New shell server transition

Advanced feature discussion, beta programs and unsupported "Labs" features.
316 posts Page 24 of 32
by fw » Thu May 17, 2018 7:17 pm
A few notes:

I'm definitely running afoul of some sort of idle timeout, and it's in not very many minutes (though I haven't yet measured the exact duration). This is with bash. I haven't yet changed any ssh settings, but according to the documentation, TCP keepalive is enabled by default, which should both keep the TCP connection from dropping and keep the NAT mapping from timing out (as long as the keepalive interval is shorter than the NAT timeout). I haven't tried fiddling with ServerAliveInterval yet.

There doesn't seem to be a way to disable the motd at login without also disabling the "last login" message (and possibly other messages of interest). The old server honored the .no-motd flag file, but the new one ignores it. Using .hushlogin is overly heavy-handed.

The new server doesn't add ~/bin to PATH globally, which the old one did. Perhaps this was intentional, since binaries built for oldshell won't necessarily work (due to missing libraries), but it means that some tweaking of local startup scripts is needed to get that effect.

The chroot containerization unfortunately separates multiple sessions from the same user. On oldshell, when something I'm running goes out to lunch, I can log in another session and kill the offending process, but that's not possible on the new server. It would be better if the containers could be per-userid rather than per-session, though I don't know how easy that would be to implement. A kludgy workaround might be to have special versions of ps and kill that could reach outside the chroot jail (while still being userid-constrained). And of course, if any real use is made of groups, containers would need to be per-group.

Fred Wright
by lr » Fri May 18, 2018 11:51 pm
fw wrote:I'm definitely running afoul of some sort of idle timeout, and it's in not very many minutes (though I haven't yet measured the exact duration). This is with bash.
Doesn't happen to me. I also use bash, and the idle timeout seems to be as long as on the old system, perhaps half hour or an hour or so. Matter-of-fact, when I'm in emacs, I sometimes find that I stay logged in for many hours, even though the shell window is minimized. But not always; occasionally I find that an emacs session was auto-logged out after inactivity.

As you explain, the real cause of the auto-logouts is probably in the TCP layer.
The new server doesn't add ~/bin to PATH globally, which the old one did.
True. Maybe that could get fixed, to make life easier for folks? On the other hand, this is not the standard on other machines and OSes either. I have a single .bashrc which is used on Sonic's shells machine, Linux machines at work, my FreeBSD server at home, and MacOS laptops; it starts by massaging the path, and adding ~/bin/ is the very first step. So this didn't affect me.
Linda and Ralph and John; 735 Sunset Ridge Road; Los Gatos, CA 95033; 408-395-1435
by coad » Wed May 23, 2018 2:06 pm
After the 1330 reboot today I can't log on to the new shell server. Here is the output I am seeing:


<motd>
_____________________________________________
==== THIS IS THE NEW SHELL HOST ====
If you need to connect to the old shell host, please
connect to oldshell.sonic.net.
For assistance, please post to
viewtopic.php?f=13&t=5350
... or email shellmaster@sonic.net
====================================
/bin/tcsh: Permission denied
Connection to sh.sonic.net closed.

Thanks!

--paul
by goetsch » Wed May 23, 2018 2:12 pm
Home directory empty again as of (at least) 2:08pm today, May 23, 2018.
by scott » Wed May 23, 2018 2:57 pm
Should be able to log in now.

I did test it (of course) after rebooting, but naturally it had to hiccup.

-Scott
by warriorz » Wed May 23, 2018 3:22 pm
Still not able to login @ 3:21pm on May 23rd.

Also seeing...

<motd>

==== THIS IS THE NEW SHELL HOST ====
If you need to connect to the old shell host, please
connect to oldshell.sonic.net.
For assistance, please post to
viewtopic.php?f=13&t=5350
... or email shellmaster@sonic.net
====================================
/bin/bash: Permission denied
Connection to sh.sonic.net closed.
by coad » Wed May 23, 2018 3:23 pm
PTY allocation request failed on channel 0
/bin/tcsh: Permission denied
Connection to sh.sonic.net closed.

Still no luck so far.

--paul
by scott » Wed May 23, 2018 3:35 pm
coad wrote:PTY allocation request failed on channel 0
/bin/tcsh: Permission denied
Connection to sh.sonic.net closed.

Still no luck so far.

--paul
I think I have the system set up to "self-heal" when this occurs now.

Now I'm looking at the source of systemd to try to figure out why it is unmounting /dev/pts.

-Scott
by gie » Wed May 23, 2018 4:00 pm
Also still unable to log in to new shell machine as of 3:59pm, instantly disconnects. Old shell working fine.
by scott » Wed May 23, 2018 4:37 pm
gie wrote:Also still unable to log in to new shell machine as of 3:59pm, instantly disconnects. Old shell working fine.
This was probably denyhosts kicking in.

I feel bad about all the troubles this caused. The kernel update might have been able to wait until the wee hours of the morning, but it was a pretty urgent security update. We want our systems to be "secure,reliable,rapid"[*] , in that order. Working on the "reliable" part now.

-Scott
[*] bonus points if you know where this stanza is from
316 posts Page 24 of 32

Who is online

In total there are 35 users online :: 0 registered, 0 hidden and 35 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: No registered users and 35 guests