Re: bsd.rd path
On Fri, Jul 31, 2015 at 10:15:22PM BST, li...@wrant.com wrote: Updated to lattest shapshot from yesterday. The path pointed to 5.8 directory, which did not exist. I changed it to correct one, pub/OpenBSD/snapshots/amd64 and installed just fine. https://marc.info/?m=142554965809503 Can be dealt with by PXE boot, by providing this in the MAC_address-upgrade.conf file Server directory = pub/OpenBSD/snapshots/i386 autoinstall(8) Works for me, welcoming ideas... I don't use PXE and HTTP for upgrades so it's not a problem for me any more. Raf
Re: Show us your /etc/profile
On 2015-07-31, listas...@dna.uba.ar listas...@dna.uba.ar wrote: What aliases or custom functions do you use? Nothing exciting. Here's a useful one not everybody might know about: alias doas='doas ' Also, just for kicks I keep these around, although they aren't terribly useful in a windowing environment where you can just resize your xterm: alias c132='printf \033[?3h; stty columns 132; kill -WINCH $$' # set DECCOLM alias c80='printf \033[?3l; stty columns 80; kill -WINCH $$' # reset DECCOLM -- Christian naddy Weisgerber na...@mips.inka.de
carp(4) requires carpdev in OpenBSD 5.7
After upgrading a firewall cluster from 5.6 to 5.7, I observed that carpX interfaces failed to come up with their settings. A manual start 'sh /etc/netstart carpX' ran without errors, although carpX still did not get its settings from hostname.carpX. However, 'ifconfig carpX 10.0.8.1 vhid 108' failed: ifconfig: SIOCAIFADDR: Invalid argument http://www.openbsd.org/57.html revealed that carp(4) now needs to be configured with an explicit carpdev parent interface (as from 5.7). Thus adding 'carpdev vlanX' to the ifconfig or hostname.carpX solved my problem :-) Apparently, I had been mentioned in a previous revision of following -current, too. May I suggest to mention it in the Other changes section of the Upgrade 5.6-5.7 document? Also, it might be helpful to add carpdev to the examples, which is now mandatory, in the carp(4) man pages. Thanks, Rolf
Re: Maybe OT: OpenSSH connection failure unless verbose
ktrace and tcpdump. I should have mentioned that the laptop is using OpenSSH but it's OSX not OpenBSD. ktrace was replaced with I think dtrace on OSX a while ago, so I'll have to look into how to get that set up. As for tcpdump, I'm not sure what I'd be looking for there. Most of the connection meat would be encrypted anyway though, wouldn't it?
Re: Show us your /etc/profile
On 31/07/15 21:25, listas...@dna.uba.ar wrote: How do you customize your environment? What aliases or custom functions do you use? Here's my /etc/profile I think you can find one or two interesting things in it. Ouch - this hits a nerve. @work, we have a Unix environment where the powers that be have put every little customization into /etc/profile, parsing huge scripts to setup everything in their gusto. It takes ages to parse, just for me to 'unalias' and 'unset' every little crap they put into and setup a sane prompt. Remember, users cannot easily avoid having /etc/profile parsed during login. Thus they cannot avoid getting all the variables and aliases that you are putting into it. Please do not recommend putting too much stuff into /etc/profile, the content of that file should be limited to bare minimum that should be enforced onto users. Everything else should go into $HOME/.profile (or /etc/skel/.profile). Bernd
Re: Show us your /etc/profile
Quoting listas...@dna.uba.ar: Hello everybody How do you customize your environment? What aliases or custom functions do you use? Here's my /etc/profile I think you can find one or two interesting things in it. Show us yours! (in case wordwrapping breaks long lines: http://pastie.org/10322761) # hname=`hostname` hname=${hname%%.*} # You are here test ! -f ~/.hushlogin test -t 0 banner $hname # complete path PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/u/system/bin: export PATH # system defaults PAGER=less export PAGER EDITOR=vi test -x /usr/local/bin/vim EDITOR=vim export EDITOR # confort alias more=less alias ls='ls -Fca' alias l='ls -l' alias wget='wget -c' alias _tf='tail -20 -f ' alias tf='_tf /var/log/messages' alias tfm='_tf /var/log/maillog' alias tfd='_tf /var/log/daemon' alias ducks='du -cks * |sort -rn |head -11' alias pid='ps awx | grep -v grep | egrep -- ' test -x `which pgrep 2 /dev/null` alias pid='pgrep -lf ' pidof() { pgrep $1 } pkey() { cat ~/.ssh/id_dsa.pub | \ ssh $1 (mkdir ~/.ssh /dev/null 21; cat - ~/.ssh/authorized_keys) } # windozise #alias rm='rm -i' #alias mv='mv -i' #alias cp='cp -i' # www alias gohtdocs='cd /var/www/htdocs' alias gosite='cd /var/www/htdocs/site/' alias httpd_restart='/etc/rc.d/httpd restart' # OpenBSD CVS CVSROOT=anon...@anoncvs.openbsd.org:/cvs export CVSROOT CVS_RSH=/usr/bin/ssh export CVS_RSH # OpenBSD packages export PKG_PATH=http://ftp.openbsd.org/pub/OpenBSD/`uname -r`/packages/`uname -m`/ export PKG_PATH # ui if [ ${SHELL} = /bin/ksh ] then PS1=$hname':$PWD{!}' if [ $USER == root ] then export PS1=$PS1# alias p='export PS1=# ' else export PS1=$PS1 alias p='export PS1=$ ' fi set -o emacs# heh set -o vi-tabcomplete # bashishhh bind ^B=backward-word bind ^N=forward-word fi unset hname # ui if [ -t 0 ] then stty erase ^? stty status ^T # for dd(1) fi # alias fw_log='tcpdump -ttt -nle -i pflog0' alias openports='fstat | grep internet| grep -v 127.0.0 | sort -u | awk { print \$9 } | sort -u' xtitle() { printf \\033]0;$1\\007 } alias unspam='sa-learn --ham --dbpath /var/amavisd/.spamassassin -u _vscan' alias idspam='sudo -u _vscan /bin/sh -l' function spamtrap { test -z $1 echo 'usage: spamtrap regex to block' return 1 spamdb | grep $1 | cut -d\| -f 2 | while read x ; do spamdb -t -a $x; done } export http_proxy=http://157.92.192.253:8080/; export https_proxy=$http_proxy export ftp_proxy=$http_proxy test -f /etc/profile.local . /etc/profile.local Thanks very much, very interesting. My .profile is a very small subset of yours except for the following. To quickly see how many files I have in a directory, I use alias nof='ls -l . | egrep -c '^-'' I have always wondered if there is a better way of doing this. -- Vijay Sankar, M.Eng., P.Eng. ForeTell Technologies Limited vsan...@foretell.ca
Re: Maybe OT: OpenSSH connection failure unless verbose
If you have one connection established to that server which is functioning (perhaps with -v on the client ssh) can you get the problem to occur with a second connection to that server? That's a good question, I'm not actually sure if I've ever opened two connections to it at once. For better or worse today is a good day so I'll have to wait to test this. If so, can you take a look at whether you are getting any fresh processes from your second connection attempts when they stall? (The question is: how far does a stalled attempt reach before it runs into this problem?) Not sure what you mean here about fresh processes, do you want me to look at the output of ps or something else?
Re: Show us your /etc/profile
On Fri, Jul 31, 2015 at 05:25:49PM -0300, listas...@dna.uba.ar wrote: [...] How do you customize your environment? [...] Colorful prompt with power line glyphs and SCM branch and routing table id display [0]. What aliases or custom functions do you use? [...] My favorites are alias cp='rsync -Phr' alias ..='cd ..' [0]: http://unobtanium.de/static/rice.png [1]: https://github.com/farhaven/dotfiles/blob/master/kshrc -- Gregor Best -- Horse sense is the thing a horse has which keeps it from betting on people. -- W. C. Fields
Re: Maybe OT: OpenSSH connection failure unless verbose
If you have one connection established to that server which is functioning (perhaps with -v on the client ssh) can you get the problem to occur with a second connection to that server? If so, can you take a look at whether you are getting any fresh processes from your second connection attempts when they stall? (The question is: how far does a stalled attempt reach before it runs into this problem?) Thanks, -- Raul On Sat, Aug 1, 2015 at 5:09 AM, Quartz qua...@sneakertech.com wrote: I'm not sure if this is the right place to ask about this, but I can't seem to find an ssh-specific mailing list or web forum anywhere. I have a bog standard setup between a laptop and a local university that uses a bog standard id_rsa key for password-less access; to the best of my knowledge there's nothing remotely unusual about the ssh configuration on the laptop (I'm less sure about the university server since I don't have access to its config). About maybe 1/3 of the days I try to log into the server, the ssh connection hangs forever with no output UNLESS -v is specified on the command line, in which case it works totally fine. This is completely repeatable: no verbose, no worky (but only on bad days; on good days it works fine regardless). I've only ever experienced this problem with the connection to this one university, ssh otherwise works as expected connecting to every other machine. Searching the web for info is worthless because the first thing everybody tells you to do when debugging a connection issue is enable verbose, which obviously doesn't help me here. Likewise, I can't even confirm if anyone else has even experienced this sort of failure before since searching for connection/failure/verbose related keywords yields nothing but self-help related noise. I have limited access to their server too- I don't have and can't get a password (it's key only), so I don't know where to even start figuring this out. Any ideas?
Re: Show us your /etc/profile
On Fri, Jul 31, 2015 at 4:25 PM, listas...@dna.uba.ar wrote: How do you customize your environment? What aliases or custom functions do you use? Here's what I use: PATH=$HOME/bin:$PATH EDITOR=vi export EDITOR Pretty exciting, no? Customizations go in $HOME/bin ... and looking at the sort of stuff I have there, I doubt anyone should ever want to use any of it. Most of what I have there has host names in it, and for an example of something which does not: $ cat ~/bin/quotecsvn #!/bin/sh #0 :0 exec /Users/rauldmiller/bin/jconsole $0 $@ ) require'csv' data=: readcsv ;{:ARGV mask=: *./(*./@e.'-0123456789') data data=: mask x:@.@]^:[.1 data data writecsv;{:ARGV exit 0 Anyways, it's mostly just junk... -- Raul
Re: Show us your /etc/profile
Nice! I am stealing idea! Thanks! Will share what i will be able to. On Fri, 31 Jul 2015 23:27 listas...@dna.uba.ar wrote: Hello everybody How do you customize your environment? What aliases or custom functions do you use? Here's my /etc/profile I think you can find one or two interesting things in it. Show us yours! (in case wordwrapping breaks long lines: http://pastie.org/10322761) # hname=`hostname` hname=${hname%%.*} # You are here test ! -f ~/.hushlogin test -t 0 banner $hname # complete path PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/u/system/bin: export PATH # system defaults PAGER=less export PAGER EDITOR=vi test -x /usr/local/bin/vim EDITOR=vim export EDITOR # confort alias more=less alias ls='ls -Fca' alias l='ls -l' alias wget='wget -c' alias _tf='tail -20 -f ' alias tf='_tf /var/log/messages' alias tfm='_tf /var/log/maillog' alias tfd='_tf /var/log/daemon' alias ducks='du -cks * |sort -rn |head -11' alias pid='ps awx | grep -v grep | egrep -- ' test -x `which pgrep 2 /dev/null` alias pid='pgrep -lf ' pidof() { pgrep $1 } pkey() { cat ~/.ssh/id_dsa.pub | \ ssh $1 (mkdir ~/.ssh /dev/null 21; cat - ~/.ssh/authorized_keys) } # windozise #alias rm='rm -i' #alias mv='mv -i' #alias cp='cp -i' # www alias gohtdocs='cd /var/www/htdocs' alias gosite='cd /var/www/htdocs/site/' alias httpd_restart='/etc/rc.d/httpd restart' # OpenBSD CVS CVSROOT=anon...@anoncvs.openbsd.org:/cvs export CVSROOT CVS_RSH=/usr/bin/ssh export CVS_RSH # OpenBSD packages export PKG_PATH=http://ftp.openbsd.org/pub/OpenBSD/`uname http://ftp.openbsd.org/pub/OpenBSD/uname -r`/packages/`uname -m`/ export PKG_PATH # ui if [ ${SHELL} = /bin/ksh ] then PS1=$hname':$PWD{!}' if [ $USER == root ] then export PS1=$PS1# alias p='export PS1=# ' else export PS1=$PS1 alias p='export PS1=$ ' fi set -o emacs# heh set -o vi-tabcomplete # bashishhh bind ^B=backward-word bind ^N=forward-word fi unset hname # ui if [ -t 0 ] then stty erase ^? stty status ^T # for dd(1) fi # alias fw_log='tcpdump -ttt -nle -i pflog0' alias openports='fstat | grep internet| grep -v 127.0.0 | sort -u | awk { print \$9 } | sort -u' xtitle() { printf \\033]0;$1\\007 } alias unspam='sa-learn --ham --dbpath /var/amavisd/.spamassassin -u _vscan' alias idspam='sudo -u _vscan /bin/sh -l' function spamtrap { test -z $1 echo 'usage: spamtrap regex to block' return 1 spamdb | grep $1 | cut -d\| -f 2 | while read x ; do spamdb -t -a $x; done } export http_proxy=http://157.92.192.253:8080/; export https_proxy=$http_proxy export ftp_proxy=$http_proxy test -f /etc/profile.local . /etc/profile.local
Re: Maybe OT: OpenSSH connection failure unless verbose
That's a good question, I'm not actually sure if I've ever opened two connections to it at once. For better or worse today is a good day so I'll have to wait to test this. If you are only creating one ssh connection, does good day mean you have succeeded just once? No, I mean that I can ssh in without having to pass -v on the command line. In other words, it works the way it normally should. Not sure what you mean here about fresh processes, do you want me to look at the output of ps or something else? Exactly. Probably ps -l (or maybe install and use pstree). Do you get new processes with sshd as a parent? I never get that. When ssh-ing into another machine I just get a single ssh process that's a direct child of the bash for that tty, there's never an sshd anywhere.
Re: Maybe OT: OpenSSH connection failure unless verbose
On Sat, Aug 1, 2015 at 6:53 PM, Quartz qua...@sneakertech.com wrote: Exactly. Probably ps -l (or maybe install and use pstree). Do you get new processes with sshd as a parent? I never get that. When ssh-ing into another machine I just get a single ssh process that's a direct child of the bash for that tty, there's never an sshd anywhere. When you use ps -l you will only see processes with a controlling terminal. But the PPID column relates each process to its parent process. If you start at any arbitrary process and trace back to its parent, and then to that process's parent, you will eventually find a PPID for a process that did not show up in ps -l. That will probably be the process id of sshd. To verify this hypothesis, you can use ps -x. Or: ps -lx | grep 'ssh[d]' -- Raul
CWM (calmwm): A cwm-new fork
hi all, i was prodding around the interwebs looking for cwm-related material and found this: https://github.com/ThomasAdam/cwm it looks to be the same as cwm but adding some new features. are the openbsd devs interested in adding these changes to cwm? indeed, i wasn't aware of cwm's involvement outside of OpenBSD, which is kinda cool. so far my cwm config works with this code - so it seems backwards compatible to me! David
Re: Maybe OT: OpenSSH connection failure unless verbose
Quartz wrote: Searching the web for info is worthless because the first thing everybody tells you to do when debugging a connection issue is enable verbose, which obviously doesn't help me here. Likewise, I can't even confirm if anyone else has even experienced this sort of failure before since searching for connection/failure/verbose related keywords yields nothing but self-help related noise. I have limited access to their server too- I don't have and can't get a password (it's key only), so I don't know where to even start figuring this out. ktrace and tcpdump.
Re: Maybe OT: OpenSSH connection failure unless verbose
On Sat, Aug 1, 2015 at 10:58 AM, Quartz qua...@sneakertech.com wrote: That's a good question, I'm not actually sure if I've ever opened two connections to it at once. For better or worse today is a good day so I'll have to wait to test this. If you are only creating one ssh connection, does good day mean you have succeeded just once? If so, can you take a look at whether you are getting any fresh processes from your second connection attempts when they stall? (The question is: how far does a stalled attempt reach before it runs into this problem?) Not sure what you mean here about fresh processes, do you want me to look at the output of ps or something else? Exactly. Probably ps -l (or maybe install and use pstree). Do you get new processes with sshd as a parent? -- Raul
Re: CWM (calmwm): A cwm-new fork
David Chanters wrote: it looks to be the same as cwm but adding some new features. are the openbsd devs interested in adding these changes to cwm? pick a feature, explain why it's good, submit a patch, see what happens?
Re: Maybe OT: OpenSSH connection failure unless verbose
good day: ssh user@server = works just like it should What about ssh -v user@server on a good day? That works exactly as expected. ssh-ing in right now And more specifically, if you run ssh -v on both a good day and a bad day, what does diff between the two outputs show? IIRC, not much... I think I did that before once or twice. It's been OK today so I'll have to wait to confirm.
Re: Maybe OT: OpenSSH connection failure unless verbose
If you are only creating one ssh connection, does good day mean you have succeeded just once? No, I mean that I can ssh in without having to pass -v on the command line. In other words, it works the way it normally should. More specifically: good day: ssh user@server = works just like it should bad day: ssh user@server = no connection, no output... just hangs. ssh -v user@server = prints the expected debug info and connects as it should (...usually. Sometimes I have to specify -vv)
Re: Maybe OT: OpenSSH connection failure unless verbose
Thus said Quartz on Sat, 01 Aug 2015 19:00:56 -0400: good day: ssh user@server = works just like it should What about ssh -v user@server on a good day? And more specifically, if you run ssh -v on both a good day and a bad day, what does diff between the two outputs show? Andy -- TAI64 timestamp: 400055bd5813
Re: Maybe OT: OpenSSH connection failure unless verbose
Quartz wrote: ktrace and tcpdump. I should have mentioned that the laptop is using OpenSSH but it's OSX not OpenBSD. ktrace was replaced with I think dtrace on OSX a while ago, so I'll have to look into how to get that set up. As for tcpdump, I'm not sure what I'd be looking for there. Most of the connection meat would be encrypted anyway though, wouldn't it? more generally, see where it's stopping. the pattern of traffic should be roughly the same. two packets that way, one packet this way, etc. perhaps you can determine if the client is waiting for the server, or the server for the client, or if only packets of 1337 bytes cause trouble, etc. you have a scenario where sometimes it works and sometimes not, based on whether the normal introspection capabilities are used. so use a different set of inspection capabilities to find the difference.
Re: Maybe OT: OpenSSH connection failure unless verbose
ktrace and tcpdump. I should have mentioned that the laptop is using OpenSSH but it's OSX not OpenBSD. ktrace was replaced with I think dtrace on OSX a while ago, so I'll have to look into how to get that set up. As for tcpdump, I'm not sure what I'd be looking for there. Most of the connection meat would be encrypted anyway though, wouldn't it? more generally, see where it's stopping. the pattern of traffic should be roughly the same. two packets that way, one packet this way, etc. perhaps you can determine if the client is waiting for the server, or the server for the client, or if only packets of 1337 bytes cause trouble, etc. OK fair enough I guess. I'll have to record several sessions to different machines along with a broken session to the server, then compare the whole lot side by side. Knowing my luck it'll be fine for the next few days until I've forgotten and then go bad again.
Maybe OT: OpenSSH connection failure unless verbose
I'm not sure if this is the right place to ask about this, but I can't seem to find an ssh-specific mailing list or web forum anywhere. I have a bog standard setup between a laptop and a local university that uses a bog standard id_rsa key for password-less access; to the best of my knowledge there's nothing remotely unusual about the ssh configuration on the laptop (I'm less sure about the university server since I don't have access to its config). About maybe 1/3 of the days I try to log into the server, the ssh connection hangs forever with no output UNLESS -v is specified on the command line, in which case it works totally fine. This is completely repeatable: no verbose, no worky (but only on bad days; on good days it works fine regardless). I've only ever experienced this problem with the connection to this one university, ssh otherwise works as expected connecting to every other machine. Searching the web for info is worthless because the first thing everybody tells you to do when debugging a connection issue is enable verbose, which obviously doesn't help me here. Likewise, I can't even confirm if anyone else has even experienced this sort of failure before since searching for connection/failure/verbose related keywords yields nothing but self-help related noise. I have limited access to their server too- I don't have and can't get a password (it's key only), so I don't know where to even start figuring this out. Any ideas?
Re: doas.conf: omitting [as root] allows me to run a command as everybody? [resolved]
On Fri, Jul 31, 2015 at 03:14:44PM +0200, Hikari Boulders wrote: Yes, this is resolved. But isn't it still an inconsistency with the line The last matching rule determines the action taken. from doas.conf(5)? It seems to me that if you specify a line permitting as any user, and *later* specify a user, that it is still written a little too vague. Sorry, I don't quite follow what you're saying. Could you please provide a config file that leads to said unexpected behavior? It seems that you talk about something like the following doas.conf file: --- 8 --- # allow theo to do everything as every user without password permit nopass theo # except using /usr/bin/touch as builder deny theo as builder cmd /usr/bin/touch # except that he can touch /tmp/bar upon entering his password permit theo as builder cmd /usr/bin/touch args /tmp/bar --- 8 --- $ doas -u builder /usr/bin/touch /tmp/foo # rule 2 applies Permission denied $ doas -u builder /usr/bin/touch /tmp/bar # rule 3 applies Password: $ doas -u builder /bin/ls -l /tmp # rule 1 applies [...] -rw-r--r-- 1 builder wheel 0 Jul 31 20:45 bar [...] Without the second rule, the behavior is consistent with the manual as well: --- 8 --- permit nopass theo permit theo as builder cmd /usr/bin/touch args /tmp/bar --- 8 --- $ doas -u builder /usr/bin/touch /tmp/foo # rule 1 applies $ doas -u builder /usr/bin/touch /tmp/bar # rule 2 applies Password: $
support update
C Germay P Bayern T Nuuml;rnberg Z 90478 O swapspace I Stefan Wieseckel A Vordere Cramergasse 11-13 M i...@swapspace.de U http://www.swapspace.de/ B +49-(0)-911-51827-57 X +49-(0)-911-51827-56 N System and network consulting and administration; setup, configuration and maintenance of OpenBSD- and Linux-based systems (firewalls, mailservers, webservers, DNS servers, ...). -- Dipl.-Inf. Univ. Stefan Wieseckel swapspace Vordere Cramergasse 11-13 90478 Nuernberg Tel.: +49-(0)911-51827-57 Fax : +49-(0)911-51827-56 http://www.swapspace.de/ USt.-IdNr.: DE229328917
support update
C Germany P Bayern T Nuuml;rnberg Z 90478 O swapspace I Stefan Wieseckel A Vordere Cramergasse 11-13 M i...@swapspace.de U http://www.swapspace.de/ B +49-(0)-911-51827-57 X +49-(0)-911-51827-56 N System and network consulting and administration; setup, configuration and maintenance of OpenBSD- and Linux-based systems (firewalls, mailservers, webservers, DNS servers, ...).
Re: Show us your /etc/profile
On Fri, Jul 31, 2015 at 05:25:49PM -0300, listas...@dna.uba.ar wrote: Hello everybody Hello, alias ducks='du -cks * |sort -rn |head -11' I'm stealing this one ;-) -- Gilles Chehade https://www.poolp.org @poolpOrg