Re: systemd may silently break your system!
Am Do, Aug 01, 2024 at 14:08:21 + schrieb Andy Smith: I feel like we see it more and more, these expectations about sid, and I don't understand why. Maybe because these bugs have already reached testing? My testing system has this buggy version of procps. Interestingly /etc/sysctl.conf is still available. Stephan -- |If your life was a horse, you'd have to shoot it.|
Re: Stop packagekitd from downloading updates
Am So, Jan 28, 2024 at 16:31:02 -0500 schrieb Stefan Monnier: the thing you don't want done. Is "unattended-upgrades" installed by any chance? Hmm yep, it is! So that's it? Well, you can look in /var/log/unattended-upgrades/ for the log files. „dpkg-reconfigure unattended-upgrades” will tell you if the package is configured to do its jobs. Stephan -- |If your life was a horse, you'd have to shoot it.|
Re: 6.1.0-15/6.1.66-1 broken too?
Hello everybody I can confirm the same problems. At first I thought the network problem was due to proprietary Broadcom driver because network connectivity was the most obvious problem. However, most problems persisted after removing the driver. I do not have any other proprietary or custom kernel modules. My hardware is a 2014 Macbook Pro (Intel CPU and graphics). Regards Stephan signature.asc Description: This is a digitally signed message part
Re: wtf just happened to my local staging web server
Am Do, Mai 05, 2022 at 09:30:42 +0200 schrieb Klaus Singvogel: I think there are more. Yes, I only know wtf as „what the fuck”. Stephan -- |If your life was a horse, you'd have to shoot it.|
Re: mariadb does not run
Am Di, Mai 03, 2022 at 11:39:12 +0200 schrieb Lucio Crusca: Il 03/05/22 11:28, to...@tuxteam.de scritto: Try `sudo apt purge mariadb-server', watch out for error messages, then re-install. Perhaps that helps. I didn't mention that in my first post, but I've already tried purging and reinstalling several times. The one I reported is only the last one, The package mariadb-server is a meta package. It depends on the current version of the server package, e.g. mariadb-server-10.5. e.g. the more comprehensive one that included manual removal of /etc/mysql and reboot before reinstalling. I always got the same results. Make sure that /var/lib/mysql is empty as well after the purge. Stephan -- |If your life was a horse, you'd have to shoot it.|
Re: technical terms overhaul
On So, Jun 21, 2020 at 08:43:57 +0300, Andrei POPESCU wrote: They are not exactly descriptive and are awkward to translate in other languages. Here in Germany you don’t have to translate blacklist/whitelist. They are part of the technical language. Shade and sweet water! Stephan -- |If your life was a horse, you'd have to shoot it.|
Re: no rsync in the German installation? (Kommando nicht gefunden.)
On Do, Jan 30, 2020 at 12:14:19 +0100, Albretch Mueller wrote: Hmm! I thought and would expect for rsync to be installed by default! No, rsync is Priority: optional. Stephan -- |If your life was a horse, you'd have to shoot it.|
Re: No security support for binutils and libqt5webkit5, what to do?
On So, Dez 29, 2019 at 08:48:40 +0100, Pascal Hambourg wrote: Why do you say that these packages have no or limited security support ? Because Debian says so. root@fsing ~ # dpkg -s debian-security-support Package: debian-security-support Status: install ok installed Priority: optional Section: admin Installed-Size: 158 Maintainer: Holger Levsen Architecture: all Version: 2019.06.13 Depends: debconf (>= 0.5) | debconf-2.0, adduser, gettext-base Conffiles: /etc/dpkg/dpkg.cfg.d/debian-security-support 08577c44ee76afd1a5622392d32318ea Description: Debian security support coverage checker For some Debian packages, it is not feasible to maintain full security support for all use cases through the full distribution release cycle. . This package provides a program to identify installed packages for which support has had to be limited or prematurely ended, and to alert the administrator. . New versions of this package with updated checklists will be provided via standard and/or extended security support. root@fsing ~ # env LANG=C check-support-status Limited security support for one or more packages Unfortunately, it has been necessary to limit security support for some packages. The following packages found on this system are affected by this: * Source:binutils Details: Not covered by security support Affected binary packages: - binutils (installed version: 2.31.1-16) - binutils-common:amd64 (installed version: 2.31.1-16) - binutils-x86-64-linux-gnu (installed version: 2.31.1-16) - libbinutils:amd64 (installed version: 2.31.1-16) Shade and sweet water! Stephan -- |If your life was a horse, you'd have to shoot it.|
Re: unstable: directory pulse in root directory : /pulse where from?
On Mo, Dez 16, 2019 at 08:32:01 +0100, Jörg-Volker Peetz wrote: Does anybody else see such a /pulse directory? Yes, here as well (two testing systems). Shade and sweet water! Stephan -- |If your life was a horse, you'd have to shoot it.|
Re: Replacement for lineakd?
On Mi, Dez 04, 2019 at 09:14:03 -0500, The Wanderer wrote: Looks like xbindkeys is available in stable, but not in testing (though it is still in sid). Ah, that explains it. I’m using testing. ;-) Shade and sweet water! Stephan -- |If your life was a horse, you'd have to shoot it.|
Re: Replacement for lineakd?
On Mi, Dez 04, 2019 at 01:06:56 +, Steve Kemp wrote: I personally use `xbindkeys`. Configure it to be launched as Hm: [stse@osgiliath]: apt-file search xbindkeys :-( [04.12.19 15:01] ~ Which package? Stephan -- |If your life was a horse, you'd have to shoot it.|
Replacement for lineakd?
Hi! The oldest of our list elders will maybe remember the package lineakd (it was removed from Debian in 2011). Together with a „multimedia” keyboard it could be used to map commands to keys. The big advantage was that it always worked not matter if you would run XFCE or FVWM. Well, it’s long gone, and while I have it still installed, I’m wondering what kind of replacement is used today for this functionality? Shade and sweet water! Stephan -- |If your life was a horse, you'd have to shoot it.|
Re: postgresql-12 - crash. Any hints.
On Di, Nov 05, 2019 at 10:42:28 +0100, Kamil Jońca wrote: I migrate databases, and during last few days I have had 2 server crashes. I have similiar signal 11 crashes after the upgrade (pg_upgradecluster). Maybe you should keep your hands from version 12. Shade and sweet water! Stephan -- |If your life was a horse, you'd have to shoot it.|
Re: Where do I find the Debian CAs?
On Di, Aug 06, 2019 at 06:57:51 -0400, Dan Ritter wrote: Stephan Seitz wrote: I’ve noticed that the Debian mailing list server is offering a certificate as a client: Client CN „clientcerts/bendel.debian.org”, Issuer „Debian SMTP CA” I can’t verify it because I can’t find the CA. There doesn’t seem to be a package with internal CAs. Where can I find them? dpkg -S /etc/ssl/certs will show you: ssl-cert, ca-certificates, openssl I think there is a misunderstanding. I know about /etc/ssl/certs, but there isn’t a Debian SMTP CA. So I would like to know where I can download this CA (or others as well) and then put them in /etc/ssl/certs. Stephan -- | If your life was a horse, you'd have to shoot it. |
Where do I find the Debian CAs?
Hi! I’ve noticed that the Debian mailing list server is offering a certificate as a client: Client CN „clientcerts/bendel.debian.org”, Issuer „Debian SMTP CA” I can’t verify it because I can’t find the CA. There doesn’t seem to be a package with internal CAs. Where can I find them? Shade and sweet water! Stephan -- | If your life was a horse, you'd have to shoot it. |
Re: id_dsa - not in PubkeyAcceptedKeyTypes
On Mi, Jul 17, 2019 at 01:13:14 +0200, Pierre Frenkiel wrote: 1/ why something which worked yesterday doesn't work today? I don’t know. Are you in control of the server? If yes, did you do an update/upgrade? If not, can you ask the admin? 2/ what would be the recommended key in this long list? Sorry, no idea. Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: id_dsa - not in PubkeyAcceptedKeyTypes
On Mi, Jul 17, 2019 at 12:14:36 +0200, Pierre Frenkiel wrote: have When trying a passwordless connection via ssh, I have now the message: id_dsa - not in PubkeyAcceptedKeyTypes although it is actually in /etc/ssh/sshd_config According to the buster manpage of sshd_config: PubkeyAcceptedKeyTypes Specifies the key types that will be accepted for public key authentication as a list of comma-separated patterns. Alternately if the specified value begins with a ‘+’ character, then the specified key types will be appended to the default set instead of replacing them. If the specified value begins with a ‘-’ character, then the specified key types (including wildcards) will be removed from the default set instead of re‐ placing them. The default for this option is: ecdsa-sha2-nistp256-cert-...@openssh.com, ecdsa-sha2-nistp384-cert-...@openssh.com, ecdsa-sha2-nistp521-cert-...@openssh.com, ssh-ed25519-cert-...@openssh.com, rsa-sha2-512-cert-...@openssh.com,rsa-sha2-256-cert-...@openssh.com, ssh-rsa-cert-...@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa The list of available key types may also be obtained using "ssh -Q key". So there is nothing for dsa, only ecdsa. The default list in stretch is shorter but doesn’t have a dsa type either. Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: Don't disable recoomends by default
On Fr, Jul 12, 2019 at 09:13:29 -0300, Jonas Smedegaard wrote: Wrong. Suggests are for packages useful only "sometimes", recommends are for pacakges needed in "all but unusual installations." From my experience this is wrong. With recommends my d10 update would have systemd as init instead of sysvinit. And I would have got (for example) the package debsecan which I don’t need. So it is better to disable recommends and look at the recommended packages. Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html | signature.asc Description: PGP signature
Re: 70-persistent-net-rules no longer supported?
On Di, Jul 02, 2019 at 08:14:02 +0100, Brian wrote: My upgrade from stretch to buster left networking as it was before. My 70-persistent-net.rules is SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:90:dc:a2:4d:26", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0" Following Curt's suggestion I removed the relevant module and rebooted. 'ip a' shows eth0. The advice in the Release Notes You probably meant that you removed the line? I noticed that since Debian 9 this file is added to the initrd. So if you change or delete the file you have to rebuild the initrd before rebooting. Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: Replacing Pulseaudio with Alsa alone
On Mi, Jun 05, 2019 at 11:20:58 +0200, Michael Lange wrote: Georgi Naplatanov wrote: If you don't use PulseAudio then only one application can use an ALSA device at the same time on your computer. really? Here I can play back a video in firefox and play another video No, I don’t think so. IIRC: In the beginning of ALSA you needed a soundcard with hardware mixing capabilities. Later, ALSA got a mixer plugin itself. So, you don’t need Pulse to have multiple audio sources. And if you only have one soundcard, PulseAudio is overkill. Besides, PulseAudio lies on top of ALSA. The advantages of PulseAudio are: - more than one soundcard, maybe even changing (onboard, USB soundcare, headset, etc.) - you want to move the application from one soundcard to another without reconfiguring the application to the new soundcard - network capabilities Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: s...@fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: A call to drop gnome
On Di, Apr 16, 2019 at 07:53:40 +0200, Matthew Crews wrote: Off the top of my head, Fedora, SUSE and Ubuntu (as of 18.10) use Wayland by default. I thought Ubuntu dropped Wayland and returned to X11? Concerning Wayland: as long as it doesn’t have some kind of X11 forwarding feature (easy to use with „ssh -X”), it’s useless for me. Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html | signature.asc Description: PGP signature
Re: Wireless card on New users computer
Greetings Just to confirm my wifi card is now working I have search for the package "firmware-iwlwifi" using the browser and found the page https://wiki.debian.org/iwlwifi from there I had just followed the instructions. I also admit that I made use of the text editor "nano" to edit the list source. As much as am usually afraid of the CLI I start enjoying it. Are they any resources anyone can share for me to learn more about it and most of all harness its power? Thanks Marc Stephan Nkouly Digital Consultant bp: 5180 Nkwen Bamenda Cameroon Mobile: 00 237 6 77 95 77 55 00 237 6 90 89 51 52 "Technical people tend to fall into two categories: Specialists and Generalists. The Specialist learns more and more about a narrower and narrower field, until he eventually, in the limit, knows everything about nothing. The Generalist learns less and less about a wider and wider field until eventually, he knows nothing about everything." - William Stucke - AfrISPA On Fri, Nov 23, 2018 at 3:14 PM wrote: > On Fri, Nov 23, 2018 at 02:30:42PM +0100, Marc Stephan Nkouly wrote: > > Sorry for not giving enough details initially. > > No worries. > > > My laptop is LENOVO IDEA PAD 300 > > INTEL PROCESSOR of 64 Bits with 4 G Ram & 500 HDD > > Is true I had installed UBUNTU 18.04 But didn't appreciate it's sluginesh > > Ànd now am running DEBIAN 9 with GNOME 3 Desktop environment. > > Is true while doing the installation I saw a warning message that my > > Wireless card require a non free driver with bthe name " iw l > wifi-3160-17 " > > Thanks for the details. > > I see. This is actually the info needed here (actually the driver is > probably > called "iwlwifi-3160-17", see below). > > > But I didn't had the disc with it as the system asked me to insert it. > > I have done my installation using NET INSTALL and got all the packages > from > > the Wired connection. > > Asking "apt-file" (this is a very useful command, which is found in a > package with the same name): > > tomas@trotzki:~$ apt-file search iwlwifi-3160 > firmware-iwlwifi: /lib/firmware/iwlwifi-3160-12.ucode > firmware-iwlwifi: /lib/firmware/iwlwifi-3160-14.ucode > firmware-iwlwifi: /lib/firmware/iwlwifi-3160-16.ucode > firmware-iwlwifi: /lib/firmware/iwlwifi-3160-17.ucode > firmware-iwlwifi: /lib/firmware/iwlwifi-3160-9.ucode > > (Apt-file searches for packages containing a file with that name) reveals > that iwlwifi-3160-17.ucode is contained in a package named > "firmware-iwlwifi" > (the suffix .ucode suggests that those are "microcode files", i.e. firmware > to be loaded onto the processor embedded in your wifi hardware. > > So installing the package "firmware-iwlwifi" should get you going. > > Note that the package itself is in the non-free repository (hardware > vendors > sometimes distribute non-free software and don't document their hardware > in a way that would allow us to write software for it, alas). So possibly > you would have to enable the non-free repository. Don't hesitate to ask > if you are unsure. > > > I also admit that am a beginners and don't feel comfortable enough to > edit > > files using the command line. Nevertheless am here because I want to > learn. > > Am also attaching what I had snap during the installation. > > Don't worry. We all have things to learn -- actually that is part of the > fun. > > Cheers > -- tomás >
Wireless card on New users computer
Greetings Greetings Am writing from Cameroon and am a FOSS enthusiast. I wish to receive assistance for me t install the wireless drivers of my laptop. I also admit being a complete beginner and I wonder in case there's a self-learning program I can follow to have my feet wet with the system? My goals are to be deploying hybrid cloud solutions (software that can be installed on a server with the internet ). Thanks Marc Stephan Nkouly Digital Consultant bp: 5180 Nkwen Bamenda Cameroon Mobile: 00 237 6 77 95 77 55 00 237 6 90 89 51 52 "Technical people tend to fall into two categories: Specialists and Generalists. The Specialist learns more and more about a narrower and narrower field, until he eventually, in the limit, knows everything about nothing. The Generalist learns less and less about a wider and wider field until eventually, he knows nothing about everything." - William Stucke - AfrISPA
Re: unable to install nginx-full package
On Di, Sep 18, 2018 at 05:34:43 +, Steve Kemp wrote: I would *guess* that you have an existing webserver, such as apache, running. If that is the case you'll want to stop it before you try Or he has IPv6 disabled (maybe company policy). In this case nginx will fail to start as well. Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: As seen above: use of su vs sudo
On Di, Aug 07, 2018 at 02:27:48 +0200, Martin wrote: Come on. You are telling me, it is more secure to share one secret among multiple people against every person having it own? If the password is stored in a password safe, and everyone in the IT has access to it, where is the problem? First you have to log in to a user's account. And I'm quite sure, you will use ssh with keys that, right? I do it (at least in most cases, my key is not on every system I may need to login). Others don’t, they use their LDAP password. Yes, this is way more complex than su. But it will improve system security by far, when in good hands. If this security isn’t needed why bother? Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: As seen above: use of su vs sudo
On Di, Aug 07, 2018 at 01:33:20 +0200, Martin wrote: I don’t know if Debian does, but the difference between su and sudo seems quite like to the difference between ssh logins with password and with keys. Both have advantages and disadvantages. By far: No. su only invokes or acts like login, pam included. sudo may represent a complex role management. Yes, I know. Maybe I wasn’t clear enough. Both tools provide a solution, and it is your philosphy/rule set that will decide if solution A is better for your work or solution B. Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: As seen above: use of su vs sudo
On Di, Aug 07, 2018 at 11:46:55 +, Curt wrote: But it seems the whole point of the thing in a multi-user environment is that you can use a granular approach to permissions, so I suppose if you didn't desire a particular user modifying the logs, while granting her other administrative privileges, that would fall completely within the purview of the philosophy and implementation of the soft that is 'sudo'. Exactly. At home I’m the only person using my computer, so I don’t need the sudo philosophy. At work we’re using sudo (interestingly without asked password, so if you could login, you can do „sudo -i”), but there is no administrator difference. Everyone in our small group has always full administrator access. Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: As seen above: use of su vs sudo
On Di, Aug 07, 2018 at 11:58:48 +0200, Martin Drescher wrote: And I'm curious why Debian still prefers the use of su over sudo? I don’t know if Debian does, but the difference between su and sudo seems quite like to the difference between ssh logins with password and with keys. Both have advantages and disadvantages. Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: Please help with error message
On Di, Aug 07, 2018 at 01:18:59 +0300, Reco wrote: I never had your mentioned problems. Either you have /sbin in your user's path, or you haven't run a single apt-get all these years. There are other possibilities, of course, though less flattering. Bullshit again. You didn’t read the thread, did you? This is new behaviour in testing because Debian switched the source for the su binary. Debian 9: stse@fsing:~$ echo $PATH /home/stse/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games stse@fsing:~$ su Passwort: root@fsing /home/stse # echo $PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin Testing: [stse@osgiliath]: echo $PATH /home/stse/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/home/stse/wego/bin [stse@osgiliath]: su Passwort: osgiliath:/home/stse# echo $PATH /home/stse/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/home/stse/wego/bin Testing with „ALWAYS_SET_PATH yes” in login.defs: [stse@osgiliath]: echo $PATH /home/stse/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/home/stse/wego/bin [stse@osgiliath]: su Passwort: osgiliath:/home/stse# echo $PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin I hope you see the difference. „su” doesn’t change the working directory. So if you compile software as a user you can then type „make install” after su. True. But this tidbit does not relate to this particular problem at all. It does. Depending on your needs you could use „su” or „su -”. Now it is simpler to compile as root user. It was always 'simpler'. But not 'smarter'. Doesn’t matter, security is always a compromise. If it gets to much work it will be reduced. If you need to run an X11 program as root su preserved the DISPLAY variable. And it also preserves $HOME. So any changed configuration file will be owned by root. Not a big deal if you never try to run the program in Only if the file never existed. Luckily you can switch back to the old behaviour, but this should be the default. Care to provide a Debian bug number that you filled on this particular issue? Because rants on debian-user do not transform to patches by themselves. Which patches? As Linus would say: „Don’t break user behaviour! Give them an option to switch to a new one.”. A recent kernel update (linux-4.9.110-3+deb9u1) begs to differ. Two notable behaviour changes without any way to disable them. Are these security changes? Then Linus permits it if there is no other way. By the way, what are these changes that are breaking user space? Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: Please help with error message
On Di, Aug 07, 2018 at 12:35:32 +0300, Reco wrote: rodolfo@sda6-acer:~$ su Don't. Do. That. Ever. That’s bullshit. I did it all the time until Debian decided to break things. I never had your mentioned problems. „su” doesn’t change the working directory. So if you compile software as a user you can then type „make install” after su. Now it is simpler to compile as root user. If you need to run an X11 program as root su preserved the DISPLAY variable. Luckily you can switch back to the old behaviour, but this should be the default. As Linus would say: „Don’t break user behaviour! Give them an option to switch to a new one.”. Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: Please help with error message
On Di, Aug 07, 2018 at 10:08:06 +0200, Rodolfo Medina wrote: $ echo $PATH /home/rodolfo/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games rodolfo@sda6-acer:~$ su Password: You are using testing/unstable, aren’t you? The su binary was replaced with another one, and now Debian is breaking user space again. :-( Now su alone doesn’t change the path but keeps the user path. You have to use „su -”. The util-linux implementation of /bin/su is now used, replacing the one previously supplied by src:shadow (shipped in login package), and bringing Debian in line with other modern distributions. The two implementations are very similar but have some minor differences (and there might be more that was not yet noticed ofcourse), e.g. - new 'su' (with no args, i.e. when preserving the environment) also preserves PATH and IFS, while old su would always reset PATH and IFS even in 'preserve environment' mode. - su '' (empty user string) used to give root, but now returns an error. - previously su only had one pam config, but now 'su -' is configured separately in /etc/pam.d/su-l The first difference is probably the most user visible one. Doing plain 'su' is a really bad idea for many reasons, so using 'su -' is strongly recommended to always get a newly set up environment similar to a normal login. If you want to restore behaviour more similar to the previous one you can add 'ALWAYS_SET_PATH yes' in /etc/login.defs. Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: Unmet dependencies in installing virtualbox-5.2
On Mo, Jul 30, 2018 at 08:06:04 -0400, The Wanderer wrote: It looks as if virtualbox-5.2 is a virtual or otherwise nonexistent He is probably using the oracle repository for virtualbox because I do use it and I have the package virtualbox-5.2 installed. ;-) Version 5.2.14 doesn’t have any problems with Debian testing. It uses libcurl3-gnutls. The new version 5.2.16 uses libcurl3 which is not installable in Debian testing. Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Future of systemd-shim?
Hi! I noticed that systemd-shim isn’t compatible anymore to the last systemd version in testing, so systemd-sysv will be installed. This is mentioned in bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903295. Is anyone working on this problem? Or does this mean, it’s the end for sysvinit (at least for desktops)? Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
On Di, Feb 20, 2018 at 05:09:12 +, Andy Smith wrote: CVE-2017-5753 is Spectre v1. There is no fix for Spectre v1 anywhere yet, not even in Linux upstream. Are you sure? CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' * Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active) * Kernel has array_index_mask_nospec: YES (1 occurence(s) found of 64 bits array_index_mask_nospec()) * Checking count of LFENCE instructions following a jump in kernel: NO (only 3 jump-then-lfence instructions found, should be >= 30 (heuristic)) STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization) Kernel is Linux 4.15.4 #1 SMP Sat Feb 17 23:19:56 CET 2018 x86_64, compiled myself with gcc 7.3 from testing. According to spectre-meltdown-checker all three vulnerabilities are mitigated. Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: Banishing UUIDs from grub
On Do, Jan 18, 2018 at 03:31:30 -0600, Dave Sherohman wrote: What is the recommended method for preventing grub from using UUIDs to refer to filesystems in the current Debian stable distribution? In /etc/default/grub I have the option: # Uncomment if you don’t want GRUB to pass „root=UUID=xxx” parameter to Linux #GRUB_DISABLE_LINUX_UUID=true Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: testing, upgrade of openssl libssl1.1 ( 1.1.0f-3 => 1.1.0f-4 )
On Mo, Aug 14, 2017 at 08:02:40 -0400, songbird wrote: may break your getting of mail process. (i'm using getmail). luckily downgrading the two packages restores things to working again. no time right now for me to find the magic words to fiddle with to allow this to go through. As announced the new version of openssl has disabled TLSv1 and TLSv1.1 leaving only TLSv1.2. So if you have an old server without TLSv1.2, you can’t connect anymore. Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: Having problem with Debian's Installation Guide Preparing Files for USB Memory Stick Booting
Hi, billwill onggo: > I was trying to create a bootable USB flash disk following this guide : > 4.3.3.2. Preparing Files For USB Memory Stick Booting > the flexible way > > adding installer image > https://www.debian.org/releases/stable/amd64/ch04s03.html.en#usb-copy-flexible > <https://www.debian.org/releases/stable/amd64/ch04s03.html.en> > > Booting the USB installer gives me a 'kernel panic - vfs unable to mount > root fs' booting the USB installer > > This is strange, because several months ago i did successfully create a > debian installer, using the same cd-image, following this same guide, and > installed this Debian (i'm currently using to write this mail) into this > machine. > > After struggling almost an hour, i got it working. I found that the content > of the syslinux.cfg is the culprit since I cant boot without the > syslinux.cfg file and manually provide the boot parameter at boottime > > boot: vmlinuz initrd=initrd.gz I can't follow you here. If you really follow the installation guide ch04s03.html.en#usb-copy-flexible, you have to create a syslinux.cfg yourself, there is no existing syslinux.cfg (content), as you seem to be telling us. Be aware that within 4.3. there are several ways: syslinux.cfg does exist as a file using 4.3.2 as part of the hd-media/boot.img.gz. Did you select that? If not, there is no existing syslinux.cfg file. [...] Doing it the flexible way, the content of the syslinux.cfg to be created should be (it's from the stick I used for a real installation, so priority=medium is optional) : default vmlinuz initrd=initrd.gz priority=medium If you want to have the installer boot with that, but additionally want to add some parameters at boot time, add a prompt 1 line to the syslinux.cfg. Please check that you haven't done steps that actually do not belong to "the flexible way". > > This is content of the syslinux.cfg the from installation guide : Yes, you're talking about a not so flexible way. > >> default vmlinuz >> append initrd=initrd.gz >> >> Shouldn't it be something like this? > >> default debi >> >> label debi >> kernel vmlinuz >> append initrd=initrd.gz >> Can't tell you anything about whether your observation here is right or wrong. Cheers Stephan
Fwd: Re: archivemail default setup
To the list as well... Forwarded Message Subject: Re: archivemail default setup Date: Sat, 22 Oct 2016 13:00:00 + From: Stephan Beck Reply-To: sb...@secure.mailbox.org To: Mark Fletcher Hi Mark, Mark Fletcher: > Hello again > > A little while back I installed archivemail on Jessie, to delete mail > from my local mailbox when it is more than a month old. > > The command I am running is: > > archivemail --output-dir=/home/mark/Mail/ -d 31 --delete /var/mail/mark > > My mailbox is in /var/mail/mark. I didn't choose to put it there, that > is where it went when the system was installed. I am not sure if that is > thanks to the default settings of exim4, mutt, or something else. > > Now /var/mail is owned by root:mail and had access 775. /var/mail/mark > is owned by mark:mail and has permissions 660. > > Whenever I ran archivemail as mark, it was complaining that it did not > have write access to /var/mail (it wanted to write a lock file) and then > proceeded to say it was deleting 0 messages. > > The oldest messages in my mail folder are dated September 18th and as > such should have been deleted by now. They are not being because, I > suppose, of the failure to write the lock file. > > When I run archivemail as root it complains that I am not the owner of > the mailbox and refuses to do anything. You may use the setgid command option (on /var/mail) in order to achieve that any new file created there (and the directory /var/mail/mark is just a file like that) has its group ownership set to the group owner of the directory (which should be "mail") rather the group ownership of the file's creator. ls -l /var/mail (as root) chmod g+s /var/mail Then you have to add user mark to the mail group: (as root) adduser mark mail (effective upon next login) If you then start /usr/bin/archivemail as user mark (who as a member of the group "mail" has r/w access to all files in /var/mail/mark) it should have access to the files. > > It seems that if the mailbox is in the default out-of-the-box place then > archivemail can't use it properly. It seems like archivemail is > expecting my mailbox (its input) to be in a folder to which I will have > write access. It seems to me that a package should ship with default > assumptions that can be met by the other packages in the distro. > > Now, I have got away from the error by making /var/mail world-writable, > but I don't like that solution. Is there a better one? Will I have to > move my mailbox to a different location, eg my home directory, and if so > how do I safely do that in a way that won't break anything (I am using > exim4 and mutt and I don't know what other infrastructure might be > involved that would care, for example I keep hearing about something > called procmail but don't know if that is actually involved in handling > mail on my system) To see where the binary is located: echo $(which procmail) Yes, procmail is probably involved as Mail Delivery Agent (MDA), locally delivering the mail from the MTA (exim4) to your local mail account mark. You might check this setting in the appropriate exim4 conf file. My 2 cents Stephan
Re: Inclusion of devices in the Info.plist of ccid [was]Re: Pardonnez-moi [was Re: libccid's Info.plist update in Stretch removing Nitrokey Smartcard products?]
Hi Børge, Børge Holen: > Ludovic Rousseau said that? > As I understood it he deal with supported, supposed to work and unupported > list. > I see no reason why a couple of lines could not go in the same bunk as my > own cherry tc1300 lines > > > On Thu, Oct 20, 2016 at 1:06 PM, Stephan Beck > wrote: > >> Stephan Beck: >>> Hi Børge, >>> >>> Børge Holen: >>>> On 18 Oct 2016 16:19, "Stephan Beck" wrote: >>> >>>>> The only question then is why are the Nitrokey USB crypto sticks not >>>>> included in libbcid's Info.pList file? They showed up on the scene >> years >>>>> ago. >>>>> >>>>> But maybe that's a question that should be directed to the package >>>>> maintainer or "upstream" directly. >>>>> >>> >>>> >>>> I had the creator of the libccid add a smartcard reader a couple of >> years >>>> ago. Took a week or so before it landed in debians reposatories. >> Painfree >>>> process. I to added it manually before that. A cherry card reader if im >> not >>>> mistaken... >>> >>> Ah, I didn't know that it's that easy. Thanks for your info. I think >>> I'll give it a try. >>> >>> Cheers >>> >>> Stephan >> >> Well, Børge, it seems that I wasn't as lucky as you. I asked upstream to >> have Nitrokey included but he says that payment is needed for an >> inclusion in the list of supported readers, as this inclusion requires >> to pass a test suite that he has set up, and he does not do that for >> free (a very respectable decision). >> I deduce from that, that (even in your case) it have to be the >> makers/suppliers who have to be sufficiently interested in having their >> devices included in the list, i.e. interested to an extent that they pay >> for the required tests to be performed. >> >> Cheers >> >> Stephan Ludovic Rousseau IS the (main) author/developer of ccid/libccid driver package (1,2,3) - based partially on existing software of two other developers - the maintainer of Debian's libccid package and contributes to many other smart card driver related packages/projects, really impressive. He wrote that in order to have the Nitrokey tokens (or any other) included in the list of supported readers, he has to charge a fee, because the setting-up and performing of the tests is time-intensive (and I think that this is a legitimate reason). Aren't the list of supported readers and the content of the Info.plist file ( ) basically the same thing? That's what I thought. I received an email from him (well, excluding the possibility of a faked mail) in reply to a request I made. But, certainly I am not allowed to simply publish it on the list without his consent. Cheers Stephan (1) https://pcsclite.alioth.debian.org/ccid.html (2) https://alioth.debian.org/anonscm/git/pcsclite/CCID.git (3) https://www.openhub.net/accounts/LudovicRousseau (4) https://www.openhub.net/p/libccid
Inclusion of devices in the Info.plist of ccid [was]Re: Pardonnez-moi [was Re: libccid's Info.plist update in Stretch removing Nitrokey Smartcard products?]
Stephan Beck: > Hi Børge, > > Børge Holen: >> On 18 Oct 2016 16:19, "Stephan Beck" wrote: > >>> The only question then is why are the Nitrokey USB crypto sticks not >>> included in libbcid's Info.pList file? They showed up on the scene years >>> ago. >>> >>> But maybe that's a question that should be directed to the package >>> maintainer or "upstream" directly. >>> > >> >> I had the creator of the libccid add a smartcard reader a couple of years >> ago. Took a week or so before it landed in debians reposatories. Painfree >> process. I to added it manually before that. A cherry card reader if im not >> mistaken... > > Ah, I didn't know that it's that easy. Thanks for your info. I think > I'll give it a try. > > Cheers > > Stephan Well, Børge, it seems that I wasn't as lucky as you. I asked upstream to have Nitrokey included but he says that payment is needed for an inclusion in the list of supported readers, as this inclusion requires to pass a test suite that he has set up, and he does not do that for free (a very respectable decision). I deduce from that, that (even in your case) it have to be the makers/suppliers who have to be sufficiently interested in having their devices included in the list, i.e. interested to an extent that they pay for the required tests to be performed. Cheers Stephan
Re: Pardonnez-moi [was Re: libccid's Info.plist update in Stretch removing Nitrokey Smartcard products?]
Hi Børge, Børge Holen: > On 18 Oct 2016 16:19, "Stephan Beck" wrote: >> The only question then is why are the Nitrokey USB crypto sticks not >> included in libbcid's Info.pList file? They showed up on the scene years >> ago. >> >> But maybe that's a question that should be directed to the package >> maintainer or "upstream" directly. >> > > I had the creator of the libccid add a smartcard reader a couple of years > ago. Took a week or so before it landed in debians reposatories. Painfree > process. I to added it manually before that. A cherry card reader if im not > mistaken... Ah, I didn't know that it's that easy. Thanks for your info. I think I'll give it a try. Cheers Stephan
Pardonnez-moi [was Re: libccid's Info.plist update in Stretch removing Nitrokey Smartcard products?]
Hi, now I understand what might have happened. I guess that the Nitrokey USB token wasn't even included in the Info.plist file, and I probably had added those entries manually long time ago, about 9 months ago. This is the only explanation I can find for the result of the diff. So, the maintainer might excuse the fact that I was no longer aware of this. The only question then is why are the Nitrokey USB crypto sticks not included in libbcid's Info.pList file? They showed up on the scene years ago. But maybe that's a question that should be directed to the package maintainer or "upstream" directly. Cheers Stephan Stephan Beck: > Hi all, > > when I updated my Debian testing installation on Friday using sudo [...]
libccid's Info.plist update in Stretch removing Nitrokey Smartcard products?
Hi all, when I updated my Debian testing installation on Friday using sudo apt-get update and sudo apt-get upgrade, a note made by what appears to be the libccid package maintainer was displayed, on the need to update its /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist file. When I looked at the diff, there were several new smartcard items added, but there were only 4 items removed from the Info.plist file (being marked as "-"), all belonging to the Nitrokey smartcard products. There wasn't any other explanatory note. I did not update and continued with the update of the rest of the packages. So, why were those items/entries identifying Nitrokey smartcards (Nitrokey Pro, Nitrokey storage, etc.) removed from the updated file? Can anybody else confirm that their file got updated in that way? Thanks in advance Stephan
Re: Automated install entry menu of Debian installer does not ask pressed file path / url
Hi, John Gathm: > Hi > > just not running anything. > Just discovering that a behavior of previous Debian installer is either > broken or has been removed, and asking if others see the same behavior. > > Will report a bug. > > J.G well, I gave you the info so that you were able to see that the documentation is *aware of the fact* that from wheezy installer to jessie installer things have changed, and therefore it's probable that you run into issues here. You are always free to file a bug, but you can also check if there has been a documented change in (1), that might affect your installation process. Quote: 3.1.2. Automated installation Some changes mentioned in the previous section also imply changes in the support in the installer for automated installation using preconfiguration files. This means that if you have existing preconfiguration files that worked with the wheezy installer, you cannot expect these to work with the new installer without modification. The Installation Guide (https://www.debian.org/releases/jessie/ installmanual) has an updated separate appendix with extensive documentation on using preconfiguration. It was Section 3.1.2 of Jessie's release notes, not 3.2, as I erroneously stated in my previous mail. Cheers, Stephan (1) https://www.debian.org/devel/debian-installer/News/
Re: Automated install entry menu of Debian installer does not ask pressed file path / url
Hi John, John Gathm: > hello, > > As strange as it may sound, the "automated install" entry of the Debian > installer CD seems to be broken on Jessie. > When I select "automated install" in the boot menu I am not prompted (after > the usual network setup ) with the dialog to enter pressed file path/url. > This happens in VirtualBox or on real hardware, either in BIOS or UEFI mode. > This works fine with wheezy installer. > Anyone met the same issue ? Instead of guessing what might be the issue here: Have you read section 3.2 of the jessie release notes (1)? Have you read the Appendix B (especially B.1.1.)of the install doc available for Jessie (2)? Maybe you can find the solution to your specific problem there. Guesses: you are running automated install with debconf priority critical and, as a consequence, this question is being (deliberately) omitted. you are already using preseed via initrd which is loaded directly at the beginning of the install process and thus are waiting in vain for the prompt to appear. But I don't like guessing without more info so I refer you to the docs. Cheers Stephan (1)https://www.debian.org/releases/jessie/releasenotes (2)https://www.debian.org/releases/jessie/installmanual
Re: Best Ultrabook for Debian
Hi Hörmetjan, Hörmetjan Yiltiz: > Hi all, > > I am aware of the h-node project, as well as the linux-desktop, and the > Debian's hardware wiki page. However, they are not quite specific about > Ultrabooks at all. > > Ultrabooks are arguably the trend in PCs (if not cellphones), and we all > aim for lighter and better hardware. I would like to be able to: bull the > ultrabook directly from within US (preferably through Internet), install > (or pre-installed) Debian testing and all the necessary *free* hardware > drivers and firmwares, and use every hardware that comes with it (wireless > card, graphics, touch-screen, touchpad etc.) to the extent that the > manufacturer supports (for other platforms). > > Is there such a ultrabook model yet? If so, what are our models that allow > us to use (as much) free software to get the best user experience? something like that? Eveń if they don not run Debian (or maybe it's possible, but I don't know), but have a strong focus on libre hardware/software, maybe it's worth checking out https://shop.libiquity.com/product/taurinus-x200 (US) https://minifree.org/product/libreboot-x200/ (outside US) Cheers, Stephan
[SOLVED ]Re: Issues with SSH pubkey authentication at remote server
Hi, to...@tuxteam.de: > On Wed, Sep 28, 2016 at 08:36:00AM +0000, Stephan Beck wrote: >> Hi Lars, > >> Lars Noodén: >>> On 09/27/2016 06:07 PM, Stephan Beck wrote: >>>> Lars Noodén: >>>>> On 09/27/2016 02:02 PM, Stephan Beck wrote: >>>>> Can you tell more about how your login session is started? >>>> >>>> I connect to the "local ssh account" by ssh from my other user account. >>> >> [...] [...] > Yes. It depends. If you're typically using X as your environment > (perhaps via some desktop thing: in your case it seems to be LXDE), > then the first go to is your desktop thing's session management. > > This way all consoles you start will inherit the "coordinates" of > the agent (in the form of the shell variables SSH_AGEN_PID, > SSH_AUTH_SOCK and perhaps others I forget). With no desktop environ > (plain X), X session management (see /etc/X11/XSession.d for > Debian; there is a 90x11-common_ssh-agent for that). Otherwise > you have to cook up something in your ~/.profile which looks > whether there's an agent around and set it up when no. In a nutshell > > > - using a DE: your DE's session management > - X without DE: X session management > - naked console: .login, .profile (or .bash_profile, .bash_login) Thanks, Tomás. I'll think about what might be the best solution for me. Configuring LXDE-Startup applications is maybe the best (and easiest) solution, whereas adapting ~/.profile I'd be forced to train my console skills, although that would mean that it only affects this specific user account. Cheers, Stephan I put SOLVED in the subject line, because the "real" issue, the pubkey authentication at the remote server is working fine now.
Re: Issues with SSH pubkey authentication at remote server
Hi Lars, Lars Noodén: > On 09/27/2016 06:07 PM, Stephan Beck wrote: >> Lars Noodén: >>> On 09/27/2016 02:02 PM, Stephan Beck wrote: >>> Can you tell more about how your login session is started? >> >> I connect to the "local ssh account" by ssh from my other user account. > [...] > You need a way for your "local ssh account" to start and use an agent. > I'm not sure of the optimal way for you. Perhaps something in .bashrc? > Others here know more about the shells than I. Or in .profile. But I am not really sure about the exact syntax to use (this if/then "thing"). I still have to get familiar with that. I just checked in LX Session Configuration that the ssh-agent is configured as -->Core applications but disabled in --> Autostart. So there is another program/process/script that has to be launching the ssh-agent, because I find it twice in the process list when I login to my "normal" user account. I'm shivering :-) I'll keep you informed. Thanks again. Stephan
Re: Issues with SSH pubkey authentication at remote server
Hi Lars, Lars Noodén: > On 09/27/2016 02:02 PM, Stephan Beck wrote: >> Hi Lars, >> >> Lars Noodén: >>> On 09/26/2016 05:46 PM, Stephan Beck wrote: [sorry for trimming] >> I've tried again and detected the following: >> No agent is started when I login to the "local ssh user account". > > It is the one that should be running under your local account that is of > relevance, or at least should be. How are you logging in to your "local > ssh user account" there? [...] >Can you tell more about how your login session is started? I connect to the "local ssh account" by ssh from my other user account. Now I've tried it several times always repeating this eval $(ssh-agent) ssh-add /path/to/key ssh-add -L (for checking) procedure and I do not have to enter the passphrase for this session. >From my point of view I do not need to have the same env in the "local ssh account" as I have in the other account. Thanks Stephan
Re: Issues with SSH pubkey authentication at remote server
Hi Lars, Lars Noodén: > On 09/26/2016 05:46 PM, Stephan Beck wrote: >> ... it might >> not be necessary to fire it up with eval $(ssh-agent). >> Thanks for the command, makes it more easy. > > No problem. If you want to see which keys are available to ssh, you can > use ssh-add for that: > > ssh-add -L > > It has to be run in the same shell as you would then run ssh. > > That will list the public key matching the private key which has > actually been loaded into the available agent. But that availability > might be the issue here, as with the earlier message, I am still > wondering if ssh is finding the "right" agent. I've tried again and detected the following: No agent is started when I login to the "local ssh user account". I have to do eval $(ssh-agent) --> for every single session ssh-add /path/to/key ssh-add -L (outputs the key) Then I connect to the remote server and it works without having to type a passphrase. Gee! The fact that there are two ssh-agents under my other user account, one with the -s option, the other exits with LX session, is still under investigation :-) Thanks Stephan
OpenSSH security update? was Re: Issues with SSH pubkey authentication at remote server
Hi, [UPDATE] Stephan Beck: > Hi Mark, > > Mark Fletcher: >> On Mon, Sep 26, 2016 at 02:52:00PM +, Stephan Beck wrote: >>> Hi Lisi, >> >>> If you look at the second line of the terminal output I reproduced, you >>> find that the openssl component in use within the package openssh Debian >>> Jessie is one step behind. "Standalone" OpenSSL package is now at >>> version 1.0.1t-1+deb8u5 since September 23. >>> >>>> me@mymachine:~/.ssh$ ssh -vv me@theremoteserver >>>> OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016 >>> >> Yeah there was a Debian security advisory last week with a security >> patch for OpenSSL. I thought the fix was already in place, certainly I >> got an update for OpenSSH when I updated on Sunday. > > I didn't receive any update of the OpenSSH package in the past days. > Such update would usually be communicated issuing a DSA urging people to > upgrade, wouldn't it? And I'm subscribed to the DSA. > Just checked and as latest I upgraded the libarchive package. not even activating deb-src (security) and deb-src (ftp.xx.debian.org) Sources apt-get update apt-get upgrade results in any OpenSSH package being updated. In packages.debian.org I see a sources patch that can be manually downloaded and applied. But nothing you "get", as you say. So, am I right? It is not included in the .deb sources that are accessible (provided there is the entry in apt-sources.list) using the above apt commands. Cheers Stephan
Re: Issues with SSH pubkey authentication at remote server
Hi Dan, Dan Purgert: > Stephan Beck wrote: >> Dan Purgert: >>> Mark Fletcher wrote: >>>> If I'm reading the above right, it looks like the server is offering an >>>> rsa key to authenticate itself, but won't accept rsa to authenticate the >>>> client. Which is a bit cheeky. >>> >>>> You may need a key created with a stronger method, such as ecdsa or >>>> ed25519. >>> >>> Could even be as simple as he sent a /different/ key across (e.g. he >>> sent "home-key.pub", which corresponds to "home-key_rsa" rather than >>> "id_rsa"). >>> >> No. I wrote that I /checked/ the public key copied to the server after >> having copied it to the server's ~/.ssh directory. I edited it with a >> text editor and compared it with the one I have in local ~/.ssh > > > I think you misunderstood what I was saying. I was supposing that you > copied a valid (yet "incorrect") key to the remote server, or tried to > authenticate with the wrong private key. It was the correct and valid public key. It seems that the agent actually is authenticating with the wrong private key. But, fair to say, that's something you didn't mention in your first message. > > For example, I have in my user's .ssh/ directory: > > id_rsa -> symlink to home_lan_rsa > VPS_id_rsa -> private key for uploading to a VPS > home_lan_rsa -> private key for use on my LAN. > > Assuming that I copied the right public key to the VPS, if I run the > command "ssh me@vps", it'll fail, because ssh by default tries to > authenticate with "id_rsa". _FIX:_ change the ssh command to "ssh -i > .ssh/VPS_id_rsa me@vps" Well, I only have one single pubkey on this local user "ssh" account I'm talking about. Cheers Stephan
Re: Issues with SSH pubkey authentication at remote server
Hi Mark, Mark Fletcher: > On Mon, Sep 26, 2016 at 02:52:00PM +0000, Stephan Beck wrote: >> Hi Lisi, > >> If you look at the second line of the terminal output I reproduced, you >> find that the openssl component in use within the package openssh Debian >> Jessie is one step behind. "Standalone" OpenSSL package is now at >> version 1.0.1t-1+deb8u5 since September 23. >> >>> me@mymachine:~/.ssh$ ssh -vv me@theremoteserver >>> OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016 >> > Yeah there was a Debian security advisory last week with a security > patch for OpenSSL. I thought the fix was already in place, certainly I > got an update for OpenSSH when I updated on Sunday. I didn't receive any update of the OpenSSH package in the past days. Such update would usually be communicated issuing a DSA urging people to upgrade, wouldn't it? And I'm subscribed to the DSA. Just checked and as latest I upgraded the libarchive package. Cheers Stephan
Re: Issues with SSH pubkey authentication at remote server
Hi Lars, Lars Noodén: [...] > ssh-add -L > > It has to be run in the same shell as you would then run ssh. > > That will list the public key matching the private key which has > actually been loaded into the available agent. But that availability > might be the issue here, as with the earlier message, I am still > wondering if ssh is finding the "right" agent. OK. I've successfully established ssh connection via pubkey auth, which did not work because I thought I had to ssh-copy-id it in ~/.ssh whereas it has to be placed in /.ssh. BUT -- debug1: Offering [key_cipher_type] public key: ~/.ssh/[key_cipher_type] debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg [key_cipher_type] [...] debug2: input_userauth_pk_ok: fp xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx debug1: key_load_private_type: incorrect passphrase supplied to decrypt private key Enter passphrase for key '~/.ssh/[key_cipher_type]': debug1: Authentication succeeded (publickey). -- I had to type the correct passphrase. Something is going wrong, your doubts are confirmed. I still have to check the fingerprint. There are three agents running after logging into my "local ssh account" and executing pgrep -lf ssh-agent Two running under another user account and the one running under my "local ssh account" (i.e. from where I establish ssh connection to the remote server) *BUT* me@localsshaccount:~$ ssh-add -L Could not open a connection to your authentication agent Well, it's late and I will further investigate it tomorrow, but any comments on how to make sure that ssh-agent selects the correct passphrase/private key (automatically) appreciated. Cheers Stephan
Re: Issues with SSH pubkey authentication at remote server
Hi Mark, Mark Fletcher: > On Mon, 26 Sep 2016 at 19:22, Stephan Beck wrote: > >> If I'm reading the above right, it looks like the server is offering an > rsa key to authenticate itself, but won't accept rsa to authenticate the > client. Which is a bit cheeky. > > You may need a key created with a stronger method, such as ecdsa or > ed25519. Thanks. You may be more experienced than me interpreting the ssh communication. Which are the signs/symbols that tell one that this line corresponds to what the server says whereas that other line is the client's turn. Are there any or is it just experience/contextual heuristics? Thanks for the key cipher's advice. Maybe I should use that elliptic curve one, as it is the latest on the scene and is stronger. Cheers, Stephan
Re: Issues with SSH pubkey authentication at remote server
Hi Lisi, Lisi Reisz: > On Monday 26 September 2016 12:48:00 Stephan Beck wrote: >> Well, I better rephrase because that was a bit misleading! >> >> I pray for the OpenSSH package being patched >> soon in Jessie with respect to its OpenSSL component! > > Could you explain why "openssl regression update" is not at least > part > of the OpenSSL component? (Though I can see it might be the wrong bit of the > component, and not what you were meaning.) > If you look at the second line of the terminal output I reproduced, you find that the openssl component in use within the package openssh Debian Jessie is one step behind. "Standalone" OpenSSL package is now at version 1.0.1t-1+deb8u5 since September 23. > me@mymachine:~/.ssh$ ssh -vv me@theremoteserver > OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016 Cheers, Stephan
Re: Issues with SSH pubkey authentication at remote server
Hi Lars, Lars Noodén: > On 09/26/2016 01:18 PM, Stephan Beck wrote: >> ... >> Before establishing connection for the first time I did >> >> eval $(ssh-agent) >> PID >> ssh-add ~/.ssh/id_rsa >> >> But it seems that the ssh-agent does not really authenticates to the >> remote server and as a fallback password auth is selected. (I anonymized >> the output below.) So, pubkey authentication is not working :-( > > Are you running the SSH client in the same shell as you have run eval? > Also, the desktop environment is often set up so that it is launched > under an agent already. So how many agents do you have running? > > pgrep -lf ssh-agent I made sure that only one ssh-agent was running (under this user account) by using top package and killing one more that ran with the same account's user rights. So, I guess you were right, that it might not be necessary to fire it up with eval $(ssh-agent). Thanks for the command, makes it more easy. Cheers, Stephan
Re: Issues with SSH pubkey authentication at remote server
Hi, Dan Purgert: > Mark Fletcher wrote: >> If I'm reading the above right, it looks like the server is offering an >> rsa key to authenticate itself, but won't accept rsa to authenticate the >> client. Which is a bit cheeky. > >> You may need a key created with a stronger method, such as ecdsa or >> ed25519. > > Could even be as simple as he sent a /different/ key across (e.g. he > sent "home-key.pub", which corresponds to "home-key_rsa" rather than > "id_rsa"). > No. I wrote that I /checked/ the public key copied to the server after having copied it to the server's ~/.ssh directory. I edited it with a text editor and compared it with the one I have in local ~/.ssh Cheers, Stephan
Re: Issues with SSH pubkey authentication at remote server
Well, I better rephrase because that was a bit misleading! I pray for the OpenSSH package being patched soon in Jessie with respect to its OpenSSL component! Lisi Reisz: > On Monday 26 September 2016 11:18:00 Stephan Beck wrote: > [snip] >> NOTE: I pray for the OpenSSL version OpenSSH ships with being patched >> soon in Jessie! > > Is this what you are meaning? > https://lists.debian.org/msgid-search/e1bnwuv-000727...@master.debian.org Cheers, Stephan
Issues with SSH pubkey authentication at remote server
Hi, I have successfully uploaded my SSH public key to the authorized_keys file in ~/.ssh on the remote server using ssh-copy-id. I connected using password authentication to check whether it really is the correct key there and it is. Permissions are ok. Public key authentication is the first (in order and priority) of several auth methods that the server offers. But as to the output below something is not working with the submission of the secret part of the key (well, the proof of being in possession of it) by the ssh-agent. Before establishing connection for the first time I did eval $(ssh-agent) PID ssh-add ~/.ssh/id_rsa But it seems that the ssh-agent does not really authenticates to the remote server and as a fallback password auth is selected. (I anonymized the output below.) So, pubkey authentication is not working :-( Can anyone tell me what's going wrong, especially this debug1: Offering RSA public key: ~/.ssh/id_rsa debug2: we sent a publickey packet, wait for reply ... debug2: we did not send a packet, disable method Any hints welcome. Stephan --- me@mymachine:~/.ssh$ ssh -vv me@theremoteserver OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to theremoteserver [IPaddress_remoteserver] port 22. debug1: Connection established. [debug messages concerning type 1 keys, snipped] debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u6 debug1: match: OpenSSH_6.0p1 Debian-4+deb7u6 pat OpenSSH* compat 0x0400 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received [debug messages concerning ciphers, snipped] debug1: Server host key: RSA [server_host_key] debug1: Host 'theremoteserver' is known and matches the RSA host key. debug1: Found key in ~/.ssh/known_hosts:4 debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: ~/.ssh/id_rsa (0x1cpt789b66z1), debug2: key: ~/.ssh/id_dsa ((nil)), debug2: key: ~/.ssh/id_ecdsa ((nil)), debug2: key: ~/.ssh/id_ed25519 ((nil)), debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering RSA public key: ~/.ssh/id_rsa debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Trying private key: ~/.ssh/id_dsa debug1: Trying private key: ~/.ssh/id_ecdsa debug1: Trying private key: ~/.ssh/id_ed25519 debug2: we did not send a packet, disable method debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1 Password: NOTE: I pray for the OpenSSL version OpenSSH ships with being patched soon in Jessie!
Re: sending authorized_keys to localhost from an account being created with adduser --disabled-password [was] Re: Need a tutorial
Hi Greg and Tomás (one mail for all to limit the load of this thread on the list) :-) Greg Wooledge: > On Fri, Sep 23, 2016 at 12:31:00PM +0000, Stephan Beck wrote: [...] > As user root: > > stephan@hostname:~$ sudo mkdir -p ~test/.ssh > stephan@hostname:~$ sudo sh -c 'cat ~stephan/.ssh/id_rsa.pub >> > ~test/.ssh/authorized_keys' > stephan@hostname:~$ sudo chown test ~test/.ssh ~test/.ssh/authorized_keys > stephan@hostname:~$ sudo chmod 700 ~test/.ssh > stephan@hostname:~$ sudo chmod 600 ~test/.ssh/authorized_keys I only had to perform command #2, and I ran it from a root shell. I did the connection test, and it worked fine, but only after an ssh restart. Without it, the output was "Permission denied (publickey)" Command #1 wasn't necessary as ~/test/.ssh had automatically been created when running ssh-keygen. The permission had already been changed to its secure values. At least, I came across dash's manpage while trying to understand what the command actually does! Thanks a lot. > to...@tuxteam.de: > You cannot log into test without superpowers, but you have to modify its > ~/.ssh/authorized_keys. That means you *need* superpowers. For example > > sudo -s # or similar > cat ~steph/.ssh/id_rsa.pub >> ~/test/.ssh/authorized_keys > chown test:test ~/test/.ssh/authorized_keys > exit Ran command #2 from a root shell, did the connection test and it worked, without having to restart ssh. By the way, when I logged in via ssh (to *test*) now I was greeted by "Last login [time of my connection attempt]from localhost". So, I understand that I had logged into *test* via su - test and then had connected to *test* (from *test*) via localhost using ssh! Is this interpretation correct? Thanks to both of you again. Stephan
Re: sending authorized_keys to localhost from an account being created with adduser --disabled-password [was] Re: Need a tutorial
Thank you very much, Tomás. to...@tuxteam.de: > On Fri, Sep 23, 2016 at 12:31:00PM +0000, Stephan Beck wrote: >> Hi >> to...@tuxteam.de: >>> On Thu, Sep 22, 2016 at 03:35:00PM +, Stephan Beck wrote: [...] >> I have created a new user account with >> adduser --disabled-password >> What do I want to do? >> I'd like to login to this account "test" from my normal user account by >> ssh via pubkey authentication. My (normal) user account has its keys >> generated and properly deposited on localhost. I logged into the account >> "test" via su - test, creating a keypair. Fine. > > Hang on: your new account (test( doesn't need a keypair. It's your regular > account which needs one (and has one already). You want to log in *from* > your regular account (let's call it "seph" for now) *to* test, right? There are two things here: I had in mind to login from my user account via ssh to the test account (just to be able to (completely) ssh inside my machine [for training purposes] and, on the other hand, to ssh towards the outside (see next sentence) as well. As to the "outside" part, from the test account I want to login as client to a remote server and because of that this test account needs a key pair, too. Yes, I know it has to be deposited on that server, but, again, at the moment of this thread I still am with (setting up) sshing inside my machine. > > Then it's *steph* who has to have a keypair and *test* who has to have > *steph*'s public key included in its ~/.ssh/authorized_keys: > > > *steph* *test* > .ssh/ .ssh/ >id_rsaauthorized_keys >id_rsa.pub ^ >\ | > -- add ---´ > > > The background is that now *steph* can prove to *test* that he has the > right secret key (without disclosing it). OK, I got it, concerning sshing inside my machine. I got confused here as I remembered that when I had a normal user account (with wheezy) and a chroot environment (with debian sid installed) on the same machine I could login from one to the other and vice versa via localhost using ssh (well, if I remember correctly). It's different, for sure, but it confused me. > [...] > You cannot log into test without superpowers, but you have to modify its > ~/.ssh/authorized_keys. That means you *need* superpowers. For example > > sudo -s # or similar > cat ~steph/.ssh/id_rsa.pub >> ~/test/.ssh/authorized_keys > chown test:test ~/test/.ssh/authorized_keys > exit But once my user's (in your terminology, steph's) public key is in the test account's authorized_keys file, user steph can login without superpowers, by presenting the private part of the key (well ssh-agent does it, if I understand things correctly), can't I? My great mistake was to think that localhost, although being on the same machine, acts as a somewhat separated server and for that reason the public keys of all users have to be deposited physically, in a sort of directory structure within localhost (not in the user's directory),as it is the case on a remote server. But, as Greg made very clear, I'm already on the same machine. That was the conceptual mistake I made. > > (the chown just in case authorized_keys didn't exist before). Well, I have, i.e. had created an authorized_keys with the dd command. It's there and it contains the public key. > [,,,] > Either you give this new user a password (temporarily) or you have to > be able to write to its .ssh directory by other means. One of those > means is by becoming root (as sketched above). There are others, like > > - adding yourself to this new user's group and making sure > its ~/.ssh/authorized_keys is group writable (feels somewhat > uncomfortable, though) Uh! No way. > > - creating the user's home directory from a prepared skeleton > already containing an "authorized_keys" as you need it Ah, that would be fine, but I guess, this time it has to be the hard way, by typing, without prepared skeletons. I have to make a break and then I will try to get it done. Thanks again. Stephan
Re: sending authorized_keys to localhost from an account being created with adduser --disabled-password [was] Re: Need a tutorial
Stephan Beck: > Thanks, Greg. I trimmed your message just to let you know that it does > not work. To be clear: after having found my solution I did your test (only the test reproduced at the end of your message) and my solution does not work. Thanks Stephan
Re: sending authorized_keys to localhost from an account being created with adduser --disabled-password [was] Re: Need a tutorial
Thanks, Greg. I trimmed your message just to let you know that it does not work. Greg Wooledge: > On Fri, Sep 23, 2016 at 12:31:00PM +0000, Stephan Beck wrote: > As user stephan, to test that it works: > > stephan@hostname:~$ ssh test@localhost id > > If your username isn't actually "stephan", substitute accordingly. me@mymachine:~$ sudo service ssh restart me@mymachine:~$ ssh xb1158@localhost id Permission denied (publickey). I now will read carefully your (and the other messages sent in reply) and will give a more thorough reply in a while. When I send my messages, I send them and do not read the answers (arrived in the meantime) first, so please do not think that I'm not interested in them. Many thanks. Stephan
Re: RESOLVED Re: sending authorized_keys to localhost from an account being created with adduser --disabled-password [was] Re: Need a tutorial
Hi, Stephan Beck: > Hi > > Stephan Beck: >> Hi >> >> to...@tuxteam.de: >>> On Thu, Sep 22, 2016 at 03:35:00PM +, Stephan Beck wrote: >>> >>> > >> How do I get this public key onto localhost? > > No need to reply, I'll send the answer to document my solution within > minutes. Solution (feel free to comment) #setting password authentication to no root@mymachine nano /etc/ssh/sshd_config root@mymachine:~# su - test test@mymachine:~/.ssh$ chmod 600 authorized_keys test@mymachine:~/.ssh$ dd if=id_rsa.pub of=authorized_keys [test@mymachine:~/.ssh$ ssh localhost 'cat >> .ssh/authorized_keys'] test@mymachine:~/.ssh$ ssh -v test@localhost [..many debug1 messages] Enter passphrase for key /home/test/.ssh/id_rsa.pub': debug1: Authentication succeeded (publickey). Authenticated to localhost ([127.0.0.1]:22). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessi...@openssh.com debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = de_DE.UTF-8 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. test@mymachine:~$ I think the one put in square brackets by me is redundant, isn't it? I remember that the system hung for a moment and I did a CTRL-C to abort, and proceeded with the next command, and then always used the -v option. How did I find it? I remembered that somewhere in the manpages (not sure) there was a reference to better make use of dd to copy, and I just tried. Have a nice weekend! Stephan
RESOLVED Re: sending authorized_keys to localhost from an account being created with adduser --disabled-password [was] Re: Need a tutorial
Hi Stephan Beck: > Hi > > to...@tuxteam.de: >> On Thu, Sep 22, 2016 at 03:35:00PM +, Stephan Beck wrote: >> >> > How do I get this public key onto localhost? No need to reply, I'll send the answer to document my solution within minutes. Stephan
sending authorized_keys to localhost from an account being created with adduser --disabled-password [was] Re: Need a tutorial
Hi to...@tuxteam.de: > On Thu, Sep 22, 2016 at 03:35:00PM +0000, Stephan Beck wrote: > > >> to...@tuxteam.de: > > [mumble] > >>> This is the bird's view. Ask if you get stuck. > > >> Sorry, Tomas, it's not Gene, it's me who has a special question > > No need to be sorry :-) Fine! :-) > > But I see you found a solution and other chimed in with sage advice. > Well, I have another one :-), a question, not a solution yet. I have created a new user account with adduser --disabled-password What do I want to do? I'd like to login to this account "test" from my normal user account by ssh via pubkey authentication. My (normal) user account has its keys generated and properly deposited on localhost. I logged into the account "test" via su - test, creating a keypair. Fine. How do I get this public key onto localhost? I mean, I can create an authorized_keys file manually, copying the public key into this authorized_keys file, but it's still in the user's directory where it has been generated, it needs to be sent (or get somehow) to localhost. I have tried: test@mymachine cat .ssh/id_rsa.pub | ssh localhost 'cat >> .ssh/authorized_keys' But it's asking me a password. There is none. If I disable Password Authentication in sshd_config, and then try to send it to localhost, it fails with something like "denied access publickey required". No mystery at all, because this very public key is being sent to localhost in this very moment and can't be used in the same act for authentication purposes. I've been reading a bunch of related docs in the man pages, debian wiki, in the exquisite and very readable Debian Administrator's Handbook by Raphael Mas and Raphaël Hertzog, and other linux ssh documentation. I can't find my specific use case and I'm stuck. Any hints (also from other people) welcome. Stephan on Debian-Jessie
Re: Need a tutorial
Hi, Thomas Schmitt: > Hi, > > Greg Wooledge wrote: >> From whichever shell he was using to >> run adduser, he should also be able to run sudo -u test bash. > > Ah yes. This works. (One just has to accomodate to the idea of the > superuser running sudo ...) Yes, Greg and Thomas, I've just tried sudo -u test bash and it definitely works. Thanks Stephan
Re: Need a tutorial
Hi, Thomas Schmitt: > Hi, > > Greg Wooledge wrote: >> From whichever shell he was using to >> run adduser, he should also be able to run sudo -u test bash. > > Ah yes. This works. (One just has to accomodate to the idea of the > superuser running sudo ...) Yes, Greg and Thomas, I've just tried sudo -u test bash and it definitely works here as well. Thanks Stephan
Re: Need a tutorial
Hi, Thomas Schmitt: > Hi, > > Stephan Beck wrote: >> How can you access this new account to generate an ssh key pair there? > [sorry for trimming] > Greg Wooledge wrote: >> sudo -u test bash > > Does not work for me (at least not out of the box): > > $ sudo -u test_user bash > [sudo] password for thomas: > Sorry, user thomas is not allowed to execute '/bin/bash' as test_user on > [...] > $ > Yes, I was running adduser from the root console, as Greg assumed. So, I saw/see no reason running sudo from the root console. In fact, I put a # directly preceeding the generic SUDO (ALL) ALL etc. entry in /etc/sudoers, granting determined rights only to specific users. (I don't know if this affects sudo's overall behaviour). At least, it's more work having to insert additional rights in /etc/sudoers for "test" (in order to do a sudo), if I just want to ssh-keygen, ssh-copy-id and then deactivate password authentication in sshd_config once again (to go for pubkey auth). Thanks for your additional comments. Stephan
Re: Need a tutorial
Thanks, Greg. Greg Wooledge: > On Thu, Sep 22, 2016 at 03:35:00PM +0000, Stephan Beck wrote: >> Sorry, Tomas, it's not Gene, it's me who has a special question >> concerning ssh. >> If you create a new user account ("test"), doing as root >> adduser --disabled-password test >> >> How can you access this new account to generate an ssh key pair there? > > Install sudo if you haven't already. Then: > > sudo -u test bash > > Or if you don't want a whole shell: > > sudo -u test ssh-keygen [options] > > The su program is not as useful for this kind of task, because it > insists on launching the target user's shell, which in some cases is > not a useful interactive command shell (e.g. /bin/false). sudo does > not have this restriction. > In my case all users have /bin/bash, so there's no problem. Thanks. Stephan
Re: Need a tutorial
I resolved it. I have to type (as root) su - test and the prompt changes. Stephan Stephan Beck: > > > to...@tuxteam.de: >> On Wed, Sep 21, 2016 at 10:18:55AM -0400, Gene Heskett wrote: > Sorry, Tomas, it's not Gene, it's me who has a special question > concerning ssh. > If you create a new user account ("test"), doing as root > adduser --disabled-password test > > How can you access this new account to generate an ssh key pair there? > I cannot login to the account selecting "test" as user in the login > screen on system startup, it's deactivated. > I cannot try accessing it by ssh because I need to generate a key pair > first. Could one generate a key pair for "test" from another account? > > If I try > ssh test@localhost > ssh: connect to host localhost port 22: Connection refused > > or, temporary enabling password authentication for a moment in > sshd_config, it prompts for a password (that has never been created > because of the --disabled-password option, see above). > > Or, what am I missing? > > Thanks in advance. > > Stephan > > I also read the doc you linked to in your other message of this thread, > but I cannot find my use case. > >
Re: Need a tutorial
to...@tuxteam.de: > On Wed, Sep 21, 2016 at 10:18:55AM -0400, Gene Heskett wrote: >> Greetings all, Dr Klepp in particular; > >> Where can I get a tut on doing the ssh keyfile login, and where can I >> find a tutorial that is essentialy what Dr. Klepp had me do about a year >> back that made these 3 commands in my rc.local file Just Work: > > Basically: > > 1. you need a keypair. Unless you have it already, you generate one > with ssh-keygen. There, you have the choice to let it use the default > file name (typically, ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub or similar, > depending on the key type) and whether you want the private key > protected by a passphrase (recommended, but you have to unlock it > either with ssh-add or whatever mechanism your desktop environment > has for you). > > 2. you copy the public part to the ~/.ssh/authorized_keys of the server's > user you want to log into -- there's the handy "ssh-copy-id" for that. > From the client > > ssh-add # if not done already > ssh-copy-id user@server # enter for one last time user's password there > > This is the bird's view. Ask if you get stuck. > Sorry, Tomas, it's not Gene, it's me who has a special question concerning ssh. If you create a new user account ("test"), doing as root adduser --disabled-password test How can you access this new account to generate an ssh key pair there? I cannot login to the account selecting "test" as user in the login screen on system startup, it's deactivated. I cannot try accessing it by ssh because I need to generate a key pair first. Could one generate a key pair for "test" from another account? If I try ssh test@localhost ssh: connect to host localhost port 22: Connection refused or, temporary enabling password authentication for a moment in sshd_config, it prompts for a password (that has never been created because of the --disabled-password option, see above). Or, what am I missing? Thanks in advance. Stephan I also read the doc you linked to in your other message of this thread, but I cannot find my use case.
Re: SMTP relay issue with emails to specific domain
Hi Daniel, Daniel Bareiro: > > On 08/09/16 13:56, Daniel Bareiro wrote: > >> I recently set up an relay SMTP server on a host of Digital Ocean, using >> Debian and Postfix. >> >> The main reason for setting up this relay is that the cPanel VPS is >> hosted at Godaddy, and they force everyone to send email through their >> shared SMTP relay. As expected, that shared relay is continually being >> flagged for spam. >> >> So the outgoing emails are routed through this server. Usually >> everything worked smoothly. Mails to accounts on Google, Yahoo, Hotmail >> and other servers are delivered. But I found a problem with a specific >> domain: >> >> --- >> Sep 7 14:36:11 smtp postfix/smtp[8036]: 5EAA520AAD: >> to=, relay=lkeusa.com[50.87.144.56]:25], delay=13, >> delays=0.91/0.06/6.1/5.9, dsn=5.0.0, status=bounced (host >> lkeusa.com[50.87.144.56] said: 550-Please turn on SMTP Authentication in >> your mail client, or login to the 550-IMAP/POP3 server before sending >> your message. smtp.server.com 550-[x.y.z.t]:41988 is not permitted to >> relay through this server 550 without authentication. (in reply to RCPT >> TO command)) >> --- >> >> I'm not sure why this specific domain is complaining in this way. I think it's because it requires SMTP authentication, whereas apparently the other servers you mention don't (mails are delivered). Have you checked if the mail client's option mail.smtpserver.default.authMethod is set to 0, which means there is no SMTP authentication at all. That could explain the issue. For a list of methods, see (1) Looking at exim's server ready 220 response below, it does not like people to send spam or bulk email. The 550 return code means that the mailbox you are trying to reach can't be found or you are lacking access rights. In your case it's the latter, as the server response indicates. (1) http://www.afterlogic.com/mailbee/docs/SMTP_props_AuthMethod.htm Stephan [...] > > Well, it seems that in the absence of an MX record, Postfix uses the A > record that it find by querying that domain and in that IP address an > Exim server responds: > > --- > # telnet lkeusa.com 25 > Trying 50.87.144.56... > Connected to lkeusa.com. > Escape character is '^]'. > 220-gator3037.hostgator.com ESMTP Exim 4.86_1 #1 Thu, 08 Sep 2016 > 12:15:19 -0500 > 220-We do not authorize the use of this system to transport unsolicited, > 220 and/or bulk e-mail. > --- >
Re: [xfce] - power management
Hi Herbert, I don't have XFCE installed, and I don't have a solution to your problem right now, but have you checked if your /etc/systemd/logind.conf file has the option #HandleHibernateKey=hibernate uncommented? Does your window manager handle this type of ACPI event(s) now? /usr/bin/xfce4-power-manager Does acpid handle those events? Check the scripts in /etc/acpid/events and section Troubleshooting on acpid's man page. Stephan Herbert Fortes: > Hi, > > I switched from gnome to xfce because the notebook > can not run gnome and pycharm at the same time. > > I am facing problems with power management. Suspend > works is I click on the button. Hibernate does not > seems to work properly because I see a lot of 'OK' > when I notebook wakes up. > > > I tried to config policykit without success. I put a > .pkla file in /etc/polkit-1/localauthority/50-local.d/ > about suspend and hibernate: > > Identity=unix-user:* > Action=org.freedesktop.X.X > ResultActive=yes > > X can be upower|login1 and suspend|hibernate. The > message asking a password says login1. > > I also tried putting a file in /usr/share/polkit-1/rules.d/ > with: > > polkit.addRule(function(action, subject) { > if (action.id == "org.freedesktop.login1.suspend" || > action.id == "org.freedesktop.login1.suspend-multiple-sessions" || > action.id == "org.freedesktop.login1.hibernate" || > action.id == "org.freedesktop.login1.hibernate-multiple-sessions") > { > return polkit.Result.YES; > } > }); > > > # Debian Testing > $ pkaction --version > pkaction version 0.105 > > > If someone can help me please Cc me because I am > not on the list. > > > > Regards, > Herbert > >
Re: [xfce] - power management
Hi Herbert, I don't have XFCE installed, and I don't have a solution to your problem right now, but have you checked if your /etc/systemd/logind.conf file has the option #HandleHibernateKey=hibernate uncommented? Does your window manager handle this type of ACPI event(s) now? /usr/bin/xfce4-power-manager Does acpid handle those events? Check the scripts in /etc/acpid/events and section Troubleshooting on acpid's man page. Stephan Herbert Fortes: > Hi, > > I switched from gnome to xfce because the notebook > can not run gnome and pycharm at the same time. > > I am facing problems with power management. Suspend > works is I click on the button. Hibernate does not > seems to work properly because I see a lot of 'OK' > when I notebook wakes up. > > > I tried to config policykit without success. I put a > .pkla file in /etc/polkit-1/localauthority/50-local.d/ > about suspend and hibernate: > > Identity=unix-user:* > Action=org.freedesktop.X.X > ResultActive=yes > > X can be upower|login1 and suspend|hibernate. The > message asking a password says login1. > > I also tried putting a file in /usr/share/polkit-1/rules.d/ > with: > > polkit.addRule(function(action, subject) { > if (action.id == "org.freedesktop.login1.suspend" || > action.id == "org.freedesktop.login1.suspend-multiple-sessions" || > action.id == "org.freedesktop.login1.hibernate" || > action.id == "org.freedesktop.login1.hibernate-multiple-sessions") > { > return polkit.Result.YES; > } > }); > > > # Debian Testing > $ pkaction --version > pkaction version 0.105 > > > If someone can help me please Cc me because I am > not on the list. > > > > Regards, > Herbert > >
Nvidia Optimus in Debian
Hi! I have an Optimus notebook Acer Aspire V3 773G and using Debian testing. lspci: 00:02.0 VGA compatible controller: Intel Corporation 4th Gen Core Processor Integrated Graphics Controller (rev 06) 01:00.0 3D controller: NVIDIA Corporation GK106M [GeForce GTX 760M] (rev a1) The system is working, for now X is using the Intel chip. While I have heard of Bumblebee I want to always use the Nvidia chip. It seems Ubuntu can do this (I think they are using something called nvidia prime) to switch between the chips. Has anyone done this in Debian? Many greetings, Stephan -- | Stephan Seitz E-Mail: s...@fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: LVM info - OTHER than HOWTO's
On Wed, Nov 18, 2015 at 01:29:01PM -0500, Dan Ritter wrote: LVM is a kludge. Not at all. LVM can increase the size of partitions by giving them more space on either an empty section of disk or another disk. Either way, you Yes. then need to increase the filesystem size on that partition, which is usually but not always doable. It does not grant any You can resize an ext3 or ext4 partition online without downtime. I’m doing this quite often with virtual hosts. - Oh, the partition is getting too small in the VM - Add a new disk to the VM, hotplug feature - Add the new disk to the LVM partition - Resize the filesystem - Finished and no downtime This is working with Debian and SLES. If you need to move things around a lot, you might want btrfs or zfs instead of lvm. I consider btrfs still experimental. Maybe I will try it in one year, and zfs seems to be only available in a fuse implemention. I prefer ext4 and ext3. Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: s...@fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: NFS rename sometimes hangs for 15 seconds after upgrade to Debian 8
On Thu, Oct 01, 2015 at 01:54:07PM +0200, Vincent Lefevre wrote: Is there a way to get traces as a normal user? Otherwise I'll have to ask the sysadmin... Yes. If you do a „dpkg-reconfigure wireshark-common” you’ll get ask if normal user should be allowed to trace. If you say yes then a new group called wireshark will be created. Everyone who is a member of this group can now use wireshark or tshark. This should work in Debian 7 and 8. Many greetings, Stephan -- | Stephan Seitz E-Mail: s...@fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: Iceweasel HTML5 video problems
On Mon, Aug 17, 2015 at 03:27:52PM +0200, Paul van der Vlis wrote: On the machine with Debian 8 the problem is still there, even after removing ~/.mozilla. After looking twice, the problem there is not only in Youtube but on all HTML5-video sites. Not sure about this. On another machine with Debian8 I don't have the problem. Then you should compare the installed gstreamer packages. I think the necessary package is gstreamer1.0-libav. Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: s...@fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Wlan
Hallo, meine wlan-Karte wird von linux nicht gefunden. apt-get install firmware-linux-nonfree funktioniert nicht. Es erscheint die meldung Paket nicht gefunden. Kann jemand helfen. Stephan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1436613938.1393.1.ca...@gmx.de
Re: Unable to set LAN Internet connection on Debian Server
On Wed, Apr 29, 2015 at 10:57:30AM +0100, Darac Marjal wrote: I think you're going to have to give us more information than "it doesn't work". By default, Debian comes configured to perform a DHCP request on eth0. This should work for the majority of people, but some Well, he was speaking of a server, so DHCP may not work. And if it is really server hardware then the problem may be missing non-free firmware for the NIC. So we can add the output of dmesg to your list. Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: s...@fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | signature.asc Description: Digital signature
Problem with German Mac Keyboard
Hi, I would like to report a bug I have withe the German Mac Keyboard layout under Debian testing: The keys < and > on the one side and ^ on the other side are interchanged. I use the Cinnamon Desktop envorinment. Best, Stephan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/f2910b42a8062e19c9fd92acfe6e0...@posteo.de
Re: Was: Ric Moore
On Mon, Jan 19, 2015 at 09:13:20AM -0600, Richard Owlett wrote: Someone pointed me to a utility that saved everything sent to a console window. Was it script? script — make typescript of terminal session Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: s...@fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: USB drive mounted Read-only; what to do ?
On Fri, Dec 19, 2014 at 07:55:35AM -0300, Renaud OLGIATI wrote: [916394.028162] sd 30:0:0:0: [sdi] Write Protect is on Well, the pen drive is certainly read-only. You’re saying, that you have no hardware switch on the device. Stupid question, did you ever write anything to this drive? Can it be that it *is* a read-only pen drive? Maybe some kind of environment that you never should change? Well, others have said that the pen drive could have an error. Do you get any information with „smartctl -a /dev/sdi”? Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: s...@fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: USB drive mounted Read-only; what to do ?
On Fri, Dec 19, 2014 at 05:45:33AM -0300, Renaud OLGIATI wrote: I plug in a USB pen drive, and launch dd to copy an iso image. # dd bs=4M if=debian-live-7.6.0-amd64-rescue.iso of=/dev/sdi && sync dd: opening `/dev/sdi': Read-only file system I guess that /dev/sdi is your USB pen drive? Does the pen drive have a read-only switch? I know some USB stick which have a hardware switch for read-only and read-write. The output of dmesg may give more information. Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: s...@fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: Replacing systemd in Jessie
On Mon, Dec 01, 2014 at 01:18:39PM -0800, Patrick Bartek wrote: Last time I checked -- two or three weeks ago -- only 6 distros besides Jessie were using systemd as the default: Fedora 15, RHEL 7, CentOS 7, Arch, OpenSUSE, and SUSE Server. Just read today Only SUSE Server 12 uses systemd, but for me it is quite unusable. After the LDAP configuration the system doesn’t shutdown anymore. Luckily there will be a SP4 for SLES11 (of course without systemd), so I don’t have to worry about it. Debian has kindled a big fire with this systemd crap. It’s time to jump ship before you only have ashes. Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: s...@fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: systemd-free alternatives are not off topic.
On Mon, Nov 24, 2014 at 08:16:29AM +0100, Didier 'OdyX' Raboud wrote: systemd supports sysvinit init scripts (that have the LSB headers which are already mandatory in wheezy) just fine. Not doing so would be a bug, of course. I have initscripts without LSB headers working just fine. There are warnings, but it works. Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: s...@fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: Installing an Alternative Init?
On Wed, Nov 12, 2014 at 08:10:42PM +, Brian wrote: Sounds like, doesn't it? Let's be practical and see how how a screen in d-i could present an init system choice to a user, particularly having a new user in mind. Well, like the question about bootloaders the init system choice should only be available in the expert installation process. So I doubt you will need to teach the difference to a newbie. Here is my first suggestion: You are about to install an init system. Please choose The preselected choice is systemd. ^^ 1. Systemd 2. Sysvinit 3. Upstart 4. A. N. Other 1, 2, 3, 4? Sounds good. We can discuss the order, but it is the right direction. The question should come before the „Install the base system” part. Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: s...@fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: Irony
On Mon, Aug 11, 2014 at 08:21:24PM +0100, Joe wrote: No idea, but this is a sid updated today, ps aux | grep init returns pid 1, /sbin/init. I have systemd, systemd-sysv, and sysvinit installed but not sysvinit-core. Systemd is certainly running, along with systemd-udevd, So you’re running systemd as PID 1. systemd-sysv is used to divert the old /sbin/init to systemd as you can see from the package description: This package provides the manual pages and links needed for systemd to replace sysvinit. Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: s...@fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: I'm not a huge fan of systemd
On Fri, Jul 18, 2014 at 02:14:24AM +0300, Andrei POPESCU wrote: 'service' also has tab completion. Not sure if this is because I have bash-completion installed, but it's too late for me to check. Yes, you need bash-completion installed and activated in /etc/bash.bashrc. It is not activated by default. And at least SLES doesn’t have bash-completion, so you won’t get tab completion with the service command. Which means that everyone will use /etc/init.d/
Re: Four people decided the fate of debian with systemd. Bad faith likely
On Mon, Mar 03, 2014 at 12:52:40PM +1100, Scott Ferguson wrote: own personal computers my sentiments are similar. However my business purposes involve meeting SLAs so reboots once or twice a year can cost a lot of money - so in those circumstances a few minutes makes a lot of difference. Perhaps that's not something you care about - or it's just Sorry, I don’t buy this. If your systems are virtual machines then a reboot is already fast. Filesystem checks may delay the reboot, or applications that need minutes to stop or start, but systemd doesn’t help here either. If your systems are real server hardware then your reboot is mainly delayed by the BIOS. Here any server (blade or normal) takes much longer from BIOS to bootloader than from bootloader to login prompt. Fast booting was not the sole criteria for which it was selected by Debian for the *Linux* kernel. True, but I don’t need any of the new features (never had any problems with sysvinit). So why should I change? Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: s...@fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
How to do proper PAM modul configuration? (was: Testing: Warning messages from su within cron)
On Mon, Feb 03, 2014 at 11:11:24PM +1100, Scott Ferguson wrote: On 03/02/14 22:55, Stephan Seitz wrote: I’m using Testing. For some time I’m getting warning messages from scripts started via cron, e.g.: /etc/cron.daily/popularity-contest: su: No module specific data is present /etc/cron.daily/spamassassin: su: No module specific data is present su: No module specific data is present su: No module specific data is present I couldn't find anything in my notes, but I did turn up this (in a search engine). Is it related/helpful? http://debian.2.n7.nabble.com/Bug-736642-schroot-PAM-error-No-module-specific-data-is-present-td3161399.html Thank you, this is the solution. I commented the pam_ssh.so line in /etc/pam.d/common-session, and the warnings are gone. But now the ssh-agent autoconfiguration is lost. I’m wondering what the right solution is? Don’t use pam-auth-update? I’ll change the subject and hope that other people with PAM experience will answer. Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: s...@fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Testing: Warning messages from su within cron
Hi! I’m using Testing. For some time I’m getting warning messages from scripts started via cron, e.g.: /etc/cron.daily/popularity-contest: su: No module specific data is present /etc/cron.daily/spamassassin: su: No module specific data is present su: No module specific data is present su: No module specific data is present Any idea what this could be? Those are the original debian scripts. Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: s...@fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: How can I secure a Debian installation?
On Thu, Jan 30, 2014 at 06:53:11PM +0100, Denis Witt wrote: password, also it's not "ssh keys + AllowUsers" it's (or should be) "ssh key + key pass-phrase + AllowUsers". As an administrator you can’t control the key pass-phrase. If a user creates a key without it you can’t stop him from using it. But you can control the strength of a password with a policy. Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: s...@fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | signature.asc Description: Digital signature
Re: preseed netinstall vlan network
On Wed, Oct 30, 2013 at 04:08:38PM -0600, Bob Proulx wrote: TRAN, JOHN wrote: I'm attempting to do a preseeded netinstall using mini.iso. In general, is it possible to do a netinstall if your network is vlan tagged? A VLAN is a Virtual LAN. A Virtual LAN is a way to group hosts together onto a common network even though their locations may be physically separate. But as far as processes on the hosts know they are simply on a LAN. Hm, maybe he’s trying to say, that the linux host will get the tagged network packets because it is in several VLANs? But I don’t think the installer has the option to configure network interfaces with VLAN tagging. Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: s...@fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | signature.asc Description: Digital signature
unsuscibe
how do i go out of the list ??? the subject is not within my knowledge, thanks On 9/30/13, debian-user-digest-requ...@lists.debian.org wrote: > Content-Type: text/plain > > debian-user-digest Digest Volume 2013 : Issue 1116 > > Today's Topics: > virtualbox fails to compile module o [ Kent West ] > Re: Can't create folder on empty par [ Frank McCormick >Re: virtualbox fails to compile modu [ Ralf Mardorf >Re: virtualbox fails to compile modu [ Hugo Vanwoerkom >Re: Can't create folder on empty par [ Catherine Gramze >Re: should an end user stick to a ke [ Stan Hoeppner > -- Marc Stephan Nkouly bp: 5180 Nkwen Bamenda cameroon Mobile: 00 237 77 95 77 55 00 237 96 19 11 50 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANLQgebvDfi2sYp0r0pYOLfcFov8b81J9bOXvU3Xv9LcwT=h...@mail.gmail.com
unsuscibe
how do i go out of the list ??? the subject is not within my knowledge, thanks On 9/30/13, debian-user-digest-requ...@lists.debian.org wrote: > Content-Type: text/plain > > debian-user-digest Digest Volume 2013 : Issue 1116 > > Today's Topics: > virtualbox fails to compile module o [ Kent West ] > Re: Can't create folder on empty par [ Frank McCormick >Re: virtualbox fails to compile modu [ Ralf Mardorf >Re: virtualbox fails to compile modu [ Hugo Vanwoerkom >Re: Can't create folder on empty par [ Catherine Gramze >Re: should an end user stick to a ke [ Stan Hoeppner > -- Marc Stephan Nkouly bp: 5180 Nkwen Bamenda cameroon Mobile: 00 237 77 95 77 55 00 237 96 19 11 50 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANLQgeYzNBUFuhcP=6EP0TFMNaXcwrAPTXCuymPX=0i_yft...@mail.gmail.com
Re: debian-user-digest Digest V2013 #573
the systems are 512 of ram On 5/25/13, debian-user-digest-requ...@lists.debian.org wrote: > Content-Type: text/plain > > debian-user-digest Digest Volume 2013 : Issue 573 > > Today's Topics: > Re: problem with gnome on installing [ Larry Johnson >Re: apache2 and virtual hosts [ Pol Hallen > ] > From Cameron AFRICA [ Marc Stephan Nkouly >Re: problem with gnome on installing [ Andrei POPESCU >Re: can one rely on uname -i results [ Andrei POPESCU >Re: Checking for installed package[ Kip Warner ] > Re: Checking for installed package[ Andrei POPESCU >Re: From Cameron AFRICA [ Slavko ] > Re: Checking for installed package[ Slavko ] > Re: problem with gnome on installing [ Larry Johnson >dvipdfm (TeX/LaTeX) not working [ Charles Blair >Re: dvipdfm (TeX/LaTeX) not working [ Brian ] > Re: From Cameron AFRICA [ =?UTF-8?B?TGFycyBOb29kw6lu?= > Re: Debian 6 query - how to adjust m [ Brian ] > -- Marc Stephan Nkouly bp: 223 Mankon Bamenda cameroon Mobile: 00 237 77 95 77 55 00 237 96 19 11 50 mcste...@hotmail.commcstean_...@yahoo.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/canlqgebscucgftvxmie49uouekjcm8jsh-zeyngbev_auxh...@mail.gmail.com
From Cameron AFRICA
Please i wish to install DEBIAN on some old computers Pentium 4 and organize some holidays workshops with young people who are interested about computers. Am desperate because this machines are old ones with low rams and most of the Distro i have installed on them have one or two things that are not working. Is true i don't have much knowledge in Gnu/Linux but am using Ubuntu 12.04, the target audience is made of young scholar and for those familiar with computers they have been working on XP. Basically i want to introduce them to the world of computers with Linux and show them how to use basics office applications so that the will understand that there's an alternative to Pirated copies of W. Please if any one can advise me on a version of Debian that i can install i will really appreaciate what about projects to help young people get started ??? thanks in advance -- Marc Stephan Nkouly bp: 223 Mankon Bamenda cameroon Mobile: 00 237 77 95 77 55 00 237 96 19 11 50 mcste...@hotmail.commcstean_...@yahoo.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANLQgeZ5+a-FDOoAQEYN-bc3sC2AXBzO7aBUgt=y9gfo-i3...@mail.gmail.com