[gentoo-user] [OT] Storing ssh and gpg keys in USB flash drives
Hi there, I would like to store my ssh and gpg keys in my usb flash drive, but I'm not sure what's the best way to do it: If I use vfat so I can also read them from Windows I have two problems: first you must mount your USB key with a 0077 umask, so ssh and gpg doesn't complain about key permissions; latest KDE version seems to auto mount USB flash drives using pmount with a 0022 umask and I haven't been able to change this, so I either mount it manually or change the permissions after being mounted. The second problem is related to gpg: it seems that gpg uses links to lock the keyrings, and vfat doesn't support them, so I'm able to read keys, but not to make any modfication on them. If I use ext2 the permission problem goes away (kind of), but I have the feeling that this isn't as portable as vfat, as the filesystem uses the user id to control access to files, and pluging the drive in another system where my user may have anoter uid leads me to chowning/chmoding in the better case or not having access to my keys in the worst case. Any ideas? Best regards Jose
Re: [gentoo-user] SCIRE Project
2007/2/13, Daniel van Ham Colchete [EMAIL PROTECTED]: Hello everyone Here on my company we are going to start deploying Gentoo Linux on our customers. Every server will have the very same installed packages, the very same use flags, very same cflags, only a few configurations will differ. I would like the deployment and maintenance to be done as easily as possible because this project needs to be scalable to more than 100 servers. Although we are going to install only 10 servers in the beginning, my boss says that I should be prepared for this number to grow. Yesterday I found about the SCIRE project that seems to solve my problems easily. But it seems that the project's development is stopped. Unfortunately, I don't know a thing of Phyton, so I can't help. Do anyone know how is the project going? Are we going to have a production usable release? If so, when? It's not like I'm pushing anything, I just want to know if I can count on it or not. Setting the project aside, I'm thinking about developing my own installer to install a catalyst's stage4 and reboot a working Gentoo. After that I'm thinking about using emerge with binary packages to install updates automatically. What do you think? Will it work? Is it possible to rollback an update if something goes wrong? We're working on womething similar using catalyst [1] to create a custom livecd, quickstart [2] to automate installation of a basic working system from that livecd and puppet (already mentioned in the thread) to automate administration from that point. To solve the problem with incompatible configuration files, everytime I upgrade anything, a perl script will reconfigure the customers server. I recommend to use an existing solution (puppet, cfengine, there are other out there) instead of developing a custom tool to keep configuration up to date. Best regards Jose [1] http://www.gentoo.org/proj/en/releng/catalyst/ [2] http://agaffney.org/quickstart/
[gentoo-user] [OT] Laptop graphics card broken??
Sorry for the off track, but I'm totally lost regarding this, and I thought maybe somebody could shed some light on this...I've got an Acer Aspire 1520 with an NVIDIA GeForce FX Go5700 and a dual Gentoo Linux/Windows install. The problem is that the graphics card seems to be broken, at least partially: whenever I start the laptop the screen is off, and here comes the weird part, if I select Gentoo from the grub boot (I know where the options are, so I can select it even with the screen off) the screen keeps off, but if I select Windows, the screen gets on, but only when Windows reach the login screen, not before. By the way, the laptop fell some time ago from around a meter high, but after that kept on working, although I had some sporadic hangs on Linux, with the screen showing kind of light snow noise, almost always playing Battle of Wesnoth. The only logical explanation I can think of, unless I'm totally retarded and missing something clearly obvious, is that the card (or the screen) seems to be working only at some resolution/color depth/frequency combination ( [EMAIL PROTECTED], 32bit), and that I'm not using the working combination at Linux, but this seems really strange and I haven't heard of anything like this before.Anyone has any idea on this? What could I check to further diagnose the problem? Any solution? Am I missing anything? Thanks in advance, best regardsJose
Re: [gentoo-user] Re: [OT] Laptop graphics card broken??
2006/10/20, Harm Geerts [EMAIL PROTECTED]: On Friday 20 October 2006 21:10, José González Gómez wrote: Sorry for the off track, but I'm totally lost regarding this, and I thought maybe somebody could shed some light on this... I've got an Acer Aspire 1520 with an NVIDIA GeForce FX Go5700 and a dual Gentoo Linux/Windows install. The problem is that the graphics card seems to be broken, at least partially: whenever I start the laptop the screen is off, and here comes the weird part, if I select Gentoo from the grub boot (I know where the options are, so I can select it even with the screen off) the screen keeps off, but if I select Windows, the screen gets on, but only when Windows reach the login screen, not before. By the way, the laptop fell some time ago from around a meter high, but after that kept on working, although I had some sporadic hangs on Linux, with the screen showing kind of light snow noise, almost always playing Battle of Wesnoth. The only logical explanation I can think of, unless I'm totally retarded and missing something clearly obvious, is that the card (or the screen) seems to be working only at some resolution/color depth/frequency combination ( [EMAIL PROTECTED], 32bit), and that I'm not using the working combination at Linux, but this seems really strange and I haven't heard of anything like this before. Anyone has any idea on this? What could I check to further diagnose the problem? Any solution? Am I missing anything?You could try a linux livecd and see what that does.The same, the screen keeps off... anyway, this seems to be random: I have just restarted the computer while making tests and one of the times the screen functioned normally. And are there any settings regarding the screen in the BIOS? I cannot access the BIOS, as the screen shows nothing until Windows starts.Thanks, best regardsJose
Re: [gentoo-user] Calendar sharing with MS outlook on gentoo
2006/10/14, bijayant kumar [EMAIL PROTECTED]: Hi to all, I want to install MS outlook on the gentoo. Can it possible to run MS outlook on gentoo-linux. If yes then how...??? Is any extra plugin required to do the same. My main concern is that i have to provide calendar sharing with MS outlook on linux box to one of my client..Please help me..I have heard about scalix, but i am not sure about it, there is one thing more openXchange also. But i have no idea about both of them. If any one can help me, please do sir. I will be very thankful to you all. From your mails I still don't understand if you have client linux boxes where you want to run Outlook, or you have a linux server box where you want to place the shared calendar, with Outlook clients. Anyway, for each situation: 1. Windows Server running Exchange with Linux clients running Outlook: you need some piece of software that lets you run Outlook on Linux. You may try Wine, CrossOver Linux (from CodeWeavers)...2. Server running Linux with Windows clients running Outlook: you need a groupware server that lets you use Outlook as a client. OpenGroupware and Kolab comes to mind, there are commercial plugins that lets you connect Outlook to both of them. 3. Neither of the two above: if what you really want to do is to share calendars, but you may have linux on the server and client side and use other software instead of Outlook, take a look at the list of supported clients for the groupware server you choose. Novell Evolution and KDE Kontact are both groupware clients with similar interface and functionality resembling Outlook, and they can connect to OpenGroupware and Kolab IIRC. HTH, best regardsJose
[gentoo-user] [OT] Blocking only unsuccessful ssh connections
Hi there,I've got a virtual private server hosted somewhere and they're blocking me because their intrusion detection system detects 10 ssh connections in less than 2 minutes from my current IP. My question is: is it possible for an intrusion detection system to differentiate between successful and unsuccessful ssh connections so they don't block me? Of course all my connections are successful. Thanks in advance, best regardsJose
Re: [gentoo-user] [OT] Blocking only unsuccessful ssh connections
Hi2006/10/5, Hans-Werner Hilse [EMAIL PROTECTED]: Hi,On Thu, 5 Oct 2006 17:33:15 +0200José González Gómez [EMAIL PROTECTED] wrote: I've got a virtual private server hosted somewhere and they're blocking me because their intrusion detection system detects 10 ssh connections in less than 2 minutes from my current IP. My question is: is it possible for an intrusion detection system to differentiate between successful and unsuccessful ssh connections so they don't block me? Of course all my connections are successful.Well of course. It takes a bit more work, though. What are you trying?Proving to the hoster that they could do better? I guess they know that already (and are happy to bill you for better service). I'm just trying to decide if I should keep my current hoster and find out if this is common practice among hosters. In short: length of conversation would be an indication. Doesn't workfor simple firewalls that don't really work on full TCP streams. And I guess that's the reason why your hoster doesn't opt for something moreelaborated.Maybe you should just run ssh on a different port? Thanks for the idea, I'll take it into account. Best regards Jose
Re: [gentoo-user] [OT] Blocking only unsuccessful ssh connections
Hi there2006/10/5, Daniel da Veiga [EMAIL PROTECTED]: On 10/5/06, José González Gómez [EMAIL PROTECTED] wrote: Hi there, I've got a virtual private server hosted somewhere and they're blocking me because their intrusion detection system detects 10 ssh connections in less than 2 minutes from my current IP. My question is: is it possible for an intrusion detection system to differentiate between successful and unsuccessful ssh connections so they don't block me? Of course all my connections are successful.As Hans-Werner already told you, there are better ways to detectintrusion, and of course they could implement it in a way successful connection would not cause the intrusion detect system to block you,but its a bit more complicated and would involve the whole system,wich most providers do not want/care to have and if they have, theycharge over it. The questions here, if you don't want to argue with your hostprovider, would be:1) Is there another provider that does not have such limitation? Well, I would really know about this... does anybody know? 2) 10 connection in 2 minutes is a good config, why do you have somany connections in so little time? Is there another way to do whatever you're trying to do with less connections? Unfortunately I'm not responsible for making these connections. I'm using Maven (http://maven.apache.org/) to deploy some files to my server. Maven seems to use a different ssh connection for every operation it does (check for current version deployed, read metadata, copy several files to remote server...). I'll write to the Maven list to ask about this, maybe there is some way to slow down or reuse connections. I've rewrote a complete system just so I would not have to discuss myISP security policies. I guess it was faster to change a few hundred lines of code than to keep calling them on the phone to argue about it(if I could, I would have changed ISP). Well, that's another option. After all Maven is open source, so I could take a look at the code making the connections and try to improve it. Thanks a lot, best regards Jose
Re: [gentoo-user] [OT] Blocking only unsuccessful ssh connections
2006/10/5, Hans-Werner Hilse [EMAIL PROTECTED]: Hi,On Thu, 5 Oct 2006 20:47:18 +0200José González Gómez [EMAIL PROTECTED] wrote: Unfortunately I'm not responsible for making these connections. I'm using Maven (http://maven.apache.org/) to deploy some files to my server. Maven seems to use a different ssh connection for every operation it does (check for current version deployed, read metadata, copy several files to remote server...). I'll write to the Maven list to ask about this, maybe there is some way to slow down or reuse connections.Ah, I see. Well, that's easy to overcome by a SSH-via-SSH tunnel :-)Just make an initial connection like this: $ ssh -L2:127.0.0.1:22 vhost.isp.organd then either use 127.0.0.1:2 as ssh target host, or configure a section in your ~/.ssh/config for the tunneled access to the host, e.g.---snipHost tunneledvhostHostName 127.0.0.1Port 2---snipand then just use tunneledvhost to connect to. Great!!! Man, I've got to write down this in my trick book :o) I'm using Windows at work (yeah, I know) and putty instead of ssh, but I've done port forwarding before with putty, so I guess I'll have no problem. Thank you very very much, best regards Jose
[gentoo-user] [ANN] Ebuild for Puppet
Hi there,I recently discovered Puppet[1], From their web site: Puppet is an open-source next-generation server automation tool. It is composed of a declarative language for expressing system configuration, a client and server for distributing it, and a library for realizing the configuration.. Basically, Puppet intends to be a better cfengine [2] and IMHO it looks very promising. That's why I have contributed init scripts for Gentoo and integration of Puppet with portage, available from version 0.19.0, and have also contributed an ebuild [3] to make Puppet available to all those Gentoo sys admins out there. I also have to say that I have found its main developer (Luke Kanies) to be very supportive while programming all the integration with Gentoo. I hope you find this useful, and if so, contribute to make it even better (of course, if you find any problem in the integration with Gentoo, feel free to contact me). Best regards,Jose[1] http://www.reductivelabs.com/projects/puppet/index.html [2] http://www.reductivelabs.com/projects/puppet/documentation/notcfengine.html[3] http://bugs.gentoo.org/show_bug.cgi?id=146712