/srv/irclogs.ubuntu.com/2020/12/02/#ubuntu-server.txt

=== ijohnson|lunch is now known as ijohnson
=== jelly-home is now known as jelly
lordievaderGood morning07:55
=== denningsrogue9 is now known as denningsrogue
bumblefuzzI have a server that won't display the motd16:00
bumblefuzzand I can't figure out why16:00
bumblefuzzwhen I run 'cat /run/motd.dynamic' it returns no such file16:01
UssatThings that make you go WTF, actual email I got this am:  "Could you check and see why I am not able to access bridgebox, see the attached screenshots for details. I just moved to a new office space and have a new ip address "16:02
bumblefuzzok, so when I run 'sudo run-parts /etc/update-motd.d/' I get the motd16:04
bumblefuzzso something is keeping these scripts from running16:05
bumblefuzzany ideas?16:05
sdezielUssat: at least they made the connection between the IP change and the loss of access ;)16:14
bumblefuzzhow can I figure out why motd isn't showing on login?16:22
UssatTrue(ish)16:25
sdezielbumblefuzz: showing motd on login is /etc/pam.d/login's job16:26
sdezielbut since you don't seem to have motd.dynamic generated, that not going to help you :/16:26
bumblefuzzso, why isn't it generating motd.dynamic?16:29
sdezielthat's what I'm trying to figure... this used to be simple but it isn't anymore16:29
sdezielbumblefuzz: is motd-news.timer enabled for you? check with "systemctl is-enabled motd-news.timer"16:32
bumblefuzzenabled16:33
sdezielI'd check the journalctl output of the .timer and accompanying  .service, maybe they failed16:35
bumblefuzzsorry how do I do that?16:41
bumblefuzz'journalctl | grep motd-news.timer' shows 'succeeded' many times16:48
bumblefuzzsame for journalctl | grep motd-news.service16:49
bumblefuzzno failures in either case16:49
sdezieljournalctl -b0 -u motd-news.service17:02
bumblefuzzno entries17:12
sdezielthat means it didn't run for the current boot17:13
bumblefuzzso, how do I get it to run?17:28
bumblefuzzit's enabled in /etc/default/motd-news17:30
sdezielbumblefuzz: man update-motd says that pam_motd is the one running the scripts in /etc/update-motd.d/. I'd double check this is invoked when you log in17:34
bumblefuzzgrep motd /etc/pam.d/* shows https://paste.ubuntu.com/p/fmRfztJhBT/17:45
sdezielbumblefuzz: if you are using SSH to log in, check what sshd's UsePAM is set to17:50
bumblefuzzthat's it17:54
bumblefuzzI enabled it and it worked17:56
bumblefuzzI don't understand what PAM is17:56
bumblefuzzor what enabling/disabling it at login does17:56
sdezielbumblefuzz: oh cool!18:05
=== ijohnson is now known as ijohnson|lunch
bumblefuzzI see some stuff that says it's password authentication18:18
bumblefuzzand others that it's for plugins?18:18
bumblefuzzif I'm using ssh keys wouldn't it be better to turn password authentication off?18:19
sdezielbumblefuzz: yes, PasswordAuthentication=no is always better if it works for you18:20
sdezielI'd say it's one of the easiest way to improve your SSH security18:21
bumblefuzzright... but what is the UsePAM field for?18:24
sarnoldbumblefuzz: PAM is a pluggable authentication tool; it's what lets you swap between using local /etc/shadow vs using sssd vs using ldap and kerberos, etc18:57
sarnoldbumblefuzz: openssh comes from the openbsd project; they hate the PAM idea, and just use /etc/shadow18:58
sarnoldbumblefuzz: if you disable PAM in openssh, I think all you're left with is /etc/shadow support baked into openssh itself, not the PAM stack that the rest of your system is using18:58
sarnoldbumblefuzz: I think if you ran openssh as a *user* account on a high-port with no ability to log in as another user, you might also need to unset the UsePAM, but I've not personally tried that one18:59
=== Mollerz3 is now known as Mollerz
=== ijohnson|lunch is now known as ijohnson

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!