Box-Admins August 2018

box-admins@lists.squeakfoundation.org

4 participants
5 discussions

Access to the new server(s)
by Tobias Pape 05 Apr '19

05 Apr '19

Dear all [ACTIONS AT END] with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview: ======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4 ----------------------------------------------------------------------------------------------------------------------- ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 ======================================================================================================================= Currently, Levente and me have sudo on all these machines. Users with * also do. Note that _no_ server exposes SSH on port 22 on a public IP. This is intentional to narrow attack vectors for script kiddies. How to login? Ian is the ssh gateway so you have to connect to ian _first_ and use (1) local forwarding or (2) proxy jumping. I have installed the Public keys from most of you for the 'ssh' user on ian. Please verify by ssh -p1022 -lssh 104.130.6.82 you should see restrict shell, no commands # (you get out with crtl-d, ctrl-c, or killing ssh) How to reach the other servers? Example for 'andreas' variant (1): Do a local forward by ssh -AN -L22221:10.176.200.8:22 -p1022 -lssh 104.130.6.82 and then ssh -lYOURNAME -p22221 localhost (-N maybe optional, but then you see 'restrict shell, no commands #') Or in your .ssh/config you can put Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022 LocalForward 222221 10.176.200.8:22 Host andreas.squeak.org User YOURNAME Hostname localhost Port 222221 And then say 'ssh -AN ian.squeak.org' and then 'ssh andreas.squeak.org' variant (2): (a) You have OpenSSH >= 7.3 Do a Jump with ssh -J ssh@104.130.6.82:1022 YOURNAME(a)10.176.200.8 Or in your .ssh/config you can put Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022 Host andreas.squeak.org User YOURNAME Hostname 10.176.200.8 ProxyJump ian.squeak.org And then say 'ssh andreas.squeak.org' (b) You have OpenSSH >= 5.4 Do a Jump via ssh -o ProxyCommand="ssh -lssh -p1022 -W %h:%p 104.130.6.82" YOURNAME(a)10.176.200.8 Or in your .ssh/config you can put Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022 Host andreas.squeak.org User YOURNAME Hostname 10.176.200.8 ProxyCommand ssh -W %h:%p ian.squeak.org And then say 'ssh andreas.squeak.org' (c) You have OpenSSH < 5.4 Use variant (1) We will shortly start RSYNC-ing over data from box3 and box4 as well as replicatiing DNS entries before switching over. [ACTION REQUIRED] - Who needs access to which servers? - Do we need Jenkins anymore? As always, questions appreciated. Best regards -Tobias

8 36

Re: [Box-Admins] [squeak-dev] squeak source is down
by Chris Muller 17 Aug '18

17 Aug '18

I assume you mean source.squeak.org. If so, I just restarted the image. There has been a problem with the server since Aug 4th which has broke the MC history function -- but no one reported it. Attempting to connect to the image gave me: channel 3: open failed: administratively prohibited: open failed Anyone know what this means? The sshd_config hasn't changed. A quick google search indicates a network resource issue (out of TCP handles) so I just now tried restarting the image in hopes that clears it up, but we may need a full reboot of the server as I am still getting the same message (above). Website and HTTP access seems to be working, but I still cannot connect to the image. Tobias did you do any changes to this server or have any clues? - Chris On Thu, Aug 16, 2018 at 4:29 PM, Edgar De Cleene <edgardec2005(a)gmail.com> wrote: > And just now i need it …. > must have my own copies of stuff … > > >

2 1

Fwd: David, the planet server
by Tobias Pape 16 Aug '18

16 Aug '18

A message from Bruce on planet.squeak.org. (My 2ct: the gateway for the public/internet-network was not ping-able, the reboot helped with that..) -t > Begin forwarded message: > > From: "Bruce O'Neel" <bruce.oneel(a)pckswarms.ch> > Subject: Re: David, the planet server > Date: 16. August 2018 um 15:04:15 MESZ > To: "Tobias Pape" <Das.Linux(a)gmx.de>, box-admins(a)lists.squeakfoundation.org > Reply-To: bruce.oneel(a)pckswarms.ch > > Hi, > > Recently David, the server for planet.squeak.org, was grumpy. > > The first symptom was that when I logged in that the second request for a ssh pass phrase took much longer, sometimes so long as to time out. > > The other problem I get is lots of error messages that look like: > > ERROR:planet.runner:Error 500 while updating feed https://astares.blogspot.com/atom.xml <https://astares.blogspot.com/atom.xml> > > A curl of this on my local Mac returns in about 1 second. > > the same on David > > bruceoneel@david:~/tmp$ curl https://astares.blogspot.com/atom.xml <https://astares.blogspot.com/atom.xml> > curl: (6) Could not resolve host: astares.blogspot.com > > Both the entries in /etc/resolv.conf are not reachable. > > bruceoneel@david:~/tmp$ cat /etc/resolv.conf > # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) > # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN > nameserver 69.20.0.164 > nameserver 69.20.0.196 > bruceoneel@david:~/tmp$ ping 69.20.0.164 > PING 69.20.0.164 (69.20.0.164) 56(84) bytes of data. > From 23.253.149.127 icmp_seq=1 Destination Host Unreachable > From 23.253.149.127 icmp_seq=2 Destination Host Unreachable > From 23.253.149.127 icmp_seq=3 Destination Host Unreachable > ^C > --- 69.20.0.164 ping statistics --- > 5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4022ms > pipe 3 > bruceoneel@david:~/tmp$ ping 69.20.0.196 > PING 69.20.0.196 (69.20.0.196) 56(84) bytes of data. > From 23.253.149.127 icmp_seq=1 Destination Host Unreachable > From 23.253.149.127 icmp_seq=2 Destination Host Unreachable > From 23.253.149.127 icmp_seq=3 Destination Host Unreachable > ^C > --- 69.20.0.196 ping statistics --- > 4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3013ms > pipe 3 > bruceoneel@david:~/tmp$ > > If I add 1.1.1.1 to the name server list in /etc/resolv.conf it doesn't help. > > > After Tobias talked to backspace, it turns out that a reboot solved the problem. Maybe it was a routing problem? OTOH packets over port 22 did make it in and out so I don't know... > > > cheers > > bruce

1 0

FYI possible successful bot hack on vm-dev list [mailman-bounces@lists.squeakfoundation.org: Vm-dev subscription notification]
by David T. Lewis 03 Aug '18

03 Aug '18

FYI in case it turns out to be a recurring problem in the future. This user has registered on the vm-dev list, and then posted an apparently machine-generated message to the list. I have set the user to "moderated" on the list so that I can watch for continued activity. The user name "kjdshfkjsa" looks like fingers on a keyboard, but just in case the bots have gotten smart enough to register themselves on mailing lists, I thought I should mention it here. Dave ----- Forwarded message from mailman-bounces(a)lists.squeakfoundation.org ----- Subject: Vm-dev subscription notification From: mailman-bounces(a)lists.squeakfoundation.org To: vm-dev-owner(a)lists.squeakfoundation.org Precedence: list Date: Fri, 03 Aug 2018 06:47:20 +0000 X-BeenThere: vm-dev(a)lists.squeakfoundation.org X-Mailman-Version: 2.1.18 List-Id: Open Smalltalk Virtual Machine Development Discussion <vm-dev.lists.squeakfoundation.org> X-List-Administrivia: yes Errors-To: mailman-bounces(a)lists.squeakfoundation.org X-Spamilter-SPF: pass (policy result: [pass] from rule [mx]) reciever=shell.msen.com; client-ip=162.242.237.43; envelope-from=<srs0=w8f2=ks=lists.squeakfoundation.org=mailman-bounces(a)squeak.org>; helo=mail.squeak.org;) X-Milter: Spamilter (Reciever: shell.msen.com; Sender-ip: 162.242.237.43; Sender-helo: mail.squeak.org;) kjdshfkjsa <susanwise927(a)outlook.com> has been successfully subscribed to Vm-dev. ----- End forwarded message -----

1 0

The wiki appears off line (was: Survey: what do you do with Squeak, what do you *want* to do?)
by David T. Lewis 01 Aug '18

01 Aug '18

Moving this to the box-admins list. Users trying to reach wiki.squeak.org are blocked, apparently due to changes in our httpS setup. What is changing? Is this a temporary situation, or do we have a problem? Currently I cannot reach the wiki at all with my Firefox browser, but can reach it with Chrome if I use http rather than https. Dave On Wed, Aug 01, 2018 at 08:29:39AM +0200, Tobias Pape wrote: > Hi all > > On 01.08.2018, at 05:52, Xin Wang <dramwang(a)163.com> wrote: > > > > Not sure if it is only me, but when opening https://wiki.squeak.org/, I get a Nextcloud page, with following message: > > > > > Access through untrusted domain ... > > > > https://planet.squeak.org/ also have this problem. > > > > > Jeah, that's because we do not have the httpS setup completely done. > It should work without the S, just plain ol' http. > > Best regards > -Tobias > > > > > > Regards, > > Xin Wang > > > >

3 3

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Box-Admins August 2018