Re: [gentoo-user] Problems with domainname
On Mon, Mar 27, 2006 at 07:04:44PM -0800, maxim wexler wrote Okay, I'll try it. Can you give me some hints on how to edit the config file keeping in mind it's only for a crossover LAN and security is _not_ and issue? It's to spare me the ordeal of downloading to one machine and then having to burn to a CD just so I can put it on another machine 5 feet away. Step 1 is to make sure that you can traceroute or ping from one machine to the other. Once you know that you're connected, you can emerge openssh. You can run with /etc/ssh/sshd_config left at default values. But you'll want to make a few changes after that. The reasons for using keys rather than passwords are security and convenience. A 1024-bit key is a helluva lot harder to break than brute-forcing userID password combos. And you won't have to enter your password each time you connect to the host. This allows you to use scp in scripts and even in cron jobs. Make sure that sshd is running on the target machine. /etc/init.d/sshd start starts it. Put it into default with etc-update to have it come up at bootup. Some notes... - 1st time you try to connect to a host you'll be asked to confirm. If you say yes, the host will be listed in ~/.ssh/known_hosts. If that host ever changes IP address, ssh will scream blue murder when you try to connect to it. - to start a telnet-like SecureSHell (hence the name ssh) session you connect like one of the following example lines... ssh [EMAIL PROTECTED] ssh [EMAIL PROTECTED] - to copy file(s) from target machine to you... scp [EMAIL PROTECTED]:filename . scp [EMAIL PROTECTED]:photos/*.jpeg myphotos/ - to copy entire directory from target machine to you... scp -r [EMAIL PROTECTED]:photos . scp -r [EMAIL PROTECTED]:photos myphotos/ - to copy from your machine to the target machine, the examples look like so... scp [EMAIL PROTECTED]:filename . scp [EMAIL PROTECTED]:photos/*.jpeg myphotos/ scp -r photos [EMAIL PROTECTED]:. scp -r myphotos [EMAIL PROTECTED]:photos/ -- Walter Dnes [EMAIL PROTECTED] In linux /sbin/init is Job #1 My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Problems with domainname
--- Walter Dnes [EMAIL PROTECTED] wrote: On Sun, Mar 26, 2006 at 02:05:13PM -0800, maxim wexler wrote I thought emerging ftpd would be my salvation but that doesn't work either. How do you start the bleeping thing. I even ran /usr/sbin/ftpd; it didn't gag but it didn't start either. man ftpd (or whatever the package is called) for instructions on how to start it in daemon mode. Yeah, it says ftp -D, but it doesn't work. Doesn't give an error or log any sort of message at all. A WAG from me is /etc/init.d ftpd start, and remember to use etc-update to put it in your default runlevel. no such file! That's about all I remember about ftpd, because I've been using ssh for a long time. I strongly recommend switching to ssh. ftp has security issues for all but anonymous ftp. This is due to sending passwords in clear text. ssh has both scp and sftp, either of which will push/pull files. *AND* ssh allows encrypted tunneling *AND* a secure telnet shell equivalant. It's better all around. Okay, I'll try it. Can you give me some hints on how to edit the config file keeping in mind it's only for a crossover LAN and security is _not_ and issue? It's to spare me the ordeal of downloading to one machine and then having to burn to a CD just so I can put it on another machine 5 feet away. -- Walter Dnes [EMAIL PROTECTED] In linux /sbin/init is Job #1 My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Problems with domainname
--- Ryan Tandy [EMAIL PROTECTED] wrote: maxim wexler wrote: --- Walter Dnes [EMAIL PROTECTED] wrote: m doing things wrongg. - are you sure you're running ftpd on the target machine? Well top and ps list ftp without the 'd' on the end as running. And ftp starts with the ftp prompt. If that's what you mean. No, the ftp prompt is for the FTP *client*. It needs a server to connect to - the system doesn't know how to answer FTP requests just like that. ftpd, the FTP server, needs to be running on one of the machines aiieee!! It's not even emerged yet! This must have seemed so obvious to everybody they couldn't be bothered to reply. Well, thanks for the hand up. Hopefully this will put an end to the issue. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Problems with domainname
Ouch; you're *NOT* going to connect the two machines while logged on via dialup, at least not without some fancy route statements. If anybody can give an example of how to do it, I'd appreciate seeing it. K6-2.6.15-- lumberton ~ # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo Did you miss the last line when cutting+pasting or or was that really all? Try grep gateway /etc/conf.d/net on your machines. Here's what I get... But, you never asked about ../net in your last post. # For setting the default gateway #gateway=eth0/192.168.0.1 gateway=eth0/192.168.123.254 First, make sure that you are *NOT* connected via dialup. On the K6, insert into /etc/conf.d/net the line gateway=eth0/192.168.0.2 and execute /etc/init.d/net.eth0 restart On the Sempron, insert into /etc/conf.d/net the line gateway=eth0/192.168.0.3 and execute /etc/init.d/net.eth0 restart You should now be able to talk between the two machines... but dialup won't work. You may connect, but not get anywhere. Here's what you have to do on the Sempron... - *BEFORE* dialing up ifconfig eth0 down; you can now dial up - *AFTER* logging off dialup, /etc/init.d/net.eth0 restart; you can now talk between the two computers Well, I did all that and still no joy. The part about not be able to connect to the net was true, though. I thought emerging ftpd would be my salvation but that doesn't work either. How do you start the bleeping thing. I even ran /usr/sbin/ftpd; it didn't gag but it didn't start either. And there's supposed to be a whole whack of files under /etc/. Nope. I found xinet.conf but don't have a clue on how to edit it. Then there's this. That 'disable' looks ominous. Should that be set to 'no'? What about 'protocol'? What should go there? [EMAIL PROTECTED] ~ $ cat /etc/xinetd.d/ftp # default: off # $Header: /var/cvsroot/gentoo-x86/net-ftp/ftpd/files/ftp.xinetd,v 1.2 2004/08/14 13:41:20 swegener Exp $ # description: The netkit ftp daemon with optional SSL support. service ftp { socket_type = stream protocol= tcp wait= no user= root server = /usr/bin/ftpd disable = yes } If someone has a magic configuration that allows eth0 and ppp0 to co-exist, and function, simultaneously, please post it. Amen. -- Walter Dnes [EMAIL PROTECTED] In linux /sbin/init is Job #1 My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Problems with domainname
On Sun, Mar 26, 2006 at 02:05:13PM -0800, maxim wexler wrote I thought emerging ftpd would be my salvation but that doesn't work either. How do you start the bleeping thing. I even ran /usr/sbin/ftpd; it didn't gag but it didn't start either. man ftpd (or whatever the package is called) for instructions on how to start it in daemon mode. A WAG from me is /etc/init.d ftpd start, and remember to use etc-update to put it in your default runlevel. That's about all I remember about ftpd, because I've been using ssh for a long time. I strongly recommend switching to ssh. ftp has security issues for all but anonymous ftp. This is due to sending passwords in clear text. ssh has both scp and sftp, either of which will push/pull files. *AND* ssh allows encrypted tunneling *AND* a secure telnet shell equivalant. It's better all around. -- Walter Dnes [EMAIL PROTECTED] In linux /sbin/init is Job #1 My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Problems with domainname
12 192.168.0.2 gravity.twi-31o2.org gravity [EMAIL PROTECTED] ~ $ date Fri Mar 24 20:15:55 GMT 2006 [EMAIL PROTECTED] ~ $ Sorry to intrude but I can't get a nibble on my post ftp connection refused. Just so happens I found the above gravity line in my hosts file after doing an emerge of ftp. But ftp will not communicate across a crossover, pc-to-pc, LAN, even though the two NICs can ping each other and iftraf indicates a flurry of activity for about 1/2 a second at the start of an ftp session on the host pc. FWIW, I found that particular line added automagically to the /etc/hosts file on a fresh install using the 2.6.15 kernel after doing emerge ftp IIRC but not on the other machine's hosts file. The other pc uses the 2.6.12 kernel but the ftp client is identical for both. So I just added the line manually to the /hosts file on that one. So both PCs have that line in their /hosts file now. So I oughta be able to ftp gravity from one or the other and get connected, right? But it doesn't work :^( Does ftp work for you? What am I missing? -Maxim __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Problems with domainname
On Sat, Mar 25, 2006 at 02:11:01PM -0800, maxim wexler wrote So both PCs have that line in their /hosts file now. So I oughta be able to ftp gravity from one or the other and get connected, right? But it doesn't work :^( Does ftp work for you? There are several places where things can go wrong. Here are some boobytraps that I've found out about the hard way. Put it this way... doing things right comes from experience... experience comes from doing things wrongg. - are you sure you're running ftpd on the target machine? - check the logs on both machines to ensure that neither one is rejecting packets from the other by iptables rules - post the output of grep -v ^# /etc/hosts and ifconfig eth0 and route -n from both machines - I've run into some paranoid ftpd daemons that need /etc/hosts.allow and /etc/hosts.deny to be set up with proper entries *EVEN IF YOU'RE NOT RUNNING INETD*. Apparently, that ftp daemon reads hosts.allow and hosts.deny follows their rules. Try emerge -pv on your ftp program, and check the flags. -- Walter Dnes [EMAIL PROTECTED] In linux /sbin/init is Job #1 My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Problems with domainname
--- Walter Dnes [EMAIL PROTECTED] wrote: On Sat, Mar 25, 2006 at 02:11:01PM -0800, maxim wexler wrote So both PCs have that line in their /hosts file now. So I oughta be able to ftp gravity from one or the other and get connected, right? But it doesn't work :^( Does ftp work for you? There are several places where things can go wrong. Here are some boobytraps that I've found out about the hard way. Put it this way... doing things right comes from experience... experience comes from doing things wrongg. - are you sure you're running ftpd on the target machine? Well top and ps list ftp without the 'd' on the end as running. And ftp starts with the ftp prompt. If that's what you mean. - check the logs on both machines to ensure that neither one is rejecting packets from the other by iptables rules Nothing in the logs. Maybe I need a LAN specific logger? All I got is syslog-ng on both machines. There is this, which is identical on both machines with different numbers of course: sarawak heathen # tcpdump -v tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 19:44:10.942027 arp who-has 192.168.0.3 tell gravity.twi-31o2.org 19:44:12.515686 arp reply 192.168.0.3 is-at 00:e0:18:99:88:77 (oui Unknown) 19:44:10.942092 IP (tos 0x0, ttl 64, id 38827, offset 0, flags [DF], proto: TCP (6), length: 60) gravity.twi-31o2.org.53486 192.168.0.3.ftp: S, cksum 0xa947 (correct), 3719721500:3719721500(0) win 5840 mss 1460,sackOK,timestamp 648631 0,nop,wscale 2 19:44:10.942110 IP (tos 0x0, ttl 64, id 127, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.0.3.ftp gravity.twi-31o2.org.53486: R, cksum 0x0da3 (correct), 0:0(0) ack 3719721501 win 0 19:44:15.940760 arp who-has gravity.twi-31o2.org tell 192.168.0.3 19:44:15.940877 arp reply gravity.twi-31o2.org is-at 00:04:75:8a:cf:84 (oui Unknown) You'll notice that last number *is* the hardware address on the remote machine(see below). So there has been some sort of communication between the two but then it shuts off. - post the output of grep -v ^# /etc/hosts and ifconfig eth0 and route -n from both machines K6-2.6.15-- lumberton ~ # ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:04:75:8A:CF:84 inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:10 errors:0 dropped:0 overruns:0 frame:0 TX packets:11 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:614 (614.0 b) TX bytes:702 (702.0 b) Interrupt:9 Base address:0x4f80 lumberton ~ # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 00 eth0 127.0.0.0 127.0.0.1 255.0.0.0 UG 0 00 lo lumberton ~ # grep -v ^# /etc/hosts 127.0.0.1 localhost 192.168.0.3 gravity.twi-31o2.org gravity lumberton ~ # emerge -pv ftp These are the packages that I would merge, in order: Calculating dependencies ...done! [ebuild R ] net-ftp/ftp-0.17-r6 +ipv6 +ssl 0 kB Total size of downloads: 0 kB Sempron-2.6.12 sarawak heathen # ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:E0:18:99:88:77 inet addr:192.168.0.3 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:19 errors:0 dropped:0 overruns:0 frame:0 TX packets:19 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1182 (1.1 Kb) TX bytes:994 (994.0 b) Interrupt:11 Base address:0x2000 sarawak heathen # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 64.228.98.241 0.0.0.0 255.255.255.255 UH 0 00 ppp0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 00 eth0 127.0.0.0 127.0.0.1 255.0.0.0 UG 0 00 lo 0.0.0.0 64.228.98.241 0.0.0.0 UG 0 00 ppp0 sarawak heathen # grep -v ^# /etc/hosts 127.0.0.1 sarawak localhost 192.168.0.2 gravity.twi-31o2.org gravity ::1 ip6-localhost ip6-loopback #hmm, fe00::0 ip6-localnet #more ff00::0 ip6-mcastprefix#stuff ff02::1 ip6-allnodes #here ff02::2 ip6-allrouters ff02::3 ip6-allhosts sarawak heathen # emerge -pv ftp These are the packages that I would merge, in order: Calculating dependencies ...done! [ebuild R ] net-ftp/ftp-0.17-r6 +ipv6 +ssl 0 kB Total size of downloads: 0 kB __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- gentoo-user@gentoo.org mailing
Re: [gentoo-user] Problems with domainname
maxim wexler wrote: --- Walter Dnes [EMAIL PROTECTED] wrote: m doing things wrongg. - are you sure you're running ftpd on the target machine? Well top and ps list ftp without the 'd' on the end as running. And ftp starts with the ftp prompt. If that's what you mean. No, the ftp prompt is for the FTP *client*. It needs a server to connect to - the system doesn't know how to answer FTP requests just like that. ftpd, the FTP server, needs to be running on one of the machines, while you connect to it from the other one with ftp. If ftpd isn't running on the target machine, then of course your connections will be refused - there's nothing running that knows how to accept them. I'm not familiar with Gentoo's ftpd setup, but try /etc/init.d/ftpd start on the server. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Problems with domainname
On Sat, Mar 25, 2006 at 06:57:10PM -0800, maxim wexler wrote Sempron-2.6.12 sarawak heathen # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 64.228.98.241 0.0.0.0 255.255.255.255 UH 0 00 ppp0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 00 eth0 127.0.0.0 127.0.0.1 255.0.0.0 UG 0 00 lo 0.0.0.0 64.228.98.241 0.0.0.0 UG 0 00 ppp0 Ouch; you're *NOT* going to connect the two machines while logged on via dialup, at least not without some fancy route statements. If anybody can give an example of how to do it, I'd appreciate seeing it. K6-2.6.15-- lumberton ~ # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 127.0.0.1 255.0.0.0 UG0 0 0 lo Did you miss the last line when cutting+pasting or or was that really all? Try grep gateway /etc/conf.d/net on your machines. Here's what I get... # For setting the default gateway #gateway=eth0/192.168.0.1 gateway=eth0/192.168.123.254 First, make sure that you are *NOT* connected via dialup. On the K6, insert into /etc/conf.d/net the line gateway=eth0/192.168.0.2 and execute /etc/init.d/net.eth0 restart On the Sempron, insert into /etc/conf.d/net the line gateway=eth0/192.168.0.3 and execute /etc/init.d/net.eth0 restart You should now be able to talk between the two machines... but dialup won't work. You may connect, but not get anywhere. Here's what you have to do on the Sempron... - *BEFORE* dialing up ifconfig eth0 down; you can now dial up - *AFTER* logging off dialup, /etc/init.d/net.eth0 restart; you can now talk between the two computers If someone has a magic configuration that allows eth0 and ppp0 to co-exist, and function, simultaneously, please post it. -- Walter Dnes [EMAIL PROTECTED] In linux /sbin/init is Job #1 My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Problems with domainname
On 3/19/06, JimD [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: In order to get a proper FQDN, you need to set up three files: /etc/hosts, /etc/conf.d/hostanme, /etc/conf.d/domainname. I also have the same problems as you in past, and one day I found that the most tricky thing was that you must give a seperate line for your FQDN name in /etc/hosts! This is a part of my /etc/hosts file: 127.0.0.1 localhost 127.0.0.1 lp.lcst.com lp You can combine it all in one line like so: 127.0.0.1 localhost.localdomain localhost -- gentoo-user@gentoo.org mailing list Can I jump in here with my situation? [EMAIL PROTECTED] ~ $ [EMAIL PROTECTED] ~ $ cat /etc/hosts -n 1 # /etc/hosts: This file describes a number of hostname-to-address 2 # mappings for the TCP/IP subsystem. It is mostly 3 # used at boot time, when no name servers are running. 4 # On small systems, this file can be used instead of a 5 # named name server. Just add the names, addresses 6 # and any aliases to this file... 7 # $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/hosts,v 1.8 2003/08/04 20:12:25 azarah Exp $ 8 # 9 10 #127.0.0.1 localhost 11 127.0.0.1 localhost.localdomain localhost 12 192.168.0.2 gravity.twi-31o2.org gravity [EMAIL PROTECTED] ~ $ cat /home/thufir/hosts -n 1 # /etc/hosts: This file describes a number of hostname-to-address 2 # mappings for the TCP/IP subsystem. It is mostly 3 # used at boot time, when no name servers are running. 4 # On small systems, this file can be used instead of a 5 # named name server. Just add the names, addresses 6 # and any aliases to this file... 7 # $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/hosts,v 1.8 2003/08/04 20:12:25 azarah Exp $ 8 # 9 10 #127.0.0.1 localhost 11 127.0.0.1 hawat.thufir.gmail.com arrakis 12 192.168.0.2 gravity.twi-31o2.org gravity [EMAIL PROTECTED] ~ $ date Fri Mar 24 20:15:55 GMT 2006 [EMAIL PROTECTED] ~ $ So, I just replace /etc/hosts with /home/thufir/hosts and I'll have a computer named arrakis with a FQDN such that leafnode will be satisfied and I won't create a problem? I just want to satisfy leafnode. -Thufir -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Problems with domainname
[EMAIL PROTECTED] wrote: In order to get a proper FQDN, you need to set up three files: /etc/hosts, /etc/conf.d/hostanme, /etc/conf.d/domainname. I also have the same problems as you in past, and one day I found that the most tricky thing was that you must give a seperate line for your FQDN name in /etc/hosts! This is a part of my /etc/hosts file: 127.0.0.1 localhost 127.0.0.1 lp.lcst.com lp You can combine it all in one line like so: 127.0.0.1 localhost.localdomain localhost -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Problems with domainname
SOLVED! Thanks! On 3/19/06, JimD [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: In order to get a proper FQDN, you need to set up three files: /etc/hosts, /etc/conf.d/hostanme, /etc/conf.d/domainname. I also have the same problems as you in past, and one day I found that the most tricky thing was that you must give a seperate line for your FQDN name in /etc/hosts! This is a part of my /etc/hosts file: 127.0.0.1 localhost 127.0.0.1 lp.lcst.com lp You can combine it all in one line like so: 127.0.0.1 localhost.localdomain localhost -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Problems with domainname
On Sun, Mar 19, 2006 at 01:16:51AM -0300, Felipe Ribeiro wrote: Hi, I've already set my domain name (pixelsolutions.com.br) on /etc/hosts, /etc/conf.d/domainname and /etc/resolv.conf, but i still get the: This is mustang.(none) (Linux x86_64 2.6.15-gentoo-r7) when i start the system. What should i do? Regards, Felipe -- gentoo-user@gentoo.org mailing list In order to get a proper FQDN, you need to set up three files: /etc/hosts, /etc/conf.d/hostanme, /etc/conf.d/domainname. I also have the same problems as you in past, and one day I found that the most tricky thing was that you must give a seperate line for your FQDN name in /etc/hosts! This is a part of my /etc/hosts file: 127.0.0.1 localhost 127.0.0.1 lp.lcst.com lp Good Luck! -- Wang ShaoChun(王绍春) [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list