--- | Log | opened Sat Mar 30 00:00:34 2019 |
00:20 | -!- | NomadJim_ [~Jim@2001:5b0:2d1f:5ab8:905a:ab94:4a19:ec70] has joined #linode |
00:20 | -!- | NomadJim_ is "Nomad" on #linode |
00:20 | -!- | NomadJim [~Jim@2001:5b0:2d1f:5ab8:19e8:7508:9640:cfdf] has quit [Read error: Connection reset by peer] |
03:50 | <linbot> | New news from community: SQL ERROR <https://www.linode.com/community/questions/18005> |
04:10 | -!- | blaboon [~blaboon@00026ecf.user.oftc.net] has quit [Quit: Bye o/] |
04:11 | -!- | blaboon [~blaboon@00026ecf.user.oftc.net] has joined #linode |
04:11 | -!- | blaboon is "Bradley LaBoon" on #linode |
04:11 | -!- | mode/#linode [+o blaboon] by ChanServ |
05:01 | -!- | Diangoa [~Dianoga@c-68-46-39-87.hsd1.mn.comcast.net] has quit [Quit: The Lounge - https://thelounge.chat] |
05:03 | -!- | Diangoa [~Dianoga@c-68-46-39-87.hsd1.mn.comcast.net] has joined #linode |
05:03 | -!- | Diangoa is "Brian" on #linode |
05:58 | -!- | sikaa [~oftc-webi@2a03:8000:ce1:2c00:1d0b:ca1c:2e2d:1784] has joined #linode |
05:58 | -!- | sikaa is "OFTC WebIRC Client" on #linode |
06:00 | <sikaa> | hello, how to connect too nanode 1gb with a web browser |
06:01 | <sikaa> | i try my https://myip:8443 |
06:06 | -!- | sikaa [~oftc-webi@2a03:8000:ce1:2c00:1d0b:ca1c:2e2d:1784] has quit [Remote host closed the connection] |
06:43 | -!- | thiras [~thiras@195.174.215.70] has joined #linode |
06:43 | -!- | thiras is "Ant" on #debian #linode #tami |
08:39 | -!- | spiki [~spiki@0001014f.user.oftc.net] has joined #linode |
08:39 | -!- | spiki is "Nenad Spirkoski" on #linode |
08:46 | -!- | The-spiki [~spiki@0001014f.user.oftc.net] has quit [Ping timeout: 480 seconds] |
10:11 | -!- | V-Pariah [~viciouspa@c-24-61-207-78.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] |
10:35 | -!- | Daedolon [~na@87-92-85-210.bb.dnainternet.fi] has joined #linode |
10:35 | -!- | Daedolon is "Daedolon" on #linode |
10:35 | -!- | Daedolon [~na@87-92-85-210.bb.dnainternet.fi] has quit [] |
11:01 | <linbot> | New news from community: I received a DMCA notice, what should I do? <https://www.linode.com/community/questions/18006> |
11:14 | <DrJ> | ignore it |
11:15 | <DrJ> | :) |
11:25 | -!- | VladGh [~VladGh@104-177-220-170.lightspeed.nworla.sbcglobal.net] has quit [Remote host closed the connection] |
11:30 | -!- | VladGh [~VladGh@104-177-220-170.lightspeed.nworla.sbcglobal.net] has joined #linode |
11:30 | -!- | VladGh is "Vlad" on #linode |
11:31 | <linbot> | New news from community: Change payment method/card for a single linode <https://www.linode.com/community/questions/18007> |
11:41 | -!- | bobby [~oftc-webi@107-190-62-156.cpe.teksavvy.com] has joined #linode |
11:41 | -!- | bobby is "OFTC WebIRC Client" on #linode |
11:42 | <bobby> | for some reason ngin is running on port 80 and 8080 instead of just 8080? |
11:44 | <Peng> | Check the "listen" directives in your configuration. |
11:49 | -!- | samstreuli is now known as streuli |
11:59 | -!- | thiras [~thiras@195.174.215.70] has quit [Ping timeout: 480 seconds] |
12:00 | <bobby> | iu believed i changed the params to port 80? |
12:06 | <bobby> | is this what u mean |
12:22 | <bobby> | peeng?? |
12:26 | <bobby> | MY NGINX.CONF IS SET TO 8080 |
12:27 | <Peng> | If Nginx is listening on 80 and 8080, it must be set that way. |
12:27 | <Peng> | "nginx -T" can display the entire configuration,. |
12:27 | <Peng> | If Nginx isn't actually listening on both ports, there could be a different factor, like port forwarding. |
12:29 | <bobby> | https://bpaste.net/show/24ece0d68d95 |
12:29 | <bobby> | ]this is the output of nginx -T |
12:31 | <Zr40> | that paste contains "listen 80" more than once |
12:32 | <millisa> | and a redirect to example.com |
12:34 | <bobby> | i changed both those to display 8080 now |
12:34 | <bobby> | still same |
12:34 | <bobby> | varnish wont start because nginx is still on 80 |
12:34 | <Zr40> | then you probably forgot one |
12:34 | <millisa> | there were 3 |
12:35 | -!- | copart [~copart@00027003.user.oftc.net] has quit [Quit: WeeChat 2.2] |
12:38 | <bobby> | i fixed the example.com |
12:39 | <bobby> | https://bpaste.net/show/c908435fd857 |
12:45 | <bobby> | any ideas |
12:45 | <millisa> | about what? |
12:46 | <bobby> | why its running on both 80 and 8080 |
12:46 | <bobby> | nginx |
12:46 | <millisa> | did you reload nginx? |
12:46 | <bobby> | trying to enable varnish but it cannot start until nginx is ONLY on 8080 |
12:46 | <bobby> | i restarted it |
12:46 | <millisa> | what is the output of netstat -tulpn|grep 80 |
12:46 | <millisa> | or the 'ss' equivalent... |
12:47 | <bobby> | https://bpaste.net/show/b2b3733767ce |
12:47 | <Peng> | Are there any server blocks with no listen directives at all |
12:47 | <Peng> | or any server blocks with "listen 80" |
12:48 | <bobby> | nope the nginx -T |
12:48 | <bobby> | shows no 80 port alone |
12:48 | <bobby> | all 8080 |
12:48 | <bobby> | mmm my default one which is a redirect |
12:48 | <bobby> | had no listen |
12:48 | <bobby> | but i added it |
12:49 | <chonk> | what's in /etc/nginx/conf.d/ |
12:49 | <bobby> | default.conf |
12:49 | <bobby> | redirect.conf |
12:50 | <bobby> | dungeon.primitiv.media.conf |
12:50 | <chonk> | what does default.conf and redirect.conf have |
12:50 | <bobby> | primitiv.media.conf |
12:50 | <bobby> | redirect has no listen |
12:50 | <bobby> | should I add? |
12:50 | <chonk> | oh this paste is nginx -T |
12:50 | <Peng> | You said you added it already |
12:51 | <bobby> | WOIOO |
12:51 | <bobby> | i think that did it |
12:51 | <bobby> | i added it to the default.conf |
12:51 | <bobby> | redirdct.conf now has 8080 |
12:52 | <bobby> | vaernish is now started xD |
12:52 | <bobby> | my man |
12:52 | <bobby> | \gracias for all the help |
12:55 | <millisa> | !point Peng |
12:55 | <linbot> | millisa: Point given to peng. (33) (Biggest fan: mcintosh, total: 8) |
12:57 | <bobby> | so by default it goes to 80 if thers nothing specified |
12:57 | <bobby> | is there a way to change the default? |
13:05 | <bobby> | also i need help chosing the best sftp method for my server |
13:06 | <bobby> | i want to easily be able to chroot users to the same folders as wel las unique ones. |
13:06 | <bobby> | well** |
13:06 | <bobby> | vsftpd? |
13:12 | <linbot> | New news from community: How can I establish good IP reputation? <https://www.linode.com/community/questions/18008> |
13:32 | <linbot> | New news from community: I am a frequent target for inbound DoS attacks, what can I do to stop them? <https://www.linode.com/community/questions/18009> |
13:40 | -!- | bobby [~oftc-webi@107-190-62-156.cpe.teksavvy.com] has quit [Remote host closed the connection] |
13:49 | <gparent> | say please and thanks when sending and receiving email for best IP reputation upkeep |
13:50 | <gparent> | Just remember, it takes one junk mail to destroy years of good behavior |
14:15 | -!- | Confusedschmuck [~oftc-webi@74-94-43-181-Philadelphia.hfc.comcastbusiness.net] has joined #linode |
14:15 | -!- | Confusedschmuck is "OFTC WebIRC Client" on #linode |
14:16 | <Confusedschmuck> | Hello, all. I set up a Linux VM and it keeps asking me for a password upon logging in. I've tried the password I used to setup the server at the start and the password I use log into my linode profile and it won't accept either? Any ideas? |
14:16 | <csnxs> | are you logging in as root? |
14:17 | <Confusedschmuck> | Good question! Let me check. |
14:18 | <Confusedschmuck> | So I'm using PuTTY and I enter my IP and click Open to boot up the VM. I've also tried accessing it via the Launch Console function on the Linode Manager. |
14:18 | <Confusedschmuck> | On the Launch Console... |
14:19 | <Confusedschmuck> | It displays localhost login: |
14:20 | <csnxs> | yes, that is where you enter the username |
14:20 | <csnxs> | which would be root if you haven't added any other accounts to the linode yet |
14:20 | <Confusedschmuck> | Ah okay |
14:20 | <Confusedschmuck> | That worked! Thank you! |
14:21 | <Confusedschmuck> | Thanks for taking the time to answer my question. Have a good weekend! |
14:21 | -!- | Confusedschmuck [~oftc-webi@74-94-43-181-Philadelphia.hfc.comcastbusiness.net] has quit [Quit: Page closed] |
14:21 | <csnxs> | dont tell me what to do :< |
14:22 | <linbot> | New news from community: Whats the out speed of a Node Balancer? <https://www.linode.com/community/questions/18010> |
14:38 | -!- | noob [~oftc-webi@103.217.156.223] has joined #linode |
14:38 | -!- | noob is "OFTC WebIRC Client" on #linode |
14:38 | <noob> | hello |
14:38 | -!- | noob is now known as Guest4573 |
14:40 | <Guest4573> | hmm no one did't avaliable ? |
14:46 | <Guest4573> | hello |
14:49 | -!- | Edgeman [~edgeman@dhcp-108-168-2-182.cable.user.start.ca] has quit [Read error: Connection reset by peer] |
14:49 | -!- | Ikaros [ikaros@IkarosBD.dlls.tx.Eris.bdikaros-network.net] has quit [Read error: Connection reset by peer] |
14:49 | -!- | Edgeman [~edgeman@dhcp-108-168-2-182.cable.user.start.ca] has joined #linode |
14:49 | -!- | Edgeman is "Edgeman" on #linode |
14:51 | -!- | Ikaros [ikaros@IkarosBD.dlls.tx.Eris.bdikaros-network.net] has joined #linode |
14:51 | -!- | Ikaros is "Ikaros" on #linode |
14:55 | -!- | bobby [~oftc-webi@107-190-62-156.cpe.teksavvy.com] has joined #linode |
14:55 | -!- | bobby is "OFTC WebIRC Client" on #linode |
14:56 | <bobby> | wre does phpmyadmin log error files |
14:58 | <Guest4573> | so many ppl joined ! but no one did't active .. lOL |
15:04 | -!- | bobby [~oftc-webi@107-190-62-156.cpe.teksavvy.com] has quit [Quit: Page closed] |
15:05 | -!- | gilberto [~oftc-webi@209.198.40.127] has joined #linode |
15:05 | -!- | gilberto is "OFTC WebIRC Client" on #linode |
15:06 | <gilberto> | Do you still have annual discounts ? |
15:06 | <Peng> | They stop April 1. |
15:06 | <Peng> | So um. |
15:07 | -!- | gilberto [~oftc-webi@209.198.40.127] has quit [] |
15:25 | <gparent> | lmao |
15:26 | <gparent> | you could have the next 28 hours and a half 15% off! |
15:27 | <Guest4573> | hello anyone avaliable ? |
15:27 | <Guest4573> | anyone know about backup retention ? |
15:27 | <@mtjones> | I can help! |
15:27 | <Guest4573> | hi mtjones ! can i come to private chat ? |
15:27 | <@mtjones> | Sure. |
15:31 | <Guest4573> | i'm already query to you mtjones |
15:32 | <@mtjones> | Guest4573: I've just replied! |
15:44 | -!- | Guest4573 [~oftc-webi@103.217.156.223] has quit [Quit: Page closed] |
15:49 | -!- | bobby [~oftc-webi@107-190-62-156.cpe.teksavvy.com] has joined #linode |
15:49 | -!- | bobby is "OFTC WebIRC Client" on #linode |
15:49 | <bobby> | Disconnected: No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic) |
15:49 | <bobby> | when i try to use vsftpd? |
15:59 | <@mtjones> | That likely means that the publickey doesn't match or isn't able to be found on one end or the other. |
16:07 | <bobby> | Network error: Software caused connection abort |
16:07 | <bobby> | i keep gwtting this now |
16:08 | <bobby> | fatal: bad ownership or modes for chroot directory component "/var/www/websites/" [postauth] |
16:08 | <bobby> | im not sure what is wronmg though |
16:16 | -!- | V-Pariah [viciouspar@c-24-61-207-78.hsd1.ma.comcast.net] has joined #linode |
16:16 | -!- | V-Pariah is "Vicious Pariah" on #linode |
16:20 | <bobby> | fatal: bad ownership or modes for chroot directory "/var/www/websites/ddlures" [postauth] |
16:44 | -!- | bobby [~oftc-webi@107-190-62-156.cpe.teksavvy.com] has quit [Quit: Page closed] |
16:59 | -!- | montigny34 [~oftc-webi@107-190-62-156.cpe.teksavvy.com] has joined #linode |
16:59 | -!- | montigny34 is "OFTC WebIRC Client" on #linode |
16:59 | <montigny34> | how do i transfer files from my PC to my linode? |
16:59 | <montigny34> | vsftpd isn't working atm |
16:59 | <millisa> | https://www.linode.com/docs/tools-reference/file-transfer/ |
17:00 | <montigny34> | i cannot login via sftp |
17:01 | <dwfreed> | because SSHd enforces that the chroot directory not be owned by the user being forced to chroot into it |
17:01 | <dwfreed> | and that user also cannot have write access to that directory |
17:01 | <montigny34> | i have /var/www/websites/ddlures/public_html |
17:02 | <montigny34> | public_html would be the home directory of user ddlures |
17:02 | <dwfreed> | the chroot directory should not be that directory, then |
17:02 | <dwfreed> | because they're going to need to be able to write to it |
17:03 | <montigny34> | it should be ddlures? |
17:03 | <dwfreed> | also public_html shouldn't be their home directory either, because that is where sshd will look for their authorized_keys file |
17:03 | <montigny34> | okay so ddlures is the home directory |
17:03 | <montigny34> | ? |
17:04 | <dwfreed> | chrooting them into /var/www/websites and using /var/www/websites/ddlures as their home dir would probably be the best solution |
17:04 | <montigny34> | so chown root /var/www/websites |
17:05 | <dwfreed> | yes |
17:05 | <montigny34> | chown USER:SFTP /var/www/websites/ddlures |
17:07 | <montigny34> | sshd[19658]: fatal: bad ownership or modes for chroot directory "/var/www/websites/ddlures" [postauth] |
17:07 | <dzho> | try lower case |
17:07 | <montigny34> | i did i put ddlures:sftp |
17:08 | <dwfreed> | you did not change the chroot directory in your sshd config |
17:08 | <dwfreed> | or if you did, you didn't restart sshd |
17:08 | <montigny34> | ChrootDirectory %h |
17:08 | <montigny34> | hat would eplain iyt |
17:08 | <montigny34> | explain t |
17:08 | <montigny34> | one second |
17:09 | <montigny34> | ? |
17:10 | <montigny34> | ChrootDirectory /var/www/websites/%h |
17:10 | <montigny34> | this doesnt work |
17:10 | <montigny34> | but i believe is the issue |
17:10 | <dwfreed> | don't include the %h |
17:10 | <dwfreed> | ChrootDirectory /var/www/websites |
17:11 | <montigny34> | ok now i get permission denied? |
17:11 | <montigny34> | when i did that |
17:13 | <dwfreed> | look at /var/log/auth.log |
17:13 | <montigny34> | it goes to secue for whatevrr reason |
17:13 | <montigny34> | secure** |
17:14 | <montigny34> | 151 sshd[19744]: fatal: bad ownership or modes for chroot directory "/var/www/websites/ddlures" [postauth] |
17:15 | <dwfreed> | ah, you have centos |
17:15 | <dwfreed> | if that's the most recent line, then you need to restart sshd |
17:15 | <dwfreed> | service sshd restart |
17:16 | <montigny34> | systemctl restart sshd |
17:16 | <montigny34> | aslready did |
17:16 | <dwfreed> | pastebin your /etc/ssh/sshd_config ? |
17:16 | <dwfreed> | !p |
17:16 | <linbot> | Please paste longer snippets over at https://bpaste.net/ and not in the channel |
17:16 | <dwfreed> | or, more easily |
17:16 | <dwfreed> | !sprunge |
17:16 | <linbot> | <command> | curl -F 'sprunge=<-' http://sprunge.us |
17:16 | <dwfreed> | (in this case, command would be: cat /etc/ssh/sshd_config |
17:18 | <montigny34> | Unable to open .: permission denied |
17:18 | <montigny34> | filezilla says this |
17:18 | <montigny34> | logs seem to indicate that it connects fine |
17:18 | <dwfreed> | you need to make sure that /var/www/websites/ddlures is owned by ddlures |
17:18 | <montigny34> | https://bpaste.net/show/b7106b878b57 |
17:19 | <montigny34> | yup shows ddlures sftp |
17:20 | <dwfreed> | pastebin the output of 'namei -l /var/www/websites/ddlures/public_html' |
17:21 | <montigny34> | https://bpaste.net/show/c6465f6a83fe |
17:21 | <dwfreed> | /var/www/websites needs to be chmod o+x |
17:21 | <dwfreed> | at the very least |
17:22 | <dwfreed> | also, sftp group doesn't need write access to /var/www/websites/ddlures |
17:22 | <montigny34> | ok done |
17:22 | <dwfreed> | filezilla should work now |
17:23 | <montigny34> | i added o+x |
17:23 | <montigny34> | still same |
17:24 | <dwfreed> | new output of the namei command I gave? |
17:25 | <montigny34> | https://bpaste.net/show/8163891bc9fa' |
17:26 | <dwfreed> | how about 'getent passwd ddlures' |
17:26 | <montigny34> | ddlures:x:1001:1001::/var/www/websites/ddlures:/sbin/nologin |
17:27 | <millisa> | drwxr-x--x root nginx websites <--- |
17:27 | <dwfreed> | millisa: that's technically fine |
17:27 | <dwfreed> | but adding o+r wouldn't hurt |
17:28 | <montigny34> | !point millisa |
17:28 | <linbot> | montigny34: Point given to millisa. (79) |
17:28 | <montigny34> | that did it |
17:28 | <montigny34> | !point dwfreed |
17:28 | <linbot> | montigny34: Point given to dwfreed. (73) (Biggest fan: mcintosh, total: 17) |
17:28 | <montigny34> | thank you both |
17:28 | <montigny34> | now this user sees all of /websites |
17:29 | <montigny34> | not ddlures |
17:30 | <dwfreed> | that's weird |
17:31 | <montigny34> | i think its because irwemove %h |
17:31 | <dwfreed> | no, that part is fine |
17:32 | <montigny34> | you're right |
17:32 | <montigny34> | mmm |
17:37 | <montigny34> | any ideas? |
17:37 | <montigny34> | i think I nmeed the %h that specifies to keep them in their home directory |
17:37 | <montigny34> | no?? |
17:38 | <dwfreed> | that has its own challenges |
17:38 | <dwfreed> | because as noted, they can't have write access to the ChrootDirectory, so if they needed to create new files in their home directory, they'd have to ask you to do it |
17:39 | <montigny34> | i did it on my other server and ketp %h |
17:39 | <montigny34> | kept %h |
17:40 | <montigny34> | followed the same tut |
17:40 | <montigny34> | but its not working now |
17:40 | <montigny34> | ForceCommand internal-sftp -u 002 i had added this on my original server |
17:43 | <dwfreed> | the -u 002 just changes the umask |
17:43 | <montigny34> | ahh |
17:44 | <montigny34> | just gotta figure out why theire not chrooted nowe |
17:44 | <montigny34> | chrooted ** |
17:44 | <dwfreed> | (which is actually not what you want, in most cases, especially if the user's main group is sftp) |
17:47 | -!- | wcpan [~quassel@2400:8902::f03c:91ff:fee0:f952] has quit [Remote host closed the connection] |
17:47 | -!- | wcpan [~quassel@2400:8902::f03c:91ff:fee0:f952] has joined #linode |
17:47 | -!- | wcpan is "wcpan" on #dot #linode |
17:47 | <montigny34> | any thoughts on the chrooting not working |
17:50 | <millisa> | pastebin your sshd_config |
17:51 | <montigny34> | https://bpaste.net/show/a884008eb61d |
17:56 | <montigny34> | AddressFamily inet is that there by default? |
17:57 | <dwfreed> | it's irrelevant |
17:57 | <dwfreed> | (it does probably disable sshd listening on IPv6, but that is irrelevant to the current situation) |
18:05 | <montigny34> | anything weird in my config? |
18:16 | <montigny34> | im unable to figure it out even after looking over every file |
18:16 | <montigny34> | why doesnt putting %h work? |
18:16 | <montigny34> | i believe this is the cuprit no? |
18:20 | <dwfreed> | if you put %h, then the home directory can't be owned by the user, nor can they be allowed to write to it |
18:21 | <dwfreed> | as mentioned above, if they later need to create files in their home directory, they would have to ask you to do it |
18:21 | <dwfreed> | if you're okay with that, then use %h |
18:21 | <dwfreed> | and then chown root /var/www/websites/ddlures |
18:24 | <montigny34> | okay so how do i acbhieve what I weant |
18:24 | <montigny34> | my other serrver has %h and it works fine for writting? |
18:26 | <millisa> | This might be closer to what you want: https://vomitb.in/SdBJ0eNvOH |
18:26 | <millisa> | it's got the caveat that the user can't make things in their homedir that dwfreed was talking about. |
18:27 | <millisa> | er, that had some extra lines. https://vomitb.in/EQgYpNBJYS has the extra /etc/passwd section removed |
18:34 | <montigny34> | why is ./sshz there? |
18:34 | <millisa> | because the user can't create .ssh themselves in that setup, but if you create it for them, they can put their authorized_keys file in there to do key based auth |
18:35 | <millisa> | just make sure .ssh is owned by the user:user and is 700. |
18:41 | <montigny34> | they are only ujsing passwords |
18:41 | <montigny34> | using** |
18:41 | <montigny34> | if i make root root nginx cant server anhything in websites |
18:42 | <montigny34> | so root nginx websites is OK? |
18:47 | <montigny34> | :millisa essentially %u is the only thing missing inm y curremnt setup? |
18:48 | <millisa> | %h should be the same as /var/www/websites/%u in your setup |
18:49 | <montigny34> | both are the same or equal the same? |
19:04 | <dwfreed> | the end result is the same |
19:05 | <montigny34> | !point millisa |
19:05 | <linbot> | montigny34: Point given to millisa. (80) |
19:05 | <montigny34> | thank you that worked! |
19:06 | <montigny34> | now say I wanted a superuser that has access to all websites? |
19:06 | <millisa> | would you call it 'rute'? |
19:07 | <montigny34> | my user? |
19:08 | <millisa> | rewt then |
19:10 | <montigny34> | im lost |
19:10 | <dwfreed> | millisa is joking around |
19:10 | <dwfreed> | root already exists, and would have access to everything |
19:15 | <montigny34> | how would i redirect www to non www ? |
19:17 | <millisa> | i could swear your nginx config from yesterday had one of those already |
19:21 | <montigny34> | yes but do i just add another line |
19:22 | <montigny34> | https://bpaste.net/show/f5403e50d6fa |
19:22 | <montigny34> | does this work |
19:22 | <montigny34> | rredirect.conf |
19:22 | <millisa> | something like this: https://vomitb.in/nrUHzdLosb is how I do it |
19:22 | <millisa> | though in some cases I put the 301 in a location block.. |
19:23 | <millisa> | you can replace $scheme with https if you are going to put them at the ssl site anyways |
19:24 | <millisa> | what you had looks like it'd work |
19:24 | <montigny34> | ok it worked |
19:25 | <montigny34> | i tr yti generate a ssl for ddlures.ca |
19:25 | <montigny34> | nginx: [warn] conflicting server name "www.ddlures.ca" on 0.0.0.0:8080, ignored |
19:25 | <montigny34> | is what I get before it craps out |
19:53 | <montigny34> | Using default addresses 80 and [::]:80 ipv6only=on for authentication. |
19:53 | <montigny34> | wnhy does certbot do this |
19:53 | <montigny34> | shouyld it not be doing 8080 |
20:09 | -!- | retro|blah [retrograde@000196da.user.oftc.net] has quit [Quit: Leaving] |
20:10 | -!- | tiaoricardo [~oftc-webi@2804:d4b:1c20:1a00:d4c8:b5f9:b04:5a49] has joined #linode |
20:10 | -!- | tiaoricardo is "OFTC WebIRC Client" on #linode |
20:10 | -!- | retro|blah [retrograde@000196da.user.oftc.net] has joined #linode |
20:10 | -!- | retro|blah is "retrograde inversion" on #linode |
20:11 | <tiaoricardo> | Hi |
20:13 | <tiaoricardo> | I need help |
20:13 | <tiaoricardo> | Is anyone here? |
20:13 | <gparent> | there's 318 people in here. |
20:13 | <linbot> | New news from community: Do I need to run 'alpine-setup' after I first deploy my Alpine Linux Linode? <https://www.linode.com/community/questions/18011> |
20:14 | <tiaoricardo> | I'm with problems on MX records to fastmail |
20:19 | -!- | tiaoricardo [~oftc-webi@2804:d4b:1c20:1a00:d4c8:b5f9:b04:5a49] has quit [Remote host closed the connection] |
20:19 | <gparent> | apparently we need to be a few thouands before we deserve to know the problem |
20:19 | <gparent> | thousands* |
20:22 | <montigny34> | how would i go about giving user ddlures access to another folder? |
20:24 | <millisa> | ugh. 95+ steal... https://vomitb.in/k1pukCb73Y |
20:26 | <millisa> | and good job linode. already got a message in the manager. "An issue affecting the physical host this Linode resides on has been detected." saved a ticket. |
20:26 | <millisa> | montigny34: bind mounts are the most convenient for me when doing chrooted setups. |
20:27 | <montigny34> | care to explain the procedure? |
20:27 | <millisa> | interestingly, the manager claims that the linode is 'stopped'.. but I'm shelled in. |
20:27 | <montigny34> | I ttied looking it up before but always get mixed up when attempting |
20:27 | <montigny34> | so i have inside websites "primitiv" |
20:27 | <montigny34> | i want to give ddlures access to both ddlures and primitiv |
20:27 | <montigny34> | i need to bind mount primitiv inside ddlures? |
20:29 | <millisa> | and give appropriate permissions |
20:30 | <montigny34> | mount --bind /var/www/websites/primitiv /var/www/websites/ddlures i ran this |
20:30 | <millisa> | that's probably not what you want |
20:30 | <montigny34> | nope |
20:30 | <montigny34> | it sorta works |
20:31 | <montigny34> | brought me straight into publix_html of primitiv |
20:31 | <montigny34> | also how do i umount what i just did |
20:32 | <millisa> | umount /what/you/want/to/umount |
20:32 | <montigny34> | it keeeps saying no mounted |
20:32 | <millisa> | the mount command by itself should show you what is mounted |
20:33 | <montigny34> | it doesnt show it mounted |
20:34 | <montigny34> | but my ftp whas both folders now |
20:35 | <millisa> | !point rmoyer |
20:35 | <linbot> | millisa: Point given to rmoyer. (1) |
20:35 | <montigny34> | crap idk how to undo it |
20:36 | <millisa> | if you can't find it in your mounts and dont' know how to unmount it, you can reboot. |
20:36 | <millisa> | but chances are if it's mounted, it'll show |
20:36 | <montigny34> | mount shows when i run the cmd again |
20:36 | <montigny34> | then umoiunt works |
20:36 | <montigny34> | but the folder ptimitiv is still linked to ddlures somehow |
20:36 | <montigny34> | so lemme reboot |
20:39 | <montigny34> | ui cant login anymore |
20:40 | -!- | The-spiki [~spiki@0001014f.user.oftc.net] has joined #linode |
20:40 | -!- | The-spiki is "Nenad Spirkoski" on #linode |
20:42 | <montigny34> | yea now i cant putty into my server anymore |
20:42 | <millisa> | why not? |
20:42 | <montigny34> | after i enter passphrase it closes putty |
20:42 | <millisa> | are you logging in with root? |
20:42 | <montigny34> | lish comsole bugs out when looking at /var/log/secure |
20:43 | <millisa> | what do you mean by 'bugs out' |
20:44 | <montigny34> | freezes chrome |
20:44 | <montigny34> | need to kill pages |
20:44 | <montigny34> | i enter wrong passphrase it rtells me |
20:44 | <montigny34> | i enter the right one, it closes putty wtf |
20:44 | <millisa> | are you logging in as root? |
20:45 | <montigny34> | disabled root over ssh |
20:45 | <millisa> | lish is not ssh |
20:45 | <montigny34> | im looged in as rootnow |
20:45 | <montigny34> | but i cant check error logs |
20:45 | <montigny34> | via lish |
20:45 | <millisa> | why not |
20:45 | <montigny34> | suggestions |
20:45 | <montigny34> | lish doesnt allow to scroll |
20:46 | <montigny34> | cat /var/log.secure only shows a bit of info |
20:46 | <millisa> | tail /var/log/secure would tail the file |
20:46 | -!- | spiki [~spiki@0001014f.user.oftc.net] has quit [Ping timeout: 480 seconds] |
20:47 | <millisa> | did you put the user you are trying to ssh in with in that sftp group? |
20:47 | <montigny34> | im pretty sure' |
20:47 | <millisa> | don't do that? |
20:48 | <montigny34> | wait no |
20:48 | <montigny34> | oh wait |
20:48 | <montigny34> | okay i think i did |
20:48 | <montigny34> | how do i remove |
20:50 | <montigny34> | nope not part of the group |
20:50 | <montigny34> | and it still wont work |
20:50 | <millisa> | usermod -G "" username - that'd remove the user from all their secondary groups. you'd have to put them back into whatever you want them in |
20:51 | <montigny34> | nope still nothing |
20:51 | <montigny34> | thats not it |
20:52 | <millisa> | restart sshd? (maybe it caches the user match? I don't know if it does) |
20:52 | <millisa> | there should be info in /var/log/secure |
20:53 | <montigny34> | nope |
20:53 | <millisa> | so what is in the secure log when you try |
20:53 | <montigny34> | how do i copy paste from lish |
20:54 | <montigny34> | https://bpaste.net/show/46878c6c579e' |
20:54 | <montigny34> | learnt something new |
20:54 | <montigny34> | this is the output |
20:55 | <millisa> | you could comment out the match section you put into sshd and see if that lets you back in |
20:56 | <montigny34> | OK |
20:56 | <montigny34> | that did it |
20:57 | <montigny34> | now i obviously cannot login with sftp |
20:57 | <montigny34> | thoughts? |
20:57 | <montigny34> | i have my key + passphrase needed to login |
20:59 | <dwfreed> | sshd will ignore authorized_keys if it isn't owned by the user |
21:00 | <dwfreed> | or if others can write to it |
21:01 | <montigny34> | so what dp i gotta do so frriechicken can login |
21:01 | <montigny34> | friedchicken** |
21:02 | <montigny34> | he can login but if i uncomment my match block it wont let me |
21:04 | <montigny34> | i dont see why they cant both work |
21:07 | <montigny34> | :millisa i got a bigger problem |
21:07 | <montigny34> | its like an invisible mount now |
21:07 | <millisa> | that's not likely |
21:07 | <montigny34> | ok |
21:07 | <montigny34> | so |
21:07 | <montigny34> | i deleted the folder |
21:07 | <montigny34> | its gone in sftp |
21:07 | <montigny34> | on ddlures |
21:08 | <montigny34> | i created folder from command line inside websites called primitiv |
21:08 | <montigny34> | it appeared automatically inside sftp whjen i refresh |
21:08 | <montigny34> | i see dllures and primitiv again? how?? |
21:08 | <millisa> | you see it from a shell? |
21:08 | <montigny34> | the folder ? |
21:08 | <millisa> | Do you see whatever you think looks odd from the shell? |
21:09 | <montigny34> | no i see the folders |
21:09 | <montigny34> | ls -lah |
21:09 | <montigny34> | returns nothing inside websites or primitiv |
21:09 | <millisa> | whatever ls is showing you is true |
21:11 | <montigny34> | dso why do i see two folders unless its not chrooted again? |
21:11 | <millisa> | Are you asking why your ftp client is showing something odd? |
21:15 | <montigny34> | yes but it sdoesnt say primitiv is mounted still |
21:15 | <millisa> | Close your sftp client? |
21:16 | <montigny34> | now i csant login via sftp |
21:16 | <montigny34> | fatal: bad ownership or modes for chroot directory "/var/www/websites/ddlures" [postauth] is what it says again |
21:17 | <millisa> | so there isn't an issue with some phantom/ghost mount |
21:17 | <montigny34> | idk it was showing 2 now nothing |
21:17 | <montigny34> | i can only see what i can see |
21:17 | <millisa> | 'it' |
21:18 | <millisa> | Your sftp client? |
21:18 | <montigny34> | OH |
21:18 | <montigny34> | the /%u doesnt work now |
21:18 | <montigny34> | for some reasson it had gotten emoved |
21:18 | <montigny34> | removed** |
21:18 | <montigny34> | which is why i seen both |
21:18 | <millisa> | yeah, good luck. I think I've had enough non-linear dentistry |
21:18 | <montigny34> | so i re-added your fix millisa |
21:18 | <montigny34> | %u |
21:18 | <montigny34> | but now i get the same error as before |
21:22 | <montigny34> | why does %u not work all of a sudden |
21:23 | <Abi12> | rtfm |
21:26 | -!- | Cruiser [Cruiser@136.33.104.17] has quit [] |
21:26 | <montigny34> | so close gah |
21:28 | <montigny34> | :millisa any idea on what could make /%u stop working? |
21:28 | -!- | V-Pariah [viciouspar@c-24-61-207-78.hsd1.ma.comcast.net] has quit [Ping timeout: 480 seconds] |
21:30 | -!- | V-Pariah [~viciouspa@c-24-61-207-78.hsd1.ma.comcast.net] has joined #linode |
21:30 | -!- | V-Pariah is "Vicious Pariah" on #linode |
21:39 | -!- | Cruiser [Cruiser@136.33.104.17] has joined #linode |
21:39 | -!- | Cruiser is "Cruiser" on #linode |
22:00 | <montigny34> | bad ownership or modes for chroot directory "/var/www/websites/ddlures" |
22:28 | <montigny34> | i still cant fix it |
22:32 | <montigny34> | cat /etc/group|grep bobby |
22:32 | <montigny34> | wehen i run this |
22:32 | <montigny34> | i only see bobby |
22:32 | <montigny34> | not bobby & sftp? |
22:32 | <gparent> | when you run this a kitten dies because you used cat |
22:34 | <montigny34> | i know its a stupid mistake |
22:51 | <zifnab> | !wx ksea |
22:51 | <linbot> | zifnab: [metar] OBS at KSEA: 62.6F/17C, visibility 10 miles, wind 9.21 mph, chill 61.82F (altimeter: 30.29) [KSEA 310153Z 35008KT 10SM FEW045 17/04 A3029 RMK AO2 SLP264 T01670039] |
22:51 | <zifnab> | !wx kjfk |
22:51 | <linbot> | zifnab: [metar] OBS at KJFK: F/C, visibility 6 miles, wind 14.96 mph, chill -19.37F (altimeter: ) [KJFK 302345Z 3100/0106 17013KT P6SM FEW060 BKN120 WS020/21045KT ] |
22:51 | <zifnab> | that's...wrong, that has to be wrong, wtf |
22:52 | <zifnab> | yes, that is wrong. |
22:53 | <montigny34> | gparent |
22:53 | <montigny34> | ill give you $20 if u help me |
22:54 | <montigny34> | i wanna go to sleep |
22:59 | <zifnab> | !managed |
22:59 | <linbot> | https://www.linode.com/managed |
23:09 | -!- | montigny34 [~oftc-webi@107-190-62-156.cpe.teksavvy.com] has quit [Remote host closed the connection] |
23:41 | -!- | bobby [~oftc-webi@107-190-62-156.cpe.teksavvy.com] has joined #linode |
23:41 | -!- | bobby is "OFTC WebIRC Client" on #linode |
23:41 | <bobby> | my certbot wont work for new domains |
23:41 | <bobby> | (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization |
23:42 | -!- | copart [~copart@00027003.user.oftc.net] has joined #linode |
23:42 | -!- | copart is "copart" on #linode |
--- | Log | closed Sun Mar 31 00:00:35 2019 |