| --- | Log | opened Thu Jan 24 00:00:13 2008 |
| 00:03 | <atourino> | Off to bed |
| 00:03 | <atourino> | take care guys |
| 00:03 | -!- | atourino [~antonio@201.218.81.244] has quit [Remote host closed the connection] |
| 00:35 | -!- | TheFirst [gaveup@your.friendly.neighborhood.hellmouth.info] has quit [Ping timeout: 480 seconds] |
| 00:51 | <@linbot> | New news from forums: Ping from within bash? in General Discussion <http://www.linode.com/forums/viewtopic.php?t=3049>; |
| 01:04 | -!- | Deckert [~Deckert@dsl-240-147-232.telkomadsl.co.za] has quit [Ping timeout: 480 seconds] |
| 01:11 | -!- | Hobbsee [~hobbsee@CPE-124-188-230-36.nsw.bigpond.net.au] has quit [Remote host closed the connection] |
| 02:04 | -!- | avongauss [~AVonGauss@c-76-108-49-255.hsd1.fl.comcast.net] has quit [Quit: Leaving.] |
| 02:04 | -!- | avongauss [~AVonGauss@c-76-108-49-255.hsd1.fl.comcast.net] has joined #linode |
| 02:06 | -!- | avongauss [~AVonGauss@c-76-108-49-255.hsd1.fl.comcast.net] has quit [] |
| 02:09 | -!- | avongaus1 [~AVonGauss@c-76-108-49-255.hsd1.fl.comcast.net] has joined #linode |
| 02:09 | -!- | avongaus1 is now known as avongauss |
| 02:09 | -!- | avongauss [~AVonGauss@c-76-108-49-255.hsd1.fl.comcast.net] has left #linode [] |
| 02:10 | -!- | FireSlash [~FireSlash@70-9-246-140.area4.spcsdns.net] has quit [Read error: Connection reset by peer] |
| 02:13 | -!- | cruxeternus [~44f5ddcd@webuser.linode.com] has quit [Remote host closed the connection] |
| 02:17 | -!- | avongauss [~avongauss@2001:4830:1655:1::a] has joined #linode |
| 02:19 | -!- | warewolf [warewolf@warewolf.org] has quit [Server closed connection] |
| 02:19 | -!- | warewolf [warewolf@warewolf.org] has joined #linode |
| 02:23 | -!- | getsmart [~getsmart@88-149-230-64.dynamic.ngi.it] has joined #linode |
| 02:36 | -!- | esoterik [~esoterik@178.90.171.66.subscriber.vzavenue.net] has quit [Remote host closed the connection] |
| 02:38 | -!- | irgeek [~irgeek@cealsa01.centamin.com] has joined #linode |
| 02:40 | <irgeek> | Anyone here used a Barracuda spam filter, by chance? |
| 02:44 | -!- | clanehin [~lane@cpe-069-134-066-130.nc.res.rr.com] has quit [Ping timeout: 480 seconds] |
| 03:25 | -!- | row [row@87-194-37-143.bethere.co.uk] has joined #linode |
| 03:26 | <row> | Hey, will my sign up be rejected if I open a 2nd account with same card/info apart from company name not personal? |
| 03:26 | <row> | as I have a personal server but also need a work related one and rather keep them on completely different accounts. |
| 03:27 | <row> | ah damit you are out of 540s |
| 03:36 | -!- | Schroeder [1000@kntpin04-nas-02-s174.cinergycom.net] has quit [Ping timeout: 480 seconds] |
| 03:40 | -!- | erikp [~cb9043d6@webuser.linode.com] has joined #linode |
| 03:52 | -!- | erik [~erik@203.144.67.214] has joined #linode |
| 03:52 | <erik> | hello |
| 03:52 | -!- | erik is now known as Guest373 |
| 03:53 | <Guest373> | I am getting permission problems on the apache server from a vanilla archlinux 2007.08 install. |
| 03:54 | -!- | erikp [~cb9043d6@webuser.linode.com] has quit [Remote host closed the connection] |
| 03:55 | <irgeek> | Guest373: Can you explain more? That's pretty vague. |
| 03:56 | <Guest373> | I know. Let me try to add the relevant details. |
| 03:57 | <irgeek> | The pastebin may help: http://p.linode.com/ |
| 03:57 | -!- | marcel [~marcel@lt3.xs4all.nl] has joined #linode |
| 03:59 | <Guest373> | As soon as I add the directive "VirtualDocumentRoot /home/%0" everything goes to the dogs. The non virtual install stops working. I don't know what to do, because it probably requires configuring mod_vhost_alias. |
| 03:59 | <irgeek> | Which Apache? |
| 04:00 | <Guest373> | Server version: Apache/2.2.8 (Unix) |
| 04:01 | <irgeek> | Can you pastebin the error message? |
| 04:01 | <Guest373> | I want to use apache to host multiple virtual hosts which are all similar (joomla) |
| 04:02 | <Guest373> | I thought VirtualDocumentRoot ... would be the way to go ... |
| 04:04 | <Guest373> | When I start using VirtualDocumentRoot, apache refuses access to the non-virtual site. The /var/log/httpd/error_log says: client denied by server configuration. |
| 04:04 | -!- | r33dl3r [~george@ool-43570aa8.dyn.optonline.net] has quit [Ping timeout: 480 seconds] |
| 04:10 | <irgeek> | Is the VirtualDocumentRoot directive in a different VirtualHost container to the non-virtual site? |
| 04:16 | -!- | fake [~fake@rrcs-72-43-24-86.nys.biz.rr.com] has quit [Quit: Leaving...] |
| 04:23 | <Guest373> | No |
| 04:23 | <Guest373> | I think I'd better switch off the non-virtual site altogether. I don't need it anyway. |
| 04:25 | <Guest373> | I've found it. It is the restrictive default (deny from all) for the root folder that also seems to apply to virtual hosts. |
| 04:26 | <Guest373> | Can I create users with usernames like: www.kokonut.com ? With dots and all? |
| 04:26 | <Internat> | no |
| 04:27 | <Internat> | assuming ur meaning unix users |
| 04:27 | <Guest373> | yes |
| 04:27 | <Internat> | it goes against the convention of 8 char usernames, and is highly recommened that you dont use dots or symboles. Most adduser commands enforce that, but there are optiosn to ignore that restricion, but i can break things like apache or wha tnto |
| 04:28 | <irgeek> | Actually, it's possible but some things break. |
| 04:28 | <metaperl> | the convention of 8-char usernames... what decade is that from? |
| 04:28 | <Guest373> | apache will server all content for www.kokonut.com from /home/www.kokonut.com. Now I just need to make sure that only the user with rights to that folder can modify its content. |
| 04:28 | <metaperl> | make the user kokonut |
| 04:28 | <metaperl> | I think it ls -l listings that group will be more readable |
| 04:28 | <Guest373> | I thought of creating user www.kokonut.com. That would automatically create a folder /home/www.kokonut.com for that user. |
| 04:29 | <Internat> | my web users are all liked HostUXX and HostGXX |
| 04:29 | <Internat> | where xx is a account identifier that is in my database |
| 04:30 | <irgeek> | I'd suggest a different method: Give the user a /home/username/ directory with a ww or public_html folder inside. Then ln -s from something like /var/www to /home/user/www |
| 04:30 | <irgeek> | That way users have a place they can put files which isn't web-accessible. |
| 04:31 | <Guest373> | What's wrong with /home/www.kokonut.com? I got it working to that point already ... |
| 04:31 | <irgeek> | Uh, .bash_history for one thing? |
| 04:31 | <Guest373> | It won't work? |
| 04:32 | <irgeek> | s/\?/\!/ |
| 04:32 | <irgeek> | It will work, but anyone can read their .bash_history as it will be created in $HOME which is also their we root. |
| 04:32 | <Guest373> | The users won't be using anything else than the web. I don't want to support anything else. Really. |
| 04:32 | <irgeek> | How do they upload files? |
| 04:33 | <Guest373> | ssh |
| 04:33 | <Guest373> | Actually. The primary way to manage their installation is the joomla backend. |
| 04:33 | <Guest373> | I only host joomla. |
| 04:33 | <irgeek> | If they only get a joomla account, why do they need a login? |
| 04:34 | <Guest373> | ssh |
| 04:34 | <irgeek> | Isn't joomla all web GUI? |
| 04:34 | <irgeek> | But what do they need ssh for? |
| 04:34 | <Guest373> | Maybe you're right. I will put the site in a subfolder. |
| 04:34 | <Guest373> | ssh --> to muck around if vanilla joomla fails ... :-) |
| 04:36 | <@linbot> | New news from forums: Subfolders with Dovecot/Postfix in Email/SMTP Related Forum <http://www.linode.com/forums/viewtopic.php?t=3063>; |
| 04:37 | <irgeek> | Make a directory called /var/www/hosted. Symlink /var/www/hosted/www.the_users_domain.com/ to the associated user's $HOME/www directory and change your Apache config to be VirtualDocumentRoot /var/www/hosted/%0 |
| 04:39 | <irgeek> | You can set up your default site to point to /var/www so that users can configure and play with their site before it goes live by visiting your_host.your_domain.com/hosted/the_users_domain |
| 04:39 | <irgeek> | Er, that should be your_host.your_domain.com/hosted/www.the_users_domain.com |
| 04:42 | <Guest373> | Sounds good. |
| 04:43 | <row> | is there anyway I could get a Linode 360 with 2 ips and then upgrade to a 540 as soon as they become available without losing my IP if I stay in same DC? |
| 04:44 | <Guest373> | Another problem. Apache should preferably switch user when reading/writing in a particular hosted directory. Is there a way to use suexec for that or so? |
| 04:45 | <irgeek> | row: Yes. As long as you stay in the same DC you can upgrade (or downgrade) and keep you IPs. |
| 04:46 | <row> | irgeek: wonderful |
| 04:46 | <irgeek> | Guest373: I'm not sure that suexec is supported with VirtualDocumentRoot |
| 04:48 | <Guest373> | Maybe there is a way to switch credentials that works with mod_php? |
| 04:50 | <Guest373> | Does anybody know if suphp is any good? |
| 04:52 | <irgeek> | I've never used it. If you want to run php as the user, I believe it must be run as a CGI. This, of course, hurts performance as you add the PHP startup to each request. |
| 04:53 | <Internat> | well if u run it as fastcgi u dont have that problem |
| 04:53 | <Internat> | only for the FIRST request then it just stays running |
| 04:54 | <Guest373> | Joomla does a lot of writing to its own folders. And the apache user therefore needs write permissions on the site's folder. It actually means that one user can write to another user's folder too ... |
| 04:54 | <Guest373> | I want to disallow that kind of stuff ... |
| 04:55 | <irgeek> | Guest373: That's a major headache for every web hosting company in existence. |
| 04:55 | <irgeek> | Welcome to the world of hosting. |
| 04:56 | <Internat> | suexec+fcgi si the way to get arround that |
| 04:56 | <Internat> | its really the ONLY thing u can do that does things properly |
| 04:57 | <irgeek> | Of course, you then have a PHP process for each site, so throwing too many accounts on one host will affect performance. |
| 04:57 | -!- | marcel [~marcel@lt3.xs4all.nl] has quit [Read error: Connection reset by peer] |
| 04:57 | <Internat> | although if u host small sites, and have fcgi timeout after a specific time its probably not a huge issue |
| 04:59 | -!- | getsmart [~getsmart@88-149-230-64.dynamic.ngi.it] has quit [Quit: Ex-Chat] |
| 05:02 | <Guest373> | How do the other hosters do it? Just let it be? |
| 05:03 | <Guest373> | I doubt they are using suexec+fcgi ... |
| 05:03 | <Internat> | i am.. for ,y hosting company |
| 05:04 | <Guest373> | If I understand it right, most hosting companies just run the risk that one user overwrites the stuff of another user ... |
| 05:05 | <Internat> | well thats pretty stupid and unresponsible of them |
| 05:14 | <irgeek> | I had a shared hosting account once. It included the ability to host email along side http. Within an hour of signing up I found a root compromise. I told them about it, made sure they fixed it, then closed my account. |
| 05:16 | <Internat> | yeah i dun give our shell accounts FTP only.. thers ssl version of most things |
| 05:17 | <irgeek> | The virtual hosting platform, BTW, was FreeVSD. Mildly useful for playing around, absolute crap w/r/t hosting. |
| 05:18 | <Internat> | im using my own at the moment |
| 05:18 | <Guest373> | Can fcgi execute ordinary php scripts, or are there issues executing php? |
| 05:18 | <Internat> | as far as i can tell it can |
| 05:19 | <row> | php supports fcgi |
| 05:25 | -!- | bleu [~52f94272@webuser.linode.com] has joined #linode |
| 05:26 | <bleu> | morning all |
| 05:28 | -!- | scorche [Blah@cpe-76-169-210-85.socal.res.rr.com] has quit [Ping timeout: 480 seconds] |
| 05:28 | <bleu> | irgeek howdy |
| 05:28 | <irgeek> | 'lo |
| 05:29 | <bleu> | I have managed to set up some new domains |
| 05:29 | <bleu> | http://pastebin.linode.com/186 |
| 05:29 | -!- | JDLSpeedy [~joe@fl-71-0-79-131.dhcp.embarqhsd.net] has quit [Ping timeout: 480 seconds] |
| 05:29 | <bleu> | but there is a something i dont understand |
| 05:29 | <bleu> | about where to put the directory |
| 05:29 | <bleu> | how to create the direectory structure |
| 05:30 | <bleu> | like for example |
| 05:30 | <bleu> | i created a new domain |
| 05:30 | <bleu> | for full-attribution-license.com |
| 05:30 | <bleu> | i pointed that domain to the ip |
| 05:30 | <bleu> | and in the setup as you showed me |
| 05:31 | <bleu> | i added the directory /var/www/fal/ |
| 05:31 | <bleu> | fal/ |
| 05:31 | <bleu> | but it still pointed the site to the root |
| 05:31 | <bleu> | in the next part though |
| 05:31 | <irgeek> | Did you restart Apache? |
| 05:31 | <bleu> | no |
| 05:31 | -!- | scorche [Blah@cpe-76-169-210-85.socal.res.rr.com] has joined #linode |
| 05:31 | <bleu> | ah |
| 05:32 | <bleu> | <Directory /var/www/> |
| 05:32 | <bleu> | this i did not notice |
| 05:32 | <irgeek> | When you change Apache's config files, you need to do an /etc/init.d/apache2 restart |
| 05:32 | <bleu> | should I have added the fal inthere also |
| 05:32 | <bleu> | ok |
| 05:32 | <bleu> | also |
| 05:32 | <bleu> | one more thing |
| 05:32 | <irgeek> | The Directory entry is fine, unless you want different options for the fal directory |
| 05:32 | <@mikegrb> | lolz |
| 05:32 | <bleu> | lol |
| 05:33 | <@mikegrb> | lolz |
| 05:33 | <bleu> | lol |
| 05:33 | <bleu> | okok |
| 05:33 | <bleu> | lets not get too excited |
| 05:33 | <bleu> | when i try to make new directories using cyberduck |
| 05:33 | <bleu> | it says not permission |
| 05:34 | <bleu> | so i made them with mkdir in the terminal |
| 05:34 | <bleu> | i guess i have to give myself permissions somehow |
| 05:34 | <bleu> | so i reboot now |
| 05:34 | <irgeek> | That's the 'better' way to do it. Otherwise, you need to attach as root with Cyberduck. |
| 05:34 | -!- | dpn` [~tripped@ppp59-167-26-128.lns4.bne4.internode.on.net] has joined #linode |
| 05:35 | <bleu> | ok |
| 05:35 | <bleu> | thanks |
| 05:35 | <bleu> | I can handle that |
| 05:35 | -!- | Karnaugh_ is now known as Karnaugh |
| 05:35 | <irgeek> | ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ - All your hosts will share one /cgi-bin/ unless you change this. |
| 05:36 | <irgeek> | ErrorLog /var/log/apache2/error.log & CustomLog /var/log/apache2/access.log combined - I prefer to keep the logs for each site separated. |
| 05:36 | <bleu> | i make a note of that |
| 05:36 | <bleu> | how would you set up the logs |
| 05:37 | <irgeek> | Alias /doc/ "/usr/share/doc/" & The Directory block after it - You don't reallly need a /doc/ alias for the virtual sites. |
| 05:37 | <bleu> | ok |
| 05:38 | -!- | christz [~christoph@193.170.134.161] has joined #linode |
| 05:38 | <bleu> | so remove this line |
| 05:38 | <bleu> | Alias /doc/ "/usr/share/doc/" |
| 05:38 | <irgeek> | Change /var/log/apache2/error.log to /var/log/apache2/whatever.the_servername_is.com/error.log then create the var/log/apache2/whatever.the_servername_is.com directory. Same for CustomLog. You just change the path. |
| 05:39 | <irgeek> | Ok, I'll tell you what the script I was talking about will do: It will create something like the file we worked on last night for the default host. |
| 05:39 | -!- | JDLSpeedy [~joe@fl-71-0-79-131.dhcp.embarqhsd.net] has joined #linode |
| 05:39 | <irgeek> | Then it will created a file for each VirtualHost. |
| 05:39 | <bleu> | aha |
| 05:40 | <bleu> | that woould be very helpful |
| 05:40 | -!- | scorche` [Blah@cpe-76-169-210-85.socal.res.rr.com] has joined #linode |
| 05:40 | <bleu> | it would be helpful for me to see an example of how a virtualhost (a second one) would look |
| 05:41 | <bleu> | to see the recommended structure and diffeerecnce |
| 05:41 | -!- | scorche [Blah@cpe-76-169-210-85.socal.res.rr.com] has quit [Read error: Connection reset by peer] |
| 05:41 | -!- | scorche` is now known as scorche |
| 05:42 | -!- | getsmart [~getsmart@88-149-230-64.dynamic.ngi.it] has joined #linode |
| 05:43 | <irgeek> | Somthing like this: http://pastebin.linode.com/190 |
| 05:43 | <bleu> | thanks |
| 05:43 | <irgeek> | I haven't really checked if the works, but it should be right. |
| 05:44 | <bleu> | ok thats very helpful |
| 05:44 | <bleu> | now how would i delete the 2 i made yesterday while trying |
| 05:45 | <bleu> | also |
| 05:45 | <irgeek> | Delete the files? 'rm filename' |
| 05:45 | <irgeek> | rm = remove |
| 05:45 | <bleu> | erm |
| 05:45 | <bleu> | no |
| 05:45 | <bleu> | as i understand it |
| 05:46 | <bleu> | i set up 2 new vertialhosts for fal and one for another domain |
| 05:46 | <bleu> | they both dont work |
| 05:46 | <bleu> | as i copied the system you showed me for the first |
| 05:46 | -!- | Kenobi [alucard@71-88-98-242.dhcp.oxfr.ma.charter.com] has quit [Remote host closed the connection] |
| 05:46 | -!- | Kenobi [alucard@71-88-98-242.dhcp.oxfr.ma.charter.com] has joined #linode |
| 05:46 | <bleu> | so i guess i have to delete them |
| 05:47 | <irgeek> | Where did you put the files? |
| 05:47 | <bleu> | see at the moment http://www.full-attribution-license.com/ |
| 05:47 | <bleu> | this is pointing to the root |
| 05:47 | <bleu> | which is also the site of the first |
| 05:48 | <bleu> | http://www.the-authorities.com/ |
| 05:48 | <irgeek> | Your config file has 'ServerName full-attribution-license.com". full-attribution-license.com != www.full-attribution-license.com |
| 05:49 | <irgeek> | The example I showed you has a ServerAlias line. Guess what that does... |
| 05:49 | -!- | jams [~jams@CPE-72-131-6-174.wi.res.rr.com] has quit [Ping timeout: 480 seconds] |
| 05:49 | <bleu> | aha |
| 05:49 | <bleu> | ok |
| 05:50 | <bleu> | so i see i made the error |
| 05:50 | <bleu> | so how would I delete that account |
| 05:52 | <bleu> | also is the correct method to place these files onto a server and call them in the example you gave |
| 05:53 | <bleu> | or would one normally add the set up files some other way |
| 05:53 | <bleu> | see what i did was this : |
| 05:54 | <bleu> | wget http://www.myplaylist.biz/tests/default1.html http://www.myplaylist.biz/tests/ssl1.html && a2ensite default.html && a2ensite ssl.html && a2enmod ssl |
| 05:54 | <bleu> | i created 2 files that were the same as the ones you showed me |
| 05:54 | <bleu> | then I uploaded them to a server |
| 05:55 | <bleu> | but im wondering if this is the right procudeure |
| 05:56 | <irgeek> | You can move the files around however you like. Using wget last night was a quick 7 easy way to get an exact copy of a file from me to you. Most people either edit the files directly on the server or edit them locally and upload them. You can upload them you your home directory then move them to the correct place. |
| 05:57 | <bleu> | i see |
| 05:58 | <bleu> | i take it you need the 2 files for each VH |
| 05:58 | <bleu> | ssl and the default |
| 05:58 | <irgeek> | As you may have guessed, your limited experience with a *nix command line will make all of this much more difficult for you. You should start out by learning to use Linux. |
| 05:59 | -!- | jams [~jams@CPE-72-131-6-174.wi.res.rr.com] has joined #linode |
| 05:59 | <irgeek> | SSL is a whole different ball game. It requires a unique IP or port per site. |
| 06:00 | <bleu> | right so that one stays the same |
| 06:01 | <bleu> | could you give me an example of how the ssl file should look for a new domain |
| 06:04 | <Internat> | *ponders when this channel became apache.org* :P |
| 06:06 | <encode> | Internat: or #linux |
| 06:07 | <bleu> | ok maybe I should change groups |
| 06:07 | <bleu> | sorry for all the noob questioins |
| 06:07 | <Internat> | i think ur asking for configuration details that are really outside the bounds of linode community support |
| 06:07 | <bleu> | i am just trying to find my way |
| 06:07 | <Internat> | you really should do some research on apache.org or howtoforge.com |
| 06:07 | <bleu> | sure |
| 06:08 | <bleu> | i do realise im being a pain |
| 06:08 | <bleu> | but in 2 days i have made great progress |
| 06:08 | <Internat> | i mean people in here are more then happy to help out etc, but there is a line between helping, and configuring everything :) |
| 06:08 | <bleu> | yes ofcourse |
| 06:08 | <bleu> | one more thing |
| 06:08 | <@mikegrb> | lolz |
| 06:08 | <bleu> | lol |
| 06:09 | <bleu> | only joiking |
| 06:09 | <@mikegrb> | lolz |
| 06:09 | <Internat> | lol |
| 06:09 | <bleu> | ok i will leave you all alone |
| 06:09 | <bleu> | many thanks for all your help |
| 06:09 | <bleu> | its been great to get me started |
| 06:10 | <bleu> | I think i would have been to intimidated to make this journey if i had no help to get started |
| 06:10 | <bleu> | but now i have got the domain sort of set up |
| 06:10 | <bleu> | its quite exciting |
| 06:10 | <bleu> | and i think it is a better solution that all that cpanel shit |
| 06:10 | <bleu> | that was using half the resuouces on our vps |
| 06:11 | <bleu> | so thanks all |
| 06:11 | <bleu> | and specially to irgeek |
| 06:11 | <bleu> | you have been very good to me sir |
| 06:12 | -!- | scorche [Blah@cpe-76-169-210-85.socal.res.rr.com] has quit [Read error: Connection reset by peer] |
| 06:12 | -!- | scorche [Blah@cpe-76-169-210-85.socal.res.rr.com] has joined #linode |
| 06:14 | -!- | Guest373 [~erik@203.144.67.214] has quit [Quit: Guest373] |
| 06:14 | -!- | Nemesis__ [~nemesis@saturn.realmtech.net] has joined #linode |
| 06:15 | <Nemesis__> | i can't seem to get to my linode ... or www.linode.com for that matter |
| 06:16 | <Nemesis__> | oh man. trust my luck -- as soon as I join irc, it starts working again. |
| 06:17 | -!- | Nemesis__ [~nemesis@saturn.realmtech.net] has quit [] |
| 06:41 | -!- | Hobbsee [~hobbsee@CPE-124-188-230-36.nsw.bigpond.net.au] has joined #linode |
| 07:05 | -!- | TheFirst [gaveup@your.friendly.neighborhood.hellmouth.info] has joined #linode |
| 07:07 | <row> | oh damit |
| 07:08 | <row> | no room in Atlanta DC |
| 07:18 | -!- | KoZi [~KoZi@c-67-174-177-237.hsd1.co.comcast.net] has joined #linode |
| 07:18 | -!- | KoZi [~KoZi@c-67-174-177-237.hsd1.co.comcast.net] has quit [] |
| 07:19 | -!- | Peng [~mnordhoff@fl-76-4-103-184.dhcp.embarqhsd.net] has quit [Ping timeout: 480 seconds] |
| 07:26 | -!- | agentbleubleu [~agentbleu@lns-bzn-22-82-249-66-114.adsl.proxad.net] has joined #linode |
| 07:27 | <heidi> | mwalling: run away from slackware |
| 07:28 | <mwalling> | heidi: bah |
| 07:30 | <agentbleubleu> | has anyone any idea what #linux group to join, such as irc.freenode.net |
| 07:30 | <agentbleubleu> | i cannot seem to find any active comunities |
| 07:31 | <mwalling> | agentbleubleu: eh? |
| 07:31 | <@mikegrb> | lolz |
| 07:31 | <agentbleubleu> | lol |
| 07:31 | <mwalling> | there's lots of channels on freenode |
| 07:32 | <irgeek> | https://help.ubuntu.com/community/InternetRelayChat |
| 07:32 | <agentbleubleu> | thanks |
| 07:32 | <mwalling> | yeah, what he said |
| 07:32 | <row> | the xen beta test is rather stable now right, it is not up and down constantly I presume? |
| 07:32 | <irgeek> | Don't forget to look at Ubuntu's CoC: http://www.ubuntu.com/community/conduct |
| 07:52 | -!- | TheFirst [gaveup@your.friendly.neighborhood.hellmouth.info] has quit [Ping timeout: 480 seconds] |
| 08:11 | <@linbot> | New news from forums: Debian unstable libc6 upgrade killed my system in Linux, Apache, Mysql and PHP (LAMP) Forum <http://www.linode.com/forums/viewtopic.php?t=1082>; |
| 08:31 | -!- | linville [~linville@sapphire.tuxdriver.com] has joined #linode |
| 08:34 | -!- | dpn` [~tripped@ppp59-167-26-128.lns4.bne4.internode.on.net] has quit [Remote host closed the connection] |
| 08:42 | -!- | mwalling_ [mwalling@slackadelic.com] has quit [Remote host closed the connection] |
| 08:51 | -!- | mwalling_ [mwalling@slackadelic.com] has joined #linode |
| 09:03 | <bleu> | irgeek |
| 09:04 | <bleu> | i could do with a small bit of aid |
| 09:04 | <bleu> | i have looked about for help in other places but to no luck |
| 09:04 | <irgeek> | OK |
| 09:04 | <bleu> | I need an example of this http://irgeek.com/default-ssl |
| 09:04 | <bleu> | for the second domain |
| 09:05 | <bleu> | like you did for the first defualt file |
| 09:05 | <guinea-pig> | ssl on a second domain... |
| 09:05 | <bleu> | no |
| 09:05 | <bleu> | I just need to know how to set up the second domain |
| 09:06 | <bleu> | I have done the first |
| 09:06 | <bleu> | sec i goto irc |
| 09:06 | <agentbleubleu> | wget http://www.myplaylist.biz/tests/default1.html http://www.myplaylist.biz/tests/ssl1.html && a2ensite default.html && a2ensite ssl.html && a2enmod ssl |
| 09:06 | <agentbleubleu> | this is the file I used to set up the first |
| 09:07 | <agentbleubleu> | but for the second domain I am unsure what to change in the ssl file |
| 09:07 | <agentbleubleu> | and if i need to really add this |
| 09:08 | <agentbleubleu> | I realize the default file has changed from the example above |
| 09:08 | <irgeek> | We already talked about SSL. |
| 09:08 | <agentbleubleu> | yes you said we leave it |
| 09:08 | <agentbleubleu> | one per domain |
| 09:08 | <@linbot> | New news from forums: Mixing 100mb and 1Gb ethernet in Linux Networking <http://www.linode.com/forums/viewtopic.php?t=3058>; |
| 09:09 | <irgeek> | If you want SSL on multiple domains your either need extra IPs (costs money and hard to get) or non-standard ports (URLs look like https://www.some_domain.com:4430/path/to/wherever) |
| 09:09 | <agentbleubleu> | no i dont want more than one |
| 09:10 | <irgeek> | Then why are you asking about setting up SSL for the second domain? |
| 09:10 | <guinea-pig> | then what are you talking about a second domain for? |
| 09:10 | <agentbleubleu> | I would like to have 15 domains on the linode |
| 09:11 | <agentbleubleu> | ok clearly i dont understand howto set up a second domain |
| 09:11 | <irgeek> | Great. You just said you don't want more than one SSL setup |
| 09:11 | <agentbleubleu> | im writing some notes for your wiki for others |
| 09:11 | <guinea-pig> | agentbleubleu: 15 domains, but only want SSL for one of them? |
| 09:11 | <agentbleubleu> | I will upload what I have and if someone could have a look at what I have put in and fill in the missing part for adding more domains |
| 09:12 | <agentbleubleu> | yes one ssl |
| 09:12 | <irgeek> | agentbleubleu: Stop. |
| 09:12 | <irgeek> | There's nothing to fucking configure if you only want SSL on one domain. That's done. |
| 09:12 | <agentbleubleu> | ok |
| 09:13 | * | guinea-pig goes off to get ready for work |
| 09:13 | <agentbleubleu> | so what would this line look like when i call it for seting up the second |
| 09:13 | <agentbleubleu> | wget http://www.myplaylist.biz/tests/default1.html http://www.myplaylist.biz/tests/ssl1.html && a2ensite default.html && a2ensite ssl.html && a2enmod ssl |
| 09:13 | <agentbleubleu> | something like |
| 09:13 | <@linbot> | New news from forums: Postfix not sending email in Email/SMTP Related Forum <http://www.linode.com/forums/viewtopic.php?t=3027>; |
| 09:13 | <agentbleubleu> | wget http://www.myplaylist.biz/tests/default1.html |
| 09:14 | <irgeek> | Dude. Sometimes helping you is very frustrating. If you want to get help, you need to answer our questions when we ask them. |
| 09:14 | <irgeek> | Do me a favor. Got and read what all of those commands in that string do. You don't understand enough yet. |
| 09:15 | <agentbleubleu> | ok |
| 09:15 | <irgeek> | I told you earlier, using wget was just a quick and dirty way to get files from me to you. It's not the normal way to do administration. |
| 09:15 | <agentbleubleu> | sure |
| 09:16 | <agentbleubleu> | i worked out how to edit the files |
| 09:16 | <agentbleubleu> | using nano |
| 09:16 | <agentbleubleu> | ok i go read some more |
| 09:16 | <agentbleubleu> | sorry to bug you |
| 09:18 | -!- | essope [~user@sparky.informatik.uni-erlangen.de] has joined #linode |
| 09:22 | <essope> | if someone were going to pay by the month, then switch to paying by the year, do they get the additional space when they change to annual payments? |
| 09:22 | <iggy> | yes |
| 09:22 | <essope> | cool |
| 09:23 | <iggy> | not to mention the nearly twice a year updates linode gives us, that often include storage space |
| 09:24 | <essope> | there is that advantage, yes |
| 09:24 | <iggy> | I think I started out with 1.2G of space or something silly like that |
| 09:24 | <iggy> | now almost 8 |
| 09:27 | <@caker> | only 8? |
| 09:27 | <@caker> | iggy: base plan comes with 10G |
| 09:27 | <essope> | when does the xen based stuff become the default? |
| 09:27 | <iggy> | damnit |
| 09:27 | <iggy> | oh, hah, silly me |
| 09:27 | <iggy> | 15 |
| 09:27 | <iggy> | almost 8 free |
| 09:28 | <iggy> | it's too early |
| 09:28 | <@caker> | essope: the earliest it will come out of beta will be March -- but that doesn't imply that we'll just reboot everyone into Xen |
| 09:28 | <@caker> | there will be some type of schedule that may take a while -- but those that want to move sooner could, etc |
| 09:28 | <iggy> | I'll move when half of linode has moved |
| 09:29 | * | caker cries |
| 09:29 | <@caker> | *why* do I have Boom-Bop stuck in my head?! |
| 09:29 | <essope> | iggy: that will, of course, be the simple half. the problems come with the complex half :) |
| 09:29 | <iggy> | you mean mmmm-bop? |
| 09:30 | * | essope hums |
| 09:30 | * | essope curses iggy |
| 09:30 | <@caker> | iggy: yeah, that one |
| 09:30 | -!- | Bdragon [~Bdragon@dpc6746139138.direcpc.com] has quit [Read error: Connection reset by peer] |
| 09:30 | * | iggy fires up winamp |
| 09:31 | -!- | Bdragon [~Bdragon@dpc6746139138.direcpc.com] has joined #linode |
| 09:34 | -!- | TJF [~TJF@pat.foulston.com] has joined #linode |
| 09:37 | <irgeek> | T-Shirt Hell used to sell a shirt that said "I fucked the girl in Hanson" :) |
| 09:38 | <@caker> | haha |
| 09:41 | <irgeek> | Wow. They're still around too. They released a new album on July 24 last year. It rose all the way to #56 on the Billboard charts. |
| 09:41 | <@linbot> | New news from forums: postfix with new MX record in Email/SMTP Related Forum <http://www.linode.com/forums/viewtopic.php?t=3064>; |
| 09:50 | <irgeek> | caker: Is your ticketing system built in-house or a package? |
| 09:50 | * | irgeek needs a decent ticketing system |
| 09:50 | <@caker> | in house |
| 09:52 | <irgeek> | I figured it was. It doesn't have any of the cruft I'm used to seeing. |
| 09:52 | <@caker> | I've seen this one everywhere: https://www.gnax.net/support/index.php?group=default .. not sure the name of it |
| 09:56 | <row> | yeah I have seen that too |
| 09:56 | <A-KO> | I'm not sure of some open source CRMs |
| 09:57 | <A-KO> | There are a number of commercial ones though |
| 09:57 | <A-KO> | each with varying degrees of software necessity |
| 09:57 | <A-KO> | Heat being extremely popular |
| 09:57 | <A-KO> | Rightnow being pouplar |
| 09:57 | <irgeek> | caker: I can't remember the name, but it's commercial. And not cheap. |
| 09:57 | <A-KO> | and my old company picked up something called footprints |
| 09:57 | <A-KO> | yeah CRMs usually cost a lot of $ |
| 09:58 | -!- | cruxeternus [~44f5ddcd@webuser.linode.com] has joined #linode |
| 09:58 | <@mikegrb> | mmm cake |
| 09:58 | <row> | cake: that is Kayako supportsuite |
| 09:58 | <row> | caker* |
| 09:58 | <CDMoyer> | everyone my company seems to work with uses rt |
| 09:58 | <irgeek> | I don't need all the extra CRM stuff. There are only 4 IT guys here. I just need something easy to use that doesn't suck. |
| 09:58 | <CDMoyer> | or at least, a large portion of them. |
| 09:58 | * | irgeek hate rt |
| 09:59 | <CDMoyer> | yeah, we use it and I'm not a big fan. our system's team loves it. |
| 09:59 | <irgeek> | Getting rt installed is only slightly more difficult than explaining Calculus to a walrus. |
| 10:01 | <CDMoyer> | haha |
| 10:01 | <CDMoyer> | all the warlri that I know have phds in math. |
| 10:03 | <cruxeternus> | And day trade. |
| 10:06 | <irgeek> | FootPrints = $1,000/user. No thanks. |
| 10:12 | <irgeek> | I need to switch careers. I should develop and sell a simple business workflow package that real humans can understand. I'd make millions. |
| 10:13 | <A-KO> | then you would invalidate management |
| 10:13 | <@mikegrb> | lolz |
| 10:13 | <A-KO> | lol |
| 10:14 | <@caker> | I'm all for replacing humans with code |
| 10:14 | <A-KO> | as am I |
| 10:14 | <A-KO> | but just saying such a product wouldn't sell well with the masses :D |
| 10:16 | <irgeek> | The masses would love it. Management wouldn't. Too bad management signs the checks. |
| 10:17 | <Hobbsee> | caker: that would be nice. somewhat boring though - as there wouldn't be human stupidity to be stunned over. |
| 10:17 | <irgeek> | http://www.thinkgeek.com/tshirts/frustrations/374d/ |
| 10:28 | -!- | h00s_ [~h00s@78-0-103-98.adsl.net.t-com.hr] has joined #linode |
| 10:28 | -!- | mwalling1 [mwalling@slackadelic.com] has joined #linode |
| 10:28 | -!- | mwalling1 [mwalling@slackadelic.com] has quit [] |
| 10:34 | -!- | h00s [~h00s@78-0-120-111.adsl.net.t-com.hr] has quit [Ping timeout: 480 seconds] |
| 10:41 | <irgeek> | Why do so many websites want me to type my email address twice in their signup forms? It bugs the crap out of me. |
| 10:44 | -!- | euph [~da@nh80.nathist.au.dk] has joined #linode |
| 10:46 | <irgeek> | These guys claim to make Open Source Document Management Software: http://www.knowledgetree.com/ |
| 10:47 | <irgeek> | The only thing is, I can't find where you can download the software. |
| 10:48 | <@caker> | http://www.knowledgetree.com/node/38 ? |
| 10:50 | <irgeek> | There's no download link though. Just a form. If you fill out the form, you get and email linking back to the page with the form. |
| 10:50 | <cruxeternus> | Brilliant! |
| 10:50 | <irgeek> | I noticed their sf button and tried searching there. |
| 10:50 | <irgeek> | And found it. |
| 10:50 | <irgeek> | It's written in php. I hate hacking on php. |
| 10:54 | <irgeek> | And the license has a rider I can't live with: http://p.linode.com/191 |
| 10:54 | <irgeek> | Next please! |
| 10:59 | <irgeek> | Every time I see a company trying to capitalize on being Open Source and getting it all wrong, I die a little inside. I'm taking my toys and going home! |
| 10:59 | -!- | irgeek [~irgeek@cealsa01.centamin.com] has quit [Quit: irgeek] |
| 11:02 | <cruxeternus> | :( |
| 11:07 | <cruxeternus> | I don't see how that's Linode's fault. :P |
| 11:10 | <zeroday> | what happened? |
| 11:10 | <JDLSpeedy> | zeroday: irgeek logged off |
| 11:11 | <anderiv> | so...how did things with FJHDZ turn out last night? Is anyone here this morning that was helping him? |
| 11:11 | <zeroday> | JDLSpeedy, I saw that, but I was wandering what cruxeternus was talking about |
| 11:14 | <JDLSpeedy> | oo, sorry |
| 11:15 | <JDLSpeedy> | i think he was talking about irgeek |
| 11:18 | -!- | scorche|w [~42c007b2@ice.cream.org] has joined #linode |
| 11:31 | -!- | irgeek [~irgeek@41.234.220.196] has joined #linode |
| 11:32 | <irgeek> | cruxeternus: I was at work. It was time to go home. I just did that for dramatic effect |
| 11:37 | <cruxeternus> | and my next question... how did you know what I wrote after you left? :) |
| 11:38 | <irgeek> | http://www.linode.com/irc/logs/linode.log |
| 11:38 | <cruxeternus> | Anyway, I figured you were joking. |
| 11:38 | <cruxeternus> | hah, logs too... is there anything linode doesn't do?? |
| 11:38 | <@tasaro> | !avail |
| 11:38 | <@linbot> | tasaro: Linode360 - 38, Linode540 - 0, Linode720 - 21, Linode1080 - 0, Linode1440 - 0 |
| 11:38 | <@caker> | !weather 08201 |
| 11:38 | <@linbot> | caker: Temperature: 33°F / 1°C | Humidity: 40% | Pressure: 30.04in / 1017hPa | Conditions: Overcast | Wind Direction: NNE | Wind Speed: 9mph / 15km/h ; Today - Mostly cloudy. A chance of snow showers this morning... then snow likely this afternoon. Total accumulation of 1 to 3 inches. Highs in the upper 30s. Temperatures falling this afternoon. Northeast winds 10 to 15 mph. Chance of snow 60 percent.; Tonight - Partly (1 more message) |
| 11:39 | <@caker> | !beer |
| 11:39 | * | linbot dispenses beer |
| 11:39 | <Hobbsee> | cruxeternus: it doesn't say which DC's the available nodes are in. |
| 11:39 | <@mikegrb> | roflz |
| 11:39 | <cruxeternus> | rofl.. who needs the rest of the Internet? :) |
| 11:39 | <avongauss> | Is there anything linode doesn't do? They don't deliver Starbucks in the morning for one... :) |
| 11:40 | * | irgeek dreams about LCM - the Linode Caffeine Manager |
| 11:40 | <scott> | avongauss: you would be surprised at what mikegrb does for me |
| 11:40 | <avongauss> | surprised or scared? ;) |
| 11:40 | <scott> | heh |
| 11:41 | <irgeek> | Scarred if you saw it happening, I'll bet. |
| 11:41 | <avongauss> | just for the record, other than not delivering coffee in the morning, Linode is a great provider! |
| 11:41 | <agentbleubleu> | ok i have made some notes for nobs like me to follow, irgeek would you like to have a quick look at these to see if they are ok then maybe someone would like to add them to the wiki and you can point nobs like me over there in future. |
| 11:41 | <agentbleubleu> | http://www.documentary-film.net/test/guide.html |
| 11:42 | <@caker> | agentbleubleu: "CyberDuck for SSH" should read "CyberDuck for SFTP", I believe |
| 11:42 | <agentbleubleu> | thanks |
| 11:43 | <irgeek> | caker: Do you use a Mac? |
| 11:43 | <@caker> | irgeek: yup |
| 11:43 | * | irgeek hugs caker |
| 11:44 | * | irgeek loves his MacBook more than cheese |
| 11:44 | * | irgeek really, really loves cheese |
| 11:44 | <@caker> | ezcheese? |
| 11:45 | <irgeek> | That's just crack in a can! |
| 11:45 | <@mikegrb> | lolz |
| 11:45 | <cruxeternus> | lol |
| 11:46 | * | cruxeternus suspects mikegrb is "trigger"-happy. |
| 11:46 | <@mikegrb> | mmm cake |
| 11:46 | <@tasaro> | cake |
| 11:46 | <agentbleubleu> | so is it ok |
| 11:47 | <irgeek> | agentbleubleu: The adduser step has nothing to do with Apache setup. That's just adding a user so you don't have to log in as root every time. |
| 11:47 | <agentbleubleu> | ok |
| 11:48 | <irgeek> | Setting up MySQL shoud be Setting up phpMyAdmin |
| 11:48 | <irgeek> | And you forgot the part about editing /etc/apt/sources.list |
| 11:50 | <irgeek> | You mentioned the ssleay.cnf error, but you don't have the command in there that caused it. |
| 11:51 | <irgeek> | When you put long commands on the web, putting them in a textbox makes it easier for people to copy & paste them. You don't get all of the layout cruft. |
| 11:52 | <irgeek> | Running the three commands just before "Setting up the first domain" will break Apache. |
| 11:53 | <irgeek> | "wget http://yourdomain.com/default http://yourdomain.com/default-ssl" What? |
| 11:53 | -!- | scorche|w [~42c007b2@ice.cream.org] has quit [Quit: CGI:IRC (Ping timeout)] |
| 11:53 | <@linbot> | New news from wiki: How to setup your Linode <http://www.linode.com/wiki/index.php/How_to_setup_your_Linode>; |
| 11:54 | <agentbleubleu> | this is in there I think |
| 11:54 | <agentbleubleu> | And you forgot the part about editing /etc/apt/sources.list |
| 11:55 | -!- | hfb [~hfb@pool-71-106-219-180.lsanca.dsl-w.verizon.net] has joined #linode |
| 11:55 | <irgeek> | I finally found it at the bottom. That needs to happen before you try to insta phpMyAdmin |
| 11:55 | <irgeek> | phpmyadmin is in univers |
| 11:55 | <agentbleubleu> | ok |
| 11:56 | <agentbleubleu> | i will make some changes |
| 11:56 | <irgeek> | agentbleubleu: I wouldn't link to that from the wiki just yet. |
| 11:56 | <agentbleubleu> | i will edit it now |
| 11:56 | -!- | esoterik [~esoterik@178.90.171.66.subscriber.vzavenue.net] has joined #linode |
| 11:57 | -!- | scorche|w [~42c007b2@ice.cream.org] has joined #linode |
| 11:58 | <agentbleubleu> | You mentioned the ssleay.cnf error, but you don't have the command in there that caused it. |
| 11:58 | <agentbleubleu> | what was that command? |
| 11:58 | <irgeek> | 'sudo apt-get install vsftpd' FTP is insecure and everyone that knows how it works wishes it would fall off the face of the planet. |
| 11:59 | <A-KO> | what? |
| 11:59 | <A-KO> | FTP can be somewhat secure |
| 11:59 | <A-KO> | if you do it right |
| 11:59 | <A-KO> | but there is an inherent risk of open file transferring |
| 11:59 | -!- | Schroeder [1000@kntpin04-nas-02-s48.cinergycom.net] has joined #linode |
| 11:59 | <irgeek> | How do you do it right? |
| 11:59 | <Battousai> | tunnel it over ssh |
| 11:59 | <A-KO> | irgeek: Well, it depends on what your goal for the FTP server is? |
| 11:59 | <zeroday> | sftp |
| 12:00 | <A-KO> | i use FTP with SSL encryption, I also use SCP for backups (automation) |
| 12:00 | <irgeek> | My goal with any FTP server is to uninstall it. |
| 12:00 | <A-KO> | but I also allow non-critical users to send files |
| 12:00 | <irgeek> | FTP+SSL & SCP != FTP |
| 12:00 | <@caker> | irgeek: thank you. |
| 12:01 | <A-KO> | irgeek: yes but you can use FTP as a quick method to allow people who aren't authenticated that deeply to upload and download. For example, if you host websites, I like to let remote users manage their site directories |
| 12:01 | <A-KO> | which are also their home directories |
| 12:01 | <A-KO> | without having to use some web-based file system. FTP clients are quite nicely built, and *designed* around file transfers. |
| 12:01 | <irgeek> | Their passwords are sent in the clear. How, exactly is that not a problem? |
| 12:01 | <@caker> | and the content is sent in the clear, too |
| 12:01 | <irgeek> | So are SFTP clients, but they are secure. |
| 12:01 | <agentbleubleu> | hey you guys |
| 12:01 | <irgeek> | That too. |
| 12:02 | <agentbleubleu> | instead of arguing over ftp |
| 12:02 | <@caker> | there's no argument here -- just stating facts :) |
| 12:02 | <agentbleubleu> | i think it would be more useful if we could get some clear guide up |
| 12:02 | <A-KO> | irgeek: There's a balance between security and ease of use that one must attain. I use SSH private/public keys for everything. YOu can't SSH into my server with a password (well, if you use lish, sure) |
| 12:02 | <agentbleubleu> | can someone who knows what there doing edit the guide i have made |
| 12:02 | <A-KO> | but some user whose web directory is being hosted on my server |
| 12:03 | <irgeek> | agentbleubleu: It's Thursday night. I live in a Muslim country. My brain is not prepared to edit a guide now. Sorry. |
| 12:03 | <agentbleubleu> | as Im still unsure where I have made errors |
| 12:03 | <A-KO> | I could give a damn less. I ensure that my dealings are run through secure protocols. |
| 12:03 | <agentbleubleu> | ok |
| 12:04 | <zeroday> | irgeek, whats so special about thursdays? |
| 12:04 | <irgeek> | A-KO: Let me get this straight. You won't allow password authentication with a secure protocol, but your will allow it with one that sends passwords in the clear? Are you kidding? |
| 12:05 | <irgeek> | zeroday: In the Muslim world, Friday is the big holy day so Thursday is the last day of the work week and we work Sundays. |
| 12:05 | <agentbleubleu> | enjoy your facts guys |
| 12:06 | <zeroday> | irgeek, I know fridays are important, im muslim myself :P I was wandering if where you live thursday was a big deal aswell |
| 12:06 | <A-KO> | irgeek: again, the data on their directories I don't mind about. That said, I do have other options in place to help guard against any attacks through those channels. But that said, no matter how hard you push security, if you need open access, you can assume that you're never going to be secure. |
| 12:06 | <A-KO> | So therefore you just have to weigh what kind of security you need your data to hae |
| 12:06 | <A-KO> | have |
| 12:07 | <irgeek> | zeroday: I'm not muslim, but I work six days a week. Friday is my one day off because nobody else comes into the office. |
| 12:07 | <@mikegrb> | lolz |
| 12:07 | <zeroday> | lol |
| 12:07 | <zeroday> | which country? |
| 12:07 | <irgeek> | Egypt |
| 12:08 | <zeroday> | lucky you, all sun and beaches eh? |
| 12:08 | <irgeek> | A-KO: Admittedly, as soon as you connect a computer to a public network and start listening on a port your chances of bad things happening go up. But you can mitigate the risk by using secure protocols. Everywhere. In today |
| 12:09 | <A-KO> | irgeek: True, but encryption doesn't necessarily mean that it's not remotely accessible. encryption just ensures that someone sniffing in between shouldn't be able to see what traffic is going across. (However, it can be argued that if you didn't exchange the keys securely, that it's not truly encrypted). |
| 12:10 | <irgeek> | In today's world, SFTP is just as easy to deal with as FTP since every decent piece of software the needs to move files supports both. I just don't understand your logic. |
| 12:10 | <irgeek> | A-KO: The keys are exchanged securely. |
| 12:10 | -!- | bleu [~52f94272@webuser.linode.com] has quit [Remote host closed the connection] |
| 12:11 | <A-KO> | no, they *can be* exchanged securely through various authentication mechanisms and the like. But outside using a rather complicated trusting 3rd party to verify the identities of both prior to exchanging any information at all, you aren't getting true key exchange security. |
| 12:12 | -!- | Hobbsee [~hobbsee@CPE-124-188-230-36.nsw.bigpond.net.au] has quit [Remote host closed the connection] |
| 12:12 | <irgeek> | Why not? |
| 12:13 | <Pryon> | Isn't trusting the posessor of the secret part of the key the whole basis of public key encryption? |
| 12:14 | <A-KO> | Pryon: well, with how modern SSH clients work, you have to assume that the posessor is who they say they are. |
| 12:14 | <Pryon> | Right, but if you don't trust even that, you're finished before you begin |
| 12:14 | <tpope> | what's being alluded to is man-in-the-middle attacks, I think |
| 12:14 | <A-KO> | Pryon: when you makea new ssh connection to a server, and you're granted a prompt to accept a public key that may or may not be signed by a 3rd party. |
| 12:14 | <Pryon> | Ah. |
| 12:14 | <irgeek> | 1) I send you a message in the clear asking for you public key. 2) You send me your public key. 3) I make up a random new key, encrypt it with your public key and send it to you. 4) You decrypt the new key I made, encrypt some information with it and send it to me. 5) I decrypt it. -- Now I have the information, and nobody else does. |
| 12:14 | <A-KO> | You don't know if that key is the actual server you're wanting. |
| 12:14 | <tpope> | I've never seen a signed ssh server key |
| 12:14 | <A-KO> | neither have I tpope |
| 12:14 | <@mikegrb> | lolz |
| 12:14 | <A-KO> | lol |
| 12:14 | <A-KO> | but it's doable |
| 12:14 | <A-KO> | I mean |
| 12:14 | <Bdragon> | You can do it |
| 12:14 | <A-KO> | you *could* if you wanted |
| 12:15 | <A-KO> | but it's not common |
| 12:15 | <A-KO> | tpope: the lack of a 3rd party that both trust to me is a large hole in this entire "encryption" argument |
| 12:15 | <Bdragon> | And it would prevent "can't verify server" ;) |
| 12:15 | <tpope> | there's still alternatives |
| 12:15 | <Bdragon> | But really? I'd just use kerberos |
| 12:15 | <tpope> | on the first connect use a trusted network |
| 12:15 | <A-KO> | Bdragon: yeah kerberos is nice, but still rlies on that "3rd party". |
| 12:16 | <A-KO> | I like Kerberos a lot |
| 12:16 | <tpope> | e.g., ssh to your office server from work before doing from home on your laptop |
| 12:16 | <Bdragon> | Heh, gpg! |
| 12:16 | <tpope> | or call someone to verify the key |
| 12:16 | <Bdragon> | daemon keysigning party! |
| 12:16 | <A-KO> | yeah tpope |
| 12:16 | <tpope> | voice recognition is pretty secure |
| 12:16 | <Bdragon> | "Hi! my name is _sshd_" |
| 12:16 | <irgeek> | A-KO: Why does a third party need to be involved. Before you and I start communicating I can give you my key signature. Now you can verify that you are connecting to me and not a man-in-the-middle. |
| 12:17 | <A-KO> | irgeek: Because the exchange of keys in the first place is done over a key exchange that took place over the public network (this is how most SSH connections work) using a self-signed key. |
| 12:18 | <A-KO> | Bdragon: kerberos is crazy |
| 12:18 | <A-KO> | it's like |
| 12:18 | -!- | agentbleubleu [~agentbleu@lns-bzn-22-82-249-66-114.adsl.proxad.net] has left #linode [] |
| 12:18 | <A-KO> | 8-10 steps of security |
| 12:18 | <@mikegrb> | lolz |
| 12:18 | <A-KO> | lol |
| 12:18 | <Bdragon> | heh |
| 12:18 | <Bdragon> | http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange |
| 12:18 | <Bdragon> | (re: the exchange of keys in the first place) |
| 12:18 | <irgeek> | I still don't understand how "I don't completely trust encryption" translates into "I send passwords in clear text" |
| 12:19 | <Bdragon> | http://web.mit.edu/kerberos/www/dialogue.html |
| 12:19 | <Bdragon> | (re: ker |
