Time |
Nickname |
Message |
03:06
π
|
|
zino has quit IRC (Remote host closed the connection) |
03:37
π
|
|
wp494 has quit IRC (Quit: LOUD UNNECESSARY QUIT MESSAGES) |
07:08
π
|
|
Zeryl_ has quit IRC (Read error: Connection reset by peer) |
09:09
π
|
Senji |
db48x: still can't access your server from oklina :-D. If you could replace the exception for cleopatra in your firewall with 81.187.132.32/28 that would really help :) |
09:21
π
|
db48x` |
Senji: you don't need an exception, you just need to be able to auth correctly |
09:22
π
|
Senji |
db48x: it doesn't seem to be failing until suddenly it's blocked off |
09:23
π
|
Senji |
not that you get much in the way of diagnostics through the giant stack of software |
09:24
π
|
db48x` |
Mar 15 23:36:51 erebor sshd[10325]: Failed publickey for senji from 81.187.132.36 port 46756 ssh2: RSA SHA256:NTA/IAyOjczBO+FUIgI9+11cFEiLgIi5rrkzWBkSxQo |
09:24
π
|
db48x` |
you can use ssh -v to debug it |
09:24
π
|
db48x` |
it'll say what keys it's checking |
09:25
π
|
Senji |
Oh, it's counting keys that fail on connections that succeed as failures? |
09:26
π
|
db48x` |
no, I don't think so |
09:26
π
|
db48x` |
ok, .36 succeeds further down |
09:26
π
|
Senji |
I'll *always* have a failed RSA key before the successful ECDSA key |
09:26
π
|
Senji |
Because SSH is stupid and tries keys least-secure first |
09:26
π
|
db48x` |
yea |
09:27
π
|
db48x` |
so does .40: Mar 16 01:58:14 erebor sshd[24846]: Accepted publickey for senji from 81.187.132.40 port 53351 ssh2: ECDSA SHA256:siP6jbTj6ZcS7Qksy7MRlczfG9keuqkIpOfuqGouFXY |
09:27
π
|
Senji |
Let me have a look in the docs and see if there's something I can put in my config not to try the RSA key for you |
09:30
π
|
Senji |
No, you can add an Identity file but not remove one... |
09:30
π
|
db48x` |
^%(__prefix_line)sFailed \S+ for (?P<cond_inv>invalid user )?(?P<user>(?P<cond_user>\S+)|(?(cond_inv)(?:(?! from ).)*?|[^:]+)) from <HOST>(?: port \d+)?(?: ssh\d*)?(?(cond_user):|(?:(?:(?! from ).)*)$) |
09:30
π
|
Senji |
Well, there's no real reason why I can't just use ECDSA everyhwere for this account anyway. |
09:31
π
|
db48x` |
IdentitiesOnly yes |
09:31
π
|
db48x` |
IdentityFile ~/.ssh/id_ecdsa_foo |
09:31
π
|
Senji |
No, IdentitiesOnly just stops you from having identities from ssh agents, not the default ones |
09:31
π
|
Senji |
Unless the docs are wrong; of course |
09:32
π
|
db48x` |
IdentitiesOnly |
09:32
π
|
db48x` |
Specifies that ssh(1) should only use the authentication |
09:32
π
|
db48x` |
identity and certificate files explicitly configured in |
09:32
π
|
db48x` |
the ssh_config files or passed on the ssh(1) |
09:32
π
|
db48x` |
command-line, even if ssh-agent(1) or a PKCS11Provider |
09:32
π
|
db48x` |
offers more identities. |
09:33
π
|
db48x` |
I usually use a short name for the host, so Host erebor |
09:33
π
|
db48x` |
then Hostname erebor.db48x.net |
09:33
π
|
db48x` |
then User db48x, etc |
09:33
π
|
Senji |
"specified in the config" includes the default ones I think |
09:34
π
|
db48x` |
it's certainly possible to have several keys specified with IdentityFile |
09:34
π
|
db48x` |
up to 100 |
09:34
π
|
Senji |
Yes |
09:34
π
|
Senji |
The problem is that you can't *remove* keys |
09:34
π
|
Senji |
And it always tries the default ones first |
09:34
π
|
db48x` |
multiple Host blocks can match, and yea, you can't remove them |
09:34
π
|
db48x` |
but the default ones shouldn't be listed explicitly |
09:36
π
|
* |
db48x` grumbles |
09:36
π
|
db48x` |
fail2ban doesn't actually log anything |
09:37
π
|
db48x` |
it could spam me with email |
09:38
π
|
Senji |
There we go, I've pursuaded it to only present the ECDSA key |
09:39
π
|
db48x` |
the really odd thing is that I put your whole /24 in the ignoreip field |
09:39
π
|
Senji |
... |
09:39
π
|
Senji |
Well, hopefully I won't make any more failure lines then |
09:40
π
|
Senji |
Right, lets just check that it will actually copy data from oklina... |
09:42
π
|
Senji |
I wonder what it's doing when it's just sitting there reporting nothing after I issue the copy command |
09:43
π
|
db48x` |
probably searching for things to send |
09:43
π
|
db48x` |
ah, there is a log: |
09:43
π
|
Senji |
Disk light is flashing, so yes probably |
09:44
π
|
db48x` |
2017-03-15 23:36:51,318 fail2ban.filter [6576]: INFO [sshd] Ignore 81.187.132.36 by ip |
09:44
π
|
db48x` |
2017-03-16 01:58:14,111 fail2ban.filter [6576]: INFO [sshd] Found 81.187.132.40 |
09:44
π
|
db48x` |
... |
09:44
π
|
db48x` |
2017-03-16 02:01:16,076 fail2ban.actions [6576]: NOTICE [sshd] Ban 81.187.132.40 |
09:44
π
|
db48x` |
2017-03-16 02:21:34,021 fail2ban.actions [6576]: NOTICE [sshd] Unban 81.187.132.40 |
09:46
π
|
Senji |
That failed even though I can log in fine. I'm going to try without -J 5 or --fast and see if I can pursuade it to give me more info |
09:47
π
|
Senji |
Ahh, now it's failing because of permissions again :( |
09:48
π
|
Senji |
rsync: failed to set times on "/home/db48x/archives/IA.BAK/shard3/.git/annex/tmp |
09:48
π
|
Senji |
/MD5-s3002192--02062ef4961b1894dad3df75f81290c4": Operation not permitted (1) |
09:50
π
|
db48x` |
bah |
09:52
π
|
db48x` |
-rw-rw-r--. 1 db48x iabak 2.9M Mar 16 02:47 /home/db48x/archives/IA.BAK/shard3/.git/annex/tmp/MD5-s3002192--02062ef4961b1894dad3df75f81290c4 |
09:53
π
|
db48x` |
oh, but setting the times... |
09:53
π
|
db48x` |
drwxrwsr-x. 2 db48x iabak 606 Mar 13 23:56 /home/db48x/archives/IA.BAK/shard3/.git/annex/tmp |
09:53
π
|
db48x` |
directory is writable as well |
09:54
π
|
Senji |
02:47 must be just now, right? How odd |
09:55
π
|
db48x` |
yea |
09:55
π
|
db48x` |
it wanted to set the times on the file to match the times on the file on your computer |
09:56
π
|
Senji |
Yeah, but why couldn't it do it? |
09:59
π
|
mls |
Might that it's trying to set the dir time |
09:59
π
|
mls |
Might be* |
09:59
π
|
Senji |
This is working on other shards (froma different source machine) |
10:01
π
|
mls |
And the source, uses a different filesystem? |
10:01
π
|
Senji |
ext3 on both |
10:02
π
|
db48x` |
there's a 45GB tmp file in shard3 |
10:02
π
|
db48x` |
Β db48xΒ ξ°Β β¦Β ξ±Β .gitΒ ξ±Β annexΒ ξ±Β tmpΒ ξ°Β ll MD5-s45970918146--f28944f42327bc37aa32d2e50b2073e3 |
10:02
π
|
db48x` |
-rw-rw-r--. 1 db48x iabak 43G Oct 1 2014 MD5-s45970918146--f28944f42327bc37aa32d2e50b2073e3 |
10:02
π
|
db48x` |
Β db48xΒ ξ°Β β¦Β ξ±Β .gitΒ ξ±Β annexΒ ξ±Β tmpΒ ξ°Β file MD5-s45970918146--f28944f42327bc37aa32d2e50b2073e3 |
10:02
π
|
db48x` |
MD5-s45970918146--f28944f42327bc37aa32d2e50b2073e3: ISO Media, Apple QuickTime movie, Apple QuickTime (.MOV/QT) |
10:04
π
|
Senji |
There are some pretty big files in shard3 |
10:04
π
|
db48x` |
yea. I wonder if that was just a file I failed to download completely |
10:10
π
|
db48x` |
it's actually a complete download |
10:10
π
|
db48x` |
its hash matches |
10:12
π
|
Senji |
you should be able to git annex get --key=... then? |
10:16
π
|
db48x` |
excellent idea |
10:17
π
|
db48x` |
https://archive.org/details/IA0000501964HomeMovie/ |
10:21
π
|
db48x` |
that's what I like to see: |
10:21
π
|
db48x` |
transfers in progress: |
10:21
π
|
db48x` |
downloading BlackJakeAndTheCarnies/blackjake2013-08-17/blackjake2013-08-17tr10.wav from db0e9323-1f55-49d9-b1f4-a9b86ac86f8f |
10:21
π
|
db48x` |
downloading BlackJakeAndTheCarnies/blackjake2013-10-25/blackjake2013-10-25tr02.wav from db0e9323-1f55-49d9-b1f4-a9b86ac86f8f |
10:21
π
|
db48x` |
downloading BlackJakeAndTheCarnies/blackjake2013-08-17/blackjake2013-08-17tr11.wav from db0e9323-1f55-49d9-b1f4-a9b86ac86f8f |
10:21
π
|
db48x` |
downloading BlackJakeAndTheCarnies/blackjake2013-10-25/blackjake2013-10-25tr01.wav from db0e9323-1f55-49d9-b1f4-a9b86ac86f8f |
10:21
π
|
db48x` |
downloading BlackJakeAndTheCarnies/blackjake2013-08-17/blackjake2013-08-17tr12.wav from db0e9323-1f55-49d9-b1f4-a9b86ac86f8f |
10:26
π
|
mls |
I keep coming back to not being the owner that causes the set times error |
10:26
π
|
mls |
But I have no real life example *shrug* |
10:27
π
|
db48x` |
mls: I don't know. the times are stored in the directory entry, the directory is group writable, and he's a member of the group, so it should work |
10:29
π
|
mls |
db48x`: This is just one of many describing what I see happening here: http://www.touchoftechnology.com/rsync-failed-to-set-times-on-xx-operation-not-permitted-1/ |
10:30
π
|
Senji |
Have you cleared out that tmp directory? I could try again |
10:30
π
|
mls |
Makes sense, in a way, but not a lot |
10:32
π
|
db48x` |
Senji: go for it |
10:34
π
|
Senji |
That seems to be working now |
10:39
π
|
db48x` |
good |
10:39
π
|
* |
db48x` yawns |
10:39
π
|
db48x` |
I should go back to sleep |
10:39
π
|
Senji |
Yeah, it's stupid-oclock where you are |
10:39
π
|
mls |
Have a good one |
10:41
π
|
db48x` |
maybe I'll just watch one Vi Hart video first... |
11:45
π
|
|
zino has joined #internetarchive.bak |
11:58
π
|
|
kyan has joined #internetarchive.bak |
13:32
π
|
|
kyan has quit IRC (Remote host closed the connection) |
15:44
π
|
iabak-reg |
03registrar 05master 9127a37 06other 10SHARD24/pubkeys registration of iabak on SHARD24 |
16:15
π
|
|
Frogging has quit IRC (Quit: El Psy Kongroo!) |
16:19
π
|
|
Frogging has joined #internetarchive.bak |
18:38
π
|
|
bwn has quit IRC (Read error: Operation timed out) |
18:43
π
|
|
bwn has joined #internetarchive.bak |
23:23
π
|
|
antomatic has quit IRC (Read error: Connection reset by peer) |
23:23
π
|
|
antomatic has joined #internetarchive.bak |