Back to Home / #linode / 2019 / 10 / Prev Day | Next Day
#linode IRC Logs for 2019-10-06

---Logopened Sun Oct 06 00:00:45 2019
01:46-!-Ranjan [~oftc-webi@106.51.107.4] has joined #linode
01:46-!-Ranjan is "OFTC WebIRC Client" on #linode
01:46<Ranjan>Hi,
01:46<millisa>Greetings,
01:46<Ranjan>Hi, how are you?
01:47<Ranjan>I would like to know if you offer hourly based VPS systems.
01:47<millisa>Linodes are billed hourly
01:47<millisa>https://www.linode.com/docs/platform/billing-and-support/billing-and-payments/#how-hourly-billing-works gives a lot more info
01:47<Ranjan>Great.
01:47<Ranjan>What are the locations I can choose?
01:47<millisa>!speedtest
01:47<linbot>http://www.linode.com/speedtest
01:48<Ranjan>I mean server locations.
01:48<millisa>Those are the locations along with files you can download to test speed
01:49<Ranjan>Can I install my custom OS?
01:49<millisa>You can, but these are the supported distributions that are easy to install: https://www.linode.com/distributions
01:49<millisa>This would cover doing a custom install https://www.linode.com/docs/tools-reference/custom-kernels-distros/install-a-custom-distribution-on-a-linode/
01:53<Ranjan>I see, I have a custom windows OS. Can I install that?
01:53<millisa>!winode
01:53<linbot>It is possible to run Windows on !kvm Linodes. Here's a set of unofficial instructions: https://github.com/linode/docs/pull/501#issuecomment-232414947
01:54<millisa>Possible. You'd have to bring your own license. Very unsupported.
01:54<Ranjan>Yes I understand.
01:55<Ranjan>I have signed up but I have not received any verification link to my email address yet.
01:56<millisa>there's usually several mails in the signup they send.
01:57<millisa>sometimes an extra verification step gets triggered that you'd get mail about. they get to them pretty quickly.
01:58<millisa>If it's been more than a few hours, you could try contacting their support email and they could probably track down what happened.
01:58<Ranjan>Alright. Thanks for your help.
01:58-!-Ranjan [~oftc-webi@106.51.107.4] has quit [Quit: Page closed]
02:26-!-ein15 [~ein@pool-96-245-77-101.phlapa.fios.verizon.net] has quit [Read error: Connection reset by peer]
02:31<nicolaus>will linode ever support void linux distro
02:32<nicolaus>the closest im using is alpine, which is great i guess
02:34<@mtjones>nicolaus: That's something we can look into. I've added your request to our internal ideas tracker so we can consider it for the future.
02:34<nicolaus>cool mtjones
02:34<nicolaus>there are 2 versions of void, one with musl and one with glibc
02:34<@mtjones>Which would you prefer?
02:35<millisa>https://media.giphy.com/media/zbzNUbpFnlw8E/giphy.gif
02:36<nicolaus>mtjones: musl is the better version
02:37<nicolaus>at least for server
02:37<@mtjones>Thanks! I'll add that in.
02:37<nicolaus>glibc is more for desktop
02:37<millisa>headless game servers?
02:38<nicolaus>millisa: what do you mean
02:39<millisa>they like glibc :)
02:39<nicolaus>me no understand lol
02:40<millisa>(ignore me; was confused by 'glibc is more for desktop')
02:41-!-ein15 [~ein@pool-96-245-77-101.phlapa.fios.verizon.net] has joined #linode
02:41-!-ein15 is "realname" on #linode
02:42<nicolaus>mtjones: https://a-hel-fi.m.voidlinux.org/live/current/ which one of these files i need to run in linode in order to set up my own distro
02:50-!-ein15 [~ein@pool-96-245-77-101.phlapa.fios.verizon.net] has quit [Remote host closed the connection]
02:54<millisa>this one seems to boot ok in glish. I'm up to the partitioning section ok. it started network fine and it sees the disk. https://alpha.de.repo.voidlinux.org/live/20190526/void-live-x86_64-musl-20190526.iso
02:54<@mtjones>!point millisa
02:54<linbot>mtjones: Point given to millisa. (108) (Biggest fan: relidy, total: 17)
02:55<@mtjones>I was just about to say, I think any of the .iso files would work. It just depends on what version you want to have.
03:05-!-AugustusCaesar24 [~AugustusC@99-190-112-116.lightspeed.irvnca.sbcglobal.net] has joined #linode
03:05-!-AugustusCaesar24 is "Augustus Caesar" on #linode
03:12-!-AugustusCaesar24 [~AugustusC@99-190-112-116.lightspeed.irvnca.sbcglobal.net] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
03:29-!-AugustusCaesar24 [~AugustusC@99-190-112-116.lightspeed.irvnca.sbcglobal.net] has joined #linode
03:29-!-AugustusCaesar24 is "Augustus Caesar" on #linode
03:30-!-AugustusCaesar24 [~AugustusC@99-190-112-116.lightspeed.irvnca.sbcglobal.net] has quit []
03:54<millisa>nicolaus: ran through this a couple times. my notes on void install on linode: https://vomitb.in/0Sbo1p7jz1 seemed to work ok; has lish working. didn't do the linode manager compatbility steps yet
03:55<millisa>bah. had some dupe sections. let me clean it up a little.
03:59<millisa>a little cleaner - https://vomitb.in/0GccKAZgYT
04:01<millisa>used a 500MB 'Installer' disk and a 2GB 'Boot' disk. seemed to be plenty of room. 1.2GB used by the end of that test.
04:01-!-VladGh_ [~VladGh@ip72-200-40-178.no.no.cox.net] has joined #linode
04:01-!-VladGh_ is "Vlad" on #linode
04:07-!-VladGh [~VladGh@ip72-200-40-165.no.no.cox.net] has quit [Ping timeout: 480 seconds]
04:19-!-AugustusCaesar24 [~AugustusC@99-190-112-116.lightspeed.irvnca.sbcglobal.net] has joined #linode
04:19-!-AugustusCaesar24 is "Augustus Caesar" on #linode
04:32-!-AugustusCaesar24 [~AugustusC@99-190-112-116.lightspeed.irvnca.sbcglobal.net] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
05:02-!-|GIG-1 [~MYOB@158.115.253.31] has joined #linode
05:02-!-|GIG-1 is "J" on #moocows #linode
05:02-!-|GIG [~MYOB@158.115.253.31] has quit [Remote host closed the connection]
05:02-!-u0_a181 [~u0_a181@subs31-116-206-15-27.three.co.id] has joined #linode
05:02-!-u0_a181 is "Unknown" on #linode
05:02<u0_a181>hi xD
05:04-!-u0_a181 [~u0_a181@subs31-116-206-15-27.three.co.id] has quit [Remote host closed the connection]
06:30-!-TJ- [~root@2a02:8011:2007::7] has joined #linode
06:30-!-TJ- is "TJ https://launchpad.net/~tj" on #linode #virt
06:49-!-tanja_justme [~oftc-webi@D4709505.rev.sefiber.dk] has joined #linode
06:49-!-tanja_justme is "OFTC WebIRC Client" on #linode
06:50<tanja_justme>I'm sorry to ask does anyone know how to generate ca and keys for openvpn today because all the tutorials that I have found does not work anymore
06:51<tanja_justme>the source vars, etc and those ways is Depreciated and removed in Debian 10 that I use
06:52<tanja_justme>btw installed openvpn and easyrsa from the distro repo
06:54-!-tanja_justme [~oftc-webi@D4709505.rev.sefiber.dk] has quit [Quit: Page closed]
09:03-!-thiras [~thiras@195.174.215.70] has joined #linode
09:03-!-thiras is "Ant" on #debian #linode #tami
09:05-!-ein15 [~ein@pool-96-245-77-101.phlapa.fios.verizon.net] has joined #linode
09:05-!-ein15 is "realname" on #linode
09:24-!-VladGh_ [~VladGh@ip72-200-40-178.no.no.cox.net] has quit [Remote host closed the connection]
09:24-!-VladGh [~VladGh@ip72-200-40-178.no.no.cox.net] has joined #linode
09:24-!-VladGh is "Vlad" on #linode
09:25-!-VladGh [~VladGh@ip72-200-40-178.no.no.cox.net] has quit [Remote host closed the connection]
09:26-!-VladGh [~VladGh@ip72-200-40-178.no.no.cox.net] has joined #linode
09:26-!-VladGh is "Vlad" on #linode
09:54<linbot>New news from community: Can I use OpenLiteSpeed-WordPress StackScript into CentOS8? <https://www.linode.com/community/questions/18926>
10:38-!-Shentino [~desktop@96-41-208-125.dhcp.elbg.wa.charter.com] has quit [Remote host closed the connection]
10:46-!-Guest4241 [~desktop@96-41-208-125.dhcp.elbg.wa.charter.com] has joined #linode
10:46-!-Guest4241 is "realname" on #qemu #mm #linode #tux3
10:47-!-Guest4241 [~desktop@96-41-208-125.dhcp.elbg.wa.charter.com] has quit [Remote host closed the connection]
10:47-!-Shentino_ [~desktop@96-41-208-125.dhcp.elbg.wa.charter.com] has joined #linode
10:47-!-Shentino_ is "realname" on #tux3 #linode #mm #qemu
10:50-!-VladGh [~VladGh@ip72-200-40-178.no.no.cox.net] has quit [Remote host closed the connection]
10:52-!-VladGh [~VladGh@ip72-200-40-178.no.no.cox.net] has joined #linode
10:52-!-VladGh is "Vlad" on #linode
11:42-!-ein15 [~ein@pool-96-245-77-101.phlapa.fios.verizon.net] has quit [Ping timeout: 480 seconds]
11:58-!-Edgeman [~edgeman@dhcp-198-2-79-125.cable.user.start.ca] has joined #linode
11:58-!-Edgeman is "Edgeman" on #linode
11:59-!-Edgeman2 [~edgeman@dhcp-198-2-79-125.cable.user.start.ca] has quit [Read error: Connection reset by peer]
12:10-!-tmberg [tmberg@00010d6a.user.oftc.net] has quit [Quit: tmberg]
14:20-!-dannyAAM [~dannyAAM@saru.saru.moe] has quit [Quit: znc.saru.moe : ZNC 1.6.2 - http://znc.in]
14:20-!-dannyAAM [~dannyAAM@saru.saru.moe] has joined #linode
14:20-!-dannyAAM is "Danny" on #linode
14:22<nicolaus>thanks millisa i'll read that now
14:22<nicolaus>great guide
14:22<millisa>for the most part it was just following the custom distribution guide
14:22-!-tmberg [tmberg@00010d6a.user.oftc.net] has joined #linode
14:22-!-tmberg is "tmberg" on #dfri_se #linode
14:23<nicolaus>:)
14:23<nicolaus>did you go into errors at all?
14:23<millisa>only when I setup the disk with GPT initially.
14:24<millisa>I did play around in rescue mode some while chrooted into the disk. that works fine.
14:24<nicolaus>great
14:26<nicolaus>millisa: so booting a live distro is fine, it doesnt require install of kernel in the disk at all?
14:26<nicolaus>or dd is doing the nasty work
14:26<millisa>you set it up as a direct disk book
14:26<millisa>you set it up as a direct disk boot
14:27<millisa>you pretty much dd the liveiso over to a raw installer disk, then boot with that installer disk to install to your raw, boot disk
14:29<millisa>from the linode webUI, the order is something like: create boot/install raw disks, create boot/install profiles, boot into rescue mode with install disk at /dev/sda, dd liveiso to /dev/sda, boot into installer profile with boot/install disks
14:29<millisa>do the install, boot into boot profile, do cleanup, eventually do the linode manager compatibility fixes (which will have to going in and out of rescue again)
14:30<nicolaus>i'll give it a chance now
14:30<nicolaus>i really like void musl
14:32<millisa>oh - and when you do the initial install - make sure to use the 'glish' graphical console.
14:35-!-ggggg [~oftc-webi@77.40.44.207] has joined #linode
14:35-!-ggggg is "OFTC WebIRC Client" on #linode
14:35-!-ggggg [~oftc-webi@77.40.44.207] has quit []
14:44-!-fstd_ [~fstd@xdsl-78-34-191-203.nc.de] has joined #linode
14:44-!-fstd_ is "fstd" on #oftc #linode #debian #kernelnewbies
14:51-!-fstd [~fstd@xdsl-81-173-175-80.nc.de] has quit [Ping timeout: 480 seconds]
15:32<SleePy>Kinda wish Linode would let us perform moves ourselves when pending host maintenance is coming up. Would be nice to jump hosts when the time is more convenient for me.
15:32<millisa>migrate to a dedicated and back?
15:33<millisa>or up a node size and back down without a disk resize
15:33<SleePy>Node size is a interesting trick..
15:34<SleePy>But who is to say you migrate to a host that is "fixed"
15:34<millisa>they haven't yet. probably to stop a lot of us from doing that...
15:35<SleePy>Most likely as they would not have enough people vacate the host to clear it up for incoming migrations
15:39<Toba>it would make things better for those people who got to choose the time for the migration, though
15:39<Toba>doing that wouldn't have to get to 100% to be a net positive
15:39<Toba>it would need to be set up such that the nodes you move to have been fixed already
15:40<Toba>I can see why that could reach a point where linode doesn't have enough hardware to make it work, though, I gues.
15:41<SleePy>Some of it could be solved if after fixing a "host" that customers on other hosts instead of going down, would simply migrate to the new host and power back up. The empty hosts could then be filled by other customers.
15:41<SleePy>Would be a really added benefit if it could link hosts together temporarily and then do a live migration of them. Very interesting aspect and would mean almost no downtime for the nodes.
15:42<Zr40>that's assuming their disk images are small enough that it would actually be faster
15:42<Toba>progressive syncing of disk state is a thing, at least in vmware
15:42<Toba>not sure if xen has it
15:42<Toba>Zr40: it's not all about total downtime either, being able to plan maint window has its own value
15:43<Toba>there are plenty of businesses where randomly having your site affected at times you didn't choose isn't acceptable
15:44<Zr40>like our business - and that's exactly why we're removing single points of failure. Plenty of points removed, some remain, but those aren't affected by this round of maintenance
15:45<Zr40>all of the application servers will get powered down, just not all of them at the same time
15:45<Toba>yeah, removing single poitns of failure is good and everyone should do it when they can
15:45<Toba>but, it is a lot of work sometimes
15:45<Zr40>tell me about it
15:50<Zr40>we've got two points of failure remaining (as far as I could identify) - one file server, nfs mounted. Could possibly be replaced by object storage, otherwise I'm going with ceph. Second, the reverse proxy / load balancer. Might need to put cloudflare in front for that one
15:51<Toba>does linode support keepalived?
15:51<Zr40>in what way?
15:52<Toba>https://www.linode.com/docs/websites/host-a-website-with-high-availability/#keepalived
15:52<Toba>check that out
15:52<Toba>Have not read these specific docs and have not set it up myself, but my employer uses it for HA of the load balancers.
15:52<Toba>https://www.keepalived.org
15:53<Toba>it works nicely, if one of the boxes disappears the other one takes over.
15:53<Zr40>on the public IP?
15:53<Toba>yes
15:55<Zr40>not sure how keepalived is involved there
16:02<Toba>you were saying you might need to use cloudflare to get rid of your single point of failure of the load balancer
16:02<Toba>keepalived helps get rid of that single point of failure.
16:02<Toba>that's why it's involved.
16:02<Toba>get 2, and use keepalived to make them share an ip
16:02<Toba>1 of them will actively use it at a time
16:03<Zr40>if I'm reading the docs right, that works for the private IP
16:03<Toba>as far as linux and tech is concerned, public and private ips are the same thing
16:04<Toba>as long as the network allows you to do it, then it will work fine with a public ip
16:04<Toba>the linode docs I linked probably go into that.
16:04<Toba>oh, sorry, I read too fast - the part about keepalived was for galera (clustered mysql)
16:05<Zr40>I'm fairly sure traffic to the public IP of a Linode doesn't get routed to all other Linodes
16:05<Zr40>you can of course swap addresses in the Manager, but that doesn't touch the IPv6 one
16:07<millisa>https://www.linode.com/docs/platform/manager/remote-access/#configuring-ip-sharing
16:07<Zr40>ooh. Bookmarked!
16:08<Toba>nice catch millisa
16:08<Toba>I was about to post that!
16:08<Toba>"IP Sharing allows a Linode to share an IP address assignment (one or more additional IPv4 addresses). This can be used to allow one Linode to begin serving requests should another become unresponsive. Only IPs in the same datacenter are offered for sharing."
16:08<Toba>its on the networking tab for a node
16:08<millisa>except in Toronto.
16:08<Toba>so, not multi dc.. but probably does what you need
16:08<Zr40>also not IPv6, but iirc the /112s get routed to all instances
16:10<Peng>Zr40: correct (except in Toronto, where they're not available)
16:11<Zr40>what else is missing in Toronto? (-:
16:12<Peng>Maple syrup!
16:15-!-TJ- [~root@2a02:8011:2007::7] has quit [Quit: WeeChat 2.6]
16:15-!-Dataforce [~dataforce@dataforce.org.uk] has quit [Remote host closed the connection]
16:28-!-redentor [~red3ntor@189.202.73.173.cable.dyn.cableonline.com.mx] has joined #linode
16:28-!-redentor is "realname" on #linode #debian-mx #debian-es #debian-next #debian
17:11-!-AugustusCaesar24 [~AugustusC@99-190-112-116.lightspeed.irvnca.sbcglobal.net] has joined #linode
17:11-!-AugustusCaesar24 is "Augustus Caesar" on #linode
17:22-!-AugustusCaesar24 [~AugustusC@99-190-112-116.lightspeed.irvnca.sbcglobal.net] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
18:04-!-thiras [~thiras@195.174.215.70] has quit [Ping timeout: 480 seconds]
18:04-!-thiras [~thiras@178.62.235.226] has joined #linode
18:04-!-thiras is "Ant" on #debian #linode #tami
18:12-!-thiras [~thiras@178.62.235.226] has quit [Ping timeout: 480 seconds]
18:16-!-redentor [~red3ntor@189.202.73.173.cable.dyn.cableonline.com.mx] has quit [Remote host closed the connection]
18:21-!-thiras [~thiras@195.174.215.70] has joined #linode
18:21-!-thiras is "Ant" on #debian #linode #tami
18:35<linbot>New news from community: Unable to update Ubuntu 18.1 to 19. 04 <https://www.linode.com/community/questions/18927>
19:51-!-redentor [~red3ntor@189.202.73.173.cable.dyn.cableonline.com.mx] has joined #linode
19:51-!-redentor is "realname" on #linode #debian-mx #debian-es #debian-next #debian
19:55-!-thiras [~thiras@195.174.215.70] has quit [Ping timeout: 480 seconds]
19:55-!-NomadJim__ [~Jim@72.168.161.94] has joined #linode
19:55-!-NomadJim__ is "Nomad" on #debian #linode
19:55-!-NomadJim_ [~Jim@2001:5b0:2d2a:b4e8:3073:c8:5b8c:7d96] has quit [Read error: Connection reset by peer]
20:53-!-waltman [nunya644@c-68-81-107-5.hsd1.pa.comcast.net] has quit [Quit: leaving]
20:54<Cromulent>hmm hopefully this won't get me kicked or banned because I'm rather fond of Linode as a customer and enjoy being in this IRC channel - anyway for a different project I was looking for dedicated servers rather than VPS' and found a company offering semi-decent servers from Dell so great I thought then I looked through the up time promise and they said 100% and I immediately went off them a little bit - am I right to be put off
20:54<Cromulent>by a company claiming 100% up time on dedicated servers?
20:55<millisa>'or your money back!'
20:55<Cromulent>would Linode consider allowing nested virtualisation on their dedicated CPU instances?
20:56<Cromulent>that would solve the problem for me
20:57<Cromulent>I have no idea what host operating system Linode use but I'm pretty sure that most modern distros have a version of KVM and QEMU that supports it pretty well
20:57<Cromulent>I've tested it out using VMWare Workstation Pro 15.5
20:58<Cromulent>and also same question for the memory optimised instances
21:00<Cromulent>I mean now Linode are starting to use EPYC on some hosts I'm pretty sure that nested virtualisation isn't the same performance hog it used to be years and years ago
21:01<Cromulent>although I have no numbers to back that up with
21:01<Cromulent>does anyone know more about this subject than me and can chime in?
21:07-!-waltman [nunya453@c-68-81-107-5.hsd1.pa.comcast.net] has joined #linode
21:07-!-waltman is "Walt Mankowski" on #linode
21:08-!-redentor [~red3ntor@189.202.73.173.cable.dyn.cableonline.com.mx] has quit [Remote host closed the connection]
22:07-!-thiras [~thiras@195.174.215.70] has joined #linode
22:07-!-thiras is "Ant" on #debian #linode #tami
22:16<nate>Haven't people been doing nested virtualization on the standard linodes for ages?
22:17<Cromulent>no idea
22:17<Cromulent>I just thought it would be a nice little bonus on the dedicated CPU instances
22:17<Cromulent>I seem to recall it wasn't possible on the old Xen hosts - never tried with KVM hosts
22:30-!-Bruke [~oftc-webi@96.76.233.54] has joined #linode
22:30-!-Bruke is "OFTC WebIRC Client" on #linode
22:30<Bruke>Is this a good place to ask for help?
22:30<millisa>!ask
22:30<linbot>If you have a question, feel free to just ask it -- someone's always willing to help. If you don't get a response right away, be patient! You may want to read http://alexfornuto.com/how-to-ask-for-help-on-irc/
22:32<Bruke>I just installed a new linode, Debian 10. I can access it by SSH using PuTTY with no problem but I can't access it via FTP or SFTP. I have set a hostname, I have verified that VSFTPD service is running. I tried Ipswitch and Filezilla; both give me an authentication error. I tested my linode account password and the server's root password - neither works.
22:33<Cromulent>what about just using FTPS instead?
22:33<Bruke>I also verified that there's no firewall right now.
22:33<millisa>do the logs show anything on the server side when you attempt hte sftp connection?
22:33<Cromulent>you already have SSH working so FTPS is easy
22:33<Cromulent>oh ignore me
22:33<millisa>you've got 'em flipped
22:33<Cromulent>its too late and I didn't read properly - yeah I do
22:34<Bruke>@millisa - where would I find the logs?
22:35<millisa> /var/log usually. the auth.log might be a good start
22:36<linbot>New news from community: Webpage doesnt load <https://www.linode.com/community/questions/18928>
22:43<Bruke>I see a lot of this: sshd[568]: Unable to negotiate with 96.76.233.54 port 54489: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1, diffie-hellman-group1-sha1 [preauth]
22:44<millisa>is that all that is logged when you try to connect with the sftp client?
22:45<Bruke>@millisa - Filezilla says this: " Error: Authentication failed. Error: Critical error: Could not connect to server"
22:46<millisa>on the server. does that get logged on the server when you try to connect with filezilla.
22:47<Bruke>Going to check. Just also tried FTP with Ipswitch, got this error: " Purpose: compression cs Algo: none Purpose: compression sc Algo: none Failed SSH Key Exchange SSH Transport closed."
22:48<Bruke>Having a hard time copy/paste from putty - any tips?
22:50<millisa>drag with the left mouse button down. paste in notepad?
22:51<Bruke>Tried that, isn't working.
22:52<Bruke>I'm looking at the file with Vi, does that make a difference?
22:53<millisa>i have no idea. generally 'tail /var/log/whatever.log' is good enough. you don't need to edit the file...
22:53<millisa>tail -f /var/log/auth.log if you want to follow it live.
22:53<Bruke>I'm about to take a screenshot and post it to one of my other servers (I use ftp every day on them, no problems)
22:53<millisa>I just spun up a debian 10 instance. logged in as root with ssh. then tried filezilla via sftp. seemed to work fine.
22:53<millisa>ftp is not sftp
22:54<millisa>in filezilla, are you typing sftp://yourlinodesip in the 'Host:' box?
22:54<Bruke>Oct 7 02:45:09 mi-games sshd[845]: Invalid user brukenet from 96.76.233.54 port 54702 Oct 7 02:45:09 mi-games sshd[845]: pam_unix(sshd:auth): check pass; user unknown Oct 7 02:45:09 mi-games sshd[845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.76.233.54 Oct 7 02:45:11 mi-games sshd[845]: Failed password for invalid user brukenet from 96.76.233.54 port 54702 ssh2 Oct 7 02:45:13 mi-games sshd[845]: error: R
22:54<millisa>!paste
22:54<linbot>Please paste longer snippets over at https://bpaste.net/ and not in the channel
22:54<Bruke>As soon as I got out of Vi, I could copy/paste normal
22:54<millisa>those logs are saying 'brukenet' is an invalid user. are you trying to login with that username?
22:55<Bruke>https://bpaste.net/show/LeRw
22:56<Bruke>brukenet is the username that I use to login to linode; I also tried "root" both fail
22:56<millisa>line 4. it says it was a failed password for an invalid user.
22:56<millisa>your linode manager account isn't a shell account
22:56<millisa>if you want to create a shell account with that name, you can - but there's nothing that links them
22:57<Bruke>https://bpaste.net/show/PAR5
22:57<Bruke>That's the error I get when I try "root"
22:57<millisa>That says you are using the wrong password. line 4.
22:58<millisa>you set the root password when you spun up the instance. it's the same one you use to ssh into the system.
22:58<Bruke>It's the same password that I use to log in via SSH.. is it possible the root user doesn't have ftp access??
22:58<millisa>if you can ssh in, you can sftp.
22:58<millisa>(again, ftp is not sftp)
22:58<Bruke>That's what I expected... but it's not working.
22:59<millisa>that says you sent the wrong password.
22:59<millisa>if you are logged in as root, you can change the password for root with 'passwd'
23:00<Bruke>https://bpaste.net/show/_V3M
23:00<millisa>still says you sent the wrong password.
23:00<Bruke>What I don't understand is, if the password is wrong, how am I logging into SSH in the first place? The password can't be wrong or else my SSH login attempts would fail...
23:01<Bruke>It must be something else. I ran top and verified that the ftp process was running... is there a command to view authorized ftp users?
23:01<millisa>ftp is not sftp
23:03<Woet>stop using FTP.
23:03<millisa>for all I know your capslock is on. change your password at the shell prompt to something you know you aren't typoing and use that password in filezilla.
23:03<millisa>if the auth.log says Failed password then you typed the wrong password
23:04<Bruke>OK. I'm self-taught, clearly gaps in my understanding. My goal is to move files from my local machine to the server so my first thought is "ftp" and my understanding is that sftp is just a "secure" version of ftp... different port, but otherwise similar. Am I misunderstanding?
23:04<Cromulent>yes
23:05<Bruke>Is it that sftp isn't for moving files, or is the difference more subtle ?
23:05<Cromulent>FTPS (as I incorrectly said earlier) is FTP with SSL
23:05<millisa>its a different protocol entirely.
23:05<Cromulent>SFTP is FTP using SSH
23:06<Bruke>Ah. Is Filezilla the correct tool to use SFTP ?
23:06<millisa>It's a fine tool for either ftp or sftp
23:07<millisa>there's even a linode doc on using it: https://www.linode.com/docs/tools-reference/file-transfer/filezilla/
23:07<Bruke>This is what I have been using in the "Host" section of Filezilla's quickconnect: sftp://172.105.7.167
23:07<millisa>looks ok to me
23:08<millisa>(assuming that is your linode IP)
23:08<nate>Cromulent: Semantically speaking that's kind of right and wrong. SFTP literally is it's own protocol, it has nothing to do with the original FTP protocol (so it's not literally FTP protocol over SSH)
23:08<Bruke>That's the web page guide I've been following. I started by setting up a hostname, then started trying to connect via filezilla
23:08<nate>The right portion being that the FTP still technically stands for "File transfer protocol", just not the actual protocol :P
23:09<millisa>at that shell prompt, verify your IP is what you think it is. if you type: ip addr list
23:09<millisa>you should see your IP in the eth0 section.
23:09<millisa>(I'm pretty sure you've got it right - those log entries you posted show the failures coming from the same IP you logged into this chat with)
23:10<Bruke>ip addr list shows the same IP, so that's not it.
23:11<Bruke>I did see the "Unknown host key" alert pop up the first time I tried to connect; I clicked to always trust this host and said ok. I haven't seen that pop up since the first attempt at connection... is that relevant?
23:11<millisa>it's expected
23:12<Cromulent>nate: ah thank you for the correction :)
23:12<Bruke>possibly important - I did NOT follow all the steps in Securing the server guide... I added a limited user account and held off on the rest of the stuff like hardened SSH and authentication key-pair... was that a mistake?
23:13<millisa>you should do most of the steps, but if you haven't done them, it shouldn't be stopping your sftp session
23:14<millisa>unless you did something more to restrict it, that user account you created should be able to sftp too
23:15<Bruke>I saw something online about configuration for the ftp, and something about a prompt that looked like "ftp>" but I don't know how to access that ftp> prompt.. is that my error?
23:15<millisa>that's for ftp. which is not sftp.
23:15<Bruke>I did try to set up IP tables but I think I failed... could I have botched that?
23:16<millisa>you could have, but that's not what is happening. if you had blocked ssh, you wouldn't be able to ssh in or sftp in, and the log entry showing the failed password would not have showed
23:16<linbot>New news from community: Account Limit reached. Please open a support ticket. <https://www.linode.com/community/questions/18929>
23:17<Bruke>Can you take a look at this and tell me if it's messed up: https://bpaste.net/show/9K6V
23:18<Bruke>I got it from this guide: https://www.linode.com/docs/security/firewalls/control-network-traffic-with-iptables/
23:18<millisa>it looks like a set of rules that allows ssh and some udp ports.
23:19<Bruke>Does it block sftp, or would that be ok because ssh is allowed?
23:19<millisa>sftp runs over ssh.
23:19<millisa>if you can ssh in, you can sftp in.
23:20<millisa>if you watch your auth.log with 'tail -f /var/log/auth.log' in the shell, and then try your filezilla client with root and with that user account you setup, you should see it showing the logs, live while you try to authenticate.
23:21<millisa>if it says failed password, then that is what it means...
23:22<millisa>if it says 'invalid user' on the failed password line when you try logging in with filezilla - that means you've got the username wrong
23:22<Bruke>I do see that...
23:22<Bruke>But how can the password work for ssh but not sftp ?
23:24<millisa>capslock. typing it wrong. pasting it wrong. you changed it since ssh'ing in. any of those things. something else.
23:26<Bruke>I'm reading something on StackExchange - https://unix.stackexchange.com/questions/209770/ssh-console-login-working-but-sftp-does-not-why
23:26<Bruke>Is the answer there relevant?
23:26<millisa>that person has fail2ban running and they said they have ssh on an alternate port. no.
23:26<linbot>New news from community: How to install Cpanel on my Linode hosting? <https://www.linode.com/community/questions/18930>
23:27<millisa>unless you are running fail2ban and/or running ssh on an alternate port
23:27<Bruke>Not that I'm aware of.
23:27<Bruke>Well, let's try to reset one of the passwords. What's the command for that?
23:28<millisa>do you see your limited user account on the system? grep thatusername /etc/passwd <--- does that show you a line with the username:x:uid:gid::/home/username:/bin/sh-or-someshell ?
23:28<millisa>passwd is the command to reset passwords. as root you can reset a user's password with 'passwd username'
23:29<Bruke>steam:x:1000:1000:,,,:/home/steam:/bin/bash
23:30<millisa>so you created a user named 'steam'. are you trying to login with filezilla with the username 'steam' and the passwd you set for that user?
23:31<Bruke>Among the other login attempts, yes, I've tried that one four or five times, checking every time after the first time that capslock was definitely off (and one time I tried it with caps lock on, just in case).
23:31<millisa>change the passwd with 'passwd steam', then start tailing your auth.log with 'tail -f /var/log/auth.log' then try your filezilla connection with username steam and the password you just set.
23:34<Bruke>I set up the new password to not have an exclamation point in it, just all letters and numbers this time. Not sure if that mattered but this time I was able to connect. Are symbols bad for passwords?
23:34<millisa>not usually.
23:34<millisa>encouraged even
23:35<millisa>at least you see sftp working. so that's good.
23:35<millisa>do you see how it looks in the auth.log on the successful connection?
23:35<Bruke>Yes.
23:36<Bruke>I am still doubtful that I was typing BOTH root and steam passwords incorrectly... but it's either that or a real unsolved mystery.
23:36<Bruke>Thank you for all your patience and help. You have been excellent to me and I am grateful.
23:37<millisa>could be a bug in filezilla for all I know.
23:37<Bruke>I'm tempted to change the password again, to include a ! and test it.. but not today.
23:39<millisa>The only other thought i had - if you did the steps at https://www.linode.com/docs/security/securing-your-server/#ssh-daemon-options
23:39<millisa>that would disallow future ssh root logins (and in turn sftp for root)
23:40<Bruke>I definitely didn't do that.
23:57<linbot>New news from community: Get my account approved ?!? <https://www.linode.com/community/questions/18931>
---Logclosed Mon Oct 07 00:00:46 2019