Back to Home / #linode / 2019 / 03 / Prev Day | Next Day
#linode IRC Logs for 2019-03-30

---Logopened Sat Mar 30 00:00:34 2019
00:20-!-NomadJim_ [~Jim@2001:5b0:2d1f:5ab8:905a:ab94:4a19:ec70] has joined #linode
00:20-!-NomadJim_ is "Nomad" on #linode
00:20-!-NomadJim [~Jim@2001:5b0:2d1f:5ab8:19e8:7508:9640:cfdf] has quit [Read error: Connection reset by peer]
03:50<linbot>New news from community: SQL ERROR <https://www.linode.com/community/questions/18005>
04:10-!-blaboon [~blaboon@00026ecf.user.oftc.net] has quit [Quit: Bye o/]
04:11-!-blaboon [~blaboon@00026ecf.user.oftc.net] has joined #linode
04:11-!-blaboon is "Bradley LaBoon" on #linode
04:11-!-mode/#linode [+o blaboon] by ChanServ
05:01-!-Diangoa [~Dianoga@c-68-46-39-87.hsd1.mn.comcast.net] has quit [Quit: The Lounge - https://thelounge.chat]
05:03-!-Diangoa [~Dianoga@c-68-46-39-87.hsd1.mn.comcast.net] has joined #linode
05:03-!-Diangoa is "Brian" on #linode
05:58-!-sikaa [~oftc-webi@2a03:8000:ce1:2c00:1d0b:ca1c:2e2d:1784] has joined #linode
05:58-!-sikaa is "OFTC WebIRC Client" on #linode
06:00<sikaa>hello, how to connect too nanode 1gb with a web browser
06:01<sikaa>i try my https://myip:8443
06:06-!-sikaa [~oftc-webi@2a03:8000:ce1:2c00:1d0b:ca1c:2e2d:1784] has quit [Remote host closed the connection]
06:43-!-thiras [~thiras@195.174.215.70] has joined #linode
06:43-!-thiras is "Ant" on #debian #linode #tami
08:39-!-spiki [~spiki@0001014f.user.oftc.net] has joined #linode
08:39-!-spiki is "Nenad Spirkoski" on #linode
08:46-!-The-spiki [~spiki@0001014f.user.oftc.net] has quit [Ping timeout: 480 seconds]
10:11-!-V-Pariah [~viciouspa@c-24-61-207-78.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer]
10:35-!-Daedolon [~na@87-92-85-210.bb.dnainternet.fi] has joined #linode
10:35-!-Daedolon is "Daedolon" on #linode
10:35-!-Daedolon [~na@87-92-85-210.bb.dnainternet.fi] has quit []
11:01<linbot>New news from community: I received a DMCA notice, what should I do? <https://www.linode.com/community/questions/18006>
11:14<DrJ>ignore it
11:15<DrJ>:)
11:25-!-VladGh [~VladGh@104-177-220-170.lightspeed.nworla.sbcglobal.net] has quit [Remote host closed the connection]
11:30-!-VladGh [~VladGh@104-177-220-170.lightspeed.nworla.sbcglobal.net] has joined #linode
11:30-!-VladGh is "Vlad" on #linode
11:31<linbot>New news from community: Change payment method/card for a single linode <https://www.linode.com/community/questions/18007>
11:41-!-bobby [~oftc-webi@107-190-62-156.cpe.teksavvy.com] has joined #linode
11:41-!-bobby is "OFTC WebIRC Client" on #linode
11:42<bobby>for some reason ngin is running on port 80 and 8080 instead of just 8080?
11:44<Peng>Check the "listen" directives in your configuration.
11:49-!-samstreuli is now known as streuli
11:59-!-thiras [~thiras@195.174.215.70] has quit [Ping timeout: 480 seconds]
12:00<bobby>iu believed i changed the params to port 80?
12:06<bobby>is this what u mean
12:22<bobby>peeng??
12:26<bobby>MY NGINX.CONF IS SET TO 8080
12:27<Peng>If Nginx is listening on 80 and 8080, it must be set that way.
12:27<Peng>"nginx -T" can display the entire configuration,.
12:27<Peng>If Nginx isn't actually listening on both ports, there could be a different factor, like port forwarding.
12:29<bobby>https://bpaste.net/show/24ece0d68d95
12:29<bobby>]this is the output of nginx -T
12:31<Zr40>that paste contains "listen 80" more than once
12:32<millisa>and a redirect to example.com
12:34<bobby>i changed both those to display 8080 now
12:34<bobby>still same
12:34<bobby>varnish wont start because nginx is still on 80
12:34<Zr40>then you probably forgot one
12:34<millisa>there were 3
12:35-!-copart [~copart@00027003.user.oftc.net] has quit [Quit: WeeChat 2.2]
12:38<bobby>i fixed the example.com
12:39<bobby>https://bpaste.net/show/c908435fd857
12:45<bobby>any ideas
12:45<millisa>about what?
12:46<bobby>why its running on both 80 and 8080
12:46<bobby>nginx
12:46<millisa>did you reload nginx?
12:46<bobby>trying to enable varnish but it cannot start until nginx is ONLY on 8080
12:46<bobby>i restarted it
12:46<millisa>what is the output of netstat -tulpn|grep 80
12:46<millisa>or the 'ss' equivalent...
12:47<bobby>https://bpaste.net/show/b2b3733767ce
12:47<Peng>Are there any server blocks with no listen directives at all
12:47<Peng>or any server blocks with "listen 80"
12:48<bobby>nope the nginx -T
12:48<bobby>shows no 80 port alone
12:48<bobby>all 8080
12:48<bobby>mmm my default one which is a redirect
12:48<bobby>had no listen
12:48<bobby>but i added it
12:49<chonk>what's in /etc/nginx/conf.d/
12:49<bobby>default.conf
12:49<bobby>redirect.conf
12:50<bobby>dungeon.primitiv.media.conf
12:50<chonk>what does default.conf and redirect.conf have
12:50<bobby>primitiv.media.conf
12:50<bobby>redirect has no listen
12:50<bobby>should I add?
12:50<chonk>oh this paste is nginx -T
12:50<Peng>You said you added it already
12:51<bobby>WOIOO
12:51<bobby>i think that did it
12:51<bobby>i added it to the default.conf
12:51<bobby>redirdct.conf now has 8080
12:52<bobby>vaernish is now started xD
12:52<bobby>my man
12:52<bobby>\gracias for all the help
12:55<millisa>!point Peng
12:55<linbot>millisa: Point given to peng. (33) (Biggest fan: mcintosh, total: 8)
12:57<bobby>so by default it goes to 80 if thers nothing specified
12:57<bobby>is there a way to change the default?
13:05<bobby>also i need help chosing the best sftp method for my server
13:06<bobby>i want to easily be able to chroot users to the same folders as wel las unique ones.
13:06<bobby>well**
13:06<bobby>vsftpd?
13:12<linbot>New news from community: How can I establish good IP reputation? <https://www.linode.com/community/questions/18008>
13:32<linbot>New news from community: I am a frequent target for inbound DoS attacks, what can I do to stop them? <https://www.linode.com/community/questions/18009>
13:40-!-bobby [~oftc-webi@107-190-62-156.cpe.teksavvy.com] has quit [Remote host closed the connection]
13:49<gparent>say please and thanks when sending and receiving email for best IP reputation upkeep
13:50<gparent>Just remember, it takes one junk mail to destroy years of good behavior
14:15-!-Confusedschmuck [~oftc-webi@74-94-43-181-Philadelphia.hfc.comcastbusiness.net] has joined #linode
14:15-!-Confusedschmuck is "OFTC WebIRC Client" on #linode
14:16<Confusedschmuck>Hello, all. I set up a Linux VM and it keeps asking me for a password upon logging in. I've tried the password I used to setup the server at the start and the password I use log into my linode profile and it won't accept either? Any ideas?
14:16<csnxs>are you logging in as root?
14:17<Confusedschmuck>Good question! Let me check.
14:18<Confusedschmuck>So I'm using PuTTY and I enter my IP and click Open to boot up the VM. I've also tried accessing it via the Launch Console function on the Linode Manager.
14:18<Confusedschmuck>On the Launch Console...
14:19<Confusedschmuck>It displays localhost login:
14:20<csnxs>yes, that is where you enter the username
14:20<csnxs>which would be root if you haven't added any other accounts to the linode yet
14:20<Confusedschmuck>Ah okay
14:20<Confusedschmuck>That worked! Thank you!
14:21<Confusedschmuck>Thanks for taking the time to answer my question. Have a good weekend!
14:21-!-Confusedschmuck [~oftc-webi@74-94-43-181-Philadelphia.hfc.comcastbusiness.net] has quit [Quit: Page closed]
14:21<csnxs>dont tell me what to do :<
14:22<linbot>New news from community: Whats the out speed of a Node Balancer? <https://www.linode.com/community/questions/18010>
14:38-!-noob [~oftc-webi@103.217.156.223] has joined #linode
14:38-!-noob is "OFTC WebIRC Client" on #linode
14:38<noob>hello
14:38-!-noob is now known as Guest4573
14:40<Guest4573>hmm no one did't avaliable ?
14:46<Guest4573>hello
14:49-!-Edgeman [~edgeman@dhcp-108-168-2-182.cable.user.start.ca] has quit [Read error: Connection reset by peer]
14:49-!-Ikaros [ikaros@IkarosBD.dlls.tx.Eris.bdikaros-network.net] has quit [Read error: Connection reset by peer]
14:49-!-Edgeman [~edgeman@dhcp-108-168-2-182.cable.user.start.ca] has joined #linode
14:49-!-Edgeman is "Edgeman" on #linode
14:51-!-Ikaros [ikaros@IkarosBD.dlls.tx.Eris.bdikaros-network.net] has joined #linode
14:51-!-Ikaros is "Ikaros" on #linode
14:55-!-bobby [~oftc-webi@107-190-62-156.cpe.teksavvy.com] has joined #linode
14:55-!-bobby is "OFTC WebIRC Client" on #linode
14:56<bobby>wre does phpmyadmin log error files
14:58<Guest4573>so many ppl joined ! but no one did't active .. lOL
15:04-!-bobby [~oftc-webi@107-190-62-156.cpe.teksavvy.com] has quit [Quit: Page closed]
15:05-!-gilberto [~oftc-webi@209.198.40.127] has joined #linode
15:05-!-gilberto is "OFTC WebIRC Client" on #linode
15:06<gilberto>Do you still have annual discounts ?
15:06<Peng>They stop April 1.
15:06<Peng>So um.
15:07-!-gilberto [~oftc-webi@209.198.40.127] has quit []
15:25<gparent>lmao
15:26<gparent>you could have the next 28 hours and a half 15% off!
15:27<Guest4573>hello anyone avaliable ?
15:27<Guest4573>anyone know about backup retention ?
15:27<@mtjones>I can help!
15:27<Guest4573>hi mtjones ! can i come to private chat ?
15:27<@mtjones>Sure.
15:31<Guest4573>i'm already query to you mtjones
15:32<@mtjones>Guest4573: I've just replied!
15:44-!-Guest4573 [~oftc-webi@103.217.156.223] has quit [Quit: Page closed]
15:49-!-bobby [~oftc-webi@107-190-62-156.cpe.teksavvy.com] has joined #linode
15:49-!-bobby is "OFTC WebIRC Client" on #linode
15:49<bobby>Disconnected: No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)
15:49<bobby>when i try to use vsftpd?
15:59<@mtjones>That likely means that the publickey doesn't match or isn't able to be found on one end or the other.
16:07<bobby>Network error: Software caused connection abort
16:07<bobby>i keep gwtting this now
16:08<bobby>fatal: bad ownership or modes for chroot directory component "/var/www/websites/" [postauth]
16:08<bobby>im not sure what is wronmg though
16:16-!-V-Pariah [viciouspar@c-24-61-207-78.hsd1.ma.comcast.net] has joined #linode
16:16-!-V-Pariah is "Vicious Pariah" on #linode
16:20<bobby>fatal: bad ownership or modes for chroot directory "/var/www/websites/ddlures" [postauth]
16:44-!-bobby [~oftc-webi@107-190-62-156.cpe.teksavvy.com] has quit [Quit: Page closed]
16:59-!-montigny34 [~oftc-webi@107-190-62-156.cpe.teksavvy.com] has joined #linode
16:59-!-montigny34 is "OFTC WebIRC Client" on #linode
16:59<montigny34>how do i transfer files from my PC to my linode?
16:59<montigny34>vsftpd isn't working atm
16:59<millisa>https://www.linode.com/docs/tools-reference/file-transfer/
17:00<montigny34>i cannot login via sftp
17:01<dwfreed>because SSHd enforces that the chroot directory not be owned by the user being forced to chroot into it
17:01<dwfreed>and that user also cannot have write access to that directory
17:01<montigny34> i have /var/www/websites/ddlures/public_html
17:02<montigny34>public_html would be the home directory of user ddlures
17:02<dwfreed>the chroot directory should not be that directory, then
17:02<dwfreed>because they're going to need to be able to write to it
17:03<montigny34>it should be ddlures?
17:03<dwfreed>also public_html shouldn't be their home directory either, because that is where sshd will look for their authorized_keys file
17:03<montigny34>okay so ddlures is the home directory
17:03<montigny34>?
17:04<dwfreed>chrooting them into /var/www/websites and using /var/www/websites/ddlures as their home dir would probably be the best solution
17:04<montigny34>so chown root /var/www/websites
17:05<dwfreed>yes
17:05<montigny34>chown USER:SFTP /var/www/websites/ddlures
17:07<montigny34> sshd[19658]: fatal: bad ownership or modes for chroot directory "/var/www/websites/ddlures" [postauth]
17:07<dzho>try lower case
17:07<montigny34>i did i put ddlures:sftp
17:08<dwfreed>you did not change the chroot directory in your sshd config
17:08<dwfreed>or if you did, you didn't restart sshd
17:08<montigny34>ChrootDirectory %h
17:08<montigny34>hat would eplain iyt
17:08<montigny34>explain t
17:08<montigny34>one second
17:09<montigny34>?
17:10<montigny34>ChrootDirectory /var/www/websites/%h
17:10<montigny34>this doesnt work
17:10<montigny34>but i believe is the issue
17:10<dwfreed>don't include the %h
17:10<dwfreed>ChrootDirectory /var/www/websites
17:11<montigny34>ok now i get permission denied?
17:11<montigny34>when i did that
17:13<dwfreed>look at /var/log/auth.log
17:13<montigny34>it goes to secue for whatevrr reason
17:13<montigny34>secure**
17:14<montigny34>151 sshd[19744]: fatal: bad ownership or modes for chroot directory "/var/www/websites/ddlures" [postauth]
17:15<dwfreed>ah, you have centos
17:15<dwfreed>if that's the most recent line, then you need to restart sshd
17:15<dwfreed>service sshd restart
17:16<montigny34>systemctl restart sshd
17:16<montigny34>aslready did
17:16<dwfreed>pastebin your /etc/ssh/sshd_config ?
17:16<dwfreed>!p
17:16<linbot>Please paste longer snippets over at https://bpaste.net/ and not in the channel
17:16<dwfreed>or, more easily
17:16<dwfreed>!sprunge
17:16<linbot><command> | curl -F 'sprunge=<-' http://sprunge.us
17:16<dwfreed>(in this case, command would be: cat /etc/ssh/sshd_config
17:18<montigny34>Unable to open .: permission denied
17:18<montigny34>filezilla says this
17:18<montigny34>logs seem to indicate that it connects fine
17:18<dwfreed>you need to make sure that /var/www/websites/ddlures is owned by ddlures
17:18<montigny34>https://bpaste.net/show/b7106b878b57
17:19<montigny34>yup shows ddlures sftp
17:20<dwfreed>pastebin the output of 'namei -l /var/www/websites/ddlures/public_html'
17:21<montigny34>https://bpaste.net/show/c6465f6a83fe
17:21<dwfreed>/var/www/websites needs to be chmod o+x
17:21<dwfreed>at the very least
17:22<dwfreed>also, sftp group doesn't need write access to /var/www/websites/ddlures
17:22<montigny34>ok done
17:22<dwfreed>filezilla should work now
17:23<montigny34>i added o+x
17:23<montigny34>still same
17:24<dwfreed>new output of the namei command I gave?
17:25<montigny34>https://bpaste.net/show/8163891bc9fa'
17:26<dwfreed>how about 'getent passwd ddlures'
17:26<montigny34>ddlures:x:1001:1001::/var/www/websites/ddlures:/sbin/nologin
17:27<millisa>drwxr-x--x root nginx websites <---
17:27<dwfreed>millisa: that's technically fine
17:27<dwfreed>but adding o+r wouldn't hurt
17:28<montigny34>!point millisa
17:28<linbot>montigny34: Point given to millisa. (79)
17:28<montigny34>that did it
17:28<montigny34>!point dwfreed
17:28<linbot>montigny34: Point given to dwfreed. (73) (Biggest fan: mcintosh, total: 17)
17:28<montigny34>thank you both
17:28<montigny34>now this user sees all of /websites
17:29<montigny34>not ddlures
17:30<dwfreed>that's weird
17:31<montigny34>i think its because irwemove %h
17:31<dwfreed>no, that part is fine
17:32<montigny34>you're right
17:32<montigny34>mmm
17:37<montigny34>any ideas?
17:37<montigny34>i think I nmeed the %h that specifies to keep them in their home directory
17:37<montigny34>no??
17:38<dwfreed>that has its own challenges
17:38<dwfreed>because as noted, they can't have write access to the ChrootDirectory, so if they needed to create new files in their home directory, they'd have to ask you to do it
17:39<montigny34>i did it on my other server and ketp %h
17:39<montigny34>kept %h
17:40<montigny34>followed the same tut
17:40<montigny34>but its not working now
17:40<montigny34>ForceCommand internal-sftp -u 002 i had added this on my original server
17:43<dwfreed>the -u 002 just changes the umask
17:43<montigny34>ahh
17:44<montigny34>just gotta figure out why theire not chrooted nowe
17:44<montigny34>chrooted **
17:44<dwfreed>(which is actually not what you want, in most cases, especially if the user's main group is sftp)
17:47-!-wcpan [~quassel@2400:8902::f03c:91ff:fee0:f952] has quit [Remote host closed the connection]
17:47-!-wcpan [~quassel@2400:8902::f03c:91ff:fee0:f952] has joined #linode
17:47-!-wcpan is "wcpan" on #dot #linode
17:47<montigny34>any thoughts on the chrooting not working
17:50<millisa>pastebin your sshd_config
17:51<montigny34>https://bpaste.net/show/a884008eb61d
17:56<montigny34>AddressFamily inet is that there by default?
17:57<dwfreed>it's irrelevant
17:57<dwfreed>(it does probably disable sshd listening on IPv6, but that is irrelevant to the current situation)
18:05<montigny34>anything weird in my config?
18:16<montigny34>im unable to figure it out even after looking over every file
18:16<montigny34>why doesnt putting %h work?
18:16<montigny34>i believe this is the cuprit no?
18:20<dwfreed>if you put %h, then the home directory can't be owned by the user, nor can they be allowed to write to it
18:21<dwfreed>as mentioned above, if they later need to create files in their home directory, they would have to ask you to do it
18:21<dwfreed>if you're okay with that, then use %h
18:21<dwfreed>and then chown root /var/www/websites/ddlures
18:24<montigny34>okay so how do i acbhieve what I weant
18:24<montigny34>my other serrver has %h and it works fine for writting?
18:26<millisa>This might be closer to what you want: https://vomitb.in/SdBJ0eNvOH
18:26<millisa>it's got the caveat that the user can't make things in their homedir that dwfreed was talking about.
18:27<millisa>er, that had some extra lines. https://vomitb.in/EQgYpNBJYS has the extra /etc/passwd section removed
18:34<montigny34>why is ./sshz there?
18:34<millisa>because the user can't create .ssh themselves in that setup, but if you create it for them, they can put their authorized_keys file in there to do key based auth
18:35<millisa>just make sure .ssh is owned by the user:user and is 700.
18:41<montigny34>they are only ujsing passwords
18:41<montigny34>using**
18:41<montigny34>if i make root root nginx cant server anhything in websites
18:42<montigny34>so root nginx websites is OK?
18:47<montigny34>:millisa essentially %u is the only thing missing inm y curremnt setup?
18:48<millisa> %h should be the same as /var/www/websites/%u in your setup
18:49<montigny34>both are the same or equal the same?
19:04<dwfreed>the end result is the same
19:05<montigny34>!point millisa
19:05<linbot>montigny34: Point given to millisa. (80)
19:05<montigny34>thank you that worked!
19:06<montigny34>now say I wanted a superuser that has access to all websites?
19:06<millisa>would you call it 'rute'?
19:07<montigny34>my user?
19:08<millisa>rewt then
19:10<montigny34>im lost
19:10<dwfreed>millisa is joking around
19:10<dwfreed>root already exists, and would have access to everything
19:15<montigny34>how would i redirect www to non www ?
19:17<millisa>i could swear your nginx config from yesterday had one of those already
19:21<montigny34>yes but do i just add another line
19:22<montigny34>https://bpaste.net/show/f5403e50d6fa
19:22<montigny34>does this work
19:22<montigny34>rredirect.conf
19:22<millisa>something like this: https://vomitb.in/nrUHzdLosb is how I do it
19:22<millisa>though in some cases I put the 301 in a location block..
19:23<millisa>you can replace $scheme with https if you are going to put them at the ssl site anyways
19:24<millisa>what you had looks like it'd work
19:24<montigny34>ok it worked
19:25<montigny34>i tr yti generate a ssl for ddlures.ca
19:25<montigny34>nginx: [warn] conflicting server name "www.ddlures.ca" on 0.0.0.0:8080, ignored
19:25<montigny34>is what I get before it craps out
19:53<montigny34>Using default addresses 80 and [::]:80 ipv6only=on for authentication.
19:53<montigny34>wnhy does certbot do this
19:53<montigny34>shouyld it not be doing 8080
20:09-!-retro|blah [retrograde@000196da.user.oftc.net] has quit [Quit: Leaving]
20:10-!-tiaoricardo [~oftc-webi@2804:d4b:1c20:1a00:d4c8:b5f9:b04:5a49] has joined #linode
20:10-!-tiaoricardo is "OFTC WebIRC Client" on #linode
20:10-!-retro|blah [retrograde@000196da.user.oftc.net] has joined #linode
20:10-!-retro|blah is "retrograde inversion" on #linode
20:11<tiaoricardo>Hi
20:13<tiaoricardo>I need help
20:13<tiaoricardo>Is anyone here?
20:13<gparent>there's 318 people in here.
20:13<linbot>New news from community: Do I need to run 'alpine-setup' after I first deploy my Alpine Linux Linode? <https://www.linode.com/community/questions/18011>
20:14<tiaoricardo>I'm with problems on MX records to fastmail
20:19-!-tiaoricardo [~oftc-webi@2804:d4b:1c20:1a00:d4c8:b5f9:b04:5a49] has quit [Remote host closed the connection]
20:19<gparent>apparently we need to be a few thouands before we deserve to know the problem
20:19<gparent>thousands*
20:22<montigny34>how would i go about giving user ddlures access to another folder?
20:24<millisa>ugh. 95+ steal... https://vomitb.in/k1pukCb73Y
20:26<millisa>and good job linode. already got a message in the manager. "An issue affecting the physical host this Linode resides on has been detected." saved a ticket.
20:26<millisa>montigny34: bind mounts are the most convenient for me when doing chrooted setups.
20:27<montigny34>care to explain the procedure?
20:27<millisa>interestingly, the manager claims that the linode is 'stopped'.. but I'm shelled in.
20:27<montigny34>I ttied looking it up before but always get mixed up when attempting
20:27<montigny34>so i have inside websites "primitiv"
20:27<montigny34>i want to give ddlures access to both ddlures and primitiv
20:27<montigny34>i need to bind mount primitiv inside ddlures?
20:29<millisa>and give appropriate permissions
20:30<montigny34>mount --bind /var/www/websites/primitiv /var/www/websites/ddlures i ran this
20:30<millisa>that's probably not what you want
20:30<montigny34>nope
20:30<montigny34>it sorta works
20:31<montigny34>brought me straight into publix_html of primitiv
20:31<montigny34>also how do i umount what i just did
20:32<millisa>umount /what/you/want/to/umount
20:32<montigny34>it keeeps saying no mounted
20:32<millisa>the mount command by itself should show you what is mounted
20:33<montigny34>it doesnt show it mounted
20:34<montigny34>but my ftp whas both folders now
20:35<millisa>!point rmoyer
20:35<linbot>millisa: Point given to rmoyer. (1)
20:35<montigny34>crap idk how to undo it
20:36<millisa>if you can't find it in your mounts and dont' know how to unmount it, you can reboot.
20:36<millisa>but chances are if it's mounted, it'll show
20:36<montigny34>mount shows when i run the cmd again
20:36<montigny34>then umoiunt works
20:36<montigny34>but the folder ptimitiv is still linked to ddlures somehow
20:36<montigny34>so lemme reboot
20:39<montigny34>ui cant login anymore
20:40-!-The-spiki [~spiki@0001014f.user.oftc.net] has joined #linode
20:40-!-The-spiki is "Nenad Spirkoski" on #linode
20:42<montigny34>yea now i cant putty into my server anymore
20:42<millisa>why not?
20:42<montigny34>after i enter passphrase it closes putty
20:42<millisa>are you logging in with root?
20:42<montigny34>lish comsole bugs out when looking at /var/log/secure
20:43<millisa>what do you mean by 'bugs out'
20:44<montigny34>freezes chrome
20:44<montigny34>need to kill pages
20:44<montigny34>i enter wrong passphrase it rtells me
20:44<montigny34>i enter the right one, it closes putty wtf
20:44<millisa>are you logging in as root?
20:45<montigny34>disabled root over ssh
20:45<millisa>lish is not ssh
20:45<montigny34>im looged in as rootnow
20:45<montigny34>but i cant check error logs
20:45<montigny34>via lish
20:45<millisa>why not
20:45<montigny34>suggestions
20:45<montigny34>lish doesnt allow to scroll
20:46<montigny34>cat /var/log.secure only shows a bit of info
20:46<millisa>tail /var/log/secure would tail the file
20:46-!-spiki [~spiki@0001014f.user.oftc.net] has quit [Ping timeout: 480 seconds]
20:47<millisa>did you put the user you are trying to ssh in with in that sftp group?
20:47<montigny34>im pretty sure'
20:47<millisa>don't do that?
20:48<montigny34>wait no
20:48<montigny34>oh wait
20:48<montigny34>okay i think i did
20:48<montigny34>how do i remove
20:50<montigny34>nope not part of the group
20:50<montigny34>and it still wont work
20:50<millisa>usermod -G "" username - that'd remove the user from all their secondary groups. you'd have to put them back into whatever you want them in
20:51<montigny34>nope still nothing
20:51<montigny34>thats not it
20:52<millisa>restart sshd? (maybe it caches the user match? I don't know if it does)
20:52<millisa>there should be info in /var/log/secure
20:53<montigny34>nope
20:53<millisa>so what is in the secure log when you try
20:53<montigny34>how do i copy paste from lish
20:54<montigny34>https://bpaste.net/show/46878c6c579e'
20:54<montigny34>learnt something new
20:54<montigny34>this is the output
20:55<millisa>you could comment out the match section you put into sshd and see if that lets you back in
20:56<montigny34>OK
20:56<montigny34>that did it
20:57<montigny34>now i obviously cannot login with sftp
20:57<montigny34>thoughts?
20:57<montigny34>i have my key + passphrase needed to login
20:59<dwfreed>sshd will ignore authorized_keys if it isn't owned by the user
21:00<dwfreed>or if others can write to it
21:01<montigny34>so what dp i gotta do so frriechicken can login
21:01<montigny34>friedchicken**
21:02<montigny34>he can login but if i uncomment my match block it wont let me
21:04<montigny34>i dont see why they cant both work
21:07<montigny34>:millisa i got a bigger problem
21:07<montigny34>its like an invisible mount now
21:07<millisa>that's not likely
21:07<montigny34>ok
21:07<montigny34>so
21:07<montigny34>i deleted the folder
21:07<montigny34>its gone in sftp
21:07<montigny34>on ddlures
21:08<montigny34> i created folder from command line inside websites called primitiv
21:08<montigny34>it appeared automatically inside sftp whjen i refresh
21:08<montigny34>i see dllures and primitiv again? how??
21:08<millisa>you see it from a shell?
21:08<montigny34>the folder ?
21:08<millisa>Do you see whatever you think looks odd from the shell?
21:09<montigny34>no i see the folders
21:09<montigny34>ls -lah
21:09<montigny34>returns nothing inside websites or primitiv
21:09<millisa>whatever ls is showing you is true
21:11<montigny34>dso why do i see two folders unless its not chrooted again?
21:11<millisa>Are you asking why your ftp client is showing something odd?
21:15<montigny34>yes but it sdoesnt say primitiv is mounted still
21:15<millisa>Close your sftp client?
21:16<montigny34>now i csant login via sftp
21:16<montigny34>fatal: bad ownership or modes for chroot directory "/var/www/websites/ddlures" [postauth] is what it says again
21:17<millisa>so there isn't an issue with some phantom/ghost mount
21:17<montigny34>idk it was showing 2 now nothing
21:17<montigny34>i can only see what i can see
21:17<millisa>'it'
21:18<millisa>Your sftp client?
21:18<montigny34>OH
21:18<montigny34>the /%u doesnt work now
21:18<montigny34>for some reasson it had gotten emoved
21:18<montigny34>removed**
21:18<montigny34>which is why i seen both
21:18<millisa>yeah, good luck. I think I've had enough non-linear dentistry
21:18<montigny34>so i re-added your fix millisa
21:18<montigny34>%u
21:18<montigny34>but now i get the same error as before
21:22<montigny34>why does %u not work all of a sudden
21:23<Abi12>rtfm
21:26-!-Cruiser [Cruiser@136.33.104.17] has quit []
21:26<montigny34>so close gah
21:28<montigny34>:millisa any idea on what could make /%u stop working?
21:28-!-V-Pariah [viciouspar@c-24-61-207-78.hsd1.ma.comcast.net] has quit [Ping timeout: 480 seconds]
21:30-!-V-Pariah [~viciouspa@c-24-61-207-78.hsd1.ma.comcast.net] has joined #linode
21:30-!-V-Pariah is "Vicious Pariah" on #linode
21:39-!-Cruiser [Cruiser@136.33.104.17] has joined #linode
21:39-!-Cruiser is "Cruiser" on #linode
22:00<montigny34>bad ownership or modes for chroot directory "/var/www/websites/ddlures"
22:28<montigny34>i still cant fix it
22:32<montigny34>cat /etc/group|grep bobby
22:32<montigny34>wehen i run this
22:32<montigny34>i only see bobby
22:32<montigny34>not bobby & sftp?
22:32<gparent>when you run this a kitten dies because you used cat
22:34<montigny34>i know its a stupid mistake
22:51<zifnab>!wx ksea
22:51<linbot>zifnab: [metar] OBS at KSEA: 62.6F/17C, visibility 10 miles, wind 9.21 mph, chill 61.82F (altimeter: 30.29) [KSEA 310153Z 35008KT 10SM FEW045 17/04 A3029 RMK AO2 SLP264 T01670039]
22:51<zifnab>!wx kjfk
22:51<linbot>zifnab: [metar] OBS at KJFK: F/C, visibility 6 miles, wind 14.96 mph, chill -19.37F (altimeter: ) [KJFK 302345Z 3100/0106 17013KT P6SM FEW060 BKN120 WS020/21045KT ]
22:51<zifnab>that's...wrong, that has to be wrong, wtf
22:52<zifnab>yes, that is wrong.
22:53<montigny34>gparent
22:53<montigny34>ill give you $20 if u help me
22:54<montigny34>i wanna go to sleep
22:59<zifnab>!managed
22:59<linbot>https://www.linode.com/managed
23:09-!-montigny34 [~oftc-webi@107-190-62-156.cpe.teksavvy.com] has quit [Remote host closed the connection]
23:41-!-bobby [~oftc-webi@107-190-62-156.cpe.teksavvy.com] has joined #linode
23:41-!-bobby is "OFTC WebIRC Client" on #linode
23:41<bobby>my certbot wont work for new domains
23:41<bobby>(http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization
23:42-!-copart [~copart@00027003.user.oftc.net] has joined #linode
23:42-!-copart is "copart" on #linode
---Logclosed Sun Mar 31 00:00:35 2019