Re: ssh-keygen between SuSE and FreeBSD
> >>> Ronald Klop <[EMAIL PROTECTED]> 08/14/08 10:36 AM >>> > > Well, I admit I still have more things to learn, even though I've been > > the admin of "my" own Linux servers for 3 years and FreeBSD for... can't > > remember, but not quite as long, but I'm not gonna pester my colleagues > > for something like this, about my own servers! ;) > > > > My background is more in programming as I have a CS degree in software > > design. Still learning in that area too! We are all, always learning. > > (hopefully) > > > > Genuine thanks for the suggestion though. > > > > - Gavin > > Funny, you don't 'pester' your colleagues but do e-mail a couple of > thousand people on this mailinglist. Communication is a weird thing. :-) > > Ronald. LOL! Okay, fair enough. I concede, you got me there. :) (I LOVE pestering y'all though!) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
> >>> Ronald Klop <[EMAIL PROTECTED]> 08/14/08 10:34 AM >>> > >> I'm not quite sure right now why you're using rsa keys. I'm always using > >> dsa keys (ssh-keygen -t dsa). It comes to my mind, that rsa keys are for > >> ssh version 1, while dsa keys are for ssh version 2. > >> But I could be wrong here ;) > >> No man ssh handy right now, sorry. > > > > If that's true, then I believe I will start using the dsa ones! I think > > I chose rsa because the FreeBSD manual indicated I could use either and > > I could only find settings for enabling rsa in sshd_config on the remote > > servers, but I'll look again... > > This story about rsa and dsa is not true. > Rsa wasn't free (patents or something else) until a few years ago. So > everybody used dsa. But since quite some time it doesn't matter what you > use. I don't know about advantages of one above the other. In daily use > they are the same. > > Ronald. Thanks for more info. Maybe some people think that because of the following lines in sshd.config? # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_dsa_key Although the 2nd line *doesn't* read "#HostKey /etc/ssh/ssh_host_rsa_key", maybe people are associating dsa with protocol 2 because of the 3rd and 4th lines? ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
> >>> Lyndon Nerenberg <[EMAIL PROTECTED]> 08/14/08 9:47 AM >>> > DOn't you have a local IT helpdesk? This is pretty basic stuff that they > should have documentation for. Well, I admit I still have more things to learn, even though I've been the admin of "my" own Linux servers for 3 years and FreeBSD for... can't remember, but not quite as long, but I'm not gonna pester my colleagues for something like this, about my own servers! ;) My background is more in programming as I have a CS degree in software design. Still learning in that area too! We are all, always learning. (hopefully) Genuine thanks for the suggestion though. - Gavin ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
> >>> Marian Hettwer <[EMAIL PROTECTED]> 08/14/08 9:43 AM >>> > Hi Gavin, > From your Suse, try to run the ssh commando with "-v" or even -vv or -vvv > to get debugging output. > If you can't figure out what the debugging output wants to tell you, send > it to the list. > But complete, copy 'n' paste please :) Sure, no problem: (edited) [EMAIL PROTECTED]:~> ssh -v [EMAIL PROTECTED] OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to freebsdserver [xxx.xxx.xxx.xxx] port 22. debug1: Connection established. debug1: identity file /home/myusername/.ssh/id_rsa type -1 debug1: identity file /home/myusername/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.5p1 FreeBSD-20061110 debug1: match: OpenSSH_4.5p1 FreeBSD-20061110 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'freebsdserver' is known and matches the DSA host key. debug1: Found key in /home/myusername/.ssh/known_hosts:6 debug1: ssh_dss_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /home/myusername/.ssh/id_rsa debug1: Trying private key: /home/myusername/.ssh/id_dsa debug1: Next authentication method: keyboard-interactive Password: debug1: Authentication succeeded (keyboard-interactive). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 Last login: Thu Aug 14 10:08:12 2008 from suseserver . [snip] . Welcome to FreeBSD! . [snip] . [EMAIL PROTECTED] ~]$ > I'm not quite sure right now why you're using rsa keys. I'm always using > dsa keys (ssh-keygen -t dsa). It comes to my mind, that rsa keys are for > ssh version 1, while dsa keys are for ssh version 2. > But I could be wrong here ;) > No man ssh handy right now, sorry. If that's true, then I believe I will start using the dsa ones! I think I chose rsa because the FreeBSD manual indicated I could use either and I could only find settings for enabling rsa in sshd_config on the remote servers, but I'll look again... > > I noticed you made a distinction between password and passphrase. Could > > you please explain the difference? > > > Well, when you generate a rsa or dsa key, you get asked to enter a > passphrase for that key. > So a passphrase is basically the password to your ssh key. > While the password is the real password of the local user you're trying to > be. Like ssh [EMAIL PROTECTED], the password would be the password of the > user foo at > host bar. > And since everybody likes to know wether someone is talking about the > "password" of a ssh key or the password of a local user, you say passphrase > to keys and password to local users. > That's how I would explain it :)) Good explanation. I grok, I grok. :D > Cheers, > Marian ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
> >>> Paul Saab <[EMAIL PROTECTED]> 08/14/08 9:41 AM >>> > look at your permissions in ~/.ssh on the freebsd box. Make sure your home > directory does not have insecure permissions and .ssh + all the files in > there are not writable by anyone else. No worries there. Thanks. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
> >>> Pollywog <[EMAIL PROTECTED]> 08/14/08 9:32 AM >>> > On Thursday 14 August 2008 15:29:27 Gavin Spomer wrote: > > >>> Lyndon Nerenberg <[EMAIL PROTECTED]> 08/13/08 7:10 PM >>> > > > > > > You need to start an ssh-agent on the machine you're connecting from and > > > populate it with your keychain: > > > > > > eval `ssh-agent` > > > ssh-add > > > > > > Add the above to your .profile, or check the Linux PAM implementation to > > > see if it has ssh session support. > > > > > > --lyndon > > > > Thanks. > > > > That made it possible for me to ssh from SuSE server to FreeBSD server, but > > now when I ssh from my Mac to SuSE server it wants a password now: > > > >Enter passphrase for /home/myusername/.ssh/id_rsa: > > > > I read the FreeBSD handbook section "14.11.7 ssh-agent and ssh-add" and > > don't have anything much more intelligent to say but "I don't understand". > > ;) > > > > Questions: > > > >1. If the ssh-agent and ssh-add utilities load the keys into memory, > > they'd be wiped if I rebooted? > > Yes, rebooting will take the keys out of memory and you would need to > use 'ssh-add' on the command line to put the keys and passphrase in memory. > The 'ssh-add -D' command removes the keys when you are done but are not > logging out. > > > > >2. Is #1 why I'd add it to my ~/.profile? > > This is so that ssh-agent is set when you login at a console. I don't know > about Mac but some Linux distributions have session scripts so that this is > done for you when you start a KDE session. I don't believe ~/.profile will > be read unless you login at a console or xterm or similar. > > When you add stuff to your ~/.profile, I recommend doing it on a separate > account first. I once added those lines on a Linux system and was locked out > on that account but I was able to get in with another account, su to root, > and remove the lines in the affected user ~/.profile and then I was no longer > locked out. > > > >3. How am I able to ssh (without a password) from my Mac to SuSE server > > or Mac to FreeBSD server when I don't have "eval `ssh-agent`" and "ssh-add" > > in my .profile on my Mac? > > You can do 'ssh-agent bash' followed by 'ssh-add' but this will not work > until > you have generated your SSH keys with: > > ssh-keygen -t rsa -b 1024 > or > ssh-keygen -t dsa -b 1024 > > or similar. Until you do that, you have to use your login password and > cannot > use a passphrase since you have not set one. Setting the passphrase is part > of the process of generating your SSH keys. > > BTW I do not know if you are using the "keychain" utility. Be very careful > with it. It can be confusing. I found it inconvenient to use and no longer > use it. > > There are some fine SSH tutorials online, I believe "OnLamp" has some. Just > make sure they are not more than about 3 yrs old. All good information. Thanks. I will save this for future reference. :) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
> >>> Igor Pokrovsky <[EMAIL PROTECTED]> 08/14/08 8:22 AM >>> > > ... and I have to enter my password. I've Googled, but can't seem to find > > the answer to my dilemma. Is it generally kind of a pain to do this between > > platforms? I'm finally very comfortable on FreeBSD and am starting to > > really get annoyed with SuSE. :( > > You can generate keys with empty pass phrase, so it won't be asked ;-) > > -ip Yes, this works. Any security concerns with doing this? - Gavin ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
> It's not asking for your password. It's asking for your passphrase to > decrypt your private key. Are you running an ssh-agent on the Suse > system? > -- > R. Kevin Oberman Aha! Thanks, Kevin. Things are clicking in my brain and I grok now. I just remembered that when I did ssh-keygen on my mac and then ssh'd to my servers, it stored the passPHRASE (right?) in my Mac's Keychain too. Thanks everyone. For further reference, can anyone clearly define what topics are valid for this list? - Gavin ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
> >>> Paul Schmehl <[EMAIL PROTECTED]> 08/13/08 7:18 PM >>> > --On August 13, 2008 5:35:29 PM -0700 Gavin Spomer <[EMAIL PROTECTED]> wrote: > > I am able to use ssh-keygen to generate keys so that I can ssh from my > > Mac to any of my SuSE systems or ssh from my Mac to any of my FreeBSD > > systems, without having to enter my password. When I try the same thing > > from a SuSE system to a FreeBSD system, (I.E. I run "ssh-keygen -t rsa" > > on the SuSE system, then copy the id_rsa.pub to my > > ~/.ssh/authorized_keys file on the FreeBSD system) I get the following > > message when ssh-ing to the FreeBSD system: > > > >Enter passphrase for key '/home/myusername/.ssh/id_rsa': > > Just to be clearyou're saying that your key pass*phrase* doesn't work > and you have to type your pass*word* in instead? Or did you make all your > previous keys passphrase-less and add a passphrase to this one? > > Paul Schmehl Uh, not sure. Head spinning now. ;) 1. I have a Mac, SuSE server and a FreeBSD server. 2. I can ssh from my Mac to SuSE server without having to type in my password. 3. I can ssh from my Mac to FreeBSD server without having to type in my password. 4. I can do #2 and #3 above because I ran "ssh-keygen -t rsa" on my Mac and copied the id_rsa.pub to my ~/.ssh/authorized_keys files on the SuSE and FreeBSD servers. 5. I ran the same "ssh-keygen -t rsa" on the SuSE server and copied the id_rsa.pub to the FreeBSD. 6. I canNOT ssh from the SuSE server to the FreeBSD server withOUT typing in my password. 7. When I ssh from SuSE server to FreeBSD server, I get prompted: Enter passphrase for key '/home/myusername/.ssh/id_rsa': 8. I want to be able to ssh from SuSE server to FreeBSD server because I want to run scp via a cron job. I noticed you made a distinction between password and passphrase. Could you please explain the difference? - Gavin ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
>>> Lyndon Nerenberg <[EMAIL PROTECTED]> 08/13/08 7:10 PM >>> > You need to start an ssh-agent on the machine you're connecting from and > populate it with your keychain: > > eval `ssh-agent` > ssh-add > > Add the above to your .profile, or check the Linux PAM implementation to > see if it has ssh session support. > > --lyndon Thanks. That made it possible for me to ssh from SuSE server to FreeBSD server, but now when I ssh from my Mac to SuSE server it wants a password now: Enter passphrase for /home/myusername/.ssh/id_rsa: I read the FreeBSD handbook section "14.11.7 ssh-agent and ssh-add" and don't have anything much more intelligent to say but "I don't understand". ;) Questions: 1. If the ssh-agent and ssh-add utilities load the keys into memory, they'd be wiped if I rebooted? 2. Is #1 why I'd add it to my ~/.profile? 3. How am I able to ssh (without a password) from my Mac to SuSE server or Mac to FreeBSD server when I don't have "eval `ssh-agent`" and "ssh-add" in my .profile on my Mac? ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ssh-keygen between SuSE and FreeBSD
I hope this isn't an invalid topic for this list. I'm on so many lists and I hate to join another one just to get help on one thing. Apologies if it's not. I am able to use ssh-keygen to generate keys so that I can ssh from my Mac to any of my SuSE systems or ssh from my Mac to any of my FreeBSD systems, without having to enter my password. When I try the same thing from a SuSE system to a FreeBSD system, (I.E. I run "ssh-keygen -t rsa" on the SuSE system, then copy the id_rsa.pub to my ~/.ssh/authorized_keys file on the FreeBSD system) I get the following message when ssh-ing to the FreeBSD system: Enter passphrase for key '/home/myusername/.ssh/id_rsa': ... and I have to enter my password. I've Googled, but can't seem to find the answer to my dilemma. Is it generally kind of a pain to do this between platforms? I'm finally very comfortable on FreeBSD and am starting to really get annoyed with SuSE. :( - Gavin ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: 6.2-STABLE => 7.0-STABLE Upgrade root partition more full
>>> Skip Ford <[EMAIL PROTECTED]> 06/06/08 1:39 PM >>> Gavin Spomer wrote: > I successfully did my first FreeBSD upgrade yesterday after looking at the > manual, and cross referencing with Googling and getting help from our network > engineer here at CWU. Before the upgrade, running df showed: > > Filesystem 1K-blocksUsed Avail Capacity Mounted on > /dev/da0s1a507630 7766238935817%/ > devfs 1 1 0 100%/dev > /dev/da0s1e507630 588466432 0%/tmp > /dev/da0s1f 268217320 4866120 241893816 2%/usr > /dev/da0s1d 4298926 162066 3792946 4%/var > > Now it shows: > > Filesystem 1K-blocksUsed Avail Capacity Mounted on > /dev/da0s1a507630 18483428218640%/ > devfs 1 1 0 100%/dev > /dev/da0s1e507630 426466594 0%/tmp > /dev/da0s1f 268217320 5514844 241245092 2%/usr > /dev/da0s1d 4298926 187570 3767442 5%/var > > Notice the the increase in the root partition. Should I have made this > partition bigger when I first installed? Is there any cleaning up I can do > after version upgrades? I would've thought /usr would be the one that grew > more, but then again my /usr partition is fairly sizeable. Does 7.0 just take > up a lot more of the root partition than 6.2? 7.0 installs debugging symbols for the kernel and modules by default. You can avoid that by defining INSTALL_NODEBUG during installkernel. If already installed, you can delete the symbol files without causing problems as long as you don't need to debug the kernel. Also, when you install a new kernel, the old kernel is saved as kernel.old so you now have 2 kernels in /boot instead of one. If you're positive the new kernel works fine, the old kernel can be removed as that's only used to recover from a new kernel with problems. But, your space really isn't that close to the limit, IMO. You appear to have enough space to have an old and new kernel installed both with symbols, so I'd leave it as is in case you need to debug something or boot the old kernel. You can always take care of it later if you're about to run out of space. Why do today what you can put off 'til tomorrow? Also, consider reading UPDATING before every upgrade. The entry for 20060118 covers this issue. -- Skip Thanks a bunch for the info, it is helpful. Also, sorry for the lateness of my reply. Any suggestions for selectively reading UPDATING? It IS a rather long file. I'd rather be reading a good R.A. Salvatore novel if I'm going to read for that long. ;) Thanks for you reply as well, Clifton. - Gavin ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
6.2-STABLE => 7.0-STABLE Upgrade root partition more full
I successfully did my first FreeBSD upgrade yesterday after looking at the manual, and cross referencing with Googling and getting help from our network engineer here at CWU. Before the upgrade, running df showed: Filesystem 1K-blocksUsed Avail Capacity Mounted on /dev/da0s1a507630 7766238935817%/ devfs 1 1 0 100%/dev /dev/da0s1e507630 588466432 0%/tmp /dev/da0s1f 268217320 4866120 241893816 2%/usr /dev/da0s1d 4298926 162066 3792946 4%/var Now it shows: Filesystem 1K-blocksUsed Avail Capacity Mounted on /dev/da0s1a507630 18483428218640%/ devfs 1 1 0 100%/dev /dev/da0s1e507630 426466594 0%/tmp /dev/da0s1f 268217320 5514844 241245092 2%/usr /dev/da0s1d 4298926 187570 3767442 5%/var Notice the the increase in the root partition. Should I have made this partition bigger when I first installed? Is there any cleaning up I can do after version upgrades? I would've thought /usr would be the one that grew more, but then again my /usr partition is fairly sizeable. Does 7.0 just take up a lot more of the root partition than 6.2? - Gavin ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Rebuilding World Problems
Hallelujah! My "world" is rebuilt! Thanks to Chris, "[EMAIL PROTECTED]", Kevin and Jim for educating me and pointing me in the right direction. Will definitely research further and continue to have a blast with FreeBSD on my test server. It very well could be that I will be using FreeBSD for my production servers by next Fall. :D - Gavin ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Rebuilding World Problems
>>> "Chris H." <[EMAIL PROTECTED]> 02/13/08 1:25 PM >>> > > Surprisingly I grokked most of your cheatsheet and looked at a few > > man pages to figure out most of the rest. Haven't tried it all yet. I > > was wondering about the "mount -u /". Is it really necessary to mount > > the root partition prior to mounting all of them in the next step? > > Absolutely. Think about it for a momment. Given that EVERYTHING > (save swap) is mounted off of root ( / ). So it becomes quite > impossible to mount /usr/ if / hasn't already been mounted. In > other words; if / hasn't been mounted it doesn't exist for usr/ > to mount from it. :) For some reason I was thinking that they were still separate, regardless of their hierarchical relationship. Well, might as well just do them both since it doesn't hurt. After all, what's a few keystrokes? > > > > I don't really understand the "swapon -a". When is it necessary and > > when is it not? > > As a rule, it is already available after boot. So executing swapon -a > is often considered overkill. /But/ absolutely no harm will come of > doing it, and it /may/ be necessary. So this just insures you have > an "event free" journey. :) > > > > > Also, UPDATING has "adjkerntz -i" just before "mergemaster -p". I > > looked at the man page for adjkerntz and am still uncertain if I need > > to do this. I run an ntpd client, if that makes any difference. > > Again, just a precaution. Think "safe", or "event free". :) Yeah, I like to think I balance a fearless attitude with caution quite well. Being fearless allows one to make mistakes and thus potentially learn more than if not making them, but when it's obvious that safety can save you a lot of grief, that is the path to take in that instance. > > > > I think the documentation is an excellent reference for people who > > already, moderately know FreeBSD. I am not even a true newbie as I > > have a CS degree and have been a Linux admin for 2 years. Even so I > > often have a hard time with the complexity of FreeBSD. I recognize > > the value of understanding the fine-grain "nuts and bolts" of a > > system, but even so I wonder if FreeBSD over-complicates some things? > > This is the "UNIX way". It breaks everything into small bits of > useful stuff. There-by providing the "nuts & bolts" to build, or > accomplish almost /anything/ with little, or no effort. Linux kind > of "missed the boat" on this one. But even Linus T. indicates that > Linux is not UNIX. I'd have to say, it's more a "feels like UNIX" > than anything else. I agree with the "accomplish almost/anything" fully, but from *my* experience I respectfully, but strongly disagree with the "with little, or no effort" part. But that is likely because I don't know Unix even a tenth as well as you do. :D I guess it's just particularly hard for me in this case to see benefit; it takes only one command and a lot less time to patch my SuSE systems, for example. But again, it all boils down to perspective, I guess. Make sense? > to a new user. One must remember, after all, that it is a /server/ > and perhaps, not best suited to an average "desktop" user. But, if > given the time, will become your best friend - /really/. :) I never run any GUI on my servers. > Best wishes to you. > > --Chris H. Thanks, I am genuinely having a LOT of fun dinking around with FreeBSD on my test server! Linux was definitely a good warm up. And it's nice to be able to tinker under the hood on all my Mac's. (Have 2 @ work and 1 @ home) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Rebuilding World Problems
>>> Kevin Oberman <[EMAIL PROTECTED]> 02/12/08 7:01 PM >>> > > make buildkernel KERNCONF=YOUR_KERNEL_HERE > > make installkernel KERNCONF=YOUR_KERNEL_HERE > If you put KERNCONF into make.conf, you can simplify it to: > make kernel Just to be clear, if I add the appropriate KERNCONF line in /etc/make.conf, "make kernel" will take care of both "make buildkernel" AND "make installkernel"? (w/o the KERNCONF= part) > > reboot (in single user mode) > > > > fsck -p (optional, but a good idea) > A total waste of time, but I do it anyway since I am paranoid. > adjkerntz -i Like many good admins, I am paranoid too, so I will include this. :) > This command has no impact if the hardware clock is set to UTC/GMT, but > it is often not, especially if the system is dual boot with Windows. > > mount -u / > Since the next command does this, the is no need for this, even for the > paranoid. > > mount -a -t ufs > > swapon -a (most cases; optional) > > > > cd /usr/src > > mergemaster -p > > make installworld > > mergemaster > While not in src/UPDATING, I always urge people to use the -iU options > to save a LOT of time on future builds. These options are for mergemaster I take it? I had another look at the man page for mergemaster and inspected these options, so this sounds good. > > reboot > > > > That was simply a QUICK cheat sheet, and does not > > replace good research. But I hope it helps. :) > > Thanks for posting this. Maybe it will lead to some documentation updates. > R. Kevin Oberman, Network Engineer ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Rebuilding World Problems
>>> "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> 02/12/08 6:13 PM >>> >On 12/02/2008, Chris H. <[EMAIL PROTECTED]> wrote: >> Quoting Gavin Spomer <[EMAIL PROTECTED]>: >. . . > > > for some reason. Having said that, I figured I would also have to be > > > in /usr/src for the "make installworld" step. But I couldn't do that! > > > Why? I could cd to /usr, but not /usr/src! > . . . > > reboot (in single user mode) > > > > fsck -p (optional, but a good idea) > > mount -u / > > mount -a -t ufs > ^^^- this is why you couldn't cd into /usr/src Yep, makes sense to me now. Kinda difficult to cd to unmounted file systems. ;) > > swapon -a (most cases; optional) > > from note 3 near the end of /usr/src/UPDATING: > > [3] From the bootblocks, boot -s, and then do > fsck -p > mount -u / > mount -a > cd src > adjkerntz -i# if CMOS is wall time > Also, when doing a major release upgrade, it is required that > you boot into single user mode to do the installworld. Yes, I've been caught red-handed, slacking on reading of the documentation. ;) - Gavin ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Rebuilding World Problems
>>>> "Chris H." <[EMAIL PROTECTED]> 02/12/08 4:34 PM >>> >Quoting Gavin Spomer <[EMAIL PROTECTED]>: >> First, let me note that step one in rebuilding world should be "cd >> /usr/src", not "make buildworld". I guess I was supposed to know that >> for some reason. Having said that, I figured I would also have to be >> in /usr/src for the "make installworld" step. But I couldn't do that! >> Why? I could cd to /usr, but not /usr/src! >> So, I decided to go ahead and try the "mergemaster -p" step. I was >> given an error that was something like "cannot find mergemaster". So >> I thought that maybe in single user mode my $PATH isn't set, so I >> thought about entering "/sbin/mergemaster -p", but I didn't know if >> that was the path or not and I chickened out. :( Maybe the fact that >> I hit Return to choose /bin/sh while going into single user mode >> instead of my preferred bash had something to do with it? >> Here's a slightly dumb question: when I get this all figured out, do >> I have to start all over from "make buildworld" or can I just >> continue with booting in single user mode and "mergemaster -p"? I'm >> guessing I can just continue, but I thought it was important to ask. >> Here's a little more intelligent question or two. ;) Is there a way >> to do this while logged in via ssh? I don't mind making the trip to >> our computer room so I can select #4 at the FreeBSD prompt, but it's >> not all that convenient. Also, how long (in general) do the steps >> "mergemaster -p" through the final reboot take? I am running FreeBSD >> on a test server, but if I were to use it for my production servers >> (which I am considering), the down-time of being in single user mode >> would be a concern. >> Thanks to everyone who takes the time to read this. :) > >Greetings Gavin, >Yes, you're quite correct on all accounts. The doc's are a bit terse >in these areas. Which, as I read your email, reminds me why I _should_ >send-pr a patch with some additional info in these areas. I guess I'm >like so many others - once I figured it all out, I got so involved >with it all, I completely forgot there was some issues with the docs. >NOTE: I'm not the author of the documentation. :) >OK I'm going to give you a "cheat sheet" that I hope you'll find >helpful in the future - be aware, this is NOT an excuse to ignore >the /usr/src/UPDATING file, as THAT document will QUITE likely >contain more timely information regarding little, but important >changes, that can make all the difference. >That said, here goes: > >* On an initial install ALWAYS buildworld BEFORE buildkernel >* Unless having troubles building a kernel, it is usually > best to ensure /etc/make.conf is empty >* If REbuilding world/kernel it is usually a good idea to > perform the following: >cd /usr/obj >chflags -R noschg * >rm -rf * >(see chflags(1) for more information) > >OK here we go: >cd /usr/src/sys//conf >cp ./GENERIC ./YOUR_CHOSEN_NAME >edit ./YOUR_CHOSEN_NAME and adjust as necessary >cd /usr/src >make buildworld >* * * * OPTIONAL * * * * >NOTE: SINGLE CPU: >make -j4 buildworld >NOTE: MULTI CPU: >make -j(6 through 10) buildworld >* * * * * * * * * * * * >make buildkernel KERNCONF=YOUR_KERNEL_HERE >make installkernel KERNCONF=YOUR_KERNEL_HERE >reboot (in single user mode) >fsck -p (optional, but a good idea) >mount -u / >mount -a -t ufs >swapon -a (most cases; optional) >cd /usr/src >mergemaster -p >make installworld >mergemaster >reboot >That was simply a QUICK cheat sheet, and does not >replace good research. But I hope it helps. :) >--Chris Thanks, this was very helpful. First of all I would just like to admit that I only gave /usr/src/UPDATING a quick glance. Shame on me; it might have solved most (if not all) of my problem if I had read more thoroughly. Surprisingly I grokked most of your cheatsheet and looked at a few man pages to figure out most of the rest. Haven't tried it all yet. I was wondering about the "mount -u /". Is it really necessary to mount the root partition prior to mounting all of them in the next step? I don't really understand the "swapon -a". When is it necessary and when is it not? Also, UPDATING has "adjkerntz -i" just before "mergemaster -p". I looked at the man page for adjkerntz and am still uncertain if I need to
Rebuilding World Problems
Please forgive me if this is not the appropriate list to post this on. If this is a topic for another, more appropriate FreeBSD list, then would someone please kindly point this guy in the right direction? :) I'm on the security advisory list too and got 2 emails about patches about a month ago. They came with instructions to follow for patching... excellent! Then, the last step has a link to the FreeBSD Handbook's Rebuilding world. Yes, I admit, it's taken me almost a month to get the courage (and find the time) to do this. I'm usually pretty fearless when exploring computer things. I don't really have the best way to backup either. I finally just made tarballs of important directories and scp'd them to one of my Linux machines. I finally got to the point where I booted to single user mode (first time for me) and that's where my problems began. It might be useful to note on the instructions page that you don't have to type "boot -s" to go into single user mode; it's easier to to just select option #4. First, let me note that step one in rebuilding world should be "cd /usr/src", not "make buildworld". I guess I was supposed to know that for some reason. Having said that, I figured I would also have to be in /usr/src for the "make installworld" step. But I couldn't do that! Why? I could cd to /usr, but not /usr/src! So, I decided to go ahead and try the "mergemaster -p" step. I was given an error that was something like "cannot find mergemaster". So I thought that maybe in single user mode my $PATH isn't set, so I thought about entering "/sbin/mergemaster -p", but I didn't know if that was the path or not and I chickened out. :( Maybe the fact that I hit Return to choose /bin/sh while going into single user mode instead of my preferred bash had something to do with it? Here's a slightly dumb question: when I get this all figured out, do I have to start all over from "make buildworld" or can I just continue with booting in single user mode and "mergemaster -p"? I'm guessing I can just continue, but I thought it was important to ask. Here's a little more intelligent question or two. ;) Is there a way to do this while logged in via ssh? I don't mind making the trip to our computer room so I can select #4 at the FreeBSD prompt, but it's not all that convenient. Also, how long (in general) do the steps "mergemaster -p" through the final reboot take? I am running FreeBSD on a test server, but if I were to use it for my production servers (which I am considering), the down-time of being in single user mode would be a concern. Thanks to everyone who takes the time to read this. :) - Gavin ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
