IRC chat logs for #ltsp on irc.libera.chat (webchat)


Channel log from 18 January 2022   (all times are UTC)

00:36fadrc[m] has left IRC (fadrc[m]!~fadrcmatr@2001:470:69fc:105::1:699d, Ping timeout: 268 seconds)
00:36sfxworks[m] has left IRC (sfxworks[m]!~sfxworksm@2001:470:69fc:105::e5d4, Ping timeout: 268 seconds)
00:37fadrc[m] has joined IRC (fadrc[m]!~fadrcmatr@2001:470:69fc:105::1:699d)
00:39woernie has left IRC (woernie!~werner@p5ddec734.dip0.t-ipconnect.de, Ping timeout: 256 seconds)
00:39woernie has joined IRC (woernie!~werner@p5ddec734.dip0.t-ipconnect.de)
00:39sfxworks[m] has joined IRC (sfxworks[m]!~sfxworksm@2001:470:69fc:105::e5d4)
02:36lucascastro has joined IRC (lucascastro!~lucascast@192-140-51-251.static.oncabo.net.br)
07:00ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
07:03jgee has left IRC (jgee!~jgee@186.80.49.20, Ping timeout: 240 seconds)
07:46vagrantc has left IRC (vagrantc!~vagrant@2600:3c01:e000:21:21:21:0:100b, Quit: leaving)
08:29jgee has joined IRC (jgee!~jgee@186.80.49.20)
09:45danboid has joined IRC (danboid!~dan@portal.salford.ac.uk)
09:47
<danboid>
alkisg, I've spotted something that could be causing me problems. Why does ltsp image copy the local users on my ltsp server into my ltsp image? There are no passwd and shadow entries for my test user in my source vmimage but there are in the ltsp image
09:48
<alkisg>
danboid: it copies them because they are needed by default for pamltsp
09:48
Then when it sees that you're using ldap, it doesn't use them
09:49
<danboid>
What about the case like mine where a locakl user on the ltsp server matches an LDAP name. Thats a no-go or is there a workaround?
09:50
<alkisg>
If ldap is detected, the ldap user will be used
09:50
There's no problem at all
09:50
<danboid>
OK thanks
09:51
Time to stick some extra debug statements in pamltsp to see if that will show me where its going wrong then
09:53
It could just be an incorrect sshd setting here. Have you documented the ssh server settings required for pamltsp?
09:53
<alkisg>
pamltsp shouldn't be called at all in your case
09:54
<danboid>
I thought it used pamltsp to mount the sshfs homes when using LDAP?
10:00
I can see its detecting my ldap config because its running in additional mode but pamltsp is definitelt being run because lightdm is showing errors from it
10:06
alkisg, Your English is very good, I have to say. Do you think in English or Greek, mostly?
10:06
and how did you learn English, if you don't mind me asking?
10:26
There isn't a second way to do SSHFS home dirs under LTSP that I'm missing then?
10:26
Thats what your previous comment about not using pamltsp sounds like
10:38
<alkisg>
> I thought it used pamltsp to mount the sshfs homes when using LDAP?
10:38
You're right there; I meant that it wouldn't touch your chroot /etc/passwd; while later on, it's used to mount the home directory with sshfs
10:39
> alkisg, Your English is very good, I have to say. Do you think in English or Greek, mostly?
10:39
When I'm speaking in English I also think in English, except for processing numbers, e.g. I can't think 123+456 in English :)
10:43
> and how did you learn English, if you don't mind me asking?
10:43
By reading thousands of comics :D
10:46
<danboid>
Good method!
10:48Vercas has left IRC (Vercas!~Vercas@gateway/tor-sasl/vercas, Remote host closed the connection)
10:48Vercas has joined IRC (Vercas!~Vercas@gateway/tor-sasl/vercas)
10:50
<alkisg>
> There isn't a second way to do SSHFS home dirs under LTSP that I'm missing then?
10:50
If you want to, you can use pam_mount with sshfs; it's harder to set up though
11:34Vercas3 has joined IRC (Vercas3!~Vercas@gateway/tor-sasl/vercas)
11:36Vercas has left IRC (Vercas!~Vercas@gateway/tor-sasl/vercas, Ping timeout: 276 seconds)
11:36Vercas3 is now known as Vercas
15:22jgee1 has joined IRC (jgee1!~jgee@186.80.49.20)
15:24jgee has left IRC (jgee!~jgee@186.80.49.20, Ping timeout: 256 seconds)
15:27jgee1 has left IRC (jgee1!~jgee@186.80.49.20, Ping timeout: 256 seconds)
16:16jgee has joined IRC (jgee!~jgee@186.80.49.20)
16:17ManuelGutierrezG has joined IRC (ManuelGutierrezG!~mgtz81mat@2001:470:69fc:105::1:6d1a)
16:23
<ManuelGutierrezG>
Hi, I'm new on ltsp, i mount a server for a school, but i have a problem, the clients i'm using are x86 32 bits, I'm trying to create an image with the next line: ltsp initrd, but the result is the next messages: Image does not exist x86_32, LTSP command failed: test image_main: != image_main:
16:23
Aborting ltsp. Can anybody help me?
16:24
<alkisg>
Manuel Gutierrez Gomez: did you create a virtualbox 32bit image? Where did you put it and how did you name it?
16:26
<ManuelGutierrezG>
No, I only type the command like the tutorial, how is the procedure to do it?
16:34
<danboid>
ManuelGutierrezG, You need to decide if you want to create a chrootless LTSP image or use a VM image as the base
16:34
ManuelGutierrezG, Chrottless is less work, using a VM image is more work but gives you more control
16:35
<alkisg>
Manuel Gutierrez Gomez: how much RAM does your server have?
16:36
<danboid>
alkisg, I'm pretty I've cracked my problem. LTSP expects the (SSH) server hostname to be called server but thats not the case. Do I only have to configure $SERVER in ltsp.conf or do I need to define $SSH_SERVER too?
16:37
<alkisg>
$SERVER is the nfs server; $SSH_SERVER is the sshfs server
16:37
The "server" hostname is defined in /etc/hosts
16:37
It doesn't need to be in DNS
16:37
<ManuelGutierrezG>
alkisg: 96GB
16:37
<alkisg>
The server doesn't need to be actually named $server
16:37
Manuel Gutierrez Gomez: ok, create a virtualbox image with e.g. ubuntu mate 32bit and come back here
16:38
<ManuelGutierrezG>
alkisg: ok, i'll do,back soon
16:38
<alkisg>
It needs to be a 18.04 image as it's the last one that supports 32bit
16:39
<danboid>
alkisg, Where does pamltsp derive $SSH_SERVER from?
16:39
You say set in in hosts? #
16:40
Sure I set $SSH_SERVER in ltsp.conf
16:40
*Surely
16:40
?
16:41
<alkisg>
LTSP get SERVER from /proc/cmdline, and saves it to /etc/hosts
16:41
Then it assumes SSH_SERVER is the same as SERVER, unless you override it from ltsp.conf
16:44
<danboid>
OK so I think it might be best definig $SERVER in ltsp.conf then so that I could change it without rebuilding the image
16:45
Yeah that makes sense to me. Thanks alkisg!
17:43danboid has left IRC (danboid!~dan@portal.salford.ac.uk, Quit: Leaving)
17:45
<ManuelGutierrezG>
<alkisg> "Manuel Gutierrez Gomez: ok..." <- I'm ready
17:54
<alkisg>
Manuel Gutierrez Gomez: ok, follow the related documentation: https://ltsp.org/man/ltsp-image/#vm-images
17:54
If you find any difficulties, feel free to ping me
17:55
Use this specific name for the symlink: x86_32
17:55
That helps in autodetecting 32/64bit clients
18:02danboid has joined IRC (danboid!~dan@portal.salford.ac.uk)
18:03
<danboid>
alkisg, $SERVER is missing from the example ltsp.conf. Does it go under [server] or [common] ?
18:04
<alkisg>
danboid: you don't want to set SERVER. You want to set SSH_SERVER
18:04
It goes under [clients]
18:04
SERVER is for the NFS rootfs /, SSH_SERVER is for SSHFS /home
18:04
<danboid>
alkisg, Ah right! Thaks
18:04
Thanks even
18:05
<alkisg>
You'll also need to add the appopriate ssh keys
18:05
<ManuelGutierrezG>
<alkisg> "Manuel Gutierrez Gomez: ok..." <- I use this line:
18:05
ManuelGutierrezG: ln -rs ~/VirtualBox\ VMs/Umate 32/Umate 32.vmdk /srv/ltsp/x86_32.img
18:05
<alkisg>
Manuel Gutierrez Gomez: nice; then just run `sudo ltsp image`
18:06
<ManuelGutierrezG>
And I have this problem: ln: el objetivo '/srv/ltsp/x86_32.img' no es un directorio
18:06
<danboid>
alkisg, keys? Each user uses their own keys?
18:06
<alkisg>
Does the /srv/ltsp folder exist?
18:06
danboid: server keys, yeah ssh servers have their keys
18:06
<ManuelGutierrezG>
alkisg: yeah
18:07
<alkisg>
Manuel Gutierrez Gomez: I don't have much time currently, do you mind if I see over VNC?
18:07
!vnc-dide
18:07
<ltspbot`>
vnc-dide: To share your screen with me, run this: sudo apt-get --yes install x11vnc; x11vnc -connect srv1-dide.ioa.sch.gr - this is a reverse connection, it doesn't need port forwarding etc.
18:07
<alkisg>
....the bot sleeps
18:07
<danboid>
alkisg, I thought it would be accessing the mounts using the password from LDAP?
18:07
<alkisg>
x11vnc -connect alkisg.ltsp.org
18:07
That command will share your screen with me, if you don't mind
18:09
danboid: when you run ssh some-pc, you get a prompt to accept its keys or not
18:09
These keys need to be included in your image
18:09
man ssh has more details about this
18:10
<danboid>
Ah OK so I'll just need to configure one key between the VM image and the LTSP server then?
18:14
<alkisg>
Manuel Gutierrez Gomez: you used a dynamic disk, not a fixed size one
18:14
So it can't be used as an ltsp image
18:14
<ManuelGutierrezG>
Ok
18:15
<alkisg>
Reinstall in that new VM, it'll be faster
18:15
<ManuelGutierrezG>
I will setup again and make the same procedure?
18:15
Ok, thanks
18:15
<alkisg>
Use MBR and make sure that the first partition is ext4
18:15
Let me make the symlink
18:16
OK ready; back later!
18:16
<ManuelGutierrezG>
thanks again
18:24vagrantc has joined IRC (vagrantc!~vagrant@2600:3c01:e000:21:21:21:0:100b)
18:27
<danboid>
alkisg, I know how to use ssh keys but why/how are ssh keys used in LTSP? I thought sshfs auth would be handled via ldap/pam?
18:30
The only mention of ssh I see in the ltsp ma page is this:
18:30
-m, --home-dir=/home
18:30
The default method of making /home available to LTSP clients is SSHFS. In some cases security isn’t an issue, and sysadmins
18:30
prefer the insecure NFSv3 speed over SSHFS. $HOME_DIR is used by ltsp nfs to export the correct directory, if it’s different to
18:30
/home, and by LTSP clients to mount it.
18:30
Sorry fiot the spam
18:31
I don't understand how ssh keys would work with LTSP
18:31
Surely sshfs uses the pam/ldap password?
18:32
I've not actually read the askpass script yet. Maybe I should now
18:36
alkisg, Nope, ssh-askpass is all about passwords like I thought. ssh password have to be enabled for LTSP/pam/LDAP to work right. Keys?
18:37
<alkisg>
danboid: you're talking about passwordless ssh; i'm talking about ssh server keys
18:37
Not client keys
18:37
It's the keys that ask you "do you trust this server"?
18:38
<danboid>
So which section of the ssh ma page do I need to follow to kee LTSP happy?
18:38
<alkisg>
Without ssh server keys, any ssh server would be able to steal your password
18:40
None; the man pages cover the simple setup
18:40
For advanced setups, you're supposed to know about these things
18:40
<danboid>
The ltsp main man page doesn't cover this
18:40
<alkisg>
Feel free to add wiki pages for whatever you deem worthy
18:41
<danboid>
What is this step? Do you mean does my server have a private ssh key configured?
18:41
<alkisg>
There is infrastructure in ltsp for this, i.e. if you put the keys in the correct place they'll be picked up, but you should be able to read the code etc
18:42
That's exactly what I said
18:42
Since it's an advanced setup, it's not covered by the upstream documentation; the community can document it in the wiki
18:43
Yes, all ssh servers have private keys
18:43
It's how ssh works
18:44
<danboid>
So do I need to configure an ssh for a specific user in my LTSP image?
18:45
an ssh key
18:45
<alkisg>
No
18:46
<danboid>
I'm still getting the pamltsp error after defining SSH_SERVER
18:47
I'm happy to write the missing bits of docs for the wiki
18:47
<sfxworks[m]>
How do I remove the gui that was installed by ltsp?
18:47
<danboid>
Do we ned another one here for ssh keys?
18:48
sfxworks[m], What you prob want to do is disable the gdm3 service
18:48
Thats the GUI login manager
18:49
sudo systemctl disable gdm3
18:49
<sfxworks[m]>
mk thanks, though anyway to not bundle it with ltsp recommends for headless servers? or is it required by, what was it, epoptes?
18:50
<danboid>
Yes, epoptes pulls it in because its a GUI app
18:51
<vagrantc>
if it does, it's not in any of the obvious immediate dependencies or recommends
18:51
e.g. recommends of recommends of recommends, perhaps ...
18:52
<ManuelGutierrezG>
alkisg: Looks like it's ready, thanks a lot
18:52
<alkisg>
Manuel Gutierrez Gomez: great
18:52
sfxworks: the ltsp installation page says to install epoptes if you want a computer lab monitoring tool, and that it's optional
18:52
<danboid>
Ready! Ready? :D
18:53
<alkisg>
If you did install it, you can remove it with apt purge --auto-remove epoptes
18:53
<ManuelGutierrezG>
Nope, i didnt install, i will
18:53
<alkisg>
Manuel Gutierrez Gomez: wait, do you mean just the vm, or the whole setup?
18:54
If you set up just the VM, you now need `ltsp image`, `ltsp ipxe` and the rest of the ltsp commands mentioned in installation
18:54
<danboid>
I'm pretty sure if you install any Qt app under Debuntu, it will install xorg w/ gdm3 by default, you don't get much of a say about it
18:55
unless you already have display manager installed
18:59dan__ has joined IRC (dan__!~dan@cpc127016-macc4-2-0-cust104.1-3.cable.virginm.net)
18:59
<dan__>
alkisg, I have only ever established ssh keys between specific users on machines. How does this ned to be configured for LTSP?
19:01
alkisg, https://ltsp.org/docs/installation/ doesn't mention any ssh config requirements
19:02danboid has left IRC (danboid!~dan@portal.salford.ac.uk, Ping timeout: 268 seconds)
19:03
<vagrantc>
if you're following the documentation, it is handled out of the box, if you're doing something different, you have to ... do something different :)
19:04
<dan__>
vagrantc, Yes I've bee forced to deviate fro a standard install due to our network config. We couldn't use proxy dhcp for as start, and don't use the standard LTSP ipxe menu
19:05
Also we won't have a LDAPS serve sorted for a while so I had to use nslcd for LDAP
19:07
Everything is for LTSP is running locally on a bare metal 20.04 LTSP server apart from the remote Windows Server 2016 LDAP server
19:07
<alkisg>
From what I understood, dan__ wants to host the user homes (SSHFS) in a separate box than the ltsp server
19:07
<dan__>
alkisg, No, thats not the case
19:08
The LTSP server is tghe same SSH server
19:08
<alkisg>
So he needs to copy the other server's ssh keys to /etc/ltsp ...
19:09
<dan__>
other server? The LDAP server isn't using ssh?
19:09
<alkisg>
dan__: then why were you asking to set a different SERVER (or SSH_SERVER)?
19:10
<dan__>
alkisg, I added debug statements to pamltsp and I could see it was usig `server` as the address for my SSH_SERVER. That will not resolve to my LTSP server
19:11
LTSP/SSH server
19:11
Its one and the same
19:11
<vagrantc>
why won't it?
19:11
<dan__>
but I still cannot login so more debuggig to do tomorrow
19:12
pamltsp is failing to mount /home
19:13
If I need to set up a ssh key between the VM image and the LTSP/SSH server, which user do I create the authorization for?
19:14
on both ends
19:17
<ManuelGutierrezG>
<alkisg> "Manuel Gutierrez Gomez: wait, do..." <- the epoptes, the server and the clients now is running
19:17
<alkisg>
Great!
19:20
<dan__>
I think I know what I have to do now, maybe
19:21
There is /etc/ltsp/ssh_known_hosts I see
19:22
So I need to populate that with the MAC address of every machine I want to use on LTSP (with sshfs, which is all of the LTSP clients) ?
19:23
<alkisg>
dan__: that problem is due to pam, not due to ssh
19:23
e.g. maybe your pam doesn't give pamltsp the password
19:27
<dan__>
alkisg, Is this the command that pamltsp uses to mount the home dirs?
19:27
sshfs -o "$sshfs_params" "$@" "$pw_name@$SSH_SERVER:" "$pw_dir"
19:27
line 194 in pamltsp ?
19:28
If that is using a password, it wou;d have to be included with the $@ params but that doesn't contain my password
19:29
Ah!
19:29
Thats why I need to set the key up
19:29
but how?
19:29
Hold on no
19:30
Noo keys 0 that should be using a password provided by the $@ or stdin but IO don;t see that happening
19:31
<alkisg>
dan__: no, you don't need to do anything about ssh
19:31
All our chat was based on my misunderstanding of your misunderstanding :)
19:32
If pam is configured properly, then your ldap pam module doesn't clear the password from the pam stack
19:32
So pam_exec / pamltsp can get it from pam and use it
19:32
It appears that your pam isn't configured properly; that's what you need to fix
19:32
Do not focus on ssh at all...
19:33
Put some debug statements in pamltsp and see if it correctly receives the password, e.g. write it to a file
19:33
<dan__>
What might the illusive option be called?
19:33
<alkisg>
If it doesn't, then fix your ldap pam configuration
19:34
The proper ldap module is pam_ldap, or sssd
19:34
I don't remember the broken one you're using :)
19:39
<dan__>
alkisg, I need to print $pw_passwd I presume, just before the sshfs mount command
19:40
<alkisg>
Yes but not to stdout, to a file
19:40
<dan__>
Yep. I missed that key var earlier :)
19:42
<alkisg>
dan__: not pw_passwd; you want to debug ssh_askpass,not pamltsp
19:43
Line 33 in ssh_askpass: echo "$pass"
19:43
Duplicate that, and echo it to a file
19:43
echo "$pass" >/tmp/pass.$$; echo "$pass"
19:45
<dan__>
alkisg, Will do
19:49
That's it for me today. Thanks alkisg!
19:50
<alkisg>
👍️
19:50dan__ has left IRC (dan__!~dan@cpc127016-macc4-2-0-cust104.1-3.cable.virginm.net, Quit: Leaving)
23:23ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)