OK, thanks for all the answers, folks. It was indeed iptables that blocked
the port. This stuff should be designed (much) better in operating systems.
Actually it's a project of mine to make that better (LuaOS and its
follow-ups).
I got iptables to allow access locally now. Weirdly, it still
Hmm... maybe you guys can help me solve the rest of the problem? (Access to
couchdb from outside)
These are the last iptables rules in chain INPUT:;
MY_REJECT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywheretcp dpt:5984
Is that not what it
Stefan,
CouchDB defaults to binding to 127.0.0.1 only (so that you can set an
admin password).
Do curl -XPUT localhost:5984/_config/httpd/bind_address -d '0.0.0.0'
to bind it to all interfaces (but do set an admin user/password
first).
For iptables, remember to add to -v (e.g, iptables -L -n
Hi Robert,
thanks for the answer.
Now it's actually done... I looked up /etc/init.d/firewall and added a line
there according to other lines that already existed:
iptables -A INPUT -i $device -m state --state NEW -p tcp --dport 5984
-j ACCEPT
This crap (sorry) REALLY should be more
Stefan, is ufw available to you on your OS? I find that a million times easier
than editing iptables.
On Apr 15, 2013, at 7:36 AM, Stefan Reich
stefan.reich.maker.of@googlemail.com wrote:
Hi Robert,
thanks for the answer.
Now it's actually done... I looked up /etc/init.d/firewall
Instead of opening CouchDB to the world, I simply access it by
port-forwarding through ssh when I connect to the machine. Like this:
ssh -L 5984:127.0.0.1:5984 r...@mymachine.com
Then on my local machine I can simply access http://localhost:5984/_utils/ and
up comes futon. It depends on your
But you're SSHing as root, which is probably worse than opening CouchDB to
the world with no password.
---
Keith Gable
A+, Network+, and Storage+ Certified Professional
Apple Certified Technical Coordinator
Mobile Application Developer / Web Developer
On Mon, Apr 15, 2013 at 8:45 AM, Tim
ufw and shorewall are great wrappers for iptables that abstract iptables's
terminology into something better.
If you want a GUI to build the firewall config, check out FWBuilder. There
are a few others that exist as well, but I cannot remember what they're
called.
If you're having trouble
What's wrong with ssh'ing as root?
On Mon, Apr 15, 2013 at 10:08 AM, Keith Gable zi...@ignition-project.comwrote:
But you're SSHing as root, which is probably worse than opening CouchDB to
the world with no password.
---
Keith Gable
A+, Network+, and Storage+ Certified Professional
Apple
wow.
On 15 April 2013 15:15, Tim Tisdall tisd...@gmail.com wrote:
What's wrong with ssh'ing as root?
On Mon, Apr 15, 2013 at 10:08 AM, Keith Gable
zi...@ignition-project.comwrote:
But you're SSHing as root, which is probably worse than opening CouchDB to
the world with no password.
---
Le Mon, 15 Apr 2013 14:36:04 +0200,
Stefan Reich
stefan.reich.maker.of@googlemail.com a
écrit :
Hi Robert,
thanks for the answer.
Now it's actually done... I looked up /etc/init.d/firewall and added
a line there according to other lines that already existed:
iptables -A INPUT -i
http://serverfault.com/questions/57962/whats-wrong-with-always-being-root
---
Keith Gable
A+, Network+, and Storage+ Certified Professional
Apple Certified Technical Coordinator
Mobile Application Developer / Web Developer
On Mon, Apr 15, 2013 at 9:15 AM, Tim Tisdall tisd...@gmail.com wrote:
wow indeed.
---
Keith Gable
A+, Network+, and Storage+ Certified Professional
Apple Certified Technical Coordinator
Mobile Application Developer / Web Developer
On Mon, Apr 15, 2013 at 9:18 AM, Robert Newson rnew...@apache.org wrote:
wow.
On 15 April 2013 15:15, Tim Tisdall
Still don't see how ssh'ing in as root is anywhere as bad as having your
CouchDB open to the world with no password...
If you had two machines, one with no password and public access to CouchDB
and another one with someone logged in via SSH as root and someone asked
you to delete the DB on one of
That's a false equivalence. You should not open couchdb to the world
before you set an administration password in the first place. :)
B.
On 15 April 2013 15:55, Tim Tisdall tisd...@gmail.com wrote:
Still don't see how ssh'ing in as root is anywhere as bad as having your
CouchDB open to the
Trick question: none of my servers allow root logins (PermitRootLogin No in
sshd.conf)
If CouchDB is wide open, the worst that can happen is your CouchDB data is
deleted. If root is available, the worst that can happen is a total
destruction of all data on the machine, potential compromise of
... SSHing as root, which is probably worse than opening CouchDB to the
world with no password.
I don't see how they're equivalent or even similar... hence my question.
And I don't see anything inherently wrong with ssh'ing as root, too. As
far as the external world is concerned, ssh'ing in as
I didn't say they were your servers... Just servers in general. And the
fact that I said one had someone logged in as root kind of implies that you
can log in as root, right? Also, logging in as root is not the same as
having root available to everyone.
On Mon, Apr 15, 2013 at 11:07 AM, Keith
On Mon, Apr 15, 2013 at 9:18 AM, Robert Newson rnew...@apache.org wrote:
wow.
retweet
On 15 April 2013 15:15, Tim Tisdall tisd...@gmail.com wrote:
What's wrong with ssh'ing as root?
Hi Keith and others.
First off, I'd prefer to read discussions on this list based on facts
and not just wow. You may have a point, but it's not a very nice
welcome to Tim who is writing in with a beginners question (his own
wording - not mine).
Second, I'd like to pick up your comment on
Michael,
You are quite right to call me on my non-contribution to this thread,
I apologise.
I always set AllowRootLogin to false on ssh in the spirit of
defence-in-depth, coupled with the UsePrivilegeSeparation yes
setting.
SSH'ing to a non-privileged user account, allowed to sudo with a
lulz! ^_^
Okay, first of all... I didn't start this thread. I was suggesting a
possible solution to accessing CouchDB without having to open the server to
the general public with no password.
For some reason I got a comment that logging in as root was worse than
making CouchDB publicly
Hi there!
I'd like to start using CouchDB for my projects.
This is on a Linux host. CouchDB installed from standard Debian package, no
settings altered. But it doesn't start properly:
root@pussy-riot-germany:~/luastuff# uname -a
Linux pussy-riot-germany 2.6.32-042stab068.8 #1 SMP Fri Dec 7
Oops, bad copypaste - here's the actual process info:
root@pussy-riot-germany:~/luastuff# ps -aef|grep 7651
couchdb 7651 7650 0 19:44 pts/000:00:00
/usr/lib/erlang/erts-5.8/bin/beam.smp -Bd -K true -- -root /usr/lib/erlang
-progname erl -- -home /var/lib/couchdb -- -noshell -noinput -sasl
Do you have any firewall (iptables) rules running?
On Wed, Apr 10, 2013 at 1:47 PM, Stefan Reich
stefan.reich.maker.of@googlemail.com wrote:
Oops, bad copypaste - here's the actual process info:
root@pussy-riot-germany:~/luastuff# ps -aef|grep 7651
couchdb 7651 7650 0 19:44 pts/0
Why are you telneting to it?...try curling it and see whatviy responds with
On Apr 10, 2013 10:47 AM, Stefan Reich
stefan.reich.maker.of@googlemail.com wrote:
Oops, bad copypaste - here's the actual process info:
root@pussy-riot-germany:~/luastuff# ps -aef|grep 7651
couchdb 7651 7650
Are you sure localhost == 127.0.0.1 on your machine? debian/ubuntu are
notorious for changing that convention.
On 10 April 2013 14:20, Stanley Iriele siriele...@gmail.com wrote:
Why are you telneting to it?...try curling it and see whatviy responds with
On Apr 10, 2013 10:47 AM, Stefan Reich
A simple cat of etc/hosts... Should let you know!... And maybe nsswitch
just to be sure
On Apr 10, 2013 11:22 AM, Robert Newson rnew...@apache.org wrote:
Are you sure localhost == 127.0.0.1 on your machine? debian/ubuntu are
notorious for changing that convention.
On 10 April 2013 14:20,
See if your local.ini bind_address is set to 0.0.0.0 so that you can access
it locally and remotely.
On Thu, Apr 11, 2013 at 2:54 AM, Stanley Iriele siriele...@gmail.comwrote:
A simple cat of etc/hosts... Should let you know!... And maybe nsswitch
just to be sure
On Apr 10, 2013 11:22 AM,
29 matches
Mail list logo
