Re: AuthorizedKeyCommand ldap
On Mon, Dec 11, 2017 at 7:13 PM, Paulm <pa...@tetrardus.net> wrote:
> On Mon, Dec 11, 2017 at 03:49:24PM -0700, Dan Becker wrote:
> > I am reading a blog proposing to use the AuthorizedKeyCommand to hook
> into
> > another authentication mechanism by calling a shell script
> >
> > https://blog.heckel.xyz/2015/05/04/openssh-authorizedkeyscommand-with-
> fingerprint/
> >
> > Do I have a valid concern in thinking this might not be a prudent method
> of
> > authentication ?
> >
>
> I don't know why he uses the term 'dynamic authorized_keys file'. I
> know what he means, but it's not a file. (When people misuse basic
> terms I immediately question their depth of understanding.)
>
> As for your question - these are some thoughts, not intended to be
> comprehensive:
>
> As I see it, the key will be somewhere - in the authorized_keys file
> in the user's home directory, in an LDAP directory, or perhaps
> elsewhere. Regardless of where it's kept, it needs to be secured
> against tampering. Is the local host more secure in that regard than
> an LDAP dir? That depends on the quality of the sysadmins who set up
> the server and how the network infrastructure is designed. The same
> applies to any other mechanism for remotely storing public keys.
>
> sshd(8) will complain if the perms for the user's authorized_key file
> aren't correct, so it offers a safe-guard against misconfiguration.
>
> The mechanism for retrieving the key from a remote server should use
> SSL/TLS to validate the server's identity and protect the contents.
>
> The utility invoked by sshd to fetch the key needs to be secured,
> requiring special privileges to modify it.
>
> Locally, points of attack would be the tool itself or the user's
> authorized keys file, or the server's public key. They're all files,
> so file permission restrictions would have to be circumvented. If the
> tool is not written in a type-safe language, then it could create
> additional vulnerabilities as well.
>
> In larger environments, keeping track of authorized_keys files for
> users and hosts, making sure they're (only) on the hosts they need to
> be on, and keeping them accurate and up-to-date can be tedious and
> error prone, even with a config management system. One could argue
> that that method allows for vulnerabilities that would not exist if
> the keys were managed centrally. Again, it depends on the quality of
> the sysadmins' work.
>
> The security requirements in an infrastructure are probably not the
> same for all hosts, so you could use a hybrid strategy, using a local
> authorzed_keys file for hosts that need greater protection (e.g.,
> database servers, firewalls, DMZ hosts, etc) if that makes you more
> comfortable. (Generally speaking, I think too much uniformity can
> sometimes be a weakness).
>
>
>
>
Thank you for the above
We have someone suggesting we implement something similar to the above with
a twist.
The script they call acts similar to this
user="$1"
hostname="$(hostname)"
curl -s -q -m 5 -f -H "Authorization: Token ${secret}" "
https://auth.site.com/sshkeys/?user=${user}=${hostname};
2>/dev/null
exit $?
My main concern comes from the fact this process is being ran as root and
injecting the username as an arg "$1"
Example :
What happens if someone runs ssh '" -rf /'@host, is there a sanitation
in the ssh daemon ?
--
--Dan
AuthorizedKeyCommand ldap
I am reading a blog proposing to use the AuthorizedKeyCommand to hook into another authentication mechanism by calling a shell script https://blog.heckel.xyz/2015/05/04/openssh-authorizedkeyscommand-with-fingerprint/ Do I have a valid concern in thinking this might not be a prudent method of authentication ? -- --Dan
Re: cu connection trap crash
On Sat, Aug 8, 2015 at 9:20 PM, Philip Guenther guent...@gmail.com wrote: On Sat, Aug 8, 2015 at 3:36 PM, Dan Becker d.b.bec...@gmail.com wrote: On Saturday, August 8, 2015, Dan Becker d.b.bec...@gmail.com wrote: When connecting to a serial port with a usb to serial adapter. Unplugging the usb connection without closing the session causes my system to drop to ddb. ... $ cat /var/run/dmesg.boot OpenBSD 5.7 (GENERIC.MP) #881: Sun Mar 8 11:04:17 MDT 2015 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP I'm 98% certain that this was fixed in April or so, and thus fixed in -current and will be fixed in 5.8. If not, well, it's now too late to debug and fix it before 5.8 is frozen. So, you should upgrade to 5.8 soon after it comes out and verify whether this is resolved there. If not, report it again then, with fresh dmesg and backtrace, so that it can be addressed when there's time in the 5.9 cycle... Philip Guenther Will do. -- --Dan
cu connection trap crash
When connecting to a serial port with a usb to serial adapter. Unplugging the usb connection without closing the session causes my system to drop to ddb. Can someone else try to verify this ? No flags, simply 'cu /dev/cuaU0 ' http://1drv.ms/1Dy9w4J ddb screenie ^ -- --Dan
Re: cu connection trap crash
On Sat, Aug 8, 2015 at 2:12 PM, Philip Guenther guent...@gmail.com wrote: On Saturday, August 8, 2015, Dan Becker d.b.bec...@gmail.com wrote: When connecting to a serial port with a usb to serial adapter. Unplugging the usb connection without closing the session causes my system to drop to ddb. Can someone else try to verify this ? No flags, simply 'cu /dev/cuaU0 ' http://1drv.ms/1Dy9w4J ddb screenie ^ dmesg? Attachment -- --Dan [demime 1.01d removed an attachment of type application/octet-stream which had a name of dmesg.boot]
Re: cu connection trap crash
On Sat, Aug 8, 2015 at 2:12 PM, Philip Guenther guent...@gmail.com wrote: On Saturday, August 8, 2015, Dan Becker d.b.bec...@gmail.com wrote: When connecting to a serial port with a usb to serial adapter. Unplugging the usb connection without closing the session causes my system to drop to ddb. Can someone else try to verify this ? No flags, simply 'cu /dev/cuaU0 ' http://1drv.ms/1Dy9w4J ddb screenie ^ dmesg? inline... disk wasn't mounted properly because this is probably the 4th time I repeated the process to make sure I could :) $ cat /var/run/dmesg.boot OpenBSD 5.7 (GENERIC.MP) #881: Sun Mar 8 11:04:17 MDT 2015 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4160286720 (3967MB) avail mem = 4045619200 (3858MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xfb4c0 (43 entries) bios0: vendor FUJITSU // Phoenix Technologies Ltd. version Version 1.15 date 07/05/2011 bios0: FUJITSU LIFEBOOK S751 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC SSDT SSDT HPET APIC MCFG ASF! TCPA SSDT SSDT UEFI UEFI UEFI acpi0: wakeup devices UAR1(S3) HDEF(S4) PCE0(S4) PCE3(S3) GLAN(S4) LID_(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2494.69 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,A ES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2494.34 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,A ES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2494.34 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,A ES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2494.34 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,A ES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P2) acpiprt2 at acpi0: bus 1 (PCE0) acpiprt3 at acpi0: bus 10 (PCE2) acpiprt4 at acpi0: bus 11 (PCE3) acpiprt5 at acpi0: bus 12 (PCE7) acpiec0 at acpi0 acpicpu0 at acpi0: C2, C1, PSS acpicpu1 at acpi0: C2, C1, PSS acpicpu2 at acpi0: C2, C1, PSS acpicpu3 at acpi0: C2, C1, PSS acpiac0 at acpi0: AC unit online acpibat0 at acpi0: CMB1 model CP483691-01 serial 02A-Z110813001293Z type LION oem Fujitsu acpibat1 at acpi0: CMB2 not present acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: PWRB acpibtn2 at acpi0: SLPB acpivideo0 at acpi0: GFX0 acpivout0 at acpivideo0: LCD_ cpu0: Enhanced SpeedStep 2494 MHz: speeds: 2501, 2500, 2000, 1800, 1600, 1400, 1200, 1000, 800 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel Core 2G Host rev 0x09 vga1 at pci0 dev 2 function 0 Intel HD Graphics 3000 rev 0x09 intagp at vga1 not configured inteldrm0 at vga1 drm0 at inteldrm0 inteldrm0: 1366x768 wsdisplay0 at vga1 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) Intel 6 Series MEI rev 0x04 at pci0 dev 22 function 0 not configured puc0 at pci0 dev 22 function 3 Intel 6 Series KT rev 0x04: ports: 1 com com4 at puc0 port 0 apic 2 int 19: ns16550a, 16 byte fifo com4: probed fifo depth: 0 bytes em0 at pci0 dev 25 function 0 Intel 82579LM rev 0x04: msi, address b0:99:28:cb:b6:d3 ehci0 at pci0 dev 26 function 0 Intel 6 Series USB rev 0x04: apic 2 int 23 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function
node-webkit
Has anyone successfully built node-webkit on OpenBSD ? If so... willing to share ? -- --Dan
systrace
asking for a friend Is the systrace policy format fully documented anywhere? There's a quick explanation on systrace(1) but there's no dedicated page for the format -- --Dan
Re: bioctl weirdness
On Thu, Sep 25, 2014 at 2:37 AM, Joel Sing j...@sing.id.au wrote: On Wed, 24 Sep 2014, Dan Becker wrote: forgot to add this relevant part # bioctl -R /dev/wd0a sd1 softraid0: wd0a partition too small, at least 536871980544 bytes required # Again, note the bytes vs blocks. That has most likely been fixed already, however without a dmesg I have no idea what kernel you're running with. My guess is this is a softraid volume with pre-bootable metadata... I was hoping to see someone else having the same issue :) I will do some more digging but here is the dmesg I didnt attach OpenBSD 5.5 (GENERIC.MP) #315: Wed Mar 5 09:37:46 MST 2014 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2120769536 (2022MB) avail mem = 2055761920 (1960MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf0450 (72 entries) bios0: vendor Dell Inc. version A01 date 05/24/2005 bios0: Dell Inc. OptiPlex GX520 acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP SSDT APIC BOOT ASF! MCFG HPET SSDT SSDT SSDT acpi0: wakeup devices VBTN(S4) PCI0(S5) PCI4(S5) PCI2(S5) PCI3(S5) PCI1(S5) PCI5(S5) PCI6(S5) MOU_(S3) USB0(S3) USB1(S3) USB2(S3) USB3(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Pentium(R) 4 CPU 3.20GHz, 3192.41 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR,NXE,LONG cpu0: 2MB 64b/line 8-way L2 cache mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 199MHz cpu0: mwait min=0, max=0 (bogus) cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Pentium(R) 4 CPU 3.20GHz, 3192.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR,NXE,LONG cpu1: 2MB 64b/line 8-way L2 cache ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 8 acpimcfg0 at acpi0 addr 0xf000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 4 (PCI4) acpiprt1 at acpi0: bus 2 (PCI2) acpiprt2 at acpi0: bus 3 (PCI3) acpiprt3 at acpi0: bus 1 (PCI1) acpiprt4 at acpi0: bus -1 (PCI5) acpiprt5 at acpi0: bus -1 (PCI6) acpiprt6 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: FVS, 3200, 3000, 2800 MHz acpicpu1 at acpi0: FVS, 3200, 3000, 2800 MHz acpibtn0 at acpi0: VBTN pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel 82945G Host rev 0x02 ppb0 at pci0 dev 1 function 0 Intel 82945G PCIE rev 0x02: msi pci1 at ppb0 bus 1 Intel 82945G Video rev 0x02 at pci0 dev 2 function 0 not configured Intel 82945G Video rev 0x02 at pci0 dev 2 function 1 not configured ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01: msi pci2 at ppb1 bus 2 bge0 at pci2 dev 0 function 0 Broadcom BCM5751 rev 0x01, BCM5750 A1 (0x4001): apic 8 int 16, address 00:12:3f:64:03:96 brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb2 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x01: msi pci3 at ppb2 bus 3 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: apic 8 int 21 uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: apic 8 int 22 uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x01: apic 8 int 18 uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x01: apic 8 int 23 ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x01: apic 8 int 21 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb3 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xe1 pci4 at ppb3 bus 4 radeondrm0 at pci4 dev 0 function 0 ATI Radeon 9200 PRO rev 0x01 drm0 at radeondrm0 radeondrm0: apic 8 int 16 ATI Radeon 9200 PRO Sec rev 0x01 at pci4 dev 0 function 1 not configured ATT/Lucent FW322 1394 rev 0x70 at pci4 dev 2 function 0 not configured auich0 at pci0 dev 30 function 2 Intel 82801GB AC97 rev 0x01: apic 8 int 23, ICH7 AC97 ac97: codec id 0x41445374 (Analog Devices AD1981B) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 pcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01 pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TSSTcorp, CD/DVDW TS-H652M, 0414 ATAPI 5/cdrom removable cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) pciide1 at pci0 dev 31 function 2 Intel 82801GB SATA rev 0x01: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using apic 8 int 20 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: Hitachi HDS5C3020ALA632 wd0: 16-sector PIO, LBA48, 1907729MB
bioctl weirdness
two identical drives... shutdown system remove one turn the system back on bioctl shows the partitions as 536871980544 which is 137. something times bigger than the drive oddly enough it is 512 times the size of the partition 536871980544/1048578087 512. in a few days I will have all the data moved to another set of drives and be more than willing to do some debugging # bioctl softraid0 Volume Status Size Device softraid0 0 Degraded 536871980544 sd1 RAID1 0 Offline 0 0:0.0 noencl wd0a 1 Online 536871980544 0:1.0 noencl wd1a softraid0 1 Degraded 536871980544 sd2 RAID1 0 Online 536871980544 1:0.0 noencl wd1b 1 Offline 0 1:1.0 noencl wd0b softraid0 2 Degraded 536871980544 sd3 RAID1 0 Online 536871980544 2:0.0 noencl wd1d 1 Offline 0 2:1.0 noencl wd0d softraid0 3 Degraded 389781911040 sd4 RAID1 0 Online 389781911040 3:0.0 noencl wd1e 1 Offline 0 3:1.0 noencl wd0e # disklabel sd1 # /dev/rsd1c: type: SCSI disk: SCSI disk label: SR RAID 1 duid: 1d42ceb8d332594e flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 65270 total sectors: 1048578087 boundstart: 0 boundend: 1048578087 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a: 10485780480 4.2BSD 4096 327681 c: 10485780870 unused # disklabel sd2 # /dev/rsd2c: type: SCSI disk: SCSI disk label: SR RAID 1 duid: 978b49563ef3223a flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 65270 total sectors: 1048578087 boundstart: 0 boundend: 1048578087 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a: 10485780480 4.2BSD 4096 327681 c: 10485780870 unused # disklabel sd3 # /dev/rsd3c: type: SCSI disk: SCSI disk label: SR RAID 1 duid: 8e245525f52a55d0 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 65270 total sectors: 1048578087 boundstart: 0 boundend: 1048578087 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a: 10485780480 4.2BSD 4096 327681 c: 10485780870 unused # disklabel sd4 # /dev/rsd4c: type: SCSI disk: SCSI disk label: SR RAID 1 duid: 390559d487f82e16 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 47388 total sectors: 761292795 boundstart: 0 boundend: 761292795 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a:7612927360 4.2BSD 4096 327681 c:7612927950 unused # disklabel wd0 # /dev/rwd0c: type: ESDI disk: ESDI/IDE disk label: Hitachi HDS5C302 duid: 6c7c163233d6b678 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 243201 total sectors: 3907029168 boundstart: 0 boundend: 3907029168 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a: 1048578551 64RAID b: 1048578615 1048578615RAID c: 39070291680 unused d: 1048578615 2097157230RAID e:761293323 3145735845RAID
Re: bioctl weirdness
forgot to add this relevant part # bioctl -R /dev/wd0a sd1 softraid0: wd0a partition too small, at least 536871980544 bytes required # On Tue, Sep 23, 2014 at 7:40 PM, Dan Becker geg...@gmail.com wrote: two identical drives... shutdown system remove one turn the system back on bioctl shows the partitions as 536871980544 which is 137. something times bigger than the drive oddly enough it is 512 times the size of the partition 536871980544/1048578087 512. in a few days I will have all the data moved to another set of drives and be more than willing to do some debugging # bioctl softraid0 Volume Status Size Device softraid0 0 Degraded 536871980544 sd1 RAID1 0 Offline 0 0:0.0 noencl wd0a 1 Online 536871980544 0:1.0 noencl wd1a softraid0 1 Degraded 536871980544 sd2 RAID1 0 Online 536871980544 1:0.0 noencl wd1b 1 Offline 0 1:1.0 noencl wd0b softraid0 2 Degraded 536871980544 sd3 RAID1 0 Online 536871980544 2:0.0 noencl wd1d 1 Offline 0 2:1.0 noencl wd0d softraid0 3 Degraded 389781911040 sd4 RAID1 0 Online 389781911040 3:0.0 noencl wd1e 1 Offline 0 3:1.0 noencl wd0e # disklabel sd1 # /dev/rsd1c: type: SCSI disk: SCSI disk label: SR RAID 1 duid: 1d42ceb8d332594e flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 65270 total sectors: 1048578087 boundstart: 0 boundend: 1048578087 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a: 10485780480 4.2BSD 4096 327681 c: 10485780870 unused # disklabel sd2 # /dev/rsd2c: type: SCSI disk: SCSI disk label: SR RAID 1 duid: 978b49563ef3223a flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 65270 total sectors: 1048578087 boundstart: 0 boundend: 1048578087 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a: 10485780480 4.2BSD 4096 327681 c: 10485780870 unused # disklabel sd3 # /dev/rsd3c: type: SCSI disk: SCSI disk label: SR RAID 1 duid: 8e245525f52a55d0 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 65270 total sectors: 1048578087 boundstart: 0 boundend: 1048578087 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a: 10485780480 4.2BSD 4096 327681 c: 10485780870 unused # disklabel sd4 # /dev/rsd4c: type: SCSI disk: SCSI disk label: SR RAID 1 duid: 390559d487f82e16 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 47388 total sectors: 761292795 boundstart: 0 boundend: 761292795 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a:7612927360 4.2BSD 4096 327681 c:7612927950 unused # disklabel wd0 # /dev/rwd0c: type: ESDI disk: ESDI/IDE disk label: Hitachi HDS5C302 duid: 6c7c163233d6b678 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 243201 total sectors: 3907029168 boundstart: 0 boundend: 3907029168 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a: 1048578551 64RAID b: 1048578615 1048578615RAID c: 39070291680 unused d: 1048578615 2097157230RAID e:761293323 3145735845RAID
Re: new OpenSSL flaws
Giancarlo Razzolini wrote: Writing in caps doesn't make your assumption correct. I'd really like that everybody would switch to LibreSSL. But It will not be as simple as you are putting. First of all, there are lots of money involved. And now, even more, because the Linux Foundation is funding OpenSSL. So, there are politics involved also. And, unfortunately, I believe that LibreSSL will share some of the bugs of OpenSSL for some time to come. And, don't fool yourself, it will have new bugs. I had to change lots of passwords too, so I know what you're talking about. Funny thing, that I didn't needed to change any of my banking passwords. Cheers, As a simple user who influences these decisions in deployments, I can tell you my desire is to ssh tunnel all my openssl connections until the guys who make SSH finish fixing ssl. Look at SSH's track record compared to OpenSSL. It's not practical but that is my desire :) --Dan
can i get a flame ?
bONG (b is silent OpenBSD is Not Gnu ) -- --Dan
hardware donation
I have two dell 1U 1850's I am ready to quit feeing electricity + several spare scsi drives with trays. Couple questions. Would OpenBSD be interested in them and if so where would they need to be shipped to ( I need to figure out what it would cost to do so ) dmesg below ( this one has one core the other has two ..both have 10GB ram ) ... OpenBSD 5.2 (GENERIC.MP) #368: Wed Aug 1 10:04:49 MDT 2012 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 10736099328 (10238MB) avail mem = 10427936768 (9944MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf9920 (87 entries) bios0: vendor Dell Computer Corporation version A04 date 09/22/2005 bios0: Dell Computer Corporation PowerEdge 1850 acpi0 at bios0: rev 0 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP APIC SPCR HPET MCFG acpi0: wakeup devices PCI0(S5) PALO(S5) PBLO(S5) VPR0(S5) PBHI(S5) VPR1(S5) PICH(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(TM) CPU 3.00GHz, 2993.05 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR,NXE,LONG cpu0: 2MB 64b/line 8-way L2 cache cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Xeon(TM) CPU 3.00GHz, 2992.71 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR,NXE,LONG cpu1: 2MB 64b/line 8-way L2 cache ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 2 ioapic1 at mainbus0: apid 3 pa 0xfec8, version 20, 24 pins ioapic1: misconfigured as apic 0, remapped to apid 3 ioapic2 at mainbus0: apid 4 pa 0xfec83000, version 20, 24 pins ioapic2: misconfigured as apic 0, remapped to apid 4 acpihpet0 at acpi0: 14318179 Hz acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (PALO) acpiprt2 at acpi0: bus 2 (DOBA) acpiprt3 at acpi0: bus 3 (DOBB) acpiprt4 at acpi0: bus 4 (PBLO) acpiprt5 at acpi0: bus 8 (VPR0) acpiprt6 at acpi0: bus 5 (PBHI) acpiprt7 at acpi0: bus 6 (PXB1) acpiprt8 at acpi0: bus 7 (PXB2) acpiprt9 at acpi0: bus 9 (PICH) acpicpu0 at acpi0 acpicpu1 at acpi0 ipmi at mainbus0 not configured pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel E7520 Host rev 0x09 ppb0 at pci0 dev 2 function 0 Intel E7520 PCIE rev 0x09 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 Intel IOP332 PCIE-PCIX rev 0x06 pci2 at ppb1 bus 2 ami0 at pci2 dev 14 function 0 Dell PERC 4e/Di rev 0x06: apic 3 int 14 ami0: Dell 16c, 32b, FW 521X, BIOS vH430, 256MB RAM ami0: 1 channels, 0 FC loops, 1 logical drives scsibus0 at ami0: 40 targets sd0 at scsibus0 targ 0 lun 0: AMI, Host drive #00, SCSI2 0/direct fixed sd0: 140160MB, 512 bytes/sector, 287047680 sectors scsibus1 at ami0: 16 targets safte0 at scsibus1 targ 6 lun 0: PE/PV, 1x2 SCSI BP, 1.0 SCSI2 3/processor fixed ppb2 at pci1 dev 0 function 2 Intel IOP332 PCIE-PCIX rev 0x06 pci3 at ppb2 bus 3 ppb3 at pci0 dev 4 function 0 Intel E7520 PCIE rev 0x09 pci4 at ppb3 bus 4 ppb4 at pci0 dev 5 function 0 Intel E7520 PCIE rev 0x09 pci5 at ppb4 bus 5 ppb5 at pci5 dev 0 function 0 Intel 6700PXH PCIE-PCIX rev 0x09 pci6 at ppb5 bus 6 em0 at pci6 dev 7 function 0 Intel PRO/1000MT (82541GI) rev 0x05: apic 4 int 0, address 00:13:72:4d:97:2f ppb6 at pci5 dev 0 function 2 Intel 6700PXH PCIE-PCIX rev 0x09 pci7 at ppb6 bus 7 em1 at pci7 dev 8 function 0 Intel PRO/1000MT (82541GI) rev 0x05: apic 4 int 1, address 00:13:72:4d:97:30 ppb7 at pci0 dev 6 function 0 Intel E7520 PCIE rev 0x09 pci8 at ppb7 bus 8 uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: apic 2 int 16 uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: apic 2 int 19 uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: apic 2 int 18 ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: apic 2 int 23 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb8 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xc2 pci9 at ppb8 bus 9 Dell DRAC 4 rev 0x00 at pci9 dev 5 function 0 not configured puc0 at pci9 dev 5 function 1 Dell DRAC 4 Virtual UART rev 0x00: ports: 1 com com2 at puc0 port 0 apic 2 int 21: ns16550a, 16 byte fifo com2: probed fifo depth: 0 bytes Dell DRAC 4 SMIC rev 0x00 at pci9 dev 5 function 2 not configured pciide0 at pci9 dev 6 function 0 CMD Technology PCI0680 rev 0x02 pciide0: bus-master DMA support present pciide0: channel 0 wired to native-PCI mode pciide0: using apic 2 int 23 for native-PCI interrupt atapiscsi0 at pciide0 channel 0 drive 0 scsibus2 at atapiscsi0: 2 targets sd1 at scsibus2 targ 0 lun 0: DELL, VSF, 0123 ATAPI 0/direct removable atapiscsi1 at pciide0 channel 0 drive 1 scsibus3 at atapiscsi1: 2
Re: openbsd 5.0 lifebook p1110 kernal panic on suspend/standby
Z --dan -Original Message- From: Kendall Shaw ks...@kendallshaw.com Sender: owner-misc@openbsd.orgDate: Thu, 08 Mar 2012 13:24:42 To: misc@openbsd.org Subject: Re: openbsd 5.0 lifebook p1110 kernal panic on suspend/standby Ted Unangst t...@tedunangst.com writes: As a short term workaround, type -c at the boot prompt, then disable cbb at the next prompt, then quit, and see what happens. I still get a panic and it didn't change the panic string or the trace. Kendall On Wed, Mar 07, 2012, Kendall Shaw wrote: Kendall Shaw ks...@kendallshaw.com writes: Hi, I have a lifebook p1110 which causes a kernel panic related to APM, I think. Either by setting power savings settings in BIOS to suspend or standby, or disabling power savings in BIOS and running apmd and apm -z or apm -S causes a kernal panic. Do you have any advice, other than give up on being able to use suspend? The sub-notebook has no serial port, so I'm typing the trace and ps results: trace: Debugger(d08cee78,d85dde58,d08ad043,d85dde58,0) at Debugger+0x4 panic(d08ad043,d10cc000,d85dde8c,d10aea00,0) at panic+0x5d timeout_add(d10aea4c,a,8,0,d10aea00) at timeout_add+0xbf pccbb_checksockstat(d10aea00,0,0,ff00,0) at pccbb_checksockstat+0x6e pccbbactivate(d10aea00,3,d85ddeec,d059f4b8,d10b1e00) at pccbbactivate+0x409 config_activate_children(d10b1e00,3,3,12,50307dc) at config_activate_children+0x45 config_activate_children(d10b0fc0,3,246,0,1) at config_activate_children+0x45 apm_suspend(2,0,d85ddf50,800b,0) at apm_suspend+0x91 apm_periodic_check(d10b1f80,20,d097df84,0,d10b1f80) at apm_periodic_check+0x19c apm_thread(d10b1f80) at apm_thread+0x20 Bad frame pointer: 0xd0b8ce38 ps: apmd getty ksh cron inetd sendmail sshd ntpd pflogd syslogd dhclient aiodoned update cleaner reaper pagedown crypto pfpurge pcic0,0,1 pcic0,0,0 usbtask usbatsk apm0 syswq idle0 kmthread init swapper Someone sent me email pointing out that I should include the panic string: timeout_add: not initialized Kendall
