[SLUG] Distro for new users
When installing Linux my biggest concern is always Will it connect to the internet? As a new user I can say that connecting to the internet has been the hardest part of using Linux So may I suggest that whatever distro they use don't help them connect to the internet. The second trick when installing fc6 I have found is not to actually format the partitions themselves I always format the partitions using another install disk and then switch to FC6 when the format is complete I have found that this stops the Anaconda installer from crashing. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh and vnc
On Tue, 30 Jan 2007 18:27:04 +1100 Amos Shapira [EMAIL PROTECTED] wrote: On 30/01/07, Alan L Tyree [EMAIL PROTECTED] wrote: The frustrating thing is that I can't find any significant difference between the Xubuntu configuration files and the Ubuntu ones that behave perfectly. Let's try to look at the situation from a different angle - login to the remote system with -X and try to find whether you can see anything listening on TCP port 6010 (that's the port sshd will usually forward X11 through, determined by X11DisplayOffset in /etc/ssh/sshd_config) using sudo netstat -tlp. On the remote Xubuntu (Misty), logged in with ssh -X: [EMAIL PROTECTED]:~$ sudo netstat -tlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 localhost:2208*:* LISTEN 3795/hpiod tcp0 0 *:sunrpc *:* LISTEN 3062/portmap tcp0 0 *:x11 *:* LISTEN 3520/X tcp0 0 localhost:ipp *:* LISTEN 3776/cupsd tcp0 0 localhost:60924 *:* LISTEN 3804/python tcp6 0 0 *:x11 *:* LISTEN 3520/X tcp60 0 *:ssh *:* LISTEN 4223/sshd On the Local Debian Sid (Windy): tcp0 0 *:sunrpc *:* LISTEN 2136/portmap tcp0 0 *:auth *:* LISTEN 2718/inetd tcp 0 0 localhost:ipp *:* LISTEN 2487/cupsd tcp 0 0 *:39354*:* LISTEN 2789/rpc.statd tcp6 0 0 *:ssh*:* LISTEN 2741/sshd For some reason this command will not list the program name on a (working) Debian Etch, but rather something like: tcp0 0 localhost:6010 *:* LISTEN 21577/4 (21577 is the pid, I assume the /4 is the file descriptor) Also can you check that you have package xbase-clients installed on the remote Xubuntu (Misty)? Confirmed. Also, I took note of an earlier suggestion and unticked the item in Login Window Preferences which is Deny TCP connections to Xserver. And, I still have the following fundamental problem: [EMAIL PROTECTED]:~$ echo $DISPLAY [EMAIL PROTECTED]:~$ Thanks for the help. I'm sure it is something simple, but Of course, it is always simple once you know how to do it :-) Cheers, Alan Cheers, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- Alan L Tyreehttp://www2.austlii.edu.au/~alan Tel: +61 2 4782 2670Mobile: +61 427 486 206 Fax: +61 2 4782 7092FWD: 615662 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh and vnc
On 31/01/07, Alan L Tyree [EMAIL PROTECTED] wrote: On the remote Xubuntu (Misty), logged in with ssh -X: [EMAIL PROTECTED]:~$ sudo netstat -tlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 localhost:2208*:* LISTEN 3795/hpiod tcp0 0 *:sunrpc *:* LISTEN 3062/portmap tcp0 0 *:x11 *:* LISTEN 3520/X tcp0 0 localhost:ipp *:* LISTEN 3776/cupsd tcp0 0 localhost:60924 *:* LISTEN 3804/python tcp6 0 0 *:x11 *:* LISTEN 3520/X tcp60 0 *:ssh *:* LISTEN 4223/sshd So it looks like the -X request doesn't get handled by sshd on the other side, or at least it doesn't listen on a TCP port for you, so your problem is more foundamental than not having the $DISPLAY set. Run sshd -ddd on a seprate port on Misty and try to connect to it (-p parameter to ssh client). Be careful to do it that way instead of killing the standard sshd daemon - read sshd(8) about -d carefully before doing that. On the Local Debian Sid (Windy): That's not relevant, it's the ssh daemn on the other side that's supposed to listen for new X11 connections and pass them locally when they arrive, nothing new should listen on the local host for that (the local side of ssh is just another X11 client in that context). It's digging like this that teaches you the most about Linux/networking/tools/debugging methods, so keep digging. Cheers, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh and vnc
On Wed, 31 Jan 2007 07:39:02 +1100 Amos Shapira [EMAIL PROTECTED] wrote: On 31/01/07, Alan L Tyree [EMAIL PROTECTED] wrote: On the remote Xubuntu (Misty), logged in with ssh -X: [EMAIL PROTECTED]:~$ sudo netstat -tlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 localhost:2208*:* LISTEN 3795/hpiod tcp0 0 *:sunrpc *:* LISTEN 3062/portmap tcp0 0 *:x11 *:* LISTEN 3520/X tcp0 0 localhost:ipp *:* LISTEN 3776/cupsd tcp0 0 localhost:60924 *:* LISTEN 3804/python tcp6 0 0 *:x11 *:* LISTEN 3520/X tcp60 0 *:ssh *:* LISTEN 4223/sshd So it looks like the -X request doesn't get handled by sshd on the other side, or at least it doesn't listen on a TCP port for you, so your problem is more foundamental than not having the $DISPLAY set. Run sshd -ddd on a seprate port on Misty and try to connect to it (-p parameter to ssh client). Be careful to do it that way instead of killing the standard sshd daemon - read sshd(8) about -d carefully before doing that. OK, I'll try to give that a go later in the day. SNIP It's digging like this that teaches you the most about Linux/networking/tools/debugging methods, so keep digging. True, so true. I'm learning a lot more about ssh than I ever wanted to know :-) Thanks for the help, Amos. Cheers, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- Alan L Tyreehttp://www2.austlii.edu.au/~alan Tel: +61 2 4782 2670Mobile: +61 427 486 206 Fax: +61 2 4782 7092FWD: 615662 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: Re: [SLUG] ssh and vnc
Sorry to jump in here late, I haven;t looked at the whole thread. Have you already checked your sshd_config on the machine you are ssh'ing to You need to have: X11Forwarding yes -- default is NO X11UseLocalhost yes you can also get around it with: AllowTcpForwarding yes-- I assume the default of this is no as well. but would have to deal with the security yourself in that case. You already seem to have your X server listening on a TCP port so you are OK there (the default these days is to use a unix socket I think) Anyway - hope I am not stating the obvious here. If all of that fails then the sshd -ddd looks like a plan to me, use a different port (e.g. -p 5022) - you will need to run this after you ssh'ed in of course. From the above; Running netstat on the client [ which has the X server ] won't tell you anything - you need to run it on the server (by that I mean the machine with the sshd running) to check if you have localhost:6010 listening (or similar port - depending on the setting of : X11DisplayOffset in the sshd_config ) Useful man pages: http://www.die.net/doc/linux/man/man5/sshd_config.5.html http://gentoo-wiki.com/MAN_sshd_8 good luck with it. Alan L Tyree [EMAIL PROTECTED] wrote: On Wed, 31 Jan 2007 07:39:02 +1100 Amos Shapira [EMAIL PROTECTED] wrote: On 31/01/07, Alan L Tyree [EMAIL PROTECTED] wrote: On the remote Xubuntu (Misty), logged in with ssh -X: [EMAIL PROTECTED]:~$ sudo netstat -tlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 localhost:2208*:* LISTEN 3795/hpiod tcp0 0 *:sunrpc *:* LISTEN 3062/portmap tcp0 0 *:x11 *:* LISTEN 3520/X tcp0 0 localhost:ipp *:* LISTEN 3776/cupsd tcp0 0 localhost:60924 *:* LISTEN 3804/python tcp6 0 0 *:x11 *:* LISTEN 3520/X tcp60 0 *:ssh *:* LISTEN 4223/sshd So it looks like the -X request doesn't get handled by sshd on the other side, or at least it doesn't listen on a TCP port for you, so your problem is more foundamental than not having the $DISPLAY set. Run sshd -ddd on a seprate port on Misty and try to connect to it (-p parameter to ssh client). Be careful to do it that way instead of killing the standard sshd daemon - read sshd(8) about -d carefully before doing that. OK, I'll try to give that a go later in the day. SNIP It's digging like this that teaches you the most about Linux/networking/tools/debugging methods, so keep digging. True, so true. I'm learning a lot more about ssh than I ever wanted to know :-) Thanks for the help, Amos. Cheers, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- Alan L Tyreehttp://www2.austlii.edu.au/~alan Tel: +61 2 4782 2670Mobile: +61 427 486 206 Fax: +61 2 4782 7092FWD: 615662 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: Re: [SLUG] ssh and vnc
On 31/01/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: you can also get around it with: AllowTcpForwarding yes-- I assume the default of this is no as well. I forgot about that one but the manual says that the default is yes. You still need to enable the X11Forwarding which is a separate flag as you stated. but would have to deal with the security yourself in that case. You already seem to have your X server listening on a TCP port so you are OK there (the default these days is to use a unix socket I think) That's not relevant - once the X11 connection is forwarded to the local ssh client, the ssh client can use UNIX-domain sockets to connect to the local X11 server just like any other local X11 client. If all of that fails then the sshd -ddd looks like a plan to me, use a different port (e.g. -p 5022) - you will need to run this after you ssh'ed in of course. And make sure the port is accessible through any firewall on the way (you DO have iptables set up, do you?) Cheers, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh and vnc
On Wed, 31 Jan 2007 09:36:57 +1100 [EMAIL PROTECTED] wrote: Sorry to jump in here late, I haven;t looked at the whole thread. Have you already checked your sshd_config on the machine you are ssh'ing to You need to have: X11Forwarding yes -- default is NO X11UseLocalhost yes Check. you can also get around it with: AllowTcpForwarding yes-- I assume the default of this is no as well. but would have to deal with the security yourself in that case. You already seem to have your X server listening on a TCP port so you are OK there (the default these days is to use a unix socket I think) Anyway - hope I am not stating the obvious here. If all of that fails then the sshd -ddd looks like a plan to me, use a different port (e.g. -p 5022) - you will need to run this after you ssh'ed in of course. Fooling around with that now. The man page says that output is sent to the system log (which I presume is /var/log/syslog). It doesn't seem to be doing that. However, it runs through lots of ports (Not sure where it starts since I can't scroll up that far) and then reports: debug2: bind port 6999: Cannot assign requested address Failed to allocate internet-domain X11 display socket. debug1: x11_create_display_inet failed. So that at least explains why DISPLAY is not set. Any further help appreciated. Alan From the above; Running netstat on the client [ which has the X server ] won't tell you anything - you need to run it on the server (by that I mean the machine with the sshd running) to check if you have localhost:6010 listening (or similar port - depending on the setting of : X11DisplayOffset in the sshd_config ) Useful man pages: http://www.die.net/doc/linux/man/man5/sshd_config.5.html http://gentoo-wiki.com/MAN_sshd_8 good luck with it. Alan L Tyree [EMAIL PROTECTED] wrote: On Wed, 31 Jan 2007 07:39:02 +1100 Amos Shapira [EMAIL PROTECTED] wrote: On 31/01/07, Alan L Tyree [EMAIL PROTECTED] wrote: On the remote Xubuntu (Misty), logged in with ssh -X: [EMAIL PROTECTED]:~$ sudo netstat -tlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 localhost:2208*:* LISTEN 3795/hpiod tcp0 0 *:sunrpc *:* LISTEN 3062/portmap tcp0 0 *:x11 *:* LISTEN 3520/X tcp0 0 localhost:ipp *:* LISTEN 3776/cupsd tcp0 0 localhost:60924 *:* LISTEN 3804/python tcp6 0 0 *:x11 *:* LISTEN 3520/X tcp60 0 *:ssh *:* LISTEN 4223/sshd So it looks like the -X request doesn't get handled by sshd on the other side, or at least it doesn't listen on a TCP port for you, so your problem is more foundamental than not having the $DISPLAY set. Run sshd -ddd on a seprate port on Misty and try to connect to it (-p parameter to ssh client). Be careful to do it that way instead of killing the standard sshd daemon - read sshd(8) about -d carefully before doing that. OK, I'll try to give that a go later in the day. SNIP It's digging like this that teaches you the most about Linux/networking/tools/debugging methods, so keep digging. True, so true. I'm learning a lot more about ssh than I ever wanted to know :-) Thanks for the help, Amos. Cheers, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- Alan L Tyreehttp://www2.austlii.edu.au/~alan Tel: +61 2 4782 2670Mobile: +61 427 486 206 Fax: +61 2 4782 7092FWD: 615662 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- Alan L Tyreehttp://www2.austlii.edu.au/~alan Tel: +61 2 4782 2670Mobile: +61 427 486 206 Fax: +61 2 4782 7092FWD: 615662 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh and vnc
On Wed, 31 Jan 2007 09:54:30 +1100 Amos Shapira [EMAIL PROTECTED] wrote: On 31/01/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: you can also get around it with: AllowTcpForwarding yes-- I assume the default of this is no as well. I forgot about that one but the manual says that the default is yes. You still need to enable the X11Forwarding which is a separate flag as you stated. but would have to deal with the security yourself in that case. You already seem to have your X server listening on a TCP port so you are OK there (the default these days is to use a unix socket I think) That's not relevant - once the X11 connection is forwarded to the local ssh client, the ssh client can use UNIX-domain sockets to connect to the local X11 server just like any other local X11 client. If all of that fails then the sshd -ddd looks like a plan to me, use a different port (e.g. -p 5022) - you will need to run this after you ssh'ed in of course. And make sure the port is accessible through any firewall on the way (you DO have iptables set up, do you?) closed down on Misty as part of the investigation. I'm behind a NAT router with all of these machines so it seems minimal risk. Alan Cheers, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- Alan L Tyreehttp://www2.austlii.edu.au/~alan Tel: +61 2 4782 2670Mobile: +61 427 486 206 Fax: +61 2 4782 7092FWD: 615662 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh and vnc
On 31/01/07, Alan L Tyree [EMAIL PROTECTED] wrote: Fooling around with that now. The man page says that output is sent to the system log (which I presume is /var/log/syslog). It doesn't seem to be doing that. However, it runs through lots of ports (Not sure where it starts since I can't scroll up that far) and then reports: Then forward the output to a file - sudo ...sshd ... ~/sshd.out 21 debug2: bind port 6999: Cannot assign requested address Failed to allocate internet-domain X11 display socket. debug1: x11_create_display_inet failed. So that at least explains why DISPLAY is not set. Any further help appreciated. Googling about, http://marc.theaimsgroup.com/?l=openssh-unix-devm=104336969724537w=2 looks closest to your situation - do you have the loopback interface configured? Another option - disable ipv6 by adding: ListenAddress 0.0.0.0 To sshd_config. (source: http://www.samag.com/documents/s=9915/sam0512i/0512i.htm it's Sun-specific but the error message is the same). Cheers, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh and vnc
On Wed, 31 Jan 2007 10:40:03 +1100 Amos Shapira [EMAIL PROTECTED] wrote: On 31/01/07, Alan L Tyree [EMAIL PROTECTED] wrote: Fooling around with that now. The man page says that output is sent to the system log (which I presume is /var/log/syslog). It doesn't seem to be doing that. However, it runs through lots of ports (Not sure where it starts since I can't scroll up that far) and then reports: Then forward the output to a file - sudo ...sshd ... ~/sshd.out 21 Of course. Muy stupido. The relevant part seems here: debug1: Entering interactive session for SSH2. debug2: fd 6 setting O_NONBLOCK debug2: fd 7 setting O_NONBLOCK debug1: server_init_dispatch_20 debug2: User child is on pid 10258 debug3: mm_request_receive entering debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: init debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 0 request x11-req reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req x11-req debug2: bind port 6010: Cannot assign requested address debug2: bind port 6010: Cannot assign requested address debug2: bind port 6011: Cannot assign requested address ... debug2: bind port 6998: Cannot assign requested address debug2: bind port 6999: Cannot assign requested address debug2: bind port 6999: Cannot assign requested address Failed to allocate internet-domain X11 display socket. debug1: x11_create_display_inet failed. But I don't know what to make of it. Thanks, Alan debug2: bind port 6999: Cannot assign requested address Failed to allocate internet-domain X11 display socket. debug1: x11_create_display_inet failed. So that at least explains why DISPLAY is not set. Any further help appreciated. Googling about, http://marc.theaimsgroup.com/?l=openssh-unix-devm=104336969724537w=2 looks closest to your situation - do you have the loopback interface configured? Another option - disable ipv6 by adding: ListenAddress 0.0.0.0 To sshd_config. (source: http://www.samag.com/documents/s=9915/sam0512i/0512i.htm it's Sun-specific but the error message is the same). Cheers, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- Alan L Tyreehttp://www2.austlii.edu.au/~alan Tel: +61 2 4782 2670Mobile: +61 427 486 206 Fax: +61 2 4782 7092FWD: 615662 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh and vnc
On 31/01/07, Alan L Tyree [EMAIL PROTECTED] wrote: But I don't know what to make of it. What about the rest of my message below? (copied again) Googling about, http://marc.theaimsgroup.com/?l=openssh-unix-devm=104336969724537w=2 looks closest to your situation - do you have the loopback interface configured? Another option - disable ipv6 by adding: ListenAddress 0.0.0.0 To sshd_config. (source: http://www.samag.com/documents/s=9915/sam0512i/0512i.htm it's Sun-specific but the error message is the same). Cheers, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Distro for new users
On Wednesday 31 January 2007 05:49, [EMAIL PROTECTED] wrote: When installing Linux my biggest concern is always Will it connect to the internet? As a new user I can say that connecting to the internet has been the hardest part of using Linux So may I suggest that whatever distro they use don't help them connect to the internet. The second trick when installing fc6 I have found is not to actually format the partitions themselves I always format the partitions using another install disk and then switch to FC6 when the format is complete I have found that this stops the Anaconda installer from crashing. I've always got my fledglings to get an ethernet router. Every one I've seen has DHCP enabled. Then (a) it just works (tm) and (b) as they learn to fly, and reinstall it still just works. Your second trick is idiosyncratic to your distro and your hardware. James -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh and vnc
On Wed, 31 Jan 2007 11:05:08 +1100 Amos Shapira [EMAIL PROTECTED] wrote: On 31/01/07, Alan L Tyree [EMAIL PROTECTED] wrote: But I don't know what to make of it. What about the rest of my message below? (copied again) Ooops, missed that. I'll try it. Googling about, http://marc.theaimsgroup.com/?l=openssh-unix-devm=104336969724537w=2 looks closest to your situation - do you have the loopback interface configured? Another option - disable ipv6 by adding: ListenAddress 0.0.0.0 To sshd_config. (source: http://www.samag.com/documents/s=9915/sam0512i/0512i.htm it's Sun-specific but the error message is the same). Cheers, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- Alan L Tyreehttp://www2.austlii.edu.au/~alan Tel: +61 2 4782 2670Mobile: +61 427 486 206 Fax: +61 2 4782 7092FWD: 615662 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Distro for new users
On Wednesday 31 January 2007 05:49, [EMAIL PROTECTED] wrote: [snip] As for connecting to the Internet - no probs with BB or LAN - I haven't use dialup in years. Wifi is another thing though but I now have it down to a fine art whether it be DLink USB, Ralink miniPCI, or Netgear PCI with TI ACX chipset - this last is the most esoteric to my mind. And you can save me a 15min drive to test: I've just setup a Dlink 604T for my sister. Everything OUT is allowed in the filter setup. is ESTABLISHED,RELATED permitted back or do I have to explicitly allow WWW, MAIL and SSH back? (There are no services offered) Thanks James -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Distro for new users
On 31/01/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: And you can save me a 15min drive to test: I've just setup a Dlink 604T for my sister. Everything OUT is allowed in the filter setup. is ESTABLISHED,RELATED permitted back or do I have to explicitly allow WWW, MAIL and SSH back? (There are no services offered) Doesn't make sense to have to open these ports if you don't serve anything on them - practically any normal TCP clients use some random TCP ports automatically assigned to them by the system when they connect(2) so you can't tell before the connect(2) which port should be opened back. That's what stateful firewall (http://en.wikipedia.org/wiki/Stateful_firewall) is all about. Also it wouldn't make much sense to allow any TCP packet out without automatically allowing the returning traffic. So without knowing this particular model (I have a 504g), I'd expect you to be covered in that area. --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh and vnc
On Wed, 31 Jan 2007 11:05:08 +1100 Amos Shapira [EMAIL PROTECTED] wrote: On 31/01/07, Alan L Tyree [EMAIL PROTECTED] wrote: But I don't know what to make of it. What about the rest of my message below? (copied again) Googling about, http://marc.theaimsgroup.com/?l=openssh-unix-devm=104336969724537w=2 looks closest to your situation - do you have the loopback interface configured? That may be it: [EMAIL PROTECTED]:~$ ifconfig eth0 Link encap:Ethernet HWaddr 00:11:24:92:E1:91 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:294 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:12348 (12.0 KiB) Interrupt:52 Base address:0x8000 eth1 Link encap:Ethernet HWaddr 00:11:24:7D:2B:C4 inet addr:192.168.1.101 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::211:24ff:fe7d:2bc4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:874 errors:0 dropped:0 overruns:0 frame:0 TX packets:1035 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:57675 (56.3 KiB) TX bytes:1126998 (1.0 MiB) Interrupt:41 Base address:0x3000 [EMAIL PROTECTED]:~$ But no lo device! Will pursue further and report back. Thanks for that. Another option - disable ipv6 by adding: ListenAddress 0.0.0.0 To sshd_config. (source: http://www.samag.com/documents/s=9915/sam0512i/0512i.htm it's Sun-specific but the error message is the same). Cheers, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- Alan L Tyreehttp://www2.austlii.edu.au/~alan Tel: +61 2 4782 2670Mobile: +61 427 486 206 Fax: +61 2 4782 7092FWD: 615662 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh and vnc
On 31/01/07, Alan L Tyree [EMAIL PROTECTED] wrote: That may be it: [EMAIL PROTECTED]:~$ ifconfig eth0 Link encap:Ethernet HWaddr 00:11:24:92:E1:91 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:294 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:12348 (12.0 KiB) Interrupt:52 Base address:0x8000 eth1 Link encap:Ethernet HWaddr 00:11:24:7D:2B:C4 inet addr:192.168.1.101 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::211:24ff:fe7d:2bc4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:874 errors:0 dropped:0 overruns:0 frame:0 TX packets:1035 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:57675 (56.3 KiB) TX bytes:1126998 (1.0 MiB) Interrupt:41 Base address:0x3000 [EMAIL PROTECTED]:~$ But no lo device! Will pursue further and report back. Check that you have the following in /etc/network/interfaces: # The loopback network interface auto lo iface lo inet loopback then run ifup lo --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Distro for new users
On Wednesday 31 January 2007 10:00, [EMAIL PROTECTED] wrote: And you can save me a 15min drive to test: I've just setup a Dlink 604T for my sister. Everything OUT is allowed in the filter setup. is ESTABLISHED,RELATED permitted back or do I have to explicitly allow WWW, MAIL and SSH back? (There are no services offered) Doesn't make sense to have to open these ports if you don't serve anything on them - practically any normal TCP clients use some random TCP ports automatically assigned to them by the system when they connect(2) so you can't tell before the connect(2) which port should be opened back. That's what stateful firewall (http://en.wikipedia.org/wiki/Stateful_firewall) is all about. Also it wouldn't make much sense to allow any TCP packet out without automatically allowing the returning traffic. So without knowing this particular model (I have a 504g), I'd expect you to be covered in that area. Thanks. I'm sure that it will be the same. I setup a telstra-cable for a mate on Edgy. I used 'guarddog' and I had to explicitly allow the services back. Bizare!! EG explicitly allow 80 back to get WWW or 110 for mail, but the negotiated ports associated with the above were allowed so ... I browse somewhere:80 I can't see unless I allow 80 incoming. The server negotiates to use (say) 4567. That does not affect operation at all. ie this kind of rubbish: tigger:/home/jam # netstat -anp |grep :80 tcp0 0 :::80 :::*LISTEN 3515/httpd2-prefork tcp0 0 192.168.5.254:8058.6.56.217:1036 ESTABLISHED 13246/httpd2-prefor tcp0 0 192.168.5.254:8058.6.56.217:1037 ESTABLISHED 3518/httpd2-prefork Now if I was 58.6.56.217 we'd be talking on 1036. That worked fine! Maybe guarddog allows ESTABLISHED but not RELATED Thanks James -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh and vnc
On Wed, 31 Jan 2007 12:06:22 +1100 Amos Shapira [EMAIL PROTECTED] wrote: On 31/01/07, Alan L Tyree [EMAIL PROTECTED] wrote: That may be it: [EMAIL PROTECTED]:~$ ifconfig eth0 Link encap:Ethernet HWaddr 00:11:24:92:E1:91 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:294 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:12348 (12.0 KiB) Interrupt:52 Base address:0x8000 eth1 Link encap:Ethernet HWaddr 00:11:24:7D:2B:C4 inet addr:192.168.1.101 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::211:24ff:fe7d:2bc4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:874 errors:0 dropped:0 overruns:0 frame:0 TX packets:1035 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:57675 (56.3 KiB) TX bytes:1126998 (1.0 MiB) Interrupt:41 Base address:0x3000 [EMAIL PROTECTED]:~$ But no lo device! Will pursue further and report back. Check that you have the following in /etc/network/interfaces: # The loopback network interface auto lo iface lo inet loopback then run ifup lo BINGO!! [EMAIL PROTECTED]:~$ echo $DISPLAY localhost:10.0 There was an error in the /etc/network/interfaces file that prevented lo from being started. No idea at all how it came to be corrupted. Thanks to all for your help on this. Cheers, Alan --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- Alan L Tyreehttp://www2.austlii.edu.au/~alan Tel: +61 2 4782 2670Mobile: +61 427 486 206 Fax: +61 2 4782 7092FWD: 615662 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: Installing Nvidia card
Patrick When I did the same thing on an Intel board there was a BIOS option for whether the AGP or PCI should be the first/primary video device (the one that gets all the start up messages) there was also the option to disable the on-board video. If you have two monitors you will see which is which when you start up. regards Steven On 1/29/07, elliott-brennan [EMAIL PROTECTED] wrote: Hi James, Thanks for that. I was under the impression that I'd have to disable the on-board vid first. I was contemplating having the new card not work and then finding out that I had NO video at all %) I'm assuming I will then see two cards in the system settings (Kubuntu 6.06) and can then choose the primary? Regards, Patrick 8. Re: Installing Nvidia card ([EMAIL PROTECTED]) [EMAIL PROTECTED] Mon, 29 Jan 2007 09:20:17 +0900 1) PLUG OUT your machine, or wall-plug off. Power Switch does NOT off the PCI bus 2) Plug in your new card 3) Plug in the monitor and switch on Its possible to make the primary-card the on-board card, but not normal, so no other action required James -- Registered Linux User 368634 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Where/how to buy a Linux desktop?
I'm thinking about buying a (mostly) Linux desktop machine. It doesn't have to be really remarkable except that I would like dual DVI outputs. I don't mind installing it myself or doing some research on exactly what is supported or good value but simpler is better. So what would you do? Some local reseller, Dell, something else? -- Martin -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Where/how to buy a Linux desktop?
Martin Pool wrote: I'm thinking about buying a (mostly) Linux desktop machine. It doesn't have to be really remarkable except that I would like dual DVI outputs. I don't mind installing it myself or doing some research on exactly what is supported or good value but simpler is better. So what would you do? Some local reseller, Dell, something else? Martin, I can recommend thse people: http://www.ipspty.com.au/ They will sell you machine with Linux pre-installed (ie you don't pay for windows). I think they only do Fedora, but if you have Fedora running, going to something else is easy. HTH, Erik -- +---+ Erik de Castro Lopo +---+ ... a discussion of C++'s strengths and flaws always sounds like an argument about whether one should face north or east when one is sacrificing one's goat to the rain god. -- Thant Tessman -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
