How to Retain an Existing Ext4 Partition with a Debian 5.0.5 DVD Installation?

[Tom Browder]

I want to install Debian 5.0.5 over my Ubuntu 10.04.1 OS.

I will reformat  partitions /boot and / but want to keep the other
partitions which are now using the ext4 file system.

Will that work?  I read that 4.0 (lenny) doesn't support ext4 but it's
available in testing.  I see that the ext4 package is on the 5.0.5
distro but that doesn't necessarily mean it will be used routinely.

Can anyone say for sure what will happen during installation with an
existing ext4 partition to be retained?

Thanks.

-Tom

Thomas M. Browder, Jr.
Niceville, Florida
USA


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlkti=aac_mjkzzen1qdoiv3fzlfqntgdh8lz3nz...@mail.gmail.com

Re: How to Retain an Existing Ext4 Partition with a Debian 5.0.5 DVD Installation?

[Tom Browder]

On Wed, Aug 25, 2010 at 06:52, Rodney D. Myers rod_my...@fastmail.fm wrote:
 On 8/25/10 7:49 AM, Tom Browder wrote:
...
 Can anyone say for sure what will happen during installation with an
 existing ext4 partition to be retained?
...
 What other partitions? I'll assume /home, and anything else?

I have three disks with the partition setup as follows (mount points are shown):

d1 (4 partitions):

/boot - ext2# will reformat
/ - ext3  # will reformat
/usr/local - ext4  # keep
swap # will reformat

keep:

d2 (1 partition): /disk2 - ext4
d3 (1 partition): /disk3 - ext4

Normally with other distros I would use manual disk setup during
installation and use the labels I have on the partitions to assign the
mount points.

I assume I can probably get away with ignoring disks 2 and 3 and set
them up later, so I'm not concerned about them so much during
installation.  In  a pinch I can probably do the same with the
/usr/local partition on disk 1.  But I would like  to avoid those
actions if I can.

Note that I have a people directory under /usr/local instead of
/home since that's the way I learned under Irix many years ago and
so it's for historical reasons as they say.

Thanks, Rodney.

-Tom


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlkti=nlceqqskse+x+8+byqk64dd_8i5caurvsa...@mail.gmail.com

Re: How to Retain an Existing Ext4 Partition with a Debian 5.0.5 DVD Installation?

[Tom Browder]

On Wed, Aug 25, 2010 at 07:20, Rodney D. Myers rod_my...@fastmail.fm wrote:
 On 8/25/10 8:14 AM, Tom Browder wrote:
 On Wed, Aug 25, 2010 at 06:52, Rodney D. Myers rod_my...@fastmail.fm wrote:
 On 8/25/10 7:49 AM, Tom Browder wrote:
 ...
 Can anyone say for sure what will happen during installation with an
 existing ext4 partition to be retained?

 When installing, and the experts will correct me if I'm wring   ;-)  ,
 use the expert system when doing the drive formatting. In there, you can
 mark each partition as keep, ignore, format, etc. Also in there, you can
 assign each partition a mount point as well.

That sounds good.  So I shouldn't have any problems with 5.0.5
supporting existing ext4 partitions.

Thanks, Rodney.

-Tom


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktikgjnzpqo1vdoehlcrted2q_nwq1mnw=v-yn...@mail.gmail.com

Re: How to Retain an Existing Ext4 Partition with a Debian 5.0.5 DVD Installation?

[Tom Browder]

On Wed, Aug 25, 2010 at 07:44, Alain Baeckeroot
alain.baecker...@laposte.net wrote:
 Le 25/08/2010 à 14:31, Tom Browder a écrit :
 On Wed, Aug 25, 2010 at 07:20, Rodney D. Myers rod_my...@fastmail.fm wrote:
  On 8/25/10 8:14 AM, Tom Browder wrote:
  On Wed, Aug 25, 2010 at 06:52, Rodney D. Myers rod_my...@fastmail.fm 
  wrote:
  On 8/25/10 7:49 AM, Tom Browder wrote:
  ...
  Can anyone say for sure what will happen during installation with an
  existing ext4 partition to be retained?

 Lenny does not support ext4 for /boot (maybe / too), but
 it can manage ext4 for other partitions.
 https://ext4.wiki.kernel.org/index.php/Ext4_Howto#For_people_who_are_running_Debian
 http://wiki.debian.org/Ext4

 For sure there is a backported kernel with ext4 support, it works flawlessly 
 for me.
 http://backports.org/
 http://packages.debian.org/lenny-backports/kernel/linux-image-2.6-686

Good info, Alain, thanks!

-Tom


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktinxhber0hvf+xmolz9mr0fn-tkjphoohzjwg...@mail.gmail.com

Re: How to Retain an Existing Ext4 Partition with a Debian 5.0.5 DVD Installation?

[Tom Browder]

On Wed, Aug 25, 2010 at 08:22, Jochen Schulz m...@well-adjusted.de wrote:
 Tom Browder:
 On Wed, Aug 25, 2010 at 07:44, Alain Baeckeroot

 Lenny does not support ext4 for /boot (maybe / too), but
 it can manage ext4 for other partitions.
 https://ext4.wiki.kernel.org/index.php/Ext4_Howto#For_people_who_are_running_Debian
 http://wiki.debian.org/Ext4

 For sure there is a backported kernel with ext4 support, it works 
 flawlessly for me.
 http://backports.org/
 http://packages.debian.org/lenny-backports/kernel/linux-image-2.6-686

 Good info, Alain, thanks!

 In order to be able to at least mount existing ext4 filesystems during
 installation, you canalso try Kenshi Muto's d-i:
 http://kmuto.jp/debian/d-i/

 These are regular images, just with a more recent kernel. And Kenshi is
 a DD, in case you care.

Hm, thanks, but using those sounds like an installation using advanced
procedures I'm not experienced with.

Are we talking about a place in the installation where it might ask if
you have other images or such on another medium (such as another CD or
DVD)?

I assume that is detailed in the inst docs, but I've never done it before.

Thanks, Jochen.

-Tom


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktin1qhhn6s12mflnrjkmddg3eqtpgzzkizrtm...@mail.gmail.com

Re: How to Retain an Existing Ext4 Partition with a Debian 5.0.5 DVD Installation?

[Tom Browder]

On Wed, Aug 25, 2010 at 09:14, Jochen Schulz m...@well-adjusted.de wrote:
 Tom Browder:
 On Wed, Aug 25, 2010 at 08:22, Jochen Schulz m...@well-adjusted.de wrote:

 In order to be able to at least mount existing ext4 filesystems during
 installation, you canalso try Kenshi Muto's d-i:
 http://kmuto.jp/debian/d-i/

 These are regular images, just with a more recent kernel. And Kenshi is
 a DD, in case you care.

 Hm, thanks, but using those sounds like an installation using advanced
 procedures I'm not experienced with.

 No, as I said: it is the regular Debian installer which comes with a
 more recent kernel.

 Are we talking about a place in the installation where it might ask if
 you have other images or such on another medium (such as another CD or
 DVD)?

 No, these are separate images. You download, burn and boot from them
 just like with any other d-i image.

Oh!  Thanks, I'll try that then.

I'll report results later on this thread.

-Tom


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktinwyrwvp-zmcjiombjgdxcjcko7z4do7tli6...@mail.gmail.com

Re: Mixing apt-get and aptitude

[Tom Browder]

On Wed, Aug 25, 2010 at 19:23, Aaron Toponce aaron.topo...@gmail.com wrote:
 On 08/25/2010 01:09 PM, T o n g wrote:
 I used to use either apt-get or aptitude to install packages. Is it OK to
 do so?

 Yes. However, aptitude is a much more powerful program. Check my blog
 post on the many reasons to use aptitude over apt:

 http://pthree.org/2007/08/12/aptitude-vs-apt-get/

Excellent!  Thanks.

Aside, can you post another blog (or another thread here) about why
you use both Ubuntu and Debian?

I assume Debian for a stable server host and Ubuntu for a more
up-to-date desktop host, but I may be wrong.

Thanks.

-Tom

Niceville, FL
USA


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktim6xfpdev_9oat1cb4tb-6hzvuuvae=b2qip...@mail.gmail.com

Re: Mixing apt-get and aptitude

[Tom Browder]

On Thu, Aug 26, 2010 at 10:59, Aaron Toponce aaron.topo...@gmail.com wrote:
 On Thu, Aug 26, 2010 at 08:51:29AM -0500, Tom Browder wrote:
 Aside, can you post another blog (or another thread here) about why
 you use both Ubuntu and Debian?

 http://pthree.org/2009/02/19/server-migration-from-ubuntu-804-to-debian-50/
...

Thanks, Aaron, case well stated!

-Tom

Tom Browder
Niceville, FL
USA


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktikzgy21u3kfyy5-m0a0jujyquhajzhxdjg7m...@mail.gmail.com

What is Recommend CLI Package Manager Tool for Newb?

[Tom Browder]

I have to say I'm getting confused.  I'm in the middle of setting up
my first Debian server  (which used to be Ubuntu).

I will be administering it remotely and would like to use the best
tool for the job.

Now I read conflicting opinions from experienced people about apt-*,
aptitude, and wajit.

Is there a consensus?

Thanks.

-Tom

Thomas M. Browder, Jr.
Niceville, Florida
USA


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktinvcpmg3jxvw02ahgteaskzzk8exxjp65i3a...@mail.gmail.com

New Debian Server: Add/Remove Applications Hangs, Blocks Other GUI Apps

[Tom Browder]

On my freshly installed Lenny 5.0.5 box. I have my network working
enough to get new packages, browse, and ssh to other hosts, but i  am
having trouble with some administrative GUI apps.

When I try to use the Add/Remove Applications it chugs for a while,
then, after I enter the password, it opens.  Then it says the list of
apps is out of date, asks if it can be updated, grays out and it hangs
and I can't kill it without logging out and back in.

And while it's hanging, I can't use Synaptic Package Manager or the
root terminal.

After  I log out and back in, I can use Synaptic Package Manager and
the root terminal okay.

As the doctor said when the man complained when it hurt after some
action, don' t do that.

And I could do the same, but I want to do that.

Any ideas?

Thanks.

-Tom

Thomas M. Browder, Jr.
Niceville, Florida
USA


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktimw560fclbpyr5vnwkzyntja3rbk1t9w7p9k...@mail.gmail.com

Re: New Debian Server: Add/Remove Applications Hangs, Blocks Other GUI Apps

[Tom Browder]

On Sun, Aug 29, 2010 at 03:44, Bob Proulx b...@proulx.com wrote:
...

Bob, thanks for answering.  I can't give detailed reply tight now, but
I will later.

Regards,

-Tom

Thomas M. Browder, Jr.
Niceville, Florida
USA


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktinudqdfkhgrhwhjaz2sa2y-vpebedycqwwg1...@mail.gmail.com

Re: New Debian Server: Add/Remove Applications Hangs, Blocks Other GUI Apps

[Tom Browder]

On Sun, Aug 29, 2010 at 03:44, Bob Proulx b...@proulx.com wrote:
 Tom Browder wrote:
...
 When I try to use the Add/Remove Applications it chugs for a while,

 you are using a GUI wrapper around apt.  Because it is a wrapper there
 may be errors that you are not seeing.  Let me recommend that you run
 apt from the command line so that you can see any errors that are
 being produced.

Okay, will do.

 What are the contents of your /etc/apt/sources.list file?

$ cat /etc/apt/sources.list
deb http://ftp.us.debian.org/debian/ lenny main
deb-src http://ftp.us.debian.org/debian/ lenny main

deb http://security.debian.org/ lenny/updates main
deb-src http://security.debian.org/ lenny/updates main

deb http://volatile.debian.org/debian-volatile lenny/volatile main
deb-src http://volatile.debian.org/debian-volatile lenny/volatile main

 I worry that you may have something incorrect there.

 If not then run an update from the command line and report what it
 says.  Hopefully it will work with no errors.  But if not it should
 tell you why it is failing.

  # apt-get update

That works.  No out-of-date programs indicated.
 If that works then you can upgrade.

  # apt-get upgrade

That works--it upgraded OpenOffice.

 And while it's hanging, I can't use Synaptic Package Manager or the
 root terminal.

 Your phrase or the root terminal confuses me.

That's was an app on the menus just like terminal except it was owned by root.

All of the issues look like a problem with granting privileges.  I
have added my user name to the sudoers file and am not using anything
but CLI now--my new Debian server is now headless.

Thanks, Bob.

Regards,

-Tom


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktikke8gkd9joa7cnwmkrhjrmwmacbpykvtxxk...@mail.gmail.com

Re: New Debian Server: Add/Remove Applications Hangs, Blocks Other GUI Apps

[Tom Browder]

On Mon, Aug 30, 2010 at 10:59, Bob Proulx b...@proulx.com wrote:
...
 I have no idea what is happening in that subsystem.  I never use it.

 Good luck!

Thanks, Bob.

Regards,

-Tom


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlkti=nbvpklq21tni98dgack6wbxl+fy=ssipxa...@mail.gmail.com

How to determine packages added after installation?

[Tom Browder]

Is there any way to get a list of the default packages used for an
initial installation from CD?  I looked at my 10.04.1 CD and could
find only a limited set of packages (*.deb) under ./pool, and that is
obviously not all that were installed.

My purpose is so that I can ensure a co-worker has the same package
setup as I so our environments are identical.  I know I can do this by
comparing his installed package list versus mine. but it would be
easier if I could just tell him what I added after a default
installation.  A Date-installed: record in the package list file
(/var/lib/dpkg/status) would be helpful for compiling such a list (and
maybe a How-installed: record).

Thanks,

-Tom

Thomas M. Browder, Jr.
Niceville, Florida
USA


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlkti=g3rh9ovqoy23q+oa-z5zcwsf8llym+o0rk...@mail.gmail.com

Using unstable for certain packages

[Tom Browder]

Is it possible to fine tune the package sources so as to use unstable
only for certain packages?

Best  regards,

-Tom


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAFMGiz_v+WfSymepzCsuWaA=_=uy3X_4apZ=trhpbzu0u+6...@mail.gmail.com

Re: Using unstable for certain packages

[Tom Browder]

On Fri, Apr 12, 2013 at 6:38 AM, Morel Bérenger
berenger.mo...@neutralite.org wrote:
 Le Ven 12 avril 2013 13:33, Tom Browder a écrit :
 Is it possible to fine tune the package sources so as to use unstable
 only for certain packages?
...
 The technique is named apt-pinning, you can find some documentation here:
 http://wiki.debian.org/AptPreferences

On Fri, Apr 12, 2013 at 6:38 AM, Lars Noodén lars.noo...@gmail.com wrote:
...
 If the package you want is not in backports, then you could try apt-pinning:
 http://wiki.debian.org/AptPreferences

Thanks, Morel and Lars!

Best regards,

-Tom


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cafmgiz_gmo_mjxj3vm5bwccp7xklcpx8ql1qbyvq4osjyiz...@mail.gmail.com

Re: Using unstable for certain packages

[Tom Browder]

On Fri, Apr 12, 2013 at 6:59 AM, Alex Mestiashvili
alexander.mestiashv...@biotec.tu-dresden.de wrote:
 On 04/12/2013 01:33 PM, Tom Browder wrote:
 Is it possible to fine tune the package sources so as to use unstable
 only for certain packages?
...
 You can try it, but in most cases it is not a good idea.

 Most of the packages have dependencies which are not available in stable
 or testing and if you try to get all of them, than  after some time your
 system will be a mix of unstable and stable/testing

 I suggest to get the source packages instead and rebuild them for your
 environment.

Sounds like good advice, Alex--a happy medium between ad hoc local
updates and a probably more controlled build and local install.  I
shall look into how to do that.

Best regards,

-Tom


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAFMGiz9bXVd9LbCHCvj+b1PnnU=-1y8u7lpk6wnnkf0aqsz...@mail.gmail.com

Re: How to partition a 3TB disk?

[Tom Browder]

On Mon, May 20, 2013 at 8:28 PM, David Christensen
dpchr...@holgerdanske.com wrote:
 On 05/20/13 17:20, Rick Thomas wrote:
 I just purchased a 3TB disk -- my first of that size.
 I'm trying to partition it. I want one huge ext4 filesystem. But fdisk
...
 Install parted and read the man page for the mklabel command with the

David is right on track, but gparted may be easier.  See:

  http://gparted.sourceforge.net/index.php

Best regards,

-Tom


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cafmgiz_vjltvzge8k+fkdkwadbqec4cvva6wvpmdftnq6pk...@mail.gmail.com

Wheezy (Deb 7.1) Windows Focus?

[Tom Browder]

I just installed Deb 7.1 on Oracle VM and it's much better than my
first experience with 7.0.  However. I cannot find out how to get the
cursor focus to be in the active window as in Deb 6+.

Can anyone help?

Thanks so much, and best regards,

-Tom


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cafmgiz9qrsun3xwpqdyooupprwr2fmpg-x3qbjn38mgylfj...@mail.gmail.com

Re: Wheezy (Deb 7.1) Windows Focus?

[Tom Browder]

On Thu, Jun 27, 2013 at 6:37 AM, Tom Browder tom.brow...@gmail.com wrote:
 I just installed Deb 7.1 on Oracle VM and it's much better than my
 first experience with 7.0.  However. I cannot find out how to get the
 cursor focus to be in the active window as in Deb 6+.

I forgot to say I'm using the Gnome Classic desktop.

-Tom


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAFMGiz-22Px4XSDrj_Z=3-cxarzt+mic3aybb2mysevq-j8...@mail.gmail.com

Re: Wheezy (Deb 7.1) Windows Focus?

[Tom Browder]

On Tue, Jul 2, 2013 at 10:46 AM, Selim T. Erdogan
se...@alumni.cs.utexas.edu wrote:
 Tom Browder, 27.06.2013:
 On Thu, Jun 27, 2013 at 6:37 AM, Tom Browder tom.brow...@gmail.com wrote:
  first experience with 7.0.  However. I cannot find out how to get the
  cursor focus to be in the active window as in Deb 6+.

 I forgot to say I'm using the Gnome Classic desktop.

 In the Applications menu, go to System Tools and choose dconf Editor.
 (You might need to install the dconf-tools package.)

 In dconf editor, choose org-gnome-desktop-wm-preferences and edit
 focus-mode.

The names have changed (it's now the Configuration Editor) but i did a
find on focus and found where to change the setting--not as
convenient as before, but it works!

Thanks much, Selim, and best regards,

-Tom


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAFMGiz9O9oFvErXtYtXKDqP=chwbk2mrrahqgcrrcwgc3bk...@mail.gmail.com

Debian security: need recipe for blocking root ssh access AND all ssh password access

[Tom Browder]

I have several remote Debian 7 servers and would like to secure it in
the following manner:

1. root will not be allowed any external access (access is only via a
user becoming root while logged in)

2. after initial setup, no ssh access will be allowed via a password

I have seen much documentation on securing such a host, but I don't
want to be an expert--I just need a recipe.

Many thanks.

Best regards,

-Tom

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Tom Browder]

On Wed, Feb 17, 2016 at 8:23 AM, Peter Ludikovsky  wrote:
> -BEGIN PGP SIGNED MESSAGE-
...

Thanks, Peter.  Do you agree with Darac's solution?

Best,

-Tom

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Tom Browder]

On Wed, Feb 17, 2016 at 8:24 AM, Darac Marjal <mailingl...@darac.org.uk> wrote:
> On Wed, Feb 17, 2016 at 08:08:26AM -0600, Tom Browder wrote:
>>
>> I have several remote Debian 7 servers and would like to secure it in
>> the following manner:
...

I can follow that!  Thanks so much, Darac.

Best,

-Tom

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Tom Browder]

On Wed, Feb 17, 2016 at 9:33 AM, Jeremy T. Bouse
 wrote:
> Setting SSH "PermitRoot no" and "PasswordAuthentication no" are good
> starts... I'd also check that "ChallengeResponseAuthentication no" is set as
> well as some PAM modules will utilize it and be able to get around passwords
> being entered as well as "UsePAM no"

Okay.

> I do agree locking the root password isn't advisable. As I use
> configuration management/automation to handle my servers I simply set the
> root password to generated password that only I know the algorithm to
> reproduce it when I need to,

Can you give more details on the process (at least generally)?

> but enable sudoers for all other 'root' access.

Can one use that method and restrict use of "sudo su?"

> I also go further by utilizing Duo Security as a MFA for SSH logins to
> my servers for accounts authorized to log in.

Hm, so you do allow some accounts password access?

Thanks, Jeremy!

Best,

-Tom

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Tom Browder]

On Wed, Feb 17, 2016 at 4:02 PM, Jeremy T. Bouse
<jeremy.bo...@undergrid.net> wrote:
> On 2/17/2016 3:31 PM, Tom Browder wrote:
>> On Wed, Feb 17, 2016 at 9:33 AM, Jeremy T. Bouse
>> <jeremy.bo...@undergrid.net> wrote:
...
>>> I do agree locking the root password isn't advisable. As I use
>>> configuration management/automation to handle my servers I simply set the
>>> root password to generated password that only I know the algorithm to
>>> reproduce it when I need to,
>> Can you give more details on the process (at least generally)?
...

Thanks so much, Jeremy!

-Tom

Best use of program 'debfoster' to back-up package lists and packages?

[Tom Browder]

I am in the process of reinstalling Debian 8 after my desktop died,
and want to make sure I keep a list of packages installed.  Following
various debian threads I'm going to do this:

# dpkg --get-selections "*" > /backup/dpkg-get/selections
# apt-key exportall > /backup/repositories.keys

and after the new installation do this:

# apt-key add /backup/repositories.keys
# apt-get update
# dpkg --set-selections < $d/dpkg-get/selections
# apt-get dselect-upgrade

Questions:

1.  Any problems with the above procedures?

2.  I just now found out about program 'debfoster'.  How can I
integrate it into the back-up/restore process above?

Thanks.

Best regards,

-Tom

Debian 8 fresh install, lost MATE desktop (lightdm) after first reboot, cannot recover graphical login

[Tom Browder]

Yesterday, after a week with my new Debian 8 desktop running Mate, I
did an "aptitude update" and somehow upgraded "fglrx-control" among
other things (I have no idea if that was the genesis of my problem,
but later I found some nvidia packages installed wile I have an Intel
graphics device).  I merrily continued to work until I had to shutdown
to go to my Linux group meeting.  There I booted up my laptop (he
first reboot after the intial install) and could not get a graphical
display!

I have fooled with it all day to no avail.  I discovered just now that
I can get an X program to display from a remote login into the laptop,
but nothing on the physical laptop.  I have tried reinstalling MATE as
well as xfce to no avail.

When booting I get a flash of a message saying:

  [FAILED] Failed to start Light Display Manager.
  See 'systemctl status lightdm.service' for details.

When I execute "systemctl status lightdm.service" I get:

# systemctl status lightdm.service
* lightdm.service - Light Display Manager
   Loaded: loaded (/lib/systemd/system/lightdm.service; enabled)
   Active: failed (Result: start-limit) since Tue 2016-04-05 14:31:51
CDT; 3min 19s ago
 Docs: man:lightdm(1)
  Process: 833 ExecStart=/usr/sbin/lightdm (code=exited, status=1/FAILURE)
  Process: 829 ExecStartPre=/bin/sh -c [ "$(cat
/etc/X11/default-display-manager 2>/dev/null)" = "/usr/sbin/lightdm" ]
(code=exited, status=0/SUCCESS)
 Main PID: 833 (code=exited, status=1/FAILURE)

Apr 05 14:31:51 juvat2 systemd[1]: lightdm.service: main process
exited, code=exited, status=1/FAILURE
Apr 05 14:31:51 juvat2 systemd[1]: Unit lightdm.service entered failed state.
Apr 05 14:31:51 juvat2 systemd[1]: lightdm.service start request
repeated too quickly, refusing to start.
Apr 05 14:31:51 juvat2 systemd[1]: Failed to start Light Display Manager.
Apr 05 14:31:51 juvat2 systemd[1]: Unit lightdm.service entered failed state.

I will reinstall Debian 8 from scratch if necessary, but that would be
a real pain, so I would appreciate any hints.

Thanks.

Best regards,

-Tom

Fwd: Debian 8 fresh install, lost MATE desktop (lightdm) after first reboot, cannot recover graphical login

[Tom Browder]

I just realized I didn't post my reply to the list.

-Tom

-- Forwarded message --
From: *Tom Browder* <tom.brow...@gmail.com>
Date: Tuesday, April 5, 2016
Subject: Debian 8 fresh install, lost MATE desktop (lightdm) after first
reboot, cannot recover graphical login
To: arian <deb...@semioptimal.net>


On Tue, Apr 5, 2016 at 5:26 PM, arian <deb...@semioptimal.net <javascript:;>>
wrote:
> please retrieve the actual logs from
> # journalctl -u lightdm

Output of "journalctl -u lightdm" follows:

# journalctl -u lightdm
-- Logs begin at Tue 2016-04-05 16:50:35 CDT, end at Tue 2016-04-05
17:51:15 CDT. --
Apr 05 16:50:46 juvat2 systemd[1]: lightdm.service: main process
exited, code=exited, status=1/FAILURE
Apr 05 16:50:46 juvat2 systemd[1]: Unit lightdm.service entered failed
state.
Apr 05 16:50:47 juvat2 systemd[1]: lightdm.service: main process
exited, code=exited, status=1/FAILURE
Apr 05 16:50:47 juvat2 systemd[1]: Unit lightdm.service entered failed
state.
Apr 05 16:50:47 juvat2 systemd[1]: lightdm.service: main process
exited, code=exited, status=1/FAILURE
Apr 05 16:50:47 juvat2 systemd[1]: Unit lightdm.service entered failed
state.
Apr 05 16:50:48 juvat2 systemd[1]: lightdm.service: main process
exited, code=exited, status=1/FAILURE
Apr 05 16:50:48 juvat2 systemd[1]: Unit lightdm.service entered failed
state.
Apr 05 16:50:48 juvat2 systemd[1]: lightdm.service: main process
exited, code=exited, status=1/FAILURE
Apr 05 16:50:48 juvat2 systemd[1]: Unit lightdm.service entered failed
state.
Apr 05 16:50:48 juvat2 systemd[1]: lightdm.service start request
repeated too quickly, refusing to start.
Apr 05 16:50:48 juvat2 systemd[1]: Failed to start Light Display Manager.
Apr 05 16:50:48 juvat2 systemd[1]: Unit lightdm.service entered failed state

Thanks, arian.

Best,

-Tom

Re: Linux CLI gnuplot-ish program to do maps?

[Tom Browder]

On Sun, Mar 20, 2016 at 6:14 PM, Emanuel Berg  wrote:
> Is there a Linux CLI gnuplot-ish program to do maps?
...

Take a look at the BRL-CAD DSP tutorial here:

  http://brlcad.org/wiki/DSP

Is that anywhere near what you want?

Best regards,

-Tom

Re: Upgrade Deb 7 to 8, GNOME Flashback, terminal windows not saved: any way to save?

[Tom Browder]

On Tuesday, March 22, 2016, Lisi Reisz  wrote:
...
> Sorry, I should get to the end before I respond!

That's okay, Lisi, I do that, too, especially when trying to work
e-mail with a tablet.

And this gives me a chance to elucidate on my situation. I have liked
and used Debian for at least 10 years (after 10+ years with Yggdrasil,
Redhat, Fedora), but, as GNOME 2 was giving way to GMOE 3 (ugh), I
tried some of the Debian-like distros like Mint but didn't like them.
Finally, default Deb 8 I thought was the end for me, but Mate has
allowed me to keep my old desktop the way I want it and still keep
using a current Debian, so I am happy for now.

SHAMELESS PLUG: Please keep MATE as part of Deb 9..*!!

BTW, so far I have upgraded two hosts remotely and they went pretty
much flawlessly (I have used in-place upgrade on one server
successfully since Deb 5, and the upgrade process keeps getting better
and better).  I still have to upgrade my two laptops, but I'm going to
wait until I'm completely happy with the other two machines.

Best regards,

-Tom

Re: x86_64 vs i386

[Tom Browder]

On Mon, Mar 21, 2016 at 7:39 PM, John Hasler  wrote:
> Tom Broder writes:
>> I just upgraded to Deb 8 (Jessie), 64bit, and tried Chromium but it
>> didn't work for me.  Downloaded Chrome from Google and it works fine.
>
> That doesn't mean it isn't 32 bit.  Debian has multiarch support.

The file downloaded from Google's Chrome site is:

  google-chrome-stable_current_amd64.deb

-Tom

Re: New Deb 8 and no sshd access from other hosts

[Tom Browder]

On Fri, Mar 25, 2016 at 12:12 PM, Tom Browder <tom.brow...@gmail.com> wrote:
> I have installed Deb on my laptop and reused my old Deb 7 .ssh directory.
...
> that my laptop host's entries in the remote host's known_hosts are of
> type "EDCSA" while the remote host's entries in the laptop's

That should have been "ECDSA."

Re: Upgrade Deb 7 to 8, GNOME Flashback, terminal windows not saved: any way to save?

[Tom Browder]

On Mon, Mar 21, 2016 at 11:45 AM, Sven Arvidsson <s...@whiz.se> wrote:
> On Mon, 2016-03-21 at 11:26 -0400, Tom Browder wrote:
>> I just upgraded and am disappointed that, even though browser
>> instances can be saved between login sessions, terminal windows
>> apparently can't.
>>
>> I have used the gconf editor and found setting:
>>
>>   apps | gnome-session | options | auto_save_session
>>
>> which is checked, but the terminals still disappear after logging out
>> and logging back in.
>>
>> Is there any way to recover that most valuable feature of the old
>> GNOME desktop?
>
> AFAICT, Nope.
>
> See https://bugzilla.gnome.org/show_bug.cgi?id=704676

I remember that now.  So is there any way to drop back to using GNOME
Classic as in Deb 7?

If not, are there any other reasonable, debian-packaged, desktop
environments that provide auto-saved terminals?

So sad, UI design following faddish, short-lived form over function,
just like the fashion industry: the emperor has no clothes!

Best regards,

-Tom

Re: Upgrade Deb 7 to 8, GNOME Flashback, terminal windows not saved: any way to save?

[Tom Browder]

On Mon, Mar 21, 2016 at 12:21 PM, Tom Browder <tom.brow...@gmail.com> wrote:
> On Mon, Mar 21, 2016 at 11:45 AM, Sven Arvidsson <s...@whiz.se> wrote:
>> On Mon, 2016-03-21 at 11:26 -0400, Tom Browder wrote:
>>> I just upgraded and am disappointed that, even though browser
>>> instances can be saved between login sessions, terminal windows
>>> apparently can't.
...
> If not, are there any other reasonable, debian-packaged, desktop
> environments that provide auto-saved terminals?

Ah, it looks like I can try MATE.

-Tom

[SOLVED] Re: Upgrade Deb 7 to 8, GNOME Flashback, terminal windows not saved: any way to save?

[Tom Browder]

On Mon, Mar 21, 2016 at 12:26 PM, Tom Browder <tom.brow...@gmail.com> wrote:
> On Mon, Mar 21, 2016 at 12:21 PM, Tom Browder <tom.brow...@gmail.com> wrote:
>> On Mon, Mar 21, 2016 at 11:45 AM, Sven Arvidsson <s...@whiz.se> wrote:
>>> On Mon, 2016-03-21 at 11:26 -0400, Tom Browder wrote:
>>>> I just upgraded and am disappointed that, even though browser
>>>> instances can be saved between login sessions, terminal windows
>>>> apparently can't.
> ...
>> If not, are there any other reasonable, debian-packaged, desktop
>> environments that provide auto-saved terminals?
>
> Ah, it looks like I can try MATE.

Okay, I can live with MATE (so far), consider my question SOLVED.

Best regards,

-Tom

Upgrade Deb 7 to 8, GNOME Flashback, terminal windows not saved: any way to save?

[Tom Browder]

I just upgraded and am disappointed that, even though browser
instances can be saved between login sessions, terminal windows
apparently can't.

I have used the gconf editor and found setting:

  apps | gnome-session | options | auto_save_session

which is checked, but the terminals still disappear after logging out
and logging back in.

Is there any way to recover that most valuable feature of the old GNOME desktop?

Thanks.

Best regards,

-Tom

Re: New firefox isn't working

[Tom Browder]

On Friday, March 25, 2016, Gene Heskett  wrote:

> Greetings all;
> ...


> Is this my fault, or firefox?  If my fault, how do I fix it?


I can't help you at the moment, Gene, I have pretty much boycotted Firefox.
But I want you to know I enjoyed your web site and totally concur with your
opinions--may God save our nation!

If I were a Facebook user I would "like" your post.

Cheers from another old-timer!

-Tom

Re: New Deb 8 and no sshd access from other hosts [SOLVED]

[Tom Browder]

On Saturday, March 26, 2016, Andrew McGlashan <
andrew.mcglas...@affinityvision.com.au
<javascript:_e(%7B%7D,'cvml','andrew.mcglas...@affinityvision.com.au');>>
wrote:
>
> On 27/03/2016 4:08 AM, Tom Browder wrote:
> > On Fri, Mar 25, 2016 at 12:12 PM, Tom Browder <tom.brow...@gmail.com>
> wrote:

...

> > I found this wonderful resource:
> >
> >   http://www.unixlore.net/articles/troubleshooting-ssh-connections.html
>
> That was a JIT find (just in time) only written up 26th March, 2016.


JIT, indeed!  I hadn't noticed the date!  I give my thanks to the
author(s). (I haven't found any attribution there yet.)


> Once you have everything good, make sure that you change StrictModes
> back to default.


Thanks, Andrew. I did but forgot to say so.


> I usually restrict with known IP addresses (static ones) and sometimes
> with users having to be in a specific group that allows ssh.  Also,
> authorized keys enforced instead of passwords.


At the moment I'm the sole user, although I'm considering giving limited
access to a few folks later.  How do you manage the server while
traveling--some kind of personal VPN?

Best regards,

-Tom

Re: New Deb 8 and no sshd access from other hosts [SOLVED]

[Tom Browder]

On Fri, Mar 25, 2016 at 12:12 PM, Tom Browder <tom.brow...@gmail.com> wrote:
> I have installed Deb on my laptop and reused my old Deb 7 .ssh directory.
>
> I can now ssh into the existing remote servers but cannot ssh into my
> laptop from them (as a normal user)--I always get asked for a
> password.  So the remote servers recognize my old Deb 7 keys, but
> apparently my laptop doesn't recognize the other servers' keys.
...

I found this wonderful resource:

  http://www.unixlore.net/articles/troubleshooting-ssh-connections.html

which helped me solve the problem.

First, in file '/etc/ssh/sshd_config', I changed the line

  StrictModes yes

to this

  StrictModes no

and restarted the ssh server.  As root:

  # invoke-rc.d ssh restart

Then I attempted the ssh login and it worked!

Base on the comments from jvp, I looked closer at my home directory on
the laptop and, sure enough, the permissions were too loose (first I
have ever heard of that, but then again I haven't looked at 'man ssh'
in many years).  Note that I have for all the years after ssh came
along been setting the .ssh permissions correctly, but I've never run
into a problem with the home directory.  In fact, when I was working
at our office on site (up until the end of 2008), we commonly allowed
read access between user directories but ssh still worked.

But after setting the home directory permissions to 00700 and
restarting ssh, the login still didn't work!

Then I looked at the resource page where it showed how to debug the
whole ssh login session.  I used two terminal windows stacked one
above the other.  In the top window, on the laptop (local host) I
became root and executed the following:

  # /usr/sbin/sshd -d -p 

and in the lower window I logged into the remote host and, as my
normal user self, executed the following:

  $ ssh -vv -p  jv2

where 'jv2' is the host name of my laptop.

Then, in the upper widow, I saw the problem.  Directory '/usr/local',
under which my .ssh directory is actually located, was reported to
have bad permissions:

  Authentication refused: bad ownership or modes for directory /usr/local

 I checked and they were, surprisingly:

  # ls -ld /usr/local
  drwxrwsr-x 31 root staff 4096 Mar 24 07:37 /usr/local

I don't know how that happened, but it must have happened during the
upgrade two days ago when I continued to use my original partition
mounted as '/usr/local' which was not supposed to have been touched.

Anyway, as root, I fixed the permissions back to what I think is correct:

  # chmod 00755 /usr/local
  # ls -ld /usr/local
  drwxr-xr-x 31 root staff 4096 Mar 24 07:37 /usr/local

restarted the ssh server, and the login worked as advertised--whew!

Thanks to all who offered help.

Best regards,

-Tom

Re: New Deb 8 and no sshd access from other hosts

[Tom Browder]

On Fri, Mar 25, 2016 at 12:38 PM, David Wright <deb...@lionunicorn.co.uk> wrote:
> On Fri 25 Mar 2016 at 12:12:44 (-0500), Tom Browder wrote:
>> I have installed Deb on my laptop and reused my old Deb 7 .ssh directory.
>>
>> I can now ssh into the existing remote servers but cannot ssh into my
>> laptop from them (as a normal user)--I always get asked for a
>> password.  So the remote servers recognize my old Deb 7 keys, but
>> apparently my laptop doesn't recognize the other servers' keys.
...
>> Can anyone suggest where to look next?
>
> What you lost on your laptop is ~/.ssh/authorized_keys which would
> have had the public keys from your ~/.ssh/ on each of the remote hosts.

No, the authorized_keys are still there.

Thanks.

-Tom

Re: New Deb 8 and no sshd access from other hosts

[Tom Browder]

On Fri, Mar 25, 2016 at 12:33 PM, Jörg-Volker Peetz  wrote:
> I'd first check file permissions in your .ssh directory (see man ssh).
> If they are o.k.,  I'd call ssh with one or more -v switches.

On, duh, forgot about the '-v' option--I'll work with that and report back.

Thanks, jvp!

-Tom

New Deb 8 and no sshd access from other hosts

[Tom Browder]

I have installed Deb on my laptop and reused my old Deb 7 .ssh directory.

I can now ssh into the existing remote servers but cannot ssh into my
laptop from them (as a normal user)--I always get asked for a
password.  So the remote servers recognize my old Deb 7 keys, but
apparently my laptop doesn't recognize the other servers' keys.

I have compared files:

  /etc/ssh/ssh_conf
  /etc/ssh/sshd_conf
  /etc/pam.d/ssh/sshd

between the laptop and the remote server and can see no significant
difference for a normal user.

I can also see the host names in the .ssh/known_hosts file.  I do see
that my laptop host's entries in the remote host's known_hosts are of
type "EDCSA" while the remote host's entries in the laptop's
known_hosts file are of type "RSA."

Can anyone suggest where to look next?

Thanks.

Best regards,

-Tom

Re: New Deb 8 and no sshd access from other hosts

[Tom Browder]

On Saturday, March 26, 2016, David Wright <deb...@lionunicorn.co.uk> wrote:
>
> A bit early for [SOLVED], I think.

I respectively disagree, David.

> On Sat 26 Mar 2016 at 12:08:37 (-0500), Tom Browder wrote:
> > On Fri, Mar 25, 2016 at 12:12 PM, Tom Browder <tom.brow...@gmail.com> wrote:
> > > I have installed Deb on my laptop and reused my old Deb 7 .ssh directory.
...
>
> Not such a wonderful resource if it is so easily misunderstood. The
> idea is to fix the permissions, not make your installation less secure.

I agree.

> > Base on the comments from jvp, I looked closer at my home directory on
> > the laptop and, sure enough, the permissions were too loose (first I
...
> > Then, in the upper widow, I saw the problem.  Directory '/usr/local',
> > under which my .ssh directory is actually located, was reported to
> > have bad permissions:
> >
> >   Authentication refused: bad ownership or modes for directory /usr/local
...> >
> >  I checked and they were, surprisingly:
> >
> >   # ls -ld /usr/local
> >   drwxrwsr-x 31 root staff 4096 Mar 24 07:37 /usr/local
> >
> > I don't know how that happened, but it must have happened during the
> > upgrade two days ago when I continued to use my original partition
> > mounted as '/usr/local' which was not supposed to have been touched.
...
> I don't know what happened long before that! When did /usr/local
> become your home directory?

See below.

> > Anyway, as root, I fixed the permissions back to what I think is correct:
> >
> >   # chmod 00755 /usr/local
> >   # ls -ld /usr/local
> >   drwxr-xr-x 31 root staff 4096 Mar 24 07:37 /usr/local
>
> So now the system is degraded a bit more. The correct permissions, in
> fact the entire contents, are:
...

Who says those permissions are correct? I checked the file system
standard which says that /usr/local is optional. I provide my own
/usr/local partion which I save when reinstalling a new OS and see no
reason to provide setuid or setgid for it. When I first started
administering Unix systems on SGI in 1993, the user home directories
were in /usr/local/people and I kept using that as I transitioned the
hosts under my control to Linux systems in 1994.

Over the years on my own systems I have found it convenient to keep
home system resource directories and files (.bashrc, .profile,
.bash_aliase, .xemacs, .ssh, etc.) in a version-controlled, personal
directory under /usr/local. I then soft link those back to whatever
the newly installed system sets as my home directory. It has worked
fine until the Debian 8 install set the permissions as noted which
interfered with strict ssh.

Anyway, all is well now.

Thanks, David.

Best regards,

-Tom

Re: x86_64 vs i386

[Tom Browder]

On Mon, Mar 21, 2016 at 6:23 PM, Lisi Reisz  wrote:
> On Monday 21 March 2016 15:11:36 Stefan Monnier wrote:
>> > to Google Chrome, which has indeed "thrown i386 machines under the bus",
>> > and
>>
>> What do you mean by that?
>> There won't be any new versions of Debian's i386 version of the
>> chromium package?

I just upgraded to Deb 8 (Jessie), 64bit, and tried Chromium but it
didn't work for me.  Downloaded Chrome from Google and it works fine.

Best regards,

-Tom

Re: Can you help me figure out why I can't get Grub to install from a standard CD .iso?

[Tom Browder]

I used the Mate DVD (8.4) with the non-free packages for a fresh install on
my Dell 6500 laptop. The initial installation went fine. Then I powered
down and went to give a presentation and could not get it to boot into the
graphical desktop. I reinstalled again and had the same failure.

In a final (and successful, whew!) atttempt I used the regular x64
netinst CD, selected Mate as my only desktop, and all has been well since
(fingers still crossed but loosening by the day).

Note the Debian website says the special DVDs don't get as much testing, so
I suspect my laptop might have found a bug.  Unfortunately I don't have
ensough data to confirm that.

HTH

Best regards,

-Tom

P.S. I love the Mate desktop as it is. Please don't add any more bells and
whistles from the pop culture, just maintain it in the choice of desktops
for the normal Debian distribution.

Re: Beginning of the End for Wheezy [sigh!]

[Tom Browder]

On Sunday, April 17, 2016, Renaud OLGIATI 
wrote:

> On Sun, 17 Apr 2016 11:48:16 +
> Mark Fletcher > wrote:
>
> > It seems the emotions, even now, are running too high to be simply about
> > "if it ain't broke don't fix it". What am I missing?
>
> You are missing that the change to systemd makes most of the knowledge
> patiently acquired over the years running and caring for a Linux system has
> suddenly become unusable


Note I initially felt the same way, but the new system seemed to use my
LSB-formatted init scripts just fine.

Best regards,

-Tom

Re: Next gotcha

[Tom Browder]

On Saturday, July 23, 2016, Gene Heskett  wrote:

> On Saturday 23 July 2016 18:00:30 David Wright wrote:
> > On Sat 23 Jul 2016 at 16:20:12 (-0400), Gene Heskett wrote:
> > > On Saturday 23 July 2016 14:15:09 David Wright wrote:
> > > > On Sat 23 Jul 2016 at 13:13:27 (-0400), Gene Heskett wrote:
> > > > > On Saturday 23 July 2016 08:01:37 deloptes wrote:
> > > > > > About your query. I prefer using Xfig in cases (probably) like


I used xfig for many years and it did the job very well, but now I use
Inkscape (inkscape.org) and love it. The online docs are not as good as I
would like, but there is a soft-bound book available which is well worth
the price if you do much vector image work.

Inkscape is available in packages for both Deb 7 and Deb 8 (and I'm pretty
sure it was available before that).

Best regards,

-Tom

Re: Networking: unable to get multi-homed host working in Debian 8

[Tom Browder]

On Wed, Aug 10, 2016 at 7:13 AM, Pascal Hambourg <pas...@plouf.fr.eu.org> wrote:
> Le 10/08/2016 à 13:22, Tom Browder a écrit :
>>
>>
>> Ping from the test host itself to its primary first alias IP:
>>
>> PING 192.168.0.18 (192.168.0.18) 56(84) bytes of data.
>>>
>>> From 192.168.0.17 icmp_seq=1 Destination Host Unreachable
>
>
> It really looks like the secondary address is not configured on the host.
> Did you check with "ip -4 addr" ?

$ ip -4 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
inet 192.168.0.17/24 brd 192.168.0.255 scope global eth0
   valid_lft forever preferred_lft forever

Is there confusion in my Debian 8 between networking setting methods
(ip ves ifconfig)?

I'm in the dark and just following docs and helpful folks like you!

Best,

-Tom

Networking: unable to get multi-homed host working in Debian 8

[Tom Browder]

I have read the current Debian networking docs on the subject
(https://wiki.debian.org/NetworkConfiguration#iproute2_method).  I
want to use at least two IPv4 static addresses on the same physical
NIC.  Following examples I have tried this in my
"/etc/network/interfaces" file:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
  address 192.168.0.17
  netmask 255.255.255.0
  gateway 192.168.0.1
  dns-nameservers 208.67.222.222   208.67.220.220

  # add new IPv4 devices
  up ip addr add 192.168.0.18/24 dev $IFACE label $IFACE:0
  down ip addr del  192.168.0.18/24 dev $IFACE label $IFACE:0

  up ip addr add 192.168.0.19/24 dev $IFACE label $IFACE:1
  down ip addr del  192.168.0.19/24 dev $IFACE label $IFACE:1

Then, as root, I executed "service networking restart" and all looked
well until I logged in to another host and tried to ping the new IP
and got no good ping.

Has anyone any ideas about what I am doing wrong?  I have installed
the vlan and iproute2 packages and removed the iproute package.

Do I need to do something about kernel modules?  I saw nothing in the doc about
that, but I seem to remember having to fool with that in the old days.
.
Thanks for any help.

Best regards,

-Tom

Re: Networking: unable to get multi-homed host working in Debian 8

[Tom Browder]

On Tue, Aug 9, 2016 at 8:16 PM, Tom Browder <tom.brow...@gmail.com> wrote:
> I have read the current Debian networking docs on the subject
> (https://wiki.debian.org/NetworkConfiguration#iproute2_method).  I
> want to use at least two IPv4 static addresses on the same physical
> NIC.  Following examples I have tried this in my
> "/etc/network/interfaces" file:
...

I have now had success on my test host running Debian  on my local
network.  Below is a working "/etc/network/interfaces" file, but there
are some warnings, notes, and caveats for its use.  Note also the file
is IDENTICAL to the one I asked about originally.  I went down a
rabbit hole because the "service networking restart" command locked me
out of my test host and I couldn't get back in locally because I had
an KVM failure I didn't know about.  Just today I got all working
again.

1. WARNING:   The following command, mentioned in the some networking
docs (like the one mentioned by my server hosting company!!!), caused
a system lock-up and loss of all network contact external to or
internal from the host:

  # service networking restart.

However, a subsequent reboot worked.  That might be impossible or
expensive to do if you do not have direct access (i.e., non-network)
access to the host.

2. CAUTION: I have not tried all the various if* or ip commands on the
test host.  Your mileage may vary.

The "/etc/network/interfaces" file:
===

# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet static
  address 192.168.0.17
  netmask 255.255.255.0
  gateway 192.168.0.1
  dns-nameservers 208.67.222.222   208.67.220.220
  up ip addr add 192.168.0.18/24 dev $IFACE label $IFACE:0
  down ip addr del  192.168.0.18/24 dev $IFACE label $IFACE:0
  up ip addr add 192.168.0.19/24 dev $IFACE label $IFACE:1
  down ip addr del  192.168.0.19/24 dev $IFACE label $IFACE:1

RESULTS
===

Running "sbin/ifconfig" on the test host (with two NICs: one used and
one unused, and the two new alias IPv4s) yields:

eth0  Link encap:Ethernet  HWaddr 00:1d:7d:aa:fa:7b
  inet addr:192.168.0.17  Bcast:192.168.0.255  Mask:255.255.255.0
  inet6 addr: fe80::21d:7dff:feaa:fa7b/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:735 errors:0 dropped:0 overruns:0 frame:0
  TX packets:749 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:82025 (80.1 KiB)  TX bytes:101457 (99.0 KiB)

eth0:0Link encap:Ethernet  HWaddr 00:1d:7d:aa:fa:7b
  inet addr:192.168.0.18  Bcast:0.0.0.0  Mask:255.255.255.0
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0:1Link encap:Ethernet  HWaddr 00:1d:7d:aa:fa:7b
  inet addr:192.168.0.19  Bcast:0.0.0.0  Mask:255.255.255.0
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
eth1  Link encap:Ethernet  HWaddr 00:15:e9:81:14:b4
  UP BROADCAST MULTICAST  MTU:1500  Metric:1
  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

loLink encap:Local Loopback
  inet addr:127.0.0.1  Mask:255.0.0.0
  inet6 addr: ::1/128 Scope:Host
  UP LOOPBACK RUNNING  MTU:65536  Metric:1
  RX packets:123 errors:0 dropped:0 overruns:0 frame:0
  TX packets:123 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:49276 (48.1 KiB)  TX bytes:49276 (48.1 KiB)

I can ssh into the test host using all three IPv4s.

NOTES
=
RECOMMENDATIONS


Test network changes on a host that you have direct access to

Thanks for the help Pascal, and I hope this will help someone else.

Best regards,

-Tom

Networking: unable to get multi-homed host working in Debian 8 [SOLVED]

[Tom Browder]

-- Forwarded message --
From: Tom Browder <tom.brow...@gmail.com>
Date: Fri, Aug 12, 2016 at 9:23 AM
Subject: Re: Networking: unable to get multi-homed host working in Debian 8
To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>


On Tue, Aug 9, 2016 at 8:16 PM, Tom Browder <tom.brow...@gmail.com> wrote:
> I have read the current Debian networking docs on the subject
> (https://wiki.debian.org/NetworkConfiguration#iproute2_method).  I
> want to use at least two IPv4 static addresses on the same physical
> NIC.  Following examples I have tried this in my
> "/etc/network/interfaces" file:
...

I have now had success on my test host running Debian  on my local
network.  Below is a working "/etc/network/interfaces" file, but there
are some warnings, notes, and caveats for its use.  Note also the file
is IDENTICAL to the one I asked about originally.  I went down a
rabbit hole because the "service networking restart" command locked me
out of my test host and I couldn't get back in locally because I had
an KVM failure I didn't know about.  Just today I got all working
again.

1. WARNING:   The following command, mentioned in the some networking
docs (like the one mentioned by my server hosting company!!!), caused
a system lock-up and loss of all network contact external to or
internal from the host:

  # service networking restart.

However, a subsequent reboot worked.  That might be impossible or
expensive to do if you do not have direct access (i.e., non-network)
access to the host.

2. CAUTION: I have not tried all the various if* or ip commands on the
test host.  Your mileage may vary.

The "/etc/network/interfaces" file:
===

# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet static
  address 192.168.0.17
  netmask 255.255.255.0
  gateway 192.168.0.1
  dns-nameservers 208.67.222.222   208.67.220.220
  up ip addr add 192.168.0.18/24 dev $IFACE label $IFACE:0
  down ip addr del  192.168.0.18/24 dev $IFACE label $IFACE:0
  up ip addr add 192.168.0.19/24 dev $IFACE label $IFACE:1
  down ip addr del  192.168.0.19/24 dev $IFACE label $IFACE:1

RESULTS
===

Running "sbin/ifconfig" on the test host (with two NICs: one used and
one unused, and the two new alias IPv4s) yields:

eth0  Link encap:Ethernet  HWaddr 00:1d:7d:aa:fa:7b
  inet addr:192.168.0.17  Bcast:192.168.0.255  Mask:255.255.255.0
  inet6 addr: fe80::21d:7dff:feaa:fa7b/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:735 errors:0 dropped:0 overruns:0 frame:0
  TX packets:749 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:82025 (80.1 KiB)  TX bytes:101457 (99.0 KiB)

eth0:0Link encap:Ethernet  HWaddr 00:1d:7d:aa:fa:7b
  inet addr:192.168.0.18  Bcast:0.0.0.0  Mask:255.255.255.0
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0:1Link encap:Ethernet  HWaddr 00:1d:7d:aa:fa:7b
  inet addr:192.168.0.19  Bcast:0.0.0.0  Mask:255.255.255.0
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
eth1  Link encap:Ethernet  HWaddr 00:15:e9:81:14:b4
  UP BROADCAST MULTICAST  MTU:1500  Metric:1
  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

loLink encap:Local Loopback
  inet addr:127.0.0.1  Mask:255.0.0.0
  inet6 addr: ::1/128 Scope:Host
  UP LOOPBACK RUNNING  MTU:65536  Metric:1
  RX packets:123 errors:0 dropped:0 overruns:0 frame:0
  TX packets:123 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:49276 (48.1 KiB)  TX bytes:49276 (48.1 KiB)

I can ssh into the test host using all three IPv4s.

NOTES
=
RECOMMENDATIONS


Test network changes on a host that you have direct access to

Thanks for the help Pascal, and I hope this will help someone else.

Best regards,

-Tom

Re: Networking: unable to get multi-homed host working in Debian 8

[Tom Browder]

On Wednesday, August 10, 2016, Pascal Hambourg <pas...@plouf.fr.eu.org> wrote:
>
> Le 10/08/2016 à 03:16, Tom Browder a écrit :
>>
>> Then, as root, I executed "service networking restart" and all looked
>> well until I logged in to another host and tried to ping the new IP
>> and got no good ping.
>
> Can you elaborate "all looked well" and "no good ping" ?
> Commands, results ?

Thanks for the reply, Pascal.

Ping from another host to the test host (bigtom):

PING bigtom.tombrowder.com (192.168.0.17) 56(84) bytes of data.
64 bytes from bigtom.tombrowder.com (192.168.0.17): icmp_seq=1 ttl=64
time=3.05 ms
64 bytes from bigtom.tombrowder.com (192.168.0.17): icmp_seq=2 ttl=64
time=3.14 ms

Then a ping to the primary IP:

PING 192.168.0.17 (192.168.0.17) 56(84) bytes of data.
64 bytes from 192.168.0.17: icmp_seq=1 ttl=64 time=3.07 ms
64 bytes from 192.168.0.17: icmp_seq=2 ttl=64 time=3.00 ms

Then a ping to the secondary IP (first alias):

PING 192.168.0.18 (192.168.0.18) 56(84) bytes of data.
>From 192.168.0.35 icmp_seq=1 Destination Host Unreachable
>From 192.168.0.35 icmp_seq=2 Destination Host Unreachable

> What's the result of ping to these addresses from the host itself ?

I didn't think of that.

Ping from the test host itself to its host name:

PING bigtom.tombrowder.com (127.0.1.1) 56(84) bytes of data.
64 bytes from bigtom.tombrowder.com (127.0.1.1): icmp_seq=1 ttl=64 time=0.019 ms
64 bytes from bigtom.tombrowder.com (127.0.1.1): icmp_seq=2 ttl=64 time=0.011 ms

Ping from the test host itself to its primary IP:

PING 192.168.0.17 (192.168.0.17) 56(84) bytes of data.
64 bytes from 192.168.0.17: icmp_seq=1 ttl=64 time=0.020 ms
64 bytes from 192.168.0.17: icmp_seq=2 ttl=64 time=0.013 ms

Ping from the test host itself to its primary first alias IP:

PING 192.168.0.18 (192.168.0.18) 56(84) bytes of data.
>From 192.168.0.17 icmp_seq=1 Destination Host Unreachable
>From 192.168.0.17 icmp_seq=2 Destination Host Unreachable

Thanks again for your help.

Best regards,

-Tom

Need USB Wireless Adaptor for Dell Inspiron 11 2-in-1?

[Tom Browder]

I have the Dell laptop and I was able to load Deb 8 on it via a netinst,
but the Dell 1800 wireless drops contact with the internet often. Sometimes
a reboot will work but not every time.

Three questions, please:

1.  What specific model of USB wireless ethernet adaptor does anyone
recommend that has worked for them out of the box?

2.  What specific model of USB wired ethernet adaptor does anyone recommend
that has worked for them out of the box?

3.  If anyone has used jessie backports to fix a Dell Wireless 1800
problem, can you list the backport packages needed?

Thanks so much.

Best regards,

-Tom

Re: Need USB Wireless Adaptor for Dell Inspiron 11 2-in-1?

[Tom Browder]

On Fri, Mar 24, 2017 at 07:56 Reco  wrote:

> Hi.

...

>
Thanks very much, Reco!

Best regards,

-Tom

Re: Need USB Wireless Adaptor for Dell Inspiron 11 2-in-1?

[Tom Browder]

On Fri, Mar 24, 2017 at 17:11 Ben Caradoc-Davies <b...@transient.nz> wrote:
>
> On 25/03/17 01:40, Tom Browder wrote:
> > 1.  What specific model of USB wireless ethernet adaptor does anyone
> > recommend that has worked for them out of the box?
>
> TP-Link TL-WN722N:
> http://www.tp-link.com/us/products/details/cat-5520_TL-WN722N.html

Thanks, Ben.

I would have bought that but I didn't have your rec at the time. Based
on reviews, etc., at Amazon, I bought the Panda Ultra 150Mbps Wireless
N USB Adapter.

It will arrive next week and I hope it works!

Best regards,

-Tom

Re: Need USB Wireless Adaptor for Dell Inspiron 11 2-in-1?

[Tom Browder]

On Sat, Mar 25, 2017 at 04:15 deloptes <delop...@gmail.com> wrote:
> Tom Browder wrote:
> > Dell 1800
> What is this Dell 1800 - what is the wireless card model and driver?
> In the subject you ay Dell Inspiron 11, which has DW1707.
> https://wikidevi.com/wiki/Dell_Wireless_1707_(DW1707)

The Dell Wireless 1800 is what Dell calls the wireless network adapter
in the Dell 11 Inspiron 3000 2-in-one laptop.  There are actually at
least three sub-models of the 11 and mine (3157, service tag FGYN52)
has the DW1800, part number KJTH7, which uses the Debian package
firmware-realtek.

I did try to use the latest kernel from jessie-backports but the
reboot failed and I started over after I found a USB wired ethernet
adaptor in my parts box (a Cable Matters 202023 which claims it works
with all OSs) and it works great.   The wireless still is unreliable
but, in the meantime, I have taken Reco's advice and bought an Ralink
RT5370 which I trust will solve the problem when it arrives.

I too have used a couple of Dell Latitudes for a total of eight years
and have had no trouble with them, but its wired/wireless adapter is
different from the 11.

Thanks.

Best regards,

-Tom

Re: Need USB Wireless Adaptor for Dell Inspiron 11 2-in-1?

[Tom Browder]

On Sat, Mar 25, 2017 at 2:33 PM, Doug  wrote:
...
> Perhaps you can find an interface card that will
> physically interface
...
> While I was trying to get the Inspiron wireless to work, I bought a little
> USB gadget that was
> very small, and while it did work, it had almost no range. The internal wifi
> cards attach to
> antenna wires that run up behind the screen, and this gives much better
> range.
>
> One more thing: I have a machine that has a Broadcom chip in it, and I have
> dual-booted
> Mint 17 LTS on that machine, and Mint is smart enough to find the right
> software for the
> Broadcom, and Mint works out of the box on that machine. And Mint is a nice
> distro. Try it!

I have tried it, and I'm not a fan.

But thanks for the suggestions, Doug.  To your point about limited
range with a small add-on, Ben suggested a USB ethernet device that
has an antenna, and I'll try it if the small one I ordered doesn't
work.

Best regards

Re: If Linux Is About Choice, Why Then ...

[Tom Browder]

On Mon, Apr 3, 2017 at 7:28 AM, Brad Rogers  wrote:
> On Mon, 3 Apr 2017 05:06:22 -0700
> Rick Thomas  wrote:
>
> Hello Rick,
>
>> There *are* choices.
>
> Indeed.  Debian also have choices(1).  They made them.  Inevitably, some
> people were going to get annoyed about it.
>
> (1) Many seem to have forgotten they're entitled to make choices as well.

Well, that's why I left Ubuntu when they insisted on constant changing
of desktops.

But I kind of understand why systemd, but I wish I could find a good
cookbook description of how to add or modify a new process.

Thanks.

Best regards,

-Tom

Re: Suitable text editor [NOT word processor] or workaround?

[Tom Browder]

On Sat, Apr 1, 2017 at 14:36 Fred  wrote:

> On 04/01/2017 09:24 AM, Richard Owlett wrote:
> > On 04/01/2017 10:55 AM, cbannis...@slingshot.co.nz wrote:
> >> On Thu, Mar 16, 2017 at 06:38:52AM -0500, Richard Owlett wrote:
> >>> The two files are nearly identical and need them displayed
> >>> simultaneously
> >>> for instant visual comparison. Opening one of the files read only
> >>> would be
> >>> acceptable but not preferable.


Try diffuse.

-Tom

Bind 9: consequences of completely removind all bind9 packages on jessie and stretch)?

[Tom Browder]

I would like to remove all bind9 packages from servers running bind9
and install the latest bind9 from source.

Two questions, please:

1.  Will there be any adverse consequences from the substitution if I
install with --prefix=/usr/local?

2.  Same question as 1 but for installation into --prefix=usr?

Thanks.

With warmest regards,

-Tom

Re: Bind 9: consequences of completely removind all bind9 packages on jessie and stretch)?

[Tom Browder]

On Sun, Jul 23, 2017 at 07:13 Lck Ras <likco...@riseup.net> wrote:

> On 07/23/2017 08:55 PM, Tom Browder wrote:
> > I would like to remove all bind9 packages from servers running bind9
> > and install the latest bind9 from source.
> >
> > Two questions, please:
> >
> > 1.  Will there be any adverse consequences from the substitution if I
> > install with --prefix=/usr/local?
> >
> > 2.  Same question as 1 but for installation into --prefix=usr?
>
> I wouldn't recommend installing int into /usr, since it might conflict
> with other files installed by the package manager.
>
> Installing it into /usr/local probably won't create any new problems
> (apart from ones inherent with installing stuff manually). Some of the
> extra stuff like the systemd units and integration with other packages
> may not be included.
>
> On another note, it's not really recommended to install stuff like that.
> https://wiki.debian.org/DontBreakDebian but I assume you know what
> you're doing.
>
Thanks, Lck, that's certainly good advice, and a good link!

I do plan to chroot the binds, so I trust all will work well.

Thanks again.

-Tom

Firewalld

[Tom Browder]

Webmin uses firewalld to manage firewalls. Is there any reason not to use
webmin for my servers' firewall management?

Thanks.

-Tom

Re: Bind 9: consequences of completely removind all bind9 packages on jessie and stretch)?

[Tom Browder]

On Mon, Jul 24, 2017 at 8:23 AM, Greg Wooledge <wool...@eeg.ccf.org> wrote:
> On Sun, Jul 23, 2017 at 06:55:09AM -0500, Tom Browder wrote:
>> I would like to remove all bind9 packages from servers running bind9
>> and install the latest bind9 from source.
>
> Because you want to satisfy internal audits that don't understand how
> Debian security patching works, right?  Right?  Right.  OK.

Greg, I appreciate your advice, and I would love to stay with the
debian packages. However, I also want to be able to use a debian
installation a long time and I see lots of changes on dns resource
records.  Also, I don't like to rush into debian version updates, so I
fear the package bind9 might slip behind current standards.

I don't mind source updates--I already do that with openssl, apache,
postfix, and mailman.

Your bind9 service file is greatly appreciated.

Thanks.

-Tom

Re: Firewalld

[Tom Browder]

On Sun, Jul 23, 2017 at 14:17 Reco <recovery...@gmail.com> wrote:

> Hi.
>
> On Sun, 23 Jul 2017 17:29:54 +0000
> Tom Browder <tom.brow...@gmail.com> wrote:
>
> > Webmin uses firewalld to manage firewalls. Is there any reason not to use
> > webmin for my servers' firewall management?
>
> I'll bite.
>
> First things first, CVE-2016-5410 and [1]. [1] comes with this
> beautiful tag attached:


Thanks, Reco!

Okay, so I'll pick firehol for the firewall.

Do you have any thoughts about what to use in place of webmin?  I looked at
IPSConfig but it doesn't support Postgresql.

I can do most anything manually, but am getting older and would like some
help for forgetfulness and laziness, i.e., a good and reliable GUI for
administering my remote servers would be nice.

Thanks again for your help.

-Tom

Re: Bind 9: consequences of completely removind all bind9 packages on jessie and stretch)?

[Tom Browder]

On Mon, Jul 24, 2017 at 11:57 AM, Sven Hartge <s...@svenhartge.de> wrote:
> Tom Browder <tom.brow...@gmail.com> wrote:
...
>> Greg, I appreciate your advice, and I would love to stay with the
>> debian packages. However, I also want to be able to use a debian
>> installation a long time and I see lots of changes on dns resource
>> records.  Also, I don't like to rush into debian version updates, so I
>> fear the package bind9 might slip behind current standards.
>
> It is trivially easy to backport the bind9-package from Stretch to
> Jessie (just change the dependency on libssl1.0-dev to libssl-dev).
>
> I have been doing the same for some time (needed support for the CAA
> record).

Thanks, Sven--good advice.

-Tom

Re: Jessie networking with multiple IPs (IPv and IPv6), single physical NIC

[Tom Browder]

On Wed, Jul 26, 2017 at 2:11 PM, Sven Hartge <s...@svenhartge.de> wrote:
> Georgi Naplatanov <go...@oles.biz> wrote:
>> On 07/26/2017 09:22 PM, Sven Hartge wrote:
>>> Tom Browder <tom.brow...@gmail.com> wrote:
>>> You don't need those up/down parts, you can add additional blocks for
>>> eth0:
>>>
>>> auto eth0
>>> iface eth0 inet static
>>> address 142.54.186.2
>>> netmask 255.255.255.248
>>> gateway 142.54.186.1
>>> dns-nameservers 192.187.107.16 69.30.209.16
>>>
>
> Since Wheezy you can have multiple "iface eth0 ..." blocks in
> /e/n/interface without problems.

So can the above be simplified by leaving out the repeated info like
dns-nameservers, gateway, and netmask to give something like:

#=
iface eth0 inet static
address 142.54.186.2
netmask 255.255.255.248
gateway 142.54.186.1
dns-nameservers 192.187.107.16 69.30.209.16
iface eth0 inet static
address 142.54.186.3
iface eth0 inet static
address 142.54.186.4
iface eth0 inet static
address 142.54.186.5
iface eth0 inet static
address 142.54.186.6

iface eth0 inet6 static
address 2604:4300:a:95::2
netmask :::::
gateway 2604:4300:a:95::1
dns-nameservers 192.187.107.16 69.30.209.16
iface eth0 inet6 static
address 2604:4300:a:95::3
iface eth0 inet6 static
address 2604:4300:a:95::4
iface eth0 inet6 static
address 2604:4300:a:95::5
iface eth0 inet6 static
address 2604:4300:a:95::6
#=

Thanks, Sven!

-Tom

Jessie networking with multiple IPs (IPv and IPv6), single physical NIC

[Tom Browder]

Last year I successfully modified /etc/network/interfaces on my remote
debian 8 server to handle multiple IPv4 addresses on a single NIC, and
now I want to add its IPv6 capability.

But, before I do, I would like to show you my proposed new interfaces
file for comment and to make sure I don't break my server:

My hosting service has provisioned my server with the following IP
address information:

dns-nameservers 192.187.107.16 69.30.209.16

IPv4:
===
Gateway: 142.54.186.1
Subnet Mask: 255.255.255.248
assigned 142.54.186.2/29 which results in five addresses:
142.54.186.2
142.54.186.3
142.54.186.4
142.54.186.5
142.54.186.6

IPv6:
===
Gateway: 2604:4300:a:95::1
Subnet Mask: :::::
assigned 2604:4300:a:95::2/64 and I will use the following five addresses:
2604:4300:a:95::2
2604:4300:a:95::3
2604:4300:a:95::4
2604:4300:a:95::5
2604:4300:a:95::6

The proposed /etc/network/interfaces file:
# begin =
iface eth0 inet static
address 142.54.186.2
netmask 255.255.255.248
gateway 142.54.186.1
dns-nameservers 192.187.107.16 69.30.209.16

# add new IPv4 devices
up   addr add 142.54.186.3/29 dev $IFACE label $IFACE:0
down addr del 142.54.186.3/29 dev $IFACE label $IFACE:0

up   addr add 142.54.186.4/29 dev $IFACE label $IFACE:1
down addr del 142.54.186.4/29 dev $IFACE label $IFACE:1

up   addr add 142.54.186.5/29 dev $IFACE label $IFACE:2
down addr del 142.54.186.5/29 dev $IFACE label $IFACE:2

up   addr add 142.54.186.6/29 dev $IFACE label $IFACE:3
down addr del 142.54.186.6/29 dev $IFACE label $IFACE:3

iface eth0 inet6 static
address 2604:4300:a:95::2
netmask :::::
gateway 2604:4300:a:95::1
dns-nameservers 192.187.107.16 69.30.209.16

# add new IPv4 devices
up   addr add 2604:4300:a:95::3/64 dev $IFACE label $IFACE:4
down addr del 2604:4300:a:95::3/64 dev $IFACE label $IFACE:4

up   addr add 2604:4300:a:95::4/64 dev $IFACE label $IFACE:5
down addr del 2604:4300:a:95::4/64 dev $IFACE label $IFACE:5

up   addr add 2604:4300:a:95::5/64 dev $IFACE label $IFACE:6
down addr del 2604:4300:a:95::5/64 dev $IFACE label $IFACE:6

up   addr add 2604:4300:a:95::6/64 dev $IFACE label $IFACE:7
down addr del 2604:4300:a:95::6/64 dev $IFACE label $IFACE:7
# end =

Thanks for your help.

Best regards,

-Tom

Re: Jessie networking with multiple IPs (IPv and IPv6), single physical NIC

[Tom Browder]

On Wed, Jul 26, 2017 at 3:43 PM, Sven Hartge <s...@svenhartge.de> wrote:
> Tom Browder <tom.brow...@gmail.com> wrote:
>> On Wed, Jul 26, 2017 at 2:11 PM, Sven Hartge <s...@svenhartge.de> wrote:
>
>> So can the above be simplified by leaving out the repeated info like
>> dns-nameservers, gateway, and netmask to give something like:
>
>> #=
>> iface eth0 inet static
>> address 142.54.186.2
>> netmask 255.255.255.248
>> gateway 142.54.186.1
>> dns-nameservers 192.187.107.16 69.30.209.16
>> iface eth0 inet static
>> address 142.54.186.3
>> iface eth0 inet static
>> address 142.54.186.4
>> iface eth0 inet static
>> address 142.54.186.5
>> iface eth0 inet static
>> address 142.54.186.6
>
> I do believe you need the "netmask" option, but the rest is just needed
> once. But from reading interfaces(5) I think you further simplify by
> writing:
>
> ,
> |  auto eth0
> |  iface eth0 inet static
> |  address 142.54.186.2/29
> |  gateway 142.54.186.1
> |  dns-nameservers 192.187.107.16 69.30.209.16
> |  iface eth0 inet static
> |  address 142.54.186.3/29
> |  iface eth0 inet static
> |  address 142.54.186.4/29
> |  iface eth0 inet static
> |  address 142.54.186.5/29
> |  iface eth0 inet static
> |  address 142.54.186.6/29
> `

Okay, sounds good: I don't need to duplicate anything, then.

I admire your reading of man 5 interfaces. I find it very hard to
understand since the pieces seem so disconnected, and, as usual, man
pages are short on real examples.

I'm ready to try the new file and I'll report results later.

Thanks so much Sven.

Best regards,

-Tom

BTW, my wife and I and two friends had a very nice time visiting
Denmark in May while on a cruise in the Baltic celebrating our 50th
wedding anniversary.  Our ship, Holland-America's ms Rotterdam,
visited Copenhagen and Arhus and we enjoyed them very much--especially
Arhus.

Re: Jessie networking with multiple IPs (IPv and IPv6), single physical NIC

[Tom Browder]

On Wed, Jul 26, 2017 at 5:42 PM, Tom Browder <tom.brow...@gmail.com> wrote:
> On Wed, Jul 26, 2017 at 3:43 PM, Sven Hartge <s...@svenhartge.de> wrote:
...
>> ,
>> |  auto eth0
>> |  iface eth0 inet static
>> |  address 142.54.186.2/29
>> |  gateway 142.54.186.1
>> |  dns-nameservers 192.187.107.16 69.30.209.16
>> |  iface eth0 inet static
>> |  address 142.54.186.3/29
>> `

Oops, I just looked at the ENTIRE active file and I forgot some lines
at the top:

#==
# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
  address 142.54.186.2
  ...
#==

At any rate, I'm going to try the file (suitably modified) on a spare,
local server I have before going live remotely.

-Tom

Re: Jessie networking with multiple IPs (IPv and IPv6), single physical NIC

[Tom Browder]

On Mon, Jul 31, 2017 at 11:18 Curt  wrote:
...

> Are you not confounding the de and dk domain suffixes, because I believe
> Sven is 'de' (Germany).


You are certainly correct and I should have caught my error before
sending.  My apologies for any offended sensibilities.

50th wedding anniversary. Do they give out medals for that?


No, but we got lots of congratulations for staying the course and remaining
friends!

-Tom

Re: Systemd: Error when replacing postfix LSB init with postfix.service on Debian 8 (jessie)

[Tom Browder]

On Sun, Aug 20, 2017 at 9:42 AM, Tom Browder <tom.brow...@gmail.com> wrote:
> I got a postfix.service file from a postfix developer and installed it in
> /etc/systemd/system as the docs mention.
>
> I then moved the /etc/init.d/postfix file away, reloaded the systemd daemon,
> and did:
>
>   # systemctl start postfix
>   # systemctl status postfix
>
> and got several lines basically saying posfix.service was disabled.

The exact message is:

* postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/etc/systemd/system/postfix.service; disabled)
   Active: active (running) since Fri 2017-08-18 04:51:33 CDT; 2 days ago
   CGroup: /system.slice/postfix.service
   |- 1505 /usr/lib/postfix/master
   |- 9515 pickup -l -t unix -u -c
   `-19868 qmgr -l -t unix -u

The contents of the postfix.service file are;

[Unit]
Description=Postfix Mail Transport Agent
Conflicts=sendmail.service exim4.service
ConditionPathExists=/etc/postfix/main.cf

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/true
ExecReload=/bin/true

[Install]
WantedBy=multi-user.target


Thanks.

-Tom
ju

Re: Systemd: Error when replacing postfix LSB init with postfix.service on Debian 8 (jessie)

[Tom Browder]

On Sun, Aug 20, 2017 at 11:41 AM, Nicolas George <geo...@nsup.org> wrote:
> Le tridi 3 fructidor, an CCXXV, Tom Browder a écrit :
>> So "disabled" is normal?
>
> Indeed. See:
>
> https://docs.fedoraproject.org/en-US/Fedora/15/html/Deployment_Guide/ch-Services_and_Daemons.html#s3-services-configuration-enabling

I do see, this systemctl world is new to me, but I am learning thanks
to your help.

Best,

-Tom

Re: Systemd: Error when replacing postfix LSB init with postfix.service on Debian 8 (jessie)

[Tom Browder]

On Sun, Aug 20, 2017 at 12:30 Sven Hartge <s...@svenhartge.de> wrote:

> Tom Browder <tom.brow...@gmail.com> wrote:
>
> > The contents of the postfix.service file are;
>
...

>
> That unit file does effectivly nothing. It just starts "/bin/true" and
> exits.
>
> What it *not* does is starting postfix in any way.

...

> .
> Are you sure you only got this one unit file from the postfix developer?


I thought I did, but I'm still searching for the source.

Back when I get more info.

-Tom

Systemd: Error when replacing postfix LSB init with postfix.service on Debian 8 (jessie)

[Tom Browder]

I got a postfix.service file from a postfix developer and installed it in
/etc/systemd/system as the docs mention.

I then moved the /etc/init.d/postfix file away, reloaded the systemd
daemon, and did:

  # systemctl start postfix
  # systemctl status postfix

and got several lines basically saying posfix.service was disabled.

I have looked for instructions on replacing init.d scripts with systemd
scripts and found the ones about writing service files, converting inin.d
scripts, placing the new service files, but haven't yet found how to turn
the old lsb system off for one service.

Thanks for any help.

With warmest regards,

-Tom

Re: Systemd: Error when replacing postfix LSB init with postfix.service on Debian 8 (jessie)

[Tom Browder]

On Sun, Aug 20, 2017 at 10:17 Nicolas George <geo...@nsup.org> wrote:

> Le tridi 3 fructidor, an CCXXV, Tom Browder a écrit :
> > >   # systemctl start postfix
> > >   # systemctl status postfix
> > >
> > > and got several lines basically saying posfix.service was disabled.
>
> > The exact message is:
> >
> > * postfix.service - Postfix Mail Transport Agent
> >Loaded: loaded (/etc/systemd/system/postfix.service; disabled)

...

> Looks like Postfix is running correctly.


So "disabled" is normal?

Note that "systemctl start" is transient. If you want to make it start
> automatically at boot, you have to use "systemctl enable".


Thanks, Nicolas.

Best,

-Tom

Re: Systemd: Error when replacing postfix LSB init with postfix.service on Debian 8 (jessie)

[Tom Browder]

On Sun, Aug 20, 2017 at 10:17 AM, Nicolas George <geo...@nsup.org> wrote:
> Le tridi 3 fructidor, an CCXXV, Tom Browder a écrit :
>> >   # systemctl start postfix
>> >   # systemctl status postfix
>> >
>> > and got several lines basically saying posfix.service was disabled.
>
>> The exact message is:
>>
>> * postfix.service - Postfix Mail Transport Agent
>>Loaded: loaded (/etc/systemd/system/postfix.service; disabled)
>>Active: active (running) since Fri 2017-08-18 04:51:33 CDT; 2 days ago
>>CGroup: /system.slice/postfix.service
>>|- 1505 /usr/lib/postfix/master
>>|- 9515 pickup -l -t unix -u -c
>>`-19868 qmgr -l -t unix -u
>
> Looks like Postfix is running correctly.
>
> Note that "systemctl start" is transient. If you want to make it start
> automatically at boot, you have to use "systemctl enable".

Okay, I did:

#  mv /etc/init.d/postfix /etc/init.d/postfix.orig
#  cp postfix.service /etc/systemd
#  systemctl enable postfix
#  systemctl daemon-reload
#  systemctl stop postfix
#  systemctl start postfix
#  systemctl status postfix
* postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/etc/systemd/system/postfix.service; enabled)
   Active: active (exited) since Sun 2017-08-20 11:25:02 CDT; 1min 37s ago
  Process: 524 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
 Main PID: 524 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/postfix.service

And all looks good!

Thanks, Nicolas.

Best regards,

-Tom

Re: Systemd: Error when replacing postfix LSB init with postfix.service on Debian 8 (jessie)

[Tom Browder]

On Sun, Aug 20, 2017 at 12:30 Sven Hartge <s...@svenhartge.de> wrote:

> Tom Browder <tom.brow...@gmail.com> wrote:
>
> > The contents of the postfix.service file are;
>
...

> That unit file does effectivly nothing. It just starts "/bin/true" and
> exits.
>
> What it *not* does is starting postfix in any way.
>
> This looks like there should be some other unit files which start the
> other daemons belonging to postfix which depend on this unit file, so
> you could easily start and stop everything with one command.
>
> Are you sure you only got this one unit file from the postfix developer?


No, I got it from a package installation of postfix on Debian 9.

So the question I have is how does it all work?  There is no init.d, but
there seems to be some convoluted handling that I haven't figured out yet.
Surely some expert can write a postfix.service file that drives postfix
commands.

Any clues?

Thanks.

-Tom

Postresql: need a way to initiate a database with a test user

[Tom Browder]

I get the following error when trying to create a table with psql:

  psql:  FATAL:   Peer authentication failed for user "sql92"
  The spawned command 'psql -f ./t/t.sql -U sql92' exited unsuccessfully
(exit code: 2)

The sql file has two create table commands.

I had already created the user 'sql92' with password = '' and createdb
privileges.

Is there any way to create a user that can be used outside an open database
connection in a script?

Thanks.

Best regards,

-Tom

Re: Postresql: need a way to initiate a database with a test user

[Tom Browder]

On Fri, Sep 15, 2017 at 08:03 Tom Browder <tom.brow...@gmail.com> wrote:

> I get the following error when trying to create a table with psql:
>

Re: OP subject: s/Postresql/PostgreSQL/

-Tom

Re: Systemd: Error when replacing postfix LSB init with postfix.service on Debian 8 (jessie)

[Tom Browder]

On Mon, Aug 21, 2017 at 02:36 Sven Hartge <s...@svenhartge.de> wrote:

> Tom Browder <tom.brow...@gmail.com> wrote:
> > On Sun, Aug 20, 2017 at 12:30 Sven Hartge <s...@svenhartge.de> wrote:
>
> > So the question I have is how does it all work?  There is no init.d,
> > but there seems to be some convoluted handling that I haven't figured
> > out yet.  Surely some expert can write a postfix.service file that
> > drives postfix commands.

...

> Question: Why do you want to manually replace the init-script from
> postfix in Jessie with a systemd.unit? What do you want to accomplish by
> doing so (other than creating a possible broken system)?


I thought I needed to be able to create service files since the init.d
system is going away.  Postfix seems simple enough that its service file
would also be simple.  I see I am wrong and I will let sleeping dogs lie.

Thanks, Sven.

-Tom

How can I enable ufw firewall tool with an existing set of iptables rules?

[Tom Browder]

Installing and enabling ufw sounds easy, but how is the existing set of
iptables rules treated?  I want to use ufw on a remote server and losing
ssh would be disastrous!

Thanks.

-Tom

Re: How can I enable ufw firewall tool with an existing set of iptables rules?

[Tom Browder]

On Mon, Aug 28, 2017 at 15:49 Alexander V. Makartsev 
wrote:

> Smart way to do it is to setup a cron job to run shell script that will
> flush (or restore to default working ruleset) iptables rules every 10
> minutes.


Thanks, Alexander.

-Tom

Re: How can I enable ufw firewall tool with an existing set of iptables rules?

[Tom Browder]

On Mon, Aug 28, 2017 at 15:54 Joe  wrote:
...

I confess to no specific knowledge here, but I suspect none of the
> firewall front-ends will accommodate an arbitrary iptables ruleset, as
> the front-ends impose their own structure which would almost certainly
> conflict.
>

Unfortunately, ufw doesn't have a safety net.

However, I did keep a valid ssh connection in a separate window to ensure I
could still login after I enabled ufw. That's still a dangerous way but my
fallback is my server is with a company who can assist in a reboot and ssh
access again if necessary.

Alexander's idea is a good one, and I really should have taken his advice.
However, all worked out well, fortunately.

Thanks, Joe.

-Tom

How does one create virtual ethernet devices with modern tools on Debian 8 (jessie)?

[Tom Browder]

I am currently defining my devices like this in file /etc/network/interfaces:

#=
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
  address 142.54.186.2
  netmask 255.255.255.248
  gateway 142.54.186.1
  dns-nameservers 192.187.107.16 69.30.209.16

  # added alias IPv4s:
  up   ip addr add 142.54.186.3/29 dev $IFACE label $IFACE:0
  down ip addr del 142.54.186.3/29 dev $IFACE label $IFACE:0

  up   ip addr add 142.54.186.4/29 dev $IFACE label $IFACE:1
  down ip addr del 142.54.186.4/29 dev $IFACE label $IFACE:1

  up   ip addr add 142.54.186.5/29 dev $IFACE label $IFACE:2
  down ip addr del 142.54.186.5/29 dev $IFACE label $IFACE:2

  up   ip addr add 142.54.186.6/29 dev $IFACE label $IFACE:3
  down ip addr del 142.54.186.6/29 dev $IFACE label $IFACE:3
#=

I would like to add a large chunk (say 20) of my IPv6 addresses, too.

Although not yet implemented (for fear of messing my remote host up),
the following has been recommended:

#=
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
auto etho
iface eth0 inet static
address 142.54.186.2
netmask 255.255.255.248
gateway 142.54.186.1
dns-nameservers 192.187.107.16 69.30.209.16
iface eth0 inet static
address 142.54.186.3
iface eth0 inet static
address 142.54.186.4
iface eth0 inet static
address 142.54.186.5
iface eth0 inet static
address 142.54.186.6
iface eth0 inet6 static
address 2604:4300:a:95::2
netmask :::::
gateway 2604:4300:a:95::1
dns-nameservers 192.187.107.16 69.30.209.16
iface eth0 inet6 static
address 2604:4300:a:95::3
iface eth0 inet6 static
address 2604:4300:a:95::4
iface eth0 inet6 static
address 2604:4300:a:95::5
iface eth0 inet6 static
address 2604:4300:a:95::6
#=


FYI, here is a chunk of the output of "dmesg | grep -i eth":

#=
[0.898483] e1000e :09:00.0 eth0: (PCI Express:2.5GT/s:Width
x4) 00:1e:68:2e:df:be
[0.898486] e1000e :09:00.0 eth0: Intel(R) PRO/1000 Network Connection
[0.898564] e1000e :09:00.0 eth0: MAC: 5, PHY: 5, PBA No: FF-0FF
[9.525606] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[   11.846375] e1000e: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow
Control: Rx/Tx
[   11.846877] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
#=

So how does one do the same thing with "modern" tools?

Thanks.

-Tom

Re: How does one create virtual ethernet devices with modern tools on Debian 8 (jessie)?

[Tom Browder]

On Fri, Aug 25, 2017 at 09:26 Sven Hartge <s...@svenhartge.de> wrote:
>
> Tom Browder <tom.brow...@gmail.com> wrote:
>
> Before we start:
>
> "virtual ethernet devices" are something totally different than you are
> doing here. You just want to put multiple IP addresses on one interface.
>
> "virtual ethernet devices" are for example used with virtualization or
> docker, to connect an isolated VM or container through the host to the
> network.
>
> > Although not yet implemented (for fear of messing my remote host up),
> > the following has been recommended:
...
> > # The primary network interface
> > allow-hotplug eth0
> > auto eth
>
> One of "allow-hotplug" or "auto", not both

Any preference for either line?

> And you have a typo there, it should read "auto eth0".

Good catch on the typo!

> > iface eth0 inet6 static
> > address 2604:4300:a:95::2
> > netmask :::::
> > gateway 2604:4300:a:95::1
> > dns-nameservers 192.187.107.16 69.30.209.16
>
> No need to duplicate the nameservers. Also this line only gets used if
> you use the package "resolvconf". On servers with static IP
> configuration I usually get rid of this mechanism and set the
> nameservers myself in /etc/resolv.conf

Ah!  That's good advice.

> > iface eth0 inet6 static
> > address 2604:4300:a:95::6
>
> Yes, everything is fine.
>
> Side note: I'd truly randomize the IPv6 addresses, so the subnet is not
> as easily scannable from the outside.

Also good advice.

Thanks, Sven, very helpful.  Can you recommend a good modern book on networking?

> > So how does one do the same thing with "modern" tools?
>
> I don't understand the question. Do you mean "systemd-networkd"?

I'm indirectly referencing a long-running thread on this list about
using ifconfig versus "modern" tools for viewing the current
interfaces setup.

And just how does one restart the new interfaces with systemctl?

If I mess something up, is there any way to ssh into the remote system?

Thanks very much for all your help!

Best,

-Tom

Re: How does one create virtual ethernet devices with modern tools on Debian 8 (jessie)?

[Tom Browder]

On Fri, Aug 25, 2017 at 10:09 AM, Greg Wooledge  wrote:
>> On Fri, Aug 25, 2017 at 09:26 Sven Hartge  wrote:
>> > One of "allow-hotplug" or "auto", not both
>>
>> Any preference for either line?
>
> Use "auto" if the network interface is a permanent one, and "allow-hotplug"
> if it's a transient one (removable, whatever).
>
> Interfaces configured as "auto" will be respected by systemd's
> "network-online.target", meaning any service that you configure to
> wait for network-online will wait for all "auto" interfaces to be
> brought up.  It will not wait for "allow-hotplug" interfaces.

That's very helpful. Sounds like it's the "auto" for my situation.

Thanks much, Greg.

Best,

-Tom

Recommended editor for novice programmers?

[Tom Browder]

My Linux user group is setting up one desktop computer and one laptop
computer for lending to our local library as an educational resource for
folks who want to explore what Linux is all about.  We are using Debian 9
for now.

I am open to any suggestions for standard packages we should add. I have
already installed gcc and friends as well as Scilab, R, Perl 6, and some
other stuff, including emacs.

I would especially appreciate other ideas for programming editors for
novice programmers.

Thanks.

Best regards,

-Tom

Re: Recommended editor for novice programmers?

[Tom Browder]

On Sun, Sep 3, 2017 at 05:03 Byung-Hee HWANG (황병희, 黃炳熙) <soyeo...@doraji.xyz>
wrote:

> In Article <
> cafmgiz_yn+qa52wb2nfhphv6g2thj-azjisu1xznytv8hui...@mail.gmail.com>,
>  Tom Browder <tom.brow...@gmail.com> writes:
>
> > My Linux user group is setting up one desktop computer [...]


Thanks for all the helpful suggestions, everyone!

Best regards,

-Tom

Re: If not "newbie" then ????

[Tom Browder]

On Sun, Jul 22, 2018 at 05:26 Eric S Fraga  wrote:

> I'd say "old skool" (affectionately) would do.  ;-)


Sounds like there are a lot of fellow travelers here.  If you lean more
towards
loving programming as I do (started in FORTRAN IV in 1961),
you might check out the new world of Perl 6 (https://perl6.org)
and join a nice group of people who will appreciate your help in fixing
bugs, improving documentation, and leaving a legacy 100-year
programming language for your descendants.

Best regards,

-Tom

Re: Recommendation for Virtual Machine and Instructions to set it up?

[Tom Browder]

On Thu, Dec 6, 2018 at 10:12 AM  wrote:
>
> Background:
>
> I'm involved with having some software written and then testing it.
>
> The software won't run on either my Wheezy or Jessie systems -- it appears to
> be an outdated libstdc++ that is the problem.

Before I go the VM route, I would try installing the latest clang or
gcc on the host you use normally. Rather than chasing OS's, you need
to get that software more portable IMHO.

Best regards,

-Tom

Multiple host names for a single server?

[Tom Browder]

I would like to use a single server for multiple remote services
including mail, bind dns, OpenStreep tiles, etcs., all with different
subdomain names but sharing the same server and IP.  For example:

  mail.example.com
  ns1.example.com
  tiles.example.com
  ...

I know I can define them with individual A records (with the same IP)
with my domain host provider, but will that cause problems conflicting
with a single physical hostname of, say, "pluto.example2.net"?

In other words, is the physical hostname of any server of any
importance except for logged in users?

Thanks.

-Tom

Re: Multiple host names for a single server?

[Tom Browder]

On Mon, Jan 7, 2019 at 10:20 AM Greg Wooledge  wrote:
...
> The primary purpose of the actual hostname is for you to be able to
> identify *which* computer is having a problem.  E.g. if you receive an
> email from a machine identifying itself as "www.yourdomain" but you have
> three such web servers operating as a round robin, then you will have
> to put in some work to figure out which of the three it came from.
>
> But if the email comes from a machine which self-identifies as
> "www1.yourdomain", then you have a better idea where to fix the issue.

Thanks, Greg.

-Tom

Re: Multiple host names for a single server?

[Tom Browder]

On Mon, Jan 7, 2019 at 10:33 AM Joe  wrote:
...
> In general you're right, it's just a matter of multiple A records. In
> the case of a mail server, the A record used for mail must have a
> complementary PTR record at your ISP, but this is not a matter of
> whether your mail server works, but whether other mail servers will
> accept mail from it.

Thanks, Joe.

-Tom

Re: Multiple host names for a single server?

[Tom Browder]

On Mon, Jan 7, 2019 at 10:24 AM john doe  wrote:
...
> Any reasons why you can't use 'cname' record?

Um, you're right, I should be able to use that now that ACME v2 lets
us use wild cards.

Thanks, "John."

-Tom

Re: Multiple host names for a single server?

[Tom Browder]

On Mon, Jan 7, 2019 at 12:26 PM Kushal Kumaran  wrote:
> Tom Browder  writes:
> > On Mon, Jan 7, 2019 at 10:24 AM john doe  wrote:
> > ...
> >> Any reasons why you can't use 'cname' record?
> >
> > Um, you're right, I should be able to use that now that ACME v2 lets
> > us use wild cards.
>
> Could you elaborate why the ability to create wildcard SSL certificates
> matters for the CNAME-vs-A decision?  They look orthogonal to me.

Hm, I think you're correct, Kushal. I was thinking about my crude
domain management tools and got careless in my OP.

Thanks for pointing that out!

-Tom

Re: Multiple host names for a single server?

[Tom Browder]

On Mon, Jan 7, 2019 at 4:11 PM Andy Smith  wrote:> Hi Tom,
> On Mon, Jan 07, 2019 at 11:42:28AM -0600, Tom Browder wrote:
> > On Mon, Jan 7, 2019 at 10:24 AM john doe  wrote:
> > > Any reasons why you can't use 'cname' record?
> >
> > Um, you're right
>
> Though do note that the right hand side of MX and NS records should
> not point to a CNAME alias (RFC 2181 ง10.3)น. Your examples included
> "mail" and "ns1" which often feature in MX and NS records.
...
> น Thought they often end up working anyway, contrary to RFCs.

Thanks, Andy. This has always been a confusing area for me.  When I
get a "practice" mail and dns setup ready I will check back here with
specifics and see what all respondents think.

Best regards,

-Tom

Acess Devian 9 laptop by another devica via wifi

[Tom Browder]

I travel often with a hefty laptop running Debian 9 and like to do casual
programming on it remotely via a terminal app (Termius) on an iPad. In many
situations I am able to access the laptop when on a wireless LAN by getting
its IP address with "sudo ifconfig" and simply using that address in
Termius to ssh in to the laptop.

However, someteimes that does not work until I edit the wireless connection
and declare it public. And in still other cases I cannot access the laptop
at all.

Is there any reliable way to either (1) always connect via the LAN or (2)
make the laptop broadcast its own LAN so I can login to it wirelessly from
the iPad?

Thanks.

With warmest regards,

-Tom

Re: Acess Devian 9 laptop by another devica via wifi

[Tom Browder]

> > Is there any reliable way to either (1) always connect via the LAN or (2)
> > make the laptop broadcast its own LAN so I can login to it wirelessly from
> > the iPad?
...
> It is unclear to me if you have one internal network (network behind
> your laptop) or if both the Ipad and the laptop are connected to the
> wireless infrastructure of the guest (hotel airport ...).

Both are connected to the same wireless LAN.

Thanks.

-Tom

Re: Acess Devian 9 laptop by another devica via wifi

[Tom Browder]

On Sat, Mar 23, 2019 at 5:12 AM Tom Browder  wrote:
>
> > > Is there any reliable way to either (1) always connect via the LAN or (2)
> > > make the laptop broadcast its own LAN so I can login to it wirelessly from
> > > the iPad?

Solved!!

I tried using my iPhjone as a personal hotspot and connected the
laptop AND iPad to it and I can ssh into the laptop with no problems.

-Tom