IRC chat logs for #ltsp on irc.freenode.net (webchat)


Channel log from 15 October 2020   (all times are UTC)

00:52danboid has left IRC (danboid!~ISDADS\sg@cpc127016-macc4-2-0-cust104.1-3.cable.virginm.net, Quit: Leaving)
04:15quinox has left IRC (quinox!~quinox@ghost.qtea.nl, Quit: WeeChat 2.8)
04:19quinox has joined IRC (quinox!~quinox@ghost.qtea.nl)
04:22
<alkisg>
!cheap-client
04:22
<ltspbot>
cheap-client: https://www.gearbest.com/tv-box-c_11262/?attr=2081-1279
06:04RaphGro has joined IRC (RaphGro!~raphgro@fedora/raphgro)
08:39xagapiou has joined IRC (xagapiou!51ba6079@81.186.96.121)
09:01xagapiou has left IRC (xagapiou!51ba6079@81.186.96.121, Remote host closed the connection)
10:58fafler has joined IRC (fafler!bcb70c27@188-183-12-39-dynamic.dk.customer.tdc.net)
11:01
<fafler>
Hi. I'm working on a LTSP setup, but I need the SSH server to run on the clients, and also need root login via SSH. How do I do that?
11:06
<alkisg>
!ssh
11:06
<ltspbot>
I do not know about 'ssh', but I do know about these similar topics: 'sshd'
11:06
<alkisg>
!sshd
11:06
<ltspbot>
sshd: Exposing sshd host keys over NFS is unsafe, so it's disabled by default and !epoptes is recommended instead. If you insist on running sshd in LTSP clients, read https://github.com/ltsp/community/issues/161#issuecomment-694123543
11:06
<alkisg>
fafler: ^
11:07
<fafler>
!epoptes
11:07
<ltspbot>
epoptes: Epoptes is a computer lab administration and monitoring tool. It works on Ubuntu and Debian based labs with LTSP or non-LTSP servers, thin and fat clients, standalone workstations, NX clients etc. More info: https://epoptes.org
11:07
<alkisg>
!install
11:07
<ltspbot>
install: To install LTSP: https://ltsp.org/docs/installation/
11:07
<alkisg>
This installation page also includes instructions for epoptes
11:07
<fafler>
Ohhh... seems like that is what I should be doing. Thanks :-D
11:08
<alkisg>
Maybe you already have epoptes ? If you followed the wiki page...
11:08
*the installation page...
11:08
<fafler>
Yeah, it was in the install guide, but I didn't look into it, because I usually just use SSH
11:24danboid has joined IRC (danboid!~ISDADS\sg@cpc127016-macc4-2-0-cust104.1-3.cable.virginm.net)
11:25
<danboid>
alkisg: I have worked out the minimum set of ports required to be open on a software firewall for an LTSP server bar one rule, something like this:
11:26
ufw allow 30000:65535/tcp
11:26
What is the lower bound of that range that needs to be open?
11:26
Maybe its 32XXX?
11:27
30000 might be a bit too low?
11:28
I've definitely seen it use ports in the 3XXXX range but maybe it goes lower
11:28
I want this running so that we can use fail2ban
11:28
which requires an enabled software firewall
11:31
Oh actually, its probably 32768 to 60999
11:32
https://en.wikipedia.org/wiki/Ephemeral_port says "Many Linux kernels use the port range 32768 to 60999"
11:32
That sounds like a match to me
11:45
I will update the wiki security article with the list of ports shortly
13:05TatankaT has joined IRC (TatankaT!~tim@syslogin-ae.oma.be)
13:31lucascastro has left IRC (lucascastro!~lucascast@177-185-139-15.dynamic.isotelco.net.br, Ping timeout: 272 seconds)
13:42lucascastro has joined IRC (lucascastro!~lucascast@177-185-131-230.corp.isotelco.net.br)
13:43danboid has left IRC (danboid!~ISDADS\sg@cpc127016-macc4-2-0-cust104.1-3.cable.virginm.net, Quit: Leaving)
14:38lucascastro has left IRC (lucascastro!~lucascast@177-185-131-230.corp.isotelco.net.br, Ping timeout: 246 seconds)
14:40
<quinox>
that's a lot of ports
14:42
you can also make the default ACCEPT + fail2ban
15:28woernie has left IRC (woernie!~werner@p5ddec4e7.dip0.t-ipconnect.de, Ping timeout: 256 seconds)
15:29woernie has joined IRC (woernie!~werner@p578bb7b6.dip0.t-ipconnect.de)
15:58woernie_ has joined IRC (woernie_!~werner@p5ddec4e7.dip0.t-ipconnect.de)
15:58woernie has left IRC (woernie!~werner@p578bb7b6.dip0.t-ipconnect.de, Ping timeout: 272 seconds)
18:26lucascastro has joined IRC (lucascastro!~lucascast@186.193.183.202.jupiter.com.br)
20:13lucascastro has left IRC (lucascastro!~lucascast@186.193.183.202.jupiter.com.br, Ping timeout: 260 seconds)
21:06lucascastro has joined IRC (lucascastro!~lucascast@186.249.210.29)
21:39lucascastro has left IRC (lucascastro!~lucascast@186.249.210.29, Ping timeout: 260 seconds)
22:40lucascastro has joined IRC (lucascastro!~lucascast@186.249.210.29)