/srv/irclogs.ubuntu.com/2016/10/05/#ubuntu-server.txt

hallynupstart had problems?  bah!00:01
RustyShacklefordwell this is more an osx question, but regarding ssh00:05
RustyShacklefordI am setting up a dotfiles repo to back up and share my dotfiles between computers00:05
RustyShacklefordattemping to ln -s ~/dotfiles/sshconfig ~/.ssh/config00:05
RustyShacklefordif I instead cp the file, it works as expected. But with the symlink, it doesn't seem to follow the symlink00:06
sarnoldRustyShackleford: ssh is picky about permissions. make sure the file is chmod 600, and the directory is 700. Even then it may not work, but that might help.00:13
RustyShacklefordI will double check00:13
RustyShacklefordyeah those are the permissions00:15
RustyShacklefordI suppose copying it isn't the worst thing every00:17
RustyShacklefordbut it would be nice to edit it, have the changes reflected in my git repo, and then push it up00:17
sarnoldRustyShackleford: okay, next step, tracing the thing00:17
sarnoldRustyShackleford: I can't remember os x very well, it's probalby something like "kdump ssh localhost" followed by "ktrace"00:17
sarnoldRustyShackleford: look for the open() systemcall that refers to the ~/.ssh/config file00:18
sarnold(searching for "config" is probably the best bet)00:18
sarnoldI'm curious if your ssh client uses the O_NOFOLLOW open flag. (mine doesn't.)00:18
RustyShacklefordhm kdump is not found00:19
RustyShacklefordokay what the heck is going on here?!00:20
RustyShacklefordwell it works lol00:20
RustyShacklefordI had tried this a week ago, gave up when it was not working. So I just set it up again and this time it works :/00:21
sarnoldhah :)00:23
sarnoldmaybe you need to install some developer's kit to get decent syscall tracing tools on OS X?00:23
RustyShacklefordhow would you feel about keeping private keys in a (private) dotfiles repo as well00:24
sarnoldif your passphrase on the keys is decent, it's alright00:24
RustyShacklefordI usually use no passphrase hah00:25
RustyShacklefordi'm not so secure sometimes for the sake of convenience. I should also find a more secure way to store my passwords00:25
nastronautRustyShackleford: have you tried verifying that the symlink actually worked? if you do an `ls -al` should return something like this:00:33
nastronautlrwxr-xr-x   1 user staff   37 Aug 25 11:31 config -> /Users/user/dotfiles/ssh_config00:33
=== Mobutils_ is now known as Mobutils
ndboostevening folks00:58
ndboostregarding an iptables question, using s3 what do i need to allow inbound for it to work00:58
RustyShackleforddo you think home internet connections throttle port 22?02:28
tewardRustyShackleford: depends on the ISP02:28
RustyShacklefordcomcast02:28
RustyShacklefordjust curious how I could test that02:29
RustyShacklefordalso curious if you get less spambots if you use an alternate port02:29
tewardRustyShackleford: IIRC they don't filter traffic in/out or throttle things on those ports, but only Comcast would have the answer02:29
sarnoldit'd be easier to just test rather than trying to -talk- to someone there who would know02:29
tewardRustyShackleford: security through obscurity only works... for a little bit.  OBscuring the port is fine, but disable password auth, use key auth, etc.02:29
tewardyep.02:29
RustyShacklefordsarnold: you need to be on hold for an hour before you can speak to someone worth a damn02:30
sarnoldRustyShackleford: only an hour? that's better than I expected :)02:30
RustyShacklefordI had a server exposed to the internet for a while02:31
tewardRustyShackleford: Really?  I have at least twenty :P02:31
RustyShacklefordits crazy how many people try to log into my random ip address02:31
tewardRustyShackleford: service scanners, brute forcers, botnets, etc.  drivebys most likely02:32
RustyShacklefordfail2ban helps a bit02:32
tewardRustyShackleford: though, that's *anything* connected to the internet.02:32
RustyShackleforddo you think they scan only 22, 80 and the obvious ones?02:35
RustyShacklefordI wonder how much using 22000 or something would cut down on drive-bys02:35
sarnoldI put mine up on 2222 when I travel, and it gets plenty of scans; don't pretend it'll be silent up there02:36
sarnoldit may be less, but whole-internet scanning is commonplace and cheap these days02:36
Ben64they don't scan every port though02:38
RustyShacklefordcan't remember if the ssh logs show which port they attempt to connect on02:38
RustyShacklefordI could enable them both and see which gets more hits02:39
RustyShackleforder, the difference in the number of hits02:39
Ben6422 wins for sure02:40
Ben64over 2000 hits on my ssh in the past 24 hrs02:43
Ben6499.3% for root02:44
Ben64don't even have root ssh enabled, you silly bots02:44
=== php_ is now known as php
RustyShacklefordI need a domain for this server04:47
RustyShacklefordi'm so uncreative04:47
SeveasRustyShackleford: uncreative.space :P06:17
Choups how do i run tor, in a ubuntu 16.04 ?07:00
Choupsi need an app to use tor as proxy07:00
Choupsso i need tor to be runing on the machine07:00
Choupshow do i do it?07:00
jamespagecoreycb, I remember that it was suggested that was a good idea08:00
cpaelzerjamespage: I pushed the openvswitch changes to the repo and uploaded08:49
cpaelzerjamespage: I also added the ubuntu1 release you had in the repo and tagged yours and mine so that repo matches reality08:49
jamespagecpaelzer, good morning!08:50
jamespagesorry yesterday was frenetic for a number of reasons08:50
* jamespage looks08:50
cpaelzerjamespage: totally fine - as I said I want to help not to disturb :-)08:51
cpaelzerjamespage: so I did what I announced to you and know that in case of blergh we can still fix and upload more if needed08:51
cpaelzerjamespage: I also have something written up for the ovs-dpdk charming that I'm about to send08:51
cpaelzerjamespage: anyone but you to add as CC on that?08:52
cpaelzera.k.a did get that work to be done by somebody else?08:52
jamespagecpaelzer, no it will get in the right queue08:52
=== _degorenko|afk is now known as degorenko
=== Malediction_ is now known as Malediction
PjusurWhats the major difference between a standard Ubuntu server install and a minimal one? just fewer packages install by default?10:34
rbasakPjusur: if you're referring to the options in the traditional installer, then that's the only difference.10:39
Pjusurrbasak: Yes :), the F4 option after boot before install, tnx mate10:40
rbasakpowersj: for bug 1629890, my understanding of the typical use case for mongodb says that it's more than wishlist for the process limit to be so low - I'd make it High rather than Wishlist11:04
ubottubug 1629890 in mongodb (Ubuntu) "/lib/systemd/system/mongodb.service should set LimitNOFILE" [Wishlist,Triaged] https://launchpad.net/bugs/162989011:04
rbasakAlso bitesize perhaps?11:04
zioprotohello12:38
coreycbjamespage, is network access in unit tests limited to ppas?  python-k8sclient tests are getting 404's when backporting to the staging ppa, but ran ok on yakkety.13:19
coreycblack of network access, that is13:19
jamespagecoreycb, hmm13:19
jamespagethe builders all have limited egress13:20
coreycbjamespage, ok, interesting13:20
gargsmsI am trying to write a custom log for Apache. For any log entry ending with 0, I am using this declaration, just to test ```CustomLog "|/bin/bash -c 'if [ awk \'{print $NF}\'` -eq 0 ]; then logger -s ; fi" combined``` Nothing gets logged to syslog in this case. However, if I just do logger -s, then the entry is logged completely.13:50
powersjrbasak, ok - however the link you provided makes me think we shouldn't yet14:16
rbasakpowersj: I stuck it in the backlog. Perhaps we should just check deeper that mongodb doesn't use FD_SET.14:18
rbasak(it seems unlikely)14:18
=== JanC is now known as Guest96823
=== JanC_ is now known as JanC
kaslcrofDoes anybody know the way to propose changes to UCA(Ubuntu Cloud Archive). There is problem with file io.murano.zip [1] which is contained in murano-common package [2] . The problem is file io.murano.zip exist in package (murano-common) but it is in the wrong directory(/usr/share/murano-common/ but should be in /var/cache/murano/meta/).[1] https://review.openstack.org/#/c/250436/ [2] http://mirror.regionone.osic-cloud1.openstack.org/ubuntu-clou16:23
kaslcrof<kaslcrof> d-archive/pool/main/m/murano/16:23
jgrimmcoreycb maybe ^^16:23
coreycbkaslcrof, hi which release of openstack is this for?16:25
kaslcrofcoreycb, it is for newton16:55
coreycbkaslcrof, I think it makes sense where it is stored in /usr/share/murano-common.  but if you want we can switch over to #openstack-pkg and we can chat with zigo to get his thoughts (since this package originates in debian).17:02
jgrimmthanks coreycb17:08
kaslcrofcoreycb, many thanks.17:10
zulcoreycb: barbican uploaded17:48
coreycbzul, thanks17:48
dannfsmb: thx for the libvirt SRU upload! will verify asap17:51
coreycbjamespage, zul, ddellav: I had to manually backport python-k8sclient to newton-staging.  for some reason backport_package couldn't backport it successfully (maybe interference with port 8080?).18:39
zulcoreycb: ack18:39
zulcoreycb: bug deweeding is so much fun20:08
coreycbzul, what are you up to?20:09
zulcoreycb: deweeding ubuntu/nova bugs on launchpad20:09
coreycbzul, awesome20:10

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!