http://serverfault.com/questions/57962/whats-wrong-with-always-being-root
--- Keith Gable A+, Network+, and Storage+ Certified Professional Apple Certified Technical Coordinator Mobile Application Developer / Web Developer On Mon, Apr 15, 2013 at 9:15 AM, Tim Tisdall <tisd...@gmail.com> wrote: > What's wrong with ssh'ing as root? > > > On Mon, Apr 15, 2013 at 10:08 AM, Keith Gable <zi...@ignition-project.com > >wrote: > > > But you're SSHing as root, which is probably worse than opening CouchDB > to > > the world with no password. > > > > --- > > Keith Gable > > A+, Network+, and Storage+ Certified Professional > > Apple Certified Technical Coordinator > > Mobile Application Developer / Web Developer > > > > > > On Mon, Apr 15, 2013 at 8:45 AM, Tim Tisdall <tisd...@gmail.com> wrote: > > > > > Instead of opening CouchDB to the world, I simply access it by > > > port-forwarding through ssh when I connect to the machine. Like this: > > > > > > ssh -L 5984:127.0.0.1:5984 r...@mymachine.com > > > > > > Then on my local machine I can simply access > > http://localhost:5984/_utils/and > > > up comes futon. It depends on your use-case, but this works well for > me. > > > > > > > > > > > > On Mon, Apr 15, 2013 at 7:14 AM, Stefan Reich < > > > stefan.reich.maker.of....@googlemail.com> wrote: > > > > > > > Hmm... maybe you guys can help me solve the rest of the problem? > > (Access > > > to > > > > couchdb from outside) > > > > > > > > These are the last iptables rules in chain INPUT:; > > > > > > > > MY_REJECT all -- anywhere anywhere > > > > ACCEPT tcp -- anywhere anywhere tcp > > dpt:5984 > > > > > > > > Is that not what it should be...? Says "anywhere"... everywhere. Heh. > > > > > > > > Cheers, > > > > Stefan > > > > > > > > > > > > On Mon, Apr 15, 2013 at 1:08 PM, Stefan Reich < > > > > stefan.reich.maker.of....@googlemail.com> wrote: > > > > > > > > > OK, thanks for all the answers, folks. It was indeed iptables that > > > > blocked > > > > > the port. This stuff should be designed (much) better in operating > > > > systems. > > > > > > > > > > Actually it's a project of mine to make that better (LuaOS and its > > > > > follow-ups). > > > > > > > > > > I got iptables to allow access locally now. Weirdly, it still > doesn't > > > > work > > > > > over the Internet. And no, the server is not behind a firewall... > :) > > > > > > > > > > Thanks, > > > > > Stefan > > > > > > > > > > > > > > > On Thu, Apr 11, 2013 at 3:30 AM, Andrey Kuprianov < > > > > > andrey.koupria...@gmail.com> wrote: > > > > > > > > > >> See if your local.ini bind_address is set to 0.0.0.0 so that you > can > > > > >> access > > > > >> it locally and remotely. > > > > >> > > > > >> > > > > >> On Thu, Apr 11, 2013 at 2:54 AM, Stanley Iriele < > > siriele...@gmail.com > > > > >> >wrote: > > > > >> > > > > >> > A simple cat of etc/hosts... Should let you know!... And maybe > > > > nsswitch > > > > >> > just to be sure > > > > >> > On Apr 10, 2013 11:22 AM, "Robert Newson" <rnew...@apache.org> > > > wrote: > > > > >> > > > > > >> > > Are you sure localhost == 127.0.0.1 on your machine? > > debian/ubuntu > > > > are > > > > >> > > notorious for changing that convention. > > > > >> > > > > > > >> > > On 10 April 2013 14:20, Stanley Iriele <siriele...@gmail.com> > > > > wrote: > > > > >> > > > Why are you telneting to it?...try curling it and see > whatviy > > > > >> responds > > > > >> > > with > > > > >> > > > On Apr 10, 2013 10:47 AM, "Stefan Reich" < > > > > >> > > > stefan.reich.maker.of....@googlemail.com> wrote: > > > > >> > > > > > > > >> > > >> Oops, bad copy&paste - here's the actual process info: > > > > >> > > >> > > > > >> > > >> root@pussy-riot-germany:~/luastuff# ps -aef|grep 7651 > > > > >> > > >> couchdb 7651 7650 0 19:44 pts/0 00:00:00 > > > > >> > > >> /usr/lib/erlang/erts-5.8/bin/beam.smp -Bd -K true -- -root > > > > >> > > /usr/lib/erlang > > > > >> > > >> -progname erl -- -home /var/lib/couchdb -- -noshell > -noinput > > > > -sasl > > > > >> > > >> errlog_type error -couch_ini /etc/couchdb/default.ini > > > > >> > > >> /etc/couchdb/local.ini /etc/couchdb/default.ini > > > > >> /etc/couchdb/local.ini > > > > >> > > -s > > > > >> > > >> couch -pidfile /var/run/couchdb/couchdb.pid -heart > > > > >> > > >> couchdb 7682 7651 0 19:44 ? 00:00:00 heart -pid > > 7651 > > > > >> -ht 11 > > > > >> > > >> > > > > >> > > >> Cheers, > > > > >> > > >> Stefan > > > > >> > > >> > > > > >> > > >> > > > > >> > > >> On Wed, Apr 10, 2013 at 7:46 PM, Stefan Reich < > > > > >> > > >> stefan.reich.maker.of....@googlemail.com> wrote: > > > > >> > > >> > > > > >> > > >> > Hi there! > > > > >> > > >> > > > > > >> > > >> > I'd like to start using CouchDB for my projects. > > > > >> > > >> > > > > > >> > > >> > This is on a Linux host. CouchDB installed from standard > > > Debian > > > > >> > > package, > > > > >> > > >> > no settings altered. But it doesn't start properly: > > > > >> > > >> > > > > > >> > > >> > root@pussy-riot-germany:~/luastuff# uname -a > > > > >> > > >> > Linux pussy-riot-germany 2.6.32-042stab068.8 #1 SMP Fri > > Dec 7 > > > > >> > 17:06:14 > > > > >> > > >> MSK > > > > >> > > >> > 2012 i686 GNU/Linux > > > > >> > > >> > root@pussy-riot-germany:~/luastuff# /etc/init.d/couchdb > > > start > > > > >> > > >> > Starting database server: couchdb. > > > > >> > > >> > root@pussy-riot-germany:~/luastuff# /etc/init.d/couchdb > > > status > > > > >> > > >> > Apache CouchDB is running as process 7651, time to relax. > > > > >> > > >> > root@pussy-riot-germany:~/luastuff# telnet localhost > 5984 > > > > >> > > >> > Trying ::1... > > > > >> > > >> > Trying 127.0.0.1... > > > > >> > > >> > telnet: Unable to connect to remote host: Connection > > refused > > > > >> > > >> > > > > > >> > > >> > Connection refused? > > > > >> > > >> > > > > > >> > > >> > Here's the process info: > > > > >> > > >> > > > > > >> > > >> > root@pussy-riot-germany:~/luastuff# uname -a > > > > >> > > >> > Linux pussy-riot-germany 2.6.32-042stab068.8 #1 SMP Fri > > Dec 7 > > > > >> > 17:06:14 > > > > >> > > >> MSK > > > > >> > > >> > 2012 i686 GNU/Linux > > > > >> > > >> > root@pussy-riot-germany:~/luastuff# /etc/init.d/couchdb > > > start > > > > >> > > >> > Starting database server: couchdb. > > > > >> > > >> > root@pussy-riot-germany:~/luastuff# /etc/init.d/couchdb > > > status > > > > >> > > >> > Apache CouchDB is running as process 7651, time to relax. > > > > >> > > >> > root@pussy-riot-germany:~/luastuff# telnet localhost > 5984 > > > > >> > > >> > Trying ::1... > > > > >> > > >> > Trying 127.0.0.1... > > > > >> > > >> > telnet: Unable to connect to remote host: Connection > > refused > > > > >> > > >> > > > > > >> > > >> > Please help, dear experts... :) > > > > >> > > >> > > > > > >> > > >> > Cheers, > > > > >> > > >> > Stefan > > > > >> > > >> > > > > > >> > > >> > > > > > >> > > >> > > > > >> > > > > > > >> > > > > > >> > > > > > > > > > > > > > > > > > > > >