IRC Logs for #crux-devel Thursday, 2015-08-27

*** mavric61 has quit IRC03:12
*** _mavric61 has joined #crux-devel03:13
*** Romster has quit IRC03:58
*** Romster has joined #crux-devel04:04
*** Workster has quit IRC06:14
Romsterroot@10.0.0.23's password:09:08
RomsterPermission denied (publickey,password,keyboard-interactive).09:08
Romsteroh nice 3 headless pcs i have here i can't log into...09:08
Romsterafter a sysup and shutdown. then i fired them up today all but 3 i can't log into wtf09:09
frinnstdid you rejmerge the sshd config?09:55
frinnstthey changed the default to not allow password root logons09:55
frinnstonly pub-key09:55
prologicoh nice10:00
frinnstnot for romster :)11:37
frinnstperhaps I should have done a [notify]-commit for it11:37
Romsterno i did not rejmerge a thing11:50
Romsteri saw no reason too in the commit message11:50
Romsternow i'm locked out of them 311:50
Romsterso i'll have ot fix them when i feel like it11:51
Romsterwith a monitor and keyboard11:51
frinnstif you didnt rejmerge you probably never explicitly set to allow root login in the sshd_config11:56
*** Romster has quit IRC12:03
*** Romster has joined #crux-devel12:04
rmullIn that case, would sshd fail to start though?13:00
frinnstit wouldnt unless it errors out when it finds an old key but iirc it doesnt13:01
frinnstit would, if romster uses root to login though :)13:02
rmullshaaaame!13:02
Romsteri was using root13:04
Romsterbecause they are only accessible at home behind my firewall13:04
Romsteror were13:04
frinnstwell nothing wrong with only using root if they are segregated13:05
Romster-#PermitRootLogin yes13:57
Romster+#PermitRootLogin prohibit-password13:57
Romster-_-13:57
Romsterdon't you think that should of been mentioned13:57
jaegermaybe you should set up some kind of central configuration management like puppet13:59
frinnstor ansible13:59
pitilloRomster: the problem relays in dsa keys14:02
Romsteri thought about that but been lazy14:02
Romsternow i have to plug in hardware to fix them 314:03
pitilloif no password allowed... you need to add to ssh_config (or explicit the option manually) PubkeyAcceptedKeyTypes +ssh-dss*14:03
Romsternot gonna bother tonight14:03
pitillogive a try adding that to the client options if you are connecting from a crux machine or ssh 7 client14:04
Romstermeh and one of the boxes is behind two others... in the corner... not easy to get too14:05
Romsteri just went to force the power off on them14:05
pitillogive a try to that before doing that :)14:06
Romsterthere locked out i can't get in to them14:06
Romsteri was just using a root password14:06
Romsterjsut for distcc use mostly.14:06
Romster#PermitRootLogin prohibit-password14:06
pitillouf, then that's another history and it should be related to prohibit-password14:06
Romsterscrewed that over i saved 3 from the same fate14:07
Romsterso 3 locked out 3 i just saved from being locked out of14:07
Romsternot impressed14:07
pitillohere the problem were dsa keys... after the update... they were rejected until I found that clue14:07
Romsterah14:08
Romsterbecause the key length got moved to 2048 bits?14:08
jaegerunrelated to ssh the ML complaint about ncurses seems to be irrelevant14:08
Romsterand dsa version 1 got locked out or something.14:08
jaegereven though there's no backslash the configure options are quoted so it isn't really needed14:08
pitillono idea why really... I think it's related to type, not strenght, but may be I'm wrong14:08
jaegerIf you were already using ssh2 it shouldn't matter much14:09
Romsterat least the box is here and not some long drive away14:09
jaegerI have some old networking devices that use ssh1 and rsa that I have to force at work14:09
pitillohow did you that jaeger? do you mean adding that option or rebuilding keys?14:10
jaegerone example from work:14:10
jaegerKexAlgorithms +diffie-hellman-group1-sha114:10
jaegerHostkeyAlgorithms ssh-dss14:10
pitilloI saved a travel to home to fix the ARM devices Romster14:10
pitillolet's see if I can read about HostkeyAlgorithms14:11
Romsterah14:13
Romsterthanks for that tip though.14:13
jaegernp, hope it's useful14:14
jaegerto go back for a second to the ncurses thing, the backslashes could be removed from the file entirely14:15
jaegerfrom Pkgfile, I mean14:15
jaegercan anyone else verify that ncurses builds fine in 3.2 if you remove the backslashes from the local OPTIONS definition?14:37
jaegerI can't imagine why it wouldn't work but just wanted to test before I push an update14:37
rmulljaeger: Works fine for me with the backslashes omitted14:50
jaegerthanks!14:51
jaegerok, pushed a tiny update for ncurses in 3.215:13
jaeger... and broke gitweb again15:13
rmullThere was a change to crux's ssh recently that affected ssh1 key support15:31
rmullSo I guess that's why people are having problems15:31
rmullthough I think it was to just remove the keygen step in the init script15:31
rmullsshd itself no longer supports ssh1 by default, or something.15:32
jaegerIt was a change to openssh upstream in 7.015:32
jaegerthey disabled ssh 1 and rsa support by default15:32
jaegeryou can still enable it if required but yeah15:32
rmullright15:37
jaegerwhere is the libdevmapper version in the LVM2 source?16:32
jaegerI guess the WHATS_NEW_DM file16:33
jaegerRomster: It's been a long time since we last discussed this, what do you think about replacing the docbook-xml setup with this?: http://sprunge.us/YYTi16:51
jaegerI've been using it on my workstation here for a long time now16:51
jaegersince around march 10th16:52
frinnstyeah, the current setup is broken anyways16:57
jaegerexactly16:58
jaegerhaha, just now one of my VMs failed to build tdb because docbook-xml failed :P16:59
jaegergreat timing16:59
frinnst:)17:02
jaegerteK__: I don't think the git-to-rsync fix was sufficient17:23
jaegerwhen I updated the terminus ports the rsync repo didn't get updated17:23
jaegerI did it manually just now but something's still fubar17:24
jaegerinteresting, ssh seems to force a umask of 02219:25
jaegerI can set umask in my .bash_profile and after I log in it's set to 002 correctly... but if I run 'ssh crux.nu "umask"' I get 022 back19:25
jaegerumask in .ssh/rc also seems to have no effect19:27
jaegerinteresting, if I set umask in .ssh/rc and echo it, it's correct until the actual command gets run19:28
jaegerumask is: 000219:29
jaeger002219:29
jaeger.ssh/rc has two commands in it: "umask 002" and 'echo "umask is: $(umask)"'19:29
*** deus_ex has quit IRC19:40
*** deus_ex1 has joined #crux-devel19:40
*** Workster has joined #crux-devel23:54
*** Workster has quit IRC23:54
*** Workster has joined #crux-devel23:54

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!