Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
On Sat, September 15, 2012 7:44 am, Ken Smith wrote: Which suggests that there is something about A you need to know more about. As said earlier what happens if you run telnet ip-of-a whatever-port-ssh-is -on--normally-22 I had already answered to this: http://lists.centos.org/pipermail/centos/2012-September/129092.html If I use port 22 instead of the one sshd is listening on, I get a normal telnet: connect to address ip-of-a: Connection refused Marco ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Partition large disk
On Friday 14 September 2012 09:26:11 Laurent wrote: Le 2012-09-14 10:07, Tony Molloy a écrit : OOPS that was fat fingers. I didn't mean to send it. I figured out parted can do the job for me but the interface is not the best. Can't use gparted as I said I have to do this remotely. Even if you need to do this remotely, you can use gparted through ssh with X11 forwarding. Worked like a dream. Can't understand how I didn't think of looking for an rpm of gparted. I only ever used the live-cd version before. Thanks. I'll certainly have a look at gdisk Sorry for the noise. I'll let people know how I get on after the weekend. If you consider resizing your RAID volumes one day, I'll recommend the already proposed solution: use LVM, with physical volume directly on the disk device. No partitionning. Why ? Because, as far as I known, parted developers has decided to remove the unmaintained/old code to resize ext* filesystems from parted. The partition sizes required are fixed for their lifetime so LVM is not needed only adding complexity. Tony I don't know about gdisk features. Perhaps, it can do better than parted... Regards, ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux is preventing /bin/ps from search access
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/14/2012 02:24 PM, m.r...@5-cent.us wrote: James B. Byrne wrote: On Thu, September 13, 2012 16:06, m.r...@5-cent.us wrote: CentOS 6.3. *Just* updated, including most current selinux-policy and selinux-policy-targeted. I'm getting tons of these, as in it's just spitting them out when I tail -f /var/log/messages: Sep 13 15:20:51 server setroubleshoot: SELinux is preventing /bin/ps from search access on the directory @2. For complete SELinux messages. run sealert -l d92ec78b-3897-4760-93c5-343a662fec67 snip Are you running httpd with mod_rails (rails passenger) per chance? Dan Walsh asked me *exactly* the same question. Yep, they've got ruby apps. As soon as he said that, I googled, and found I needed to set two booleans, and create a policy - that's a *ton* of allows - for passenger. Installed it. It finally shut up Thanks! mark, underwhelmed w/ the need for ruby ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Only one rule required. You can either add domain_read_all_domains_state(httpd_t) or domain_dontaudit_read_all_domains_state(httpd_t) We are putting fixes in for this in Fedora and soon into RHEL, for the upcoming openshift policy which also uses passenger. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBUUqEACgkQrlYvE4MpobMh2ACfdS6MAaXaIHXr61gpEMnQCKYo MocAoKNVcLrZ+8Ial2fDgm1F5K6QAd/p =pqMX -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Basic KVM networking question
On Mon, 10 Sep 2012, Steve Thompson wrote: On Mon, 10 Sep 2012, Steve Thompson wrote: On Mon, 10 Sep 2012, Dale Dellutri wrote: This looks like it should work for Client A, but maybe not for Client B (see below). So maybe it's a firewall problem (iptables chain FORWARD) on the host? Let me expand on this. There is no issue with a client on net1 communicating with a client on net2; the host passes packets from one subnet to the other as it should. The only issue is when the client is a virtual machine on the host. For those following along at home, the solution to this turned out to be related to the change in the function of the net.ipv4.conf.default.rp_filter parameter in the CentOS 6 kernels; it had nothing to do with KVM. Changing the value of rp_filter from 1 to 2 resolved all issues. Steve ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
On Sat, Sep 15, 2012 at 07:01:03AM +0200, M. Fioretti wrote: On Fri, September 14, 2012 11:48 pm, Stephen Harris wrote: 1) What happens if you run telnet yourhost 22. this is what happens (with the proper IP of course): Trying 1.2.3.4... Connected to yourhost (1.2.3.4) Escape character is '^]'. Connection closed by foreign host. This is important; it means the remote SSH server never says 'hello'. 2) How quickly does the closed occur? I'd say 4/5 seconds This is possibly indicative of resource starvation at the remote end; the connection is going into the listen queue, then being accepted but the process then fails. It might mean out of memory (for example) so the server can't fork() the new sshd process. If you mean 4 or 5s then we might also be seeing swapping delays. There _are_ other reasons for this type of behaviour (eg firewalls, network) but that's the most common one that I've seen. # [marco@avalon ~]$ ssh -v -p xxx m...@example.com I assume the xxx here matches the port you tested with the telnet test. Otherwise the telnet test is useless. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
On Saturday 15 September 2012 14:01:38 Stephen Harris wrote: On Sat, Sep 15, 2012 at 07:01:03AM +0200, M. Fioretti wrote: On Fri, September 14, 2012 11:48 pm, Stephen Harris wrote: 1) What happens if you run telnet yourhost 22. this is what happens (with the proper IP of course): Trying 1.2.3.4... Connected to yourhost (1.2.3.4) Escape character is '^]'. Connection closed by foreign host. This is important; it means the remote SSH server never says 'hello'. 2) How quickly does the closed occur? I'd say 4/5 seconds This is possibly indicative of resource starvation at the remote end; the connection is going into the listen queue, then being accepted but the process then fails. It might mean out of memory (for example) so the server can't fork() the new sshd process. If you mean 4 or 5s then we might also be seeing swapping delays. There _are_ other reasons for this typ network) but that's the most common one that I've seen. # [marco@avalon ~]$ ssh -v -p xxx m...@example.com I assume the xxx here matches the port yo[root@thomond ~]# ssh -l root tmlinux.csis.ul.ie test. Otherwise the telnet test is useless. As I said earlier in this thread that error can come from problems with the hosts.allow file on the machine you are trying to connect to. I've just reproduced the error on my own systems. Log in to tmlinux from thomond, everything ok. edit the /etc/hosts.allow file on tmlinux to disallow sshd access from thomond. Log out. Login to tmlinux from thomond. Error. . [root@thomond ~]# ssh -l root tmlinux.csis.ul.ie ssh_exchange_identification: Connection closed by remote host Since you changed your ISP you changed your IP address. If you had used the hosts.allow file to control access to ssh then that could be your problem. Same holds for telnet and any other network connection. Regards, Tony ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] where should we go to know how to build Diskless X server running in 6.2?
On Fri, Sep 14, 2012 at 11:54 PM, nishi.plala ilov...@topaz.plala.or.jp wrote: We like to build Diskless clusters. Where should we go to know how to build Diskless X server running in Centos6.2? DRBL (http://drbl.sourceforge.net/) will do a 'fat' client that NFS-mounts the server so you have the option of running things locally.There is also the k12linux project that bundles LTSP5. I'm not sure if the Centos port was ever completed, but there is some information here: https://fedorahosted.org/k12linux/wiki/2011FundDrive. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] where should we go to know how to build Diskless X server running in 6.2?
On 09/15/2012 05:54 AM, nishi.plala wrote: Hi We like to build Diskless clusters. Where should we go to know how to build Diskless X server running in Centos6.2? just pxe boot the livecd ? -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh ICQ: 2522219| Yahoo IM: z00dax | Gtalk: z00dax GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] where should we go to know how to build Diskless X server running in 6.2?
Hi DRBL (http://drbl.sourceforge.net/) will do a 'fat' client that NFS-mounts the server so you have the option of running things locally. Thak you. I am interested in DRBL. I will checkit. This is what I want. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
