New shell server transition

Advanced feature discussion, beta programs and unsupported "Labs" features.

316 posts Page 18 of 32

Re: New shell server transition

by scott » Fri Apr 20, 2018 12:15 pm

lr wrote:
pitb wrote:I can't run at commands. ls -A run under at gives only .history and .ssh directories and no files.
Those are exactly the same symptoms I had yesterday, when the file system had leaped into the toilet and pulled the chain. Paging Scott, Scott to the white courtesy phone please ...

Actually, that was a completely separate problem. Needed a change to /etc/pam.d/atd -- fixed.

-Scott

: scott

Posts: 298

Joined: Wed May 18, 2011 6:07 am

Location: Santa Rosa, CA, US

by scott » Fri Apr 20, 2018 12:50 pm

utilika wrote:Thanks for all the details. The significant issue in this case seems to me to be whether a class of users has had their .ssh directories evaporate, or whether I am the only one. If it’s the former, then bulk restoration should be considered.

I honestly have no idea why your .ssh directory would disappear. I don't see it in any of the netapp snapshots. There's nothing on the system that would automatically remove it.

I'll bring this up with my colleagues and see if they can think of what might have happened.

-Scott

: scott

Posts: 298

Joined: Wed May 18, 2011 6:07 am

Location: Santa Rosa, CA, US

by utilika » Fri Apr 20, 2018 1:12 pm

OK, thanks for checking. If you aren’t getting reports of the same thing from other users, then it must be a special case, and it isn’t worth spending time diagnosing.

utilika

Posts: 11

Joined: Sat Apr 15, 2017 8:44 pm

by pds » Sat Apr 21, 2018 4:16 pm

Dear Sonic.net folks,

I have noticed that ssh-agent forwarding, which is allowed on bolt.sonic.net, is explicitly disabled on sh.sonic.net (see line 58 of /etc/ssh/sshd_config on sh.sonic.net). Can someone explain to me why this feature is disabled? According to the man page for sshd_config disabling it adds no security value, but it does force me to type an extra password when logging into my home gateway.

Yours,
-Peter

pds

Posts: 1

Joined: Sat Apr 21, 2018 4:09 pm

by marcus2 » Sat Apr 21, 2018 6:37 pm

I have a few questions on how the new shell server is working with the existing web server.

1. Is the http server serving the web pages on a different machine than the new shell server?
2. I ask this because when I generate dbm dictionaries in my Perl scripts on the new shell server, they can't be read by the web server. I think there must be a version mismatch.
3. Also, how about ssl.sonic.net? Is that yet another server, different from the standard web server and the new shell server?
4. Once bolt goes away, how are we suppose to generate executables or dbm index files that will be compatible with the web server and ssl.sonic.net?

Thanks,
Marcus

marcus2

by scott » Sat Apr 21, 2018 7:10 pm

pds wrote:Dear Sonic.net folks,

I have noticed that ssh-agent forwarding, which is allowed on bolt.sonic.net, is explicitly disabled on sh.sonic.net (see line 58 of /etc/ssh/sshd_config on sh.sonic.net). Can someone explain to me why this feature is disabled? According to the man page for sshd_config disabling it adds no security value, but it does force me to type an extra password when logging into my home gateway.

Yours,
-Peter

Hi Peter,

I had it turned off, thinking it put the auth socket in ~ (which won't work) -- but indeed, the auth sockets go into /tmp, so there's no reason not to have it on.

Strongly discouraged to do this, though, because if heaven forbid someone gets access to your account, they can use your key without your knowledge.

-Scott

: scott

Posts: 298

Joined: Wed May 18, 2011 6:07 am

Location: Santa Rosa, CA, US

by casner » Sat Apr 21, 2018 7:26 pm

scott wrote:
pds wrote:Dear Sonic.net folks,

I have noticed that ssh-agent forwarding, which is allowed on bolt.sonic.net, is explicitly disabled on sh.sonic.net (see line 58 of /etc/ssh/sshd_config on sh.sonic.net). Can someone explain to me why this feature is disabled? According to the man page for sshd_config disabling it adds no security value, but it does force me to type an extra password when logging into my home gateway.

Yours,
-Peter
Hi Peter,

I had it turned off, thinking it put the auth socket in ~ (which won't work) -- but indeed, the auth sockets go into /tmp, so there's no reason not to have it on.

Strongly discouraged to do this, though, because if heaven forbid someone gets access to your account, they can use your key without your knowledge.

-Scott

Coincidentally, I was also just now testing agent forwarding and finding that it didn't work. So I looked at /etc/ssh/sshd_config and saw that the configuration allows it for group 'user', so I guess you edited it back to allowed? But maybe didn't restart the server / reload the config?

I don't understand your concern about using my key without my knowledge. The whole point of agent forwarding is that my key is not present on sh.sonic.net.

--Steve

casner

Posts: 38

Joined: Sun Oct 20, 2013 10:29 am

by chongo » Sun Apr 22, 2018 3:19 am

Hello,

Where is the public_cgi directory? On oldshell my cgi as located in /usr/local/lib/httpd/cgi-bin/chongo. Where is is now?

Where are the logs? On oldshell my logs were located under /var/log/httpd/chongo/isthe.com. Where are they now?

chongo (Landon Curt Noll) /\oo/\

chongo

Posts: 23

Joined: Fri Nov 29, 2013 8:43 pm

by mediaeng » Sun Apr 22, 2018 9:03 am

For web logs, see the

Code: Select all