IRC chat logs for #ltsp on irc.freenode.net (webchat)


Channel log from 8 June 2008   (all times are UTC)

00:08otavio has quit IRC
02:26alkisg has joined #ltsp
02:29
<alkisg>
Hi, for some reason (laptop = roaming server) my ltsp server doesn't have a static IP. To avoid "This workstation isn't authorized to connect to server", can I just put "StrictHostKeyChecking no" to /etc/ssh/ssh_config in the chroot? Is that enough?
02:32
<johnny>
maybe you want to use nfs instead of nbd for that one?
02:33
<alkisg>
Hmmm, never used nfs, would it help?
02:33
<johnny>
then you can just run ltsp-update-sshkeys
02:33
they might be a bit slower..
02:33
or so it seemed to me, when i switched back for devel stuff a lil while ago
02:33
<alkisg>
Oh, I see. Aren't there any other config files that keep my server IP that I should change?
02:34
<johnny>
uhmm.. perhaps..
02:34
but probably no big deal
02:35
<alkisg>
I tried the ssh_config thing and it work, but I've just tried on my local network, I don't know if it would break if I changed to another network or something
02:36
Do ssh keys depend on the server IP?
02:36
<johnny>
yes
02:36
thus why ltsp-update-sshkeys exist..
02:37
<alkisg>
And is StrictHotKeyChecking no enough to override this? I wonder why ltsp-update-sshkeys exists then!! :)
02:37
<johnny>
because you shouldn't ever set that
02:37
there's a reason why it is default on
02:37
<alkisg>
Hmm... security again! No big deal in a small school lab! :)
02:37
<johnny>
ltsp as a project tries not to make you have to modify any of the services you need in such an adverse situation
02:38
alkisg, our small coffeeshop had somebody remotely install an irc bot
02:38
<alkisg>
Well, changing a text file seems easier to me than changing to NFS!!!
02:38
<johnny>
so.. anybody can be hit
02:38
you could just rebuild the image every time if you don't wanna change to nfs
02:39
<alkisg>
Yeah, but it would require someone coming inside my lab, I'd see him... and he would just have guest access to the server, not root access, right?
02:39
<johnny>
when i am testing things with ltsp devel, i always use nfs, changes always apply
02:40
<alkisg>
(Assuming he had already hacked into an ltsp client, logged in as root to the client etc)
02:40
<johnny>
sure.. but they can install plenty of things with user privileges
02:40
at least you can seethem as you said
02:40
the issue is with somebody else logging in remotely
02:41
thatyou can't see..
02:41
<alkisg>
Now that I think of it, he would (1) have to crack the chroot root password, and (2) have to crack into a user account... I don't think it would be easy for him!
02:41
<johnny>
rooting your box isn't hte problem
02:41
i doubt that would happen
02:41
<alkisg>
I'm behind a NAT with no port forwarding, I would like to see that! :)
02:41
<johnny>
it's about them being able to connect to your box as regular users and still do nasty botnetty things
02:41
well.. i still advise against it..
02:41
but whatever
02:42
it mightwork
02:42
<alkisg>
Thanks for the warning, I appreciate it.
02:42
<johnny>
i am not guaranteeing that it will , since i've never tried it
02:43
<alkisg>
johnny, what about NFS/NBD speed differences? Are they vital?
02:43
Or something like 10% difference in booting?
02:44
<johnny>
i have no hard data, you'll have to judge for yourself, it could have been dependant on my env
02:44
<alkisg>
Thanks, I'll try it.
02:44
<johnny>
there are instructions on the ubuntu wiki
02:44
the wikipage has an odd name tho
02:44
<alkisg>
OK, I've seen them...
02:45
I tried NAT with vbox, everything OK except for sound
02:45
<johnny>
https://help.ubuntu.com/community/UbuntuLTSP/LTSPWithoutNFS
02:45
yes.. the name is opposite of what one section is :)
02:45
<alkisg>
I think pulseaudio doesn't work over nat
02:46
<johnny>
there's prolly a way around that, but i don't know of it myself
02:46
<alkisg>
I don't mind, it's just for testing purposes, so that I don't have to make a bridge in my laptop to test ltsp
02:46
<johnny>
they are near the bottom
02:47
<alkisg>
I already used multiple IPs, bridges etc, now I try to keep it simple! :)
02:47
Thanks!
02:51
Hmm... man ssh_config says that StrictHostKeyChecking is there to protect the *client*, not the server... So if I disable it, I don't risk any attacks, only that if the ltsp users hack into the boxes as root, they'll be able to connect to another server without needing to answer "yes" to the prompt! It doesn't sound like a security hole to me... ???
02:52
<johnny>
did you try it?
02:52
does it even work?
02:52
<alkisg>
Yes, it worked as far as I can see
02:52
<johnny>
i have never seen it recommended in this channel ever before
02:52
there must be a good reason for that
02:53
<alkisg>
Maybe no one is crazy enough to use his laptop as an ltsp server! :)
02:53
OK, thank you Johnny
02:53
<johnny>
sure.. but that authorized message is a well known error
02:53
sounds like servers move more often than you think :)
02:53
<alkisg>
I'll try to ask ogra and vagrantc when they're around
03:08klausade has quit IRC
03:13wwx has quit IRC
03:23klausade has joined #ltsp
03:44
<alkisg>
johnny, I found a more correct way, I ´╗┐just need to add all my possible server IPs to /etc/ltsp/ssh_known_hosts.* before ltsp-update-sshkeys. So I just do this for 5-10 different IPs and I'm ok.
03:44
<johnny>
aha..
03:44
nice
03:48wwx has joined #ltsp
04:14alkisg has quit IRC
04:15alkisg has joined #ltsp
04:23Q-FUNK has joined #ltsp
04:53popey has joined #ltsp
05:35
<stgraber>
ogra: around ?
05:38
ogra: I have ica working correctly when installed in the chroot (and have updated my launcher script for italc) but of course the username shown in italc is "root" for all users. Do you know if we have an env variable I can use in my ldm rc script to get the real username ?
05:42DonSilver has joined #ltsp
05:46
<ogra>
stgraber, you could do something like: NAME=$(ssh -S ${LDM_SOCKET} ${LDM_SERVER} env|grep USERNAME|cut -d'=' -f2) in a ldm rc script
05:52
<stgraber>
erk, looks like he no longer uses $USER to get the username but getpwnam and getpwuid
05:52
so he can access the gecos from the passwd file ...
05:53indradg_ has quit IRC
05:54
<stgraber>
I'll just send the username in place of the hostname when it's running on a thin client (as the hostname is the the same for all clients ...) because I don't think adding fake records in /etc/passwd is really an option
05:54
oh, I just saw a buggy part of his code I could use :)
05:55
if I also set the uid to a non-existing value it'll just take the username and send it instead of looking at the passwd
05:56alexis_ has joined #ltsp
05:58
<stgraber>
erk, would have been too easy :) he's using the process' uid not $UID so that won't work
06:02indradg has joined #ltsp
06:11alkisg has quit IRC
06:20dean_za has joined #ltsp
06:20
<dean_za>
hi all
06:21
I ma trying to enable nbd_swap but it does not seem to be working
06:21
I have NBD_SWAp = Y in /var/lib/tftboot/ltsp/i386/lts.conf
06:21
but it doesnt seem to be doing anything
06:21
this is a clean 8.04 install
06:22
I am also specifying screen_02=shell and screen_07=ldm , but I dont get anything on ALT+F2
06:23
so many things are way cooler in 8.04
06:23
it automagicaly found my 2 canon 3460 printers on the network _ WOW
06:24
I have enabled root login and I can access ALT+F1 and login and see there is no swap , How do I check why its not working ?
06:25
Is it the middle of the night ?
06:49dean_za has quit IRC
07:10alexis_ is now known as bender
07:10bender is now known as alexis_
07:11alkisg has joined #ltsp
07:15
<alexis_>
nobody?
07:19
everybody is sleeping?
07:19
:)
07:27nantes_geek has joined #ltsp
07:34
<stgraber>
ogra: we'd really need to export a LDM_USERNAME and an IP variable, would help a lot and avoid me parsing files/commands output
07:34DonSilver has quit IRC
07:34
<stgraber>
(currently building one more iTalc with the final changes for LTSP support)
07:42K_O-Gnom has joined #ltsp
07:48alexis_ has quit IRC
07:54
<alkisg>
stgraber, will you upload the beta somewhere?
07:56
<stgraber>
yes, I'm currently working with a pre-release of iTalc, I'll upload the new package to my PPA as soon as 1.0.9 is officially out
07:58
<alkisg>
thanks
07:58nantes_geek has quit IRC
07:58
<alkisg>
(if you're looking for testers, I'm here! :))
08:30F-GT has quit IRC
08:53MacIver has quit IRC
08:58pilipo has joined #ltsp
09:19joebaker has joined #ltsp
09:28dean_za has joined #ltsp
09:29
<dean_za>
Hi
09:30
I was logged in earlier and asked a few questions , how can I check the logs to see if anyone responded ?
09:30
im on a different pc
09:32beakburke has joined #ltsp
09:38
<stgraber>
dean_za: nobody did
09:41Q-FUNK has quit IRC
10:06Subhodip has joined #ltsp
10:18Rucal has joined #LTSP
10:21Subhodip has quit IRC
10:22alekibango has quit IRC
10:22alekibango has joined #ltsp
10:24artista-frustrad has quit IRC
10:25artista-frustrad has joined #ltsp
10:40alexfire has joined #ltsp
10:43alkisg has quit IRC
10:46Rucal has left #LTSP
10:48alkisg has joined #ltsp
10:56MacIver has joined #ltsp
11:09alexfire has quit IRC
11:33vmlintu has quit IRC
11:34MacIver has quit IRC
11:35alkisg has quit IRC
11:45indradg_ has joined #ltsp
11:52F-GT has joined #ltsp
12:03indradg has quit IRC
12:26nadavkav has joined #ltsp
12:29nadavkav has quit IRC
12:29joebake1 has joined #ltsp
12:30
<joebake1>
I am still experiencing problems with TFTPd on hardy herron.
12:47
It seems that the thin client is not pingable once it acquires a dhcp address.
12:48
This may be why tftp loading of the kernel is not progressing. This is odd.
12:48
<laga>
i wonder if the tftp stack actually implements icmp
12:48
<joebake1>
The TC is still in it' s PXE boot mode.
12:49
It just sits there unable to load the tftp connetion. Wireshark shows the client is requesting the file (properly I think).
12:49
But then there is an ICMP error
12:49
not pingable.
12:50
I'll check if the tftp daemon has an option to not require pinging the client.
12:54
No such option.
12:55
I'll look for bug reports on the tftpd-hpa package.
13:07|Ryan52 has quit IRC
13:11
<joebake1>
I switched from tftpd-hpa to atftpd and I am getting much farther along.
13:12
Now the boot splash screen comes up for Kubuntu and it hangs at a BusyBox 11.1.3 (Debian 1:1.1.3-5ubuntu12) built-in shell (ash)
13:13
I am thinking that I need to blow away the old LTSP 5 installation and re-install ltsp-server-standalone from scratch on this Edubuntu server.
13:26|Ryan52 has joined #ltsp
13:35Pascal_1 has joined #ltsp
13:36Pascal_1 has left #ltsp
13:39indradg_ has quit IRC
13:55alkisg has joined #ltsp
13:58topslakr has quit IRC
14:29K_O-Gnom has quit IRC
14:30K_O-Gnom has joined #ltsp
14:32alexfire has joined #ltsp
14:33alexfire is now known as alexis_
14:40pikpak has joined #ltsp
14:42pikpak has quit IRC
14:43joebaker has quit IRC
14:58beakburke has quit IRC
15:00Egyptian[Home] has quit IRC
15:00Egyptian[Home] has joined #ltsp
15:25K_O-Gnom has quit IRC
15:31alkisg has quit IRC
15:42alexis_ is now known as alexfire
16:12pilipo has quit IRC
16:35klausade_ has joined #ltsp
16:48dean_za has quit IRC
16:49klausade has quit IRC
16:50Egyptian[Home1 has joined #ltsp
17:03japerry has quit IRC
17:03MacIver has joined #ltsp
17:05Q-FUNK has joined #ltsp
17:08Egyptian[Home] has quit IRC
17:33joebaker has joined #ltsp
17:36Q-FUNK has quit IRC
18:16savetheWorld has joined #ltsp
18:16alexfire has quit IRC
18:33alekibango has quit IRC
18:33alekibango has joined #ltsp
19:06J45p3r has joined #ltsp
19:37otavio has joined #ltsp
19:58otavio has quit IRC
20:01MacIver has quit IRC
20:16MacIver has joined #ltsp
20:16joebaker has quit IRC
20:38alekibango has quit IRC
20:39alekibango has joined #ltsp
20:43savetheWorld has left #ltsp
20:50Egyptian[Home1 has quit IRC
21:56topslakr has joined #ltsp
22:00J45p3r has quit IRC
22:05Ryan52 has joined #ltsp
22:06|Ryan52 has quit IRC
22:06Ryan52 is now known as |Ryan52
22:11Rucal has joined #LTSP
22:13twinprism has quit IRC
22:13gonzaloaf has quit IRC
22:17mistik1 has quit IRC
22:19topslakr has quit IRC
22:20gonzaloaf has joined #ltsp
22:20twinprism has joined #ltsp
22:21mistik1 has joined #ltsp
22:56Rucal has quit IRC
22:57alekibango has quit IRC
22:59alekibango has joined #ltsp
23:02alekibango has quit IRC
23:02alekibango has joined #ltsp
23:07spectra has quit IRC
23:09twinprism has quit IRC
23:09gonzaloaf has quit IRC
23:11gonzaloaf has joined #ltsp
23:11twinprism has joined #ltsp
23:17twinprism has quit IRC
23:17gonzaloaf has quit IRC
23:26gonzaloaf has joined #ltsp
23:26twinprism has joined #ltsp
23:34twinprism has quit IRC
23:34gonzaloaf has quit IRC
23:35Rucal has joined #LTSP
23:43gonzaloaf has joined #ltsp
23:43twinprism has joined #ltsp
23:48twinprism has quit IRC
23:48gonzaloaf has quit IRC
23:57gonzaloaf has joined #ltsp
23:57twinprism has joined #ltsp
23:57elisboa has quit IRC