[03:06] *** zino has quit IRC (Remote host closed the connection) [03:37] *** wp494 has quit IRC (Quit: LOUD UNNECESSARY QUIT MESSAGES) [07:08] *** Zeryl_ has quit IRC (Read error: Connection reset by peer) [09:09] db48x: still can't access your server from oklina :-D. If you could replace the exception for cleopatra in your firewall with 81.187.132.32/28 that would really help :) [09:21] Senji: you don't need an exception, you just need to be able to auth correctly [09:22] db48x: it doesn't seem to be failing until suddenly it's blocked off [09:23] not that you get much in the way of diagnostics through the giant stack of software [09:24] Mar 15 23:36:51 erebor sshd[10325]: Failed publickey for senji from 81.187.132.36 port 46756 ssh2: RSA SHA256:NTA/IAyOjczBO+FUIgI9+11cFEiLgIi5rrkzWBkSxQo [09:24] you can use ssh -v to debug it [09:24] it'll say what keys it's checking [09:25] Oh, it's counting keys that fail on connections that succeed as failures? [09:26] no, I don't think so [09:26] ok, .36 succeeds further down [09:26] I'll *always* have a failed RSA key before the successful ECDSA key [09:26] Because SSH is stupid and tries keys least-secure first [09:26] yea [09:27] so does .40: Mar 16 01:58:14 erebor sshd[24846]: Accepted publickey for senji from 81.187.132.40 port 53351 ssh2: ECDSA SHA256:siP6jbTj6ZcS7Qksy7MRlczfG9keuqkIpOfuqGouFXY [09:27] Let me have a look in the docs and see if there's something I can put in my config not to try the RSA key for you [09:30] No, you can add an Identity file but not remove one... [09:30] ^%(__prefix_line)sFailed \S+ for (?Pinvalid user )?(?P(?P\S+)|(?(cond_inv)(?:(?! from ).)*?|[^:]+)) from (?: port \d+)?(?: ssh\d*)?(?(cond_user):|(?:(?:(?! from ).)*)$) [09:30] Well, there's no real reason why I can't just use ECDSA everyhwere for this account anyway. [09:31] IdentitiesOnly yes [09:31] IdentityFile ~/.ssh/id_ecdsa_foo [09:31] No, IdentitiesOnly just stops you from having identities from ssh agents, not the default ones [09:31] Unless the docs are wrong; of course [09:32] IdentitiesOnly [09:32] Specifies that ssh(1) should only use the authentication [09:32] identity and certificate files explicitly configured in [09:32] the ssh_config files or passed on the ssh(1) [09:32] command-line, even if ssh-agent(1) or a PKCS11Provider [09:32] offers more identities. [09:33] I usually use a short name for the host, so Host erebor [09:33] then Hostname erebor.db48x.net [09:33] then User db48x, etc [09:33] "specified in the config" includes the default ones I think [09:34] it's certainly possible to have several keys specified with IdentityFile [09:34] up to 100 [09:34] Yes [09:34] The problem is that you can't *remove* keys [09:34] And it always tries the default ones first [09:34] multiple Host blocks can match, and yea, you can't remove them [09:34] but the default ones shouldn't be listed explicitly [09:36] * db48x` grumbles [09:36] fail2ban doesn't actually log anything [09:37] it could spam me with email [09:38] There we go, I've pursuaded it to only present the ECDSA key [09:39] the really odd thing is that I put your whole /24 in the ignoreip field [09:39] ... [09:39] Well, hopefully I won't make any more failure lines then [09:40] Right, lets just check that it will actually copy data from oklina... [09:42] I wonder what it's doing when it's just sitting there reporting nothing after I issue the copy command [09:43] probably searching for things to send [09:43] ah, there is a log: [09:43] Disk light is flashing, so yes probably [09:44] 2017-03-15 23:36:51,318 fail2ban.filter [6576]: INFO [sshd] Ignore 81.187.132.36 by ip [09:44] 2017-03-16 01:58:14,111 fail2ban.filter [6576]: INFO [sshd] Found 81.187.132.40 [09:44] ... [09:44] 2017-03-16 02:01:16,076 fail2ban.actions [6576]: NOTICE [sshd] Ban 81.187.132.40 [09:44] 2017-03-16 02:21:34,021 fail2ban.actions [6576]: NOTICE [sshd] Unban 81.187.132.40 [09:46] That failed even though I can log in fine. I'm going to try without -J 5 or --fast and see if I can pursuade it to give me more info [09:47] Ahh, now it's failing because of permissions again :( [09:48] rsync: failed to set times on "/home/db48x/archives/IA.BAK/shard3/.git/annex/tmp [09:48] /MD5-s3002192--02062ef4961b1894dad3df75f81290c4": Operation not permitted (1) [09:50] bah [09:52] -rw-rw-r--. 1 db48x iabak 2.9M Mar 16 02:47 /home/db48x/archives/IA.BAK/shard3/.git/annex/tmp/MD5-s3002192--02062ef4961b1894dad3df75f81290c4 [09:53] oh, but setting the times... [09:53] drwxrwsr-x. 2 db48x iabak 606 Mar 13 23:56 /home/db48x/archives/IA.BAK/shard3/.git/annex/tmp [09:53] directory is writable as well [09:54] 02:47 must be just now, right? How odd [09:55] yea [09:55] it wanted to set the times on the file to match the times on the file on your computer [09:56] Yeah, but why couldn't it do it? [09:59] Might that it's trying to set the dir time [09:59] Might be* [09:59] This is working on other shards (froma different source machine) [10:01] And the source, uses a different filesystem? [10:01] ext3 on both [10:02] there's a 45GB tmp file in shard3 [10:02]  db48x  …  .git  annex  tmp  ll MD5-s45970918146--f28944f42327bc37aa32d2e50b2073e3 [10:02] -rw-rw-r--. 1 db48x iabak 43G Oct 1 2014 MD5-s45970918146--f28944f42327bc37aa32d2e50b2073e3 [10:02]  db48x  …  .git  annex  tmp  file MD5-s45970918146--f28944f42327bc37aa32d2e50b2073e3 [10:02] MD5-s45970918146--f28944f42327bc37aa32d2e50b2073e3: ISO Media, Apple QuickTime movie, Apple QuickTime (.MOV/QT) [10:04] There are some pretty big files in shard3 [10:04] yea. I wonder if that was just a file I failed to download completely [10:10] it's actually a complete download [10:10] its hash matches [10:12] you should be able to git annex get --key=... then? [10:16] excellent idea [10:17] https://archive.org/details/IA0000501964HomeMovie/ [10:21] that's what I like to see: [10:21] transfers in progress: [10:21] downloading BlackJakeAndTheCarnies/blackjake2013-08-17/blackjake2013-08-17tr10.wav from db0e9323-1f55-49d9-b1f4-a9b86ac86f8f [10:21] downloading BlackJakeAndTheCarnies/blackjake2013-10-25/blackjake2013-10-25tr02.wav from db0e9323-1f55-49d9-b1f4-a9b86ac86f8f [10:21] downloading BlackJakeAndTheCarnies/blackjake2013-08-17/blackjake2013-08-17tr11.wav from db0e9323-1f55-49d9-b1f4-a9b86ac86f8f [10:21] downloading BlackJakeAndTheCarnies/blackjake2013-10-25/blackjake2013-10-25tr01.wav from db0e9323-1f55-49d9-b1f4-a9b86ac86f8f [10:21] downloading BlackJakeAndTheCarnies/blackjake2013-08-17/blackjake2013-08-17tr12.wav from db0e9323-1f55-49d9-b1f4-a9b86ac86f8f [10:26] I keep coming back to not being the owner that causes the set times error [10:26] But I have no real life example *shrug* [10:27] mls: I don't know. the times are stored in the directory entry, the directory is group writable, and he's a member of the group, so it should work [10:29] db48x`: This is just one of many describing what I see happening here: http://www.touchoftechnology.com/rsync-failed-to-set-times-on-xx-operation-not-permitted-1/ [10:30] Have you cleared out that tmp directory? I could try again [10:30] Makes sense, in a way, but not a lot [10:32] Senji: go for it [10:34] That seems to be working now [10:39] good [10:39] * db48x` yawns [10:39] I should go back to sleep [10:39] Yeah, it's stupid-oclock where you are [10:39] Have a good one [10:41] maybe I'll just watch one Vi Hart video first... [11:45] *** zino has joined #internetarchive.bak [11:58] *** kyan has joined #internetarchive.bak [13:32] *** kyan has quit IRC (Remote host closed the connection) [15:44] 03registrar 05master 9127a37 06other 10SHARD24/pubkeys registration of iabak on SHARD24 [16:15] *** Frogging has quit IRC (Quit: El Psy Kongroo!) [16:19] *** Frogging has joined #internetarchive.bak [18:38] *** bwn has quit IRC (Read error: Operation timed out) [18:43] *** bwn has joined #internetarchive.bak [23:23] *** antomatic has quit IRC (Read error: Connection reset by peer) [23:23] *** antomatic has joined #internetarchive.bak