Discuss December 2010

discuss@lists.centos.org

278 participants
226 discussions

Problem with SSHD update.
by James B. Byrne 07 Jan '11

07 Jan '11

This morning I applied the 13 or so new updates to my servers. On one of them the ssh service and clients stopped working immediately after the update. I restarted the server in anticipation that there might be some instability introduced by updating on a system with active ssh connections. However, this has not cleared the problem. The packages in question are: openssh.i386 0:4.3p2-41.el5_5.1 openssh-askpass.i386 0:4.3p2-41.el5_5.1 openssh-clients.i386 0:4.3p2-41.el5_5.1 openssh-server.i386 0:4.3p2-41.el5_5.1 The error I am getting when attempting to start the sshd service is this: Starting sshd: Auto configuration failed 6486:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:629:line 207 [FAILED] Can anyone reading this inform me as to what this means, what the likely cause is, and how it may be repaired? I have webmin access to the server and, as it is inside our firewall I can probably enable telnet to get a terminal window do carry out modifications. But I need to know what it is that I need to modify. Alternatively, can anyone point me to a reference regarding removing the current version of openssh and reverting to the prior version, which worked with presumably the same user configuration that the present version does not accept. The only references that I can find respecting this error message are all several years old and some of them suggest that their is a problem with accessing or using /dev/random or /dev/urandom. This matter is somewhat urgent. I have temporarily routed essential ssh connections through a spare host but the box affected sits in front of our legacy systems providing secure access to them as their native OSs and telecom protocols do not support encryption. It is very important that the SSHD service be restored on this host as soon as is possible. Any help with this is gratefully appreciated. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3

12 20

SELinux - way of the future or good idea but !!!
by Alison 07 Jan '11

07 Jan '11

Hi, total newbie on CentOS. Just firing up an install of 5.5 on a development webserver. Installed Webmin, Awstats, PHPMyAdmin and Drupal successfully. Yet to work on Sendmail and Samba. SELinux in enforcing mode, reporting "SELinux preventing ifconfig (ifconfig_t) "read write" to /var/webminsessiondb.pag (var_t)". Googled the error message without real success in finding fix - bug reports showing. Question is whether worth pursuing as SELinux is the way of the future. Or is SELinux a good idea that never really made it's way into the sun. Thoughts please. Alison PS. Semi-retired. Cut my teeth as sys prog on RSX11-M systems eons ago.

40 176

Graphing System Load MRTG
by Matt 07 Jan '11

07 Jan '11

I check system load like so: [root@server cron.daily]# w 10:07:33 up 4 days, 15:01, 2 users, load average: 4.22, 3.17, 3.09 I would like to to graph the 3.17 5 minute average with MRTG. Anyone know of some examples of doing this?

7 13

OT how to prevent oversubscription of a disk
by Dave 06 Jan '11

06 Jan '11

I want to add up the quotas I've assigned on a particular partition and see if the total is bigger than the disk. It's possible to do this (awkwardly) using repquota or quota. Is there no more accurate/elegant way? I can't be the first person to worry that more quota has been issued than the disk can supply. mahalo and Happy New Year, Dave -- Q: Why should this email be 5 sentences or less? A: http://five.sentenc.es

7 11

noob question about mock
by nux＠li.nux.ro 05 Jan '11

05 Jan '11

Hi, Been recently more and more tempted to use mock for building rpms, but looking at it I have one problem. As far as I could read about it, mock essentially rebuilds srpms so to use it I would need a separate "classical" build environment to create those srpms in the first place. Am I right or did I get something terribly wrong? Cheers! -- Nux! www.nux.ro

8 17

Anyone using PHP52 packages from iuscommunity.org?
by robert mena 05 Jan '11

05 Jan '11

Hi, I need to use PHP 5.2 in my Centos 5.X servers. I've been using the one found in Testing for more than a year without problems but I feel that it is not being updated in a while, specially with the security issues. I found a post about this iuscommunity.org which maintains 5.2 and 5.3 rpm packages for Centos/RedHat but I'd like to know if anyone in this is using the 5.2 packages in a production environment.

6 6

happy new years ssh key problem :)
by bluethundr 03 Jan '11

03 Jan '11

Hi List, Happy New Years and I was hoping to get some help on an ssh issue that I am having. For some reason I am unable to scp to hosts on this network using RSA keys. Here is what I am doing/what is going on; scp the public key to remote host [amandabackup@VIRTCENT18 ~]$ scp ~/.ssh/id_rsa_amdump.pub amandabackup@lb1:~ amandabackup@lb1's password: id_rsa_amdump.pub 100% 408 0.4KB/s 00:00 ssh (w/passwd) to remote host [amandabackup@VIRTCENT18 ~]$ ssh lb1 amandabackup@lb1's password: Last login: Fri Dec 31 10:57:05 2010 from 192.168.1.40 ######################################################### # SUMMITNJHOME.COM # # TITLE: LB1 BOX # # HOST: VIRTCENT01 # # LOCATION: SUMMIT BASEMENT # ######################################################### check to see if the key exists in authorized_keys [amandabackup@VIRTCENT01 ~]$ grep -f id_rsa_amdump.pub ~/.ssh/authorized_keys it didn't so cat it into authorized_keys [amandabackup@VIRTCENT01 ~]$ cat id_rsa_amdump.pub >> ~/.ssh/authorized_keys check again, just to make sure that it's there [amandabackup@VIRTCENT01 ~]$ grep -f id_rsa_amdump.pub ~/.ssh/authorized_keys ssh-rsa BlAB3Nza/FAKE-KEY-DATA--KEY-DATAKfMq4DDa0xaKb/FAKE-KEY-DATA--KEY-DATAsoqCu/boKNa/FAKE-KEY-DATA--KEY-DATAp1n9TcDtxm2XFHcOKUw2/14/bz1pWNDI/FAKE-KEY-DATA--KEY-DATAr9951JdK7Ny6lk/FAKE-KEY-DATA--KEY-DATA1/FAKE-KEY-DATA--KEY-DATAwh2dmgyxI9N69x3ypvWcGWShZw1BCJI06j5qIxvin99/FAKE-KEY-DATA--KEY-DATA It is. so good so far. Check permissions on authorized_keys file [amandabackup@VIRTCENT01 ~]$ ls -l ~/.ssh/authorized_keys -rw------- 1 amandabackup disk 408 Dec 31 11:02 /var/lib/amanda/.ssh/authorized_keys make sure we have the right home environment HOME=/var/lib/amanda Also good. Now, make sure ssh is looking at the right file [root@VIRTCENT01 ~]# grep -i authorizedkeysfile /etc/ssh/sshd_config AuthorizedKeysFile ~/.ssh/authorized_keys It is. Now exit and try to ssh in [amandabackup@VIRTCENT01 ~]$ exit Connection to lb1 closed. [amandabackup@VIRTCENT18 ~]$ ssh -vvv amandabackup@lb1 OpenSSH_5.6p1lpk, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to lb1 [192.168.1.23] port 22. debug1: Connection established. debug1: identity file /var/lib/amanda/.ssh/id_rsa type -1 debug1: identity file /var/lib/amanda/.ssh/id_rsa-cert type -1 debug1: identity file /var/lib/amanda/.ssh/id_dsa type -1 debug1: identity file /var/lib/amanda/.ssh/id_dsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.6 debug1: match: OpenSSH_5.6 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.6 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc(a)lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc(a)lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib(a)openssh.com,zlib debug2: kex_parse_kexinit: none,zlib(a)openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc(a)lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc(a)lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib(a)openssh.com debug2: kex_parse_kexinit: none,zlib(a)openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 114/256 debug2: bits set: 470/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: host lb1 filename /var/lib/amanda/.ssh/known_hosts debug3: check_host_in_hostfile: host lb1 filename /var/lib/amanda/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug3: check_host_in_hostfile: host 192.168.1.23 filename /var/lib/amanda/.ssh/known_hosts debug3: check_host_in_hostfile: host 192.168.1.23 filename /var/lib/amanda/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug1: Host 'lb1' is known and matches the RSA host key. debug1: Found key in /var/lib/amanda/.ssh/known_hosts:1 debug2: bits set: 499/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /var/lib/amanda/.ssh/id_rsa ((nil)) debug2: key: /var/lib/amanda/.ssh/id_dsa ((nil)) debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /var/lib/amanda/.ssh/id_rsa debug3: no such identity: /var/lib/amanda/.ssh/id_rsa debug1: Trying private key: /var/lib/amanda/.ssh/id_dsa debug3: no such identity: /var/lib/amanda/.ssh/id_dsa debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: userauth_kbdint: disable: no info_req_seen debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: debug3: authmethod_is_enabled password debug1: Next authentication method: password amandabackup@lb1's password: debug3: packet_send2: adding 48 (len 67 padlen 13 extra_pad 64) debug2: we sent a password packet, wait for reply debug1: Authentication succeeded (password). Authenticated to lb1 ([192.168.1.23]:22). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Requesting no-more-sessions(a)openssh.com debug1: Entering interactive session. debug2: callback start debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 1 debug2: channel 0: request shell confirm 1 debug2: fd 3 setting TCP_NODELAY debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel_input_status_confirm: type 99 id 0 debug2: PTY allocation request accepted on channel 0 debug2: channel 0: rcvd adjust 2097152 debug2: channel_input_status_confirm: type 99 id 0 debug2: shell request accepted on channel 0 Last login: Fri Dec 31 11:02:30 2010 from 192.168.1.40 ######################################################### # SUMMITNJHOME.COM # # TITLE: LB1 BOX # # HOST: VIRTCENT01 # # LOCATION: SUMMIT BASEMENT # ######################################################### -sh-3.2$ bash [amandabackup@VIRTCENT01 ~]$ thanks for your help and the CentOS community has done wonderful things to help me with my setups over the past year. Here's to a happy / healthy 2011!! -- GPG me!! gpg --keyserver pgp.mit.edu --recv-keys F186197B

3 2

Re: [CentOS] Intel NIC
by Gerhard Schneider 03 Jan '11

03 Jan '11

The problem with VMWare Server is that it is a discontinued product for longer time and they don't provide us with a suitable replacement. So our institute had to switch to VMWare workstation that can be run as a server, too. I'm running CentOS 5.5 as the Host OS and 5.5 and RHEL6beta as guests. We didn't try out RHEL6 (waiting for CentOS6 :-) GS -- Gerhard Schneider Institute of Lightweight Design and e-Mail: gs(a)ilsb.tuwien.ac.at Structural Biomechanics (E317) Tel.: +43 664 60 588 3171 Vienna University of Technology / Austria Fax: +43 1 58801 31799 A-1040 Wien, Gusshausstrasse 27-29 http://www.ilsb.tuwien.ac.at/~gs/

11 16

Anaconda hangs using 100% CPU
by cpolish＠surewest.net 02 Jan '11

02 Jan '11

Dear all, I have been struggling with my first PXEboot today, using a kickstart with packages served over http on the local network. The details: - Anaconda is using 100% CPU - CentOS 5.5 i386 downloaded yesterday - .iso md5sums checked out good - 0 network errors showing (ifconfig) - console 1 displays: "Installing httpd-..." Done [508/782]" - It appears to be trying to install samba for the last hour: the last 2 lines of the Apache access_log on the package server: "GET /centos/5.5/os/i386/disc2//CentOS/ httpd-2.2.3-43.el5.centos.i386.rpm HTTP/1.1" 200 1277591 "GET /centos/5.5/os/i386/disc2//CentOS/ samba-3.0.33-3.28.el5.i386.rpm HTTP/1.1" 200 17016117 - The last line of /tmp/anaconda.log shows: DEBUG : Adding Package opensp-1.5.2-4.i386 in mode u - The last line of /mnt/sysimage/root/install.log.syslog shows: useradd[2304]: new user: name=apache, ... - I have searched for similar issues at bugs.centos.org without success - The system is still alive, console 2 is responsive so I can (hopefully) debug this if someone will point me in the right direction - kickstart file: http://pastebin.com/mQxx42wf Help! -- Charles Polisher

1 1

remove newlines / perl /concise example
by ken 01 Jan '11

01 Jan '11

Thanks for the previous tips and suggestions. Here's a more concise example: Input file: <aaaa> <bbbb> <cccc> <dddd> I want everything on one line, i.e., remove all newlines. Like so: <aaaa><bbbb><cccc><dddd> Simple perl code: #!/usr/bin/env perl # Remove newlines from a file in two ways: # (1) Just "chomp" them; # (2) Replace them with a space. # Open input file for reading only. my $infilename = "/tmp/newline-test-in"; open(my $in, "<", "$infilename") or die "Can't open file \"$infilename\": $!"; # Open output file for writing only. my $outfilename = "/tmp/newline-test-out"; open (my $out, ">", "$outfilename") or die "Can\'t open $outfilename for writing. $!"; # Comment out either, both, or neither of the below "binmode" == no joy #binmode $in; binmode $out; while (<$in>) { # Neither of the two commands below works as expected. chomp; # remove trailing newline. # s/\n/ /; # replace newline with space print $out $in; } # Close input file. close $in or die "Error closing $in: $!"; # Close output file. close $out or die "Error closing output file $out: $!"; ### end of perl script Run this, commenting in/out whatever, and output file is consistently this: GLOB(0x8ad3c28)GLOB(0x8ad3c28)GLOB(0x8ad3c28)GLOB(0x8ad3c28)

4 4

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss December 2010