Re: SSH and the Ubuntu Server
On 17/11/10 21:38, Dustin Kirkland wrote: This proposal requests that: 1) a new prompt be added to the Ubuntu Server installer 2) this prompt be dedicated to the boolean installation, or non-installation, of the SSH service, as an essential facet of a typical server 3) the cursor highlights the affirmative (yes, please install SSH), but awaits the user's conscious decision you could make the ssh server recommend denyhosts or fail2ban (both prevent brute force attacks by blocking hosts that make to many failed login attempts) sam -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: SSH and the Ubuntu Server
I inadvertently left ubuntu-server@ off of the original distribution. Sorry about that. CC'ing now. There are a few responses already in the thread: * https://lists.ubuntu.com/archives/ubuntu-devel/2010-November/thread.html Thanks, Dustin On Wed, Nov 17, 2010 at 3:38 PM, Dustin Kirkland kirkl...@ubuntu.com wrote: Ubuntu has long maintained a no open ports by default policy. This conservative approach arguably yields a more secure default installation. Several exceptions have been granted to this policy, which install services on the target system without the user's explicit consent, but in the calculated interest and support of a vastly more usable Ubuntu. Let me be clear: I am NOT requesting that sort of an exception. I am asking for ubuntu-devel's consensus, and an eventual Ubuntu Technical Board approval of a new prompt in the Ubuntu Server ISO's text-based installer, which would read something like the following: -- | If you need a secure connection to this | server remotely, you may wish to install | the openssh-server package. Note that | this service will open TCP port 22 on | your system, and you should use a very | strong password. | | Do you want to install the SSH service? | | [[YES]] [no] -- Rest assured that the exact text will be word-smithed by an appropriate committee to hash out an optimum verbiage. This proposal requests that: 1) a new prompt be added to the Ubuntu Server installer 2) this prompt be dedicated to the boolean installation, or non-installation, of the SSH service, as an essential facet of a typical server 3) the cursor highlights the affirmative (yes, please install SSH), but awaits the user's conscious decision These key points map to the following considerations: 1) the current option to install SSH on Ubuntu servers is buried in the tasksel menu - SSH is more fundamental to a server than the higher level profile selections for: DNS Server, Mail Server, LAMP Stack, Virtualization Host, etc. 2) users of the installation ISO will have the option to not install SSH, as they so desire - it is quite well understood that some users may not want SSH installed on their server 3) highlighting the YES option on this page is absolutely essential to addressing this usability issue - and that selection is easily overridden by hitting tabenter, or by experienced admins in preseed configurations Please consider that the very definition of a server implies that the system is running a service. Moreover, our official Ubuntu Server images as published for the Amazon EC2 cloud are, in fact, running SSH by default listening on port 22 on the unrestricted Internet (the 'ubuntu' has no password), and the Ubuntu Enterprise Cloud installation by the very same ISO installs SSH on every every UEC system deployed. This is not unprecedented. Having discussed the proposal with a subset of this audience (at UDS and in IRC), here are some known FAQs: Q: WTF?!? Ubuntu has no open ports by default! A: That depends on which Ubuntu you mean. Ubuntu-in-the-cloud runs SSH. Ubuntu-as-the-cloud runs SSH. Ubuntu desktops run avahi. Most importantly, this is not a run by default proposal. We have already compromised on that subject, culminating in this proposal, which is simply about providing Server users with an obvious way to install the typically essential SSH service. Q: Why not default the cursor on that question to No, instead of Yes? A: That totally bypasses the value of this proposal, and is only microscopically better than what we currently have, where Ubuntu Server users must go out of their way to add one of the most fundamental packages to almost any server installation. The proposal, as it stands, is already a compromise from the original suggestion at UDS; which was, if you're installing a server, you're expecting to run a service, so let's just install SSH by default. That idea is entirely out of scope now. We are proposing this installer question as a reasonable compromise. Q: What if the openssh-server package is compromised on the ISO? A: Although this has happened before, it is relatively rare over the history of Ubuntu. If/when this happens again, we would need to: a) recommend that people choose no when prompted, and install SSH post-installation from the security archive (same as we would do now, actually) b) and probably respin the ISOs (also been done before) Q: Why don't we disable password authentication? A: We could do this, and ask users to provide a public SSH key (or even just a simple Launchpad userid whose public key we could securely import). This would probably involve adding another page to the installer, public SSH keys are hard to memorize, while others will almost certainly object to even
Re: Fwd: Re: FOSDEM - Distribution Miniconf
Op 17-11-10 23:21, Manuel de la Pena schreef: Original Message Subject: Re: FOSDEM - Distribution Miniconf Date: Wed, 17 Nov 2010 23:19:54 +0100 From: Manuel de la Pena manuel.delap...@canonical.com To: Laura Czajkowski la...@lczajkowski.com On 15/11/2010 21:34, Laura Czajkowski wrote: Aloha, I was wondering if Ubuntu plans to have a presence at FOSDEM this year. It is one of the largest open source events in europe and in the past we haven't really taken part in this event apart from having a community presence at it and running a stall at it. There have been some individuals at it, however I think we should be there in a greater sense like many other distributions. This year following on from last years success FOSDEM is running a Distribution Miniconf and I think we should if possible try and have a few talks/sessions over the two day event.http://fosdem.org/2011/distrominiconf The reasons for this is that over the last two years I've noticed many people commenting on our lack of attendance at this event given its history (now 11th year) size of participates 6000-6500 and over 300 talks, we really should be there. Laura +1 to that. The Ubuntu Belgian Loco Team is great and I'm sure they would give a hand. I'd try to be there this year. Kr, Manuel As the Ubuntu NL LoCo Contact, I would be glad to ask for participation from my LoCo if that is necessary. There are some people living close to the border, and even for people living further away traveling to Brussels shouldn't take too long. We can help with preparation, tend to the Dutch speakers and contribute people to a stand. Regards, Sense Hofstede -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: SSH and the Ubuntu Server
(Please, in future, do not cross-post between the moderated ubuntu-devel and the unmoderated ubuntu-devel-discuss. Doing so produces time lags which confuse people.) On Wed, Nov 17, 2010 at 03:38:53PM -0600, Dustin Kirkland wrote: I am asking for ubuntu-devel's consensus, and an eventual Ubuntu Technical Board approval of a new prompt in the Ubuntu Server ISO's text-based installer, which would read something like the following: -- | If you need a secure connection to this | server remotely, you may wish to install | the openssh-server package. Note that | this service will open TCP port 22 on | your system, and you should use a very | strong password. | | Do you want to install the SSH service? | |[[YES]][no] -- Rest assured that the exact text will be word-smithed by an appropriate committee to hash out an optimum verbiage. Without wishing to express any opinion either way: this is an excessively painful choice of implementation. If you want to default it to yes, it would be sufficient, and much easier (take it from me, I'm the one who gets to deal with the translation merge workload when you guys add questions ...) to check the SSH server entry in tasksel by default. These key points map to the following considerations: 1) the current option to install SSH on Ubuntu servers is buried in the tasksel menu No, it's not. In Maverick it was arguably buried. In Natty, it is the very top entry on the tasksel menu, and the cursor rests on it when you reach that screen. - and that selection is easily overridden by hitting tabenter, or by experienced admins in preseed configurations We change preseeding too much, and it requires work from admins each time they bump to a new Ubuntu release. Many of those admins turn up on #ubuntu-installer and ask for help. The load is not insignificant. Cheers, -- Colin Watson [cjwat...@ubuntu.com] -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: SSH and the Ubuntu Server
On Thursday, November 18, 2010 04:21:42 am sam tygier wrote: On 17/11/10 21:38, Dustin Kirkland wrote: This proposal requests that: 1) a new prompt be added to the Ubuntu Server installer 2) this prompt be dedicated to the boolean installation, or non-installation, of the SSH service, as an essential facet of a typical server 3) the cursor highlights the affirmative (yes, please install SSH), but awaits the user's conscious decision you could make the ssh server recommend denyhosts or fail2ban (both prevent brute force attacks by blocking hosts that make to many failed login attempts) No. This is a bad idea. There are too many different ways to solve this problem (and IMO these are not the most robust) to impose a default on the user. Scott K -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: SSH and the Ubuntu Server
On Wednesday, November 17, 2010 04:38:53 pm Dustin Kirkland wrote: Q: Why not default the cursor on that question to No, instead of Yes? A: That totally bypasses the value of this proposal, and is only microscopically better than what we currently have ... Dustin, I think this seriously under values the many benifits of your proposal. The concern I have with defaulting a new question to yes the first time it appears is that if someone has a standard preseed they are using this will change what they get installed and they will never see the question (If I understand how all this works correctly and that's not certain). If we are going to change the no open ports by default policy (and I think your proposal would do that), I think we should not be in a great rush to do that. I would propose that the question should at least exist in an LTS release with a conservative default (no in this case) before defaulting to the less conservative default. My thought would be to do all as you propose, except leave it as default No for now and then consider swtiching to yes in 12.10. I know that's a longer timeline than you'd prefer, but I think it pays to be conservative in how we approach this. BTW, given the number of knocks I see on the door at port 22, this is very much not like the gorrilla thing. Scott K -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: SSH and the Ubuntu Server
On Thu, Nov 18, 2010 at 10:49:38AM -0500, Marc Deslauriers wrote: I think this screen is a good idea if in fact tasksel is moved to after the first boot. We used to have a two-stage installer and it was a nightmare to maintain for several reasons. Since we moved to a single-stage installer several years back, we've burned all the necessary code with fire and enjoyed it. Please don't make me go back to that. -- Colin Watson [cjwat...@ubuntu.com] -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: SSH and the Ubuntu Server
On Thu, Nov 18, 2010 at 10:51:29AM -0500, Scott Kitterman wrote: I think this seriously under values the many benifits of your proposal. The concern I have with defaulting a new question to yes the first time it appears is that if someone has a standard preseed they are using this will change what they get installed and they will never see the question (If I understand how all this works correctly and that's not certain). You are in general correct. (There are some workarounds for that kind of thing, but they're nasty and not particularly robust.) I would propose that the question should at least exist in an LTS release with a conservative default (no in this case) before defaulting to the less conservative default. My thought would be to do all as you propose, except leave it as default No for now and then consider swtiching to yes in 12.10. My counter-proposal would be to see how things work out with the openssh-server task at the top of tasksel's menu, as it now is in Natty. We haven't given that enough time (there hasn't even been a milestone containing it yet!) to see how it works out for server users. -- Colin Watson [cjwat...@ubuntu.com] -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: SSH and the Ubuntu Server
On Thu, 2010-11-18 at 16:04 +, Colin Watson wrote: On Thu, Nov 18, 2010 at 10:49:38AM -0500, Marc Deslauriers wrote: I think this screen is a good idea if in fact tasksel is moved to after the first boot. We used to have a two-stage installer and it was a nightmare to maintain for several reasons. Since we moved to a single-stage installer several years back, we've burned all the necessary code with fire and enjoyed it. Please don't make me go back to that. What if the Server team maintained the 2nd stage? Then we'd be making life easier for you, right? ;) -- Robbie Williamson rob...@ubuntu.com Ubuntu robbiew[irc.freenode.net] You can't be lucky all the time, but you can be smart everyday -Mos Def Arrogance is thinking you are better than everyone else, while Confidence is knowing no one else is better than you. -Me ;) -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: SSH and the Ubuntu Server
On Thu, Nov 18, 2010 at 10:08:47AM -0600, Robbie Williamson wrote: On Thu, 2010-11-18 at 16:04 +, Colin Watson wrote: On Thu, Nov 18, 2010 at 10:49:38AM -0500, Marc Deslauriers wrote: I think this screen is a good idea if in fact tasksel is moved to after the first boot. We used to have a two-stage installer and it was a nightmare to maintain for several reasons. Since we moved to a single-stage installer several years back, we've burned all the necessary code with fire and enjoyed it. Please don't make me go back to that. What if the Server team maintained the 2nd stage? Then we'd be making life easier for you, right? ;) Er. :-) (In seriousness, any good-quality second stage would require some level of cooperation from the first stage. We tried that and it was awful.) -- Colin Watson [cjwat...@ubuntu.com] -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: SSH and the Ubuntu Server
On Thu, Nov 18, 2010 at 10:00 AM, Serge Hallyn serge.hal...@canonical.com wrote: Quoting Clint Byrum (cl...@ubuntu.com): On Wed, 2010-11-17 at 15:38 -0600, Dustin Kirkland wrote: This proposal requests that: 1) a new prompt be added to the Ubuntu Server installer 2) this prompt be dedicated to the boolean installation, or non-installation, of the SSH service, as an essential facet of a typical server +1 for adding this prompt 3) the cursor highlights the affirmative (yes, please install SSH), but awaits the user's conscious decision -1 for having it default to Yes. Forgive me if the answer is obvious - but how is this any better then than simply expecting users to click 'ssh server' in the tasksel window which always comes up? It's not any better, Serge. :-( :-Dustin -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: SSH and the Ubuntu Server
On Thu, Nov 18, 2010 at 9:30 AM, Colin Watson cjwat...@ubuntu.com wrote: (Please, in future, do not cross-post between the moderated ubuntu-devel and the unmoderated ubuntu-devel-discuss. Doing so produces time lags which confuse people.) Dang. Sorry, Colin. Live and learn. On Wed, Nov 17, 2010 at 03:38:53PM -0600, Dustin Kirkland wrote: I am asking for ubuntu-devel's consensus, and an eventual Ubuntu Technical Board approval of a new prompt in the Ubuntu Server ISO's text-based installer, which would read something like the following: -- | If you need a secure connection to this | server remotely, you may wish to install | the openssh-server package. Note that | this service will open TCP port 22 on | your system, and you should use a very | strong password. | | Do you want to install the SSH service? | | [[YES]] [no] -- Rest assured that the exact text will be word-smithed by an appropriate committee to hash out an optimum verbiage. Without wishing to express any opinion either way: this is an excessively painful choice of implementation. If you want to default it to yes, it would be sufficient, and much easier (take it from me, I'm the one who gets to deal with the translation merge workload when you guys add questions ...) to check the SSH server entry in tasksel by default. These key points map to the following considerations: 1) the current option to install SSH on Ubuntu servers is buried in the tasksel menu No, it's not. In Maverick it was arguably buried. In Natty, it is the very top entry on the tasksel menu, and the cursor rests on it when you reach that screen. Right, that's a great change. Makes it more obvious. I can concede your point that adding the proposed page to the installer would create work for you, which of course, is not my goal. I would gladly revise this proposal to simply: * Automatically 'tick' OpenSSH Server by default on the Server Tasksel screen Which would also sit there and wait for the user to consciously affirm their selection, and would avoid the countless server installations where people forget to install SSH and must make their way back to a console on their newly installed system and add the openssh-server package. :-Dustin -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: SSH and the Ubuntu Server
Dustin Kirkland [2010-11-18 10:57 -0600]: On Thu, Nov 18, 2010 at 10:00 AM, Serge Hallyn Forgive me if the answer is obvious - but how is this any better then than simply expecting users to click 'ssh server' in the tasksel window which always comes up? It's not any better, Serge. :-( My first knee-jerk reaction to your initial mail was the same as Serge's -- I think it would be absolutely straightforward to enable ssh server by default by enabling this task, and it remains a conscious decision by the user. However, I'm a bit confused by your answer -- are you saying that the ssh task is enough to accomplish this, or that you don't consider that good enough? Thanks, Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: SSH and the Ubuntu Server
On Thu, 2010-11-18 at 16:22 +, Colin Watson wrote: On Thu, Nov 18, 2010 at 10:08:47AM -0600, Robbie Williamson wrote: On Thu, 2010-11-18 at 16:04 +, Colin Watson wrote: On Thu, Nov 18, 2010 at 10:49:38AM -0500, Marc Deslauriers wrote: I think this screen is a good idea if in fact tasksel is moved to after the first boot. We used to have a two-stage installer and it was a nightmare to maintain for several reasons. Since we moved to a single-stage installer several years back, we've burned all the necessary code with fire and enjoyed it. Please don't make me go back to that. What if the Server team maintained the 2nd stage? Then we'd be making life easier for you, right? ;) Er. :-) (In seriousness, any good-quality second stage would require some level of cooperation from the first stage. We tried that and it was awful.) So I see the 1st stage as just installing the minimal server, then we boot to a login prompt...user logs in and can either do his/her business as desired or launch the 2nd stage (which they are told about in a 1st boot motd-type message). -Robbie -- Colin Watson [cjwat...@ubuntu.com] -- Robbie Williamson rob...@ubuntu.com Ubuntu robbiew[irc.freenode.net] You can't be lucky all the time, but you can be smart everyday -Mos Def Arrogance is thinking you are better than everyone else, while Confidence is knowing no one else is better than you. -Me ;) -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: SSH and the Ubuntu Server
On 11/18/2010 09:49 AM, Marc Deslauriers wrote: Q: What if the openssh-server package is compromised on the ISO? A: Although this has happened before, it is relatively rare over the history of Ubuntu. If/when this happens again, we would need to: a) recommend that people choose no when prompted, and install SSH post-installation from the security archive (same as we would do now, actually) b) and probably respin the ISOs (also been done before) This isn't the only reason to not have SSH by default. My point was not having SSH installed by default before the administrator can properly secure a server, including installing security updates, and configuring ssh to respond to a particular network interface with password authentication disabled. I do not see this as a major issue: in corporate environments (where you will usually find multiple network interfaces) a system is installed in a protected area (either physically, or network-wise, or both). It is not just installing the basic system, but all the necessary configuration that needs to be done. Only after this post-install configuration a system will be set in the firewalls/routers. On the other hand, having SSH installed by default will help the majority of corporate users: we go (either physically, or via a serial console), install, and then happily use SSH to configure the rest of the system (and get out of the -- usually -- lights-out and cold environment, or off the bloody serial console). Q: Why don't we disable password authentication? A: We could do this, and ask users to provide a public SSH key (or even just a simple Launchpad userid whose public key we could securely import). This would probably involve adding another page to the installer, public SSH keys are hard to memorize, while others will almost certainly object to even optionally tying their Launchpad ID to Ubuntu installations. Most importantly, Ubuntu does not set a root password, so an attacker would need to guess BOTH the username AND password. Password authentication should definitely be disabled when SSH servers are exposed to untrusted networks. But in a lot of cases though, SSH password authentication is acceptable, such as on my home network, or in a corporate environment where the SSH port is restricted behind a firewall. I respectfully disagree. Password authentication should be disabled by default. Downgrading security -- in corporate environments -- usually requires a formal risk acceptance process. Also, in every audit I participated a system accepting SSH password authentication would be flagged an audit finding, and documentation would be required to justify it. It strikes me as inconsistent that we allow a known risk as default. It should be the other way: if I want to downgrade security, I have to explicitly choose to do so. Of course, in this discussion, having only PK-authentication would require either the person installing to provide an out-of-band public key, or the installer to have this option. I don't think disabling SSH password authentication is something that can realistically be done by default for now. Q: What if I want a different sshd configuration than what's shipped by default in Ubuntu, before running sshd? A: You sound like an advanced user; please preseed your installation, or add SSH after the initial install (as you would do now). Securing your ssh installation is mentioned in every single security checklist I've seen. This isn't something only advanced users need to do. Making novice users install SSH without knowing the impact of doing so is not something we should be recommending. Even more reason for us to provide a sensible -- and more secure -- default SSH configuration. Cheers, ..C.. signature.asc Description: OpenPGP digital signature -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
udev ignore_device removed why?
Hi, i'm trying to use a guillemot corp. Hercules DJ peripherial in a vmware virtual machine running on ubuntu lucid 10.0.4. amd64 To be able to use it in vmware I have to disconnect it from usbhid. I've tried to make a rule for udev, but it doesn't work because in version 10.0.4 the OPTION ignore_device has been removed. I've tried to disconnect peripherial from ushdid doing (usb plugged in 4-2:1.0) cd /sys/bus/usb/drivers/usbhid echo '4-2:1.0' unbind then it disconnects from usbhid and then i go to vmware and select to connect the device to the virtual machine, and vmware does not alert that the device is being used by another driver (usbhid), ok, but then udev remounts the device automatically. I think it wouldn't happen if ignore_device was still an available OPTION, writting this rule: ATTRS{idVendor}==06f8, OPTIONS+=ignore_device ATTR{idVendor}==06f8, OPTIONS+=ignore_device What can I do to disconnect the device and avoid udev mounts the device? Would next udev version allow to use ignore_device?? Is there any patch to reactivate this functionality? Thanks. Pere Joseph -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: SSH and the Ubuntu Server
Excerpts from Robbie Williamson's message of Thu Nov 18 13:34:58 -0500 2010: On Thu, 2010-11-18 at 16:22 +, Colin Watson wrote: On Thu, Nov 18, 2010 at 10:08:47AM -0600, Robbie Williamson wrote: On Thu, 2010-11-18 at 16:04 +, Colin Watson wrote: On Thu, Nov 18, 2010 at 10:49:38AM -0500, Marc Deslauriers wrote: I think this screen is a good idea if in fact tasksel is moved to after the first boot. We used to have a two-stage installer and it was a nightmare to maintain for several reasons. Since we moved to a single-stage installer several years back, we've burned all the necessary code with fire and enjoyed it. Please don't make me go back to that. What if the Server team maintained the 2nd stage? Then we'd be making life easier for you, right? ;) Er. :-) (In seriousness, any good-quality second stage would require some level of cooperation from the first stage. We tried that and it was awful.) So I see the 1st stage as just installing the minimal server, then we boot to a login prompt...user logs in and can either do his/her business as desired or launch the 2nd stage (which they are told about in a 1st boot motd-type message). I'd add that the 2nd stage would just be tasksel. I don't know what the 2-stage installer was like back in the old days. The proposal discussed at UDS was: * to have the installer create a minimal-lean install (ie 1st stage - same thing as of today). It creates a basic working system which upon reboot can be configured for its final role (either by a sysadmin via a console or ssh login [1] or a configuration management system such as puppet, chef, cfengine, shell script, etc...). * Remove the tasksel step in the installer and add a note in the motd pointing to tasksel so that a sysadmin can finish the configuration of the system after reboot (as outlined in [1] above). This would provide a similar user experience to the one provided by the Ubuntu cloud images on EC2 and UEC. Once an instance is started the following text is displayed upon login into it via ssh: - At the moment, only the core of the system is installed. To tune the system to your needs, you can choose to install one or more predefined collections of software by running the following command: sudo tasksel --section server - A similar message would be displayed when a user logs into the newly-installed system (either via console or ssh). -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: udev ignore_device removed why?
On Thu, Nov 18, 2010 at 2:55 PM, pere lengo perele...@hotmail.com wrote: I've tried to make a rule for udev, but it doesn't work because in version 10.0.4 the OPTION ignore_device has been removed. Rationale given in the release notes for udev 148, see http://lwn.net/Articles/364728/ Would next udev version allow to use ignore_device?? Highly unlikely -Dan -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: SSH and the Ubuntu Server
On Thu, Nov 18, 2010 at 12:34:58PM -0600, Robbie Williamson wrote: On Thu, 2010-11-18 at 16:22 +, Colin Watson wrote: On Thu, Nov 18, 2010 at 10:08:47AM -0600, Robbie Williamson wrote: What if the Server team maintained the 2nd stage? Then we'd be making life easier for you, right? ;) Er. :-) (In seriousness, any good-quality second stage would require some level of cooperation from the first stage. We tried that and it was awful.) So I see the 1st stage as just installing the minimal server, then we boot to a login prompt...user logs in and can either do his/her business as desired or launch the 2nd stage (which they are told about in a 1st boot motd-type message). The problem is that doing task selection in the second stage, for a CD installer, requires keeping copies of a bunch of packages because it's quite plausible that the user ejected the CD. The code necessary for this was horrific, and I think the problems with it are fundamental. It's really much better to do the whole installation in one go, IMO. -- Colin Watson [cjwat...@ubuntu.com] -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Run From Pocket Drive Installer Option?
On Thu, Nov 18, 2010 at 5:55 PM, Jono Bacon j...@ubuntu.com wrote: On Thu, 2010-11-18 at 17:50 -0600, Dustin Kirkland wrote: We could probably just detect if you have a persistence file on the media, and if there's anything of value in it, and if so, then change the verbiage from Try Ubuntu to Launch Your Live Ubuntu or something more appropriate. I think that would work great. Is this specced out in anyone's planned work? I bet you could just poke Evan and file a single bug. It honestly doesn't sound like anything monumental. I could be wrong, though. The final wording should probably be passed by mpt, too. Evan? :-Dustin -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: SSH and the Ubuntu Server
Excerpts from Colin Watson's message of Thu Nov 18 18:39:33 -0500 2010: On Thu, Nov 18, 2010 at 12:34:58PM -0600, Robbie Williamson wrote: On Thu, 2010-11-18 at 16:22 +, Colin Watson wrote: On Thu, Nov 18, 2010 at 10:08:47AM -0600, Robbie Williamson wrote: What if the Server team maintained the 2nd stage? Then we'd be making life easier for you, right? ;) Er. :-) (In seriousness, any good-quality second stage would require some level of cooperation from the first stage. We tried that and it was awful.) So I see the 1st stage as just installing the minimal server, then we boot to a login prompt...user logs in and can either do his/her business as desired or launch the 2nd stage (which they are told about in a 1st boot motd-type message). The problem is that doing task selection in the second stage, for a CD installer, requires keeping copies of a bunch of packages because it's quite plausible that the user ejected the CD. The code necessary for this was horrific, and I think the problems with it are fundamental. Good point. I'd suggest to keep on the -server iso only the packages that are required to create a minimal/lean install. The assumption is that upon reboot the system will have access to an archive via the network (which is different from having access to the Internet). It's really much better to do the whole installation in one go, IMO. Agreed. And there is only one choice for the whole installation: a minimal/lean install (as the tasksel screen would be removed from the installer - or replaced with a message suggesting that system can be configured for certain roles (with a list of examples) once it has rebooted). -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: SSH and the Ubuntu Server
On Thu, 2010-11-18 at 23:39 +, Colin Watson wrote: On Thu, Nov 18, 2010 at 12:34:58PM -0600, Robbie Williamson wrote: So I see the 1st stage as just installing the minimal server, then we boot to a login prompt...user logs in and can either do his/her business as desired or launch the 2nd stage (which they are told about in a 1st boot motd-type message). The problem is that doing task selection in the second stage, for a CD installer, requires keeping copies of a bunch of packages because it's quite plausible that the user ejected the CD. The code necessary for this was horrific, and I think the problems with it are fundamental. It's really much better to do the whole installation in one go, IMO. We weren't even considering using the CD during the 2nd stage. I happen to think that trying to use the CD after the installer is done, as anything other than a source for a local package mirror, is more trouble than it is worth. I sat here and tried to type out my reasons for still wanting a 2 stage installer, but I couldn't make sense of it. I think you're right. One install, with really well thought out defaults and not too many questions seems the simplest (but not too simple) solution. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss