My case:
$ ssh-host-config
* Info: Generating missing SSH host keys
yse
* Query: Overwrite existing /etc/ssh_config file? (yes/no) yes
*** Info: Creating default /etc/ssh_config file
*** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
*** Info: Creating default /etc/sshd_config file
*** Info: StrictModes is set to 'yes' by default.
*** Info: This is the recommended setting, but it requires that the POSIX
*** Info: permissions of the user's home directory, the user's .ssh
*** Info: directory, and the user's ssh key files are tight so that
*** Info: only the user has write permissions.
*** Info: On the other hand, StrictModes don't work well with default
*** Info: Windows permissions of a home directory mounted with the
*** Info: 'noacl' option, and they don't work at all if the home
*** Info: directory is on a FAT or FAT32 partition.
*** Query: Should StrictModes be used? (yes/no) no
*** Info: Updating /etc/sshd_config file
*** Info: Sshd service is already installed.
*** Info: Host configuration finished. Have fun!
It skip Should privilege separation be used?
i can't create cyg_server & sshd
please help, thanks
Recent versions of ssh-host-config no longer prompt for enabling privilege separation. It is enabled by default.
Related
this is the log when vscode install vscode-server in host
i found that it got vscode-server commit id as follow log:
[13:07:27.334] Using commit id "f80445acd5a3dadef24aa209168452a3d97cc326" and quality "stable" for server
but it didn't use this commit id in wget download url:
[13:07:28.420] > wget download failed
> https://update.code.visualstudio.com/commit:/server-darwin/stable:
[13:07:27.297] Log Level: 2
[13:07:27.298] remote-ssh#0.74.0
[13:07:27.298] darwin x64
[13:07:27.306] SSH Resolver called for "ssh-remote+devbox", attempt 1
[13:07:27.307] "remote.SSH.useLocalServer": true
[13:07:27.307] "remote.SSH.path": undefined
[13:07:27.308] "remote.SSH.configFile": undefined
[13:07:27.308] "remote.SSH.useFlock": true
[13:07:27.308] "remote.SSH.lockfilesInTmp": false
[13:07:27.308] "remote.SSH.localServerDownload": off
[13:07:27.309] "remote.SSH.remoteServerListenOnSocket": false
[13:07:27.309] "remote.SSH.showLoginTerminal": false
[13:07:27.309] "remote.SSH.defaultExtensions": []
[13:07:27.309] "remote.SSH.loglevel": 2
[13:07:27.310] "remote.SSH.enableDynamicForwarding": true
[13:07:27.310] "remote.SSH.enableRemoteCommand": false
[13:07:27.310] "remote.SSH.serverPickPortsFromRange": {}
[13:07:27.310] "remote.SSH.serverInstallPath": {}
[13:07:27.325] SSH Resolver called for host: devbox
[13:07:27.325] Setting up SSH remote "devbox"
[13:07:27.330] Acquiring local install lock: /var/folders/8f/x1b597tj715cn0x95bjqmy1m0000gp/T/vscode-remote-ssh-c4ea1055-install.lock
[13:07:27.333] Looking for existing server data file at /Users/bytedance/Library/Application Support/Code/User/globalStorage/ms-vscode-remote.remote-ssh/vscode-ssh-host-c4ea1055-f80445acd5a3dadef24aa209168452a3d97cc326-0.74.0/data.json
[13:07:27.334] Using commit id "f80445acd5a3dadef24aa209168452a3d97cc326" and quality "stable" for server
[13:07:27.340] Install and start server if needed
[13:07:27.344] PATH: /Users/bytedance/.yarn/bin:/Users/bytedance/.config/yarn/global/node_modules/.bin:/Users/bytedance/.nvm/versions/node/v14.15.1/bin:/Users/bytedance/bin:/usr/local/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/puppetlabs/bin:/Library/Apple/usr/bin:/Applications/Mplus
[13:07:27.345] Checking ssh with "ssh -V"
[13:07:27.359] > OpenSSH_8.6p1, LibreSSL 2.8.3
[13:07:27.369] askpass server listening on /var/folders/8f/x1b597tj715cn0x95bjqmy1m0000gp/T/vscode-ssh-askpass-efdbcc89680acf75582ff2c0e6d258ff60bbf93f.sock
[13:07:27.369] Spawning local server with {"serverId":1,"ipcHandlePath":"/var/folders/8f/x1b597tj715cn0x95bjqmy1m0000gp/T/vscode-ssh-askpass-340d49ea7f83ee5441ed6e4eecae6d815a8c993e.sock","sshCommand":"ssh","sshArgs":["-v","-T","-D","63970","-o","ConnectTimeout=15","devbox"],"serverDataFolderName":".vscode-server","dataFilePath":"/Users/bytedance/Library/Application Support/Code/User/globalStorage/ms-vscode-remote.remote-ssh/vscode-ssh-host-c4ea1055-f80445acd5a3dadef24aa209168452a3d97cc326-0.74.0/data.json"}
[13:07:27.370] Local server env: {"DISPLAY":"1","ELECTRON_RUN_AS_NODE":"1","SSH_ASKPASS":"/Users/bytedance/.vscode/extensions/ms-vscode-remote.remote-ssh-0.74.0/out/local-server/askpass.sh","VSCODE_SSH_ASKPASS_NODE":"/Applications/Visual Studio Code.app/Contents/MacOS/Electron","VSCODE_SSH_ASKPASS_EXTRA_ARGS":"--ms-enable-electron-run-as-node","VSCODE_SSH_ASKPASS_MAIN":"/Users/bytedance/.vscode/extensions/ms-vscode-remote.remote-ssh-0.74.0/out/askpass-main.js","VSCODE_SSH_ASKPASS_HANDLE":"/var/folders/8f/x1b597tj715cn0x95bjqmy1m0000gp/T/vscode-ssh-askpass-efdbcc89680acf75582ff2c0e6d258ff60bbf93f.sock"}
[13:07:27.371] Spawned 14057
[13:07:27.515] > local-server-1> Spawned ssh, pid=14064
[13:07:27.520] stderr> OpenSSH_8.6p1, LibreSSL 2.8.3
[13:07:27.596] stderr> debug1: Server host key: ecdsa-sha2-nistp256 SHA256:b+9mK6ATDvqmXeFeXiRzqh4iICIEtuNptAfPeSuV4sI
[13:07:27.953] stderr> Authenticated to 10.227.84.41 ([10.227.84.41]:22).
[13:07:28.012] > Linux n227-084-041 4.14.81.bm.15-amd64 #1 SMP Debian 4.14.81.bm.15 Sun Sep 8 05:02:31 UTC 2019 x86_64
>
> The programs included with the Debian GNU/Linux system are free software;
> the exact distribution terms for each program are described in the
> individual files in /usr/share/doc/*/copyright.
>
> Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
> permitted by applicable law.
[13:07:28.023] > ready: f8c7ecb7b7c3
[13:07:28.033] > Linux 4.14.81.bm.15-amd64 #1 SMP Debian 4.14.81.bm.15 Sun Sep 8 05:02:31 UTC 2019
[13:07:28.034] Platform: linux
[13:07:28.046] stderr> bash: line 1: syntax error near unexpected token `done'
[13:07:28.046] stderr> bash: line 1: `done'
[13:07:28.048] > Installing to ...
[13:07:28.048] stderr> zsh: parse error near `}'
[13:07:28.051] > f8c7ecb7b7c3%%1%%
[13:07:28.051] stderr> do_host_download:1: command not found: millis
[13:07:28.054] > Downloading with wget
[13:07:28.420] > wget download failed
> https://update.code.visualstudio.com/commit:/server-darwin/stable:
> 2022-02-23 13:07:30 ERROR 404: Not Found.
I had this problem as well since this morning and what was odd for me was that I could SSH from the terminal to the target host with no problem.
After some debugging, it seems like the Remote - SSH extension is causing the trouble. The following two options worked for me. Either:
Downgrading the extension to 0.70.0 works for me. The current version (0.74.0 as of now) was updated just two days ago and I think this update is causing the trouble.
If you would like to keep the current version, then turning off remote.ssh.useLocalServer also works. If you're on a mac, go to Code > Preferences > Settings (Cmd + ,) and then type remote.ssh.useLocalServer and it'll show the option which is turned on by default. Turning this off did the trick for me too.
I burn Yocto on my cards.
Some of it starting OK
Starting OpenBSD Secure Shell server: sshd
Done.
Some of it not.
Starting OpenBSD Secure Shell server: sshd
Could not load host key: /etc/ssh/ssh_host_rsa_key
key_load_public: invalid format
Could not load host key: /etc/ssh/ssh_host_dsa_key
key_load_public: invalid format
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
key_load_public: invalid format
Could not load host key: /etc/ssh/ssh_host_ed25519_key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
How can I fix the problem?
Well. It's quite a process.
Remove all files in /etc/ssh/
Run /usr/bin/ssh-keygen -A
Logout from a user.
Now you may restart and enjoy.
I use google cloud shell to execute this program
Linux version
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
Tor version 0.3.5.10.
When I tried restarting "sudo service tor restart" Tor I received an error
[ ok ] Stopping tor daemon...done (not running - there is no /run/tor/tor.pid).
[....] Starting tor daemon...Jun 27 01:51:04.132 [warn] Directory /var/lib/tor cannot be read: Permission denied
Jun 27 01:51:04.132 [warn] Failed to parse/validate config: Couldn't create private data directory "/var/lib/tor"
Jun 27 01:51:04.132 [err] Reading config failed--see warnings above.
failed.
So I set full permissions for the tor directory sudo chmod -R 777 /var/lib/tor
[FAIL] Checking if tor configuration is valid ... failed!
Jun 27 01:53:59.685 [notice] Tor 0.3.5.10 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1g, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.3.8.
Jun 27 01:53:59.685 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jun 27 01:53:59.685 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Jun 27 01:53:59.685 [notice] Read configuration file "/etc/tor/torrc".
Jun 27 01:53:59.688 [warn] Error setting groups to gid 114: "Operation not permitted".
Jun 27 01:53:59.688 [warn] If you set the "User" option, you must start Tor as root.
Jun 27 01:53:59.688 [warn] Failed to parse/validate config: Problem with User value. See logs for details.
Jun 27 01:53:59.688 [err] Reading config failed--see warnings above.
I use root privileges sudo su
[ ok ] Stopping tor daemon...done (not running - there is no /run/tor/tor.pid).
[....] Starting tor daemon...Jun 27 01:58:58.455 [warn] Directory /var/lib/tor cannot be read: Permission denied
Jun 27 01:58:58.455 [warn] Failed to parse/validate config: Couldn't create private data directory "/var/lib/tor"
Jun 27 01:58:58.455 [err] Reading config failed--see warnings above.
Is there any way that can help me solve my problem or how can i be able to install tor version 2.9.14?
You might have already solved the problem by now, if not I hope this can help.
Is there any way that can help me solve my problem?
OPTION 1
Let's take a look at these warnings:
[warn] Error setting groups to gid 114: "Operation not permitted".
[warn] If you set the "User" option, you must start Tor as root.
[warn] Failed to parse/validate config: Problem with User value.
To get a log of all users run cat /etc/passwd and you'll see debian-tor listed:
...
debian-tor:x:108:114::/var/lib/tor:/bin/false
...
The folder /var/lib/tor is owned by user debian-tor, so sudo -u debian-tor tor will work.
Alternatively, you can run this for your current user: (or chmod 777 for all)
chmod 700 -R /var/lib/tor/*
chown -R tor /var/lib/tor/
sudo service tor restart
You actually should run tor as non-root, else you get this message:
You are running Tor as root. You don't need to, and you probably shouldn't.
OPTION 2
As the warning suggests to see logs for details you should check for a message within dsmeg and /var/log/syslog. If you find anything then it can be AppArmor or SELinux blocking tor. Both SELinux and AppArmor provide a set of tools to isolate applications from each other to protect the host system from being compromised, so it's not recommended disabling them permanently but temporarily for debugging.
According to Debian SELinux support:
The Debian packaged Linux kernels have SELinux support compiled in,
but disabled by default.
Check the SELinux state with getenforce, if the output is Permissive or Disabled then you're set.
Moreover, looking at AppArmor/Progress:
Since Debian 10 (Buster), AppArmor is enabled by default.
To disable AppArmor on your system run: (reference)
sudo mkdir -p /etc/default/grub.d
echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"' \
| sudo tee /etc/default/grub.d/apparmor.cfg
sudo update-grub
sudo reboot
There's a chance that either one's the culprit. Users have reported similar issue here.
How can i be able to install tor version 2.9.14?
Downgrading the tor package is as simple as this:
sudo apt-get install tor=0.2.9.14
But why would you want do that?
tor v2 will be deprecated soon. You'll see warnings like:
[warn] At least one protocol listed as required in the consensus is
not supported by this version of Tor. You should upgrade. This version
of Tor will not work as a client on the Tor network. The missing
protocols are: DirCache=2 HSDir=2 HSIntro=4 Link=4-5
NB: Post on tor.stackexchange for tor related issues.
I'm trying to configure puppetDB on the same puppet master server. I followed the puppet documentation, installed the database and configured the puppet to use database.
when I run puppet agent --test command its giving below error message.
I didn't see any process running in port 8081, I see puppet java process running on port 8140.
How can I resolve this error?
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 500 on SERVER: Server Error: Could not retrieve facts for webserver: Failed to find facts from PuppetDB at puppet:8140: Failed to execute '/pdb/query/v4/nodes/webserver/facts' on at least 1 of the following 'server_urls': https://puppetdb:8081
Info: Retrieving pluginfacts
Info: Retrieving plugin
Warning: Error connecting to puppetdb on 8081 at route /pdb/query/v4/nodes/webserver/facts, error message received was 'Connection refused - connect(2) for "puppetdb" port 8081'. Failing over to the next PuppetDB server_url in the 'server_urls' list
Error: Cached facts for webserver failed: Failed to find facts from PuppetDB at puppet:8140: Failed to execute '/pdb/query/v4/nodes/webserver/facts' on at least 1 of the following 'server_urls': https://puppetdb:8081
Info: Loading facts
Info: Caching facts for webserver
Warning: Error connecting to puppetdb on 8081 at route /pdb/cmd/v1?checksum=039e22c7bf98e9cbf2f08169047d288c9b451c73&version=5&certname=webserver&command=replace_facts, error message received was 'Connection refused - connect(2) for "puppetdb" port 8081'. Failing over to the next PuppetDB server_url in the 'server_urls' list
Error: Failed to execute '/pdb/cmd/v1?checksum=039e22c7bf98e9cbf2f08169047d288c9b451c73&version=5&certname=webserver&command=replace_facts' on at least 1 of the following 'server_urls': https://puppetdb:8081
Error: Could not retrieve local facts: Failed to execute '/pdb/cmd/v1?checksum=039e22c7bf98e9cbf2f08169047d288c9b451c73&version=5&certname=webserver&command=replace_facts' on at least 1 of the following 'server_urls': https://puppetdb:8081
Error: Failed to apply catalog: Could not retrieve local facts: Failed to execute '/pdb/cmd/v1?checksum=039e22c7bf98e9cbf2f08169047d288c9b451c73&version=5&certname=webserver&command=replace_facts' on at least 1 of the following 'server_urls': https://puppetdb:8081
Hope you checked the SSL certs stored in /etc/puppetlabs/puppetdb/ssl are matching with the /etc/puppetlabs/puppet/ssl/certs/<certnameof your puppetserver.FQDN> .
This can be verified by
puppetdb ssl-setup
Sample entry
puppetdb ssl-setup
PEM files in /etc/puppetlabs/puppetdb/ssl already exists, checking integrity.
Setting ssl-host in /etc/puppetlabs/puppetdb/conf.d/jetty.ini already correct.
Setting ssl-port in /etc/puppetlabs/puppetdb/conf.d/jetty.ini already correct.
Setting ssl-key in /etc/puppetlabs/puppetdb/conf.d/jetty.ini already correct.
Setting ssl-cert in /etc/puppetlabs/puppetdb/conf.d/jetty.ini already correct.
Let me know if you have further issues .I have had the same issue and rectified by removing the /etc/puppetlabs/puppetdb/ssl directory and rerun the "puppetdb ssl-setup" command.
For some reason puppetdb process went down that's why no process running on port 8081. I have restarted puppetdb process, then agent -test command stated connecting to the webserver.
Here is the output of puppetdb service in centos 7.
# systemctl status puppetdb
● puppetdb.service - puppetdb Service
Loaded: loaded (/usr/lib/systemd/system/puppetdb.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2017-03-28 18:26:58 EDT; 1h 20min ago
Main PID: 5503 (java)
CGroup: /system.slice/puppetdb.service
└─5503 /usr/bin/java -Xmx192m -Djava.security.egd=/dev/urandom -XX:OnOutOfMemoryError=kill -9 %p -cp /opt/puppetlabs/...
I have just installed systemd and I have a failing service, proc-sys-fs-binfmt_misc.automount
I've seen here it's a part of systemd:
https://github.com/systemd/systemd/blob/master/units/proc-sys-fs-binfmt_misc.automount
Is this file important ? How do I solve the activation issue ?
Below my systemctl status
Last login: Mon Apr 13 23:13:19 2015 from nor75-18-82-241-236-193.fbx.proxad.net
svassaux#vps127101:~$ systemctl status
proc-sys-fs-binfmt_misc.automount -> '/org/freedesktop/systemd1/unit/proc_2dsys_ 2dfs_2dbinfmt_5fmisc_2eautomount'
proc-sys-fs-binfmt_misc.automount - Arbitrary Executable File Formats File Syste m Automount Point
Loaded: loaded (/lib/systemd/system/proc-sys-fs-binfmt_misc.automount; static )
Active: failed (Result: resources)
Where: /proc/sys/fs/binfmt_misc
Docs: https://www.kernel.org/doc/Documentation/binfmt_misc.txt
http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
For those who want to disable proc-sys-fs-binfmt_misc.automount (if you’re in, say, a containerized environment where autofs is not available), note that systemctl disable won’t work, but
systemctl mask proc-sys-fs-binfmt_misc.automount
does.
For using .automount unit of systemd, systemd tries to open /dev/autofs. In case autofs file system is not available on your system, all .automount unit files fails to start.
So first ensure your system does have auto file system support.