Re: [gentoo-user] Disabling ssh password login on all accounts?
On Tue, 11 Aug 2020 15:14:35 -0400, Walter Dnes wrote: > Match Address !192.168.1.0/24 > DenyUsers * > > One more question... does sshd_config follow the python convention > that indentinting with spaces or tabs denotes a "block"? No, the Match line defines the start of a block that continues until the start of the next block or the end of the file. -- Neil Bothwick This is a test of the emergency tagline stealing system. pgpPzoBCu6Px0.pgp Description: OpenPGP digital signature
Re: [gentoo-user] What is faster: amd64 or x86?
On 8/11/20 10:37 AM, Gregor A. „schlumpi“ Segner wrote: it’s total nonsense today to install a 32bit kernel on a 64Bit machine. I can see some value in having a 32-bit /only/ system if you /must/ support 32-bit software with no need for 64-bit and would like to avoid the complexity of multi-lib. -- Grant. . . . unix || die
Re: [gentoo-user] Disabling ssh password login on all accounts?
On Tue, Aug 11, 2020 at 01:51:59PM +0100, Victor Ivanov wrote > Yes that's one of the options you need to disable. The other one is > "ChallengeResponseAuthentication" which will also disable PAM-based > authentication (which may include passwords). So you should have the > following global settings in /etc/ssh/ssd_config: > > PubkeyAuthentication yes > PasswordAuthentication no > ChallengeResponseAuthentication no Victor (and Gerrit), in package.mask, I have... sys-apps/pv sys-auth/pambase sys-libs/pam virtual/pam Does that work as well? Let's just say that years ago, when PAM was the default on a new install, one of the first things I did after a fresh install was to remove PAM. It caused more problems than it was worth. "Everything you know is wrong". man pages and Google searches for programs would point to the non-PAM version, with different config files and settings. It was an absolute pain. As for "pv", I occasionally fat-finger things as "emerge pv fubar", when I actually want to "emerge -pv fubar". emerge will attempt to install pv and any other package(s) on the commandline. > If you so wish, you can also have configurations based on IP address > and/or network. It can be useful as a "fallback" mechanism from trusted > clients, e.g.: > > Match Address 192.168.1.0/24 > PasswordAuthentication yes Here at home, I can walk 6 feet to the laptop if necessary so no need. Let's be paranoid and assume that evil characters are scanning RFC 1918 addresses on Wifi networks at the coffee shop or where ever. BTW, the only addresses I allow via iptables are the 192.168.1.0/24 range. One more level of defense-in-depth. In case iptables fails due to an "update", is it possible to "deny all except 192.168.1.0/24" in sshd_config? Looking at Google, I think it would be something like... Match Address !192.168.1.0/24 DenyUsers * One more question... does sshd_config follow the python convention that indentinting with spaces or tabs denotes a "block"? -- Walter Dnes I don't run "desktop environments"; I run useful applications
Re: [gentoo-user] What is faster: amd64 or x86?
Hi everybody, dafuq what in... not sure what we should answer, it’s total nonsense today to install a 32bit kernel on a 64Bit machine. Really. The difference between 32 and 64Bit architecture is _not_ computing speed. -- Gregor A. „schlumpi“ Segner > On Dienstag, Aug. 11, 2020 at 4:55 PM, Sid Spry (mailto:s...@aeam.us)> wrote: > > > On Tue, Aug 11, 2020, at 11:41 AM, Remco Rijnders wrote: > > On Mon, Aug 10, 2020 at 07:46:36PM -0400, Jack wrote in > > <46fdde47-4437-5aa4-926d-e42aaed8e...@users.sourceforge.net>: > > > > On Mon, Aug 10, 2020, at 1:19 PM, Никита Степанов wrote: > > > > > What is faster: amd64 or x86? > > > > > > Nikita, what are you really asking about? Or, are you just looking to > > > stir the pot? > > > > I think the intended or underlying question was: Should I use the x86 > > or amd64 boot media to install Gentoo on my system? > > > > And I think the appropiate answer almost always is amd64 if the system > > supports it. I can see exceptions on severely memory constrained > > systems or if you need to mainly run software that can only run in 32 > > bit, but both seem rather uncommon to me. > > > > The appropriate answer is always amd64. The last I looked at benchmarks > was quite a long time ago, but I think there is improvement to running > 32 bit programs inside a 64 bit OS. The newer chips are more than just a > new instruction set. They contain a lot of machinery to make boring things, > like context switching, faster. >
Re: [gentoo-user] What is faster: amd64 or x86?
On Tue, Aug 11, 2020, at 11:41 AM, Remco Rijnders wrote: > On Mon, Aug 10, 2020 at 07:46:36PM -0400, Jack wrote in > <46fdde47-4437-5aa4-926d-e42aaed8e...@users.sourceforge.net>: > >>On Mon, Aug 10, 2020, at 1:19 PM, Никита Степанов wrote: > >>>What is faster: amd64 or x86? > > > >Nikita, what are you really asking about? Or, are you just looking to > >stir the pot? > > I think the intended or underlying question was: Should I use the x86 > or amd64 boot media to install Gentoo on my system? > > And I think the appropiate answer almost always is amd64 if the system > supports it. I can see exceptions on severely memory constrained > systems or if you need to mainly run software that can only run in 32 > bit, but both seem rather uncommon to me. > The appropriate answer is always amd64. The last I looked at benchmarks was quite a long time ago, but I think there is improvement to running 32 bit programs inside a 64 bit OS. The newer chips are more than just a new instruction set. They contain a lot of machinery to make boring things, like context switching, faster.
Re: [gentoo-user] ebuild : how to check for python version
On Tue, Aug 11, 2020 at 9:38 AM Helmut Jarausch wrote: > > On 08/11/2020 03:08:16 PM, Mike Gilbert wrote: > > On Sun, Aug 2, 2020 at 10:47 AM Helmut Jarausch > > <_ j_ a_ r_ a_ u_ s_ c_ h_ @_ s_ k_ y_ n_ e_ t_ ._ b_ e> wrote: > > Hi, > > in an ebuild I have to apply a patch only if this package is > > installed > > for python3.9. > > The ebuild should work for PYTHON_COMPAT=( python3_{8,9} ) > > > > How can I check for Pythons version in src_prepare or similar > > functions. > > > > Many thanks for a hint, > > Helmut > > > > I would suggest creating a patch that can be applied unconditionally > > instead. > > > > That would imply different function definitions within an 'if / else' > clause. > I don't like this. > What will you do when someone wants/needs to install it for both python3.8 and python3.9 simultaneously? If you want to support both versions, it's better to have code that actually works with both of them.
Re: [gentoo-user] ebuild : how to check for python version
On 08/11/2020 03:08:16 PM, Mike Gilbert wrote: On Sun, Aug 2, 2020 at 10:47 AM Helmut Jarausch <_j_a_r_a_u_s_c_h_@_s_k_y_n_e_t_._b_e> wrote: Hi, in an ebuild I have to apply a patch only if this package is installed for python3.9. The ebuild should work for PYTHON_COMPAT=( python3_{8,9} ) How can I check for Pythons version in src_prepare or similar functions. Many thanks for a hint, Helmut I would suggest creating a patch that can be applied unconditionally instead. That would imply different function definitions within an 'if / else' clause. I don't like this.
Re: [gentoo-user] External hard drive and idle activity
Wols Lists wrote: > On 04/08/20 08:42, Wols Lists wrote: >> Both LVM and btrfs offer snapshotting, so you take a snapshot before >> doing an in-place rsync, giving you one full backup per snapshot, but >> the drive is actually only storing the changes between snapshots. >> Probably run the backup much faster too. > Just strikes me this would be near ideal for an SMR drive, because this > would be copy-on-write, so the backup would just be streaming new data > to disk. > > And by judiciously choosing when to delete snapshots, you have > considerable control over when the drive decides to do a defrag. > > Cheers, > Wol > > I've never used those features of LVM before. Most likely, I should. I've had occasion to do a backup and then wish I had a old file back that was deleted during the new backup process. Example. I have a copy of a video for a particular show. I find a better version, HD or something, and download it. I then remove the old one and find out shortly after that it's the wrong episode or something. At that point, I'm missing a episode. I'd rather have a standard definition version than none at all. I suspect doing it the way you mention I'd be able to get that old copy back provided that snapshot hasn't been deleted yet. The way I do it now, once I update the backups, old stuff is deleted. Also, I just did another fairly large update on the backups. Once it hit around 50GBs or so, it started slowing down again. It was even slower than last time. It was transferring at around 70MBs/sec. Of course, it could be partly because that drive is filling up. It's around 80% or so. Anyway. I need to look into the snapshot thing. Gotta find a howto. ;-) Dale :-) :-)
Re: [gentoo-user] ebuild : how to check for python version
On Sun, Aug 2, 2020 at 10:47 AM Helmut Jarausch wrote: > Hi, > in an ebuild I have to apply a patch only if this package is installed > for python3.9. > The ebuild should work for PYTHON_COMPAT=( python3_{8,9} ) > > How can I check for Pythons version in src_prepare or similar functions. > > Many thanks for a hint, > Helmut > > I would suggest creating a patch that can be applied unconditionally instead.
Re: [gentoo-user] Disabling ssh password login on all accounts?
On Tue, 11 Aug 2020 06:21:26 -0400 "Walter Dnes" wrote: > # To disable tunneled clear text passwords, change to no here! > #PasswordAuthentication yes > > Is that correct? If not, what is the correct setting to change? You might also want to set to "No" the following ones: ChallengeResponseAuthentication UsePAM cu Gerrit
Re: [gentoo-user] Disabling ssh password login on all accounts?
On 11/08/2020 11:21, Walter Dnes wrote: > The one sevice I have listening for external connections on my laptop > is sshd (192.168.1.0/24). Before taking it anywhere, I want to prohibit > password-based login for *ALL* accounts, not just root. This would > require users to be listed in ~/.ssh/authorized_keys Looking through > /etc/ssh/sshd_config I *THINK* that I need to set "no" at... > > # To disable tunneled clear text passwords, change to no here! > #PasswordAuthentication yes > > Is that correct? If not, what is the correct setting to change? > Hi Walter, Yes that's one of the options you need to disable. The other one is "ChallengeResponseAuthentication" which will also disable PAM-based authentication (which may include passwords). So you should have the following global settings in /etc/ssh/ssd_config: PubkeyAuthentication yes PasswordAuthentication no ChallengeResponseAuthentication no PubkeyAuthentication should default to "yes" but it doesn't hurt to explicitly set it in case the defaults ever change. If you so wish, you can also have configurations based on IP address and/or network. It can be useful as a "fallback" mechanism from trusted clients, e.g.: Match Address 192.168.1.0/24 PasswordAuthentication yes - Victor signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] What is faster: amd64 or x86?
On Mon, Aug 10, 2020 at 07:46:36PM -0400, Jack wrote in <46fdde47-4437-5aa4-926d-e42aaed8e...@users.sourceforge.net>: On Mon, Aug 10, 2020, at 1:19 PM, Никита Степанов wrote: What is faster: amd64 or x86? Nikita, what are you really asking about? Or, are you just looking to stir the pot? I think the intended or underlying question was: Should I use the x86 or amd64 boot media to install Gentoo on my system? And I think the appropiate answer almost always is amd64 if the system supports it. I can see exceptions on severely memory constrained systems or if you need to mainly run software that can only run in 32 bit, but both seem rather uncommon to me.
[gentoo-user] Disabling ssh password login on all accounts?
The one sevice I have listening for external connections on my laptop is sshd (192.168.1.0/24). Before taking it anywhere, I want to prohibit password-based login for *ALL* accounts, not just root. This would require users to be listed in ~/.ssh/authorized_keys Looking through /etc/ssh/sshd_config I *THINK* that I need to set "no" at... # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes Is that correct? If not, what is the correct setting to change? -- Walter Dnes I don't run "desktop environments"; I run useful applications