anymore23:13
LaserAllanI have my domain emial and i want fail2ban to use that instead23:14
LaserAllanill give you an example of the log i found23:14
JanCif you have your own mail server, send it directly to that?23:14
LaserAllanthats what Ive done but it doesnt show up in the inbox :)23:15
LaserAllanah23:16
LaserAllanjust found the error23:16
LaserAllanI am stupid sometimes23:16
LaserAllanI had written "se" instead of com23:16
LaserAllannot weird that it doesnt work23:16
JanCLOL23:16
LaserAllan:D23:16
JanCPEBKAC23:16
LaserAllanI have just started to use Thunderbird23:16
LaserAllanits really neat to be honest23:16
JanCI use Evolution, because Thunderbird lacks/lacked some features23:17
LaserAllanInteresting23:17
JanCat least back when I last used it  :)23:17
LaserAllanEvolution you say?23:17
LaserAllanWhat features?23:17
JanCfiltering on mailing lists & such (IIRC Thunderbird now supports it somewhat with an addon, but still), bugs in the plain text editor, etc.23:19
LaserAllandamn23:19
LaserAllanMaybe i should look at Evolution23:19
JanCbut that was really years ago  :)23:19
LaserAllanhmm23:19
=== FitBud is now known as GitGud
LaserAllansince my fail2ban is also ran on the same server as the mailserver it should take miliseconds for the mail to arrive23:20
JanCat least 8-10 years ago23:20
LaserAllanweird23:20
LaserAllandamn:P23:20
=== Isla_de_Muerte is now known as NwS
JanCmail clients often only check for mail every 5min or so23:20
LaserAllanlemme see if i can do a manual refresh23:21
JanC(or every 15min or whatever you set it to)23:21
JanC(some IMAP servers & IMAP clients also support a push protocol, but that only works if both support it)23:23
LaserAllanhmm23:23
LaserAllanIt seems like it works now23:23
LaserAllannot sure though since when restarting fail2ban i usually get an email with it23:24
JanCcool, so problem solved  \o/23:24
JanCoh  :)23:24
LaserAllanI acutally dont know since ive not gotten the "start" mail its only sent the ips its banned:S23:24
LaserAllanhmm23:24
JanCban yourself?  ;)23:24
JanC(don't!)23:24
LaserAllanI guess i could or just use a vpn ip and fix it that wau23:26
LaserAllan"way23:26
LaserAllanok23:28
LaserAllanjust banned myself with an ip from romania23:28
LaserAllanok23:30
LaserAllanfail2ban hasn't sent me anything just yet23:30
LaserAllanhmm23:30
LaserAllanwill see if it happens soon then23:30
LaserAllanJanC: Well this is interesting but also abit frustrating it seems to not have sent an email about the ban it should have done23:34
LaserAllanthe ban is done but the actual email doesn't show up in mail.log23:34
LaserAllanJanC: Hmm23:42
LaserAllanThe log seems to have sent another fail2ban email but its showed up in the inbox for some weird reason23:42

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!