/srv/irclogs.ubuntu.com/2018/05/20/#ubuntu-server.txt

=== jaskal_ is now known as Guest74988
SynfulAck	Anyone know how to allow local lan traffic to a server(16.04) while its connected to a vpn(this case Private Internet Access). I think what i did last time but on centos was use the nm-cli utility and create some route and or metric change to make it prefer a method?	00:50
SynfulAck	Not familiar with ubuntu to know what to use if thats the case.	00:51
dpb1	I do something like this in /etc/network/interfaces	01:21
dpb1	post-up route add -host 8.8.8.8 gw 10.10.0.1	01:21
dpb1	(where host is some resource I want to add through my local router)	01:21
dpb1	*access through my local router	01:22
SynfulAck	dpb1, wb a more general catchall like -network 172.31.255.254 255.240.0.0 and etc to include all of the ipv4 private address space. Not sure i quite understand how that statement affects the network cause id assume if every private ip address was included it might just starting routing everything how it orignally was...	03:43
SynfulAck	i think i messed up that statement but you get the idea.	03:46
SynfulAck	dpb1, looks like it works using -net. Thx. Although if any problems came up relating to networking not sure i could make sense of this routing table lol...	07:51
mojtaba	Hello, I am using netcat to test a port that I have opened using ufw. But still it says Connection refused.	11:08
mojtaba	On VPS I ran: netcat -l 63263	11:08
mojtaba	on my laptop: netcat -n -v 167.114.185.238 63263	11:08
mojtaba	but I got (tcp) failed: Connection refused	11:09
mojtaba	Any idea?	11:09
mojtaba	ufw status: 63263 ALLOW Anywhere	11:09
kiokoman	mojtaba: there is something listening on that port ?	11:13
mojtaba	netcat	11:16
kiokoman	mojtaba: netcat is trying to connect to that port, but there must be something on the other side listening to that call else u get connection refused	11:30
kiokoman	even if it's open	11:31
RoyK	mojtaba: try tshark -f "port 63263" on the server side	11:34
RoyK	mojtaba: just to check if the traffic gets through	11:34
mojtaba	RoyK: netcat is listening on the server side!	11:40
mojtaba	by netcat -l 63263	11:40
tomreyn	mojtaba: try the netcat command you run on the client, but this time run it on the server (unmodified). does the listening netcat show the incoming connection?	11:43
mojtaba	tomreyn: What do you mean?	11:44
RoyK	mojtaba: sure, just thought it would be interesting to see if traffic ever arrives to the server	11:44
tomreyn	mojtaba: also, i think the command to make netcat listen would be: netcat -l -p 63263	11:44
tomreyn	mojtaba: opn your server, run this for listening: netcat -l -p 63263	11:44
mojtaba	tomreyn: Yes, -p flag was missing.	11:44
tomreyn	mojtaba: now, also on your server, run this: netcat -n -v 167.114.185.238 63263	11:45
tomreyn	does the connection get established according to both client and server netcat?	11:46
mojtaba	tomreyn: The flag -p was missing. but it is working now.	11:47
mojtaba	I was configuring openvpn, but the problem that I was facing was that, the connection was refused.	11:47
tomreyn	mojtaba: oh ok. i was thinking you meant you just forgot to write "-p" here	11:47
tomreyn	so everything works now, nice.	11:48
mojtaba	tomreyn: Have you any experience with openvpn?	11:48
mojtaba	:)	11:48
tomreyn	not much, a bit	11:48
tomreyn	others probably have more, just ask your questions.	11:49
mojtaba	I am getting Connection refused on port 63263/tcp	11:49
tomreyn	mojtaba: didnt you just say you solved this issue?	11:51
tomreyn	mojtaba: i mean, with netcat listening on your server and your laptop connecting to that it works, right?	11:52
Neo4	who know how to open port?	13:11
Neo4	I want this 51413	13:12
Neo4	put to my firewall in modem and can't see	13:12
Neo4	I tested port and it's closed https://ibb.co/j1jLAo	13:16
Neo4	in transmission	13:16
Neo4	I created torrent file and trying to get it on virtual computer but it doesn't work	13:17
tomreyn	you need to have something listen on this port (and on the correct network interface, and the correct IP address, or all of them) AND have no firewalls blocking it.	13:18
Neo4	tomreyn: do you know how create torrents file in ubuntu?	13:18
tomreyn	also, the ip protocol needs to be the same on server and client, e.g. tcp, udp, ...	13:18
tomreyn	most bittorrent applications will offer to do it for you or do it automatically.	13:19
Neo4	this is my file kselax.ru/Selection_066.png.torrent	13:20
Neo4	on virtual machine I wait and can't download	13:20
tomreyn	there's no tracker information on this torrent file.	13:22
Neo4	tomreyn: I added these trakers manually	13:26
Neo4	https://paste.ubuntu.com/p/wDCDcp8YjB/	13:26
Neo4	in my seed file and in virtual machine	13:26
Neo4	anyway didn't work	13:26
Neo4	tomreyn: https://ibb.co/nrkJVo	13:27
Neo4	I think my transmission works only accept files and not give	13:28
Neo4	https://github.com/transmission/transmission/wiki/Why-is-my-port-closed%3F	13:28
Neo4	or here	13:28
Neo4	https://ubuntuforums.org/showthread.php?t=2347463	13:28
Neo4	Need somehow open port 51413	13:29
tomreyn	Neo4: here's how you test whether your server port is firewalled: on the server, stop bittorrent. then run "nc -l -u -vv -p 51413"; now run this on a different computer, such as your desktop / laptop (which needs to connect to the server over the internet): "nc -vv -u -p 51413 SERVERIP" - replace SERVERIP by the public IP address of your server before you do.	13:32
tomreyn	the client should then connect to the server and any text you type on the client needs to actually show up on the server, and vice versa.	13:33
tomreyn	if all of this works then you have verified that your server port is not firewalled. if it does not work then your server port is probably firewalled. inspect "iptabes -L", if there's nothing clocking connections then talk to your server hosting provider.	13:34
tomreyn	blocking	13:35
tomreyn	(not 'clocking')	13:35
Neo4	this nc -vv -u -p 51413 46.200.157.129 shows error	13:36
Neo4	nc -l -u -vv -p 51413 this works	13:36
Neo4	when off bittorrent show port is free	13:37
Neo4	when bittorren on port is busy	13:37
Neo4	tomreyn: this I did from my VPS	13:37
Neo4	https://paste.ubuntu.com/p/PNNgtChGKS/	13:37
Neo4	here something about ports	13:49
Neo4	https://transmissionbt.com/help/gtk/2.8x/html/preferences.html#network	13:49
Neo4	where that automatically map port? there not exists item	13:52
Neo4	https://transmissionbt.com/help/gtk/2.8x/html/portforward.html	13:52
tomreyn	Neo4: sorry, the command for client was incorrect, use: nc -vv -u 46.200.157.129 51413	14:00
Neo4	tomreyn: https://paste.ubuntu.com/p/KF7sBhxdwt/	14:01
Neo4	mean port opened	14:01
Neo4	transmission closed, now I'll open and test	14:01
Neo4	equal result	14:02
Neo4	transmission test show closed port	14:02
=== RoyK^ is now known as RoyK_Heime
Neo4	tomreyn: see https://ibb.co/fDAzLo	14:04
tomreyn	Neo4: so your netcat client claims it connected fine to the server, but since this is udp (and not tcp) this statement is not reliable. this is why i'm saying you need to type text on the client and server netcat and make sure it is printed on the other end.	14:04
Neo4	if you have transmission you can test yours port	14:04
tomreyn	keep transmission off during these tests	14:04
Neo4	I'll try	14:05
Neo4	I think all right with ports	14:05
tomreyn	that's because only one application can listen on a port at a time.	14:05
Neo4	Can somebody reach this page? http://46.200.157.129	14:32
Neo4	What is there?	14:32
Neo4	tomreyn: try this url	14:32
Neo4	I see for router need strong password, anybody can reach it	14:33
jon_	Hi all. Would this be a good place to ask a question about ssh (on ubuntu-server)?	14:38
Neo4	jon_: yes	14:40
Neo4	jon_: what the problem?	14:40
jon_	I can't ssh (Permission denied (publickey)) until after I log in at console.	14:40
jon_	Neo4, PubKeyAuthentication is yes, PasswordAuthentication is no	14:43
Neo4	jon_: yes, after installing ssh key to your server	14:44
Neo4	it will forbid use password	14:44
jon_	well pubkey auth works but just not after reboot and before a console log in.	14:45
jon_	Neo4: timeout for that addr on 80 and 443	14:47
Neo4	jon_: you need this variable	14:47
Neo4	PasswordAuthentication no	14:47
Neo4	PubkeyAuthentication yes	14:47
Neo4	ChallengeResponseAuthentication no	14:47
jon_	Neo4, those variables are set that way	14:49
Neo4	jon_: check status	14:49
Neo4	sudo systemctl status ssh.service	14:49
Neo4	should be enaubled	14:50
Neo4	it very top	14:50
Neo4	or make	14:50
Neo4	sudo systemctl enable ssh.service	14:50
jon_	is enabled	14:51
Neo4	jon_: good it means it will run after each reload automatically	14:51
tomreyn	jon_: unable to login via ssh until you logged in on the console, that's not something i've run into before. are you sure this is related?	14:51
Neo4	try make login to server using ssh key	14:51
Neo4	ssh -i path_to_your_public_key your_user@ip_addres	14:51
tomreyn	do auth.log records look different pre and post console login?	14:51
Neo4	jon_: if you can connect, change forbid password, put thouse three varialbes, restart server. and check promt it password or only public key	14:52
tomreyn	the only way i could imagine the console login coming into play there is if the system enters some sleep mode before you do.	14:53
jon_	tomreyn, I'm not sure but that's what happens. Websearching retuns nothing so seems very obscure. It's a vm on ESXi but not sure if that's relavent.	14:53
tomreyn	jon_: so how about auth.log?	14:54
tomreyn	also, does the system boot up completely?	14:54
tomreyn	Neo4: it is not an sshd configuration issue.	14:55
Neo4	you don't off ssh password, just set up ssh key and reload server, and check if you can go using key	14:55
tomreyn	it's also not an issue with how he authenticates.	14:55
jon_	checking...	14:56
Neo4	tomreyn: maybe his ssh off and he can't log in	14:56
Neo4	ok	14:56
tomreyn	we can rule this out since it works after console login, iwith unmodified sshd configuration and ssh client authentication	14:56
jon_	before console login auth.log shows: Connection closed by <ip> port <port> [preauth]	15:01
jon_	dmesg looks ok	15:02
jon_	<ip> about is the client ip	15:05
jon_	abouve	15:05
tomreyn	jon_: are you sure the system is fully booted by the time you login to the console? can you show "systemd-analyze blame" and "systemd-analyze critical-chain"?	15:11
tomreyn	i meant to ask: are you sure the system is fully booted by the time you try to ssh in first?	15:12
jon_	systemd-analyze results: https://pastebin.com/dl/TCg94Mu7	15:17
jon_	hold on	15:17
jon_	https://pastebin.com/TCg94Mu7	15:17
tomreyn	same url	15:18
jon_	second one without /dl	15:18
tomreyn	oh right. please use paste.ubuntu.com or some pastebin which doesn't require the other party to work around riddles in the future.	15:19
jon_	I believe it's fully booted. Trying to log in after a minute or an hour is the same.	15:20
jon_	Thanks. Didn't know paste.ubuntu.com existed.	15:21
tomreyn	(pastebin.com can't be accessed from tor without solving a google captcha and accepting their cookies, has referer checks preventing direct access to some locations, requires filling a captcha to post in some cases.)	15:22
jon_	They must not like you :), doesn't do that to me. https://paste.ubuntu.com/p/q8ZNH38yYz/	15:23
tomreyn	must be that. ;) okay the systemd boot looks fine, and i'm still not sure what the problem could be.	15:23
jon_	And I block everything google.	15:24
tomreyn	at this point i guess i'll just back up the ssh configuration and reinstall it.	15:24
tomreyn	at this point i guess i'll just back up the ssh configuration and purge and reinstall openssh-server.	15:24
jon_	ok. purging and installing...	15:26
tomreyn	also its dependencies	15:26
tomreyn	first purge openssh-server and everything related, then install it all again.	15:27
jon_	ok. Do you mean autoremove after purge?	15:30
tomreyn	jon_: --purge autoremove is good, yes.	15:30
tomreyn	i'd also purge libssl1.0.0, then install again, maybe the openssh client, too, and maybe also the pam libs. apt-cache show openssh-server \| grep ^Depends: \| head -n1	15:33
jon_	tomreyn, trying to remove libssl1.0.0 complains about python-apt-common and errors out	15:43
jon_	"umnet dependencies"	15:44
tomreyn	jon_: right, it could break your system, maybe don't do it. if you still want to do it you'd need to purge uit using dpkg --purge	15:50
jon_	tomreyn, yes I was using using apt. I tried only purging openssh-server and reinstalling to the same result.	15:52
jon_	I have a snapshot so here goes....	15:52
chamar	elezium	15:58
jon_	tomreyn, I tried the default sshd_config and was able to log in via password. Going to compare configs. Thank you very much for your help and time. I'll post back here if I figure it out.	16:06
jon_	Neo4, thanks for the help.	16:07
SmirGel	In my NAS server I've tried to make the HDD to go sleep after 5 hours of idle and seagate ironwolf seems to be ignoring all the commands.	16:22
trippeh_	hum. isc-dhcp-server6 keeps crashing on bionic	16:50
trippeh_	../../../lib/isc/heap.c:251: REQUIRE(idx >= 1 && idx <= heap->last) failed, back trace	16:50
=== mgagne is now known as Guest74322
jon_	tomreyn, this ssh thing is so strange. With Password and PubKey on, it asks for a password the first time after reboot but uses pubkey after that. Same as before I guess but it could ask for the password the first time.	18:37
jon_	*couldn't	18:37
jon_	oh well	18:37
=== Tm_T is now known as Guest84611
jon_	tomreyn, Turns out /home is encrypted which needs the password to unlock before sshd can read authorized_keys. I moved that file out of home, pointed the config to and it works now. No .bashrc anymore but that is minor. Thanks again.	19:15
jon_	Neo4, Turns out /home is encrypted which needs the password to unlock before sshd can read authorized_keys. I moved that file out of home, pointed the config to and it works now. No .bashrc anymore but that is minor. Thanks again.	19:15
Neo4	jon_: ok	19:16
Neo4	jon_: can't torrent make	19:17
Neo4	https://forum.transmissionbt.com/viewtopic.php?f=1&t=19086	19:17
Neo4	can create torrent file and can't load using it from virtual machine	19:18
jon_	Neo4, I don't know about torrents. Is it specific to that or can you not download any file?	19:19
tomreyn	jon_: nice trick there	19:20
Neo4	jon_: yes, download can,and with torrent you can select any file and create your own torrent file, then put it to torrent site	19:20
Neo4	for example if you have 50Gb books collection you can easy share it on your site	19:21
jon_	How are you trying to download it? wget?	19:22
Neo4	or even a a few terrabaits with torrent not problem	19:22
Neo4	double click on file	19:22
Neo4	jon_: this file http://kselax.ru/Selection_066.png.torrent	19:23
Neo4	it won't work	19:23
Neo4	I need to try in windows using mtorrent	19:23
jon_	so you're in a vm that's running on vmware?	19:25
Neo4	from this site I can download, but can't share http://rutracker.org/forum/index.php	19:25
Neo4	jon_: no, seed runs on my local computer and on vm I run one more transmission and try download	19:26
Neo4	I don't know how it should work	19:26
Neo4	there exists trackers, it might any computer who has file say tracker site that he has full file and can give access to dowload. This calls seed	19:27
jon_	No idea. Torrents are out of my wheelhouse at this time.	19:28
Neo4	and user who don't have file say tracker site that they want to download, and might tracker sites connect seeds with leetches	19:28
Neo4	jon_: ok, :)	19:28
Neo4	this is very interesting theme	19:28
=== pleia2_ is now known as pleia2

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!