Re: Twitter On FreeBSD
On 09/03/2010 12:21, Programmer In Training wrote: Seriously, does anyone have a good Twitter client they use? I have very simple requirements (GUI, must be able to pull my feeds for local display, easy to compile (e.g. doesn't require anything from KDE)). may not be a standalone client, but have you tried the Echofon plugin for Firefox ? it supports multiple twitter accounts too. --dinesh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [OT] ssh security
Angelin Lalev lalev.ange...@gmail.com wrote: So, SSH uses algorithms like ssh-dss or ssh-rsa to do key exchange. These algorithms can defeat any attempts on eavesdropping, but cannot defeat man-in-the-middle attacks. To defeat them, some pre-shared information is needed - key fingerprint. What happened to Diffie-Hellman? Last I heard, its whole point was to enable secure communication, protected from both eavesdropping and MIM attacks, between systems having no prior trust relationship (e.g. any sort of pre-shared secret). What stops the server and client from establishing a Diffie-Hellman session and using it to perform the key exchange? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [OT] ssh security
What happened to Diffie-Hellman? Last I heard, its whole point was to enable secure communication, protected from both eavesdropping and MIM attacks, between systems having no prior trust relationship (e.g. any sort of pre-shared secret). What stops the server and client from establishing a Diffie-Hellman session and using it to perform the key exchange? I am not expert in cryptography, but logic tends to tell me that is I have no prior knowledge about the person I am about to talk to, anybody (MIM) could pretend to be that person. The pre-shared information need not to be secret (key fingerprints are not secret), but there is need for pre-shared trusted information. Bests, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
freebsd-update IDS
Hi ! I have a question about using freebsd-update IDS command. what is the correct way to specify 'the known good index of the installed release' ? I would like to compare an installed system with the(its) original released CD. Thanks d Ref: http://www.freebsd.org/cgi/man.cgi?query=freebsd-updateapropos=0sektion=0manpath=FreeBSD+8.0-RELEASEformat=html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How can I repair wrong /etc/rc.conf ?
On 9 March 2010 06:10, Lowell Gilbert freebsd-questions-lo...@be-well.ilk.org wrote: oscar Seo oscar...@gmail.com writes: I'm using FreeBSD 6.4 + windowmaker in IBM notebook. I edited /etc/rc.conf to use LAN other ip address is different from my home address in my school. I got error message from this [ /etc/rc.conf: 131: Syntax error: Unterminated quoted string Enter full pathname of shell or RETURN for /bin/sh: ] so that I returned, I decided to edit /etc/rc.conf using vi. But freebsd didn't find vi, less any other application. I can't modify even if read /etc/rc.conf. fortunately I can use cat so I found my fault sting from /etc/rc.conf but I can't modify any files cause the system changed into read only file system. How can I repair /etc/rc.conf file with fault statements using any editor? Thanks in advanced. Oscar There is an entry in the FreeBSD FAQ titled I made a mistake in rc.conf, or another startup file, and now I cannot edit it because the file system is read-only. What should I do? It's exactly what you need. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/http://be-well.ilk.org/%7Elowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org try doing a mount -uw / then a mount -a ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd-update IDS
daniele gl...@live.com writes: Hi ! I have a question about using freebsd-update IDS command. what is the correct way to specify 'the known good index of the installed release' ? I would like to compare an installed system with the(its) original released CD. Although not an avid freebsd-update user, I think what you want is done automagically by freebsd-update, given that you run a version supported by freebsd-update(8) (as described in the man page). Thanks d Ref: http://www.freebsd.org/cgi/man.cgi?query=freebsd-updateapropos=0sektion=0manpath=FreeBSD+8.0-RELEASEformat=html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Twitter On FreeBSD
On 03/09/10 01:14, Sam Fourman Jr. wrote: snip I wonder if this can be done in FreeBSD? http://www.technixupdate.com/install-tweetdeck-on-ubuntu-linux/ I've been working on that, but AIR chokes for one reason or another (see previous emails in this thread). -- Yours In Christ, PIT Emails are not formal business letters, whatever businesses may want. Original content copyright under the OWL http://owl.apotheon.org Please do not CC me. If I'm posting to a list it is because I am subscribed. signature.asc Description: OpenPGP digital signature
Re: Downloading issue!
On Tue, Mar 9, 2010 at 3:58 PM, Emmanuel Opio immanuel...@gmail.com wrote: Am studying at a University in E. Africa but the problem is that our server administrators blocked ftp and filtered out images, so we can not download any image file, the most common extension for operating systems. They're obviously having bandwidth problems. How about asking them nicely to fetch the ISOs once to their central server, and let students download them from there as often as they like? I've worked in multiple University IT departments, and we've never turned down a reasonable request like this, even when bandwidth was severely limited and quotas were in place. They probably won't either at your U. Maybe asking via a C.S. professor would have even more effect. ;-) Emmanuel Regards, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Downloading issue!
Hi, Am studying at a University in E. Africa but the problem is that our server administrators blocked ftp and filtered out images, so we can not download any image file, the most common extension for operating systems. I was just requesting then if there is a HTTP site with zipped freeBSD image files ready for download. It would really help a number of us out here. Thanks abundantly, Yours sincerely, Emmanuel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Downloading issue!
On 03/09/10 08:58, Emmanuel Opio wrote: Hi, Am studying at a University in E. Africa but the problem is that our server administrators blocked ftp and filtered out images, so we can not download any image file, the most common extension for operating systems. I was just requesting then if there is a HTTP site with zipped freeBSD image files ready for download. It would really help a number of us out here. Thanks abundantly, Yours sincerely, Emmanuel I could set up a place on one of my websites for this purpose. Just tell me which image you want and I'll get to work on it. I'll keep the image up for a month or two (or until my host complains about it) so I'll provide a link for others in similar situations. -- Yours In Christ, PIT Emails are not formal business letters, whatever businesses may want. Original content copyright under the OWL http://owl.apotheon.org Please do not CC me. If I'm posting to a list it is because I am subscribed. signature.asc Description: OpenPGP digital signature
Re: Downloading issue!
On Tue, Mar 9, 2010 at 2:58 PM, Emmanuel Opio immanuel...@gmail.com wrote: Hi, Am studying at a University in E. Africa but the problem is that our server administrators blocked ftp and filtered out images, so we can not download any image file, the most common extension for operating systems. I was just requesting then if there is a HTTP site with zipped freeBSD image files ready for download. It would really help a number of us out here. Thanks abundantly, Yours sincerely, Emmanuel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Hi, Maybe you could try the memstick.img or the dvd1.iso.gz http://ftp.ntua.gr/pub/FreeBSD/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
warning: network_biopair_interop: error reading 5 bytes from the network: Connection reset by peer
Since updating to FreeBSD 7.3-PRERELEASE, I am having problems with my mail server. I have Postfix (2.7-20100117) installed. When sending, this warning message appears in the mail log: warning: network_biopair_interop: error reading 5 bytes from the network: Connection reset by peer When I posted this on the Postfix forum, Wietse Venema, the author of Postfix, replied: Connection reset by peer (or error code ECONNRESET) means that the other party hung up. This never happened prior to updating FreeBSD to FreeBSD 7.3-PRERELEASE. Has anyone else experienced this or have a solution? -- Jerry ges...@yahoo.com |=== |=== |=== |=== | I trust the first lion he meets will do his duty. J. P. Morgan on Teddy Roosevelt's safari ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
unzip fails to extract password protected archive
This is on FreeBSD ia64 9.0-CURRENT #0 r203484M: I've zip-3.0 and unzip-6.0 installed from ports. When I try to add files to an archive with encryption, I cannot then extract them back: ls -al try zip -e try.zip try Enter password: Verify password: adding: try (deflated 42%) rm try unzip try.zip Archive: try.zip extracting: try | unzip: ZIP decompression failed (-3) ls -al try -rwxr-xr-x 1 mexas wheel 0 9 Mar 10:27 try the extracted file is zero length. Maybe this is not supposed to work? Please advise many thanks anton -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 331 5944 Fax: +44 (0)117 929 4423 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Updating the system and ports
Hi Folk, Further to previous suggestion in this mailing list, I have just updated from FreeBSD 8.0-STABLE to the latest patch. I firstly use freebsd-update but it failed ... # freebsd-update fetch Lookin up update.FreeBSD.org mirrors... 3 mirrors found Fetching public key from update4.FreeBSD.org... failed Fetching public key from update5.FreeBSD.org... failed Fetching public key from update2.FreeBSD.org... failed Give up, no remaining mirrors. (I didn't run script(1), I hard typed from my memory.) I tried many times, the results were always the same. I don't know what happen. So I switch to update from source. REL_ENG_8_0 is specified in stable-supfile. After csup and buildworld/kernel. Now I am running 8.0-RELEASE-p2. But I am expecting 8.0-STABLE-p2. I don't understand. The handbook did not say anything about the capitalized RELEASE. At least I did not find it. I only notice that I always get RELEASE when freshly install from CDs. But when build from sources sometimes I get RELEASE. And sometimes I get STABLE. 1. What is the difference between RELEASE and STABLE? 2. After buildworld/kernel finished, I tried freebsd-upgrade again. Now it works. There are still 20 files to fetch and install. Only 8 hours between csup all sources and freebsd-upgrade. Is it normal to have such 20 outstanding files during short period? 3. freebsd-upgrade did not request for mergemaster(8). How can we ensure that things in /etc go well? 4. After this step, I would probably run portmaster. sleepy now :-( I want to know how often you normally update the ``system'' and ``ports''? If both are normally done EVERYDAY, freebsd-update is relatively fast. But portmaster is somewhat slow to build all ports from sources. One may have hundreds ports, if not thousands. Please give me some hints, what are you normally do? Thanks, Pongthep ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Fwd: Updating the system and ports
Hi Folk, Further to previous suggestion in this mailing list, I have just updated from FreeBSD 8.0-STABLE to the latest patch. I firstly use freebsd-update but it failed ... # freebsd-update fetch Lookin up update.FreeBSD.org mirrors... 3 mirrors found Fetching public key from update4.FreeBSD.org... failed Fetching public key from update5.FreeBSD.org... failed Fetching public key from update2.FreeBSD.org... failed Give up, no remaining mirrors. (I didn't run script(1), I hard typed from my memory.) I tried many times, the results were always the same. I don't know what happen. So I switch to update from source. REL_ENG_8_0 is specified in stable-supfile. After csup and buildworld/kernel. Now I am running 8.0-RELEASE-p2. But I am expecting 8.0-STABLE-p2. I don't understand. The handbook did not say anything about the capitalized RELEASE. At least I did not find it. I only notice that I always get RELEASE when freshly install from CDs. But when build from sources sometimes I get RELEASE. And sometimes I get STABLE. 1. What is the difference between RELEASE and STABLE? 2. After buildworld/kernel finished, I tried freebsd-upgrade again. Now it works. There are still 20 files to fetch and install. Only 8 hours between csup all sources and freebsd-upgrade. Is it normal to have such 20 outstanding files during short period? 3. freebsd-update did not request for mergemaster(8). [edit] How can we ensure that things in /etc go well? 4. After this step, I would probably run portmaster. sleepy now :-( I want to know how often you normally update the ``system'' and ``ports''? If both are normally done EVERYDAY, freebsd-update is relatively fast. But portmaster is somewhat slow to build all ports from sources. One may have hundreds ports, if not thousands. Please give me some hints, what are you normally do? Thanks, Pongthep - End forwarded message - ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Downloading issue!
On Tue, 9 Mar 2010 17:58:45 +0300 Emmanuel Opio immanuel...@gmail.com wrote: Am studying at a University in E. Africa but the problem is that our server administrators blocked ftp and filtered out images, so we can not download any image file You could try downloading it with a BitTorrent client. http://torrents.freebsd.org:8080/ Andreas -- GnuPG key : 0x2A573565|http://www.gnupg.org/howtos/de/ Fingerprint: 925D 2089 0BF9 8DE5 9166 33BB F0FD CD37 2A57 3565 pgpZqQnew4t28.pgp Description: PGP signature
Re: Updating the system and ports
Hi-- On Mar 9, 2010, at 8:07 AM, Pongthep Kulkrisada wrote: Further to previous suggestion in this mailing list, I have just updated from FreeBSD 8.0-STABLE to the latest patch. This is good. I firstly use freebsd-update but it failed ... [ ...Colin Percival is the owner of this, so I won't try to speak to it... ] So I switch to update from source. REL_ENG_8_0 is specified in stable-supfile. After csup and buildworld/kernel. Now I am running 8.0-RELEASE-p2. But I am expecting 8.0-STABLE-p2. I don't understand. If you track RELENG_8, you get -STABLE system from a build cycle. If you track RELENG_8_0, you are tracking the security branch and get your own official -RELEASE system from the build cycle. The handbook did not say anything about the capitalized RELEASE. At least I did not find it. I only notice that I always get RELEASE when freshly install from CDs. But when build from sources sometimes I get RELEASE. And sometimes I get STABLE. 1. What is the difference between RELEASE and STABLE? http://www.freebsd.org/security/ says: Supported FreeBSD Releases The FreeBSD Security Officer provides security advisories for several branches of FreeBSD development. These are the -STABLE Branches and the Security Branches. (Advisories are not issued for the -CURRENT Branch.) • The -STABLE branch tags have names like RELENG_7. The corresponding builds have names like FreeBSD 7.0-STABLE. • Each FreeBSD Release has an associated Security Branch. The Security Branch tags have names like RELENG_7_0. The corresponding builds have names like FreeBSD 7.0-RELEASE-p1. 2. After buildworld/kernel finished, I tried freebsd-upgrade again. Now it works. There are still 20 files to fetch and install. Only 8 hours between csup all sources and freebsd-upgrade. Is it normal to have such 20 outstanding files during short period? It's not unusual for a even single change (like pulling in a security fix or whatever to OpenSSL, sendmail, etc) to touch that many files. However, one does not normally swap back and forth between building from source and doing binary upgrades, although it's certainly fine if you wanted to get freebsd-upgrade working and use it from here on out. 3. freebsd-update did not request for mergemaster(8). [edit] How can we ensure that things in /etc go well? Read /usr/src/UPGRADING for notes about important changes. Run mergemaster -iU, although you don't need to bother unless you're moving to at least a .x upgrade or there was a specific mention in the security advisory otherwise. 4. After this step, I would probably run portmaster. sleepy now :-( I want to know how often you normally update the ``system'' and ``ports''? I update most systems at least as often as FreeBSD security advisories are posted; and ports whenever portaudit warns of an issue. If a new version of something which is a primary function of some box is updated, I might update more frequently for such a specific reason. I have test machines that get updated about weekly. I have firewall boxes with multiyear uptimes where I've only updated OpenSSH+OpenSSL when needed, since port 22 for management is all they do. If both are normally done EVERYDAY, freebsd-update is relatively fast. I'm going to conclude from this question that you aren't running production systems. :-) But portmaster is somewhat slow to build all ports from sources. One may have hundreds ports, if not thousands. Please give me some hints, what are you normally do? You only need to rebuild all ports when you are updating the system for a major release, like from 7.x to 8.x. Otherwise, portmaster, portupgrade, etc will determine which ports have changes and only rebuild those ones. -- -Chuck___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Updating the system and ports
On Tue, 9 Mar 2010 23:07:34 +0700 Pongthep Kulkrisada ptkris...@gmail.com wrote: Hi Folk, Further to previous suggestion in this mailing list, I have just updated from FreeBSD 8.0-STABLE to the latest patch. I firstly use freebsd-update but it failed ... # freebsd-update fetch Lookin up update.FreeBSD.org mirrors... 3 mirrors found Fetching public key from update4.FreeBSD.org... failed Fetching public key from update5.FreeBSD.org... failed Fetching public key from update2.FreeBSD.org... failed Give up, no remaining mirrors. (I didn't run script(1), I hard typed from my memory.) I tried many times, the results were always the same. I don't know what happen. So I switch to update from source. REL_ENG_8_0 is specified in stable-supfile. After csup and that should be RELENG_8_0 1. What is the difference between RELEASE and STABLE? Stable is a stable development branch, if you want to use freebsd-update you need to use a proper release security branch. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Compiling Linux into Kernel
I know the usual way of loading the linux module and configuring it in rc.conf, but can it be compiled directly into the kernel? If so, what would the line for it look like? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Trying run a php script from cron
I am trying to run a php script from the cron tab and these are the errors I receive: /usr/local/bin/php php -q /home//ripper.php result Could not open input file: php /usr/local/bin/php php -/home//ripper.php result Could not open input file: php /usr/local/bin/php -/home//ripper.php result This script must be called from the command line. Running Freebsd 8.0, Php 5.2.12 I have chmod the script 644 still no luck tried it chmod 777 still no luck. I have goggled this problem and followed the tutorials but still no luck. Any ideas how I can get the script to run? I can run run it from the command line without any problems. Thanks Darrell Betts be...@norden1.com --- Looks like I Picked the Wrong Week to Stop Sniffing Glue. -- Steve McCroskey -- Live ATC Feed from Toledo Express Airport http://d.liveatc.net/ktol.m3u ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Compiling Linux into Kernel
On Tue, Mar 9, 2010 at 9:35 AM, Jason Garrett kinged...@gmail.com wrote: I know the usual way of loading the linux module and configuring it in rc.conf, but can it be compiled directly into the kernel? If so, what would the line for it look like? options COMPAT_LINUX or if you are on amd64 options COMPAT_LINUX32 You can compile in the linprocfs module with options LINPROCFS See /usr/src/sys/conf/NOTES and /usr/src/sys/$ARCH/conf/NOTES to find lists of all available kernel options. -- Rob Farmer ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Updating the system and ports
* Chuck Swiger (cswi...@mac.com) wrote: If you track RELENG_8, you get -STABLE system from a build cycle. If you track RELENG_8_0, you are tracking the security branch and get your own official -RELEASE system from the build cycle. http://www.freebsd.org/security/ says: Supported FreeBSD Releases The FreeBSD Security Officer provides security advisories for several branches of FreeBSD development. These are the -STABLE Branches and the Security Branches. (Advisories are not issued for the -CURRENT Branch.) ? The -STABLE branch tags have names like RELENG_7. The corresponding builds have names like FreeBSD 7.0-STABLE. ? Each FreeBSD Release has an associated Security Branch. The Security Branch tags have names like RELENG_7_0. The corresponding builds have names like FreeBSD 7.0-RELEASE-p1. You explained very clear, much appreciated. However, one does not normally swap back and forth between building from source and doing binary upgrades, although it's certainly fine if you wanted to get freebsd-upgrade working and use it from here on out. I only wanted to try again because the previous tries failed. I actually was not expecting any update to be occured. From now on I should adhere with binary update, very fast. It also synchronizes source tree with binary. But I'm still question that how can we keep long uptime, if we always boot. Some boxes have been serving for many years without shutdown. 3. freebsd-update did not request for mergemaster(8). [edit] How can we ensure that things in /etc go well? Read /usr/src/UPDATING for notes about important changes. Very technical, few people can understand. It's good anyway. :-) Run mergemaster -iU, although you don't need to bother unless you're moving to at least a .x upgrade or there was a specific mention in the security advisory otherwise. Okay. I update most systems at least as often as FreeBSD security advisories are posted; Where or which mailing lists? Is there any ``push model'' like Windows Update? It will prompt right after boot finish, when new patches exist. and ports whenever portaudit warns of an issue. If a new version of something which is a primary function of some box is updated, I might update more frequently for such a specific reason. I have just know that ports-mgmt/portaudit can also report the availability of new ports. I thought that it only issues warnings when security vulnerabilities occurs. I have test machines that get updated about weekly. I have firewall boxes with multiyear uptimes where I've only updated OpenSSH+OpenSSL when needed, since port 22 for management is all they do. So you didn't update the system to keep long uptime. I'm going to conclude from this question that you aren't running production systems. :-) Yes I'm a novice (hobbyist). :-) You only need to rebuild all ports when you are updating the system for a major release, like from 7.x to 8.x. Otherwise, portmaster, portupgrade, etc will determine which ports have changes and only rebuild those ones. I shall use portmaster whenever I update *major* or *minor* release. But excluding patches. Thanks, Pongthep ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Updating the system and ports
* RW (rwmailli...@googlemail.com) wrote: that should be RELENG_8_0 Sorry for typo, but actually I only appended to the existing supfile. Thing goes well. Stable is a stable development branch, if you want to use freebsd-update you need to use a proper release security branch. Does that mean -STABLE can not use freebsd-update? If so, I am clear now because I encountered the problem when I used freebsd-update from -STABLE. It failed. Thanks, Pongthep ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Compiling Linux into Kernel
On Tue, Mar 9, 2010 at 11:41, Rob Farmer rfar...@predatorlabs.net wrote: On Tue, Mar 9, 2010 at 9:35 AM, Jason Garrett kinged...@gmail.com wrote: I know the usual way of loading the linux module and configuring it in rc.conf, but can it be compiled directly into the kernel? If so, what would the line for it look like? options COMPAT_LINUX or if you are on amd64 options COMPAT_LINUX32 You can compile in the linprocfs module with options LINPROCFS See /usr/src/sys/conf/NOTES and /usr/src/sys/$ARCH/conf/NOTES to find lists of all available kernel options. Thanks! I had read all of the NOTES files last night but it was late and I must have missed them (doh!) -- Rob Farmer ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Trying run a php script from cron
I am trying to run a php script from the cron tab and these are the errors I receive: /usr/local/bin/php php -q /home//ripper.php result Could not open input file: php /usr/local/bin/php php -/home//ripper.php result Could not open input file: php /usr/local/bin/php -/home//ripper.php result This script must be called from the command line. Running Freebsd 8.0, Php 5.2.12 I have chmod the script 644 still no luck tried it chmod 777 still no luck. I have goggled this problem and followed the tutorials but still no luck. Any ideas how I can get the script to run? I can run run it from the command line without any problems. Instead of /usr/local/bin/php php -q /home//ripper.php try /usr/local/bin/php -f /home//ripper.php or just /usr/local/bin/php /home//ripper.php You can also try a script like this one: #!/usr/local/bin/php -f ?php echo foo\n; ? And running it like this: /home//ripper.php after chmod'ing it to be executable. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: warning: network_biopair_interop: error reading 5 bytes from the network: Connection reset by peer
On Tue, Mar 9, 2010 at 5:11 AM, Jerry ges...@yahoo.com wrote: Since updating to FreeBSD 7.3-PRERELEASE, I am having problems with my mail server. I have Postfix (2.7-20100117) installed. When sending, this warning message appears in the mail log: warning: network_biopair_interop: error reading 5 bytes from the network: Connection reset by peer When I posted this on the Postfix forum, Wietse Venema, the author of Postfix, replied: Connection reset by peer (or error code ECONNRESET) means that the other party hung up. This never happened prior to updating FreeBSD to FreeBSD 7.3-PRERELEASE. Has anyone else experienced this or have a solution? -- Jerry ges...@yahoo.com Maybe you didn't have TLS enabled before? Anyway, this message caused by the other end disconnecting abruptly. If you just get it once in a while, it can be safely ignored. If you get it on every connection, your TLS is broken. If you get it fairly consistently with some specific client, maybe that client has a busted TLS implementation. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
tao suddenly died
Well, first time this happened since I got my Dell 8200. It suddenly died. I just finished sending an email a few minutes earlier. I'm writing from my only other live non-server. The KVM switch was mis-installed so I can't KVM over to my DNS server. Does this happen often with Dells? What should I be looking for to replace the 8200. thanks for any suggestions. -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: unzip fails to extract password protected archive
Anton Shterenlikht me...@bristol.ac.uk writes: This is on FreeBSD ia64 9.0-CURRENT #0 r203484M: I've zip-3.0 and unzip-6.0 installed from ports. When I try to add files to an archive with encryption, I cannot then extract them back: ls -al try zip -e try.zip try Enter password: Verify password: adding: try (deflated 42%) rm try unzip try.zip Archive: try.zip extracting: try | unzip: ZIP decompression failed (-3) ls -al try -rwxr-xr-x 1 mexas wheel 0 9 Mar 10:27 try the extracted file is zero length. Maybe this is not supposed to work? It does for me, but there are a number of problems with the zip encryption (even aside from the fact that it's easy to break). You might want to take a look at the extensive DECRYPTION section in the unzip(1) man page. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: powerd on 8.0, is it considered safe?
On 8/03/2010 9:47 PM, Dan Naumov wrote: Is powerd finally considered stable and safe to use on 8.0? At least on 7.2, it consistently caused panics when used on Atom systems with Hyper-Threading enabled, but I recall that Attilio Rao was looking into it. I can confirm I've been running it on an Atom 330 board, with HyperThreading, on 8.0-RELEASE-p2, for quite some time now: timeserver ~ 66 uptime 7:43AM up 11 days, 13:34, 1 user, load averages: 0.01, 0.01, 0.00 And /etc/rc.conf: powerd_flags=-i 85 -r 60 -p 100 Although now looking at it I don't know if it's working ... Dave. -- David Rawling Principal Consultant PD Consulting And Security 7 Virginia Ave Baulkham Hills, NSW 2153 Australia Mob: +61 412 135 513 Email: d...@pdconsec.net Please note that whilst we take all care, neither PD Consulting and Security nor the sender accepts any responsibility for viruses and it is your responsibility to scan for viruses. The contents are intended only for use by the addressee and may contain confidential and/or privileged material and any use by other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: warning: network_biopair_interop: error reading 5 bytes from the network: Connection reset by peer
On Tue, 9 Mar 2010 12:36:31 -0600 Noel Jones noeld...@gmail.com articulated: Maybe you didn't have TLS enabled before? Anyway, this message caused by the other end disconnecting abruptly. If you just get it once in a while, it can be safely ignored. If you get it on every connection, your TLS is broken. If you get it fairly consistently with some specific client, maybe that client has a busted TLS implementation. -- Noel Jones Hi Noel, I always had TLS enabled and it has always worked. I use Dovecot with TLS and it is not logging any errors. This whole thing started after I updated to FreeBSD-7.3 pre-release from version 7.2 last week. Every sending attempt produces this error although the mail does go through whether it is to someone on the same network or to an entirely different domain. Do you have any good idea how I can debug this? -- Jerry ges...@yahoo.com |=== |=== |=== |=== | The important thing is not to stop questioning. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How can I repair wrong /etc/rc.conf ?
On Tue, Mar 09, 2010 at 02:45:22PM +0900, oscar Seo wrote: I'm using FreeBSD 6.4 + windowmaker in IBM notebook. I edited /etc/rc.conf to use LAN other ip address is different from my home address in my school. I got error message from this [ /etc/rc.conf: 131: Syntax error: Unterminated quoted string Enter full pathname of shell or RETURN for /bin/sh: ] so that I returned, I decided to edit /etc/rc.conf using vi. But freebsd didn't find vi, less any other application. I can't modify even if read /etc/rc.conf. fortunately I can use cat so I found my fault sting from /etc/rc.conf but I can't modify any files cause the system changed into read only file system. How can I repair /etc/rc.conf file with fault statements using any editor? It is because not all of your filesystems are mounted. Probably you can gett away with just doing fsck -a mount -u mount -a From then you can edit. If it will not run the fsck or the mount -a, then you will have to reboot in to single user mode and do the above. jerry Thanks in advanced. Oscar ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: tao suddenly died
Gary Kline wrote: Well, first time this happened since I got my Dell 8200. It suddenly died. I just finished sending an email a few minutes earlier. I'm writing from my only other live non-server. The KVM switch was mis-installed so I can't KVM over to my DNS server. Does this happen often with Dells? What should I be looking for to replace the 8200. thanks for any suggestions. Aloha Gary, Dell sudden death. In my experience means a hardware failure. EG: Two weeks ago I consulted for a friend in IT on a dead Dell server with the removable hard drives. It turned out to be a faulty back plate where the HD's fitted in so all 4 were not working. Dell had to send a replacement backplate to replace the bad one. If you can find anyone on a list with one of your type maybe they can help you. Dell doesnt always use the same hardware in the same model computer btw. Check all the cables and power supply connections and re-seat everything in the box. Something may have walked out of the board. ~Al Plant - Honolulu, Hawaii - Phone: 808-284-2740 + http://hawaiidakine.com + http://freebsdinfo.org + + http://aloha50.net - Supporting - FreeBSD 7.2 - 8.0 - 9* + email: n...@hdk5.net All that's really worth doing is what we do for others.- Lewis Carrol ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [OT] ssh security
On Tue, Mar 9, 2010 at 12:48 AM, Olivier Nicole olivier.nic...@cs.ait.ac.th wrote: What happened to Diffie-Hellman? Last I heard, its whole point was to enable secure communication, protected from both eavesdropping and MIM attacks, between systems having no prior trust relationship (e.g. any sort of pre-shared secret). What stops the server and client from establishing a Diffie-Hellman session and using it to perform the key exchange? I am not expert in cryptography, but logic tends to tell me that is I have no prior knowledge about the person I am about to talk to, anybody (MIM) could pretend to be that person. The pre-shared information need not to be secret (key fingerprints are not secret), but there is need for pre-shared trusted information. But to some extent, we setup and configure these machines ourselves. So when we're adding users could we not have an additional field with something like a phrase/answer or something else like that? Obviously it could be completely optional but it would be kind of neat and probably not too difficult to implement. Mark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: warning: network_biopair_interop: error reading 5 bytes from the network: Connection reset by peer
Add your client IP to the postfix debug peer list and follow up o the postfix users list On Mar 9, 2010 5:02 PM, Jerry ges...@yahoo.com wrote: On Tue, 9 Mar 2010 12:36:31 -0600 Noel Jones noeld...@gmail.com articulated: Maybe you didn't have TLS enabled before? Anyway, this message caused by the other end disco... Hi Noel, I always had TLS enabled and it has always worked. I use Dovecot with TLS and it is not logging any errors. This whole thing started after I updated to FreeBSD-7.3 pre-release from version 7.2 last week. Every sending attempt produces this error although the mail does go through whether it is to someone on the same network or to an entirely different domain. Do you have any good idea how I can debug this? -- Jerry ges...@yahoo.com |=== |=== |=== |=== | The important thing is not to stop questioning. ___ freebsd-questions@freebsd.org mailing list http://l... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: tao suddenly died
On Tue, Mar 09, 2010 at 02:11:54PM -1000, Al Plant wrote:
Gary Kline wrote:
Well, first time this happened since I got my Dell 8200.
It suddenly died. I just finished sending an email a few
minutes earlier. I'm writing from my only other live
non-server. The KVM switch was mis-installed so I can't
KVM over to my DNS server.
Does this happen often with Dells? What should I be
looking for to replace the 8200.
thanks for any suggestions.
Aloha Gary,
Dell sudden death. In my experience means a hardware failure.
EG: Two weeks ago I consulted for a friend in IT on a dead Dell server
with the removable hard drives. It turned out to be a faulty back plate
where the HD's fitted in so all 4 were not working. Dell had to send a
replacement backplate to replace the bad one.
If you can find anyone on a list with one of your type maybe they can
help you. Dell doesnt always use the same hardware in the same model
computer btw.
Check all the cables and power supply connections and re-seat everything
in the box. Something may have walked out of the board.
Aloha Al and thanks for responding. {god this has been a
long day... . }
Well, long-story-short, the most unepect thing happened: a
power surge. I did not realize that my printer was also off
until hours later. A friend helped me trace the problem and
reset my surgge-protector. ---It is worth noting that BEFORE
I got my battery [UPS], when things were dead or suddenly
went dead, i knew right away to check the surge-protector.
nutshell: things are almost back. it'll be only an hour
before everything is back.
still, this is a warning to get back on the ball and start
looking for a new desktop.
i would be much obliged for ideas on what kind of dell to buy
next. i say 'dell' because i would like to make life simple
and eventually have one kind of box. (i have three tower
computers: one is my DNS/mail/web server; one is my pfSense
firewall; one is my laptop. i COULD use the server as a
desktop, but that would be too much of a risk!
so:: should i be looking for a dual or quad? i am biased
toward intel because i think the AMD requires more juice. [[my
only linux server --long dead-- seemed to suck 100w to 107w as
a minimum.]]
suggestions?
gary
ps:: if anyboy in the seattle area can come by and fix my KVM
wiring, i can pay for your gasoline, but that's about it... .
~Al Plant - Honolulu, Hawaii - Phone: 808-284-2740
+ http://hawaiidakine.com + http://freebsdinfo.org +
+ http://aloha50.net - Supporting - FreeBSD 7.2 - 8.0 - 9* +
email: n...@hdk5.net
All that's really worth doing is what we do for others.- Lewis Carrol
--
Gary Kline kl...@thought.org http://www.thought.org Public Service Unix
http://jottings.thought.org http://transfinite.thought.org
The 7.79a release of Jottings: http://jottings.thought.org/index.php
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: The Atheros 9285 patch on 8.0-stable
On Sun, Feb 7, 2010 at 02:38, James Colannino ja...@colannino.org wrote: Hey everyone, I have an Asus EEE PC 1005HA, which has an Atheros 9285 wireless chipset. I discovered that Rui Paulo wrote a driver, and put up a patch for the 8.0 stable kernel here: http://people.freebsd.org/~rpaulo/ar9285_stable_8.diffhttp://people.freebsd.org/%7Erpaulo/ar9285_stable_8.diff It seems to have worked for some people. After patching and re-compiling my kernel, it did manage to detect the device on my machine, but unfortunately, I'm unable to scan for networks or associate with my network. Here's what happens: The machine boots, and I see the ath0 interface when I run ifconfig. I then run the command 'ifconfig wlan0 create wlandev ath0' and successfully create wlan0. However, when I run the command 'ifconfig wlan0 scan', the command doesn't seem to do anything, and I eventually have to CTRL-C it. Has anybody else had this problem? Is it a known issue? Maybe I'm doing something wrong? It was mentioned that testers were needed for this driver, and I'd love to help out if possible. If anybody wants me to send any additional information, just let me know. Thanks so much everyone! James Sorry to dredge up an old thread, but has this driver been committed to STABLE yet, or do we still need to apply the patch? I am about to embark on installing FreeBSD on this exact model with the exact wifi chip. _ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: tao suddenly died
On Tue, Mar 9, 2010 at 9:34 PM, Gary Kline kl...@thought.org wrote:
Aloha Al and thanks for responding. {god this has been a
long day... . }
Well, long-story-short, the most unepect thing happened: a
power surge. I did not realize that my printer was also off
until hours later. A friend helped me trace the problem and
reset my surgge-protector. ---It is worth noting that BEFORE
I got my battery [UPS], when things were dead or suddenly
went dead, i knew right away to check the surge-protector.
nutshell: things are almost back. it'll be only an hour
before everything is back.
still, this is a warning to get back on the ball and start
looking for a new desktop.
i would be much obliged for ideas on what kind of dell to buy
next. i say 'dell' because i would like to make life simple
and eventually have one kind of box. (i have three tower
computers: one is my DNS/mail/web server; one is my pfSense
firewall; one is my laptop. i COULD use the server as a
desktop, but that would be too much of a risk!
so:: should i be looking for a dual or quad? i am biased
toward intel because i think the AMD requires more juice. [[my
only linux server --long dead-- seemed to suck 100w to 107w as
a minimum.]]
suggestions?
I don't really think much of Dell consumer level products or support. While
they aren't the worst out there, it still doesn't make it very compelling
for me. Depending on your resources(money) you might consider something
like this:
http://www.ixsystems.com/apollo
While more money than you'd probably spend with dell, here's a couple
reasons to consider it further.
1. Out the Box compatibility
2. Great hardware support/warranty service
3. Vendor backing of your OS
4. Long term upgradability, this will serve you better than any emachine.
5. ixsystems is a large supporter of FreeBSD
I believe the TCO of something like that is lower than most alternatives.
One further thought is I don't see a lot sense in the requirement must be a
dell, cause the other ones I have are dell given the amount of machines you
run. To me, it would make more sense to standardize on something like cpu,
so that you could run one as a build system/package repository. I know that
settling on one vendor generally means you only need one source for warranty
work, but with stickers on cases and online accounts this isn't such an
issue anymore.
--
Adam Vande More
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: The Atheros 9285 patch on 8.0-stable
On Tue, Mar 9, 2010 at 22:00, Jason Garrett kinged...@gmail.com wrote: On Sun, Feb 7, 2010 at 02:38, James Colannino ja...@colannino.org wrote: Hey everyone, I have an Asus EEE PC 1005HA, which has an Atheros 9285 wireless chipset. I discovered that Rui Paulo wrote a driver, and put up a patch for the 8.0 stable kernel here: http://people.freebsd.org/~rpaulo/ar9285_stable_8.diffhttp://people.freebsd.org/%7Erpaulo/ar9285_stable_8.diff It seems to have worked for some people. After patching and re-compiling my kernel, it did manage to detect the device on my machine, but unfortunately, I'm unable to scan for networks or associate with my network. Here's what happens: The machine boots, and I see the ath0 interface when I run ifconfig. I then run the command 'ifconfig wlan0 create wlandev ath0' and successfully create wlan0. However, when I run the command 'ifconfig wlan0 scan', the command doesn't seem to do anything, and I eventually have to CTRL-C it. Has anybody else had this problem? Is it a known issue? Maybe I'm doing something wrong? It was mentioned that testers were needed for this driver, and I'd love to help out if possible. If anybody wants me to send any additional information, just let me know. Thanks so much everyone! James Sorry to dredge up an old thread, but has this driver been committed to STABLE yet, or do we still need to apply the patch? I am about to embark on installing FreeBSD on this exact model with the exact wifi chip. Also CC'ing rpaulo@ to have his input. _ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [OT] ssh security
Olivier Nicole olivier.nic...@cs.ait.ac.th wrote: What happened to Diffie-Hellman? Last I heard, its whole point was to enable secure communication, protected from both eavesdropping and MIM attacks, between systems having no prior trust relationship (e.g. any sort of pre-shared secret) ... I am not expert in cryptography ... Nor am I but logic tends to tell me that is I have no prior knowledge about the person I am about to talk to, anybody (MIM) could pretend to be that person. The pre-shared information need not to be secret ... but there is need for pre-shared trusted information. Er, if the pre-shared information is not secret, how can I be sure that the person presenting it is in fact my intended correspondent and not a MIM? My impression is that Diffie-Hellman (somehow) solves this sort of problem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: tao suddenly died
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/03/2010 03:34:52, Gary Kline wrote: Well, long-story-short, the most unepect thing happened: a power surge. I did not realize that my printer was also off until hours later. A friend helped me trace the problem and reset my surgge-protector. ---It is worth noting that BEFORE I got my battery [UPS], when things were dead or suddenly went dead, i knew right away to check the surge-protector. Uh -- if you have a UPS, why are you using a surge protector as well? The function of a UPS is to condition your power supply. It puts out clean 110/220V 50/60Hz power (depending on where you live) irrespective of what it is getting from the mains. That is, the UPS also does all the surge protection function itself. Not only that, it should cope with surges by absorbing them, rather than blowing a circuit breaker, so it carries on running after the surge is over. Admittedly some UPS designs are better than others -- inline UPSes are the best, but tend to be more expensive. These work by converting the input to DC and then converting back to AC. Cheaper UPSes monitor the characteristics of the incoming current and switch to battery power if it is out of specification, which is not really failsafe. Also, didn't your UPS sound the alarm? They are normally too loud to ignore easily. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuXSPIACgkQ8Mjk52CukIwEOwCfWQN0avDyhhKwrP9THpWkd4Na 5i0Ani14kuI9kYx2RF9x5gOJf/Khcb+I =32IO -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [OT] ssh security
On 10/03/10 07:16, per...@pluto.rain.com wrote: but logic tends to tell me that is I have no prior knowledge about the person I am about to talk to, anybody (MIM) could pretend to be that person. True. Cryptography by it self does not solve the identity problem. The pre-shared information need not to be secret ... but there is need for pre-shared trusted information. Er, if the pre-shared information is not secret, how can I be sure that the person presenting it is in fact my intended correspondent and not a MIM? My impression is that Diffie-Hellman (somehow) solves this sort of problem. The preshared information, in this case the key fingerprint, is a fingerprint of the public key, without this, you cannot produce the fingerprint. Yes, the fingerprint is calculated from the public key, which is .. er .. public, but that's not a problem since anything encrypted with the public key can only be decrypted by the owner of the private key. In the session setup public keys are exchanged, on the basis of this key you calculate the fingerprint and compare with the one you have stored. If they do not match, connection is closed. So, the MIM attack must be launched the very first time a user connects. This is where the user trusts the identity of the owner of the private key. The known_hosts file is only kept so you don't have to verify and trust the key every time. If you worry about that kind of attack, then you should provide a method for verifying the fingerprint through a different channel, say users call support and have them read out the fingerprint, publish it on some separate server, or pre-install it on their computer when the account is created. Diffie-Hellman does not solve this problem. DH is a protocol for agreeing on a shared secret in public, but it does not solve the identity problem. BR, Erik -- Erik Nørgaard Ph: +34.666334818/+34.915211157 http://www.locolomo.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
