IRC chat logs for #ltsp on irc.libera.chat (webchat)


Channel log from 12 March 2021   (all times are UTC)

01:24vagrantc has left IRC (vagrantc!~vagrant@unaffiliated/vagrantc, Ping timeout: 264 seconds)
05:26GodFather has left IRC (GodFather!~rcc@wsip-66-210-242-210.ph.ph.cox.net, Ping timeout: 245 seconds)
06:19sfxworks has joined IRC (sfxworks!46a07ce1@ip70-160-124-225.hr.hr.cox.net)
06:25
<sfxworks>
I am confused here.. I have this ltsp config for my rpi: https://termbin.com/2yhx and followed the instructions at https://ltsp.org/docs/installation/raspios/. I boot just fine with a login but can't. Any user that doesn't exist shows invalid user. Any "valid" user shows login incorrect. I am running in headless mode without epoptes-client.
06:25
For example, using that config, I try sfxworks/pass01 and I get ".Login incorrect."
06:26
<alkisg>
sfxworks: I'm not sure what you mean. Get a root shell, and run: getent passwd sfxworks
06:26
What's the output of that?
06:26
Also, did you run `ltsp initrd` after creating the users?
06:27
<sfxworks>
Oh so, these aren't for setting passwords? Only for auto login / they have to pre-exist?
06:27
<alkisg>
The PASSWORDS_x ltsp.conf parameter is provided when we want to autologin with a user with sshfs home
06:28
That way, we tell sshfs which password to use to connect to the server, so that the user doesn't need to type it
06:28
<sfxworks>
Ah understood. Okay, I need to make the password via nfs_rw real quick.
06:28
I guess it would work after
06:28
<alkisg>
sfxworks: no
06:29
The passwords are for server users
06:29
The chroot doesn't need users
06:29
LTSP users are managed on the server itself
06:29
And they ssh to the server, not insider the chroot
06:29
<sfxworks>
Can you clarify which server? The LTSP server vs the one tht is being ltsp booted then?
06:30
<alkisg>
sfxworks: normally, the ltsp server is also the ssh server, where people authenticate and get their home from
06:30
If you want to set a different one, it's possible
06:30
When a client wants to login as "user1/pass1", then sshfs user1@server is used, to mount his home from there
06:31
"server" normally is the boot server, which is the ltsp server
06:31
An LTSP server may have 10 different images. All server users can login to any image; users don't need to be created inside chroots or inside VMs/images.
06:32
<sfxworks>
Okay. I have `sfxworks:x:1000:1000:Sam:/home/sfxworks:/bin/bash` from my ltsp server, but when typing in my password on the rpi console after it boots, it still fails
06:33
I have a password there, and I ran ltsp initrd first too. I can try again though to be sure. I may have missed something.
06:33
<alkisg>
Did you login as root to a client? Did you run `getent passwd sfxworks` there? Did it show that line *on the client*?
06:33
Don't run getent on the server. Run it on the client.
06:33
<sfxworks>
How can I run it on the ltsp client when I can't login to the client?
06:33
<alkisg>
Don't you have ssh enabled?
06:33
!ltsp.conf
06:33
<ltspbot>
ltsp.conf: Configuration file for LTSP: https://ltsp.org/man/ltsp.conf/
06:33
<alkisg>
Also, at the last paragraph of this page ^, there's an example on how to get root shell
06:33
<sfxworks>
I get connection refused or reset when tyring
06:34
<alkisg>
OK, check the ltsp.conf last paragraph then
06:42
<sfxworks>
Now I appear to get `invalid passwd/shadow for root` even though I copied the one from my `/etc/shadow`
06:43
Thanks for the help so far. Trying to see where I went wrong here.
06:43
<alkisg>
sfxworks: don't use the one from your shadow, use a different one,
06:44
if people have your password hash, they may find the password with brute force after a few days, weeks or months of trying,
06:44
so, you don't want them to know your server password; create a separate one just for the clients
06:44
You may reuse the one I have in the ltsp.conf man page, which is qwer1234
06:45
Or you can type `passwd` to set a temp password in shadow, and see that one
06:48
<sfxworks>
Ok trying that now. For what it's worth, no one is going to be logging in. I am just trying to login to test something that is expected to be ephemeral, mainly to resolve https://github.com/kvaps/kubefarm/issues/3
06:48
The password overall is temporary
06:48
<alkisg>
Then just use the qwer1234 one that I have in the page...
06:48
<sfxworks>
Yep. Trying that one now. Thank you for that.
06:50
Still appears to fail...
06:51
Getting "Login incorrect"
06:51
<alkisg>
sfxworks: did you run `ltsp initrd`?
06:51
<sfxworks>
Yes, along with `ltsp kernel raspios` `ltsp nfs` and `ltsp image raspios --mksquashfs-params='-comp lzo'`
06:51
<alkisg>
No need for any of these, just ltsp initrd after modifying ltsp.conf each time
06:52
<sfxworks>
Ok. Though, I am still getting a login error after running `ltsp initrd`.
06:53
<alkisg>
Do you want to share your server console with me so that we find out what's wrong quicker?
06:53
<sfxworks>
If you have a moment. This is my homelab so I am fine with doing so.
06:54
<alkisg>
This one on the server: sudo apt install --no-install-recommends epoptes-client
06:54
<sfxworks>
I am not trying to install a desktop client
06:54
<alkisg>
And then: /usr/share/epoptes-client/share-terminal 81.186.20.0
06:54
<sfxworks>
Oh sorry, will this not?
06:54
<alkisg>
With --no-install-recommends, you won't get any desktop related stuff
06:54
<sfxworks>
I remember using install recommend with that
06:54
cool cool
06:57
Wow, this is pretty cool. I've seen tmux screenshares before but not this
06:57
<alkisg>
Yeah I developed it for such cases :)
06:57
<sfxworks>
Nice
06:57
<alkisg>
sfxworks: I want to test that hash; should I temporarily modify sfxworks, or should I add a test user?
06:58
<sfxworks>
You are fine to temporarily modify that username
06:58
<alkisg>
OK
06:59
<sfxworks>
No brute forcing behind the scenes;)
06:59
Worse case on my end youll get something for a dictionary lol
06:59
<alkisg>
sfxworks: if I wanted access in people's systems, I could just add it to ltsp itself :)
06:59
<sfxworks>
hahaha true enough
06:59
<alkisg>
sfxworks: try the password
07:00
<sfxworks>
qwer1234?
07:00
<alkisg>
So, it's not correct
07:04
sfxworks: hmm, I wonder if somehow the hash in the page is wrong
07:04
I set a new one, for qwer1234 again
07:04
<sfxworks>
Understood, booting the pi now
07:04
<alkisg>
Reboot the client and try to login with root/qwer1234
07:06
<sfxworks>
Success!
07:06
<alkisg>
yey :)
07:06
<sfxworks>
Auto login didn't work though, but manual did
07:07
Got `No shadow entries found for user regexp: root`
07:07
<alkisg>
Manual login as what, sfxworks or root?
07:07
<sfxworks>
Oh it might of been sfxworks
07:07
<alkisg>
You may share the client screen with me in the same way
07:07
<sfxworks>
hmm no it was root....
07:07
eh not worried about it
07:07
<alkisg>
either epoptes-client or vnc
07:08
<sfxworks>
Oh would I need epeptes-client on the rpi os image too?
07:08
I skipped that
07:08
was worried about desktop
07:08
<alkisg>
Or vnc
07:08
You may install them while the client is running
07:08
They don't need to pre-exist
07:08
<sfxworks>
It's an ephemeral image at this pong though right?
07:08
image to ram = 1 etc
07:08
<alkisg>
E.g. sudo apt install -y x11vnc; x11vnc -connect alkisg.ltsp.org
07:08
Yes
07:09
It would be anyway, even without image_to_ram
07:09
The client rootfs is always ephemeral
07:09
<sfxworks>
Hmm ok cool. Sick! Now I can plug in the 7 others of these and continue testing.
07:09
Sick thank you so much! I've been spending  hours on this.
07:10
<alkisg>
You're welcome. I closed the epoptes-client connection.
07:10
<sfxworks>
Thanks!
07:23vagrantc has joined IRC (vagrantc!~vagrant@unaffiliated/vagrantc)
07:28
<sfxworks>
`rpitest Ready <none> 11s v1.20.4 192.168.0.180 <none> Debian GNU/Linux 10 (buster) 5.10.17-v8+ cri-o://1.21.0-dev` so much progress is made now. Thanks again!!
07:30
Out of curiosity, since RPI_IMAGE is it's own variable, does that mean I can boot x86 clients on this at the same time?
07:30
ie: pxe is automagically configured to detect the client arch and serve the appropriate image?
07:30
<alkisg>
sfxworks: yes, of course
07:31
<sfxworks>
What an amazing tool
07:31
100 to everyone
07:32
<alkisg>
It can also autodetect x86_64 vs x86_32 clients as well, and direct them to the appropriate image
07:34vagrantc has left IRC (vagrantc!~vagrant@unaffiliated/vagrantc, Quit: leaving)
07:34
<sfxworks>
awesome
07:37RaphGro has joined IRC (RaphGro!~raphgro@fedora/raphgro)
07:41
<fiesh>
I'm surprised people still have x86 clients
07:42
<alkisg>
It's not easy to replace 100.000+ Pentium 4's, it takes time...
07:42ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
07:42
<alkisg>
And there are some more modern x32 CPUs as well, e.g. I have a 32bit laptop with 700 cpubenchmark score and 4 GB RAM, that can easily run windows 10, even if it's 32 bit
07:44
<fiesh>
fascinating... the last time I used an x86 system was... at least 15 years ago
08:03ghaoil has joined IRC (ghaoil!~ghaoil@31.7.247.13)
08:30sfxworks has left IRC (sfxworks!46a07ce1@ip70-160-124-225.hr.hr.cox.net, Quit: Ping timeout (120 seconds))
12:21* gvy writes off a completely non-x86 system %) not even RISC/CISC
12:25sfrank has joined IRC (sfrank!4d811845@69.24.129.77.rev.sfr.net)
12:28
<sfrank>
Hello
12:28
I created my chroot on a pi 3B
12:28
I just had pi 4, the image is 32 bit
12:28
Is this normal?
12:28
If so, is it due to the fact that it is a 3B?
12:28
Is there something to do to switch to 64 bits or do I have to redo my chroot with a pi 4?
12:31
<alkisg>
sfrank: if you downloaded the 32bit image, you got 32bit; if you downloaded the 64bit image, you got 64bit
12:31
The default is still 32bit afaik
12:31
(for raspberry pi os, that is; ltsp uses whatever you download)
12:32
There are a couple of beta 64bit images there: https://downloads.raspberrypi.org/raspios_arm64/images/
12:33
But AFAIK there's no official 64bit image for raspberries yet; while the other distributions like debian, ubuntu and kali, do have 64bit images for rpi
12:33
But there's no hardware acceleration there, missing proprietary libraries etc
12:43
<sfrank>
ok thank you for your answer
13:15sfrank has left IRC (sfrank!4d811845@69.24.129.77.rev.sfr.net, Quit: Connection closed)
13:49woernie has joined IRC (woernie!~werner@pd9e8b5cc.dip0.t-ipconnect.de)
15:01ghaoil has left IRC (ghaoil!~ghaoil@31.7.247.13, Quit: Leaving)
15:21GodFather has joined IRC (GodFather!~rcc@wsip-66-210-242-210.ph.ph.cox.net)
15:23RaphGro has left IRC (RaphGro!~raphgro@fedora/raphgro, Quit: Please remember your own message. It'll be read as soon as possible.)
15:35GodFather has left IRC (GodFather!~rcc@wsip-66-210-242-210.ph.ph.cox.net, Ping timeout: 264 seconds)
15:41woernie has left IRC (woernie!~werner@pd9e8b5cc.dip0.t-ipconnect.de, Ping timeout: 276 seconds)
16:03woernie has joined IRC (woernie!~werner@pd9e8b5cc.dip0.t-ipconnect.de)
16:30pppingme has left IRC (pppingme!~pppingme@unaffiliated/pppingme, Ping timeout: 264 seconds)
17:54vagrantc has joined IRC (vagrantc!~vagrant@unaffiliated/vagrantc)
18:31woernie has left IRC (woernie!~werner@pd9e8b5cc.dip0.t-ipconnect.de, Remote host closed the connection)
19:29shored1 has joined IRC (shored1!~shored@81-175-153-95.bb.dnainternet.fi)
19:29shored has left IRC (shored!~shored@81-175-153-95.bb.dnainternet.fi, Ping timeout: 246 seconds)
19:40woernie has joined IRC (woernie!~werner@pd9e8b5cc.dip0.t-ipconnect.de)
20:42Aison has left IRC (Aison!~Asion0@2a02:168:200f:110:69c6:120a:877c:5a19, Ping timeout: 272 seconds)
20:47Aison has joined IRC (Aison!~Asion0@2a02:168:200f:110:69c6:120a:877c:5a19)
20:48woernie has left IRC (woernie!~werner@pd9e8b5cc.dip0.t-ipconnect.de, Remote host closed the connection)
21:15shored1 has left IRC (shored1!~shored@81-175-153-95.bb.dnainternet.fi, Ping timeout: 246 seconds)
21:15shored has joined IRC (shored!~shored@81-175-153-95.bb.dnainternet.fi)
22:10ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)
22:18jgee981350 has left IRC (jgee981350!~jgee@186.80.49.20, Ping timeout: 245 seconds)
22:19jgee981350 has joined IRC (jgee981350!~jgee@186.80.49.20)
23:02pppingme has joined IRC (pppingme!~pppingme@unaffiliated/pppingme)
23:21mgariepy has left IRC (mgariepy!~mgariepy@ubuntu/member/mgariepy, Ping timeout: 276 seconds)
23:34mgariepy has joined IRC (mgariepy!~mgariepy@ubuntu/member/mgariepy)