--- | Log | opened Sun Oct 06 00:00:45 2019 |
01:46 | -!- | Ranjan [~oftc-webi@106.51.107.4] has joined #linode |
01:46 | -!- | Ranjan is "OFTC WebIRC Client" on #linode |
01:46 | <Ranjan> | Hi, |
01:46 | <millisa> | Greetings, |
01:46 | <Ranjan> | Hi, how are you? |
01:47 | <Ranjan> | I would like to know if you offer hourly based VPS systems. |
01:47 | <millisa> | Linodes are billed hourly |
01:47 | <millisa> | https://www.linode.com/docs/platform/billing-and-support/billing-and-payments/#how-hourly-billing-works gives a lot more info |
01:47 | <Ranjan> | Great. |
01:47 | <Ranjan> | What are the locations I can choose? |
01:47 | <millisa> | !speedtest |
01:47 | <linbot> | http://www.linode.com/speedtest |
01:48 | <Ranjan> | I mean server locations. |
01:48 | <millisa> | Those are the locations along with files you can download to test speed |
01:49 | <Ranjan> | Can I install my custom OS? |
01:49 | <millisa> | You can, but these are the supported distributions that are easy to install: https://www.linode.com/distributions |
01:49 | <millisa> | This would cover doing a custom install https://www.linode.com/docs/tools-reference/custom-kernels-distros/install-a-custom-distribution-on-a-linode/ |
01:53 | <Ranjan> | I see, I have a custom windows OS. Can I install that? |
01:53 | <millisa> | !winode |
01:53 | <linbot> | It is possible to run Windows on !kvm Linodes. Here's a set of unofficial instructions: https://github.com/linode/docs/pull/501#issuecomment-232414947 |
01:54 | <millisa> | Possible. You'd have to bring your own license. Very unsupported. |
01:54 | <Ranjan> | Yes I understand. |
01:55 | <Ranjan> | I have signed up but I have not received any verification link to my email address yet. |
01:56 | <millisa> | there's usually several mails in the signup they send. |
01:57 | <millisa> | sometimes an extra verification step gets triggered that you'd get mail about. they get to them pretty quickly. |
01:58 | <millisa> | If it's been more than a few hours, you could try contacting their support email and they could probably track down what happened. |
01:58 | <Ranjan> | Alright. Thanks for your help. |
01:58 | -!- | Ranjan [~oftc-webi@106.51.107.4] has quit [Quit: Page closed] |
02:26 | -!- | ein15 [~ein@pool-96-245-77-101.phlapa.fios.verizon.net] has quit [Read error: Connection reset by peer] |
02:31 | <nicolaus> | will linode ever support void linux distro |
02:32 | <nicolaus> | the closest im using is alpine, which is great i guess |
02:34 | <@mtjones> | nicolaus: That's something we can look into. I've added your request to our internal ideas tracker so we can consider it for the future. |
02:34 | <nicolaus> | cool mtjones |
02:34 | <nicolaus> | there are 2 versions of void, one with musl and one with glibc |
02:34 | <@mtjones> | Which would you prefer? |
02:35 | <millisa> | https://media.giphy.com/media/zbzNUbpFnlw8E/giphy.gif |
02:36 | <nicolaus> | mtjones: musl is the better version |
02:37 | <nicolaus> | at least for server |
02:37 | <@mtjones> | Thanks! I'll add that in. |
02:37 | <nicolaus> | glibc is more for desktop |
02:37 | <millisa> | headless game servers? |
02:38 | <nicolaus> | millisa: what do you mean |
02:39 | <millisa> | they like glibc :) |
02:39 | <nicolaus> | me no understand lol |
02:40 | <millisa> | (ignore me; was confused by 'glibc is more for desktop') |
02:41 | -!- | ein15 [~ein@pool-96-245-77-101.phlapa.fios.verizon.net] has joined #linode |
02:41 | -!- | ein15 is "realname" on #linode |
02:42 | <nicolaus> | mtjones: https://a-hel-fi.m.voidlinux.org/live/current/ which one of these files i need to run in linode in order to set up my own distro |
02:50 | -!- | ein15 [~ein@pool-96-245-77-101.phlapa.fios.verizon.net] has quit [Remote host closed the connection] |
02:54 | <millisa> | this one seems to boot ok in glish. I'm up to the partitioning section ok. it started network fine and it sees the disk. https://alpha.de.repo.voidlinux.org/live/20190526/void-live-x86_64-musl-20190526.iso |
02:54 | <@mtjones> | !point millisa |
02:54 | <linbot> | mtjones: Point given to millisa. (108) (Biggest fan: relidy, total: 17) |
02:55 | <@mtjones> | I was just about to say, I think any of the .iso files would work. It just depends on what version you want to have. |
03:05 | -!- | AugustusCaesar24 [~AugustusC@99-190-112-116.lightspeed.irvnca.sbcglobal.net] has joined #linode |
03:05 | -!- | AugustusCaesar24 is "Augustus Caesar" on #linode |
03:12 | -!- | AugustusCaesar24 [~AugustusC@99-190-112-116.lightspeed.irvnca.sbcglobal.net] has quit [Quit: Going offline, see ya! (www.adiirc.com)] |
03:29 | -!- | AugustusCaesar24 [~AugustusC@99-190-112-116.lightspeed.irvnca.sbcglobal.net] has joined #linode |
03:29 | -!- | AugustusCaesar24 is "Augustus Caesar" on #linode |
03:30 | -!- | AugustusCaesar24 [~AugustusC@99-190-112-116.lightspeed.irvnca.sbcglobal.net] has quit [] |
03:54 | <millisa> | nicolaus: ran through this a couple times. my notes on void install on linode: https://vomitb.in/0Sbo1p7jz1 seemed to work ok; has lish working. didn't do the linode manager compatbility steps yet |
03:55 | <millisa> | bah. had some dupe sections. let me clean it up a little. |
03:59 | <millisa> | a little cleaner - https://vomitb.in/0GccKAZgYT |
04:01 | <millisa> | used a 500MB 'Installer' disk and a 2GB 'Boot' disk. seemed to be plenty of room. 1.2GB used by the end of that test. |
04:01 | -!- | VladGh_ [~VladGh@ip72-200-40-178.no.no.cox.net] has joined #linode |
04:01 | -!- | VladGh_ is "Vlad" on #linode |
04:07 | -!- | VladGh [~VladGh@ip72-200-40-165.no.no.cox.net] has quit [Ping timeout: 480 seconds] |
04:19 | -!- | AugustusCaesar24 [~AugustusC@99-190-112-116.lightspeed.irvnca.sbcglobal.net] has joined #linode |
04:19 | -!- | AugustusCaesar24 is "Augustus Caesar" on #linode |
04:32 | -!- | AugustusCaesar24 [~AugustusC@99-190-112-116.lightspeed.irvnca.sbcglobal.net] has quit [Quit: Going offline, see ya! (www.adiirc.com)] |
05:02 | -!- | |GIG-1 [~MYOB@158.115.253.31] has joined #linode |
05:02 | -!- | |GIG-1 is "J" on #moocows #linode |
05:02 | -!- | |GIG [~MYOB@158.115.253.31] has quit [Remote host closed the connection] |
05:02 | -!- | u0_a181 [~u0_a181@subs31-116-206-15-27.three.co.id] has joined #linode |
05:02 | -!- | u0_a181 is "Unknown" on #linode |
05:02 | <u0_a181> | hi xD |
05:04 | -!- | u0_a181 [~u0_a181@subs31-116-206-15-27.three.co.id] has quit [Remote host closed the connection] |
06:30 | -!- | TJ- [~root@2a02:8011:2007::7] has joined #linode |
06:30 | -!- | TJ- is "TJ https://launchpad.net/~tj" on #linode #virt |
06:49 | -!- | tanja_justme [~oftc-webi@D4709505.rev.sefiber.dk] has joined #linode |
06:49 | -!- | tanja_justme is "OFTC WebIRC Client" on #linode |
06:50 | <tanja_justme> | I'm sorry to ask does anyone know how to generate ca and keys for openvpn today because all the tutorials that I have found does not work anymore |
06:51 | <tanja_justme> | the source vars, etc and those ways is Depreciated and removed in Debian 10 that I use |
06:52 | <tanja_justme> | btw installed openvpn and easyrsa from the distro repo |
06:54 | -!- | tanja_justme [~oftc-webi@D4709505.rev.sefiber.dk] has quit [Quit: Page closed] |
09:03 | -!- | thiras [~thiras@195.174.215.70] has joined #linode |
09:03 | -!- | thiras is "Ant" on #debian #linode #tami |
09:05 | -!- | ein15 [~ein@pool-96-245-77-101.phlapa.fios.verizon.net] has joined #linode |
09:05 | -!- | ein15 is "realname" on #linode |
09:24 | -!- | VladGh_ [~VladGh@ip72-200-40-178.no.no.cox.net] has quit [Remote host closed the connection] |
09:24 | -!- | VladGh [~VladGh@ip72-200-40-178.no.no.cox.net] has joined #linode |
09:24 | -!- | VladGh is "Vlad" on #linode |
09:25 | -!- | VladGh [~VladGh@ip72-200-40-178.no.no.cox.net] has quit [Remote host closed the connection] |
09:26 | -!- | VladGh [~VladGh@ip72-200-40-178.no.no.cox.net] has joined #linode |
09:26 | -!- | VladGh is "Vlad" on #linode |
09:54 | <linbot> | New news from community: Can I use OpenLiteSpeed-WordPress StackScript into CentOS8? <https://www.linode.com/community/questions/18926> |
10:38 | -!- | Shentino [~desktop@96-41-208-125.dhcp.elbg.wa.charter.com] has quit [Remote host closed the connection] |
10:46 | -!- | Guest4241 [~desktop@96-41-208-125.dhcp.elbg.wa.charter.com] has joined #linode |
10:46 | -!- | Guest4241 is "realname" on #qemu #mm #linode #tux3 |
10:47 | -!- | Guest4241 [~desktop@96-41-208-125.dhcp.elbg.wa.charter.com] has quit [Remote host closed the connection] |
10:47 | -!- | Shentino_ [~desktop@96-41-208-125.dhcp.elbg.wa.charter.com] has joined #linode |
10:47 | -!- | Shentino_ is "realname" on #tux3 #linode #mm #qemu |
10:50 | -!- | VladGh [~VladGh@ip72-200-40-178.no.no.cox.net] has quit [Remote host closed the connection] |
10:52 | -!- | VladGh [~VladGh@ip72-200-40-178.no.no.cox.net] has joined #linode |
10:52 | -!- | VladGh is "Vlad" on #linode |
11:42 | -!- | ein15 [~ein@pool-96-245-77-101.phlapa.fios.verizon.net] has quit [Ping timeout: 480 seconds] |
11:58 | -!- | Edgeman [~edgeman@dhcp-198-2-79-125.cable.user.start.ca] has joined #linode |
11:58 | -!- | Edgeman is "Edgeman" on #linode |
11:59 | -!- | Edgeman2 [~edgeman@dhcp-198-2-79-125.cable.user.start.ca] has quit [Read error: Connection reset by peer] |
12:10 | -!- | tmberg [tmberg@00010d6a.user.oftc.net] has quit [Quit: tmberg] |
14:20 | -!- | dannyAAM [~dannyAAM@saru.saru.moe] has quit [Quit: znc.saru.moe : ZNC 1.6.2 - http://znc.in] |
14:20 | -!- | dannyAAM [~dannyAAM@saru.saru.moe] has joined #linode |
14:20 | -!- | dannyAAM is "Danny" on #linode |
14:22 | <nicolaus> | thanks millisa i'll read that now |
14:22 | <nicolaus> | great guide |
14:22 | <millisa> | for the most part it was just following the custom distribution guide |
14:22 | -!- | tmberg [tmberg@00010d6a.user.oftc.net] has joined #linode |
14:22 | -!- | tmberg is "tmberg" on #dfri_se #linode |
14:23 | <nicolaus> | :) |
14:23 | <nicolaus> | did you go into errors at all? |
14:23 | <millisa> | only when I setup the disk with GPT initially. |
14:24 | <millisa> | I did play around in rescue mode some while chrooted into the disk. that works fine. |
14:24 | <nicolaus> | great |
14:26 | <nicolaus> | millisa: so booting a live distro is fine, it doesnt require install of kernel in the disk at all? |
14:26 | <nicolaus> | or dd is doing the nasty work |
14:26 | <millisa> | you set it up as a direct disk book |
14:26 | <millisa> | you set it up as a direct disk boot |
14:27 | <millisa> | you pretty much dd the liveiso over to a raw installer disk, then boot with that installer disk to install to your raw, boot disk |
14:29 | <millisa> | from the linode webUI, the order is something like: create boot/install raw disks, create boot/install profiles, boot into rescue mode with install disk at /dev/sda, dd liveiso to /dev/sda, boot into installer profile with boot/install disks |
14:29 | <millisa> | do the install, boot into boot profile, do cleanup, eventually do the linode manager compatibility fixes (which will have to going in and out of rescue again) |
14:30 | <nicolaus> | i'll give it a chance now |
14:30 | <nicolaus> | i really like void musl |
14:32 | <millisa> | oh - and when you do the initial install - make sure to use the 'glish' graphical console. |
14:35 | -!- | ggggg [~oftc-webi@77.40.44.207] has joined #linode |
14:35 | -!- | ggggg is "OFTC WebIRC Client" on #linode |
14:35 | -!- | ggggg [~oftc-webi@77.40.44.207] has quit [] |
14:44 | -!- | fstd_ [~fstd@xdsl-78-34-191-203.nc.de] has joined #linode |
14:44 | -!- | fstd_ is "fstd" on #oftc #linode #debian #kernelnewbies |
14:51 | -!- | fstd [~fstd@xdsl-81-173-175-80.nc.de] has quit [Ping timeout: 480 seconds] |
15:32 | <SleePy> | Kinda wish Linode would let us perform moves ourselves when pending host maintenance is coming up. Would be nice to jump hosts when the time is more convenient for me. |
15:32 | <millisa> | migrate to a dedicated and back? |
15:33 | <millisa> | or up a node size and back down without a disk resize |
15:33 | <SleePy> | Node size is a interesting trick.. |
15:34 | <SleePy> | But who is to say you migrate to a host that is "fixed" |
15:34 | <millisa> | they haven't yet. probably to stop a lot of us from doing that... |
15:35 | <SleePy> | Most likely as they would not have enough people vacate the host to clear it up for incoming migrations |
15:39 | <Toba> | it would make things better for those people who got to choose the time for the migration, though |
15:39 | <Toba> | doing that wouldn't have to get to 100% to be a net positive |
15:39 | <Toba> | it would need to be set up such that the nodes you move to have been fixed already |
15:40 | <Toba> | I can see why that could reach a point where linode doesn't have enough hardware to make it work, though, I gues. |
15:41 | <SleePy> | Some of it could be solved if after fixing a "host" that customers on other hosts instead of going down, would simply migrate to the new host and power back up. The empty hosts could then be filled by other customers. |
15:41 | <SleePy> | Would be a really added benefit if it could link hosts together temporarily and then do a live migration of them. Very interesting aspect and would mean almost no downtime for the nodes. |
15:42 | <Zr40> | that's assuming their disk images are small enough that it would actually be faster |
15:42 | <Toba> | progressive syncing of disk state is a thing, at least in vmware |
15:42 | <Toba> | not sure if xen has it |
15:42 | <Toba> | Zr40: it's not all about total downtime either, being able to plan maint window has its own value |
15:43 | <Toba> | there are plenty of businesses where randomly having your site affected at times you didn't choose isn't acceptable |
15:44 | <Zr40> | like our business - and that's exactly why we're removing single points of failure. Plenty of points removed, some remain, but those aren't affected by this round of maintenance |
15:45 | <Zr40> | all of the application servers will get powered down, just not all of them at the same time |
15:45 | <Toba> | yeah, removing single poitns of failure is good and everyone should do it when they can |
15:45 | <Toba> | but, it is a lot of work sometimes |
15:45 | <Zr40> | tell me about it |
15:50 | <Zr40> | we've got two points of failure remaining (as far as I could identify) - one file server, nfs mounted. Could possibly be replaced by object storage, otherwise I'm going with ceph. Second, the reverse proxy / load balancer. Might need to put cloudflare in front for that one |
15:51 | <Toba> | does linode support keepalived? |
15:51 | <Zr40> | in what way? |
15:52 | <Toba> | https://www.linode.com/docs/websites/host-a-website-with-high-availability/#keepalived |
15:52 | <Toba> | check that out |
15:52 | <Toba> | Have not read these specific docs and have not set it up myself, but my employer uses it for HA of the load balancers. |
15:52 | <Toba> | https://www.keepalived.org |
15:53 | <Toba> | it works nicely, if one of the boxes disappears the other one takes over. |
15:53 | <Zr40> | on the public IP? |
15:53 | <Toba> | yes |
15:55 | <Zr40> | not sure how keepalived is involved there |
16:02 | <Toba> | you were saying you might need to use cloudflare to get rid of your single point of failure of the load balancer |
16:02 | <Toba> | keepalived helps get rid of that single point of failure. |
16:02 | <Toba> | that's why it's involved. |
16:02 | <Toba> | get 2, and use keepalived to make them share an ip |
16:02 | <Toba> | 1 of them will actively use it at a time |
16:03 | <Zr40> | if I'm reading the docs right, that works for the private IP |
16:03 | <Toba> | as far as linux and tech is concerned, public and private ips are the same thing |
16:04 | <Toba> | as long as the network allows you to do it, then it will work fine with a public ip |
16:04 | <Toba> | the linode docs I linked probably go into that. |
16:04 | <Toba> | oh, sorry, I read too fast - the part about keepalived was for galera (clustered mysql) |
16:05 | <Zr40> | I'm fairly sure traffic to the public IP of a Linode doesn't get routed to all other Linodes |
16:05 | <Zr40> | you can of course swap addresses in the Manager, but that doesn't touch the IPv6 one |
16:07 | <millisa> | https://www.linode.com/docs/platform/manager/remote-access/#configuring-ip-sharing |
16:07 | <Zr40> | ooh. Bookmarked! |
16:08 | <Toba> | nice catch millisa |
16:08 | <Toba> | I was about to post that! |
16:08 | <Toba> | "IP Sharing allows a Linode to share an IP address assignment (one or more additional IPv4 addresses). This can be used to allow one Linode to begin serving requests should another become unresponsive. Only IPs in the same datacenter are offered for sharing." |
16:08 | <Toba> | its on the networking tab for a node |
16:08 | <millisa> | except in Toronto. |
16:08 | <Toba> | so, not multi dc.. but probably does what you need |
16:08 | <Zr40> | also not IPv6, but iirc the /112s get routed to all instances |
16:10 | <Peng> | Zr40: correct (except in Toronto, where they're not available) |
16:11 | <Zr40> | what else is missing in Toronto? (-: |
16:12 | <Peng> | Maple syrup! |
16:15 | -!- | TJ- [~root@2a02:8011:2007::7] has quit [Quit: WeeChat 2.6] |
16:15 | -!- | Dataforce [~dataforce@dataforce.org.uk] has quit [Remote host closed the connection] |
16:28 | -!- | redentor [~red3ntor@189.202.73.173.cable.dyn.cableonline.com.mx] has joined #linode |
16:28 | -!- | redentor is "realname" on #linode #debian-mx #debian-es #debian-next #debian |
17:11 | -!- | AugustusCaesar24 [~AugustusC@99-190-112-116.lightspeed.irvnca.sbcglobal.net] has joined #linode |
17:11 | -!- | AugustusCaesar24 is "Augustus Caesar" on #linode |
17:22 | -!- | AugustusCaesar24 [~AugustusC@99-190-112-116.lightspeed.irvnca.sbcglobal.net] has quit [Quit: Going offline, see ya! (www.adiirc.com)] |
18:04 | -!- | thiras [~thiras@195.174.215.70] has quit [Ping timeout: 480 seconds] |
18:04 | -!- | thiras [~thiras@178.62.235.226] has joined #linode |
18:04 | -!- | thiras is "Ant" on #debian #linode #tami |
18:12 | -!- | thiras [~thiras@178.62.235.226] has quit [Ping timeout: 480 seconds] |
18:16 | -!- | redentor [~red3ntor@189.202.73.173.cable.dyn.cableonline.com.mx] has quit [Remote host closed the connection] |
18:21 | -!- | thiras [~thiras@195.174.215.70] has joined #linode |
18:21 | -!- | thiras is "Ant" on #debian #linode #tami |
18:35 | <linbot> | New news from community: Unable to update Ubuntu 18.1 to 19. 04 <https://www.linode.com/community/questions/18927> |
19:51 | -!- | redentor [~red3ntor@189.202.73.173.cable.dyn.cableonline.com.mx] has joined #linode |
19:51 | -!- | redentor is "realname" on #linode #debian-mx #debian-es #debian-next #debian |
19:55 | -!- | thiras [~thiras@195.174.215.70] has quit [Ping timeout: 480 seconds] |
19:55 | -!- | NomadJim__ [~Jim@72.168.161.94] has joined #linode |
19:55 | -!- | NomadJim__ is "Nomad" on #debian #linode |
19:55 | -!- | NomadJim_ [~Jim@2001:5b0:2d2a:b4e8:3073:c8:5b8c:7d96] has quit [Read error: Connection reset by peer] |
20:53 | -!- | waltman [nunya644@c-68-81-107-5.hsd1.pa.comcast.net] has quit [Quit: leaving] |
20:54 | <Cromulent> | hmm hopefully this won't get me kicked or banned because I'm rather fond of Linode as a customer and enjoy being in this IRC channel - anyway for a different project I was looking for dedicated servers rather than VPS' and found a company offering semi-decent servers from Dell so great I thought then I looked through the up time promise and they said 100% and I immediately went off them a little bit - am I right to be put off |
20:54 | <Cromulent> | by a company claiming 100% up time on dedicated servers? |
20:55 | <millisa> | 'or your money back!' |
20:55 | <Cromulent> | would Linode consider allowing nested virtualisation on their dedicated CPU instances? |
20:56 | <Cromulent> | that would solve the problem for me |
20:57 | <Cromulent> | I have no idea what host operating system Linode use but I'm pretty sure that most modern distros have a version of KVM and QEMU that supports it pretty well |
20:57 | <Cromulent> | I've tested it out using VMWare Workstation Pro 15.5 |
20:58 | <Cromulent> | and also same question for the memory optimised instances |
21:00 | <Cromulent> | I mean now Linode are starting to use EPYC on some hosts I'm pretty sure that nested virtualisation isn't the same performance hog it used to be years and years ago |
21:01 | <Cromulent> | although I have no numbers to back that up with |
21:01 | <Cromulent> | does anyone know more about this subject than me and can chime in? |
21:07 | -!- | waltman [nunya453@c-68-81-107-5.hsd1.pa.comcast.net] has joined #linode |
21:07 | -!- | waltman is "Walt Mankowski" on #linode |
21:08 | -!- | redentor [~red3ntor@189.202.73.173.cable.dyn.cableonline.com.mx] has quit [Remote host closed the connection] |
22:07 | -!- | thiras [~thiras@195.174.215.70] has joined #linode |
22:07 | -!- | thiras is "Ant" on #debian #linode #tami |
22:16 | <nate> | Haven't people been doing nested virtualization on the standard linodes for ages? |
22:17 | <Cromulent> | no idea |
22:17 | <Cromulent> | I just thought it would be a nice little bonus on the dedicated CPU instances |
22:17 | <Cromulent> | I seem to recall it wasn't possible on the old Xen hosts - never tried with KVM hosts |
22:30 | -!- | Bruke [~oftc-webi@96.76.233.54] has joined #linode |
22:30 | -!- | Bruke is "OFTC WebIRC Client" on #linode |
22:30 | <Bruke> | Is this a good place to ask for help? |
22:30 | <millisa> | !ask |
22:30 | <linbot> | If you have a question, feel free to just ask it -- someone's always willing to help. If you don't get a response right away, be patient! You may want to read http://alexfornuto.com/how-to-ask-for-help-on-irc/ |
22:32 | <Bruke> | I just installed a new linode, Debian 10. I can access it by SSH using PuTTY with no problem but I can't access it via FTP or SFTP. I have set a hostname, I have verified that VSFTPD service is running. I tried Ipswitch and Filezilla; both give me an authentication error. I tested my linode account password and the server's root password - neither works. |
22:33 | <Cromulent> | what about just using FTPS instead? |
22:33 | <Bruke> | I also verified that there's no firewall right now. |
22:33 | <millisa> | do the logs show anything on the server side when you attempt hte sftp connection? |
22:33 | <Cromulent> | you already have SSH working so FTPS is easy |
22:33 | <Cromulent> | oh ignore me |
22:33 | <millisa> | you've got 'em flipped |
22:33 | <Cromulent> | its too late and I didn't read properly - yeah I do |
22:34 | <Bruke> | @millisa - where would I find the logs? |
22:35 | <millisa> | /var/log usually. the auth.log might be a good start |
22:36 | <linbot> | New news from community: Webpage doesnt load <https://www.linode.com/community/questions/18928> |
22:43 | <Bruke> | I see a lot of this: sshd[568]: Unable to negotiate with 96.76.233.54 port 54489: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1, diffie-hellman-group1-sha1 [preauth] |
22:44 | <millisa> | is that all that is logged when you try to connect with the sftp client? |
22:45 | <Bruke> | @millisa - Filezilla says this: " Error: Authentication failed. Error: Critical error: Could not connect to server" |
22:46 | <millisa> | on the server. does that get logged on the server when you try to connect with filezilla. |
22:47 | <Bruke> | Going to check. Just also tried FTP with Ipswitch, got this error: " Purpose: compression cs Algo: none Purpose: compression sc Algo: none Failed SSH Key Exchange SSH Transport closed." |
22:48 | <Bruke> | Having a hard time copy/paste from putty - any tips? |
22:50 | <millisa> | drag with the left mouse button down. paste in notepad? |
22:51 | <Bruke> | Tried that, isn't working. |
22:52 | <Bruke> | I'm looking at the file with Vi, does that make a difference? |
22:53 | <millisa> | i have no idea. generally 'tail /var/log/whatever.log' is good enough. you don't need to edit the file... |
22:53 | <millisa> | tail -f /var/log/auth.log if you want to follow it live. |
22:53 | <Bruke> | I'm about to take a screenshot and post it to one of my other servers (I use ftp every day on them, no problems) |
22:53 | <millisa> | I just spun up a debian 10 instance. logged in as root with ssh. then tried filezilla via sftp. seemed to work fine. |
22:53 | <millisa> | ftp is not sftp |
22:54 | <millisa> | in filezilla, are you typing sftp://yourlinodesip in the 'Host:' box? |
22:54 | <Bruke> | Oct 7 02:45:09 mi-games sshd[845]: Invalid user brukenet from 96.76.233.54 port 54702 Oct 7 02:45:09 mi-games sshd[845]: pam_unix(sshd:auth): check pass; user unknown Oct 7 02:45:09 mi-games sshd[845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.76.233.54 Oct 7 02:45:11 mi-games sshd[845]: Failed password for invalid user brukenet from 96.76.233.54 port 54702 ssh2 Oct 7 02:45:13 mi-games sshd[845]: error: R |
22:54 | <millisa> | !paste |
22:54 | <linbot> | Please paste longer snippets over at https://bpaste.net/ and not in the channel |
22:54 | <Bruke> | As soon as I got out of Vi, I could copy/paste normal |
22:54 | <millisa> | those logs are saying 'brukenet' is an invalid user. are you trying to login with that username? |
22:55 | <Bruke> | https://bpaste.net/show/LeRw |
22:56 | <Bruke> | brukenet is the username that I use to login to linode; I also tried "root" both fail |
22:56 | <millisa> | line 4. it says it was a failed password for an invalid user. |
22:56 | <millisa> | your linode manager account isn't a shell account |
22:56 | <millisa> | if you want to create a shell account with that name, you can - but there's nothing that links them |
22:57 | <Bruke> | https://bpaste.net/show/PAR5 |
22:57 | <Bruke> | That's the error I get when I try "root" |
22:57 | <millisa> | That says you are using the wrong password. line 4. |
22:58 | <millisa> | you set the root password when you spun up the instance. it's the same one you use to ssh into the system. |
22:58 | <Bruke> | It's the same password that I use to log in via SSH.. is it possible the root user doesn't have ftp access?? |
22:58 | <millisa> | if you can ssh in, you can sftp. |
22:58 | <millisa> | (again, ftp is not sftp) |
22:58 | <Bruke> | That's what I expected... but it's not working. |
22:59 | <millisa> | that says you sent the wrong password. |
22:59 | <millisa> | if you are logged in as root, you can change the password for root with 'passwd' |
23:00 | <Bruke> | https://bpaste.net/show/_V3M |
23:00 | <millisa> | still says you sent the wrong password. |
23:00 | <Bruke> | What I don't understand is, if the password is wrong, how am I logging into SSH in the first place? The password can't be wrong or else my SSH login attempts would fail... |
23:01 | <Bruke> | It must be something else. I ran top and verified that the ftp process was running... is there a command to view authorized ftp users? |
23:01 | <millisa> | ftp is not sftp |
23:03 | <Woet> | stop using FTP. |
23:03 | <millisa> | for all I know your capslock is on. change your password at the shell prompt to something you know you aren't typoing and use that password in filezilla. |
23:03 | <millisa> | if the auth.log says Failed password then you typed the wrong password |
23:04 | <Bruke> | OK. I'm self-taught, clearly gaps in my understanding. My goal is to move files from my local machine to the server so my first thought is "ftp" and my understanding is that sftp is just a "secure" version of ftp... different port, but otherwise similar. Am I misunderstanding? |
23:04 | <Cromulent> | yes |
23:05 | <Bruke> | Is it that sftp isn't for moving files, or is the difference more subtle ? |
23:05 | <Cromulent> | FTPS (as I incorrectly said earlier) is FTP with SSL |
23:05 | <millisa> | its a different protocol entirely. |
23:05 | <Cromulent> | SFTP is FTP using SSH |
23:06 | <Bruke> | Ah. Is Filezilla the correct tool to use SFTP ? |
23:06 | <millisa> | It's a fine tool for either ftp or sftp |
23:07 | <millisa> | there's even a linode doc on using it: https://www.linode.com/docs/tools-reference/file-transfer/filezilla/ |
23:07 | <Bruke> | This is what I have been using in the "Host" section of Filezilla's quickconnect: sftp://172.105.7.167 |
23:07 | <millisa> | looks ok to me |
23:08 | <millisa> | (assuming that is your linode IP) |
23:08 | <nate> | Cromulent: Semantically speaking that's kind of right and wrong. SFTP literally is it's own protocol, it has nothing to do with the original FTP protocol (so it's not literally FTP protocol over SSH) |
23:08 | <Bruke> | That's the web page guide I've been following. I started by setting up a hostname, then started trying to connect via filezilla |
23:08 | <nate> | The right portion being that the FTP still technically stands for "File transfer protocol", just not the actual protocol :P |
23:09 | <millisa> | at that shell prompt, verify your IP is what you think it is. if you type: ip addr list |
23:09 | <millisa> | you should see your IP in the eth0 section. |
23:09 | <millisa> | (I'm pretty sure you've got it right - those log entries you posted show the failures coming from the same IP you logged into this chat with) |
23:10 | <Bruke> | ip addr list shows the same IP, so that's not it. |
23:11 | <Bruke> | I did see the "Unknown host key" alert pop up the first time I tried to connect; I clicked to always trust this host and said ok. I haven't seen that pop up since the first attempt at connection... is that relevant? |
23:11 | <millisa> | it's expected |
23:12 | <Cromulent> | nate: ah thank you for the correction :) |
23:12 | <Bruke> | possibly important - I did NOT follow all the steps in Securing the server guide... I added a limited user account and held off on the rest of the stuff like hardened SSH and authentication key-pair... was that a mistake? |
23:13 | <millisa> | you should do most of the steps, but if you haven't done them, it shouldn't be stopping your sftp session |
23:14 | <millisa> | unless you did something more to restrict it, that user account you created should be able to sftp too |
23:15 | <Bruke> | I saw something online about configuration for the ftp, and something about a prompt that looked like "ftp>" but I don't know how to access that ftp> prompt.. is that my error? |
23:15 | <millisa> | that's for ftp. which is not sftp. |
23:15 | <Bruke> | I did try to set up IP tables but I think I failed... could I have botched that? |
23:16 | <millisa> | you could have, but that's not what is happening. if you had blocked ssh, you wouldn't be able to ssh in or sftp in, and the log entry showing the failed password would not have showed |
23:16 | <linbot> | New news from community: Account Limit reached. Please open a support ticket. <https://www.linode.com/community/questions/18929> |
23:17 | <Bruke> | Can you take a look at this and tell me if it's messed up: https://bpaste.net/show/9K6V |
23:18 | <Bruke> | I got it from this guide: https://www.linode.com/docs/security/firewalls/control-network-traffic-with-iptables/ |
23:18 | <millisa> | it looks like a set of rules that allows ssh and some udp ports. |
23:19 | <Bruke> | Does it block sftp, or would that be ok because ssh is allowed? |
23:19 | <millisa> | sftp runs over ssh. |
23:19 | <millisa> | if you can ssh in, you can sftp in. |
23:20 | <millisa> | if you watch your auth.log with 'tail -f /var/log/auth.log' in the shell, and then try your filezilla client with root and with that user account you setup, you should see it showing the logs, live while you try to authenticate. |
23:21 | <millisa> | if it says failed password, then that is what it means... |
23:22 | <millisa> | if it says 'invalid user' on the failed password line when you try logging in with filezilla - that means you've got the username wrong |
23:22 | <Bruke> | I do see that... |
23:22 | <Bruke> | But how can the password work for ssh but not sftp ? |
23:24 | <millisa> | capslock. typing it wrong. pasting it wrong. you changed it since ssh'ing in. any of those things. something else. |
23:26 | <Bruke> | I'm reading something on StackExchange - https://unix.stackexchange.com/questions/209770/ssh-console-login-working-but-sftp-does-not-why |
23:26 | <Bruke> | Is the answer there relevant? |
23:26 | <millisa> | that person has fail2ban running and they said they have ssh on an alternate port. no. |
23:26 | <linbot> | New news from community: How to install Cpanel on my Linode hosting? <https://www.linode.com/community/questions/18930> |
23:27 | <millisa> | unless you are running fail2ban and/or running ssh on an alternate port |
23:27 | <Bruke> | Not that I'm aware of. |
23:27 | <Bruke> | Well, let's try to reset one of the passwords. What's the command for that? |
23:28 | <millisa> | do you see your limited user account on the system? grep thatusername /etc/passwd <--- does that show you a line with the username:x:uid:gid::/home/username:/bin/sh-or-someshell ? |
23:28 | <millisa> | passwd is the command to reset passwords. as root you can reset a user's password with 'passwd username' |
23:29 | <Bruke> | steam:x:1000:1000:,,,:/home/steam:/bin/bash |
23:30 | <millisa> | so you created a user named 'steam'. are you trying to login with filezilla with the username 'steam' and the passwd you set for that user? |
23:31 | <Bruke> | Among the other login attempts, yes, I've tried that one four or five times, checking every time after the first time that capslock was definitely off (and one time I tried it with caps lock on, just in case). |
23:31 | <millisa> | change the passwd with 'passwd steam', then start tailing your auth.log with 'tail -f /var/log/auth.log' then try your filezilla connection with username steam and the password you just set. |
23:34 | <Bruke> | I set up the new password to not have an exclamation point in it, just all letters and numbers this time. Not sure if that mattered but this time I was able to connect. Are symbols bad for passwords? |
23:34 | <millisa> | not usually. |
23:34 | <millisa> | encouraged even |
23:35 | <millisa> | at least you see sftp working. so that's good. |
23:35 | <millisa> | do you see how it looks in the auth.log on the successful connection? |
23:35 | <Bruke> | Yes. |
23:36 | <Bruke> | I am still doubtful that I was typing BOTH root and steam passwords incorrectly... but it's either that or a real unsolved mystery. |
23:36 | <Bruke> | Thank you for all your patience and help. You have been excellent to me and I am grateful. |
23:37 | <millisa> | could be a bug in filezilla for all I know. |
23:37 | <Bruke> | I'm tempted to change the password again, to include a ! and test it.. but not today. |
23:39 | <millisa> | The only other thought i had - if you did the steps at https://www.linode.com/docs/security/securing-your-server/#ssh-daemon-options |
23:39 | <millisa> | that would disallow future ssh root logins (and in turn sftp for root) |
23:40 | <Bruke> | I definitely didn't do that. |
23:57 | <linbot> | New news from community: Get my account approved ?!? <https://www.linode.com/community/questions/18931> |
--- | Log | closed Mon Oct 07 00:00:46 2019 |