IRC chat logs for #ltsp on irc.freenode.net (webchat)


Channel log from 21 January 2021   (all times are UTC)

00:11
<map7>
Is this still the best way to get ssh access working on fat clients? (https://github.com/ltsp/ltsp/discussions/310)
00:11
I'm using 21.01-1~ubuntu20.04.1 on a fresh install of Debian 10
00:14
<vagrantc>
ah, just uploaded a newer version but that will only be available in Debian bullseye
00:14
though would probably be trivial to add to buster-backports
00:15
<map7>
vagrantc, does the new version affect the way ssh works on clients?
00:16
<vagrantc>
well, it's probably not very different from the one in the ppa you mentioned ... only minor changes
00:52
<map7>
Do I still have to do "POST_INIT_MV_SSH="mv /etc/ltsp/initrd/etc/ssh/* /etc/ssh/""?
00:52
I'm still getting 'Connection closed by 192.168.200.177 port 22' when trying to ssh to my fat client
03:25GodFather has left IRC (GodFather!~rcc@wsip-66-210-242-210.ph.ph.cox.net, Ping timeout: 264 seconds)
04:51
<alkisg>
!ssh
04:51
<ltspbot>
I do not know about 'ssh', but I do know about these similar topics: 'sshd'
04:51
<alkisg>
!sshd
04:51
<ltspbot>
sshd: Exposing sshd host keys over NFS is unsafe, so it's disabled by default and !epoptes is recommended instead. If you insist on running sshd in LTSP clients, read https://github.com/ltsp/ltsp/discussions/310
04:51
<alkisg>
...and specifically, https://github.com/ltsp/ltsp/discussions/310#discussioncomment-101549
04:51
That ^ comment
04:51
!forget sshd
04:51
<ltspbot>
The operation succeeded.
04:52
<alkisg>
!learn sshd as Exposing sshd host keys over NFS is unsafe, so it's disabled by default and !epoptes is recommended instead. If you insist on running sshd in LTSP clients, read https://github.com/ltsp/ltsp/discussions/310#discussioncomment-101549
04:52
<ltspbot>
The operation succeeded.
04:53map7 has left IRC (map7!~map7@103.232.216.31, Ping timeout: 256 seconds)
04:53mgariepy has left IRC (mgariepy!~mgariepy@ubuntu/member/mgariepy, Ping timeout: 256 seconds)
04:53
<alkisg>
Hmm yes and the POST_INIT_MV_SSH is still needed
04:53map7 has joined IRC (map7!~map7@103.232.216.31)
04:53mgariepy has joined IRC (mgariepy!~mgariepy@ubuntu/member/mgariepy)
04:59
<map7>
alkisg, cheers I'll give it a go.
04:59
<alkisg>
(06:53:29 AM) alkisg: Hmm yes and the POST_INIT_MV_SSH is still needed
05:05
<map7>
ok
05:11quinox has left IRC (quinox!~quinox@ghost.qtea.nl, Quit: WeeChat 2.9)
05:14quinox has joined IRC (quinox!~quinox@ghost.qtea.nl)
05:24
<map7>
alkisg, I'm using chrootless do I need to put the OMIT lines in also from https://github.com/ltsp/ltsp/discussions/310#discussioncomment-101547
05:25
<alkisg>
map7: no
05:29
<map7>
alkisg, I've also installed the 'ssh' package would that stop it working?
05:29
<alkisg>
map7: that's just a metapackage, it couldn't affect anything...
05:30
map7: you can't make it work? Do you want me to help over vnc?
05:31
<map7>
alkisg, ok I think I'm pretty close
05:31
<alkisg>
!vnc-dide
05:31
<ltspbot>
vnc-dide: To share your screen with me, run this: sudo apt-get --yes install x11vnc; x11vnc -connect srv1-dide.ioa.sch.gr - this is a reverse connection, it doesn't need port forwarding etc.
05:31
<map7>
It's I'm working remotely, but can reboot two real fat-clients at the other end through epoptes
05:34
test with Michael
05:36
<alkisg>
map7: try with KEEP_SYSTEM_SERVICES="ssh"
05:36
<map7>
ok
05:36
<alkisg>
Instead of openssh-server
05:37
<map7>
alkisg, I only need to do a 'ltsp initrd' after editing the ltsp.conf correct?
05:39
<alkisg>
map7: correct
05:39
<map7>
alkisg, when testing should I be sshing from the LTSP server to the fat client?
05:40
<alkisg>
Right
05:40
It appears to work fine
05:41
I updated the comment to include all of the instructions now
05:41
!sshd
05:41
<ltspbot>
sshd: Exposing sshd host keys over NFS is unsafe, so it's disabled by default and !epoptes is recommended instead. If you insist on running sshd in LTSP clients, read https://github.com/ltsp/ltsp/discussions/310#discussioncomment-101549
05:42
<alkisg>
So now this comment is all you need (for another time) ^
05:43
<map7>
alkisg, So I've got to connect with a key, not a password
05:43
<alkisg>
Why?
05:44
Ah you mean as root?
05:44
Did you enable root access with password over ssh, in sshd_config?
05:45
<map7>
alkisg, No I don't think I did, but I'm happy to not have root access.
05:46
If I wanted to access as a user with key based authentication where do I put my key?
05:47RaphGro has joined IRC (RaphGro!~raphgro@fedora/raphgro)
05:48
<alkisg>
map7: to set a root password, see `man ltsp.conf` there, the set_root_hash paragraph
05:49
And to allow root logins, you'd need a POST_INIT_SED_SSHD.... to specify PermitRootLogins yes in sshd_config
05:49
To access as a user with key based etc, the user would need to have logged in by default, as ssh checks in /home/username/.ssh/authorized_keys,
05:49
...but you can easily change that with sshd_config again, read its man page
05:50
I think it's best to login as root with a key
05:51
Let me do that for you
05:54
<map7>
ok I understand
05:55
I really wanted user access through ssh with a key so I'll copy the key into that authorized_keys area like you said
05:56
<alkisg>
map7, you can now `ssh ltsp177.local`, then `su - user`
05:57
<map7>
cool, thank you
05:57
<alkisg>
If you want to `ssh user@ltsp177.local`, you'd need the user to have logged in first, and use your authorized keys
05:58
<map7>
so copy the user key into authorized_keys and do a 'ltsp initrd', reboot the fat client and test
05:58
<alkisg>
No
05:58
Just ssh-copy-id to that user on the server
05:58
No ltsp initrd, no reboot
05:58
<map7>
oh ok
05:58
<alkisg>
It's under /home; ltsp isn't involved there
05:58
<map7>
oh yeah that's NFS/NBD mounted
05:58
<alkisg>
Even over sshfs , it would be the same
05:59
So from the server, ssh-copy-id user@localhost
05:59
That's all
05:59
<map7>
Thanks so much, I was a little lost there for a while
05:59
but so close.
05:59
<alkisg>
np, it indeed needed a few extra steps
05:59
(closed vnc)
06:06
I updated the comment once more, to include instructions for the root ssh key
06:07
<map7>
thanks. I found I had to do a 'ssh-copy-id map7@ltsp177.local' instead of ssh-copy-id map7@localhost for it to work
06:07
it works now
06:07
<alkisg>
Were you running that on the server?
06:07
<map7>
yes
06:07
<alkisg>
That doesn't make sense, what was the error?
06:09
<map7>
There was no error with ssh-copy-id map7@localhost, it just didn't work when I then typed in 'ssh map7@ltsp177.local' it would still prompt for password
06:09
<alkisg>
Anyway if it works no point in troubleshooting this
06:10
But that means something was wrong with /home
06:12
<map7>
I also just tried it from another computer to a fat client and it worked nicely
06:16alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Ping timeout: 246 seconds)
06:18alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
07:35woernie has left IRC (woernie!~werner@pd9e8bc11.dip0.t-ipconnect.de, Remote host closed the connection)
07:39ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
08:27woernie has joined IRC (woernie!~werner@p508679af.dip0.t-ipconnect.de)
08:29woernie_ has joined IRC (woernie_!~werner@p50867e5b.dip0.t-ipconnect.de)
08:33woernie has left IRC (woernie!~werner@p508679af.dip0.t-ipconnect.de, Ping timeout: 256 seconds)
08:35alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Ping timeout: 264 seconds)
08:38alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
09:32gvy has left IRC (gvy!~mike@altlinux/developer/mike, Ping timeout: 272 seconds)
09:37woernie_ has left IRC (woernie_!~werner@p50867e5b.dip0.t-ipconnect.de, Ping timeout: 256 seconds)
09:38woernie has joined IRC (woernie!~werner@p50867e5b.dip0.t-ipconnect.de)
11:26vagrantc has left IRC (vagrantc!~vagrant@unaffiliated/vagrantc, Quit: leaving)
11:48bobby44 has joined IRC (bobby44!6dc048e9@HSI-KBW-109-192-072-233.hsi6.kabel-badenwuerttemberg.de)
11:53
<bobby44>
hi. for some reason, my nfs mounts are missing on the client. they are named in /etc/ltsp/ltsp.conf, but they don't appear on the client as they used to.
11:54
<alkisg>
bobby44: what's the output of `cat /etc/fstab` on the client?
11:55
Do they show up there? Do you see them in the client's /etc/ltsp/ltsp.conf? Are you using FSTAB_x lines under [clients]?
11:57
<bobby44>
yes, they appear in both files on the client
11:57
and yes, these are FSTAB_x lines
11:58
<alkisg>
If they appear in /etc/fstab yet they're not mounted, it's probably a problem in the server
11:58
Try to mount them now on the client, to see the error message
11:58
E.g. sudo mount /home/share
11:58
Or whatever other path you have; no options needed, it'll find the correct fstab line
11:59
<bobby44>
mount.nfs access denied by server
11:59
<alkisg>
Right, so you need to check the nfs server options
11:59
E.g. maybe you have a bad exports line
11:59
Or a bad subnet match
12:00
`showmount -e server` on the client will tell you some things
12:00
<bobby44>
on the client?
12:00
<alkisg>
Yes
12:00
That exact line
12:01
`showmount -e localhost` on the server might show similar things
12:01
<bobby44>
 /srv/tftp/ltsp *
12:01
 /srv/ltsp *
12:02
same on the server
12:02
<alkisg>
So you don't have other exports
12:02
Where did you put your other exports, what are they?
12:02
If the paths are not secret, you can show us this: grep -r . /etc/exports* | nc termbin.com 9999
12:03
I.e. all your exports lines
12:04
<bobby44>
https://termbin.com/bq3y
12:05
<alkisg>
OK this is the default ltsp setup
12:05
What export are you searching for, e.g. /home/share?
12:05
<bobby44>
is it possible that an update killed my setup?
12:05
<alkisg>
If you put things in /etc/exports.d/ltsp-nfs.exports, and then run `ltsp nfs`, they are overwritten
12:06
That's why we say "use a local.conf"...
12:06
<bobby44>
there is that file in /usr/share/ltsp...
12:07
<alkisg>
bobby44: please be more specific. What export did you put and in which file
12:07
Did you put e.g. /home/share in /etc/exports.d/ltsp-nfs.exports?
12:07
<bobby44>
i think so
12:07
no
12:07
<alkisg>
Don't do that
12:07
Create your own file in /etc/exports.d/local.conf
12:07
*Create your own file in /etc/exports.d/local.exports
12:08
<bobby44>
 /usr/share/ltsp/server/nfs/ltsp-nfs.exports
12:08
<alkisg>
Hmm?!
12:08
That's an ltsp file, you're not supposed to touch that
12:08
It gets overwritten by debian/ubuntu on updates
12:08
<bobby44>
can you point me to the documentation that shows me how to do it correctly?
12:09
<alkisg>
Sure, man nfs
12:09
Or man exports
12:09
E.g. create your own file in /etc/exports.d/local.exports and put whatever you want there, that part isn't related to ltsp
12:19
<bobby44>
worls. thank you!
12:19
works
12:21bobby44 has left IRC (bobby44!6dc048e9@HSI-KBW-109-192-072-233.hsi6.kabel-badenwuerttemberg.de, Quit: Connection closed)
12:24woernie has left IRC (woernie!~werner@p50867e5b.dip0.t-ipconnect.de, Ping timeout: 256 seconds)
12:25woernie_ has joined IRC (woernie_!~werner@p508679af.dip0.t-ipconnect.de)
12:26Aison has left IRC (Aison!~Asion0@ipr01.alvhaus.ch, Ping timeout: 272 seconds)
12:38woernie has joined IRC (woernie!~werner@p50867e5b.dip0.t-ipconnect.de)
12:40woernie_ has left IRC (woernie_!~werner@p508679af.dip0.t-ipconnect.de, Ping timeout: 246 seconds)
12:44woernie has left IRC (woernie!~werner@p50867e5b.dip0.t-ipconnect.de, Ping timeout: 256 seconds)
12:45woernie has joined IRC (woernie!~werner@p508679af.dip0.t-ipconnect.de)
12:57woernie has left IRC (woernie!~werner@p508679af.dip0.t-ipconnect.de, Quit: http://quassel-irc.org - Chat comfortably. Anywhere.)
14:14Aison0 has joined IRC (Aison0!~Ivo@2a02:168:200f:100::1:1)
14:14
<Aison0>
what's the best way to set an environment variable? POST_INIT_SET_ENV2="export LTSP_MAC=%{MAC}" ?
15:19uumas has left IRC (uumas!uumaskapsi@gateway/shell/matrix.org/x-kunainecddqjrmwu, Quit: Bridge terminating on SIGTERM)
15:22ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)
15:23
<alkisg>
Aison0: export it to where, to the users?
15:23
Because if you put it in POST_INIT, it will be exported in that stage of `ltsp init`, but it won't reach the users...
15:27
To set environment variables for the users, google for that without involving ltsp; you'll find e.g. /etc/environment or pam_env or /etc/profile; then you can put it there with a POST_INIT command
15:27ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
15:29uumas has joined IRC (uumas!uumaskapsi@gateway/shell/matrix.org/x-ojiarmkqzpcrqsjg)
15:30GodFather has joined IRC (GodFather!~rcc@wsip-66-210-242-210.ph.ph.cox.net)
16:12eu^iesb7xteccat has joined IRC (eu^iesb7xteccat!55c04671@iesb7.xtec.cat)
16:13Aison has joined IRC (Aison!~Asion0@2a02:168:200f:110:69c6:120a:877c:5a19)
16:14
<eu^iesb7xteccat>
cuanto vale la lisencia
16:14
licensia
16:15
<alkisg>
English?
16:15
<eu^iesb7xteccat>
how much does the license cost
16:16
<alkisg>
License of what? Open source is free
16:16
<eu^iesb7xteccat>
thanks
16:16
<alkisg>
LTSP or Epoptes?
16:16
<eu^iesb7xteccat>
LTSP
16:16
i love you
16:16
<alkisg>
License is GPLv3
16:16
<eu^iesb7xteccat>
thanks
16:16
<alkisg>
Which means "free to use, but if you modify it, you need to share the source"
16:16
You're welcome
16:17
<eu^iesb7xteccat>
where are you from?
16:17
give me your IG
16:17
i follow you
16:17
my bby
16:18
responde perr+
16:29eu^iesb7xteccat has left IRC (eu^iesb7xteccat!55c04671@iesb7.xtec.cat, Quit: Connection closed)
16:56Aison has left IRC (Aison!~Asion0@2a02:168:200f:110:69c6:120a:877c:5a19, Ping timeout: 272 seconds)
16:58Aison has joined IRC (Aison!~Asion0@2a02:168:200f:110:69c6:120a:877c:5a19)
17:02woernie has joined IRC (woernie!~werner@pd9e8bc11.dip0.t-ipconnect.de)
17:25woernie has left IRC (woernie!~werner@pd9e8bc11.dip0.t-ipconnect.de, Ping timeout: 240 seconds)
18:16lucascastro has left IRC (lucascastro!~lucascast@177-185-139-41.dynamic.isotelco.net.br, Remote host closed the connection)
18:18lucascastro has joined IRC (lucascastro!~lucascast@177-185-139-41.dynamic.isotelco.net.br)
19:25lucascastro has left IRC (lucascastro!~lucascast@177-185-139-41.dynamic.isotelco.net.br, Ping timeout: 265 seconds)
19:45lucascastro has joined IRC (lucascastro!~lucascast@177-185-131-162.corp.isotelco.net.br)
19:48RaphGro has left IRC (RaphGro!~raphgro@fedora/raphgro, Quit: Please remember your own message. It'll be read as soon as possible.)
19:49lucascastro has left IRC (lucascastro!~lucascast@177-185-131-162.corp.isotelco.net.br, Remote host closed the connection)
19:49lucascastro has joined IRC (lucascastro!~lucascast@177-185-131-162.corp.isotelco.net.br)
19:54lucascastro has left IRC (lucascastro!~lucascast@177-185-131-162.corp.isotelco.net.br, Ping timeout: 265 seconds)
20:21lucascastro has joined IRC (lucascastro!~lucascast@177-185-139-41.dynamic.isotelco.net.br)
21:07Aison has left IRC (Aison!~Asion0@2a02:168:200f:110:69c6:120a:877c:5a19, Ping timeout: 272 seconds)
21:15Aison has joined IRC (Aison!~Asion0@2a02:168:200f:110:69c6:120a:877c:5a19)
21:20ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)
23:06GodFather has left IRC (GodFather!~rcc@wsip-66-210-242-210.ph.ph.cox.net, Ping timeout: 258 seconds)
23:21GodFather has joined IRC (GodFather!~rcc@wsip-66-210-242-210.ph.ph.cox.net)