Re: Laser Printer recommendation...
On 07/03/2017 05:41 AM, Whit Hansell wrote: > Can anyone recommend a monochrome (black toner) laser printer that is > currently available and reasonably priced (<$300). I am interested in > finding one as i am sick and tired of buying ink every month even when > I'm not printing much. Have tried the Brother 2270DW but can't get it > to work. Which ones work easillyl, if any? Thanking in advance. I recommend looking at Hewlett-Packard printers, toward the middle or high end of your desired price range. I have used them for quite a few years, from the 1020 and P1505 to the M477 multifunction printer. Using CUPS and hplip, the support is generally complete and pretty current, and not hard to set up, even for Windows systems on the same network. Given that CUPS originally was an Apple product, it should be pretty easy to use any of them with a networked Apple system as well. For printers in the small/medium business line, warranty service also is very good, at least if you purchase directly from HP and incur the additional cost that goes with that. Full disclosure: I do own Hewlett-Packard shares, although not enough that I would likely benefit measurably from sale of a few more printers or toner cartridges. > > Have gone thru many of the printers listed saying they are linux > printers but when I get to the actual printer if it's available it's $ > 1,200 or not available when it's in the $2-300 range. Just wondering if > there are any still available out there, reasonably priced. > > Using Jessie will be going to Stretch in a few months. > > Thanks. > > Whit
Re: Re: Peculiar problem with root login
On 06/18/2017 09:57 AM, Harry Putnam wrote: > David Christensen <dpchr...@holgerdanske.com> writes: > >> On 06/12/2017 06:39 AM, Harry Putnam wrote: >>> Running debian jesse in a vbox vm on a Solaris host >>> >>> I have what seems like an unusual problem with root login on this >>> host. > > [...] > >>> I'm fresh out of ideas as to what else to do here. >>> >>> The auth log shows: >>> >>> Jun 11 14:50:55 d2 sshd[2830]: pam_unix(sshd:auth): authentication >>> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=d.local.lan >>> user=root >>> >>> Jun 11 14:50:57 d2 sshd[2830]: Failed password for root from >>> 127.0.0.1 port 54522 ssh2 >> >> Please run the following commands from the console of the jesse vm as >> root and paste your console session (prompts, commands entered, output >> obtained). If you redact anything, substitute the phrase >> '': >> >> # cat /etc/debian_version >> >> # uname -a >> >> # dpkg-query --show openssh-server >> >> # dpkg-query --show openssh-client >> >> # ls -1 /etc/ssh/*ssh* >> >> # ls -1 /root/.ssh >> >> # egrep -v '^.*#' /etc/ssh/sshd_config | grep . >> >> # ssh localhost >> >> # tail /var/log/auth.log > > Thanks for the prod... I should have included at least some of that. > > --- --- ---=--- --- --- > > diagnostic_data: > > root # cat /etc/debian_version > 8.8 > > root # uname -a > Linux d2 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2 (2017-04-30) x86_64 GNU/Linux > > root # dpkg-query --show openssh-server > openssh-server 1:6.7p1-5+deb8u3 > > root # dpkg-query --show openssh-client > openssh-client 1:6.7p1-5+deb8u3 > > root # ls -1 /etc/ssh/*ssh* > /etc/ssh/ssh_config > /etc/ssh/sshd_config > /etc/ssh/sshd_config~ > /etc/ssh/ssh_host_dsa_key > /etc/ssh/ssh_host_dsa_key.pub > /etc/ssh/ssh_host_ecdsa_key > /etc/ssh/ssh_host_ecdsa_key.pub > /etc/ssh/ssh_host_ed25519_key > /etc/ssh/ssh_host_ed25519_key.pub > /etc/ssh/ssh_host_rsa_key > /etc/ssh/ssh_host_rsa_key.pub > > root # egrep -v '^.*#' /etc/ssh/sshd_config | grep . > Port 22 > Protocol 2 > HostKey /etc/ssh/ssh_host_rsa_key > HostKey /etc/ssh/ssh_host_dsa_key > HostKey /etc/ssh/ssh_host_ecdsa_key > HostKey /etc/ssh/ssh_host_ed25519_key > UsePrivilegeSeparation yes > KeyRegenerationInterval 3600 > ServerKeyBits 1024 > SyslogFacility AUTH > LogLevel INFO > LoginGraceTime 120 > PermitRootLogin without-password This will prevent root login using a password. Only other methods, such as RSA authentication are to be permitted. > StrictModes yes > RSAAuthentication yes > PubkeyAuthentication yes > IgnoreRhosts yes > RhostsRSAAuthentication no > HostbasedAuthentication no > PermitEmptyPasswords no > ChallengeResponseAuthentication no > PasswordAuthentication yes > X11Forwarding yes > X11DisplayOffset 10 > PrintMotd no > PrintLastLog yes > TCPKeepAlive yes > AcceptEnv LANG LC_* > Subsystem sftp /usr/lib/openssh/sftp-server > UsePAM yes > PermitRootLogin yes This may or may not be effective owing the the above setting of "PermitRootLogin without-password" depending on how sshd treats duplicate setting. My (jessie) man page does not say whether the first or last setting will be effective. > > root # ssh localhost > root@localhost's password: > Permission denied, please try again. > root@localhost's password: > > Could not login -ed Harry > > root # tail /var/log/auth.log > Jun 18 11:43:17 d2 sshd[1894]: Accepted password for reader from 192.168.1.42 > port 40945 ssh2 > Jun 18 11:43:17 d2 sshd[1894]: pam_unix(sshd:session): session opened for > user reader by (uid=0) > Jun 18 11:43:17 d2 systemd-logind[477]: New session 185 of user reader. > Jun 18 11:43:17 d2 sshd[1897]: Setting tty modes failed: Invalid argument > Jun 18 11:43:59 d2 su[1917]: Successful su for root by reader > Jun 18 11:43:59 d2 su[1917]: + /dev/pts/4 reader:root > Jun 18 11:43:59 d2 su[1917]: pam_unix(su:session): session opened for user > root by reader(uid=1000) > Jun 18 11:45:56 d2 sshd[1963]: pam_unix(sshd:auth): authentication failure; > logname= uid=0 euid=0 tty=ssh ruser= rhost=d.local.lan user=root > Jun 18 11:45:58 d2 sshd[1963]: Failed password for root from 127.0.0.1 port > 54526 ssh2 > Jun 18 11:46:03 d2 sshd[1963]: Connection closed by 127.0.0.1 [preauth] > My preferences, for what it is worth, are PermitRootLogin without-password ChallengeResponseAuthentication no PasswordAuthentication no AllowUsers netuser1 \ netuser2 \ ... \ root@localhost \ root@backuphost On some systems, "localhost" doesn't work; root@::1 root@127.0.0.1 is a workaround. I have not got around to figuring out the differences, and as the circumvention is trivial it is not a high priority. This requires arranging to install each user's public key in his or her .ssh/authorized_keys file, which can be a pain on a large or active network, but not that much of a problem with up to a few dozen users and systems. Regards, Tom Dial
Re: Re: unattended upgrades does not do anything
On 04/05/2017 10:22 AM, Lisi Reisz wrote: > On Wednesday 05 April 2017 15:46:53 Jonathan Dowland wrote: >> On Wed, Apr 05, 2017 at 10:26:18PM +0900, Mark Fletcher wrote: >>> I am going to have a go at getting unattended-upgrades to work sometime >>> in the next few days, I will post back what my results, even if the only >>> thing that results is sympathy for your situation and a "me-too!" >> >> I have a working unattended-upgrades setup, I will try and remember what I >> had to do. > > Thank you! > > Lisi > I know I am quite late to the party, but has https://wiki.debian.org/UnattendedUpgrades been offered as a possible answer? I have used it as a guide for unattended-upgrades setup on a sizable handful of systems, and with uniform success. As I recall it, install defaults apply only security upgrades, and of course require that /etc/apt/sources.list include the version appropriate reference to security.debian.org - deb http://security.debian.org/ jessie/updates main contrib non-free for example. Tom Dial td...@acm.org
Re: If Linux Is About Choice, Why Then ...
On Mon, Apr 3, 2017 at 7:28 AM, Brad Rogers <b...@fineby.me.uk> wrote: > On Mon, 3 Apr 2017 05:06:22 -0700 > Rick Thomas <rbtho...@pobox.com> wrote: > > Hello Rick, > >> There *are* choices. > > Indeed. Debian also have choices(1). They made them. Inevitably, some > people were going to get annoyed about it. > > (1) Many seem to have forgotten they're entitled to make choices as well. Well, that's why I left Ubuntu when they insisted on constant changing of desktops. But I kind of understand why systemd, but I wish I could find a good cookbook description of how to add or modify a new process. Thanks. Best regards, -Tom
Re: Suitable text editor [NOT word processor] or workaround?
On Sat, Apr 1, 2017 at 14:36 Fred <f...@blakemfg.com> wrote: > On 04/01/2017 09:24 AM, Richard Owlett wrote: > > On 04/01/2017 10:55 AM, cbannis...@slingshot.co.nz wrote: > >> On Thu, Mar 16, 2017 at 06:38:52AM -0500, Richard Owlett wrote: > >>> The two files are nearly identical and need them displayed > >>> simultaneously > >>> for instant visual comparison. Opening one of the files read only > >>> would be > >>> acceptable but not preferable. Try diffuse. -Tom
Re: Need USB Wireless Adaptor for Dell Inspiron 11 2-in-1?
On Sat, Mar 25, 2017 at 2:33 PM, Dougwrote: ... > Perhaps you can find an interface card that will > physically interface ... > While I was trying to get the Inspiron wireless to work, I bought a little > USB gadget that was > very small, and while it did work, it had almost no range. The internal wifi > cards attach to > antenna wires that run up behind the screen, and this gives much better > range. > > One more thing: I have a machine that has a Broadcom chip in it, and I have > dual-booted > Mint 17 LTS on that machine, and Mint is smart enough to find the right > software for the > Broadcom, and Mint works out of the box on that machine. And Mint is a nice > distro. Try it! I have tried it, and I'm not a fan. But thanks for the suggestions, Doug. To your point about limited range with a small add-on, Ben suggested a USB ethernet device that has an antenna, and I'll try it if the small one I ordered doesn't work. Best regards
Re: Need USB Wireless Adaptor for Dell Inspiron 11 2-in-1?
On Sat, Mar 25, 2017 at 04:15 deloptes <delop...@gmail.com> wrote: > Tom Browder wrote: > > Dell 1800 > What is this Dell 1800 - what is the wireless card model and driver? > In the subject you ay Dell Inspiron 11, which has DW1707. > https://wikidevi.com/wiki/Dell_Wireless_1707_(DW1707) The Dell Wireless 1800 is what Dell calls the wireless network adapter in the Dell 11 Inspiron 3000 2-in-one laptop. There are actually at least three sub-models of the 11 and mine (3157, service tag FGYN52) has the DW1800, part number KJTH7, which uses the Debian package firmware-realtek. I did try to use the latest kernel from jessie-backports but the reboot failed and I started over after I found a USB wired ethernet adaptor in my parts box (a Cable Matters 202023 which claims it works with all OSs) and it works great. The wireless still is unreliable but, in the meantime, I have taken Reco's advice and bought an Ralink RT5370 which I trust will solve the problem when it arrives. I too have used a couple of Dell Latitudes for a total of eight years and have had no trouble with them, but its wired/wireless adapter is different from the 11. Thanks. Best regards, -Tom
Re: Need USB Wireless Adaptor for Dell Inspiron 11 2-in-1?
On Fri, Mar 24, 2017 at 17:11 Ben Caradoc-Davies <b...@transient.nz> wrote: > > On 25/03/17 01:40, Tom Browder wrote: > > 1. What specific model of USB wireless ethernet adaptor does anyone > > recommend that has worked for them out of the box? > > TP-Link TL-WN722N: > http://www.tp-link.com/us/products/details/cat-5520_TL-WN722N.html Thanks, Ben. I would have bought that but I didn't have your rec at the time. Based on reviews, etc., at Amazon, I bought the Panda Ultra 150Mbps Wireless N USB Adapter. It will arrive next week and I hope it works! Best regards, -Tom
Re: Need USB Wireless Adaptor for Dell Inspiron 11 2-in-1?
On Fri, Mar 24, 2017 at 07:56 Reco <recovery...@gmail.com> wrote: > Hi. ... > Thanks very much, Reco! Best regards, -Tom
Need USB Wireless Adaptor for Dell Inspiron 11 2-in-1?
I have the Dell laptop and I was able to load Deb 8 on it via a netinst, but the Dell 1800 wireless drops contact with the internet often. Sometimes a reboot will work but not every time. Three questions, please: 1. What specific model of USB wireless ethernet adaptor does anyone recommend that has worked for them out of the box? 2. What specific model of USB wired ethernet adaptor does anyone recommend that has worked for them out of the box? 3. If anyone has used jessie backports to fix a Dell Wireless 1800 problem, can you list the backport packages needed? Thanks so much. Best regards, -Tom
Re: Icedove calendar not syncing to google calendar
On 01/08/2017 03:59 AM, didier gaumet wrote: Hello, I do not know for Stretch and Sid, but the Jessie version of the calendar-google-provider package is not the last stable from upstream. In my case, deinstalling the debian package and installing the upstream thunderbird extension solves the problem. YMMV... If you haven't already tried it, you may want to install the "Provider for Google Calendar" extension from Icedove Tools->Add-ons->Extensions. This worked for me to solve a similar problem. HTH Tom Ashley
Networking: unable to get multi-homed host working in Debian 8 [SOLVED]
-- Forwarded message -- From: Tom Browder <tom.brow...@gmail.com> Date: Fri, Aug 12, 2016 at 9:23 AM Subject: Re: Networking: unable to get multi-homed host working in Debian 8 To: "debian-user@lists.debian.org" <debian-user@lists.debian.org> On Tue, Aug 9, 2016 at 8:16 PM, Tom Browder <tom.brow...@gmail.com> wrote: > I have read the current Debian networking docs on the subject > (https://wiki.debian.org/NetworkConfiguration#iproute2_method). I > want to use at least two IPv4 static addresses on the same physical > NIC. Following examples I have tried this in my > "/etc/network/interfaces" file: ... I have now had success on my test host running Debian on my local network. Below is a working "/etc/network/interfaces" file, but there are some warnings, notes, and caveats for its use. Note also the file is IDENTICAL to the one I asked about originally. I went down a rabbit hole because the "service networking restart" command locked me out of my test host and I couldn't get back in locally because I had an KVM failure I didn't know about. Just today I got all working again. 1. WARNING: The following command, mentioned in the some networking docs (like the one mentioned by my server hosting company!!!), caused a system lock-up and loss of all network contact external to or internal from the host: # service networking restart. However, a subsequent reboot worked. That might be impossible or expensive to do if you do not have direct access (i.e., non-network) access to the host. 2. CAUTION: I have not tried all the various if* or ip commands on the test host. Your mileage may vary. The "/etc/network/interfaces" file: === # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug eth0 iface eth0 inet static address 192.168.0.17 netmask 255.255.255.0 gateway 192.168.0.1 dns-nameservers 208.67.222.222 208.67.220.220 up ip addr add 192.168.0.18/24 dev $IFACE label $IFACE:0 down ip addr del 192.168.0.18/24 dev $IFACE label $IFACE:0 up ip addr add 192.168.0.19/24 dev $IFACE label $IFACE:1 down ip addr del 192.168.0.19/24 dev $IFACE label $IFACE:1 RESULTS === Running "sbin/ifconfig" on the test host (with two NICs: one used and one unused, and the two new alias IPv4s) yields: eth0 Link encap:Ethernet HWaddr 00:1d:7d:aa:fa:7b inet addr:192.168.0.17 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::21d:7dff:feaa:fa7b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:735 errors:0 dropped:0 overruns:0 frame:0 TX packets:749 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:82025 (80.1 KiB) TX bytes:101457 (99.0 KiB) eth0:0Link encap:Ethernet HWaddr 00:1d:7d:aa:fa:7b inet addr:192.168.0.18 Bcast:0.0.0.0 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:1Link encap:Ethernet HWaddr 00:1d:7d:aa:fa:7b inet addr:192.168.0.19 Bcast:0.0.0.0 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth1 Link encap:Ethernet HWaddr 00:15:e9:81:14:b4 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:123 errors:0 dropped:0 overruns:0 frame:0 TX packets:123 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:49276 (48.1 KiB) TX bytes:49276 (48.1 KiB) I can ssh into the test host using all three IPv4s. NOTES = RECOMMENDATIONS Test network changes on a host that you have direct access to!!!! Thanks for the help Pascal, and I hope this will help someone else. Best regards, -Tom
Re: Networking: unable to get multi-homed host working in Debian 8
On Tue, Aug 9, 2016 at 8:16 PM, Tom Browder <tom.brow...@gmail.com> wrote: > I have read the current Debian networking docs on the subject > (https://wiki.debian.org/NetworkConfiguration#iproute2_method). I > want to use at least two IPv4 static addresses on the same physical > NIC. Following examples I have tried this in my > "/etc/network/interfaces" file: ... I have now had success on my test host running Debian on my local network. Below is a working "/etc/network/interfaces" file, but there are some warnings, notes, and caveats for its use. Note also the file is IDENTICAL to the one I asked about originally. I went down a rabbit hole because the "service networking restart" command locked me out of my test host and I couldn't get back in locally because I had an KVM failure I didn't know about. Just today I got all working again. 1. WARNING: The following command, mentioned in the some networking docs (like the one mentioned by my server hosting company!!!), caused a system lock-up and loss of all network contact external to or internal from the host: # service networking restart. However, a subsequent reboot worked. That might be impossible or expensive to do if you do not have direct access (i.e., non-network) access to the host. 2. CAUTION: I have not tried all the various if* or ip commands on the test host. Your mileage may vary. The "/etc/network/interfaces" file: === # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug eth0 iface eth0 inet static address 192.168.0.17 netmask 255.255.255.0 gateway 192.168.0.1 dns-nameservers 208.67.222.222 208.67.220.220 up ip addr add 192.168.0.18/24 dev $IFACE label $IFACE:0 down ip addr del 192.168.0.18/24 dev $IFACE label $IFACE:0 up ip addr add 192.168.0.19/24 dev $IFACE label $IFACE:1 down ip addr del 192.168.0.19/24 dev $IFACE label $IFACE:1 RESULTS === Running "sbin/ifconfig" on the test host (with two NICs: one used and one unused, and the two new alias IPv4s) yields: eth0 Link encap:Ethernet HWaddr 00:1d:7d:aa:fa:7b inet addr:192.168.0.17 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::21d:7dff:feaa:fa7b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:735 errors:0 dropped:0 overruns:0 frame:0 TX packets:749 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:82025 (80.1 KiB) TX bytes:101457 (99.0 KiB) eth0:0Link encap:Ethernet HWaddr 00:1d:7d:aa:fa:7b inet addr:192.168.0.18 Bcast:0.0.0.0 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:1Link encap:Ethernet HWaddr 00:1d:7d:aa:fa:7b inet addr:192.168.0.19 Bcast:0.0.0.0 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth1 Link encap:Ethernet HWaddr 00:15:e9:81:14:b4 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:123 errors:0 dropped:0 overruns:0 frame:0 TX packets:123 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:49276 (48.1 KiB) TX bytes:49276 (48.1 KiB) I can ssh into the test host using all three IPv4s. NOTES = RECOMMENDATIONS Test network changes on a host that you have direct access to Thanks for the help Pascal, and I hope this will help someone else. Best regards, -Tom
Re: Networking: unable to get multi-homed host working in Debian 8
On Wed, Aug 10, 2016 at 7:13 AM, Pascal Hambourg <pas...@plouf.fr.eu.org> wrote: > Le 10/08/2016 à 13:22, Tom Browder a écrit : >> >> >> Ping from the test host itself to its primary first alias IP: >> >> PING 192.168.0.18 (192.168.0.18) 56(84) bytes of data. >>> >>> From 192.168.0.17 icmp_seq=1 Destination Host Unreachable > > > It really looks like the secondary address is not configured on the host. > Did you check with "ip -4 addr" ? $ ip -4 addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 inet 192.168.0.17/24 brd 192.168.0.255 scope global eth0 valid_lft forever preferred_lft forever Is there confusion in my Debian 8 between networking setting methods (ip ves ifconfig)? I'm in the dark and just following docs and helpful folks like you! Best, -Tom
Re: Networking: unable to get multi-homed host working in Debian 8
On Wednesday, August 10, 2016, Pascal Hambourg <pas...@plouf.fr.eu.org> wrote: > > Le 10/08/2016 à 03:16, Tom Browder a écrit : >> >> Then, as root, I executed "service networking restart" and all looked >> well until I logged in to another host and tried to ping the new IP >> and got no good ping. > > Can you elaborate "all looked well" and "no good ping" ? > Commands, results ? Thanks for the reply, Pascal. Ping from another host to the test host (bigtom): PING bigtom.tombrowder.com (192.168.0.17) 56(84) bytes of data. 64 bytes from bigtom.tombrowder.com (192.168.0.17): icmp_seq=1 ttl=64 time=3.05 ms 64 bytes from bigtom.tombrowder.com (192.168.0.17): icmp_seq=2 ttl=64 time=3.14 ms Then a ping to the primary IP: PING 192.168.0.17 (192.168.0.17) 56(84) bytes of data. 64 bytes from 192.168.0.17: icmp_seq=1 ttl=64 time=3.07 ms 64 bytes from 192.168.0.17: icmp_seq=2 ttl=64 time=3.00 ms Then a ping to the secondary IP (first alias): PING 192.168.0.18 (192.168.0.18) 56(84) bytes of data. >From 192.168.0.35 icmp_seq=1 Destination Host Unreachable >From 192.168.0.35 icmp_seq=2 Destination Host Unreachable > What's the result of ping to these addresses from the host itself ? I didn't think of that. Ping from the test host itself to its host name: PING bigtom.tombrowder.com (127.0.1.1) 56(84) bytes of data. 64 bytes from bigtom.tombrowder.com (127.0.1.1): icmp_seq=1 ttl=64 time=0.019 ms 64 bytes from bigtom.tombrowder.com (127.0.1.1): icmp_seq=2 ttl=64 time=0.011 ms Ping from the test host itself to its primary IP: PING 192.168.0.17 (192.168.0.17) 56(84) bytes of data. 64 bytes from 192.168.0.17: icmp_seq=1 ttl=64 time=0.020 ms 64 bytes from 192.168.0.17: icmp_seq=2 ttl=64 time=0.013 ms Ping from the test host itself to its primary first alias IP: PING 192.168.0.18 (192.168.0.18) 56(84) bytes of data. >From 192.168.0.17 icmp_seq=1 Destination Host Unreachable >From 192.168.0.17 icmp_seq=2 Destination Host Unreachable Thanks again for your help. Best regards, -Tom
Networking: unable to get multi-homed host working in Debian 8
I have read the current Debian networking docs on the subject (https://wiki.debian.org/NetworkConfiguration#iproute2_method). I want to use at least two IPv4 static addresses on the same physical NIC. Following examples I have tried this in my "/etc/network/interfaces" file: # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug eth0 iface eth0 inet static address 192.168.0.17 netmask 255.255.255.0 gateway 192.168.0.1 dns-nameservers 208.67.222.222 208.67.220.220 # add new IPv4 devices up ip addr add 192.168.0.18/24 dev $IFACE label $IFACE:0 down ip addr del 192.168.0.18/24 dev $IFACE label $IFACE:0 up ip addr add 192.168.0.19/24 dev $IFACE label $IFACE:1 down ip addr del 192.168.0.19/24 dev $IFACE label $IFACE:1 Then, as root, I executed "service networking restart" and all looked well until I logged in to another host and tried to ping the new IP and got no good ping. Has anyone any ideas about what I am doing wrong? I have installed the vlan and iproute2 packages and removed the iproute package. Do I need to do something about kernel modules? I saw nothing in the doc about that, but I seem to remember having to fool with that in the old days. . Thanks for any help. Best regards, -Tom
Re: Terminal
On 07/29/2016 04:04 PM, Темир Урокбаев wrote: Hello. Tell me, is there a comprehensive list of terminal commands, and where to find it or download. The following sites may help. http://ss64.com/bash/ http://man7.org/linux/man-pages/dir_section_1.html Tom Ashley
Re: How to create package without source code
On 27/07/2016 09:24, Hans wrote: However, I did not quit understand. Can I add several files instead of a single one? And will it preserve rights, as I set? Yes, both these are possible - have a look at the Wiki for more examples https://github.com/jordansissel/fpm/wiki
Re: How to create package without source code
On 27/07/2016 08:39, Hans wrote: The file is just a script. I read in the dokus, and all told, they want to compile somehow. I imagine, to pack all the files with the correct user rights into a folder, then pack it into maybe *.tgz and then change it somehow into a *.deb. Maybe there is a more simple way und you might want to point me to it. It's sort of cheating, and wouldn't allow you to upload to the Debian archive, but for personal/internal use something like FPM might work. See https://github.com/jordansissel/fpm/wiki/PackageSimpleFiles for an example.
Re: Next gotcha
On Saturday, July 23, 2016, Gene Heskett <ghesk...@shentel.net> wrote: > On Saturday 23 July 2016 18:00:30 David Wright wrote: > > On Sat 23 Jul 2016 at 16:20:12 (-0400), Gene Heskett wrote: > > > On Saturday 23 July 2016 14:15:09 David Wright wrote: > > > > On Sat 23 Jul 2016 at 13:13:27 (-0400), Gene Heskett wrote: > > > > > On Saturday 23 July 2016 08:01:37 deloptes wrote: > > > > > > About your query. I prefer using Xfig in cases (probably) like I used xfig for many years and it did the job very well, but now I use Inkscape (inkscape.org) and love it. The online docs are not as good as I would like, but there is a soft-bound book available which is well worth the price if you do much vector image work. Inkscape is available in packages for both Deb 7 and Deb 8 (and I'm pretty sure it was available before that). Best regards, -Tom
Re: ThinkPad fan
On 17/06/2016 10:58, Francesco Montanari wrote: I recently installed Jessie on a Lenovo ThinkPad T420. The fan usage looks reasonable. However, high temperatures (96 C) are reached when CPUs are running intensively for more than one minute or so. The fan speed at those temperatures is about 4500 rpm. Back when I had a ThinkPad, I found it would shut itself down at around that temperature. I also found that 4500 RPM isn't exactly the highest speed the fan can run. I wrote https://github.com/theothertom/thinkpad-temp_mon to control the fan and have it spin faster over 80C. Before you have a go, note that I've not touched that code in >4 years (and don't have a thinkpad any more), so it might take a bit of poking before it works.
LVM Merge
Hello, I'm trying to merge an LVM snapshot into the original volume. If I look in the man page for lvconvert, under '--merge', it says: To check if your kernel supports the snapshot merge feature, look for 'snapshot-merge' in the output of 'dmsetup targets'. If I run 'dmsetup targets', I get the following: root@debian:~# dmsetup targets cryptv1.11.1 striped v1.4.1 linear v1.1.1 errorv1.0.1 root@debian:~# I'm running a standard install of Debian 7.9: root@debian:~# uname -a Linux debian 3.2.0-4-amd64 #1 SMP Debian 3.2.78-1 x86_64 GNU/Linux root@debian:~# Does anyone have any idea how to add snapshot-merge into the kernel? Thanks! Tom
LVM Merge
Hello, I'm trying to merge an LVM snapshot into the original volume. If I look in the man page for lvconvert, under '--merge', it says: To check if your kernel supports the snapshot merge feature, look for 'snapshot-merge' in the output of 'dmsetup targets'. If I run 'dmsetup targets', I get the following: root@debian:~# dmsetup targets cryptv1.11.1 striped v1.4.1 linear v1.1.1 errorv1.0.1 root@debian:~# I'm running a standard install of Debian 7.9: root@debian:~# uname -a Linux debian 3.2.0-4-amd64 #1 SMP Debian 3.2.78-1 x86_64 GNU/Linux root@debian:~# Does anyone have any idea how to add snapshot-merge into the kernel? Thanks! Tom
Re: debian-user-digest Digest V2016 #417
Although encryption of the disk (as offered during installation) is a good idea, it protects against loss of the system or disk while powered down. It does not protect against unauthorized access to the running system, and if the threat model includes that, zeroing (or better yet, multiply overwriting with varying patterns and then zeroing) offers protection that disk encryption does not. Neither action protects against determined state equivalent actors or malware implanted in the drive controller. Tom Dial On 05/02/2016 11:17 AM, debian-user-digest-requ...@lists.debian.org wrote:
Re: Beginning of the End for Wheezy [sigh!]
On Sunday, April 17, 2016, Renaud OLGIATI <ren...@olgiati-in-paraguay.org> wrote: > On Sun, 17 Apr 2016 11:48:16 + > Mark Fletcher <mark2...@gmail.com <javascript:;>> wrote: > > > It seems the emotions, even now, are running too high to be simply about > > "if it ain't broke don't fix it". What am I missing? > > You are missing that the change to systemd makes most of the knowledge > patiently acquired over the years running and caring for a Linux system has > suddenly become unusable Note I initially felt the same way, but the new system seemed to use my LSB-formatted init scripts just fine. Best regards, -Tom
Re: Can you help me figure out why I can't get Grub to install from a standard CD .iso?
I used the Mate DVD (8.4) with the non-free packages for a fresh install on my Dell 6500 laptop. The initial installation went fine. Then I powered down and went to give a presentation and could not get it to boot into the graphical desktop. I reinstalled again and had the same failure. In a final (and successful, whew!) atttempt I used the regular x64 netinst CD, selected Mate as my only desktop, and all has been well since (fingers still crossed but loosening by the day). Note the Debian website says the special DVDs don't get as much testing, so I suspect my laptop might have found a bug. Unfortunately I don't have ensough data to confirm that. HTH Best regards, -Tom P.S. I love the Mate desktop as it is. Please don't add any more bells and whistles from the pop culture, just maintain it in the choice of desktops for the normal Debian distribution.
Best use of program 'debfoster' to back-up package lists and packages?
I am in the process of reinstalling Debian 8 after my desktop died, and want to make sure I keep a list of packages installed. Following various debian threads I'm going to do this: # dpkg --get-selections "*" > /backup/dpkg-get/selections # apt-key exportall > /backup/repositories.keys and after the new installation do this: # apt-key add /backup/repositories.keys # apt-get update # dpkg --set-selections < $d/dpkg-get/selections # apt-get dselect-upgrade Questions: 1. Any problems with the above procedures? 2. I just now found out about program 'debfoster'. How can I integrate it into the back-up/restore process above? Thanks. Best regards, -Tom
Fwd: Debian 8 fresh install, lost MATE desktop (lightdm) after first reboot, cannot recover graphical login
I just realized I didn't post my reply to the list. -Tom -- Forwarded message -- From: *Tom Browder* <tom.brow...@gmail.com> Date: Tuesday, April 5, 2016 Subject: Debian 8 fresh install, lost MATE desktop (lightdm) after first reboot, cannot recover graphical login To: arian <deb...@semioptimal.net> On Tue, Apr 5, 2016 at 5:26 PM, arian <deb...@semioptimal.net <javascript:;>> wrote: > please retrieve the actual logs from > # journalctl -u lightdm Output of "journalctl -u lightdm" follows: # journalctl -u lightdm -- Logs begin at Tue 2016-04-05 16:50:35 CDT, end at Tue 2016-04-05 17:51:15 CDT. -- Apr 05 16:50:46 juvat2 systemd[1]: lightdm.service: main process exited, code=exited, status=1/FAILURE Apr 05 16:50:46 juvat2 systemd[1]: Unit lightdm.service entered failed state. Apr 05 16:50:47 juvat2 systemd[1]: lightdm.service: main process exited, code=exited, status=1/FAILURE Apr 05 16:50:47 juvat2 systemd[1]: Unit lightdm.service entered failed state. Apr 05 16:50:47 juvat2 systemd[1]: lightdm.service: main process exited, code=exited, status=1/FAILURE Apr 05 16:50:47 juvat2 systemd[1]: Unit lightdm.service entered failed state. Apr 05 16:50:48 juvat2 systemd[1]: lightdm.service: main process exited, code=exited, status=1/FAILURE Apr 05 16:50:48 juvat2 systemd[1]: Unit lightdm.service entered failed state. Apr 05 16:50:48 juvat2 systemd[1]: lightdm.service: main process exited, code=exited, status=1/FAILURE Apr 05 16:50:48 juvat2 systemd[1]: Unit lightdm.service entered failed state. Apr 05 16:50:48 juvat2 systemd[1]: lightdm.service start request repeated too quickly, refusing to start. Apr 05 16:50:48 juvat2 systemd[1]: Failed to start Light Display Manager. Apr 05 16:50:48 juvat2 systemd[1]: Unit lightdm.service entered failed state Thanks, arian. Best, -Tom
Debian 8 fresh install, lost MATE desktop (lightdm) after first reboot, cannot recover graphical login
Yesterday, after a week with my new Debian 8 desktop running Mate, I did an "aptitude update" and somehow upgraded "fglrx-control" among other things (I have no idea if that was the genesis of my problem, but later I found some nvidia packages installed wile I have an Intel graphics device). I merrily continued to work until I had to shutdown to go to my Linux group meeting. There I booted up my laptop (he first reboot after the intial install) and could not get a graphical display! I have fooled with it all day to no avail. I discovered just now that I can get an X program to display from a remote login into the laptop, but nothing on the physical laptop. I have tried reinstalling MATE as well as xfce to no avail. When booting I get a flash of a message saying: [FAILED] Failed to start Light Display Manager. See 'systemctl status lightdm.service' for details. When I execute "systemctl status lightdm.service" I get: # systemctl status lightdm.service * lightdm.service - Light Display Manager Loaded: loaded (/lib/systemd/system/lightdm.service; enabled) Active: failed (Result: start-limit) since Tue 2016-04-05 14:31:51 CDT; 3min 19s ago Docs: man:lightdm(1) Process: 833 ExecStart=/usr/sbin/lightdm (code=exited, status=1/FAILURE) Process: 829 ExecStartPre=/bin/sh -c [ "$(cat /etc/X11/default-display-manager 2>/dev/null)" = "/usr/sbin/lightdm" ] (code=exited, status=0/SUCCESS) Main PID: 833 (code=exited, status=1/FAILURE) Apr 05 14:31:51 juvat2 systemd[1]: lightdm.service: main process exited, code=exited, status=1/FAILURE Apr 05 14:31:51 juvat2 systemd[1]: Unit lightdm.service entered failed state. Apr 05 14:31:51 juvat2 systemd[1]: lightdm.service start request repeated too quickly, refusing to start. Apr 05 14:31:51 juvat2 systemd[1]: Failed to start Light Display Manager. Apr 05 14:31:51 juvat2 systemd[1]: Unit lightdm.service entered failed state. I will reinstall Debian 8 from scratch if necessary, but that would be a real pain, so I would appreciate any hints. Thanks. Best regards, -Tom
Re: New Deb 8 and no sshd access from other hosts
On Saturday, March 26, 2016, David Wright <deb...@lionunicorn.co.uk> wrote: > > A bit early for [SOLVED], I think. I respectively disagree, David. > On Sat 26 Mar 2016 at 12:08:37 (-0500), Tom Browder wrote: > > On Fri, Mar 25, 2016 at 12:12 PM, Tom Browder <tom.brow...@gmail.com> wrote: > > > I have installed Deb on my laptop and reused my old Deb 7 .ssh directory. ... > > Not such a wonderful resource if it is so easily misunderstood. The > idea is to fix the permissions, not make your installation less secure. I agree. > > Base on the comments from jvp, I looked closer at my home directory on > > the laptop and, sure enough, the permissions were too loose (first I ... > > Then, in the upper widow, I saw the problem. Directory '/usr/local', > > under which my .ssh directory is actually located, was reported to > > have bad permissions: > > > > Authentication refused: bad ownership or modes for directory /usr/local ...> > > > I checked and they were, surprisingly: > > > > # ls -ld /usr/local > > drwxrwsr-x 31 root staff 4096 Mar 24 07:37 /usr/local > > > > I don't know how that happened, but it must have happened during the > > upgrade two days ago when I continued to use my original partition > > mounted as '/usr/local' which was not supposed to have been touched. ... > I don't know what happened long before that! When did /usr/local > become your home directory? See below. > > Anyway, as root, I fixed the permissions back to what I think is correct: > > > > # chmod 00755 /usr/local > > # ls -ld /usr/local > > drwxr-xr-x 31 root staff 4096 Mar 24 07:37 /usr/local > > So now the system is degraded a bit more. The correct permissions, in > fact the entire contents, are: ... Who says those permissions are correct? I checked the file system standard which says that /usr/local is optional. I provide my own /usr/local partion which I save when reinstalling a new OS and see no reason to provide setuid or setgid for it. When I first started administering Unix systems on SGI in 1993, the user home directories were in /usr/local/people and I kept using that as I transitioned the hosts under my control to Linux systems in 1994. Over the years on my own systems I have found it convenient to keep home system resource directories and files (.bashrc, .profile, .bash_aliase, .xemacs, .ssh, etc.) in a version-controlled, personal directory under /usr/local. I then soft link those back to whatever the newly installed system sets as my home directory. It has worked fine until the Debian 8 install set the permissions as noted which interfered with strict ssh. Anyway, all is well now. Thanks, David. Best regards, -Tom
Re: New Deb 8 and no sshd access from other hosts [SOLVED]
On Saturday, March 26, 2016, Andrew McGlashan < andrew.mcglas...@affinityvision.com.au <javascript:_e(%7B%7D,'cvml','andrew.mcglas...@affinityvision.com.au');>> wrote: > > On 27/03/2016 4:08 AM, Tom Browder wrote: > > On Fri, Mar 25, 2016 at 12:12 PM, Tom Browder <tom.brow...@gmail.com> > wrote: ... > > I found this wonderful resource: > > > > http://www.unixlore.net/articles/troubleshooting-ssh-connections.html > > That was a JIT find (just in time) only written up 26th March, 2016. JIT, indeed! I hadn't noticed the date! I give my thanks to the author(s). (I haven't found any attribution there yet.) > Once you have everything good, make sure that you change StrictModes > back to default. Thanks, Andrew. I did but forgot to say so. > I usually restrict with known IP addresses (static ones) and sometimes > with users having to be in a specific group that allows ssh. Also, > authorized keys enforced instead of passwords. At the moment I'm the sole user, although I'm considering giving limited access to a few folks later. How do you manage the server while traveling--some kind of personal VPN? Best regards, -Tom
Re: New Deb 8 and no sshd access from other hosts [SOLVED]
On Fri, Mar 25, 2016 at 12:12 PM, Tom Browder <tom.brow...@gmail.com> wrote: > I have installed Deb on my laptop and reused my old Deb 7 .ssh directory. > > I can now ssh into the existing remote servers but cannot ssh into my > laptop from them (as a normal user)--I always get asked for a > password. So the remote servers recognize my old Deb 7 keys, but > apparently my laptop doesn't recognize the other servers' keys. ... I found this wonderful resource: http://www.unixlore.net/articles/troubleshooting-ssh-connections.html which helped me solve the problem. First, in file '/etc/ssh/sshd_config', I changed the line StrictModes yes to this StrictModes no and restarted the ssh server. As root: # invoke-rc.d ssh restart Then I attempted the ssh login and it worked! Base on the comments from jvp, I looked closer at my home directory on the laptop and, sure enough, the permissions were too loose (first I have ever heard of that, but then again I haven't looked at 'man ssh' in many years). Note that I have for all the years after ssh came along been setting the .ssh permissions correctly, but I've never run into a problem with the home directory. In fact, when I was working at our office on site (up until the end of 2008), we commonly allowed read access between user directories but ssh still worked. But after setting the home directory permissions to 00700 and restarting ssh, the login still didn't work! Then I looked at the resource page where it showed how to debug the whole ssh login session. I used two terminal windows stacked one above the other. In the top window, on the laptop (local host) I became root and executed the following: # /usr/sbin/sshd -d -p and in the lower window I logged into the remote host and, as my normal user self, executed the following: $ ssh -vv -p jv2 where 'jv2' is the host name of my laptop. Then, in the upper widow, I saw the problem. Directory '/usr/local', under which my .ssh directory is actually located, was reported to have bad permissions: Authentication refused: bad ownership or modes for directory /usr/local I checked and they were, surprisingly: # ls -ld /usr/local drwxrwsr-x 31 root staff 4096 Mar 24 07:37 /usr/local I don't know how that happened, but it must have happened during the upgrade two days ago when I continued to use my original partition mounted as '/usr/local' which was not supposed to have been touched. Anyway, as root, I fixed the permissions back to what I think is correct: # chmod 00755 /usr/local # ls -ld /usr/local drwxr-xr-x 31 root staff 4096 Mar 24 07:37 /usr/local restarted the ssh server, and the login worked as advertised--whew! Thanks to all who offered help. Best regards, -Tom
Re: New firefox isn't working
On Friday, March 25, 2016, Gene Heskett <ghesk...@shentel.net> wrote: > Greetings all; > ... > Is this my fault, or firefox? If my fault, how do I fix it? I can't help you at the moment, Gene, I have pretty much boycotted Firefox. But I want you to know I enjoyed your web site and totally concur with your opinions--may God save our nation! If I were a Facebook user I would "like" your post. Cheers from another old-timer! -Tom
Re: New Deb 8 and no sshd access from other hosts
On Fri, Mar 25, 2016 at 12:33 PM, Jörg-Volker Peetz <jvpe...@web.de> wrote: > I'd first check file permissions in your .ssh directory (see man ssh). > If they are o.k., I'd call ssh with one or more -v switches. On, duh, forgot about the '-v' option--I'll work with that and report back. Thanks, jvp! -Tom
Re: New Deb 8 and no sshd access from other hosts
On Fri, Mar 25, 2016 at 12:38 PM, David Wright <deb...@lionunicorn.co.uk> wrote: > On Fri 25 Mar 2016 at 12:12:44 (-0500), Tom Browder wrote: >> I have installed Deb on my laptop and reused my old Deb 7 .ssh directory. >> >> I can now ssh into the existing remote servers but cannot ssh into my >> laptop from them (as a normal user)--I always get asked for a >> password. So the remote servers recognize my old Deb 7 keys, but >> apparently my laptop doesn't recognize the other servers' keys. ... >> Can anyone suggest where to look next? > > What you lost on your laptop is ~/.ssh/authorized_keys which would > have had the public keys from your ~/.ssh/ on each of the remote hosts. No, the authorized_keys are still there. Thanks. -Tom
Re: New Deb 8 and no sshd access from other hosts
On Fri, Mar 25, 2016 at 12:12 PM, Tom Browder <tom.brow...@gmail.com> wrote: > I have installed Deb on my laptop and reused my old Deb 7 .ssh directory. ... > that my laptop host's entries in the remote host's known_hosts are of > type "EDCSA" while the remote host's entries in the laptop's That should have been "ECDSA."
New Deb 8 and no sshd access from other hosts
I have installed Deb on my laptop and reused my old Deb 7 .ssh directory. I can now ssh into the existing remote servers but cannot ssh into my laptop from them (as a normal user)--I always get asked for a password. So the remote servers recognize my old Deb 7 keys, but apparently my laptop doesn't recognize the other servers' keys. I have compared files: /etc/ssh/ssh_conf /etc/ssh/sshd_conf /etc/pam.d/ssh/sshd between the laptop and the remote server and can see no significant difference for a normal user. I can also see the host names in the .ssh/known_hosts file. I do see that my laptop host's entries in the remote host's known_hosts are of type "EDCSA" while the remote host's entries in the laptop's known_hosts file are of type "RSA." Can anyone suggest where to look next? Thanks. Best regards, -Tom
Re: Changing Boot Order
Greetings, I don't have an answer to your question but maybe sharing a personal experience will help with the problem entering bios setup. I recently had the same issue using a wireless keyboard and discovered the system only responded to a hardwired keyboard at that point in the boot process. By using a USB keyboard instead of the wireless, I was able to enter setup and change the boot order. HTH Tom Ashley On 03/24/2016 04:44 PM, Alan McConnell wrote: Assembled Wisdom! I am running wheezy, and would like to upgrade to jessie. To that end I've bought a CD and a USB stick from LinuxCollections. My problem: when booting I can't get into my bios to change the boot order. No matter what key I press, the system continues on with a re-boot of my old wheezy. Details: my motherboard is a "Military Class Motherboard", which I believe is also called MSI. When the image flashed on the screen, only for a few seconds, I see at the bottom instructions to press either the F11 key, or the Delete key. But when I press either of these, nothing happens. So my question is: can I change the boot order from withing wheezy, after I have booted and wheezy is already in use? [ Yes, I should have saved the material that came with my machine. But I have recently moved, quite hurriedly, and I fear that the paper manuals were lost. ] Thanks in advance for all help and suggestions! Alan
Re: Upgrade Deb 7 to 8, GNOME Flashback, terminal windows not saved: any way to save?
On Tuesday, March 22, 2016, Lisi Reisz <lisi.re...@gmail.com> wrote: ... > Sorry, I should get to the end before I respond! That's okay, Lisi, I do that, too, especially when trying to work e-mail with a tablet. And this gives me a chance to elucidate on my situation. I have liked and used Debian for at least 10 years (after 10+ years with Yggdrasil, Redhat, Fedora), but, as GNOME 2 was giving way to GMOE 3 (ugh), I tried some of the Debian-like distros like Mint but didn't like them. Finally, default Deb 8 I thought was the end for me, but Mate has allowed me to keep my old desktop the way I want it and still keep using a current Debian, so I am happy for now. SHAMELESS PLUG: Please keep MATE as part of Deb 9..*!! BTW, so far I have upgraded two hosts remotely and they went pretty much flawlessly (I have used in-place upgrade on one server successfully since Deb 5, and the upgrade process keeps getting better and better). I still have to upgrade my two laptops, but I'm going to wait until I'm completely happy with the other two machines. Best regards, -Tom
Re: x86_64 vs i386
On Mon, Mar 21, 2016 at 7:39 PM, John Hasler <jhas...@newsguy.com> wrote: > Tom Broder writes: >> I just upgraded to Deb 8 (Jessie), 64bit, and tried Chromium but it >> didn't work for me. Downloaded Chrome from Google and it works fine. > > That doesn't mean it isn't 32 bit. Debian has multiarch support. The file downloaded from Google's Chrome site is: google-chrome-stable_current_amd64.deb -Tom
Re: x86_64 vs i386
On Mon, Mar 21, 2016 at 6:23 PM, Lisi Reisz <lisi.re...@gmail.com> wrote: > On Monday 21 March 2016 15:11:36 Stefan Monnier wrote: >> > to Google Chrome, which has indeed "thrown i386 machines under the bus", >> > and >> >> What do you mean by that? >> There won't be any new versions of Debian's i386 version of the >> chromium package? I just upgraded to Deb 8 (Jessie), 64bit, and tried Chromium but it didn't work for me. Downloaded Chrome from Google and it works fine. Best regards, -Tom
Re: Linux CLI gnuplot-ish program to do maps?
On Sun, Mar 20, 2016 at 6:14 PM, Emanuel Berg <embe8...@student.uu.se> wrote: > Is there a Linux CLI gnuplot-ish program to do maps? ... Take a look at the BRL-CAD DSP tutorial here: http://brlcad.org/wiki/DSP Is that anywhere near what you want? Best regards, -Tom
[SOLVED] Re: Upgrade Deb 7 to 8, GNOME Flashback, terminal windows not saved: any way to save?
On Mon, Mar 21, 2016 at 12:26 PM, Tom Browder <tom.brow...@gmail.com> wrote: > On Mon, Mar 21, 2016 at 12:21 PM, Tom Browder <tom.brow...@gmail.com> wrote: >> On Mon, Mar 21, 2016 at 11:45 AM, Sven Arvidsson <s...@whiz.se> wrote: >>> On Mon, 2016-03-21 at 11:26 -0400, Tom Browder wrote: >>>> I just upgraded and am disappointed that, even though browser >>>> instances can be saved between login sessions, terminal windows >>>> apparently can't. > ... >> If not, are there any other reasonable, debian-packaged, desktop >> environments that provide auto-saved terminals? > > Ah, it looks like I can try MATE. Okay, I can live with MATE (so far), consider my question SOLVED. Best regards, -Tom
Re: Upgrade Deb 7 to 8, GNOME Flashback, terminal windows not saved: any way to save?
On Mon, Mar 21, 2016 at 12:21 PM, Tom Browder <tom.brow...@gmail.com> wrote: > On Mon, Mar 21, 2016 at 11:45 AM, Sven Arvidsson <s...@whiz.se> wrote: >> On Mon, 2016-03-21 at 11:26 -0400, Tom Browder wrote: >>> I just upgraded and am disappointed that, even though browser >>> instances can be saved between login sessions, terminal windows >>> apparently can't. ... > If not, are there any other reasonable, debian-packaged, desktop > environments that provide auto-saved terminals? Ah, it looks like I can try MATE. -Tom
Re: Upgrade Deb 7 to 8, GNOME Flashback, terminal windows not saved: any way to save?
On Mon, Mar 21, 2016 at 11:45 AM, Sven Arvidsson <s...@whiz.se> wrote: > On Mon, 2016-03-21 at 11:26 -0400, Tom Browder wrote: >> I just upgraded and am disappointed that, even though browser >> instances can be saved between login sessions, terminal windows >> apparently can't. >> >> I have used the gconf editor and found setting: >> >> apps | gnome-session | options | auto_save_session >> >> which is checked, but the terminals still disappear after logging out >> and logging back in. >> >> Is there any way to recover that most valuable feature of the old >> GNOME desktop? > > AFAICT, Nope. > > See https://bugzilla.gnome.org/show_bug.cgi?id=704676 I remember that now. So is there any way to drop back to using GNOME Classic as in Deb 7? If not, are there any other reasonable, debian-packaged, desktop environments that provide auto-saved terminals? So sad, UI design following faddish, short-lived form over function, just like the fashion industry: the emperor has no clothes! Best regards, -Tom
Upgrade Deb 7 to 8, GNOME Flashback, terminal windows not saved: any way to save?
I just upgraded and am disappointed that, even though browser instances can be saved between login sessions, terminal windows apparently can't. I have used the gconf editor and found setting: apps | gnome-session | options | auto_save_session which is checked, but the terminals still disappear after logging out and logging back in. Is there any way to recover that most valuable feature of the old GNOME desktop? Thanks. Best regards, -Tom
Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
On Wed, Feb 17, 2016 at 4:02 PM, Jeremy T. Bouse <jeremy.bo...@undergrid.net> wrote: > On 2/17/2016 3:31 PM, Tom Browder wrote: >> On Wed, Feb 17, 2016 at 9:33 AM, Jeremy T. Bouse >> <jeremy.bo...@undergrid.net> wrote: ... >>> I do agree locking the root password isn't advisable. As I use >>> configuration management/automation to handle my servers I simply set the >>> root password to generated password that only I know the algorithm to >>> reproduce it when I need to, >> Can you give more details on the process (at least generally)? ... Thanks so much, Jeremy! -Tom
Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
On Wed, Feb 17, 2016 at 9:33 AM, Jeremy T. Bouse <jeremy.bo...@undergrid.net> wrote: > Setting SSH "PermitRoot no" and "PasswordAuthentication no" are good > starts... I'd also check that "ChallengeResponseAuthentication no" is set as > well as some PAM modules will utilize it and be able to get around passwords > being entered as well as "UsePAM no" Okay. > I do agree locking the root password isn't advisable. As I use > configuration management/automation to handle my servers I simply set the > root password to generated password that only I know the algorithm to > reproduce it when I need to, Can you give more details on the process (at least generally)? > but enable sudoers for all other 'root' access. Can one use that method and restrict use of "sudo su?" > I also go further by utilizing Duo Security as a MFA for SSH logins to > my servers for accounts authorized to log in. Hm, so you do allow some accounts password access? Thanks, Jeremy! Best, -Tom
Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
On Wed, Feb 17, 2016 at 8:24 AM, Darac Marjal <mailingl...@darac.org.uk> wrote: > On Wed, Feb 17, 2016 at 08:08:26AM -0600, Tom Browder wrote: >> >> I have several remote Debian 7 servers and would like to secure it in >> the following manner: ... I can follow that! Thanks so much, Darac. Best, -Tom
Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
On Wed, Feb 17, 2016 at 8:23 AM, Peter Ludikovsky <pe...@ludikovsky.name> wrote: > -BEGIN PGP SIGNED MESSAGE- ... Thanks, Peter. Do you agree with Darac's solution? Best, -Tom
Debian security: need recipe for blocking root ssh access AND all ssh password access
I have several remote Debian 7 servers and would like to secure it in the following manner: 1. root will not be allowed any external access (access is only via a user becoming root while logged in) 2. after initial setup, no ssh access will be allowed via a password I have seen much documentation on securing such a host, but I don't want to be an expert--I just need a recipe. Many thanks. Best regards, -Tom
[no subject]
Denice, You could do me a great favor. Here is the address of the website for my tutoring service: BajaSpeakingEnglish.com Please look at it and give me any suggestions you might have for improving it. Hugs, Tom -- "Once its survival is on the line, a species will often find powers unimaginable in the days of its complacency." Francis Knight
fast internet connection but very slow browser response
My browser connection has become very slow. Pinging will show a very fast connection, but my browser response is often so slow that a request times out. Skype will work fine under these conditions, as well as my torrent agent. I looked at 'syslog' and the output below seems to me related to the problem, but I don't have the expertise to have much more than a suspicion about it. If anyone could help me interpret the stuff relative to my browser problem, I'd very much appreciate it. my browser is iceweasel and i'm running Jessie. == Nov 23 21:37:03 t400-2 avahi-daemon[520]: Withdrawing address record for fe80::21e:65fffecd:2b64 on wlan0. Nov 23 21:37:03 t400-2 avahi-daemon[520]: Joining mDNS multicast group on interface wlan0.IPv with address 192.168.0.12. Nov 23 21:37:03 t400-2 kernel: [ 133.648354] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready Nov 23 21:37:03 t400-2 kernel: [ 133.648447] cfg80211: Calling CRDA to update world regulatory domain Nov 23 21:37:03 t400-2 avahi-daemon[520]: New relevant interface wlan0.IPv for mDNS. Nov 23 21:37:03 t400-2 avahi-daemon[520]: Registering new address record for 192.168.0.12 on wlan0.IPv4. Nov 23 21:37:03 t400-2 kernel: [ 133.659834] cfg80211: World regulatory domain updated: Nov 23 21:37:03 t400-2 kernel: [ 133.659838] cfg80211: DFS Master region: unset Nov 23 21:37:03 t400-2 kernel: [ 133.659840] cfg80211: (startfreq - endfreq @ bandwidth), (maxantennagain, maxeirp), (dfscactime) Nov 23 21:37:03 t400-2 kernel: [ 133.659842] cfg80211: (2402000 KHz - 2472000 KHz @ 4 KHz), (N/A, 2000 mBm), (N/A) Nov 23 21:37:03 t400-2 kernel: [ 133.659844] cfg80211: (2457000 KHz - 2482000 KHz @ 4 KHz), (N/A, 2000 mBm), (N/A) Nov 23 21:37:03 t400-2 kernel: [ 133.659846] cfg80211: (2474000 KHz - 2494000 KHz @ 2 KHz), (N/A, 2000 mBm), (N/A) Nov 23 21:37:03 t400-2 kernel: [ 133.659848] cfg80211: (517 KHz - 525 KHz @ 8 KHz, 16 KHz AUTO), (N/A, 2000 mBm), (N/A) Nov 23 21:37:03 t400-2 kernel: [ 133.659851] cfg80211: (525 KHz - 533 KHz @ 8 KHz, 16 KHz AUTO), (N/A, 2000 mBm), (0 s) Nov 23 21:37:03 t400-2 kernel: [ 133.659853] cfg80211: (549 KHz - 573 KHz @ 16 KHz), (N/A, 2000 mBm), (0 s) Nov 23 21:37:03 t400-2 kernel: [ 133.659854] cfg80211: (5735000 KHz - 5835000 KHz @ 8 KHz), (N/A, 2000 mBm), (N/A) Nov 23 21:37:03 t400-2 kernel: [ 133.659856] cfg80211: (5724 KHz - 6372 KHz @ 216 KHz), (N/A, 0 mBm), (N/A) Nov 23 21:37:06 t400-2 kernel: [ 136.853934] wlan0: authenticate with e8:40:f2:4d:48:12 Nov 23 21:37:06 t400-2 kernel: [ 136.855667] wlan0: send auth to e8:40:f2:4d:48:12 (try 1/3) Nov 23 21:37:06 t400-2 kernel: [ 136.858438] wlan0: authenticated Nov 23 21:37:06 t400-2 kernel: [ 136.860218] wlan0: associate with e8:40:f2:4d:48:12 (try 1/3) Nov 23 21:37:06 t400-2 kernel: [ 136.863955] wlan0: RX AssocResp from e8:40:f2:4d:48:12 (capab=0x431 status=0 aid=1) Nov 23 21:37:06 t400-2 kernel: [ 136.866701] wlan0: associated Nov 23 21:37:06 t400-2 kernel: [ 136.866740] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready Nov 23 21:37:08 t400-2 avahi-daemon[520]: Joining mDNS multicast group on interface wlan0.IPv with address fe80::21e:65fffecd:2b64. Nov 23 21:37:08 t400-2 avahi-daemon[520]: New relevant interface wlan0.IPv for mDNS. Nov 23 21:37:08 t400-2 avahi-daemon[520]: Registering new address record for fe80::21e:65fffecd:2b64 on wlan0.*. Nov 23 21:38:05 t400-2 ntpdate[1632]: adjust time server 131.107.13.100 offset 0.360256 sec Nov 23 21:46:08 t400-2 kernel: [ 678.865239] perf interrupt took too long (2526 > 2500), lowering kernel.perfeventmaxsamplerate to 5 Nov 23 22:17:01 t400-2 CRON[5212]: (root) CMD ( could / && run-parts --report /etc/cron.hourly) Nov 23 22:21:58 t400-2 kernel: [ 2828.643632] perf interrupt took too long (5002 > 5000), lowering kernel.perfeventmaxsamplerate to 25000 Nov 23 22:29:33 t400-2 pumpd[1410]: renewed lease for interface wlan0
Re: Adobe Flash
On 11/18/2015 01:30 PM, Gene Heskett wrote: On Wednesday 18 November 2015 10:05:33 Lisi Reisz wrote: On Wednesday 18 November 2015 14:24:17 Alex Vong wrote: Hi, Next time please send your email to <debian-user@lists.debian.org> for user questions, thanks! (You can also CC me since I don't subscribe the debian-user list.) To watch <http://www.bbc.com/news/10462520>, first install youtube-dl: $ apt-get install youtube-dl Or just install flashplugin-nonfree with Iceweasel, That has not worked in >4 months here. On wheezy, I have installed every new flashplugin-installer thats been released, and thats a bunch of them, ditto for my ancient lappy with lubuntu 14.04 on it but there is nothing for it to download. So quit advertising that it works and just let flash die the horrible security hole ridden death it deserves. or watch with Google Chrome. Can you stop it from calling home? Tcpdump and wireshark are quite educational tools. I'm sure plenty of other things work, but I know those do. I watch that news-site all the time, several times a day most days, and browse over the whole site; sometimes just to see if there has been a new newsflash on an important story. Think of the disk-space needed if I were to download everything every time! So do I use chrome, pure and simply because I don't have to click thru 2 or 3 of iceweasels paranoid, are you sure requesters, which it promises to remember you OK'd it, but it hasn't remembered yet. Cheers, Gene Heskett The package browser-plugin-freshplayer-pepperflash works very well for me on iceweasel. Tom Ashley
Re: Adobe Flash
On 11/18/2015 06:55 PM, Gene Heskett wrote: On Wednesday 18 November 2015 15:59:45 Tom Ashley wrote: On 11/18/2015 01:30 PM, Gene Heskett wrote: On Wednesday 18 November 2015 10:05:33 Lisi Reisz wrote: On Wednesday 18 November 2015 14:24:17 Alex Vong wrote: Hi, Next time please send your email to <debian-user@lists.debian.org> for user questions, thanks! (You can also CC me since I don't subscribe the debian-user list.) To watch <http://www.bbc.com/news/10462520>, first install youtube-dl: $ apt-get install youtube-dl Or just install flashplugin-nonfree with Iceweasel, That has not worked in >4 months here. On wheezy, I have installed every new flashplugin-installer thats been released, and thats a bunch of them, ditto for my ancient lappy with lubuntu 14.04 on it but there is nothing for it to download. So quit advertising that it works and just let flash die the horrible security hole ridden death it deserves. or watch with Google Chrome. Can you stop it from calling home? Tcpdump and wireshark are quite educational tools. I'm sure plenty of other things work, but I know those do. I watch that news-site all the time, several times a day most days, and browse over the whole site; sometimes just to see if there has been a new newsflash on an important story. Think of the disk-space needed if I were to download everything every time! So do I use chrome, pure and simply because I don't have to click thru 2 or 3 of iceweasels paranoid, are you sure requesters, which it promises to remember you OK'd it, but it hasn't remembered yet. Cheers, Gene Heskett The package browser-plugin-freshplayer-pepperflash works very well for me on iceweasel. Tom Ashley And what repo has that? Thanks. Cheers, Gene Heskett $ apt-cache policy browser-plugin-freshplayer-pepperflash browser-plugin-freshplayer-pepperflash: Installed: 0.3.2-1+b1 Candidate: 0.3.2-1+b1 Version table: *** 0.3.2-1+b1 0 900 http://ftp.us.debian.org/debian/ testing/contrib amd64 Packages 600 http://ftp.debian.org/debian/ unstable/contrib amd64 Packages Tom Ashley
Re: make system boot straight to browser connection
what prevents Debian from providing an alternate boot option in Jessie which does not use systemd? My Wheezy system seems to do this. On 10/7/15, tom arnall <kloro2...@gmail.com> wrote: > I want to setup a system so that when the power button is pushed on > the PC, the system connects to the internet and starts a browser > without a login or any other intervention by the user. > > There are no security issues. > > Is this doable? > -- Once its survival is on the line, a species will often find powers unimaginable in the days of its complacency.
Re: systemd alternative for Jessie?
what prevents Debian from providing an alternate boot option in Jessie which does not use systemd? My Wheezy system seems to do this.
Re: systemd alternative for Jessie?
i read the piece on installing without systemd. i get the feeling that the bottom line of it is: good luck. or am i missing something? who decided that Debian shd be locked to systemd? what did they do to poll the views of the user community on the question? is it true that Red Hat had a major influence on the Debian decision makers? from what i've read so far, systemd is still very much in beta at best. wd people on this list agree with that? On 10/13/15, Joel Rees <joel.r...@gmail.com> wrote: > 2015/10/14 13:24 "Ric Moore" <wayward4...@gmail.com>: >> >> On 10/13/2015 11:20 PM, tom arnall wrote: >>> >>> I am running Wheezy and notice that the boot options include but >>> aren't limited to systemd. Is it possible to have this arrangement >>> with Jessie? >> >> >> No. :) Ric > > I tend to be wandering around way out in left field a lot, but > > https://wiki.debian.org/systemd#Installing_without_systemd > > Also, this is something I just saw: > > http://without-systemd.org/wiki/index.php/Main_Page > > Now, I must say, as near as I can tell, there is no escaping from the > influence of the cabal at this point, but is that what the OP was asking? > > Joel Rees > > Computer memory is just fancy paper, > CPUs just fancy pens. > All is a stream of text > flowing from the past into the future. > -- Once its survival is on the line, a species will often find powers unimaginable in the days of its complacency. On 10/13/15, Joel Rees <joel.r...@gmail.com> wrote: > 2015/10/14 13:24 "Ric Moore" <wayward4...@gmail.com>: >> >> On 10/13/2015 11:20 PM, tom arnall wrote: >>> >>> I am running Wheezy and notice that the boot options include but >>> aren't limited to systemd. Is it possible to have this arrangement >>> with Jessie? >> >> >> No. :) Ric > > I tend to be wandering around way out in left field a lot, but > > https://wiki.debian.org/systemd#Installing_without_systemd > > Also, this is something I just saw: > > http://without-systemd.org/wiki/index.php/Main_Page > > Now, I must say, as near as I can tell, there is no escaping from the > influence of the cabal at this point, but is that what the OP was asking? > > Joel Rees > > Computer memory is just fancy paper, > CPUs just fancy pens. > All is a stream of text > flowing from the past into the future. > -- Once its survival is on the line, a species will often find powers unimaginable in the days of its complacency.
systemd alternative for Jessie?
I am running Wheezy and notice that the boot options include but aren't limited to systemd. Is it possible to have this arrangement with Jessie?
Re: make system boot straight to browser connection
Folks! thanks for your help. the expertise and helpfulness of this list is the reason i run Debian. hopefully one day i'll be able to make more of a contribution to the Debian community. regards, T -- Once its survival is on the line, a species will often find powers unimaginable in the days of its complacency. On 10/7/15, tom arnall <kloro2...@gmail.com> wrote: > I want to setup a system so that when the power button is pushed on > the PC, the system connects to the internet and starts a browser > without a login or any other intervention by the user. > > There are no security issues. > > Is this doable? >
make system boot straight to browser connection
I want to setup a system so that when the power button is pushed on the PC, the system connects to the internet and starts a browser without a login or any other intervention by the user. There are no security issues. Is this doable?
questions about debian installer prompts re: iwlwifi firmware
Greetings! I am trying to install Debian on a Dell620 with USB stick media. When the installer tried to configure the network software, it asked for an iwlwifi firmware file. I put the file on another USB stick, then tried two things: 1. put the firmware USB stick in another slot before booting. The installer did not recognize when it asks for the iwlwifi file, i.e., no success. 2. put the firmware USB stick in another slot when installer requested the firmware. Same result as 1, i.e., no success 2. replaced the install USB with the firmware USB when the installer requested the firmware. After Installer configured the network, I replaced the firmware USB with the installer USB. the installer died when it tried to partition the disk with message that it can't read the install media, i.e., no success. MY QUESTIONS How do I get the installer to load the firmware file? What is the reason for the problem in the installer prompts? Regards, Tom P.S. I found what i think is a solution to my installation problem, but I suspect that it's more complicated then necessary and that the debian-user list folks have a better one. >>> Once its survival is on the line, a species will often find powers unimaginable in the days of its complacency.
questions re: installing Debian on a Dell620 with USB stick media
Greetings! I am trying to install Debian on a Dell620 with USB stick media. When the installer tried to configure the network software, it asked for an iwlwifi firmware file. I put the file on another USB stick, then tried two things: 1. put the firmware USB stick in another slot before booting. The installer did not recognize when it asks for the iwlwifi file, i.e., no success. 2. put the firmware USB stick in another slot when installer requested the firmware. Same result as 1, i.e., no success 2. replaced the install USB with the firmware USB when the installer requested the firmware. After Installer configured the network, I replaced the firmware USB with the installer USB. the installer died when it tried to partition the disk with message that it can't read the install media, i.e., no success. MY QUESTIONS How do I get the installer to load the firmware file? What is the reason for the problem in the installer prompts? Regards, Tom P.S. I found what i think is a solution to my installation problem, but I suspect that it's more complicated then necessary and that the debian-user list folks have a better one. >>> Once its survival is on the line, a species will often find powers unimaginable in the days of its complacency.
questions about debian installer prompts re: iwlwifi firmware
Greetings! I am trying to install Debian on a Dell620 with USB stick media. When the installer tried to configure the network software, it asked for an iwlwifi firmware file. I put the file on another USB stick, then tried two things: 1. put the firmware USB stick in another slot before booting. The installer did not recognize when it asks for the iwlwifi file, i.e., no success. 2. put the firmware USB stick in another slot when installer requested the firmware. Same result as 1, i.e., no success 2. replaced the install USB with the firmware USB when the installer requested the firmware. After Installer configured the network, I replaced the firmware USB with the installer USB. the installer died when it tried to partition the disk with message that it can't read the install media, i.e., no success. MY QUESTIONS How do I get the installer to load the firmware file? What is the reason for the problem in the installer prompts? Regards, Tom P.S. I found what i think is a solution to my installation problem, but I suspect that it's more complicated then necessary and that the debian-user list folks have a better one. >>> Once its survival is on the line, a species will often find powers unimaginable in the days of its complacency. -- Once its survival is on the line, a species will often find powers unimaginable in the days of its complacency.
questions about debian installer prompts re: iwlwifi firmware
Greetings! I am trying to install Debian on a Dell620 with USB stick media. When the installer tried to configure the network software, it asked for an iwlwifi firmware file. I put the file on another USB stick, then tried two things: 1. put the firmware USB stick in another slot before booting. The installer did not recognize when it asks for the iwlwifi file, i.e., no success. 2. put the firmware USB stick in another slot when installer requested the firmware. Same result as 1, i.e., no success 2. replaced the install USB with the firmware USB when the installer requested the firmware. After Installer configured the network, I replaced the firmware USB with the installer USB. the installer died when it tried to partition the disk with message that it can't read the install media, i.e., no success. MY QUESTIONS How do I get the installer to load the firmware file? What is the reason for the problem in the installer prompts? Regards, Tom P.S. I found what i think is a solution to my installation problem, but I suspect that it's more complicated then necessary and that the debian-user list folks have a better one. >>> Once its survival is on the line, a species will often find powers unimaginable in the days of its complacency.
Re: wired network connection has stopped working
Thanks everyone for getting back to me. ethtool eth0 gets: Link detected: no But it just occurred to me that the first step to see if the problem is with my Debian configuration or something else, is to test the connection from my dual-booted Windows. Duh! I'll get back with the results soon. . “Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy.” Albert Einstein On 8/21/15, tom arnall kloro2...@gmail.com wrote: Greetings! About a year ago my wired modem connection stopped working. I can find nothing on google which helps. In dmesg there is: eth0: link is not ready Here is ifconfig output, in case it is useful for people trying to help me with the problem: eth Link encap:Ethernet HWaddr 00:24:7e:6ac3:93 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:20 Memoryfc60-fc62 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:13 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:643 (643.0 B) TX bytes:643 (643.0 B) wlan Link encap:Ethernet HWaddr 00:22:faf5:a5:78 inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0 inet addr: fe80::222:fafffef5:a578/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:13351 errors:0 dropped:0 overruns:0 frame:0 TX packets:13109 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6861821 (6.5 MiB) TX bytes:2614612 (2.4 MiB) I'm running wheezy. Regards, Tom Arnall Baja Norte - “Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy.” Albert Einstein -
wired network connection has stopped working
Greetings! About a year ago my wired modem connection stopped working. I can find nothing on google which helps. In dmesg there is: eth0: link is not ready Here is ifconfig output, in case it is useful for people trying to help me with the problem: eth0 Link encap:Ethernet HWaddr 00:24:7e:6a:c3:93 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:20 Memory:fc60-fc62 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:13 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:643 (643.0 B) TX bytes:643 (643.0 B) wlan0 Link encap:Ethernet HWaddr 00:22:fa:f5:a5:78 inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::222:faff:fef5:a578/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:13351 errors:0 dropped:0 overruns:0 frame:0 TX packets:13109 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6861821 (6.5 MiB) TX bytes:2614612 (2.4 MiB) I'm running wheezy. Regards, Tom Arnall Baja Norte - “Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy.” Albert Einstein
Re: Nova Desktop
On 06/18/2015 07:55 AM, Lisi Reisz wrote: On Thursday 18 June 2015 11:37:18 rob wrote: On 18/06/15 10:43, Lisi Reisz wrote: On Thursday 18 June 2015 00:04:12 Jose Martinez wrote: Anyone know anything about the Nova Desktop application. I have it installed and set it up, but it doesn't seem to affect my desktop background. I have several .jpg images that I had wanted to cycle through the desktop background, and it seemed that Nova was just the ticket I have found references to Android and references to Ubuntu. Are you sure that it works on Debian? Which DE are you trying to use it on and why is the DE's own background manager not adequate? Lisi Debian package desktopnova Thanks, Rob. But: Which DE are you (the OP) trying to use it on and why is the DE's own background manager not adequate? Lisi I have no experience with the package but noticed the following in the description supplied by aptitude: There is at least one module needed. Without a module this package will not work as expected! See packages desktopnova-module-*. HTH, Tom Ashley -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5582c2d6@gmail.com
wheezy multiarch: binutils:amd64 conflicts with binutils:i386?
summary: 3 questions: 1. Can one install both `binutils:amd64` and `binutils:i386` on the same device? 2. If one can: how? or, what am I doing wrong? 3. If one cannot: why not? details: I need to setup a 32-bit app (don't ask!) on a 64-bit linode with $ lsb_release -ds Debian GNU/Linux 7.8 (wheezy) $ cat /etc/debian_version 7.8 $ uname -rv 3.19.1-x86_64-linode53 #1 SMP Tue Mar 10 15:30:28 EDT 2015 $ dpkg --print-architecture amd64 $ dpkg --print-foreign-architectures i386 $ sudo aptitude update ... $ sudo aptitude full-upgrade ... $ aptitude --version Thu Apr 23 00:08:02 EDT 2015 aptitude 0.6.8.2 compiled at Nov 7 2012 07:08:03 Compiler: g++ 4.7.2 Compiled against: apt version 4.12.0 NCurses version 5.9 libsigc++ version: 2.2.10 Ept support enabled. Gtk+ support disabled. Qt support disabled. Current library versions: NCurses version: ncurses 5.9.20110404 cwidget version: 0.5.16 Apt version: 4.12.0 $ apt-get --version Thu Apr 23 00:08:39 EDT 2015 apt 0.9.7.9 for amd64 compiled on Oct 17 2014 09:15:56 Supported modules: *Ver: Standard .deb *Pkg: Debian dpkg interface (Priority 30) Pkg: Debian APT solver interface (Priority -1000) S.L: 'deb' Standard Debian binary tree S.L: 'deb-src' Standard Debian source tree Idx: Debian Source Index Idx: Debian Package Index Idx: Debian Translation Index Idx: Debian dpkg status file Idx: EDSP scenario file Among other packages, I need to install `binutils:i386`. However, I can't seem to install that and keep the native/64-bit `binutils`: $ date ; sudo apt-get install binutils:i386 Thu Apr 23 00:08:50 EDT 2015 Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: libstdc++6:i386 zlib1g:i386 Suggested packages: binutils-doc:i386 The following packages will be REMOVED: binutils The following NEW packages will be installed: binutils:i386 libstdc++6:i386 zlib1g:i386 0 upgraded, 3 newly installed, 1 to remove and 0 not upgraded. Need to get 4,993 kB of archives. After this operation, 325 kB disk space will be freed. Do you want to continue [Y/n]? ^C $ date ; sudo aptitude -s install binutils:i386 Thu Apr 23 00:08:21 EDT 2015 The following NEW packages will be installed: binutils:i386{b} libstdc++6:i386{a} zlib1g:i386{a} 0 packages upgraded, 3 newly installed, 0 to remove and 0 not upgraded. Need to get 4,993 kB of archives. After unpacking 14.7 MB will be used. The following packages have unmet dependencies: binutils : Conflicts: binutils:i386 but 2.22-8+deb7u2 is to be installed. binutils:i386 : Conflicts: binutils but 2.22-8+deb7u2 is installed. The following actions will resolve these dependencies: Remove the following packages: 1) binutils Accept this solution? [Y/n/q/?] q So I have 3 questions: 1. Can one install both `binutils:amd64` and `binutils:i386` on the same device? 2. If one can: how? or, what am I doing wrong? 3. If one cannot: why not? Apologies if this is a FAQ, but * I saw no answers relating to this (though several similar questions) when DuckDuckGo-ing * I see nothing @ https://wiki.debian.org/Multiarch/HOWTO indicating that I should not be able to do this. TIA, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87d22vigvc@pobox.com
Re: network newbie seeks help combining routesets for VPN tunnel
gets the response RTNETLINK answers: Network is unreachable This appears to be a real failure, in that if I subsequently (i.e., immediately after running the above script[9]) do $ sudo ip route add ${F5VPN_PUBLIC_IPN} via ${OPENVPN_ENDPT_IPN} dev tun0 metric 1 from the commandline, I get the same failure. And, just to be clear, at this point my networking is just as broken as before: both `ping` and DNS fail until I disconnect from the F5VPN, stop the OpenVPN, and restore my initial routeset and linkset. So ... how to fix this? What am I doing wrong? Any assistance you can provide is much appreciated! and will be paid-forward via the above code and wiki. TIA, Tom Roche tom_ro...@pobox.com [1]: first post @ https://lists.debian.org/debian-user/2015/01/msg00732.html , last post before this one @ https://lists.debian.org/debian-user/2015/01/msg00905.html [2]: https://bitbucket.org/tlroche/aqmeii-na_n2o/wiki/Home [3]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home [4]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-new-architecture-diagram [5]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/OpenVPN_install#rst-header-id5 [6]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-f5nap [7]: https://lists.debian.org/debian-user/2015/01/msg00905.html [8]: https://bitbucket.org/tlroche/linode_jumpbox_config/raw/HEAD/scripts/delete_current_routes.sh [9]: https://bitbucket.org/tlroche/linode_jumpbox_config/raw/HEAD/scripts/set_F5VPN_routes.sh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/8761a94ibv@pobox.com
Re: network newbie seeks help combining routesets for VPN tunnel
Tom Roche Sat, 24 Jan 2015 16:00:37 -0500 [1] (envvar names translated to `bash`ian) [The original routeset on the client/laptop:] 1: default via 192.168.1.1 dev eth0 proto static 2: 169.254.0.0/16 dev eth0 scope link metric 1000 3: 192.168.1.0/24 dev eth0 proto kernel scope link src ${LOCAL_ETH0_IPN} [OpenVPN routeset, overwrites the original routeset:] 1: 0.0.0.0/1 via ${OPEN_VPN_ENDPT_IPN} dev tun0 # inherited from original route#=1? 2: default via 192.168.1.1 dev eth0 proto static 3: 10.8.0.1 via ${OPEN_VPN_ENDPT_IPN} dev tun0 4: ${OPEN_VPN_ENDPT_IPN} dev tun0 proto kernel scope link src 10.8.0.6 5: 128.0.0.0/1 via ${OPEN_VPN_ENDPT_IPN} dev tun0 # inherited from original route#=2? 6: 169.254.0.0/16 dev eth0 scope link metric 1000 7: ${OPEN_VPN_PUBLIC_IPN} via 192.168.1.1 dev eth0 # inherited from original route#=3? 8: 192.168.1.0/24 dev eth0 proto kernel scope link src ${LOCAL_ETH0_IPN} [F5VPN routeset, overwrites the OpenVPN routeset:] 1: 0.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 # inherited from original route#=1? 2: default via 192.168.1.1 dev eth0 proto static 3: 10.144.0.1 dev ppp0 proto kernel scope link src ${F5_VPN_ENDPT_IPN} 4: 128.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 5: ${F5_VPN_PUBLIC_IPN} via ${OPEN_VPN_ENDPT_IPN} dev tun0 proto none metric 1 Matt Ventura Sat, 24 Jan 2015 19:26:48 -0800 [2] (slightly reformatted) [The new routeset] should look like: new routeset option 1: [192.168.1.0/24 dev eth0 proto kernel scope link src ${LOCAL_ETH0_IPN}] ${OPEN_VPN_PUBLIC_IPN} via 192.168.1.1 dev eth0 ${F5_VPN_PUBLIC_IPN} via ${OPEN_VPN_ENDPT_IPN} dev tun0 ... 0.0.0.0/0 via ${F5_VPN_ENDPT_IPN} dev ppp0 ... Come to think of it, the set of routes that the F5 VPN puts in place should work, needing only the addition of ${OPEN_VPN_PUBLIC_IPN} via 192.168.1.1 dev eth0 What I wrote above is the cleanest possible set of routes that would still work, but just adding that one route should fix the existing one. I think you would want to add it just before starting the OpenVPN, otherwise do it right after. Well, the OpenVPN client sets that route itself: the problem is, the F5VPN client overwrites it (see above). So I'd need to add it after starting the F5VPN client, producing something like new routeset option 2: F5VPN routes with 1 added route: 1: 0.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 2: default via 192.168.1.1 dev eth0 proto static 3: 10.144.0.1 dev ppp0 proto kernel scope link src ${F5_VPN_ENDPT_IPN} 4: 128.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 5: ${OPEN_VPN_PUBLIC_IPN} via 192.168.1.1 dev eth0 6: ${F5_VPN_PUBLIC_IPN} via ${OPEN_VPN_ENDPT_IPN} dev tun0 proto none metric 1 Is that the correct order? After starting the F5 VPN, you might need to [also] re-add the 192.168.1.0/24 dev eth0 ... src ${LOCAL_ETH0_IPN} so that would be option 3: F5VPN routes with 2 added routes: 1: 192.168.1.0/24 dev eth0 proto kernel scope link src ${LOCAL_ETH0_IPN} 2: 0.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 3: default via 192.168.1.1 dev eth0 proto static 4: 10.144.0.1 dev ppp0 proto kernel scope link src ${F5_VPN_ENDPT_IPN} 5: 128.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 6: ${OPEN_VPN_PUBLIC_IPN} via 192.168.1.1 dev eth0 7: ${F5_VPN_PUBLIC_IPN} via ${OPEN_VPN_ENDPT_IPN} dev tun0 proto none metric 1 Is that the correct order? thanks again, Tom Roche tom_ro...@pobox.com [1]: https://lists.debian.org/debian-user/2015/01/msg00882.html [2]: https://lists.debian.org/debian-user/2015/01/msg00892.html -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/871tmjroj7@pobox.com
Re: network newbie seeks help combining routesets for VPN tunnel
Tom Roche Sat, 24 Jan 2015 16:00:37 -0500 [1] (envvar names translated to `bash`ian) [The original routeset on the client/laptop:] 1: default via 192.168.1.1 dev eth0 proto static 2: 169.254.0.0/16 dev eth0 scope link metric 1000 3: 192.168.1.0/24 dev eth0 proto kernel scope link src LOCAL_ETH0_IPN [OpenVPN routeset, overwrites the original routeset:] 1: 0.0.0.0/1 via OPEN_VPN_ENDPT_IPN dev tun0 # inherited from original route#=1? 2: default via 192.168.1.1 dev eth0 proto static 3: 10.8.0.1 via OPEN_VPN_ENDPT_IPN dev tun0 4: OPEN_VPN_ENDPT_IPN dev tun0 proto kernel scope link src 10.8.0.6 5: 128.0.0.0/1 via OPEN_VPN_ENDPT_IPN dev tun0 # inherited from original route#=2? 6: 169.254.0.0/16 dev eth0 scope link metric 1000 7: OPEN_VPN_PUBLIC_IPN via 192.168.1.1 dev eth0 # inherited from original route#=3? 8: 192.168.1.0/24 dev eth0 proto kernel scope link src LOCAL_ETH0_IPN [F5VPN routeset, overwrites the OpenVPN routeset:] 1: 0.0.0.0/1 via F5_VPN_ENDPT_IPN dev ppp0 proto none metric 1 # inherited from original route#=1? 2: default via 192.168.1.1 dev eth0 proto static 3: 10.144.0.1 dev ppp0 proto kernel scope link src F5_VPN_ENDPT_IPN 4: 128.0.0.0/1 via F5_VPN_ENDPT_IPN dev ppp0 proto none metric 1 5: F5_VPN_PUBLIC_IPN via OPEN_VPN_ENDPT_IPN dev tun0 proto none metric 1 [my proposed new routeset:] # 1st route in Hartge's Trinity == OpenVPN route#=1 (compare with F5VPN route#=1) 1: 0.0.0.0/1 via OPEN_VPN_ENDPT_IPN dev tun0 # inherited from original route#=1 == OpenVPN route#=2 == F5VPN route#=2 2: default via 192.168.1.1 dev eth0 proto static # OpenVPN route#=3 3: 10.8.0.1 via OPEN_VPN_ENDPT_IPN dev tun0 # OpenVPN route#=4 , but what is the difference between 'src' and 'via'? 4: OPEN_VPN_ENDPT_IPN dev tun0 proto kernel scope link src 10.8.0.6 # F5VPN route#=3 5: 10.144.0.1 dev ppp0 proto kernel scope link src F5_VPN_ENDPT_IPN # 2nd route in Hartge's Trinity == OpenVPN route#=5 (compare with F5VPN route#=4) 6: 128.0.0.0/1 via OPEN_VPN_ENDPT_IPN dev tun0 # inherited from original route#=2 == OpenVPN route#=6 (absent in F5VPN routeset) 7: 169.254.0.0/16 dev eth0 scope link metric 1000 # OpenVPN route#=7 8: OPEN_VPN_PUBLIC_IPN via 192.168.1.1 dev eth0 # almost F5VPN route#=5 ... but which dev should this take? eth0, ppp0, tun0? 9: F5_VPN_PUBLIC_IPN via OPEN_VPN_ENDPT_IPN dev proto none metric 1 # inherited from original route#=3 == OpenVPN route#=8 (absent in F5VPN routeset) 10: default via 192.168.1.1 dev eth0 proto static Matt Ventura Sat, 24 Jan 2015 15:04:55 -0800 [2] (slightly rearranged) Basically, your final routing table, in plain English, always tricky, that plain English :-) should look like this: Please correct me where I get it wrong: 1. Traffic to 192.168.1.0/24 should go through eth0 192.168.1.0/24 dev eth0 proto kernel scope link src ${LOCAL_ETH0_IPN} which is original route#=3 == OpenVPN route#=8 #1 shouldn't ever be touched by either VPN. OpenVPN respects it, but F5VPN removes it! 2. Traffic to the OpenVPN server's external IP should go through eth0 to 192.168.1.1 ${OPEN_VPN_PUBLIC_IPN} via 192.168.1.1 dev eth0 which is OpenVPN route#=7 #2 is something you'll probably need to manually add before (or after, not sure) starting the F5 VPN. I should be able to script that (more below). 3. Traffic to the F5 VPN server's external IP (I assume this is the 134.x.x.x one) (correct, though F5_VPN_PUBLIC_IPN changes per-connection, hence the parameterization) should go through the OpenVPN ptp endpoint (10.8.0.5) on dev=tun0? I.e. ${F5_VPN_PUBLIC_IPN} via ${OPEN_VPN_ENDPT_IPN} dev tun0 proto none metric 1 If so, that's F5VPN route#=5 4. All other traffic should go through the F5 VPN's ptp endpoint (10.144.x.x). Does '128.0.0.0/1' == 'all other traffic'? If so, 128.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 is F5VPN route#=4 The F5 client seems to be adamant about having route #4 in place, so we don't need to worry about that. OK. As mentioned above, you should remove the default routing to the OpenVPN server i.e., proposed route#={1, 3, 4}, which are also OpenVPN route#={1, 3, 4} and just have [F5_VPN_PUBLIC_IPN] route through the 10.8.0.5, rather than 0/1 and 128/1. i.e., F5VPN route#=5. But then (IIUC) we're routing 128.0.0.0/1 but not 0.0.0.0/1. If so, does 0.0.0.0/1 not need routed? (And why did I not take the networking elective when I got my BSCS ?-( Meanwhile, assuming I understand correctly, it sounds like, after I start the F5VPN client on my client/laptop, I need to produce the routes given above with something like the following bash scriptlet: ### IP-related envvars ## (hopefully) constant IP addresses # public IP# (as visible to, e.g., whatismyip.com) of linode/jumpbox running OpenVPN server
network newbie seeks help combining routesets for VPN tunnel
link src 10.8.0.6 # F5VPN route#=3 5: 10.144.0.1 dev ppp0 proto kernel scope link src 10.144.1.8 # 2nd route in Hartge's Trinity == OpenVPN route#=5 (compare with F5VPN route#=4) 6: 128.0.0.0/1 via 10.8.0.5 dev tun0 # inherited from original route#=2 == OpenVPN route#=6 (absent in F5VPN routeset) 7: 169.254.0.0/16 dev eth0 scope link metric 1000 # OpenVPN route#=7 8: SER.VER.IP.NUM via 192.168.1.1 dev eth0 # almost F5VPN route#=5 ... but which dev should this take? eth0, ppp0, tun0? 9: F5.VPN.IP.NUM via 10.8.0.5 dev proto none metric 1 # inherited from original route#=3 == OpenVPN route#=8 (absent in F5VPN routeset) 10: 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.142 Question 1: what is the difference between 'src' and 'via' in `ip route` syntax? I see `info ip-route` via ADDRESS the address of the nexthop router. [The] sense of this field depends on the route type. For normal unicast routes it is either the true next hop router or, if it is a direct route installed in BSD compatibility mode, it can be a local address of the interface. For NAT routes it is the first address of the block of translated IP destinations. src ADDRESS the source address to prefer when sending to the destinations covered by the route prefix. but am not sure how to apply this knowledge to route statements. Question 2: which dev[ice] should traffic to F5.VPN.IP.NUM go on? Such traffic has gotta go via the OpenVPN server == SER.VER.IP.NUM (which is usually serviced by `dev tun0`) but ultimately wants to go to F5.VPN.IP.NUM (which is usually serviced by `dev ppp0`). Question 3: What am I missing? Conversely, what do I have that is superfluous? Your assistance is appreciated! Tom Roche tom_ro...@pobox.com [1]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-intended-solution [2]: https://lists.debian.org/debian-user/2015/01/msg00830.html [3]: https://lists.debian.org/debian-user/2015/01/msg00831.html [4]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-f5nap [5]: https://en.wikipedia.org/wiki/Thesis,_antithesis,_synthesis [6]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-productive-past [7]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-f5vpn-only-connection -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87bnlnsxl6@pobox.com
Re: network newbie seeks assistance debugging iptables for VPN tunnel
Back to this task after long detours! well, almost: Matt Ventura Fri, 23 Jan 2015 12:47:21 -0800 [1] The F5 VPN is throwing its default route over the original one, and that's causing traffic to the OpenVPN server to try to route over the F5 VPN. Obviously this doesn't work because the traffic to the F5 VPN needs to go through the OpenVPN link, so it becomes circular. What you need to do is add a route, something like: route add external IP of OpenVPN server gw 192.168.1.1 dev eth0 so that the traffic to the OpenVPN server can be routed properly. Sven Hartge Fri, 23 Jan 2015 21:53:35 +0100 [2] (tweaked) That would complete the VPN Trinity: * one route 0/1 * one route 128/1 * one host route to the other VPN endpoint (making it reachable regardless of other routes) I will give that a shot ... after I take care of a bit more real life :-( Meanwhile, I have uploaded a new'n'improved client_networking_investigation.txt[3] (improved notably by my increasing facility with `ip` syntax). However it presently lacks - your routing advice above - scripting of connectivity checks (e.g., `ping`, `nslookup`) which I will add (feel free to suggest others). I'm especially interested in the 'zombie routes' (i.e., I del a route, it disappears from `ip route show`, then reappears later) and other network-restoration oddities I'm observing (see states 5-8[3]), so I'd be especially interested in knowing how to prevent that. (I suspect it's due to my crude manner of starting/stopping OpenVPN on the client, but ICBW.) Your assistance is appreciated! Tom Roche tom_ro...@pobox.com [1]: https://lists.debian.org/debian-user/2015/01/msg00830.html [2]: https://lists.debian.org/debian-user/2015/01/msg00831.html [3]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/client_networking_investigation.txt -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87egqlrx06@pobox.com
SIOCDELRT, or: proper syntax to delete default route for an interface?
0.0.0.0 dev ppp0 SIOCDELRT: No such process me@client:~$ sudo route del -net default netmask 255.255.255.255 gw 0.0.0.0 dev ppp0 SIOCDELRT: No such process `info route` is not helping, nor are my websearches finding helpful doc. What am I doing wrong? TIA, Tom Roche tom_ro...@pobox.com [1]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-intended-solution [2]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-networking-problem [3]: https://lists.debian.org/debian-user/2015/01/msg00779.html -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87k30es73k@pobox.com
Re: network newbie seeks assistance debugging iptables for VPN tunnel
Tom Roche Thu, 22 Jan 2015 12:43:17 -0500 [1] summary: Smells like progress! If I'm guessing correctly, the `route` changes imposed by connecting to the F5VPN[2] are conflicting with my server/jumpbox's current `iptables`[3] (through which my client seeks to tunnel[4]). Does that claim seem warranted? If so, how to fix the server firewall? Matt Ventura Thu, 22 Jan 2015 10:58:38 -0800 [5] (rearranged) another option would be to simply run the F5 VPN client on the linode. Alas, no: 1. Several years ago (when I was first struggling with getting the F5NAP to work directly[6]), I tried to find a headless alternative (e.g., something like a NetworkManager plugin), but was told by F5 that there was no such client for linux (at least, with the make/model of F5VPN that the agency had installed). 2. Several months ago (when linode.com was first recommended to me), I was sternly warned that linodes prefer to be run headless, and that running Firefox on a linode would be expensive and painful, if it worked at all. I'm assuming ppp0 is the F5 VPN interface. Me, too: connecting to the F5VPN[2] creates that interface on the client, and disconnecting from the F5VPN removes it from the client. Try deleting the first entry in the routing table after bringing up the F5 VPN (something like 'route del default ppp0' if memory serves) will check and see if it fixes the problem. This will probably break connectivity to the VPN until you restart it, but see if you can access the internet in general. Will do. I've got an appt, but will be back soonest. Thanks in advance! Hoping soon to get back to work on my *real* project, Tom Roche tom_ro...@pobox.com [1]: https://lists.debian.org/debian-user/2015/01/msg00774.html [2]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/client_networking_investigation.txt [3]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/server_iptables_L.txt [4]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-intended-solution [5]: https://lists.debian.org/debian-user/2015/01/msg00779.html [6]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-f5nap -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87mw5asg8x@pobox.com
Re: network newbie seeks assistance debugging iptables for VPN tunnel
summary: Smells like progress! If I'm guessing correctly, the `route` changes imposed by connecting to the F5VPN[3] are conflicting with my server/jumpbox's current `iptables` (through which my client seeks to tunnel[7]. Does that claim seem warranted? If so, how to fix the server firewall? details: Matt Ventura Wed, 21 Jan 2015 09:58:38 -0800 [1] First thing to check would be the routing table while the VPN is active. Tom Roche Wed, 21 Jan 2015 16:33:43 -0500 [2] The `route -n` for while the OpenVPN connection is active is here[3], which is part of a longer section[4] with all the gory details ... Matt Ventura Wed, 21 Jan 2015 22:18:57 -0800 [5] I meant the routing table when the F5 VPN is active, when the connectivity breaks. The bad news is, I should have realized that :-) The good news is, that seems quite revealing, esp in the now-upgraded context of the revised connectivity-debugging scenario[3] (which I also reran to verify results): connecting to the F5VPN (after logging into the remote-access website) creates an interface=ppp0 and extensively rewrites the routing table! https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/client_networking_investigation.txt ### 4. After connecting to F5VPN (requires login to remote-access website) ... me@client:~$ date ; sudo route -n Thu Jan 22 11:48:48 EST 2015 Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 0.0.0.0 10.144.15.100 128.0.0.0 UG1 00 ppp0 0.0.0.0 192.168.1.1 0.0.0.0 UG0 00 eth0 10.144.0.1 0.0.0.0 255.255.255.255 UH0 00 ppp0 128.0.0.0 10.144.15.100 128.0.0.0 UG1 00 ppp0 134.67.15.3010.8.0.5255.255.255.255 UGH 1 00 tun0 So now I'm guessing that: 1. (from `whois 134.67.15.30`) 134.67.15.30 is the agency's VPN server. 2. I need to reconcile the above `route`ing with my server's current firewall config[6]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/server_iptables_L.txt Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- 10.8.0.0/24 anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-ssh (1 references) target prot opt source destination DROP all -- 222.186.34.202 anywhere RETURN all -- anywhere anywhere So my questions are: 1. Am I guessing correctly? 2. If so, how to reconcile the `route`ing change imposed by the F5VPN with my server's current firewall config[6]? Thanks again for your prompt assistance, Tom Roche tom_ro...@pobox.com [1]: https://lists.debian.org/debian-user/2015/01/msg00733.html [2]: https://lists.debian.org/debian-user/2015/01/msg00744.html [3]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/client_networking_investigation.txt [4]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/OpenVPN_install#rst-header-dns-problem [5]: https://lists.debian.org/debian-user/2015/01/msg00761.html [6]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/server_iptables_L.txt [7]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-intended-solution -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87ppa6socq@pobox.com
network newbie seeks assistance debugging iptables for VPN tunnel
[note: following contains ASCII art in the middle, and footnoted links at the end] summary: I need to tunnel one SSL VPN (F5, running on one debian host) through another (OpenVPN, running on another debian host), but lose networking (e.g., `ping`) after the F5 VPN connects. I'm not sure whether this is due to my firewall/iptables or VPN configuration, but suspect the former. Unfortunately I am not knowledgeable regarding networking, so I'd appreciate any assistance you could provide. details: I need to remotely (off the physical LAN) SSH into some firewalled compute clusters to do environmental modeling (e.g., this[1]). Formerly I could do this from my debian laptop using the cluster-provider-mandated F5VPN[2]. However, access policy changed[3] (notably to require a single registered IP#), so I can no longer do this directly (i.e., just running the F5VPN from my laptop). I seek to adapt to the new policy (and resume work on my project) by implementing a VPN tunnel through a debian linode. Design details here[4], but my design can be roughly summarized with the following ASCII art (appropriately rendered here[4]): -MY CONTROL AGENCY CONTROLLED- firewall +--+ +---+ +---+ | +-+ | laptop + | | linode + | | remote-access | | | cluster | | F5NAP + | -- | OpenVPN + | -- | website + | -|- | node(s) | | OpenVPN | | security | | F5VPN | | | | +--+ +---+ +---+ | +-+ (Implementation details here[5]) The good news is, the following sequence works: I can 1. start an OpenVPN server on the linode[6] 2. start an OpenVPN client on my laptop[7], after which http://www.whatismyip.com shows the IP# of my linode (which is registered) 3. start the F5VPN client (an F5NAP'ed Firefox[8]), and from that still see my linode's IP#. 4. using the F5VPN client, login to the agency's remote-access website, and bring up the F5VPN's control UI (e.g., to start/stop/logout). The bad news is[9], as soon as I start the F5VPN, and see status==Connected in its web UI, I lose IP networking. I had originally thought this was just a DNS problem, but I cannot even `ping` IP#s, e.g., $ ping -c 4 141.101.120.15 # == www.whatismyip.com PING 141.101.120.15 (141.101.120.15) 56(84) bytes of data. --- 141.101.120.15 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3022ms (The only consolation here is that the network failure kills the tunnel, which causes my client to regain its networking ... but also its access to the registered IP#.) I had thought that this problem was due to OpenVPN misconfiguration on my part, but now suspect that I need to tweak my server firewall[10] (which is `iptables`, running on Debian 7.8) in order to allow my OpenVPN configuration to work. Unfortunately I don't know enough about IP/TCP/UDP/Linux/Debian networking, so I'd appreciate assistance from someone more knowledgeable. Apologies if this is a FAQ or LMGTFY, but my websearches have not found anything that seems to matching my usecase. Pointers to doc or other educational resources are also appreciated. TIA, Tom Roche tom_ro...@pobox.com [1]: https://bitbucket.org/tlroche/aqmeii-na_n2o/wiki/Home [2]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-f5vpn-only-access [3]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-aug-2014-policy-change [4]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-intended-solution [5]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-id6 [6]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/OpenVPN_install#rst-header-test-server-startup [7]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/OpenVPN_install#rst-header-test-client-startup [8]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-f5nap [9]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-network-problem [10]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/server_iptables_L.txt -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87vbk0rpkj@pobox.com
Re: network newbie seeks assistance debugging iptables for VPN tunnel
Tom Roche Wed, 21 Jan 2015 12:50:04 -0500 [1] I need to tunnel one SSL VPN (F5, running on one debian host) through another (OpenVPN, running on another debian host), but lose networking (e.g., `ping`) after the F5 VPN connects. I'm not sure whether this is due to my firewall/iptables or VPN configuration, but suspect the former. Unfortunately I am not knowledgeable regarding networking, so I'd appreciate any assistance you could provide. ... slightly revised ASCII art -MY CONTROL AGENCY CONTROL- firewall +--+ +---+ +---+ | +-+ | laptop + | | linode + | | remote-access | | | cluster | | F5NAP + | -- | OpenVPN | -- | website + | -|- | node(s) | | OpenVPN | | server + | | F5VPN server | | | | | client | | security | | | | | | +--+ +---+ +---+ | +-+ Matt Ventura Wed, 21 Jan 2015 09:58:38 -0800 [2] First thing to check would be the routing table while the VPN is active. The `route -n` for while the OpenVPN connection is active is here[3], which is part of a longer section[4] with all the gory details ... and thanks! your prompt assistance is appreciated, Tom Roche tom_ro...@pobox.com [1]: https://lists.debian.org/debian-user/2015/01/msg00732.html [2]: https://lists.debian.org/debian-user/2015/01/msg00733.html [3]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/client_networking_investigation.txt [4]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/OpenVPN_install#rst-header-dns-problem -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87sif3sts8@pobox.com
Re: An experiment in backup
On Mon, Jan 19, 2015 at 1:02 PM, Kevin O'Gorman kogor...@gmail.com wrote: On Sun, Jan 18, 2015 at 9:26 AM, Tom H tomh0...@gmail.com wrote: On Fri, Jan 16, 2015 at 10:28 PM, Kevin O'Gorman kogor...@gmail.com wrote: On Fri, Jan 16, 2015 at 3:54 AM, Tom H tomh0...@gmail.com wrote: Have you looked at the logs? Especially Xorg.0.log and xsessions-errors. Xorg logs seem normal I don't see any xsessions-errors file ~/.xsessions-errors Xsession: X session started for kevin at Sat Jan 17 10:42:34 PST 2015localuser:kevin being added to access control list openConnection: connect: No such file or directory cannot connect to brltty at :0 Script for ibus started at run_im. Script for auto started at run_im. Script for default started at run_im. Unable to create /home/kevin/.dbus/session-bus Script for ibus started at run_im. Script for auto started at run_im. Script for default started at run_im. x-session-manager[1414]: CRITICAL: We failed, but the fail whale is dead. Sorry What are the owner and mode of the .dbus and session-bus dirs?
Re: An experiment in backup
On Fri, Jan 16, 2015 at 10:28 PM, Kevin O'Gorman kogor...@gmail.com wrote: On Fri, Jan 16, 2015 at 3:54 AM, Tom H tomh0...@gmail.com wrote: Are you using a DM? A what? Xubuntu uses xfce4 if that answers the question. DM = display manager On Ubuntu, lightdm is the default DM. Are you using a WM or a DE? A what? WM = window manager DE = desktop environment; in your case XFCE Have you looked at the logs? Especially Xorg.0.log and xsessions-errors. Xorg logs seem normal I don't see any xsessions-errors file ~/.xsessions-errors Can you launch X after logging in to the console? I don't know how. You can check that the basic functionality of X is OK with xinit /usr/bin/xterm -- /usr/bin/X :0 -nolisten tcp vt01 (assuming that you're on tty1 when launching X) Otherwise, you can start X with xinit [...] startx [...] service lightdm [re]start -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAOdo=SzCMuz+ssPHE6S3-WgtRS104JWey1uKMKYVhKK3Nn=z...@mail.gmail.com
Re: An experiment in backup
On Thu, Jan 15, 2015 at 10:19 PM, Kevin O'Gorman kogor...@gmail.com wrote: I have a tar backup of the entire system, excluding /sys, /proc and /dev. I have a tar backup of a bind-mount of /dev. These were taken while the system was running, but quiet. I did it this way because I cannot get the system to boot into single user mode. Putting single on the end of the linux like results in a black screen. I restored these, created /sys and /proc, and tried to boot the resulting partition. It boots, but X does not come up, or even seem to try. I can do a console login to my usual account, and stuff is there. What commands did you run to back up and restore the system? Is '/tmp' a tmpfs filesystem? If not, did you back up and restore it? Did you exclude '/run'? If not, did you restore it? Did you create '/proc' and '/sys' with the right ownership and mode? If this is a Debian system, is it a non-standard install that doesn't use udev (AFAIK this is still possible)? If not, there's no point in backing up and restoring '/dev'. If this is an Ubuntu system, the default '(recovery)' grub entry will have 'nomodeset' appended. Try that when you add 'single'. Are you using a DM? Are you using a WM or a DE? Have you looked at the logs? Especially Xorg.0.log and xsessions-errors. Can you launch X after logging in to the console? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAOdo=swjn5qggmjo7qta_2otefqgzihwpn35hykxshk4_oa...@mail.gmail.com
Re: LACK OF REPONSE TO REQUESTS FOR HELP WHY?
Nate, Thanks for your response. I ended up dealing with the problem by switching to wicd, but the incident has helped me learn some things about keyrings. I think my real problem was the one where you flounder around to the point of desperation looking for a quick fix, instead of taking the trouble to first get an understanding of the context, in this case the basic functions of keyrings, before attempting to fix a specific problem. Regards, Tom Arnall Ensenada, BC -- Honor Julian Assange. Honor Bradley Manning. Honor Edward Snowden. Honor all those who have risked all to tell us what we must know to remain free. On 12/21/14, Nate Bargmann nnbb.us wrote: * On 2014 21 Dec 01:40 -0600, tom arnall wrote: I installed wheezy a week ago (with the installer which includes xfce), and nm-applet was working fine. But today it won't start and gives the message: WARNING: gnome-keyring:: couldn't connect to: /home/tom/.cache/keyring-4LJPFc/pkcs11: No such file or directory I am running Sid (Unstable) on my laptop and I have several such ~/.cache/keyring-* directories. One of them shows: $ ls -l ~/.cache/keyring-6imVnR/ total 0 srwxr-xr-x 1 nate nate 0 Jul 7 2012 control= srwxr-xr-x 1 nate nate 0 Jul 7 2012 gpg= srwxr-xr-x 1 nate nate 0 Jul 7 2012 pkcs11= srwxr-xr-x 1 nate nate 0 Jul 7 2012 ssh= Are the permissions on your files the same? Is it possible that you initially logged into the desktop as root and then used NM to connect to a network? Perhaps just removing that directory (although that specific directory name may be stored by nm-applet *somewhere* so just removing the directory might not help) might help. The files are actually sockets so the leading 's' is apparently required. - Nate -- The optimist proclaims that we live in the best of all possible worlds. The pessimist fears this is true. Ham radio, Linux, bikes, and more: http://www.nnb.us -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmasterlists.debian.org Archive: https://lists.debian.org/20141221130512.gr2...@nnb.us -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cafkyrxp4hfegqhuquhitxh58uot6vwdeepbsaryicrurxoq...@mail.gmail.com
gnome
WHEN I DO: ~/$ gnome-keyring-daemon --start I GET: Couldn't access conrol socket: /home/tom/.cache/keyring-qGnJVR/control: No such file or directory GNOME_KEYRING_CONTROL=/home/tom/.cache/keyring-laCd8D SSH_AUTH_SOCK=/home/tom/.cache/keyring-laCd8D/ssh GPG_AGENT_INFO=/home/tom/.cache/keyring-laCd8D/gpg:0:1 what is this about? i've done a lot of google searching on it but have found nothing that helps. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cajs6gqc7amciyyoj09e3yd451mouuxhkxa_4bpfdvcw8kob...@mail.gmail.com
LACK OF REPONSE TO REQUESTS FOR HELP WHY?
about a week ago i posted a question to which no one has responded. i think it's a reasonable question for this list. clearly folks on this list don't think it's worthwhile to respond to it. can anyone here at least tell me why? below is the email is sent to this list: i have by the way spent about ten hours googling for an answer. the community seems very confused on the issue. == I installed wheezy a week ago (with the installer which includes xfce), and nm-applet was working fine. But today it won't start and gives the message: WARNING: gnome-keyring:: couldn't connect to: /home/tom/.cache/keyring-4LJPFc/pkcs11: No such file or directory ** Message: applet now removed from the notification area (nm-applet:3589): Gdk-WARNING **: nm-applet: Fatal IO error 11 (Resource temporarily unavailable) on X server :0. Is there a command line procedure to deal with this? Thanks in advance for your help, Tom Arnall -- I don't make jokes. I just watch the government and report the facts. Will Rogers -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAFKYrxpmkG2W-KM=5qTuYe-KXWsSV3tPmfFG-hUxm94g0q=k...@mail.gmail.com
Can't start nm-applet -- keyring error
I installed wheezy a week ago (with the installer which includes xfce), and nm-applet was working fine. But today it won't start and gives the message: WARNING: gnome-keyring:: couldn't connect to: /home/tom/.cache/keyring-4LJPFc/pkcs11: No such file or directory ** Message: applet now removed from the notification area (nm-applet:3589): Gdk-WARNING **: nm-applet: Fatal IO error 11 (Resource temporarily unavailable) on X server :0. Is there a command line procedure to deal with this? Thanks in advance for your help, -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cafkyrxpumpewkatguydr9jmdsyyykrv6f2txp449jso0_v1...@mail.gmail.com
gnome-keyring-daemon problem
WHEN I DO: ~/$ gnome-keyring-daemon --start I GET: Couldn't access conrol socket: /home/tom/.cache/keyring-qGnJVR/control: No such file or directory GNOME_KEYRING_CONTROL=/home/tom/.cache/keyring-laCd8D SSH_AUTH_SOCK=/home/tom/.cache/keyring-laCd8D/ssh GPG_AGENT_INFO=/home/tom/.cache/keyring-laCd8D/gpg:0:1 what is this about? i've done a lot of google searching on it but have found nothing that helps. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cafkyrxp70rrgz9gyocug+z-rzn4mqzqotr2obwyjen7jxv6...@mail.gmail.com
Can't start nm-applet keyring error
I installed wheezy a week ago (with the installer which includes xfce), and nm-applet was working fine. But today it won't start and gives the message: WARNING: gnome-keyring:: couldn't connect to: /home/tom/.cache/keyring-4LJPFc/pkcs11: No such file or directory ** Message: applet now removed from the notification area (nm-applet:3589): Gdk-WARNING **: nm-applet: Fatal IO error 11 (Resource temporarily unavailable) on X server :0. Is there a command line procedure to deal with this? Thanks in advance for your help, Tom Arnall -- I don't make jokes. I just watch the government and report the facts. Will Rogers -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAFKYrxo91W2YmRcMwdUAB2eGfBZd6CxG=gvsk2jefjmdci3...@mail.gmail.com
Re: [newbie] OpenVPN: {DNS, ping, ssh} work, HTTP fails
For the benefit of OP with similar {concerns, interests, problems}, I have documented my process @ https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home Part is scripted, and part is not, but even the part that is *not* scripted provides cut'n'pasteable console input. The good news is, at this point https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/OpenVPN_install#rst-header-client-test the server's IP# is visible from the outside world, e.g., @ http://www.whatismyip.com/ . The bad news is, this is only part of what I need, which is to run another SSL VPN through the tunnel, which is failing--more on that separately (though that may be getting OT for this list). HTH, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87r3x2sxuk@pobox.com
Re: [newbie] OpenVPN: {DNS, ping, ssh} work, HTTP fails
summary: I have a routing problem on the server side of the VPN, as diagnosed by Mart van de Wege[1]: veel dank Mart! I hope to fix that problem using these linode instructions[2]. details: Tom Roche Sat, 08 Nov 2014 23:47:29 -0500 [3] My jumpbox/server firewall is currently set to forward everything, using `iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE`: Pascal Hambourg Sun, 09 Nov 2014 13:13:16 +0100 [4] This rule doesn't forward anything, it just enables masquerading. IPv4 forwarding is enabled with sysctl net.ipv4.ip_forward=1. Correct: I also have me@jumpbox:~$ fgrep -e 'forward' /etc/sysctl.conf # Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1 # Uncomment the next line to enable packet forwarding for IPv6 #net.ipv6.conf.all.forwarding=1 on the server. Indeed I am a network newbie as previously advertised :-( In any case, current firewall behavior is as noted: me@jumpbox:~$ date ; sudo iptables -L Sat Nov 8 16:42:06 EST 2014 Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhereanywhere multiport dports ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere Mart van de Wege Sun, 09 Nov 2014 12:02:46 +0100 [1] What I suspect is a routing problem on the other side of the VPN. Can you ping IP addresses beyond your VPN? What does the output of traceroute show? Good questions! I will add these to the Debian wiki[5] because your suspicions are correct. Before starting OpenVPN on either the laptop/client or the jumpbox/server: me@laptop:~$ date ; pgrep -l openvpn | wc -l Sun Nov 9 09:24:43 EST 2014 0 me@laptop:~$ date ; ping -c 4 www.whatismyip.com Sun Nov 9 09:24:48 EST 2014 PING www.whatismyip.com (141.101.120.15) 56(84) bytes of data. 64 bytes from 141.101.120.15: icmp_seq=1 ttl=57 time=94.7 ms 64 bytes from 141.101.120.15: icmp_seq=2 ttl=57 time=157 ms 64 bytes from 141.101.120.15: icmp_seq=3 ttl=57 time=88.3 ms 64 bytes from 141.101.120.15: icmp_seq=4 ttl=57 time=88.8 ms --- www.whatismyip.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 15621ms rtt min/avg/max/mdev = 88.370/107.325/157.369/29.002 ms me@laptop:~$ date ; traceroute www.whatismyip.com Sun Nov 9 09:25:17 EST 2014 traceroute to www.whatismyip.com (141.101.120.15), 30 hops max, 60 byte packets 1 192.168.15.1 (192.168.15.1) 0.850 ms 0.838 ms 1.378 ms 2 71-23-64-2.clt.clearwire-wmx.net (71.23.64.2) 75.041 ms 75.040 ms 75.030 ms 3 71.22.7.161 (71.22.7.161) 75.293 ms 75.287 ms 75.661 ms 4 66-192-62-1.static.twtelecom.net (66.192.62.1) 75.260 ms 75.619 ms 75.600 ms 5 ash1-pr1-xe-2-3-0-0.us.twtelecom.net (66.192.244.214) 84.267 ms 84.467 ms 84.456 ms 6 xe-0.equinix.asbnva01.us.bb.gin.ntt.net (206.126.236.12) 84.429 ms 86.913 ms 86.863 ms 7 ae10.ar2.iad1.us.as4436.gtt.net (69.31.31.168) 96.019 ms 96.242 ms 95.980 ms 8 as13335.xe-7-0-3.ar1.iad1.us.as4436.gtt.net (69.31.31.90) 95.604 ms 95.585 ms as13335.xe-9-0-2.ar1.iad1.us.as4436.gtt.net (69.31.30.14) 96.170 ms 9 * as13335.xe-7-0-3.ar1.iad1.us.as4436.gtt.net (69.31.31.90) 95.515 ms 95.520 ms 10 141.101.120.15 (141.101.120.15) 96.397 ms 96.392 ms 95.841 ms After starting OpenVPN on first the jumpbox/server then the laptop/client, off-VPN routing is indeed hosed: me@laptop:~$ date ; pgrep -l openvpn | wc -l Sun Nov 9 09:31:27 EST 2014 1 me@laptop:~$ date ; ping -c 4 www.whatismyip.com Sun Nov 9 09:31:33 EST 2014 PING www.whatismyip.com (141.101.120.14) 56(84) bytes of data. --- www.whatismyip.com ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3023ms me@laptop:~$ date ; traceroute www.whatismyip.com Sun Nov 9 09:33:06 EST 2014 traceroute to www.whatismyip.com (141.101.120.15), 30 hops max, 60 byte packets 1 10.8.0.1 (10.8.0.1) 99.579 ms 99.584 ms 104.230 ms 2 * * * ... 30 * * * Note also that the jumpbox/server is a linode running a stock Debian (`cat /etc/debian_version`=='7.7'), which are apparently able to support OpenVPN, per these linode.com-hosted instructions[6]. They are vague in places, which made me switch to the Debian wiki[5], but now I suspect that I need to switch back to its section='Tunneling All Connections through the VPN'[2]. So I'll give that a try. (Eventually I prefer only to tunnel ssh and the SSL VPN through the OpenVPN to the cluster, so I'll probably be back later :-) Your assistance is appreciated! Tom Roche tom_ro...@pobox.com [1] https://lists.debian.org/debian-user/2014/11/msg00463.html [2] https
[newbie] OpenVPN: {DNS, ping, ssh} work, HTTP fails
Sat Nov 8 17:48:25 2014 ifconfig_pool_read(), in='TomRoche,10.8.0.4', TODO: IPv6 Sat Nov 8 17:48:25 2014 succeeded - ifconfig_pool_set() Sat Nov 8 17:48:25 2014 IFCONFIG POOL LIST Sat Nov 8 17:48:25 2014 TomRoche,10.8.0.4 Sat Nov 8 17:48:25 2014 Initialization Sequence Completed me@laptop:~$ sudo openvpn --script-security 2 --config /etc/openvpn/client1.conf Sat Nov 8 17:49:12 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sat Nov 8 17:49:12 2014 Socket Buffers: R=[212992-131072] S=[212992-131072] Sat Nov 8 17:49:12 2014 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay Sat Nov 8 17:49:12 2014 UDPv4 link local: [undef] Sat Nov 8 17:49:12 2014 UDPv4 link remote: [AF_INET]jump.box.IP.num:1194 Sat Nov 8 17:49:12 2014 TLS: Initial packet from [AF_INET]jump.box.IP.num:1194, sid=25df7af6 0ece4089 Sat Nov 8 17:49:13 2014 VERIFY OK: depth=1, my config data/ Sat Nov 8 17:49:13 2014 VERIFY OK: nsCertType=SERVER Sat Nov 8 17:49:13 2014 VERIFY OK: depth=0, my config data/ Sat Nov 8 17:49:14 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Sat Nov 8 17:49:14 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Nov 8 17:49:14 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Sat Nov 8 17:49:14 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Nov 8 17:49:14 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Sat Nov 8 17:49:14 2014 [TomRoche] Peer Connection Initiated with [AF_INET]jump.box.IP.num:1194 Sat Nov 8 17:49:16 2014 SENT CONTROL [TomRoche]: 'PUSH_REQUEST' (status=1) Sat Nov 8 17:49:16 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: timers and/or timeouts modified Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: --ifconfig/up options modified Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: route options modified Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Sat Nov 8 17:49:16 2014 ROUTE_GATEWAY lap.top.gate.way/255.255.255.0 IFACE=eth0 HWADDR=la:pt:op:MAC:ad:dr Sat Nov 8 17:49:16 2014 TUN/TAP device tun0 opened Sat Nov 8 17:49:16 2014 TUN/TAP TX queue length set to 100 Sat Nov 8 17:49:16 2014 do_ifconfig, tt-ipv6=0, tt-did_ifconfig_ipv6_setup=0 Sat Nov 8 17:49:16 2014 /sbin/ip link set dev tun0 up mtu 1500 Sat Nov 8 17:49:16 2014 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5 Sat Nov 8 17:49:16 2014 /etc/openvpn/update-resolv-conf tun0 1500 1542 10.8.0.6 10.8.0.5 init dhcp-option DNS 8.8.8.8 Sat Nov 8 17:49:16 2014 /sbin/ip route add lap.top.IP.num/32 via lap.top.gate.way Sat Nov 8 17:49:16 2014 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5 Sat Nov 8 17:49:16 2014 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5 Sat Nov 8 17:49:16 2014 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5 Sat Nov 8 17:49:16 2014 GID set to nogroup Sat Nov 8 17:49:16 2014 UID set to nobody Sat Nov 8 17:49:16 2014 Initialization Sequence Completed I then see the following on my client: * `ifconfig` shows a new entry=`tun0`, which looks correct * I can `ping` the server using either its real IP# or `10.8.0.1` * I can `ssh` to the server using either its real IP# or `10.8.0.1` * `nslookup www.whatismyip.com` gives correct results ... but I get no connection if I open a new instance of Firefox and browse to http://www.whatismyip.com/ :-( Looking up www.whatismyip.com... succeeds quickly but the status line continues to display Connecting to www.whatismyip.com... until the attempt times out. I also get the same behavior (connection timeout) if I open a new instance of Chrome, or if I browse to http://www.whatismyip.com/ with a Firefox opened prior to starting OpenVPN. FWIW I get the same behavior browsing to any URI, including (e.g.) Google. This is a major problem for me! For the SSL VPN to work, I need to start a Firefox and run it (since the SSL VPN's vendor only supports it on Linux via a Firefox plugin) to access a particular remote-access website. Furthermore I need the SSL VPN to run through the jumpbox/OpenVPN. (Don't ask, it's a long, sad story ...) How can I fix this? Alternatively, what should I do to further debug the problem? your assistance is appreciated, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87bnoht9dk@pobox.com
Re: [newbie] OpenVPN: {DNS, ping, ssh} work, HTTP fails
for completeness, added server firewall settings below: Tom Roche Sat, 08 Nov 2014 21:07:03 -0500 https://lists.debian.org/debian-user/2014/11/msg00440.html summary: I'm running [OpenVPN] from an LMDE [client through a Debian jumpbox/server]. After I [start the server, start the client] most IP-based applications seem to work from the client, but web browsing fails: e.g., client's Firefox cannot connect to http://www.whatismyip.com/ . How to fix or debug? details: (Apologies in advance if you feel this is a question better asked elsewhere. If so, please let me know where to ask. The OpenVPN forums are quite slow to respond in my experience, hence I'm asking here first.) I have a laptop running up-to-date LMDE (`cat /etc/debian_version`=='jessie/sid'), including Firefox version=33.0. From that laptop I need to access a compute cluster. The cluster formerly required only an SSL VPN (enabled by a Firefox plugin) to access, but now has several additional requirements, which I seek to satisfy by running the SSL VPN through a jumpbox running an OpenVPN server. The jumpbox is a linode running a vanilla Debian (`cat /etc/debian_version`=='7.7'). Note that I have been using the laptop successfully for a few years with LMDE and without network problems. Currently I have the client/laptop connected by wire directly to an ISP-supplied modem/router. With `openvpn` NOT running on my client/laptop, I see the following: * `ifconfig` shows no entry='tun0' (just the usual entries for 'eth0', 'lo', 'wlan0'), and shows the expected client IP# bound to 'eth0'. * I can `ping` my jumpbox/server using its real IP#, but cannot `ping 10.8.0.1` * I can `ssh` to my jumpbox/server using its real IP#, but cannot `ssh 10.8.0.1` * `nslookup www.whatismyip.com` gives correct results * browsing to http://www.whatismyip.com/ shows my client's IP# (as also shown in `ifconfig`) Both the client and server setups are quite generic OpenVPN-wise, and are almost exactly as described on the Debian wiki here https://wiki.debian.org/openvpn%20for%20server%20and%20client Note particularly that my client and server configurations are currently near-exact copies of those listed at that Debian wiki page: the only changes are my server IP# (obfuscated below) and the name of my client: me@jumpbox:~$ date ; cat /etc/openvpn/server.conf Sat Nov 8 16:49:00 EST 2014 port 1194 proto udp dev tun ca /etc/openvpn/ca.crt cert /etc/openvpn/server.crt key /etc/openvpn/server.key dh /etc/openvpn/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push redirect-gateway def1 bypass-dhcp push dhcp-option DNS 8.8.8.8 # google public DNS keepalive 10 120 comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3 me@laptop:~$ date ; cat /etc/openvpn/client1.conf Sat Nov 8 16:51:31 EST 2014 client dev tun proto udp remote ser.ver.IP.num 1194 resolv-retry infinite nobind user nobody group nogroup persist-key persist-tun mute-replay-warnings ca /etc/openvpn/ca.crt cert /etc/openvpn/client1.crt key /etc/openvpn/client1.key ns-cert-type server comp-lzo verb 3 up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf My jumpbox/server firewall is currently set to forward everything, using `iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE`: me@jumpbox:~$ date ; sudo iptables -L Sat Nov 8 16:42:06 EST 2014 Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere After I start `openvpn` on first the server and then the client, I see no OpenVPN errors on either the server or the client: me@jumpbox:~$ sudo openvpn --script-security 2 --config /etc/openvpn/server.conf Sat Nov 8 17:48:25 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013 Sat Nov 8 17:48:25 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sat Nov 8 17:48:25 2014 Diffie-Hellman initialized with 1024 bit key Sat Nov 8 17:48:25 2014 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Sat Nov 8 17:48:25 2014 Socket Buffers: R=[212992-131072] S
systemctl disable/mask
On 28 Sep 2014 04:35:03 +0200, lee l...@yun.yagibdah.de wrote: Anyway, it gives me to think that such a misunderstanding has come up to begin with and that it hasn't been fixed long ago. Someone who doesn't understand what disabled means is programming an init system: What other misunderstandings might have gone into it? Why obfuscate things and mislead and confuse the users? I was scrolling last night through the debian-user@ archives, looking for a non-systemd thread, and clicked on this post [1] through a fat-fingered error. (I unsubscribed a few weeks ago because a group of anti-systemd trolls have hijacked the list and are spamming it with BS.) You're angered by the fact that the systemd developers have chosen systemctl disable service to mean disable at boot and systemctl mask service to mean disable completely. Since you use both Debian and Fedora, have you ranted or filed a bug about the fact that: - apt-get update means update the local cache and yum update means update the local cache and upgrade all the packages to their latest versions - apt-get update and yum makecache both mean update the local cache - apt-get dist-upgrade means upgrade all the packages to their latest versions and is therefore more less equivalent to yum update (if you pre-run yum makecache, apt-get dist-upgrade and yum -C update are equivalent) - apt-get upgrade doesn't have a Fedora equivalent - apt-get dist-upgrade could be considered ambiguous, it could mean upgrade to the latest version of the distro or upgrade to the next version of a distro (perhaps you could suggest apt-get release-upgrade for the latter so as to avoid this ambiguity...) Furthermore, the MO that the systemd developers have chosen has a precedent. In /etc/modprobe.conf and /etc/modprobe.d/: - if you use blacklist module, the module won't be loaded but it can be loaded manually or as a dependency - if you use install module /bin/true that module won't be loaded at all Have you ranted or filed a bug about this because, to paraphrase you, the modprobe developers don't know what blacklist means? I can understand that some people dislike systemd but complaints like this one weaken their already-weak case and make the anti-systemd whiners look like a bunch of clueless lunatics. [1] https://lists.debian.org/debian-user/2014/09/msg02105.html -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAOdo=SwHv3fpfc3CtQJzGnOFZFY=XWRjGh=xmhjsj-wtjql...@mail.gmail.com
Debian nolonger claims to be the Universal Operating System
Debian nolonger claims to be the Universal Operating System On google searches debian pages still turn up like this: Debian -- Mailing Lists - Debian -- The Universal Operating ... When you go to the page The Universal Operating System part is gone. A reflection of the problem with the scumbag debian developers failing to explain how The Universal Operating System squares with shoving syst__d, gn_me/gtk3, down our throats, and depreciating (as if they have the right to do that) many programs that rely on gtk2 and non-syst__d. Ofcourse they ban you from posting the mailing list on the first critical mention of systemd. Worthless trash. They need to be stopped, deposed. Give us back the debian packagers of an earlier age. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/trinity-7d984845-5a62-4964-8cd2-fa6a61a725f5-1412419482769@3capp-mailcom-lxa15
(Video) Discussion on lennart poettering, syst__d, sysv
Discussion on lennart poettering, syst__d, sysv: youtu.be/2toVPMHRo8M -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/trinity-8111a0c0-3501-45ee-9023-f0b9fde3e8a1-1412419549952@3capp-mailcom-lxa15
Pieces placed in juxtaposition.
Pieces placed in juxtaposition: Opensource is going mainstream in 2014 -RedHat CEO Syst__d presents a large attack surface (where as there are few ways to communicate with init etc), needlessly manages disc cryptography (amongst everything else, normal inits never cared one way or the other), Obama Administration Argues For Backdoors In Personal Electronics http://it.slashdot.org/story/14/10/01/186228/obama-administration-argues-for-backdoors-in-personal-electronics (Think of the children, ignore privacy, and religious freedom (that ship set sail in Delaware 1870)) Attorney General Eric Holder called it is worrisome that tech companies are providing default encryption on consumer electronics, adding that locking authorities out of being able to access the contents of devices puts children at risk. \u201cIt is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy,\u201d Holder said at a conference on child sexual abuse, according to a text of his prepared remarks. \u201cWhen a child is in danger, law enforcement needs to be able to take every legally available step to quickly find and protect the child and to stop those that abuse children. It is worrisome to see companies thwarting our ability to do so.\u201d -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/trinity-c695869e-5932-496f-ac1d-6675ef213a5d-1412419628121@3capp-mailcom-lxa15
(Song) Fk SystemD
youtu.be/JbRztcLaQa8 Fuck Systemd. It is passionless static, worthless. Only here to force us in a direction. And Linus Trovalds agrees 100% with that direction. But he never claimed to be brilliant nor have good taste in women nor be uncorruptable (got to keep that RedHat stock valuable) This was recorded in the morning Fuck Systemd. Fuck Lennart Poettering. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/trinity-cc489298-336a-4100-85b8-84c43c620c90-1412441370324@3capp-mailcom-lxa16
Gnome 3.14 keyboard shortcut question
Greetings, System: up to date Debian Testing, 64 bit, Gnome 3.14 I'm trying Gnome again after several years of using Fluxbox and need some help with creating a custom keyboard shortcut. I'm using 8 workspaces and successfully created keyboard shortcuts for workspaces 1-4 using Settings- Keyboard-Shortcuts. Shortcuts for workspaces 5-8 require custom shortcuts. What is the command to use in creating these? I've had no luck finding the answer in the Gnome Help Guides, by using Google search, or by posting to the Gnome mailing list. Thanks in advance for any help. Tom Ashley -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140929071129.59d3334f@tomshome.tomshome
Gnome 3.14 keyboard shortcut question (Clarification)
Greetings, This is to clarify my original request for help. The shortcuts I'm trying to make are to switch to workspaces 5-8. Sorry for the confusion. System: up to date Debian Testing, 64 bit, Gnome 3.14 I'm trying Gnome again after several years of using Fluxbox and need some help with creating a custom keyboard shortcut. I'm using 8 workspaces and successfully created keyboard shortcuts for switching to workspaces 1-4 using Settings- Keyboard-Shortcuts. Shortcuts for switching to workspaces 5-8 require custom shortcuts. What is the command to use in creating these? I've had no luck finding the answer in the Gnome Help Guides, by using Google search, or by posting to the Gnome mailing list. Thanks in advance for any help. Tom Ashley -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140929073839.1c02e2ec@tomshome.tomshome
Re: Gnome 3.14 keyboard shortcut question--Solved
Thanks much. Tom On Sep 29, 2014 8:46 AM, Michael Ott mich...@king-coder.de wrote: Hi Tom! System: up to date Debian Testing, 64 bit, Gnome 3.14 I'm trying Gnome again after several years of using Fluxbox and need some help with creating a custom keyboard shortcut. I'm using 8 workspaces and successfully created keyboard shortcuts for workspaces 1-4 using Settings- Keyboard-Shortcuts. Shortcuts for workspaces 5-8 require custom shortcuts. What is the command to use in creating these? I've had no luck finding the answer in the Gnome Help Guides, by using Google search, or by posting to the Gnome mailing list. Thanks in advance for any help. You can use the dconf-editor to change this setting. Path: org - gnome - desktop - wm - keybindings CU Michael Ott -- ,''`. : :' : Michael Ott `. `'e-mail: michael at king-coder dot de `-