Re: How can I secure a Debian installation?

[Raffaele Morelli]

2014-01-31 Scott Ferguson :

> On 31/01/14 17:56, Raffaele Morelli wrote:
> > 2014-01-31 Scott Ferguson  > >:
> >
> > On 31/01/14 15:29, Raffaele Morelli wrote:
> > >
> > >
> > >
> > > 2014-01-30 Brian  >   > >>:
> > >
> > > On Thu 30 Jan 2014 at 18:53:11 +0100, Denis Witt wrote:
> > >
> > > > On Tue, 28 Jan 2014 18:42:34 +
> > > > Brian mailto:a...@cityscape.co.uk>
> > >> wrote:
> > > >
> > > > > The AllowUsers directive is a legitimate way to restrict
> ssh
> > > logins to
> > > > > certain users. However, I do not see what (ssh keys +
> > AllowUsers)
> > > > > brings to the party that (password + AllowUsers) doesn't.
> > > >
> 
> >
> > Agree but this is not my point in the thread.
>
> It's not your thread.
>
> > It's bad habit to split a comment into little pieces losing the whole
> point.
>
> Absolutely - which is *exactly* what happens when the OP asks about
> security and discussion devolves into a discussion about SSH. Security
> requires a *comprehensive* approach involving risk assessment, risk
> management (distribute the risk) and OpSec. Hence my original suggestion
> to follow the Debian Security guide which puts SSH into context. Brian
> "gets it", you don't appear to.


Security requires knowledge, you made no such discovery.
But this is a user list, not a teaching room and if we were to apply the
rule: "read on the manual" for everything then this list would not exist.

IMHO, when the op it's somewhat misleaded into believe that A security it's
not better than B security when the opposite it's true, it's quite clear
that someone else missed both point and the context.

Regards

Re: making my Wheezy beep. How?

[Loïc Grenié]

2014-01-31 Paul E Condon :
> I want my Wheezy desktop (windowing with xfce) to issue a beep after a
> adjustable amount of time. I expected that I could do this with a tiny
> bash script using sleep and echo, but I cannot get echo to make the
> computer issue a beep as it should according to the man page. What
> special knowledge is needed? Why don't I get a beep with:
>
> echo -e \a

You need a terminal (either Linux console or standard xterm/
  gnome-terminal/kde-terminal/eterm/whaterver terminal) to interpret
  the "\a" as a beep. Either run your script in a terminal (but that
  will probably have visual artifact that are not very nice) or use the
  command "beep" as suggested by Scott.

  Hope this helps,

 Loïc


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/camlkffq7uhhuvnd3qjc59d0qf4pdavp0h+mtxplangktz7c...@mail.gmail.com

Re: making my Wheezy beep. How?

[Scott Ferguson]

On 31/01/14 18:12, Paul E Condon wrote:
> On 20140131_174326, Scott Ferguson wrote:
>> On 31/01/14 16:40, Paul E Condon wrote:
>>> I want my Wheezy desktop (windowing with xfce) to issue a beep after a
>>> adjustable amount of time. I expected that I could do this with a tiny
>>> bash script using sleep and echo, but I cannot get echo to make the
>>> computer issue a beep as it should according to the man page. What
>>> special knowledge is needed? Why don't I get a beep with:
>>>
>>> echo -e \a
>>>
>>> TIA
>>>
>>
>> Do you have a PC speaker?
> 
> What is a PC speaker? I have a woofer and two tweeters that produce
> sound for video clips from YouTube, but PC speaker must be something
> else?

Yes. It's the thing that goes beep :D
If you have one it'll be a piezo or magnetic device mounted on the
motherboard or inside the front panel.

It's possible to re-route to your external speakers but I'd have to look
up the method using the search engine (which I doubt I could do better
than you.

When you've found the solution you 'may' find this useful, quickly
copied from our internal-use wiki:-

beep

# apt-get install beep

beep allows the user to control the pc-speaker with precision, allowing
different sounds to indicate different events. While it can be run quite
happily on the command line, it's intended place of residence is within
shell/perl scripts, notifying the user when something interesting
occurs. Of course, it has no notion of what's interesting, but it's real
good at that notifying part. All options have default values, meaning
that just typing 'beep' will work. If an option is specified more than
once on the command line, subsequent options override their
predecessors. So 'beep -f 200 -f 300' will beep at 300Hz.
Examples
Simple tune

#!/bin/bash
# NAME: beep.sh
# LOCATION: ~/Scripts
beep -f 65.4064 -l 100 -n -f 130.813 -l 100 -n -f 261.626 -l 100 -n -f
523.251 -l 100 -n -f 1046.50 -l 100 -n -f 2093.00 -l 100 -n -f 4186.01
-l 100

Using beep to indicate a computer has booted

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
/home/scott/beep.sh
exit 0

Using beep to indicate a VirtualBox guest has booted

NOTE: This requires the previous use of ssh-copy-id

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
ssh scott@work /home/scott/beep.sh
exit 0

> 
>>
>> Kind regards
>>
>>


Kind regards


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52eb501f.1000...@gmail.com

Re: How can I secure a Debian installation?

[Scott Ferguson]

On 31/01/14 17:56, Raffaele Morelli wrote:
> 2014-01-31 Scott Ferguson  >:
> 
> On 31/01/14 15:29, Raffaele Morelli wrote:
> >
> >
> >
> > 2014-01-30 Brian    >>:
> >
> > On Thu 30 Jan 2014 at 18:53:11 +0100, Denis Witt wrote:
> >
> > > On Tue, 28 Jan 2014 18:42:34 +
> > > Brian mailto:a...@cityscape.co.uk>
> >> wrote:
> > >
> > > > The AllowUsers directive is a legitimate way to restrict ssh
> > logins to
> > > > certain users. However, I do not see what (ssh keys +
> AllowUsers)
> > > > brings to the party that (password + AllowUsers) doesn't.
> > >

> 
> Agree but this is not my point in the thread.

It's not your thread.

> It's bad habit to split a comment into little pieces losing the whole point.

Absolutely - which is *exactly* what happens when the OP asks about
security and discussion devolves into a discussion about SSH. Security
requires a *comprehensive* approach involving risk assessment, risk
management (distribute the risk) and OpSec. Hence my original suggestion
to follow the Debian Security guide which puts SSH into context. Brian
"gets it", you don't appear to.




Kind regards


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52eb4ea0.4010...@gmail.com

Re: making my Wheezy beep. How?

[Paul E Condon]

On 20140131_174326, Scott Ferguson wrote:
> On 31/01/14 16:40, Paul E Condon wrote:
> > I want my Wheezy desktop (windowing with xfce) to issue a beep after a
> > adjustable amount of time. I expected that I could do this with a tiny
> > bash script using sleep and echo, but I cannot get echo to make the
> > computer issue a beep as it should according to the man page. What
> > special knowledge is needed? Why don't I get a beep with:
> > 
> > echo -e \a
> > 
> > TIA
> > 
> 
> Do you have a PC speaker?

What is a PC speaker? I have a woofer and two tweeters that produce
sound for video clips from YouTube, but PC speaker must be something
else?

> 
> Kind regards
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: http://lists.debian.org/52eb460e.4000...@gmail.com
> 

-- 
Paul E Condon   
pecon...@mesanetworks.net


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140131071224.ga27...@big.lan.gnu

Re: How can I secure a Debian installation?

[Raffaele Morelli]

2014-01-31 Scott Ferguson :

> On 31/01/14 15:29, Raffaele Morelli wrote:
> >
> >
> >
> > 2014-01-30 Brian mailto:a...@cityscape.co.uk>>:
> >
> > On Thu 30 Jan 2014 at 18:53:11 +0100, Denis Witt wrote:
> >
> > > On Tue, 28 Jan 2014 18:42:34 +
> > > Brian mailto:a...@cityscape.co.uk>> wrote:
> > >
> > > > The AllowUsers directive is a legitimate way to restrict ssh
> > logins to
> > > > certain users. However, I do not see what (ssh keys + AllowUsers)
> > > > brings to the party that (password + AllowUsers) doesn't.
> > >
> > > A key (if kept secret) is even harder to "guess" than a
> > > password,
> >
> > I'd like to see a complex, random, high-entropy 20 character password
> > which is guessable (or capable of being cracked) in a timeframe which
> > has some significance. I'll give you "even harder" but it is of no
> great
> > consequence if you consider the situation where an online subversion
> of
> > a user's account is being attempted and a good password is in place.
> >
> >
> > I'd like to see someone who use such 20 character password for everyday
> > tasks.
>
> It's not only common (in some industry sectors 12 *random* characters
> regularly changed and never repeated is mandated), it's good security.
> Despite what some will advise entropy is the measure of exhaustion -
> resulting from *brute* force attacks. 50% of the time a brute force will
> only require half the entropy to succeed. Due to human bias (failure to
> use random passwords and *password* *managers*) the majority of the time
> passwords that exceed 8 characters will be composed solely of words, and
> brute force difficulty != dictionary attack difficulty (see Niquist and
> Shannon). A significant percentage of the time those word based
> passwords will be a phrase... with even lower attack difficulty.


Agree but this is not my point in the thread.
It's bad habit to split a comment into little pieces losing the whole point.

I've suggested the use of private key authentication and AllowUsers
directive in sshd.

Brian argued that a private key+allowusers does not improve security with
respect to passwords+allowusers.

I use private key authentication with a 21 characters passphrase which is
at minimum more secure than a 21 characters password and unless someone
kidnaps and tortures me for the passphrase and stoles one of my boxes for
the private key I wonder who can prove it is not.

C'mon, what's the matter with private key authentication and the OP request?

Re: How can I secure a Debian installation?

[Scott Ferguson]

On 31/01/14 17:17, Артур Истомин wrote:
> On Tue, Jan 28, 2014 at 08:37:57PM +, Brian wrote:
>> On Tue 28 Jan 2014 at 11:40:04 -0800, Jon Danniken wrote:
>>

>>
>> But ssh keys are great for some situations. The problem is their
>> advocates never describe what the situations are and it is too often a
>> case of being instructed to "use a ssh key". The downsides to a ssh
>> key are left unsaid and the impression is given that a password login is
>> naff and insecure. The pros and cons of an ssh key login are rarely
>> discussed by these advocates,
>>

> 
> Moreover, all intrusions in open source projects (through ssh) like
> kernel's git in 2011 or Fedora's repos occurred as a consequence of 
> stealing private keys instead of password guessing.
> 


1++


Kind regards


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52eb46d9.4050...@gmail.com

Re: making my Wheezy beep. How?

[Scott Ferguson]

On 31/01/14 16:40, Paul E Condon wrote:
> I want my Wheezy desktop (windowing with xfce) to issue a beep after a
> adjustable amount of time. I expected that I could do this with a tiny
> bash script using sleep and echo, but I cannot get echo to make the
> computer issue a beep as it should according to the man page. What
> special knowledge is needed? Why don't I get a beep with:
> 
> echo -e \a
> 
> TIA
> 

Do you have a PC speaker?

Kind regards


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52eb460e.4000...@gmail.com

Re: Old computer with Savage Video Help

[Scott Ferguson]

On 31/01/14 16:31, Robert Crawford wrote:
> My laptop is a Toshiba Satellite 2400-S251 with Super Savage Video chip.
> It does have pae built in. 30 gb hd and 512 mb ram.
> 
> Ubuntu above 12.04.3 has issues with the Savage video chip. Also it
> won't boot from USB drive.


Debian != Ubuntu

Just warning you that there are significant differences.

> 
> This what worked.,


This "just works" for me:-
# apt-get install xserver-xorg-video-savage

Thinkpad T22 w. 512MB of RAM, happily running minimal KDE (on a trimmed
Debian Wheezy)

$ lspci | grep -i vga
01:00.0 VGA compatible controller: S3 Inc. 86C270-294 Savage/IX-MV (rev 13)
# dmidecode | grep -i 'vendor\|family\|max speed\|maximum total'
Vendor: IBM
Family: Pentium III
Signature: Type 0, Family 6, Model 8, Stepping 10
Max Speed: 900 MHz


from /var/log/Xorg.0.log:-
[49.791] (==) Matched savage as autoconfigured driver 0
[49.791] (II) LoadModule: "savage"
[49.804] (II) Loading /usr/lib/xorg/modules/drivers/savage_drv.so
[49.840] (II) Module savage: vendor="X.Org Foundation"
[49.877] (II) SAVAGE: driver (version 2.3.4) for S3 Savage chipsets:
Savage4,
Savage3D, Savage3D-MV, Savage2000, Savage/MX-MV, Savage/MX,
Savage/IX-MV, Savage/IX, ProSavage PM133, ProSavage KM133,
Twister PN133, Twister KN133, SuperSavage/MX 128, SuperSavage/MX 64,
SuperSavage/MX 64C, SuperSavage/IX 128, SuperSavage/IX 128,
SuperSavage/IX 64, SuperSavage/IX 64, SuperSavage/IXC 64,
SuperSavage/IXC 64, ProSavage DDR, ProSavage DDR-K
[49.911] (II) SAVAGE(0): Creating default Display subsection in
Screen section
[49.911] (==) SAVAGE(0): Depth 16, (--) framebuffer bpp 16
[49.911] (==) SAVAGE(0): RGB weight 565
[49.911] (==) SAVAGE(0): Default visual is TrueColor
[49.911] (II) SAVAGE(0): vgaHWGetIOBase: hwp->IOBase is 0x03d0
[49.911] (==) SAVAGE(0): Using XAA acceleration architecture
[49.911] (==) SAVAGE(0): Using HW cursor
[49.911] (==) SAVAGE(0): Using video BIOS to set modes
[49.947] (II) SAVAGE(0): initializing int10
[49.955] (II) SAVAGE(0): Primary V_BIOS segment is: 0xc000
[49.956] (II) SAVAGE(0): VESA BIOS detected
[49.956] (II) SAVAGE(0): VESA VBE Version 2.0
[49.956] (II) SAVAGE(0): VESA VBE Total Mem: 8192 kB
[49.957] (II) SAVAGE(0): VESA VBE OEM: S3 Incorporated. M7 BIOS
[49.957] (II) SAVAGE(0): VESA VBE OEM Software Rev: 1.0
[49.957] (II) SAVAGE(0): VESA VBE OEM Vendor: S3 Incorporated.
[49.957] (II) SAVAGE(0): VESA VBE OEM Product: VBE 2.0
[49.957] (II) SAVAGE(0): VESA VBE OEM Product Rev: Rev 1.1
[49.957] (--) SAVAGE(0): Chip: id 8c12, "Savage/IX-MV"
[49.957] (--) SAVAGE(0): Engine: "MobileSavage"
[49.957] (--) SAVAGE(0): AGP card detected
[49.957] (==) SAVAGE(0): Using AGP DMA
[49.958] (II) SAVAGE(0): Savage3D/MX/IX does not support command DMA.
[49.958] (==) SAVAGE(0): Will try only vertex DMA mode
[49.958] (==) SAVAGE(0): Using AGP 1x mode
[49.958] (==) SAVAGE(0): Using 16 MB AGP aperture
[49.967] (==) SAVAGE(0): Using gamma correction (1.0, 1.0, 1.0)
[49.967] (--) SAVAGE(0): probed videoram:  8192k
[51.396] (--) SAVAGE(0): 1024x768 TFT LCD panel detected and active
[51.396] (--) SAVAGE(0): - Limiting video mode to 1024x768
[51.463] (--) SAVAGE(0): Found 13 modes at this depth:
[51.464] (II) SAVAGE(0): : Using hsync range of
31.50-47.82 kHz
[51.464] (II) SAVAGE(0): : Using vrefresh range of
56.00-59.92 Hz
[51.464] (II) SAVAGE(0): : Using maximum pixel
clock of 63.50 MHz
[51.464] (II) SAVAGE(0): Estimated virtual size for aspect ratio
1. is 1024x768
[51.464] (II) SAVAGE(0): Clock range:  10.00 to 250.00 MHz
etc...

See:-
http://www.thinkwiki.org/wiki/S3_Savage_IX8
http://man.flashnux.com/en/debian/6/6.0.1/man4/savage.4.html


Kind regards


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52eb45f6.5020...@gmail.com

Re: How can I secure a Debian installation?

[Артур Истомин]

On Tue, Jan 28, 2014 at 08:37:57PM +, Brian wrote:
> On Tue 28 Jan 2014 at 11:40:04 -0800, Jon Danniken wrote:
> 
> > Thanks Brian, I ended up removing openssh-server, as it was not
> > something I needed; it was automatically installed and set up to run as
> > a "feature" of the live CD I used to install Debian with (installed as
> > part of the "live-tools" package). Fortunately I came across the posting
> > that alerted me to this, and have removed it from both of my machines.
> 
> Removing software which runs as a daemon is good practice. Why have a
> process listening for external connections when it is unnecessary?
> 
> > If I end up using openssh in the future I will definitely use a private
> > key, though.
> 
> Another battle lost. :)
> 
> But ssh keys are great for some situations. The problem is their
> advocates never describe what the situations are and it is too often a
> case of being instructed to "use a ssh key". The downsides to a ssh
> key are left unsaid and the impression is given that a password login is
> naff and insecure. The pros and cons of an ssh key login are rarely
> disussed by these advocates,
> 
> I'll just end by reminding you that your ssh key might be stored on a
> USB stick. Forget the stick and you don't get to access your account.
> Passwords are in your memory and, fallible though it might be, it is
> usually accessible. In the last resort the password could come to you
> in a dream. :)

Moreover, all intrusions in open source projects (through ssh) like
kernel's git in 2011 or Fedora's repos occurred as a consequence of 
stealing private keys instead of password guessing.

Also, "SSH: passwords or keys?" - http://lwn.net/Articles/369703/


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140131061745.GA28527@localhost

Re: How can I secure a Debian installation?

[Scott Ferguson]

On 31/01/14 15:29, Raffaele Morelli wrote:
> 
> 
> 
> 2014-01-30 Brian mailto:a...@cityscape.co.uk>>:
> 
> On Thu 30 Jan 2014 at 18:53:11 +0100, Denis Witt wrote:
> 
> > On Tue, 28 Jan 2014 18:42:34 +
> > Brian mailto:a...@cityscape.co.uk>> wrote:
> >
> > > The AllowUsers directive is a legitimate way to restrict ssh
> logins to
> > > certain users. However, I do not see what (ssh keys + AllowUsers)
> > > brings to the party that (password + AllowUsers) doesn't.
> >
> > A key (if kept secret) is even harder to "guess" than a
> > password,
> 
> I'd like to see a complex, random, high-entropy 20 character password
> which is guessable (or capable of being cracked) in a timeframe which
> has some significance. I'll give you "even harder" but it is of no great
> consequence if you consider the situation where an online subversion of
> a user's account is being attempted and a good password is in place.
> 
> 
> I'd like to see someone who use such 20 character password for everyday
> tasks.

It's not only common (in some industry sectors 12 *random* characters
regularly changed and never repeated is mandated), it's good security.
Despite what some will advise entropy is the measure of exhaustion -
resulting from *brute* force attacks. 50% of the time a brute force will
only require half the entropy to succeed. Due to human bias (failure to
use random passwords and *password* *managers*) the majority of the time
passwords that exceed 8 characters will be composed solely of words, and
brute force difficulty != dictionary attack difficulty (see Niquist and
Shannon). A significant percentage of the time those word based
passwords will be a phrase... with even lower attack difficulty.

All of which overlooks simple preventative measures like fail2ban:-
http://en.wikipedia.org/wiki/Fail2ban

NOTE: the reason for large, random character requirements despite
measures like fail2ban (and portknocking) is not to prevent brute force
attacks, but to limit the risks if /etc/shadow is stolen and GPU based
rainbow attacks are employed where *hundreds* of *billions*[*1] of
combinations per second are feasible.See Oechslin, Time and Space
algorithm attacks.

[*1] Unclassified example -
https://securityledger.com/2012/12/new-25-gpu-monster-devours-passwords-in-seconds/
(HashCat and VOCL against NTLM)




Kind regards


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52eb405c.5070...@gmail.com

making my Wheezy beep. How?

[Paul E Condon]

I want my Wheezy desktop (windowing with xfce) to issue a beep after a
adjustable amount of time. I expected that I could do this with a tiny
bash script using sleep and echo, but I cannot get echo to make the
computer issue a beep as it should according to the man page. What
special knowledge is needed? Why don't I get a beep with:

echo -e \a

TIA

-- 
Paul E Condon   
pecon...@mesanetworks.net


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140131054022.ga17...@big.lan.gnu

Old computer with Savage Video Help

[Robert Crawford]

My laptop is a Toshiba Satellite 2400-S251 with Super Savage Video chip.
It does have pae built in. 30 gb hd and 512 mb ram.

Ubuntu above 12.04.3 has issues with the Savage video chip. Also it won't
boot from USB drive.

This what worked.,

Download Hirens Boot CD
http://www.hirensbootcd.org
It has "plop boot loader" on the CD.
Burn isolated file to a CD.

Create a USB boot flash drive.
I used Universal USB Installer from www.pendrivelinux.org.

Shut pc down with CD in drive and plug in USB, turn computer on. Select
plop, then USB and USB will automatically boot flash drive.

I used Crunchbang (Wheezy ) it's got openbox which makes it fast on old
slow machines. It has vlc preinstalled. Plays avi, mp4 files out of the
box.

I just installed Google Chrome and Mozilla Firefox 26. First thing I change
is the wallpaper.  It's got flash plugin preinstalled, I need this to
listen to music using www.pandora.com. I also install lightdm , its easier
to change desktop managers such as xfce.

I'm happy, hope this helps someone.

Re: How can I secure a Debian installation?

[Raffaele Morelli]

2014-01-30 Brian :

> On Thu 30 Jan 2014 at 18:53:11 +0100, Denis Witt wrote:
>
> > On Tue, 28 Jan 2014 18:42:34 +
> > Brian  wrote:
> >
> > > The AllowUsers directive is a legitimate way to restrict ssh logins to
> > > certain users. However, I do not see what (ssh keys + AllowUsers)
> > > brings to the party that (password + AllowUsers) doesn't.
> >
> > A key (if kept secret) is even harder to "guess" than a
> > password,
>
> I'd like to see a complex, random, high-entropy 20 character password
> which is guessable (or capable of being cracked) in a timeframe which
> has some significance. I'll give you "even harder" but it is of no great
> consequence if you consider the situation where an online subversion of
> a user's account is being attempted and a good password is in place.
>

I'd like to see someone who use such 20 character password for everyday
tasks.


>
> >   also it's not "ssh keys + AllowUsers" it's (or should be)
> > "ssh key + key pass-phrase + AllowUsers".
>
> The key pass-phrase is never seen by the server; it plays no part in an
> ssh login. You may think it does but the server doesn't.
>

It's not the passphrase indeed, as I replied to you the key must exist.
No key, no authentication process even begins, simply: password it's not
even being asked.


>
>   ssh keys + AllowUsers
>
> and
>
>   password + AllowUsers
>
> are equally as secure.
>

Passwords are guessable and brute force are here to stay. But can you show
me how to simulate the presence of a key on a client side?


>
> Allowusers does what it says. It may be a requirement of the site being
> accesssed but it plays no part in the security underlying an ssh login,
>
> There are security advantages to logging in with ssh keys; the strength
> of a key isn't one of them. However, ssh key proponents never seem to
> mention them. They instruct: "Use private key authentication"; no
> explanation, no justification, nothing to indicate why it might be more
> appropriate for the situation under discussion. It's as though they are
> mesmerised by the number of bits which a key can contain.
>

It's quite strange you can't get the concept behind.
Nobody instructs, ssh man pages do. Private keys are there and easy to
understand if you are willing to.


>
> To return to the original point of this thread: logging in as root with
> a key or with a password carries the same risk. I would say it is close
> to zero in both cases.

Re: Photovoltaic inverter monitoring or logging software

[Scott Ferguson]

On 31/01/14 13:38, Bret Busby wrote:
> 
> Hello.
> 
> I am wondering whether anyone on this list, has any knowledge or
> experience of software that runs on Linux, preferably Debian Linux, for
> monitoring/logging electricity output from a photovoltaic inverter.
> 
> In searching in the Debian packages facility, the only package that I
> found, was solarpowerlog (0.23a-2), for Debian Linux v7, and the package
> is apparently for only Solarmax inverters.
> 
> I am seeking software that will interface with Rewatt inverters, which
> apparently have an RS232 interface socket. The inverters come with a
> software disk, the supplied software apparently being for only MS Windows.

I'm not familiar with that inverter, but you should be able to get
general logging data from the port. If you're *very* lucky it'll have
telnet console.

Point Wireshark at the interface:-
# apt-get install wireshark wireshark-doc

Then take a look at pv:-
http://pv.codeplex.com/

Originally I looked at this:-
http://www.solarfreaks.com/cms2000-inverter-rs232-serial-port-hack-cms-2000-rs232-t271-160.html

but it's pretty dated now and may have changed.

Also:-
http://whirlpool.net.au/wiki/solar_software


You may also get some useful information from your local LUG:-
http://www.plug.org.au/


> 
> I have recently been told information about photovoltaic systems, that
> increases my curiosity, increasing the incentive to have continuous
> monitoring of output.
> 
> Thank you in anticipation.
> 
> -- 
> Bret Busby
> Armadale
> West Australia
> ..
> 


Kind regards


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52eb169a.7020...@gmail.com

Photovoltaic inverter monitoring or logging software

[Bret Busby]

Hello.

I am wondering whether anyone on this list, has any knowledge or experience of 
software that runs on Linux, preferably Debian Linux, for monitoring/logging 
electricity output from a photovoltaic inverter.


In searching in the Debian packages facility, the only package that I found, 
was solarpowerlog (0.23a-2), for Debian Linux v7, and the package is apparently 
for only Solarmax inverters.


I am seeking software that will interface with Rewatt inverters, which 
apparently have an RS232 interface socket. The inverters come with a software 
disk, the supplied software apparently being for only MS Windows.


I have recently been told information about photovoltaic systems, that 
increases my curiosity, increasing the incentive to have continuous monitoring 
of output.


Thank you in anticipation.

--
Bret Busby
Armadale
West Australia
..

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
  Chapter 28 of Book 1 of
  "The Hitchhiker's Guide to the Galaxy:
  A Trilogy In Four Parts",
  written by Douglas Adams,
  published by Pan Books, 1992



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: 
http://lists.debian.org/alpine.deb.2.00.1401311037220.25...@bret-dd-workstation.busby.net

Re: chronyd startup issues

[Marc Shapiro]

On 01/29/2014 03:10 AM, Mathias Bauer wrote:

* Darac Marjal wrote on 2014-01-29 at 10:22 (+):


On Wed, Jan 29, 2014 at 12:06:13AM -0800, Marc Shapiro wrote:

When my system boots up it starts chronyd.  The problem is
that it seems to not have (or find) a network connection at
the time, so it comes up in offline mode.  If I restart it
then everything is fine.  Otherwise, the box gradually loses
time.  Since I rarely reboot my system I always forget that I
need to restart chronyd.  What do I need to do to get it to
start up in online mode?  Do I need to position it farther
down in /etc/rc2.d?  I thought that I had changed it to run
AFTER network-manager, but, if so, something changed it back.

Chrony will put "offline" sources to "online" when a PPP link
comes up (any PPP link, bug #252131) but not when an ethernet
link comes up (bug #312092).

If you like, there are instructions and a patch in bug #389961
to fix this.

Yes, but expect some tricky fiddling :-)

However, comparing the bug history - some of chrony's ones
haven't been handled or closed for 5+ years, also the relevant
ones here - and the number of users of chrony (847) and openntpd
(1902), I strongly suggest you considering a switch to the
openntpd package.

Regards,
Mathias

I was not aware of the openntpd package.  I will look into it.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/52eafe43.9010...@gmail.com

Re: put gparted on minimum system, for disks over 2TB

[Scott Ferguson]

On 31/01/14 10:50, C.T.F. Jansen wrote:
> Greetings,
> 
> Tried to setup a 3TB disk using cfdisk and it failed silently. Suggest
> that cfdisk is updated to work with current disks; 3 and 4 TB. At least
> update the man page. partman is not on the production system and can't
> be installed, don't know if it actually works with disks over 2TB.


partman??

> 
> gparted worked but it had to be installed first, it was not on the
> system already. It is not on the base, minimum, system. Suggest that it
> be put on the minimum system since it should work with whats out there
> and these sizes will become more and more common.
> 
> Saw quite a few web pages by people struggling with this.
> 
> frank.jan...@actrix.gen.nz, ZL2TTS
> 
> 


Perhaps you conflate the limitations of DOS (MBR) partitions with GPT
(GUID)? The former has a 2.somethingGiB limit.

GParted is just a gui for parted.

IMO cfdisk is not a great choice due to sector sizes and starting sector
(can cause problems with GRUB)

parted or gdisk will happily partition large drives, fdisk not so much.


Kind regards


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52eaf9a4.5060...@gmail.com

Re: put gparted on minimum system, for disks over 2TB

[Doug]

On 01/30/2014 06:50 PM, C.T.F. Jansen wrote:

Greetings,

Tried to setup a 3TB disk using cfdisk and it failed silently. Suggest 
that cfdisk is updated to work with current disks; 3 and 4 TB. At 
least update the man page. partman is not on the production system and 
can't be installed, don't know if it actually works with disks over 2TB.


gparted worked but it had to be installed first, it was not on the 
system already. It is not on the base, minimum, system. Suggest that 
it be put on the minimum system since it should work with whats out 
there and these sizes will become more and more common.


Saw quite a few web pages by people struggling with this.

frank.jan...@actrix.gen.nz, ZL2TTS


Why not download the bootable disk of GParted or Parted Magic (which 
includes GParted) and you will solve the problem forever.
Or at least as long as you use standard filesystems. Parted Magic has a 
lot of stuff on it, and I *believe* it will boot UEFI as well

as 32- and 64-bit systems. A list of programs it comes with:

File ManagerDisk Health
Keyboard Layout  System Profiler
Screen Layout  Firefox
Virus Scanner   Erase Disk
Partition Editor -- (GParted) Disc Cloning -- (Clonezilla)

I haven't used any of these except GParted. The file manager can look at 
all your drives and partitions. System Profiler looks like
a somewhat civilized dmidecode. Virus scanner is clamav, which you'd 
have to update, if it will let you. I don't dare snap on

the Erase Disk icon!

--doug


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/52eaf951.5080...@optonline.net

put gparted on minimum system, for disks over 2TB

[C.T.F. Jansen]

Greetings,

Tried to setup a 3TB disk using cfdisk and it failed silently. Suggest 
that cfdisk is updated to work with current disks; 3 and 4 TB. At least 
update the man page. partman is not on the production system and can't 
be installed, don't know if it actually works with disks over 2TB.


gparted worked but it had to be installed first, it was not on the 
system already. It is not on the base, minimum, system. Suggest that it 
be put on the minimum system since it should work with whats out there 
and these sizes will become more and more common.


Saw quite a few web pages by people struggling with this.

frank.jan...@actrix.gen.nz, ZL2TTS


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/52eae563.8030...@actrix.gen.nz

Re: Wireless AP setup: RTL8188CUS

[Brian]

On Thu 30 Jan 2014 at 23:09:22 +, Brian wrote:

> On Thu 30 Jan 2014 at 21:12:54 +0100, Csanyi Pal wrote:
> 
> > FATAL: Module rtl8192cu not found.
> 
> Does the file /lib/modules/2.6.39.4-4/modules.builtin.bin exist?

That question is a bit silly! Please say what you get with

  cd /lib/modules/2.6.39.4-4/kernel/drivers/

  grep -r 8192 *


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/30012014235059.a1e62091f...@desktop.copernicus.demon.co.uk

Re: Wireless AP setup: RTL8188CUS

[Brian]

On Thu 30 Jan 2014 at 21:12:54 +0100, Csanyi Pal wrote:

> sudo modprobe rtl8192cu
> libkmod: ERROR ../libkmod/libkmod.c:505
> kmod_lookup_alias_from_builtin_file: could not open builtin file
> '/lib/modules/2.6.39.4-4/modules.builtin.bin'

This is kernel 2.6.39.4-4. Are you using Squeeze?

> FATAL: Module rtl8192cu not found.

Does the file /lib/modules/2.6.39.4-4/modules.builtin.bin exist?


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/30012014230650.d8f12ae7a...@desktop.copernicus.demon.co.uk

Re: PXE install, without internet?

[Scott Ferguson]

On 30/01/14 22:47, Anubhav Yadav wrote:
>> No. Probably a DNS problem, alt+f4 in the affected installation to see
>> where the error is.
> 
>> I've seen the problem but don't recall a specific cause - I also don't
>> know your DNS, PXE and TFTP server setup. I generally use an IPCop
>> Firewall and DNS, with PXE and TFTP on a separate (VirtualBox) machine,
>> so my experience may not translate.

I had a think about your DNS problem last night and recalled similar
issues when the DNS had run out of leases. You might want to check that.

> 
> I will be back next monday or tuesday.
> For starters I installed the server packages from this guide.
> http://www.howtoforge.com/perfect-server-debian-wheezy-apache2-bind-dovecot-ispconfig-3
> 
> And the dns and tftp configurations was done using this guide.
> http://www.howtoforge.com/setting-up-a-pxe-install-server-for-multiple-linux-distributions-on-debian-lenny
> 
> And finally placed the tftp boot files in the directory as specified
> in the official debian guide.
> https://wiki.debian.org/PXEBootInstall#Set_up_TFTP_server
> 
> As soon as I reach my college the first thing I will do is share my
> /etc/networking/interfaces files to
> show how I have set up my server.
> 
> And thanks for the kind words. Appreciated everyone efforts.
> 
Thanks for the additional info, I take a look at those articles (when I
get a chance).




Kind regards


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52eada05.3020...@gmail.com

Re: Help with command - cp

[Felix C. Stegerman]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2014-01-30 01:51, Zenaan Harkness wrote:
> On 1/30/14, Felix C. Stegerman  wrote:
>> On 2014-01-29 10:43, berenger.mo...@neutralite.org wrote:
> 
>>> And then: $ cd ~/bar && rm `find -name '.*'`
>> 
>> Find is indeed very useful, but that's probably a bad idea.
>> You'll get into trouble with filenames containing spaces for
>> example.
> 
>> If you really want to use find, use something like:
>> 
>> $ find -depth -name '.?*' -exec echo rm -rv -- {} \;
>> 
>> Which will not match '.' because it expects at least one
>> character after the dot, will handle filenames correctly,
> 
> Does find do the filename-with-space escaping for us with those 
> {braces}? (I don't have access to man pages ATM sorry).

I tested it with a file named ".foo bar baz", so yes ;-)


- - Felix

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQIcBAEBCgAGBQJS6tWUAAoJELIY/ywn/GzG0LMP/AgEkUX4UFzeJVngwA98diLr
1TG8TAFN60StfUro32EZtZEiCvwXxlWQRe5QPwV4MRIzXlfPYsLJ5E2AwxPxbS/C
O1kJaVjL4D/7SyHyNdNzdigvichVLGb7xaG9Uq0rGohytTQ+mer7umlfVMo5RRMg
dgc/QaoqnTcW79Vl4vo4Ol8xfA9TRm8iTS3N0NPL4wSHE5UDfWvgiH53XgdBOso8
yQ5K4YRksD/AdypW5nWwRzUTc17UAWYRwL83PLjfep6D5e1l5CTPg5LPB94EBIuH
58Kvu43+1A2V72aPM3QPazE0HG36t97+5PLAxo5npk+s8TJRnoYBIvYdFPQ7vVvb
0c5l4SEtIMzXthoHMKYCNBx5juXEOjlmEJjSPgnWfoRpTJ/VdzGaf+IDeKoC/8Y0
WiFGX0ucx5/8NI2J+i7eJa1CpWJ3k7+ILcjpd7D8syQRY0A6Llp0+YssP3/wL3Yb
h9kgRcU/q2VAyjmB2/+uzH0cquss4y4UhjM2rwwpxEa46lg3Vd7vQi19xpHSqdTT
kL7Yhu3y2jY0g6IkDexoF0Q0YbDb3mK7Io8Sl4jzpxcJ3D3FEps7u6GtZM1ZMgaZ
j02P6GdfoVXrr4h+d5PytKDUNYFrTuEAW68jo5z7Xp0c1ZXtQiLCXmYZ2puc9J6u
wOFHGcnWBhMLt83VfAu+
=wlLC
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52ead59c.6060...@obfusk.org

Re: How can I secure a Debian installation?

[Stephan Seitz]

On Thu, Jan 30, 2014 at 06:53:11PM +0100, Denis Witt wrote:

password, also it's not "ssh keys + AllowUsers" it's (or should be)
"ssh key + key pass-phrase + AllowUsers".


As an administrator you can’t control the key pass-phrase. If a user 
creates a key without it you can’t stop him from using it.

But you can control the strength of a password with a policy.

Shade and sweet water!

Stephan

--
| Stephan Seitz  E-Mail: s...@fsing.rootsland.net |
| Public Keys: http://fsing.rootsland.net/~stse/keys.html |


signature.asc
Description: Digital signature

Re: How can I secure a Debian installation?

[Brian]

On Thu 30 Jan 2014 at 18:53:11 +0100, Denis Witt wrote:

> On Tue, 28 Jan 2014 18:42:34 +
> Brian  wrote:
> 
> > The AllowUsers directive is a legitimate way to restrict ssh logins to
> > certain users. However, I do not see what (ssh keys + AllowUsers)
> > brings to the party that (password + AllowUsers) doesn't.
> 
> A key (if kept secret) is even harder to "guess" than a
> password,

I'd like to see a complex, random, high-entropy 20 character password 
which is guessable (or capable of being cracked) in a timeframe which 
has some significance. I'll give you "even harder" but it is of no great
consequence if you consider the situation where an online subversion of
a user's account is being attempted and a good password is in place. 

>   also it's not "ssh keys + AllowUsers" it's (or should be)
> "ssh key + key pass-phrase + AllowUsers".

The key pass-phrase is never seen by the server; it plays no part in an
ssh login. You may think it does but the server doesn't.

  ssh keys + AllowUsers

and

  password + AllowUsers

are equally as secure.

Allowusers does what it says. It may be a requirement of the site being
accesssed but it plays no part in the security underlying an ssh login,

There are security advantages to logging in with ssh keys; the strength
of a key isn't one of them. However, ssh key proponents never seem to
mention them. They instruct: "Use private key authentication"; no
explanation, no justification, nothing to indicate why it might be more
appropriate for the situation under discussion. It's as though they are
mesmerised by the number of bits which a key can contain.

To return to the original point of this thread: logging in as root with
a key or with a password carries the same risk. I would say it is close
to zero in both cases.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140130202637.gn3...@copernicus.demon.co.uk

Re: Wireless AP setup: RTL8188CUS

[Csanyi Pal]

Hi Pol,

Pol Hallen  writes:

>> I just bought an USB dongle nano Netis WF-2120 adapter
>
> apt-get install firmware-realtek

I already have installed firmware-realtek, but still wifi adapter
doesn't work.

I can't to load the kernel module at all:

sudo modinfo rtl8192cu | grep 17AB
libkmod: ERROR ../libkmod/libkmod.c:505
kmod_lookup_alias_from_builtin_file: could not open builtin file
'/lib/modules/2.6.39.4-4/modules.builtin.bin'
ERROR: Module rtl8192cu not found.


sudo modprobe rtl8192cu
libkmod: ERROR ../libkmod/libkmod.c:505
kmod_lookup_alias_from_builtin_file: could not open builtin file
'/lib/modules/2.6.39.4-4/modules.builtin.bin'
FATAL: Module rtl8192cu not found.

What can I do now?

-- 
Regards from Pal


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/877g9h6xfd@gmail.com

Re: Wireless AP setup: RTL8188CUS

[Pol Hallen]

> I just bought an USB dongle nano Netis WF-2120 adapter

apt-get install firmware-realtek

Pol


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/52eab0fd.7090...@fuckaround.org

Re: Wireless AP setup: RTL8188CUS

[Csanyi Pal]

Csanyi Pal  writes:

> I just bought an USB dongle nano Netis WF-2120 adapter.
> I want to set it up on my headless Debian Wheezy server as a Wireless
> Access Point. 
>
> I'm trying to follow these steps here:
> http://www.daveconroy.com/turn-your-raspberry-pi-into-a-wifi-hotspot-with-edimax-nano-usb-ew-7811un-rtl8188cus-chipset/
>
> lsusb shows it as:
> Bus 001 Device 004: ID 0bda:8176 Realtek Semiconductor Corp. RTL8188CUS
> 802.11n WLAN Adapter
>
> I also installed debian packages hostapd and firmware-realtek, and now I
> don't know what steps I need more to get this working?
>
> I want to use the ifupdown method described in the
> /usr/share/doc/hostapd/README.Debian file. 
>
> However, I can't find the installed driver, and I don't know how can I
> load it as a kernel module? 

When I'm trying to get information about the rtl8192cu kernel module
that is needed from my USB Wireless Adapter,

sudo modinfo rtl8192cu | grep 17AB

I get the following error:

libkmod: ERROR ../libkmod/libkmod.c:505
kmod_lookup_alias_from_builtin_file: could not open builtin file
'/lib/modules/2.6.39.4-4/modules.builtin.bin'
ERROR: Module rtl8192cu not found.

Whta could be the problem here?

-- 
Regards from Pal


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87fvo56yx3@gmail.com

wheezy + xfce + samsung galaxy S3 android doesn't mount

[Paul Cartwright]

Is there some magic, besides mtpfs to make xfce mount my android phone?
Thunar doesn't see it, yet I can cd to the mount point and cd down to
the DCIM... pictures folder in a terminal window,
now I remember why I changed to MATE before, because it just worked in
MATE..

-- 
Paul Cartwright
Registered Linux User #367800 and new counter #561587


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52eaa8b9.1060...@gmail.com

Re: no more dovecotpw?

[Reco]

 Hi.

On Fri, 31 Jan 2014 02:43:54 +0800
Umarzuki Mochlis  wrote:

> when I was trying to run
> # dovecotpw -s SHA1
> 
> I found out that there's no dovecotpw anymore (searched with apt-file)

doveadm pw -s SHA1

Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20140130232623.5ace63aa4767ea5b13d66...@gmail.com

no more dovecotpw?

[Umarzuki Mochlis]

hi,

I'm trying to setup an email server by following article from
http://www.rosehosting.com/blog/how-to-setup-simple-but-yet-powerful-mail-server-using-postfix-dovecot-and-sasl-in-debian-6-squeeze/

when I was trying to run
# dovecotpw -s SHA1

I found out that there's no dovecotpw anymore (searched with apt-file)

what other steps should I take to move on from where I left of?

thanks.

-- 
Regards,

Umarzuki Mochlis
http://debmal.my


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAHW9mbyDrmjZgRqDrdRtA1EqNFkoX=4ZzGESXs7fi+gqY=u...@mail.gmail.com

Re: Connecting Debian to Android phone

[Csanyi Pal]

Hi Markos,

Markos  writes:

>> On 01/25/2014 04:35 PM Csanyi Pal wrote:

>>> Debian SID desktop system through an USB cable to transfer files
>>> from phone to Debian system. How can I do that?

>>> I have installed on the phone the KDE Connect application, and on
>>> the Debian Dekstop the kdeconnect debian package, but don't know how
>>> to use them? 

> I just installed: 
>
> apt-get install mtp-tools mtpfs
>
> and it worked.
>
> Markos

When I run the command:

mtpfs -o allow_other /media/mobtelefon/

I get the message:

Unable to open ~/.mtpz-data for reading, MTPZ disabled.Listing raw
device(s)
No raw devices found.

Well, what could be the problem here?

-- 
Regards from Pal


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87mwid73fb@gmail.com

Wireless AP setup: RTL8188CUS

[Csanyi Pal]

Hi,

I just bought an USB dongle nano Netis WF-2120 adapter.
I want to set it up on my headless Debian Wheezy server as a Wireless
Access Point. 

I'm trying to follow these steps here:
http://www.daveconroy.com/turn-your-raspberry-pi-into-a-wifi-hotspot-with-edimax-nano-usb-ew-7811un-rtl8188cus-chipset/

lsusb shows it as:
Bus 001 Device 004: ID 0bda:8176 Realtek Semiconductor Corp. RTL8188CUS
802.11n WLAN Adapter

I also installed debian packages hostapd and firmware-realtek, and now I
don't know what steps I need more to get this working?

I want to use the ifupdown method described in the
/usr/share/doc/hostapd/README.Debian file. 

However, I can't find the installed driver, and I don't know how can I
load it as a kernel module? 

-- 
Regards from Pal


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87wqhh73w8@gmail.com

Re: How can I secure a Debian installation?

[Denis Witt]

On Tue, 28 Jan 2014 18:42:34 +
Brian  wrote:

> The AllowUsers directive is a legitimate way to restrict ssh logins to
> certain users. However, I do not see what (ssh keys + AllowUsers)
> brings to the party that (password + AllowUsers) doesn't.

A key (if kept secret) is even harder to "guess" than a
password, also it's not "ssh keys + AllowUsers" it's (or should be)
"ssh key + key pass-phrase + AllowUsers".

Best regards.


signature.asc
Description: PGP signature

Re: PXE install, without internet?

[Klaus]

On 30/01/14 05:42, Anubhav Yadav wrote:

Somebody above mentioned that there is a bug in the debian installer
and you need to manually give the proxy.


That "somebody above" was me: Sorry for this red herring, my memory 
obviously didn't serve me right there and I should have searched the 
list archive for any mentioning of this (non-existent) bug.

Glad to see it all worked out at the end!

Incidentally, I've now had time and tried two different netinstall 
images (7.3 and 7.0, both amd64) in a VirtualBox install. At the point 
during the installation when the installer asks about any proxy, it 
makes no difference whether or not I add the trailing slash:

http://192.168.0.127:3142  and
http://192.168.0.127:3142/
both work fine. In other words, I can't reproduce the original error 
described in Anubhav's original question (24/01/14)



When I get on the network mirror page on the installation of client, I
try the following

http://{PXE_IP_Address}:3142

but it just won't work.


Could it just be that the OP typed this in when asked for a mirror 
rather than for the proxy?


--
Klaus


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/52ea686d.10...@gmail.com

Re: ssh login problem from one particular client

[André Nunes Batista]

On Wed, 2014-01-29 at 13:47 -0600, Craig L. wrote:
> On Thu, Jan 23, 2014 at 02:07:08PM -0600, Craig L. wrote:
> > I have a couple of VMs running on a remote server: one with an older 
> > version of
> > Ubuntu, and one running wheezy. I have an ssh tunnel with X forwarding set 
> > up
> > so that I can access the machines from my system as localhost
> > (ssh -p 48828 user@localhost and ssh -p 48829 user@localhost).
> > Yesterday I opened Firefox on the Ubuntu box and was dragging the window to
> > move it, when it suddenly disappeared. In my connection terminal the message
> > "write failed, broken pipe" appeared, and the connection to the remote 
> > server
> > was gone.
> > 
> > When I tried to reconnect, it took almost 60 seconds for the password 
> > prompt to
> > show up. Ever since then this problem occurs from my machine to either of 
> > the
> > VMs. I can ssh into the host server and from there ssh into either VM, and 
> > I get
> > a password prompt immediately. Today I fired up a VM on my local machine,
> > created the tunnel through the server to one of the remote VMs, and tried to
> > ssh in. The password prompt appeared immediately.
> > 
> > In all cases, once I log in everything responds immediately as expected. It 
> > is
> > just the login prompt that is a problem. The remote machines all have
> > UseDNS = no set, and everything has worked fine for several months until 
> > this
> > problem yesterday.
> > 
> > So it looks like the problem is something that has changed on my local 
> > machine,
> > but I have no idea what, or where to begin. We have been having intermittent
> > network issues between here and the building that houses the remote server, 
> > and
> > that is probably what caused the initial connection loss. But I wouldn't 
> > think
> > severing a connection would cause this subsequent problem. Since the server 
> > is
> > on a remote VM I don't think I can ssh in and then run the server in the
> > foreground to watch it run, can I? I have checked the logs on both ends, but
> > nothing looks abnormal to me. The only thing I have not tried is rebooting 
> > my
> > machine, but that's so windows and probably not necessary. So I've turned to
> > y'all for a clue as to how to troubleshoot this issue.
> 
> This appears to be a problem with an ASA firewall appliance and is being
> looked at by our network team and the vendor. I will be happy to provide
> more information if I ever get it.

Sorry to have dropped you out Craig, my next sugestion would have been
to configure iptables logging rules and maybe run some packet sniffer
such as wireshark. But from afar it is difficult to give blind hints.
Please do report your findings, so we can all learn. 

-- 
André N. Batista
GNUPG/PGP KEY: 6722CF80



signature.asc
Description: This is a digitally signed message part

Re: PXE install, without internet?

[Anubhav Yadav]

> No. Probably a DNS problem, alt+f4 in the affected installation to see
> where the error is.

> I've seen the problem but don't recall a specific cause - I also don't
> know your DNS, PXE and TFTP server setup. I generally use an IPCop
> Firewall and DNS, with PXE and TFTP on a separate (VirtualBox) machine,
> so my experience may not translate.

I will be back next monday or tuesday.
For starters I installed the server packages from this guide.
http://www.howtoforge.com/perfect-server-debian-wheezy-apache2-bind-dovecot-ispconfig-3

And the dns and tftp configurations was done using this guide.
http://www.howtoforge.com/setting-up-a-pxe-install-server-for-multiple-linux-distributions-on-debian-lenny

And finally placed the tftp boot files in the directory as specified
in the official debian guide.
https://wiki.debian.org/PXEBootInstall#Set_up_TFTP_server

As soon as I reach my college the first thing I will do is share my
/etc/networking/interfaces files to
show how I have set up my server.

And thanks for the kind words. Appreciated everyone efforts.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/ca+jf9ag5t9syhjfz0e8vzsc2n7b33o8sefdnyv_pakrb8fh...@mail.gmail.com

Re: How can I debug a kernel module?

[Darac Marjal]

On Thu, Jan 30, 2014 at 03:00:05AM +0100, Sladjan Ristic wrote:
> Hi,
>I have installed Debian under client Hyper-V in Windows 8.1 Pro and the 
> time is not synced
> after a resume, the clock just goes one like nothing happened. So if the 
> guest VM was in a saved
> state for one hour, its clock would be late one hour after resuming the VM. 
> The source of
> 'hv_utils' suggests the guest's clock schould be synced after such a resume 
> event.
> How can I find out what is happening? I can code C a little bit.

First entry after entering "debug kernel module" into a popular internet
search engine: https://lwn.net/Articles/90913/



signature.asc
Description: Digital signature

Re: Installing gconf

[berenger . morel]

Le 28.01.2014 06:59, R. Vishnu a écrit :

Hi
I am new to debian, and I accidentally removed gconf2, so that I
could install gconf-service_3.2.6. But so many stuff got uninstalled
and now I cant access my desktop. No commands like dpkg, sudo etc are
working when the system boots to command line.
 How can I get back my desktop by reinstalling gconf.

With Regards

R. Vishnu
Research Scholar
Indian Institute of Technology Madras


It seems that you installed almost everything :)

But it is not a problem, you should be able to log with your root 
account, or to use $su command ( $ just mean that it can be done as a 
normal user. # means that the command need to be run with root rights. 
).
Then simply type "#apt-get install foo" where foo is the name of your 
package.
Given your description of your problem, you probably want 
task-gnome-desktop.


If you want a better ( at least, more friendly ) interface in command 
line to install software, you can also use aptitude, which can be run as 
simple user or as root. Just note that, if you run it as normal user, 
you will need to use the menu to become root anyway.


Have fun and welcome to Debian :)


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/c6c4e673a28ccb65d0237705a1bae...@neutralite.org