IRC chat logs for #ltsp on irc.freenode.net (webchat)


Channel log from 12 March 2013   (all times are UTC)

00:14vagrantc has left IRC (vagrantc!~vagrant@freegeek/vagrantc, Quit: leaving)
00:30andygraybeal_ has left IRC (andygraybeal_!~andy@h175.205.130.174.dynamic.ip.windstream.net, Quit: Ex-Chat)
00:31andygraybeal_ has joined IRC (andygraybeal_!~andy@h175.205.130.174.dynamic.ip.windstream.net)
00:33Phantomas has joined IRC (Phantomas!~Phantomas@ubuntu/member/phantomas)
00:36
<jammcq>
sbalneav: ping
00:50Parker955_Away is now known as Parker955
00:51
<Enslaver>
back from vacation =)
00:51
Who missed me?
00:51
I know I know, calm down everyone =)
00:53
The drive on my server started failing right before i left, had to do some emergency remote fixing during the trip to save everything, only lost some of the later stuff i hadn't pushed yet, gonnna re-write tonight
01:02
<jammcq>
no raid ?
01:03
<sbalneav>
Enslaver: wb
01:10
<Enslaver>
i had a raid 0 for my primary, i originally designed the server to be a file storage server.
01:10
now i have it in a raid 5
01:13muppis has left IRC (muppis!muppis@viuhka.fi, Ping timeout: 276 seconds)
01:14muppis has joined IRC (muppis!muppis@viuhka.fi)
01:14Enslaver has left IRC (Enslaver!~Enslaver@c-98-196-42-169.hsd1.tx.comcast.net, Quit: Enslaver)
01:14Enslaver_ has joined IRC (Enslaver_!~Enslaver@c-98-196-42-169.hsd1.tx.comcast.net)
01:15Enslaver has joined IRC (Enslaver!~Enslaver@c-98-196-42-169.hsd1.tx.comcast.net)
01:28Phantomas has left IRC (Phantomas!~Phantomas@ubuntu/member/phantomas, Ping timeout: 260 seconds)
01:49Enslaver has left IRC (Enslaver!~Enslaver@c-98-196-42-169.hsd1.tx.comcast.net, Ping timeout: 251 seconds)
02:04hateIE10 has left IRC (hateIE10!~hateIE@host86-189-10-11.range86-189.btcentralplus.com, Ping timeout: 252 seconds)
03:32vagrantc has joined IRC (vagrantc!~vagrant@c-98-232-129-196.hsd1.or.comcast.net)
03:32vagrantc has joined IRC (vagrantc!~vagrant@freegeek/vagrantc)
03:46
<vagrantc>
sbalneav: how goes?
04:04staffencasa has left IRC (staffencasa!~staffenca@8-220.ptpg.oregonstate.edu, Ping timeout: 255 seconds)
04:07
<vagrantc>
!seen sbalneav
04:07
<ltsp>
sbalneav was last seen in #ltsp 3 hours, 3 minutes, and 56 seconds ago: <sbalneav> Enslaver: wb
04:16alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
04:17* vagrantc waves to alkisg
04:18
<alkisg>
Hi vagrantc, hi all
04:18
How goes the hackfest?
04:18* alkisg checks the logs...
04:19
<vagrantc>
libssh seems to have some ugly limitations...
04:19
<alkisg>
Ah, like what?
04:19
<vagrantc>
but sbalneav did manage to get lightdm starting a remote session
04:19
alkisg: http://bugs.debian.org/src:libssh
04:19
alkisg: two of those are practically show-stoppers
04:19
<alkisg>
Ah libssh, not pamssh, got it
04:20
<vagrantc>
#693811 [n| | ] [libssh-4] libssh-4: parsing of known_hosts file fails for entries with a comment field
04:20
<alkisg>
Well, we can work around them from init-ltsp.d, can't we?
04:20
<vagrantc>
#693815 [n| | ] [libssh-4] libssh-4: does not support system-wide known_hosts file
04:20
<alkisg>
I.e. remove the comment and copy it around
04:21
<vagrantc>
another option might be to rewrite libpam-sshauth to use libssh2 ...
04:22
alkisg: yes, we can do workarounds, and probably symlinking /root/.ssh/known_hosts to /etc/ssh/ssh_known_hosts to ... but it seems ugly.
04:22
<alkisg>
True, if libssh2 doesn't have those problems and is available in other distros, yeah why not let's switch to it
04:22* vagrantc managed to get centos installed, hoping to test enslaver's work
04:23
<vagrantc>
alkisg: who knows if libssh2 has limitations that could block progress too ...
04:23
<alkisg>
Btw me and Phantomas made good progress with ltspd, I'm writing a good client today for all the boot phases and we'll be able to demo it
04:23
<vagrantc>
nice!
04:24
<alkisg>
Busybox in initramfs in Ubuntu is a bit silly, its code supports wget --post-data, but it doesn't support long options, and there's no short option for --post-data... so we'll have to support GET requests too
04:24
Minor drawbacks, nothing serious
04:28
vagrantc: configparser doesn't like multiple LIKE keys, so I was thinking that we would replace them with LIKE=section1,section2,section3. Since we're changing its syntax anyway, does INCLUDE sound better than LIKE?
04:29
<vagrantc>
hmmm...
04:31
<alkisg>
And I'd suggest we don't implement it recursively but only 1 level deep. Right now its recursion and method of overriding keys is buggy...
04:37
<sbalneav>
phew
04:37
<alkisg>
Also, /etc/ltsp/config.d/00-config-files is a good place for configuration files, isn't it? Or we don't want numbers there?
04:37
<sbalneav>
rewrote libpam-sshauth in 8 hours to use libssh2
04:37
<alkisg>
Ah and finally, we'd need a new ltsp6 tree
04:37
Yey! No blocker bugs there?
04:38
<vagrantc>
sbalneav: putting the fest into hackfest!
04:38
<sbalneav>
can anyone think of a reason why, for a pam module doing ssh authentication, we'd want public key authentication?
04:38
<alkisg>
usb sticks?
04:38
<vagrantc>
sbalneav: i use public keys all the time
04:38
sbalneav: i.e. for passwordless autologin accounts
04:39
sbalneav: in an LTSP context, that is.
04:39
sbalneav: or maybe i'm not understanding you exactly?
04:40
<sbalneav>
OK, well, hm.
04:41
I assume the account exists already within the chroot?
04:41
see commits 81 and 82.
04:41
in libpam-sshauth.
04:42
I don't have public-key authentication going yet. I'll add that later.
04:42
<vagrantc>
sbalneav: yeah, don't make that a blocker for other work
04:42
<sbalneav>
but tomorrow I want to finish off the basics of a "bare bones booting thin client"
04:42
<vagrantc>
i mean, i'll need it eventually :)
04:43
<sbalneav>
yeah, no problem, I'm just trying to guage what I want to have done by the end of the week.
04:43
but I've been hacking since 8:30 AM local, and it's now 11:43 local and I'm blasted.
04:44
So, I'll pick it up tomorrow AM.
04:44
<vagrantc>
sbalneav: looks like you removed more code than you added :)
04:44
<sbalneav>
Well, we don't have pubkey in there yet. That'll be another 50 lines or so.
04:46
If someone wants to work on something in the short term (vagrantc: hint hint) a nice wheezy package of rev 82 somewere downloadable would be awesome.
04:46* vagrantc congradulates sbalneav on a good day's work
04:46
<alkisg>
+1, I was just going to mention that package :D
04:47
<vagrantc>
sbalneav: ok, will see if i can get that done before bed...
04:47
<sbalneav>
anyway, heading to bed before my eyes cross.
04:47
see you all in the am localtime.
04:47
<alkisg>
gn
05:01
<vagrantc>
hrm. build failures with the new libpam-sshauth :(
05:06alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Quit: Leaving.)
05:19Enslaver has joined IRC (Enslaver!~Enslaver@c-98-196-42-169.hsd1.tx.comcast.net)
05:33cyberorg has left IRC (cyberorg!~cyberorg@opensuse/member/Cyberorg, Ping timeout: 248 seconds)
05:33rickogden has left IRC (rickogden!~Rick@host.hifirevolution.com, Ping timeout: 264 seconds)
05:34cyberorg has joined IRC (cyberorg!~cyberorg@opensuse/member/Cyberorg)
05:38rickogden has joined IRC (rickogden!~Rick@host.hifirevolution.com)
05:45vmlintu has joined IRC (vmlintu!~vmlintu@nblzone-240-143.nblnetworks.fi)
06:13
<vagrantc>
sbalneav: http://cascadia.debian.net/~vagrant/debian/pool/main/libp/libpam-sshauth/
06:14
sbalneav: a.k.a. deb http://cascadia.debian.net/~vagrant/debian UNRELEASED main
06:14
sbalneav: i had to disable hardening flags to get it to build :(
06:15
could have probably been more selective in which to disable, but i'm getting tired, and figured we can fix that someday.
06:25work_alkisg is now known as alkisg
06:29
<alkisg>
vagrantc: so I could just install this one in my ubuntu box? http://cascadia.debian.net/~vagrant/debian/pool/main/libp/libpam-sshauth/libpam-sshauth_0.3~20130311-1_i386.deb
06:30
Ah, or better yet, in my wheezy thin chroot...
06:46
<vagrantc>
alkisg: i haven't even tested if it will install in wheezy ... i built on sid, so it might have some arbitrary versioned dependency
06:46
<alkisg>
Ah... vagrantc are you also testing pamssh with a sid chroot?
06:47* vagrantc just built on sid
06:47
<alkisg>
vagrantc: will you be around somewhat, for the rest of the hackathon? I know you're busy, but will you be completely away/
06:47
?
06:47
<vagrantc>
i'll test on wheezy, or maybe rebuild on wheezy, to avoid potential confusion.
06:48
alkisg: i'll be semi-around till the 14th
06:48
<alkisg>
Nice
06:53
<vagrantc>
alkisg: installs fine in a wheezy environment
06:53
alkisg: no idea if it works
06:54
<alkisg>
I'll try to get the ltspd client side thing going today, and I'll then try to get a chroot connecting with lightdm tomorrow
06:54
So I'll be able to report then if it works or not...
06:56
<vagrantc>
nice.
06:57
well, see y'all later.
06:57* vagrantc waves
06:57vagrantc has left IRC (vagrantc!~vagrant@freegeek/vagrantc, Quit: leaving)
07:47ajith has joined IRC (ajith!b7522f02@gateway/web/freenode/ip.183.82.47.2)
07:49
<ajith>
Hello I am unable to get screen while booting thin clients in ltsp .I am able to see the login page while i was booting my clients from Intel integrated graphics .But this is not working with other systems Please unable to understand the problem .May the issue seems to be graphics
07:50
But going thru many sites i found that lts.conf need to make changes but i dont have anything to amek changes in lts.conf so, please
07:51
while i was looking at client it's resoulution is very high .How to find solution for this please help me out
07:52
is any one can help me out in this
07:54
<alkisg>
!screen_02
07:54
<ltsp>
screen_02: To get a root shell on an Ubuntu thin client: https://help.ubuntu.com/community/UbuntuLTSP/ClientTroubleshooting#Using_a_shell_SCREEN
07:54
<alkisg>
Get a local shell to better troubleshoot the problem
07:55
<ajith>
okay i will try this
07:59sbalneav has left IRC (sbalneav!~sbalneav@mail.legalaid.mb.ca, Ping timeout: 256 seconds)
07:59sbalneav has joined IRC (sbalneav!~sbalneav@mail.legalaid.mb.ca)
08:01
<ajith>
do i need to restart
08:01
any service here
08:17ajith_ has joined IRC (ajith_!b7522f02@gateway/web/freenode/ip.183.82.47.2)
08:17
<ajith_>
HI
08:18
as said i have made changes in lts.conf....do i need to update the image to make it effect
08:19
I am aunble to conneect to my login page when I am trying to boot from other than intel boards
08:19
do this ltsp needs any specific configuration
08:20
do this ltsp needs any specific configuration ing solution
08:32Gremble has joined IRC (Gremble!~Ben@92.236.91.208)
08:34khildin has joined IRC (khildin!~khildin@ip-80-236-227-135.dsl.scarlet.be)
08:45ajith has left IRC (ajith!b7522f02@gateway/web/freenode/ip.183.82.47.2, Quit: Page closed)
08:53dobber_ has joined IRC (dobber_!~dobber@89.190.199.210)
09:03gvy has left IRC (gvy!~mike@altlinux/developer/mike, Read error: Operation timed out)
09:04gvy has joined IRC (gvy!~mike@altlinux/developer/mike)
09:11F-GT has joined IRC (F-GT!~phantom@ppp59-167-136-109.static.internode.on.net)
09:25
<vmlintu>
alkisg: where can I find ltspd?
09:25
<alkisg>
vmlintu: not yet, wait a couple of days for it
09:34
<ajith_>
how to change display setting s for all pc's as they are unable to boot
09:35
Please help mje out
09:45adrianorg_ has joined IRC (adrianorg_!~adrianorg@187.113.218.128)
09:45adrianorg__ has left IRC (adrianorg__!~adrianorg@177.156.224.247, Read error: Connection reset by peer)
09:47adrianorg__ has joined IRC (adrianorg__!~adrianorg@177.156.56.188)
09:50adrianorg_ has left IRC (adrianorg_!~adrianorg@187.113.218.128, Ping timeout: 272 seconds)
09:58
<ajith_>
can you please help I am, facing some resolution problem with ltsp
10:01adrianorg__ has left IRC (adrianorg__!~adrianorg@177.156.56.188, Ping timeout: 245 seconds)
10:02
<Hyperbyte>
ajith_, you need to provide more information.
10:02
<ajith_>
I am haviing different pcs
10:02
<Hyperbyte>
Define "unable to boot". What happens exactly? Any error messages?
10:04
<ajith_>
I have different pcs and clients are unble to login.. though if they login they are facing problem with resolution ...could not see the desktop
10:04
it seems problem with high end graphics
10:05
I need help from your side that how can i change resolutionon server side by that this problem will be resolved
10:06
apprantly getting image and every thing but at times balank screen
10:06
please help me out in this
10:09
please dude help me in this
10:10
what is xandr
10:11
<Hyperbyte>
ajith_, stop begging for help. It's pathetic. I'm at work. When I have time, I'll help.
10:12
Again - provide more information. "unable to login" => what happens exactly?
10:12
As for setting resolution, see the XRANDR_* options in lts.conf
10:12
!lts.conf
10:12
<ltsp>
lts.conf: http://manpages.ubuntu.com/lts.conf
10:13
<ajith_>
dude okay i too understand after surfing net for hours and days I am Unable to find solution
10:14
begging for solution ....this just a blog wher e we can post and wait for solution ..this dies not mean that I am waiting onnly one to answer okay
10:14
<Hyperbyte>
11:06 <ajith_> please help me out in this
10:14
11:09 <ajith_> please dude help me in this
10:15
= begging
10:16bakytn has joined IRC (bakytn!~ba@158.181.144.48)
10:17
<ajith_>
Mr.Hyper...just keep quite if you know the answer
10:17
I may have to use language which i know ..will you please shut ur mouth
10:19
okay sorry
10:20
<Hyperbyte>
ajith_, sure. One final piece of advice: people here are volunteers, trying to support LTSP as best they can in their spare time. You don't pay our salaries and generally speaking, you can't get away with being rude. :-) But sure, if you think it'll help, I'll shut my mouth. Good luck getting help from someone else. :-)
10:21
<ajith_>
okay i too agree with you dude but begging for answer hurts any individual
10:21
<FrozenZia>
ajith_: a word of advice from an innocent bystander: being angry is not the way to get help here. Hyperbyte's POINT is that we UNDERSTAND you need help, and your constantly repeating things like "dude please help" is just making more "noise" in the channel and NOT helping.
10:22
<ajith_>
okay sorry for that and also I was immensly involved in ti
10:22
<FrozenZia>
Unfortunately I can't help you b/c my own ltsp-experience is still so nonexistant
10:22
<ajith_>
so the reeson why I am asking
10:23
I can help in every aspect of ltsp cluster
10:23
okay let us not use this for quarelling this chat box would get filled up wth our chat..okay just i want a solution
10:24
<Hyperbyte>
ajith_, it's okay to be frustrated and it's okay to ask questions. You need to relax a little bit though. What I said to you earlier, about the XRANDR_* options in lts.conf - those WILL solve your display problems. Take a walk, get some fresh air, and then look at the manual and at those options. If you don't understand the options after reading the manual, feel free to ask for help again.
10:24
Does that sound like a plan? :-)
10:24
!lts.conf
10:24
<ltsp>
lts.conf: http://manpages.ubuntu.com/lts.conf
10:37
<bakytn>
hello! Are there any instructions on how to build LTSP from sources? What I want is..to customize the login screen to be able to see login and password on the same screen. Or can I use other Login manager like GDM,KDM etc?
10:43
<Hyperbyte>
bakytn, hi! What you want to modify is the LTSP login manager (ldm). It's written in C. If you modify and recompile it, and then replace it in your chroot you should be able to accomplish this. Not sure how much work it'll be though, probably a lot.
10:44
Plans for LTSP6 are to replace LTSP's custom login manager with another one, like lightdm. That would help in making the amount of code that needs to be maintained smaller. Not sure when LTSP6 is coming around though, right now it's in early stages.
10:49
<bakytn>
Hyperbyte, Hey! I remember you! you helped a lot last year when I was dying with one project. It makes sense...but is there anyone here who can help with source codes if I will decide to dig into it?
10:49
um...I guess it's better to into mailing list probably
10:50
<Hyperbyte>
You're the person from Kyrgystan right? :)
10:50
<bakytn>
Hyperbyte, yeaaaaaaah )))
10:50
how about LTSP clustering..is there any up to date information about it?
10:51
Hyperbyte, I have closed that project successfully btw, but without LTSP. Right now I am doing something with LTSP so here I am :)
10:51
<Hyperbyte>
Without LTSP. :(
10:52
Hacking LDM would be better suited for mailing lists, but honestly, unless you're an experienced C coder, I wouldn't dive into it.
10:53
<bakytn>
Hyperbyte, yeah the problems came from PRINTERS. I can't express enough how I struggled with printers lol. What I did d'oh..so it's just a simple Windows Terminal SErvices system. They are happy and I am happy to (to close the project)
10:53
<Hyperbyte>
LTSP Cluster is a completely seperate project. I haven't used it, so don't know anything about it really.
10:54
<bakytn>
Hyperbyte, I have some C skills but I know that would be really not easy. But I can't see that login screen anymore
10:54
Hyperbyte, it seems LTSP Cluster is dead... no new information on the net..or they just closed now
10:55
<Hyperbyte>
Or, it is just "finished" :)
10:55
I believe LTSP-cluster was a one time thing, that was coded and released to the public. I don't think it's supposed to be actively maintained project, but as I said - I don't know anything about it really. :)
10:57
<bakytn>
Hyperbyte, ok :)
10:57
Hyperbyte, I am mostly on fat clients so thankfully I dn't have to mess with ltsp clusters for now
10:58
<Hyperbyte>
Out of curiousity - what problems did you have with the printers that caused the other project to use Windows? (read: fail ;-))
10:58
And what printers were they?
11:03bakyt has joined IRC (bakyt!~ba@158.181.136.98)
11:03
<bakyt>
Hyperbyte, Win printers and CANON
11:04
<ajith_>
lts_parameters.txt what is this Mr.Hyper
11:05
<bakyt>
Hyperbyte, well it wasn't a fail. At that particular task LTSP wasn't the best option so it's all fine.
11:05
<ajith_>
what is default location for this
11:07bakytn has left IRC (bakytn!~ba@158.181.144.48, Ping timeout: 245 seconds)
11:11
<bakyt>
test
11:17bakyt has left IRC (bakyt!~ba@158.181.136.98, Quit: Leaving)
11:19
<Hyperbyte>
ajith_, no idea
11:21
<ajith_>
okay
11:21Gremble has left IRC (Gremble!~Ben@92.236.91.208, Quit: I Leave)
11:28alkisg is now known as work_alkisg
11:34bwdbbwd has joined IRC (bwdbbwd!~iamparado@c-71-206-132-62.hsd1.va.comcast.net)
11:37ogra_` has joined IRC (ogra_`!~ogra_@p5098ed03.dip0.t-ipconnect.de)
11:39PhoenixSTF has joined IRC (PhoenixSTF!~rudi@78.29.191.104)
11:43ogra_ has left IRC (ogra_!~ogra_@p5098ed03.dip0.t-ipconnect.de, *.net *.split)
11:43|Paradox| has left IRC (|Paradox|!~iamparado@c-71-206-132-62.hsd1.va.comcast.net, *.net *.split)
11:43bwdbbwd is now known as |Paradox|
11:58bobby_C has joined IRC (bobby_C!~bobby@85-124-22-227.teleworker.xdsl-line.inode.at)
12:00jammcq has left IRC (jammcq!~jam@c-69-245-75-255.hsd1.mi.comcast.net, Quit: leaving)
12:05adrianorg has joined IRC (adrianorg!~adrianorg@187.113.248.105)
12:32hateIE10 has joined IRC (hateIE10!~hateIE@host217-39-11-144.in-addr.btopenworld.com)
12:37vnc786 has joined IRC (vnc786!~chatzilla@49.248.129.178)
12:39komunista has joined IRC (komunista!~slavko@87.244.209.121)
12:40
<vnc786>
how do i troubleshoot ? on fat clients 1 user is not able to login remaining all users are able to login till yesterday the user was able to login..
12:40
i checked, quota is okay ..
12:48
<Hyperbyte>
vnc786, can the user login to the server using ssh?
12:52
<vnc786>
Hyperbyte: yes
12:54
<Hyperbyte>
What happens exactly? Does LDM say "no response from server"?
12:55
Or does the login prompt disappear and then ldm restarts?
12:56
<vnc786>
Hyperbyte: after putting username and password ldm restarts
12:57
<Hyperbyte>
Immediately?
12:57
Or does it wait ~10 seconds
12:58
If it restarts immediately, the user has probrably configured a session in their home dir which the system doesn't support
12:58
<vnc786>
10 seconds
12:58
<Hyperbyte>
Ah
12:58
Well that means ssh authentication fails.
12:58
!screen_02
12:58
<ltsp>
screen_02: To get a root shell on an Ubuntu thin client: https://help.ubuntu.com/community/UbuntuLTSP/ClientTroubleshooting#Using_a_shell_SCREEN
12:59
<Hyperbyte>
Do that, and then on that screen type 'ssh user@server'
12:59
Replace 'user' with the username, but leave 'server' as-is. For example, 'ssh vnc786@server'
13:00
See if they can log-in that way.
13:02
<vnc786>
Hyperbyte: yes can login
13:04
Hyperbyte: till yesterday user was able to login but today morning user is not able to login ...
13:07
Hyperbyte: will be back after restarting server
13:14vnc786_ has joined IRC (vnc786_!~chatzilla@49.248.129.178)
13:14vnc786_ has left IRC (vnc786_!~chatzilla@49.248.129.178)
13:14vnc786_ has joined IRC (vnc786_!~chatzilla@49.248.129.178)
13:16vnc786 has left IRC (vnc786!~chatzilla@49.248.129.178, Ping timeout: 250 seconds)
13:16vnc786_ is now known as vnc786
13:27vnc786_ has joined IRC (vnc786_!~chatzilla@49.248.129.178)
13:29vnc786 has left IRC (vnc786!~chatzilla@49.248.129.178, Ping timeout: 250 seconds)
13:30vnc786_ is now known as vnc786
13:33andygraybeal_ has left IRC (andygraybeal_!~andy@h175.205.130.174.dynamic.ip.windstream.net, Ping timeout: 260 seconds)
14:00||cw has left IRC (||cw!~chris@phpgroupware/cw, Ping timeout: 248 seconds)
14:08andygraybeal has left IRC (andygraybeal!~andy.gray@obsidian.casanueva.com, Remote host closed the connection)
14:08vnc786 has left IRC (vnc786!~chatzilla@49.248.129.178, Ping timeout: 250 seconds)
14:09jammcq has joined IRC (jammcq!~jam@c-69-245-75-255.hsd1.mi.comcast.net)
14:09
<jammcq>
good morning friends
14:10mithr has joined IRC (mithr!~mithr@195.251.209.6)
14:11mithr has left IRC (mithr!~mithr@195.251.209.6, Client Quit)
14:14komunista has left IRC (komunista!~slavko@87.244.209.121, Ping timeout: 248 seconds)
14:20
<sbalneav>
Morning all!
14:20
Hackfest, day 2
14:23hateIE10 has left IRC (hateIE10!~hateIE@host217-39-11-144.in-addr.btopenworld.com, Ping timeout: 260 seconds)
14:25
<Hyperbyte>
Morning. :)
14:26ogra_` is now known as ogra_
14:27
<sbalneav>
Argh. Vagrant changed the configure.ac. It compiles, but doesn't link against libssh2 now. That won't work.
14:30staffencasa has joined IRC (staffencasa!~staffenca@8-220.ptpg.oregonstate.edu)
14:31
<sbalneav>
in bzr how do I revert a specific commit, like say this one: http://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/84
14:33
<Enslaver>
bzr uncommit -r 84
14:34
that takes you back to rev 84
14:46
<jammcq>
Scotty !!!!!!!!!!!!!!!
14:48highvoltage has left IRC (highvoltage!~highvolta@ubuntu/member/highvoltage, Quit: leaving)
14:49highvoltage has joined IRC (highvoltage!~highvolta@ubuntu/member/highvoltage)
14:52
<knipwim>
Enslaver: hey there
14:52
i'm still struggling with the dracut nfs boot
14:52
still mounting it as user nobody
14:53alexqwesa_ has joined IRC (alexqwesa_!~alex@109.172.12.47)
15:04
<knipwim>
Enslaver: do you have a domain explicitely set in /etc/idmapd.conf (server and client)?
15:05
or anyone else for that matter
15:05
using nfs that is
15:14
<Enslaver>
back sorry
15:15
what does it say when it tries to mount? i had an issue mounting nfsv4
15:15
i ended up just adding nfs:/opt/ltsp/i386 to my dhcpd.conf
15:15
for root-path
15:16
or nfsv4 for v4 will work also
15:50dobber_ has left IRC (dobber_!~dobber@89.190.199.210, Remote host closed the connection)
15:53yanu_ has joined IRC (yanu_!~yanu@178-117-233-89.access.telenet.be)
15:53yanu has left IRC (yanu!~yanu@lugwv/member/yanu, Ping timeout: 264 seconds)
15:53hachque_ has joined IRC (hachque_!quassel@2600:3c01::f03c:91ff:fe96:5060)
15:54simpoir has left IRC (simpoir!~simpoir@209.141.57.61, Ping timeout: 264 seconds)
15:54simpoir_ has joined IRC (simpoir_!~simpoir@209.141.57.61)
15:54hachque has left IRC (hachque!quassel@2600:3c01::f03c:91ff:fe96:5060, Ping timeout: 264 seconds)
15:57ajith_ has left IRC (ajith_!b7522f02@gateway/web/freenode/ip.183.82.47.2, Ping timeout: 245 seconds)
16:10bobby_C has left IRC (bobby_C!~bobby@85-124-22-227.teleworker.xdsl-line.inode.at, Ping timeout: 252 seconds)
16:25awilliams has left IRC (awilliams!mistik1@unaffiliated/mistik1, Ping timeout: 256 seconds)
16:26awilliams has joined IRC (awilliams!mistik1@unaffiliated/mistik1)
16:43Parker955 is now known as Parker955_Away
16:44vagrantc has joined IRC (vagrantc!~vagrant@freegeek/vagrantc)
16:50
<sbalneav>
vagrantc: Hey, I had to back out your change to configure.ac. I need the variables that pkg_check_modules sets up in the makefile.
16:51
otherwise it doesn't link against libssh2
16:51
as well, I've also added a --with-pam-dir= so in the rules file you can do --with-pam-dir=/lib/$(debmultiarch)/security
16:52
can't remember what debmultiarch is exactly. Something in caps.
16:52
However, I've hit a brick wall.
16:52
Before, handling the known_hosts didn't work if there was a comment.
16:52
Now it doesn't work at all.
16:52
sigh,
16:54
<vagrantc>
sbalneav: the PKG_CHECK_MODULES failed to pass tests in a clean build environment, so the build failed at configure
16:55
sbalneav: fixing some of the security issues would allow multiarch to happen without manual configuration, just setting debian/compat to 9
16:57junior_jaciara has joined IRC (junior_jaciara!bd4b5d2c@gateway/web/freenode/ip.189.75.93.44)
16:57andygraybeal has joined IRC (andygraybeal!~andy.gray@obsidian.casanueva.com)
16:58
<junior_jaciara>
im using epoptes in a standalone environment, before some time the clients disconnect my SO is ubuntu
17:00
<vagrantc>
sbalneav: so the packages i built don't work at all?
17:01
<sbalneav>
no, not properly. I'm working on it now.
17:02
PKG_CHECK_MODULES is pretty common, not sure why it wouldn't work.
17:02
<vagrantc>
sbalneav: i can post the build log somewhere and maybe that will help...
17:02
<sbalneav>
gobs and gobs of configure.ac's use it. Did you build-dep on pkg-check?
17:02
<vagrantc>
sbalneav: no
17:02otwieracz has joined IRC (otwieracz!~gonet9@v6.gen2.org)
17:02
<otwieracz>
Hello.
17:02
<sbalneav>
maybe try adding that.
17:02
<vagrantc>
sbalneav: figured itt might be a missing build-dep
17:04
<sbalneav>
Hello
17:04
<otwieracz>
Can I somehow access /dev/ttyUSB0 connected to terminal from server?
17:04
<vagrantc>
otwieracz: you'll want to run localapps or a fatclient
17:05
sbalneav: do you know what package pkg-check is part of?
17:06
sbalneav: can't find it in debian
17:06
sbalneav: you can see the build-deps in debian/control
17:07
<sbalneav>
one seck
17:08
sorry
17:08
pkg-config
17:08
check, config, what's the difference? :)
17:09
WHY WON'T THESE BLOODY HOSTKEYS CHECK?!?!? AAAAUUUUURRRRGGGGHHHHHH!
17:09
otwieracz: define "access"
17:10
more info would be helpful.
17:10
<otwieracz>
screen /dev/ttyUSB0
17:11
<junior_jaciara>
so no one from epoptes today ?
17:11
<vagrantc>
junior_jaciara: patience...
17:12
<sbalneav>
otwieracz: You're not being specific. Are you asking, "is there a way I can make a USB serial port connected to a thin client appear as a serial port on the server"?
17:12
If that's what you mean, then the answer is no.
17:15Parker955_Away is now known as Parker955
17:20
<sbalneav>
Enslaver: You seem to know about libssh2, know of any working examples of known_host processing?
17:20
their examples don't work for me.
17:21
<Enslaver>
sbalneav: i'll look some up
17:22xet7 has joined IRC (xet7!~xet7@a91-156-236-130.elisa-laajakaista.fi)
17:23
<Enslaver>
I've only known libssh2 from the olden days, I read up from previous chat logs, I think you mistook what i said, I actually like libssh over libssh2, I think it is easier and has more features. But libssh2 does have the stability and is more supported across platforms, it's really up to you, you're the coder, i'm just the implementer, i'll make whatever work, but it would be much harder to push a non stable library out.
17:27
And from what i remember, i think the known hosts processing needs to have a 2 after the naming of everything, i.e. known_hosts2, authorized_keys2, etc...
17:27
and on the coding side, nxssh has some good example code
17:27
<vagrantc>
10 years ago...
17:27
<Enslaver>
in a galaxy far far away
17:28
<vagrantc>
right :)
17:28
recent versions of ssh don't even support the files with 2 appended.
17:28
openssh
17:28
<Enslaver>
good, that was annoying
17:30* ogra_ feels old now ...
17:30
<ogra_>
i actually remember that ...
17:30
<Enslaver>
Also check out the example Network-SSH-Client
17:31
<vagrantc>
hopefully the libssh* libraries don't assume the 2 appended files...
17:32
<sbalneav>
Well, the file we're writing in the chroot is called ssh_known_hosts, so I don't think that's the problem.
17:36Phantomas has joined IRC (Phantomas!~Phantomas@ubuntu/member/phantomas)
17:36
<Enslaver>
What issue are you running into?
17:36
<sbalneav>
one sec...
17:37simpoir_ is now known as simpoir
17:40
<sbalneav>
http://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/view/head:/src/auth_funcs.c
17:40
So, starting at line 290
17:41
We read the SYSTEM_KNOWNHOSTS file: it returns one host, which there is: server
17:41
We get the fingerprint at line 294
17:41
at 316 we do the check.
17:42
it *never* recognizes any hosts.
17:42
I'm going to get some printfs in there next to a file, to see what keys it thinks it's getting.
17:45
<vagrantc>
sbalneav: is it checking ecdsa vs. rsa2 or something?
17:46
sbalneav: i.e. the server probably presents ecdsa keys by default, maybe it's only checking for rsa2 keys?
17:47
sbalneav: or are you checking the fingerprint against the full key, rather than the fingerpring of the full key, or something like that?
17:49
<sbalneav>
vagrantc: I'm doing what their *I^$*%^$*^ examples do :)
17:50
http://www.libssh2.org/examples/ssh2_exec.html
17:50
<vagrantc>
sbalneav: just brainstorming... :)
17:51
<sbalneav>
Their documentation.... leaves something to be desired.
17:52
<Enslaver>
Once i get back from lunch ill look, the way the iphone formats code is very sub par at best
17:56
<sbalneav>
I mean, I can just drop the whole thing altogether; I don't HAVE to check the known_hosts, it works without it. But that just seems kind of.... greasy. Ripe for a security breach.
17:56* vagrantc wants known_hosts checking
17:57shogunx has joined IRC (shogunx!~shogunx@2001:4978:106:1:788b:4c15:6f87:8d5e)
18:04
<sbalneav>
So do i.
18:05
I've got a beautiful login going here. Password aging works, and it even logs you straight in after the password has changed; no need to have the display manager restarts.
18:05
And I just verified; the fingerprint returned IS the one in the known hosts file. Gaaaagh
18:10
On a hunch...
18:14
HAHAHAHAHAHAHAHAHAHAHAHAHA
18:14
Fabulous.
18:14* vagrantc agrees
18:16
<sbalneav>
So, under libssh-4, it crapped out when you had a comment in the ssh_known_hosts file, but could handle multiple listed hosts, of different key types.
18:16
under libssh2, it can handle the comments, but you can't have multiple hosts with the same name in the keyfile.
18:16
so having server dsa keykeykey
18:17
server rsa keykeykey
18:17
in the file, fails.
18:17
So, boys and girls, here's your choices:
18:17
1) use libssh-4, and ltsp-update-sshkeys should hack out the comments
18:18
2) use libssh2, and pick one of the keys to use
18:18
3) ditch known_hosts checking.
18:18* vagrantc hrms.
18:19
<vagrantc>
sbalneav: should file a bug about the libssh2 problem...
18:20
<sbalneav>
I *could* do something REALLY gross.
18:23
<Hyperbyte>
sbalneav, should we sit down for this?
18:24
<sbalneav>
I'm checking to see how gross it is :)
18:24
<vagrantc>
sbalneav: set up known_hosts for each keytype?
18:30
<sbalneav>
Well, at the end of the day, the known_hosts processing is just fancy text processing.
18:32
getting the host key back works.
18:32
I *could* just loop through /etc/ssh/ssh_known_hosts as a text file and parse it.
18:47
<jammcq>
oh, that's ugly
18:51alexqwesa_ has left IRC (alexqwesa_!~alex@109.172.12.47, Quit: Хана X'ам !!!)
18:51alexqwesa_ has joined IRC (alexqwesa_!~alex@109.172.12.47)
18:52
<vagrantc>
hacking out the comments with libssh seems like the least bad, except it also doesn't support /etc/ssh/ssh_known_hosts (allegedly, according to a debian bug report)
18:54
<sbalneav>
HUZZUH!
18:55
"Fixed" it.
18:55
OK, so here's the problem.
18:55
libssh2 doesn't support the ecdsa-sha2-nistp256 key type.
18:56
using the "readfile" primitive in libssh2 for the known_hosts file bails on the first error.
18:57
so, since, for whatever reason the ecdsa-sha2-nistp256 key appears first in the file, it doesn't read in any of the other keys.
18:57Phantomas has left IRC (Phantomas!~Phantomas@ubuntu/member/phantomas, Ping timeout: 264 seconds)
18:57
<sbalneav>
Instead of bailing, i'm running a loop, and simply continue; over that line, adding the rest.
18:57
and... it works.
18:58
will be pushing a new rev shortly.
18:58
<vagrantc>
of course, it ignores ecdsa keys, which are remarkably faster for initial negotiation...
18:58komunista has joined IRC (komunista!~slavko@87.244.209.121)
19:07
<warren>
sbalneav: ecdsa isn't supported at all on Fedora and RHEL
19:08
<sbalneav>
vagrantc: well, since libssh2 doesn't support them anyway... :)
19:08
<warren>
sbalneav: it's been ripped out from any crypto library shipped by those distros
19:08
<sbalneav>
how come?
19:08
<warren>
sbalneav: patent fear
19:09alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
19:10
<sbalneav>
"First thing we do, let's kill all the lawyers" -- William Shakespeare :)
19:10ltspuser_31 has joined IRC (ltspuser_31!51820d64@gateway/web/freenode/ip.81.130.13.100)
19:11
<alkisg>
junior_jaciara: epoptes is running fine and after some time the clients disconnect?
19:12
<sbalneav>
OK, rev 88 works.
19:12
just pushed.
19:12
Now, back to actually integrating it :)
19:13Phantomas has joined IRC (Phantomas!~Phantomas@ubuntu/member/phantomas)
19:13
<sbalneav>
I'll add public key authentication later.
19:13
<junior_jaciara>
alkisg: yep we already started a little time ago
19:13
<alkisg>
junior_jaciara: ah we already talked about it? Let me check the logs...
19:14
<junior_jaciara>
some time ago, clients standalone, cant get a error msg on the terminal remember ?
19:14
<alkisg>
Yup I think I remember the cas
19:14
e
19:15
So, you still see no error at all when the client disconnects?
19:15
And, after the client disconnects, do you still see it as a red monitor?
19:15
<junior_jaciara>
yep
19:16
and if i go into the terminal and type epoptes-client it again reconnects
19:16
so im thinking of creating a script to monitor the epoptes-client process if its not running just run =)
19:16
<alkisg>
junior_jaciara: try this: https://bugs.launchpad.net/epoptes/+bug/1011482
19:16
Comments 3 and 4
19:17
It's a quick way to implement reconnections. Although I'm wondering if it's just some "student" that learned about the "kill" command that kills epoptes-client :D
19:18
<junior_jaciara>
nop is not my students have 4 years =)
19:19
<alkisg>
Might be a hardware networking issue then...
19:19
<junior_jaciara>
yep but without any error msg ?
19:19
<alkisg>
I'm not sure how socat behaves there, it's possible that it just returns an exit code and it doesn't display a message
19:21ltspuser_31 has left IRC (ltspuser_31!51820d64@gateway/web/freenode/ip.81.130.13.100, Quit: Page closed)
19:22
<junior_jaciara>
alkisg: so i just add that ppa and update all the epoptes-client ?
19:22
<alkisg>
junior_jaciara: no no ppa needed
19:22
Just modify 2 lines in the epoptes-client script
19:23gbaman has joined IRC (gbaman!51820d64@gateway/web/freenode/ip.81.130.13.100)
19:23
<junior_jaciara>
how i use this ?
19:23
https://code.launchpad.net/~oiteam/epoptes/auto-reconnect
19:23
<alkisg>
http://bazaar.launchpad.net/~oiteam/epoptes/auto-reconnect/view/head:/epoptes-client/epoptes-client
19:24
Here is the file you want
19:24
Put it to /usr/sbin/epoptes-client
19:24
<junior_jaciara>
ty
19:26
just overwrite the one already there right ?
19:26
<alkisg>
Yes, but be careful to download it as a text file (script) and not as an html page
19:26
<gbaman>
Hey, i am quite new to LTPS and wondering about a scenario for a school, is this the right place to ask if it is possible?
19:26
<alkisg>
I.e. don't do "save as" from the browser, click on "download"
19:26
gbaman: yes, shoot
19:27
<gbaman>
The scenario a classroom of machines on a normal locked down network. We want to be able to have these be network bootable when we need them to be but function normally and boot off their HDDs most of the time. It is only when the student holds down f12 (or whatever) that it loads up and lets them log into ubuntu. The LTSP server would be on a server using a single network card and would sit on the network, not in the middle between 2 n
19:27
We would also not want any other machines other than this single classroom of machines to boot like this. There is already a DHCP server in use on the network so LTSP can not act as one. Finally, we would want some of the machines to be thin clients but most to be fat clients Is the above possible?
19:27
<alkisg>
gbaman: your text was too large and it was cut off
19:28
"not in the middle between 2 n"
19:28
!proxydhcp
19:28
<ltsp>
proxydhcp: A proxy DHCP server is defined by the PXE specification as a server which sends auxiliary boot information to clients, like the boot filename, tftp server or rootpath, but leaves the task of IP leasing to the normal DHCP server. More info: https://help.ubuntu.com/community/UbuntuLTSP/ProxyDHCP
19:28
<alkisg>
!ltsp-pnp
19:28
<ltsp>
ltsp-pnp: ltsp-pnp is an alternative (upstream) method to maintain LTSP installations for thin and fat clients that doesn't involve chroots: https://help.ubuntu.com/community/UbuntuLTSP/ltsp-pnp
19:28
<junior_jaciara>
alkisg ty will try soon =)
19:28
<alkisg>
gbaman: I'd suggest you read those 2 web pages above ^
19:29
<gbaman>
ok, do you think the scenario is possible?
19:29
<alkisg>
gbaman: yes, we use that here in 500 schools
19:30
<gbaman>
ok, interesting...
19:30
<alkisg>
Dual booting with windows, both thins and fats, single NIC
19:30
For stations that don't have F12 /boot from network, you'll also need this:
19:30
!win32loader
19:30
<ltsp>
I do not know about 'win32loader', but I do know about these similar topics: 'win32-loader'
19:30
<alkisg>
!win32-loader
19:30
<ltsp>
win32-loader: win32-loader.exe can be used to add a "PXE - Network boot" option to the Windows boot manager. It's developed for Debian and it uses gPXE/iPXE for the network booting. You can download a binary from http://ftp.debian.org/debian/tools/win32-loader/unstable/ (if someone could write a wiki page for that it'd be great, a Greek page you can translate as a starting point is available at (1 more message)
19:31
<gbaman>
ok, all the required machines do have network booting
19:31
but thanks
19:31
time to get reading :)
19:32
thanks :)
19:33
<alkisg>
np
19:33gbaman has left IRC (gbaman!51820d64@gateway/web/freenode/ip.81.130.13.100, Quit: Page closed)
19:37designbybeck has joined IRC (designbybeck!~quassel@x175y164.angelo.edu)
19:43SmallR2002 has left IRC (SmallR2002!~quassel@c-98-253-173-240.hsd1.il.comcast.net, Quit: No Ping reply in 180 seconds.)
19:44SmallR2002 has joined IRC (SmallR2002!~quassel@c-98-253-173-240.hsd1.il.comcast.net)
20:00markit has joined IRC (markit!~marco@88-149-177-66.v4.ngi.it)
20:05andygraybeal_ has joined IRC (andygraybeal_!~andy@h175.205.130.174.dynamic.ip.windstream.net)
20:06||cw has joined IRC (||cw!~chris@66.49.94.11)
20:06
<sbalneav>
OK, has everyone got time for a quick base-touching?
20:07* alkisg is all ears... err, eyes :)
20:07
<sbalneav>
vagrantc: You about?
20:09
ok. So.
20:10
I'm sitting here with a ltsp thin client
20:10
with lightdm starting on bootup
20:10
my libpam-sshauth module.
20:10
Upon login, the user exists on the local workstation
20:10
<vagrantc>
sbalneav: ish
20:11
<sbalneav>
and I'm spawning a MATE desktop session.
20:11
Incorrect passwords work as you'd expect.
20:12
and as well, when password aging happens, you get a full prompt, plus once you change the password, you log in directly, no need to "re-login" with the new password.
20:12
<alkisg>
sbalneav: and the ssh socket is owned by the user?
20:12
<sbalneav>
So, at this point, what I'm going to do is blow away the chroot, and rebuild, fully documenting the changes that need to happen.
20:13
<vagrantc>
by blow away, you mean back up? :)
20:14
<sbalneav>
Phhhht.
20:14
I fly without a wire :)
20:14
I've also got this:
20:14
https://code.launchpad.net/~sbalneav/ltsp/ltsp-pam-examples
20:15
which is where I'll put any "changed" files.
20:15* markit quietely sits in a corner and watches these great developers talk about LTSP improvements
20:15
<sbalneav>
All I had to do were touch a couple of things in the ltsp-init.d directory.
20:15dsugar100 has left IRC (dsugar100!~dsugar@columbia.tresys.com, Quit: dsugar100)
20:15
<sbalneav>
That'll take me the rest of the day, 'till about 8:30 tonight (CST)
20:15
<alkisg>
sbalneav: if the ssh socket is owned by the user, can root write to it?
20:16
<sbalneav>
no
20:16
same as now.
20:16
<alkisg>
No it's owned by root
20:16
*now
20:16
Or you mean "now with libpam_sshauth"?
20:16
<sbalneav>
right, but the user can't write to it then :)
20:16
<alkisg>
In the chroot you have going there, who owns the socket?
20:17
<sbalneav>
A root socket starts
20:17
pulls over any info needed
20:17
shuts down
20:17
respawns as the user.
20:17
<alkisg>
(btw you could also pull the uid/gid with ltspd, if you want)
20:17
Cool, so no need for a remoteappsd anymore
20:18
Local apps can just go ahead and use the socket to run apps remotely
20:18
<sbalneav>
so when you've logged in, the user themselves is logged in on the terminal, a remote session is displaying, and the user owns the socket.
20:18
correct.
20:19
<vagrantc>
that sounds like a good tradeoff for spawning another ssh tunnel
20:19
<alkisg>
I think when I last tried that, even a `passwd` wrapper worked (that used the ssh socket to spawn passwd remotely)
20:19
<sbalneav>
so, I'll finish off this bit, then tomorrow, maybe we can all get a chroot going the same way, and take it from there.
20:20
<alkisg>
sbalneav: did you find any potential blockers?
20:20
<sbalneav>
Oh, I ran into a doozy this afternoon, but I coded around it :)
20:21
so, if we can get v88 of libpam-sshauth packaged for (debian, ubuntu, whatever) so we can respectively play, that would be great.
20:21
But proof-of-concept wise, this is working as I envisioned it would.
20:22
Then maybe tomorrow morning, can we have a g+ hangout, and I can walk weveryone through the code, so they understand what's going where?
20:22
s/morning/your timezone dependent time qualifier/g
20:23* vagrantc pouts for lack of ecdsa
20:23
<vagrantc>
oh well :)
20:23
<warren>
sbalneav: wait, what's going on?
20:23
sbalneav: libssh or libssh2?
20:24
<alkisg>
+1 for the g+ hangout
20:24
<sbalneav>
After a marathon 24 hours, we're on libssh2
20:24
<warren>
great!
20:24
RHEL can actually use it
20:24
sbalneav: and no ecdsa reliance right?
20:25
<vagrantc>
no ecdsa support whatsoever
20:25
<warren>
ok
20:25
<sbalneav>
No, I don't prefer any key type, and I now reliably skip keys libssh2 doesn't like in ssh_known_hosts.
20:25
<warren>
(I'm sad about the lack of ecdsa here. It was removed from openssl and at least one other library.)
20:26
<sbalneav>
libssh2's documentation is cr*p, but that's another story.
20:27
I'm still not supporting public_key auth, but that's just a case of me cranking the gears some more, and I want to move forward with the actual "getting the chroot built" development part.
20:27* vagrantc nods
20:28
<sbalneav>
So, for the rest of the day, I'll get some doco and files put together, if V&A and possibly E or W can get some packages rolled for the pam module, we should be in good shape.
20:29
There'll be a new version of ltspfs that properly (hopefully) supports dbus/udisks in a month or so, so if we don't get ltspfs working 100%, that;ll come.
20:29
but, with any luck, the only 2 pieces of C code we'll have left after this excercise (that I'm aware of) is libpam-sshauth and ltspfs2
20:30
the rest should all be shellish.
20:30
<alkisg>
If we want to, we can also drop xatomwait for localapps now that the ssh socket is owned by the user
20:30
<sbalneav>
right.
20:30
<alkisg>
And do it with an ssh server listen-for-command
20:30
So that also root can send commands to the client by writing to the fifo there
20:31
<sbalneav>
Sound good?
20:31
<alkisg>
Yup, all sound good
20:31
<vagrantc>
sounds good indeed, yes!
20:32
<sbalneav>
"Alles klar, herr Kommisar?" (Don't turn around, whoa-oh, ja ja, Der Kommisar's in town...)
20:32
<alkisg>
And finetuning some stuff like udev, pulse etc will make what vagrantc said possible,
20:32
about selecting fat or thin on lightdm, on a per-session basis
20:33
<sbalneav>
http://www.youtube.com/watch?v=Guvo7gUdUnE
20:33
<vagrantc>
just basically need to create .desktop files for each remote or local entry, yes?
20:33
<sbalneav>
right.
20:33
<alkisg>
Yes, but we need to run pulse as the user, after the root ssh socket is created and the info pulled
20:33
<sbalneav>
I'm selecting now with a .desktop file.
20:35Phantomas has left IRC (Phantomas!~Phantomas@ubuntu/member/phantomas, Ping timeout: 256 seconds)
20:36
<vagrantc>
ah, not using system pulse anymore? that'd be good.
20:37
<alkisg>
Btw, do we pretend that root on the server doesn't have access to the clients? Or can we e.g. implement a "shutdown all logged in clients" script that uses localapps to do that?
20:38
Err my real question is, if we have an `ssh server listen-for-commands` listener, do we want root to be able to write to it?
20:45junior_jaciara has left IRC (junior_jaciara!bd4b5d2c@gateway/web/freenode/ip.189.75.93.44, Quit: Page closed)
20:50Phantomas has joined IRC (Phantomas!~Phantomas@ubuntu/member/phantomas)
20:58alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Quit: Leaving.)
21:09jammcq has left IRC (jammcq!~jam@c-69-245-75-255.hsd1.mi.comcast.net, Quit: leaving)
21:26khildin has left IRC (khildin!~khildin@ip-80-236-227-135.dsl.scarlet.be, Remote host closed the connection)
21:33komunista has left IRC (komunista!~slavko@87.244.209.121, Quit: Leaving.)
21:44simpoir has left IRC (simpoir!~simpoir@209.141.57.61, Remote host closed the connection)
21:55vmlintu has left IRC (vmlintu!~vmlintu@nblzone-240-143.nblnetworks.fi, Ping timeout: 245 seconds)
22:03bobby_C has joined IRC (bobby_C!~bobby@85-124-22-227.teleworker.xdsl-line.inode.at)
22:07
<vagrantc>
sbalneav: spot on regarding pkg-config
22:09
sbalneav: i386 and amd64 packages for debian wheezy+ at http://cascadia.debian.net/~vagrant/debian/pool/main/libp/libpam-sshauth/
22:14
sbalneav: and one of the hardening related failures: http://cascadia.debian.net/~vagrant/libpam-sshauth/libpam-sshauth_0.3~20130312~1-2_i386.build
22:14
<sbalneav>
let me see...
22:15
The one in pam_util?
22:16
vagrantc: lol, ok, let me see...
22:18
vagrantc: see if that's happy now. r89
22:22
<vagrantc>
the frustrating thing with the hardening flags is it bails on the first error... so it's an interative fail, fix, new failure, new fix, new failure ... ugh.
22:23Phantomas has left IRC (Phantomas!~Phantomas@ubuntu/member/phantomas)
22:26
<vagrantc>
sbalneav: the fixed it, here's the next: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I.. -D_FORTIFY_SOURCE=2 -fpic -Wall -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -c -o pam_sshauth_so-auth_funcs.o `test -f 'auth_funcs.c' || echo './'`auth_funcs.c
22:26
auth_funcs.c: In function 'kbd_callback':
22:26
auth_funcs.c:80:7: error: format not a string literal and no format arguments [-Werror=format-security]
22:26
cc1: some warnings being treated as errors
22:26
sorry folks, that was more paste than i thought it would be
22:27
sbalneav: though really, we can fix those later. heck, now that i saw how you fixed the first, i could even fix them maybe :)
22:27
<sbalneav>
Meh, might as well do it now.
22:36
vagrantc: pushed r90
22:36* vagrantc has to go back to working on other things :(
22:44bobby_C has left IRC (bobby_C!~bobby@85-124-22-227.teleworker.xdsl-line.inode.at, Read error: Operation timed out)
23:02khildin has joined IRC (khildin!~khildin@ip-80-236-227-135.dsl.scarlet.be)
23:02
<sbalneav>
Wow. Cleanest logout I ever had. I think we may have a winner here: I've created a small script to put on the server: ltsp-cleanup.sh:
23:03
!paste
23:03
<ltsp>
paste: try !pastebot
23:03
<sbalneav>
!pastebin
23:03
<ltsp>
pastebin: the LTSP pastebin is at http://ltsp.pastebin.com. Please paste all text longer than a line or two to the pastebin, as it helps to reduce traffic in the channel. Don't forget to paste the URL of the text here.
23:04
<sbalneav>
http://pastebin.com/CnHRVMG8
23:04
I start the session with "mate-session;ltsp-cleanup.sh"
23:05
Clean logout, nothing left behind, and should handle multiple sessions due to the fact that I only kill things with my ssh_client id.
23:06staffencasa has left IRC (staffencasa!~staffenca@8-220.ptpg.oregonstate.edu, Quit: Leaving)
23:15* Hyperbyte high fives sbalneav
23:16
<sbalneav>
And it's all in shell, which should make alkisg happy :)
23:16
Made it eeeeeven shorter:
23:16
<Hyperbyte>
Heheh
23:16
<sbalneav>
http://pastebin.com/A3U4M6H2
23:17
the cool thing is, the ssh server process itself doesn't have SSH_CLIENT set.
23:17
So, the cleanup script skips itself (by continuing on $$)
23:18
and won't touch the ssh server because it won't show up in the grep
23:18
<Hyperbyte>
:)
23:18
<sbalneav>
so, the sshd doesn't get killed, and the ssh on the client exits real nice-like.
23:19
<Hyperbyte>
Are you killing ssh last though, after all session things are disappeared?
23:19PhoenixSTF has left IRC (PhoenixSTF!~rudi@78.29.191.104, Quit: Leaving)
23:19
<Hyperbyte>
Because that was what was screwing up localapps, ssh dieing before, for example, the pulseaudio daemon
23:19
Errr, not localapps - home dirs.
23:20
Need sleep.
23:20
<sbalneav>
No, the ssh just exits normally because the command line has finished.
23:20
<Hyperbyte>
Ah
23:25khildin has left IRC (khildin!~khildin@ip-80-236-227-135.dsl.scarlet.be, Remote host closed the connection)
23:31khildin has joined IRC (khildin!~khildin@ip-80-236-227-135.dsl.scarlet.be)
23:35F-GT has left IRC (F-GT!~phantom@ppp59-167-136-109.static.internode.on.net, Ping timeout: 260 seconds)
23:40SmallR2002 has left IRC (SmallR2002!~quassel@c-98-253-173-240.hsd1.il.comcast.net, Quit: No Ping reply in 180 seconds.)
23:40SmallR2002_ has joined IRC (SmallR2002_!~quassel@c-98-253-173-240.hsd1.il.comcast.net)
23:42sbalneav has left IRC (sbalneav!~sbalneav@mail.legalaid.mb.ca, Ping timeout: 264 seconds)
23:42stgraber has left IRC (stgraber!~stgraber@ubuntu/member/stgraber, Remote host closed the connection)
23:43stgraber has joined IRC (stgraber!~stgraber@ubuntu/member/stgraber)
23:43sbalneav has joined IRC (sbalneav!~sbalneav@mail.legalaid.mb.ca)
23:52F-GT has joined IRC (F-GT!~phantom@ppp59-167-136-109.static.internode.on.net)
23:57
<vagrantc>
sbalneav: built with all the hardening you could eat!