IRC chat logs for #ltsp on irc.libera.chat (webchat)


Channel log from 29 July 2021   (all times are UTC)

00:16ltspnoob has left IRC (ltspnoob!~ltspnoob@riddle.wizard.ca, Quit: Client closed)
02:15
<alkisg>
ltspnoob: https://github.com/ltsp/ltsp/discussions/492
02:30
client/login/pamltsp: if ssh -qns "$@" "$pw_name@$SSH_SERVER" sftp; then
02:30
client/login/pamltsp: sshfs -o "$sshfs_params" "$@" "$pw_name@$SSH_SERVER:" "$pw_dir" 2>&1)
02:30
client/login/pamltsp: SSH_SERVER=${SSH_SERVER:-server}
02:30
Re SSH_SERVER:
02:31
Maybe you have an older LTSP version?
02:31
ltspnoob: anyway IRC is for synchronous chat, since our online hours seem to be incompatible, it might be best to use github issues instead
06:04ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
06:42bcg has joined IRC (bcg!~b@dg4ybwyyyyyyyyyyyyyyt-3.rev.dnainternet.fi)
10:36ServerStatsDisco has left IRC (ServerStatsDisco!~serversta@2001:470:69fc:105::1a, Quit: Bridge terminating on SIGTERM)
10:36BrunoBinet[m] has left IRC (BrunoBinet[m]!~bbinetmat@2001:470:69fc:105::68c6, Quit: Bridge terminating on SIGTERM)
10:36alkisg has left IRC (alkisg!~alkisg@2001:470:69fc:105::2d3, Quit: Bridge terminating on SIGTERM)
10:36mistik1[m] has left IRC (mistik1[m]!~mistik1ma@2001:470:69fc:105::bae9, Quit: Bridge terminating on SIGTERM)
10:36chabad360[m] has left IRC (chabad360[m]!~pseudoniu@2001:470:69fc:105::525b, Quit: Bridge terminating on SIGTERM)
10:36MaciejBursztynow has left IRC (MaciejBursztynow!~mumin37ma@2001:470:69fc:105::69d9, Quit: Bridge terminating on SIGTERM)
10:36gidarakos[m] has left IRC (gidarakos[m]!~gidarakos@2001:470:69fc:105::ce6, Quit: Bridge terminating on SIGTERM)
10:36fottsia[m] has left IRC (fottsia[m]!~fottsiama@2001:470:69fc:105::48bb, Quit: Bridge terminating on SIGTERM)
10:36enaut[m] has left IRC (enaut[m]!~enautmatr@2001:470:69fc:105::c619, Quit: Bridge terminating on SIGTERM)
10:39ServerStatsDisco has joined IRC (ServerStatsDisco!~serversta@2001:470:69fc:105::1a)
10:39BrunoBinet[m] has joined IRC (BrunoBinet[m]!~bbinetmat@2001:470:69fc:105::68c6)
10:40alkisg has joined IRC (alkisg!~alkisg@2001:470:69fc:105::2d3)
10:40enaut[m] has joined IRC (enaut[m]!~enautmatr@2001:470:69fc:105::c619)
10:40MaciejBursztynow has joined IRC (MaciejBursztynow!~mumin37ma@2001:470:69fc:105::69d9)
10:40gidarakos[m] has joined IRC (gidarakos[m]!~gidarakos@2001:470:69fc:105::ce6)
10:40mistik1[m] has joined IRC (mistik1[m]!~mistik1ma@2001:470:69fc:105::bae9)
10:40chabad360[m] has joined IRC (chabad360[m]!~pseudoniu@2001:470:69fc:105::525b)
10:40fottsia[m] has joined IRC (fottsia[m]!~fottsiama@2001:470:69fc:105::48bb)
10:47lucascastro has joined IRC (lucascastro!~lucascast@177-185-133-236.dynamic.isotelco.net.br)
14:00Hastrup[m] has joined IRC (Hastrup[m]!~oh999matr@2001:470:69fc:105::c962)
14:09
<Hastrup[m]>
hi all :)
14:13
i think i have fund the solution lol
14:13
#43
14:29
my server can see and use the ltsp image thats amazing :)
14:29
is there a way to get cronjob on the image?
14:30
on my master image i have setup a cronjob that starts on boot but when i diskless boot on another server its just gone?
14:31lcurl_ has joined IRC (lcurl_!~UserNick@113.22.7.248)
14:33lcurl has left IRC (lcurl!~UserNick@113.22.7.248, Ping timeout: 245 seconds)
14:33lcurl_ is now known as lcurl
14:36
<alkisg>
Hastrup: search for CRONTAB there: https://ltsp.org/man/ltsp.conf/
14:36
When you say "you setup a cronjob" do you mean with `crontab -e`, or with /etc/cron.d?
14:36
And, did you publish the image after doing so?
14:36
<Hastrup[m]>
i did publish after
14:37
nad thank you for your time
14:37lcurl_ has joined IRC (lcurl_!~UserNick@113.22.7.248)
14:37
<Hastrup[m]>
i use the crontab -e
14:37
nano crontab -e
14:38
i just dont get the conf file
14:38
<alkisg>
grep cron /usr/share/ltsp/server/image/image.excludes
14:38
var/spool/cron/*/*
14:38
I.e. such cronjobs are omitted from the image on purpose
14:38lcurl has left IRC (lcurl!~UserNick@113.22.7.248, Ping timeout: 245 seconds)
14:38lcurl_ is now known as lcurl
14:39
<alkisg>
Either use CRONTAB in ltsp.conf, or /etc/cron.d, or OMIT_IMAGE_EXCLUDES in ltsp.conf
14:40
<Hastrup[m]>
where is the ltsp.conf?
14:42
so in need to make?
14:43
i have made it and im in :D
14:44lucascastro has left IRC (lucascastro!~lucascast@177-185-133-236.dynamic.isotelco.net.br, Ping timeout: 250 seconds)
14:45
<alkisg>
Great. The man pages are your friend, they contain good documentation
14:45
<Hastrup[m]>
X_HORIZSYNC="28.0-87.0"
14:45
X_VERTREFRESH="43.0-87.0"
14:45
X_MODES='"1024x768" "800x600" "640x480"'
14:45
CRONTAB_x=@reboot /home/pxe/scrip.sh
14:45
do i just do it like that?
14:48
or shuld i just add the CRONTAB_x=@reboot /// in the crontab -e file?
14:49
im just a home labber trying things out
14:49
XD
14:49
<alkisg>
You don't need crontab for that
14:49
You can use e.g. POST_SERVICE_LTSP="/home/pxe/scrip.sh"
14:50
Otherwise, use quotes, e.g.: CRONTAB_RUN_MY_SCRIPT="@reboot /home/pxe/scrip.sh"
14:51
The _x part in CRONTAB_x means "whatever, put some small description so that you understand what you're doing there"
14:51
Also remember to add the user, CRONTAB_x="@reboot root /home/pxe/scrip.sh"
14:52
Finally put it under [clients], not under [crt_monitor]
14:54* Hastrup[m] < https://libera.ems.host/_matrix/media/r0/download/libera.chat/e16572e72a83753856519a37ec212eb780cf8316/message.txt >
14:55
<alkisg>
Yes (although now you don't need the `crontab -e` command)
14:56
<Hastrup[m]>
where do i put the CRONTAB_x also in ltsp.conf?
14:56
<alkisg>
Yes
14:56
<Hastrup[m]>
under clients
14:56
<alkisg>
Yes
14:56
Also note that /home gets mounted AFTER login in ltsp clients
14:56
So put the script elsewhere, not under /home
14:57
<Hastrup[m]>
oh
14:57
in /etc?
14:58
<alkisg>
Normally commands (scripts) go to /usr/local/sbin/scrip
14:58
That way the administrator can just run `scrip` without path
14:58
<Hastrup[m]>
i learn somthing new there thx alot!
14:58
<alkisg>
np
14:59
<Hastrup[m]>
i got on it right now :)
15:10lucascastro has joined IRC (lucascastro!~lucascast@45-167-143-6.netfacil.inf.br)
15:44lucascastro has left IRC (lucascastro!~lucascast@45-167-143-6.netfacil.inf.br, Ping timeout: 258 seconds)
15:47lcurl_ has joined IRC (lcurl_!~UserNick@113.22.7.248)
15:48lcurl has left IRC (lcurl!~UserNick@113.22.7.248, Ping timeout: 245 seconds)
15:48lcurl_ is now known as lcurl
16:17lucascastro has joined IRC (lucascastro!~lucascast@177-185-131-162.corp.isotelco.net.br)
17:10
<Hastrup[m]>
i cant get it to work
17:11
clients]
17:11
Specify an /etc/fstab line for NFS home; note this is insecure
17:11
FSTAB_HOME="server:/home /home nfs defaults,nolock 0 0"
17:11
POST_SERVICE_LTSP="/usr/sbin/scripts/script.sh"
17:11
that is what i have i the conf folder
17:12
and this it what i have in the sbin scripts folder
17:12
pxe@pxe:/sbin/scripts$ readlink -f script.sh
17:12
/usr/sbin/scripts/script.sh
17:13
i have done the ltsp image / and ltsp ipxe
18:01ltspnoob has joined IRC (ltspnoob!~ltspnoob@riddle.wizard.ca)
18:06
<alkisg>
Hastrup, only this is needed: ltsp initrd
18:24
<Hastrup[m]>
i also tried that
18:24
mv: replace '/srv/tftp/ltsp/ltsp.img', overriding mode 0644 (rw-r--r--)?
18:24
Generated ltsp.img:
18:25
my sricp runs fine when i do ./
18:27
<alkisg>
Put your whole ltsp.conf to pastebin
18:36
<Hastrup[m]>
https://pastebin.com/MiMHLSS6
18:41
<alkisg>
On the client, if you run this, do you see the updated ltsp.conf? cat /etc/ltsp/ltsp.conf
18:43
<Hastrup[m]>
2 sec
18:44
hmm
18:45
it does not look like i have the ltsp.conf on my client
18:45
i got the folder with ltsp
18:45
there is ssh_known_hotes and few other stuff
18:46
<alkisg>
Did you use sudo when you ran sudo ltsp initrd ?
18:47
<Hastrup[m]>
no
18:47
i try that
18:47
it takes some time befor my client its back up i post back
18:51
<ltspnoob>
@alkisg thank you for the info. yes, it appears that somehow I had an older version of LTSP.. and checking my apt-update logs, it was just (auto)updated 3 days ago..and my server does have the latest pamltsp file now
18:53
<alkisg>
👍
18:55ltspnoob has left IRC (ltspnoob!~ltspnoob@riddle.wizard.ca, Quit: Client closed)
18:55
<Hastrup[m]>
it did not strat but thr ltsp.conf is there now
18:59ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)
19:05vagrantc has joined IRC (vagrantc!~vagrant@2600:3c01:e000:21:21:21:0:100b)
19:09
<alkisg>
Hastrup, do you mean that your script was not ran on boot?
19:10
If so, can you run it manually with /usr/sbin/scripts/script.sh
19:10
<Hastrup[m]>
yes it did not run when i booting into my client
19:10
<alkisg>
I.e maybe you misplaced it
19:10
<Hastrup[m]>
when im in the folder it works
19:11
can i just run the path and it shuld work like that?`
19:11
<alkisg>
Yes
19:11
<Hastrup[m]>
just the path no . in the beginning?
19:14
that work
19:14
when i just type the path
19:19
<alkisg>
What does the script do, does it require xorg?
19:20
<Hastrup[m]>
hmm idk let me take a look
19:26
i cant find that it need it im trying to start a verus miner. my idea is to kick some of machines into mining when im producing more then i can use with my solor power roof
19:26
https://github.com/hellcatz/luckpool
19:26
here is the miner im using
19:28
<alkisg>
Are you using chrootless ltsp?
19:28
<Hastrup[m]>
yes
19:28
<alkisg>
When you put it in crontab -e, was it working properly?
19:28
<Hastrup[m]>
yes
19:28
hhmm
19:28
idk
19:29
now when i have moved thge scriåt
19:29
scriåt
19:29
script
19:29
i havent tried it after that
19:29
<alkisg>
Try that part first. Because if it's supposed to have xorg access, it won't run from cron
19:29
<Hastrup[m]>
but it work befor when it was in my /jome
19:29
ok i try
19:33
no it is not starting
19:33
hmm
19:33
2 sec
19:34
its starting now
19:34
the path is good
19:36
the ltsp server i using crontab -e to start a script on boot
19:36
@reboot /usr/sbin/scripts/script.sh
19:36
that is what i have in crontab -e
19:38
<alkisg>
On the ltsp client, type: cat /etc/cron.d/ltsp
19:38
Do you see "@reboot root /usr/sbin/scripts/script.sh" there?
19:38
<Hastrup[m]>
yes
19:39
excatly that
19:39
<alkisg>
Then ltsp did its job, it put it in the crontab, it should be running
19:39
You can put a simple command like "date >/date.txt" at the top of your script to see if it's called or not
19:40
You can also put another command like POST_SERVICE_BLAH="date >date2.txt" in ltsp.conf, to make sure this works too
19:40
Another thing that might be wrong is if you ran `crontab -e` as the user; and the script refuses to run if you run it as root
19:40
<Hastrup[m]>
hmm
19:41
<alkisg>
In any case it sounds like ltsp does its job, it puts the line in crontab, and something inside script.sh is to blame
19:42
<Hastrup[m]>
i trud to run it at first on the ltsp server with @reboot root but that did not work i removed root and then it work maybe see if that works in ltsp.conf also?
19:42
i think you are right about the scriåpt
19:42
script
19:44
<alkisg>
Do you boot the client just to run this script, or are people supposed to be able to login and work on it while the script also runs?
19:45
If it's the first, then maybe you can configure autologin as user, and put the script in the session autostart items
19:45
That way, /home will be mounted and the script will be run as the user
19:45
<Hastrup[m]>
its only to run that script
19:45
no other think need to happen
19:46
i will eventully have a my that trigger event when im in plus of power in my grifd
19:46
have a pi
19:47
now im just testing to see if its possoble for me to do :D
19:47
<alkisg>
It's confusing though, it sounds like a service but it doesn't work as root :D
19:47
Someone needs to fix or at least examine that script
19:48
Try the autologin idea, you can find the ltsp.conf parameters for autologin in its man page
19:50
<Hastrup[m]>
cool i will try that and again thank you alot for you time and help :)
19:50
<muhwalt>
alkisg: do you know of anyone using LTSP w/ 802.1x security set up?
19:54
<alkisg>
Hastrup: you're welcome
19:54
muhwalt: that's a radius server? Where would that take effect, on boot or on login?
19:56
<muhwalt>
Yes, it secures networking (authenticates the user or the device). You can set it up to allow layer2 without authentication while still needing auth before allowing layer3 networking
19:57
Basically, we'd like to harden our network against some random person walking in and plugging in a battery powered raspi
19:57
<alkisg>
wireguard?
19:57
<muhwalt>
IDS will be part of it
19:57
Oh, you mean to protect client > server comms... we use HTTPS/SSH across the board already
19:58
<alkisg>
https to restrict which clients can communicate with the server?
19:58
Then how would a raspi client get the image?
19:58
<muhwalt>
less specific to LTSP
19:59
not worried about someone attacking the clients so much, but rather general unauthorized access
19:59
My question is framed more like: Do you know of anyone who is successfully using LTSP in an environment that implements 802.1x
19:59
<alkisg>
OK sure I can easily answer that, "no" :)
19:59
<muhwalt>
Perfect thanks ;)
20:00
<alkisg>
I can't even imagine where it would help, but anyway :)
20:00
<muhwalt>
By nature of what we do, we have people that maybe don't like us so much
20:01
People coming in and yelling at us is not uncommon. I don't think it's a stretch that we make the wrong person upset and they try to attack us in some way
20:01
<alkisg>
I do have LTSP setups that implement PCI/DSS for credit card safety
20:01
<muhwalt>
Using unsecured network jacks and things is a pretty easy attack
20:01
<alkisg>
But radius... no, I can't imagine where it would help in an ltsp setup, what parts it would make safer
20:02
How can you get into a wireguard network that way?
20:02
<muhwalt>
We have other devices on our networks
20:02
windows laptops, etc
20:02
<alkisg>
But you already have secured these, right?
20:03
<muhwalt>
Yes, I'm just trying to figure out if 802.1x would be feasible
20:03
I'm checking boxes for federal regulations we're held against ;)
20:04
<alkisg>
At what point do you imagine that radius authentication would happen? ipxe? initramfs? display manager login?
20:04
<muhwalt>
Oh, I have no idea, that's why I asked the first question :)
20:05
It sounded tricky, if it was possible at all
20:05
<alkisg>
For me, an ltsp client should be able to boot without a user entering a password
20:05
<muhwalt>
in any case, it's time to go grab a beverage, have a good evening! I'll document anything if I take it any further
20:06
<alkisg>
And since the ltsp client cannot save state, the secret should be auto-generated from the client hardware
20:06
I've written some thoughts on implementing this with wireshark
20:06
Somewhere in issues or discussions
20:06
Cheers, later
20:06
<muhwalt>
in a "normal" setup, I think the PSK is configured with the interface on the client
20:07
<alkisg>
It's saved on the client hard disk. LTSP clients have no hard disk.
20:36lucascastro has left IRC (lucascastro!~lucascast@177-185-131-162.corp.isotelco.net.br, Ping timeout: 272 seconds)
22:23lucascastro has joined IRC (lucascastro!~lucascast@177-185-133-236.dynamic.isotelco.net.br)
23:31vagrantc has left IRC (vagrantc!~vagrant@2600:3c01:e000:21:21:21:0:100b, Quit: leaving)