Re: bioctl, encryption, and keydisk

2018-05-04 Thread Etienne
On 04/05/18 17:40, Marcus MERIGHI wrote: I'm currently reading https://marc.info/?l=openbsd-misc=141435482820277 "crypto softraid and keydisk on same harddrive", 2014-10-26. jsing@ had this patch, which was tested and worked for the OP - but was not commited:

Re: bioctl, encryption, and keydisk

2018-05-04 Thread Marcus MERIGHI
etienne.m...@magickarpet.org (Etienne), 2018.05.04 (Fri) 14:03 (CEST): > Hello list, > > What I'm going to describe will most probably sound very silly, but I > believe I have a reasonable use case. I'm trying to setup a machine with > full disk encryption using a partition of the same disk as a

Re: mail sign/encrypt

2018-05-04 Thread Tony Boston
On 05/03/18 10:30, Rudolf Sykora wrote: > Hello misc, > > I'd like to be able to optionally > - sign my email, > - encrypt the email. > > I have a certificate in the .p12 form, > containing my private key and two certificates, > one of them mine. > > I want to prepare mail locally, i.e. to use

HTTPD and php-cgi

2018-05-04 Thread Duncan Patton a Campbell
I am looking for documentation on running php-cgi-5.6 under the bsd httpd server. >From what I can tell, the function of php-fastcgi has been subsumed to >php-cgi-5.6, but further than that I can find little or no salient documentation. Any pointers would be appreciated. Thanks, Dhu --

Re: Can SSH report successful connections to pf?

2018-05-04 Thread Tony Boston
On 05/05/18 00:16, Luke Small wrote: > Can SSH and possibly other programs more easily able to report successful > connections so pf can make stricter bruteforce connection rejecting even > better? > Hi, could be just me but I didn't get what you want to achieve really. Could you be more

Re: mail sign/encrypt

2018-05-04 Thread Stuart Longland
On 05/05/18 08:31, Tony Boston wrote: > On 05/03/18 10:30, Rudolf Sykora wrote: >> Hello misc, >> >> I'd like to be able to optionally >> - sign my email, >> - encrypt the email. >> >> I have a certificate in the .p12 form, >> containing my private key and two certificates, >> one of them mine. >>

Re: Can SSH report successful connections to pf?

2018-05-04 Thread Kapfhammer, Stefan
You might want to parse /var/log/authlog and the logrotated authlog.[0-9].gz for successful and unsuccessful logins and then add the unsuccessful logins with pfctl to a blocked table. To have it permanent after a reboot you can write with pfctl the blocked ip's to a file, which you re-read in a

Re: Can SSH report successful connections to pf?

2018-05-04 Thread IL Ka
If you want to open gate for those, who authenticated using ssh, you may need authpf(8) (known as Authentication Gateway) https://www.openbsd.org/faq/pf/authpf.html

Can SSH report successful connections to pf?

2018-05-04 Thread Luke Small
Can SSH and possibly other programs more easily able to report successful connections so pf can make stricter bruteforce connection rejecting even better?

bioctl, encryption, and keydisk

2018-05-04 Thread Etienne
Hello list, What I'm going to describe will most probably sound very silly, but I believe I have a reasonable use case. I'm trying to setup a machine with full disk encryption using a partition of the same disk as a keydisk. (take all the time you want to laugh, then carry on reading). So

Re: Machine won't boot - softraid metadata version mismatch

2018-05-04 Thread Stuart Henderson
On 2018-05-03, Erling Westenvik wrote: > On Thu, May 03, 2018 at 10:51:12AM -0500, Brandon Tanner wrote: >> I haven't posted here in years, and OpenBSD has been rock solid for a home >> file server. However recently I somehow made the machine un-bootable and >> I'm

Re: Machine won't boot - softraid metadata version mismatch

2018-05-04 Thread Mark Carroll
On 04 May 2018, Stuart Henderson wrote: (snip) > I'd start with an install to a new main disk, with the other drives > unplugged for safety. Once it's installed and booted, connect the > softraid drives and you'll be able to mount them. > > To figure out what needs transferring from the 5.4