@jaredbusch said in Debian apt-get update error:
cd /var du -h --max-depth=1 | sort -hr
Add sudo to the front of that so you can get all the folders info.
So: sudo du -h --max-depth=1 | sort -hr
@jaredbusch said in Debian apt-get update error:
cd /var du -h --max-depth=1 | sort -hr
Add sudo to the front of that so you can get all the folders info.
So: sudo du -h --max-depth=1 | sort -hr
@irj said in Copperhead OS - A Security and Privacy Focused Android OS:
I found this article that intrigued me and challenged me to try ditching Google as well. As google is recording every small detail of your daily habits.
Eh, let them. This makes my life better, in fact I'd offer them more data on me if I could.
It turns out that while I was running Ubuntu 17.10, it had been upgraded from 17.04 and that upgrade had left the Unity UI installed and active. So the reason why I was not seeing the GNOME shell extension options in the tweaker tool was due to the fact that it was actually Unity and GNOME I was in. One hell of a noob mistake.
Once I switched to GNOME, it was all working and I am much happier with GNOME over Unity.
So I am running Ubuntu 17.10, and it is completely up to date as of this morning, and my UI is Gnome.
I am trying to install the Dash-to-Dock shell extension so I can move the launcher to the bottom of the screen, and it's just not working. No matter what I try.
I installed the Gnome Tweak app, and there is no "extensions" option in it. I installed gnome-shell-extensions and then I installed gnome-shell-extension-dashtodock. And still nothing.
I then installed chrome-gnome-shell and the chrome browser plugin (version 9) and still I cannot enable the extensions. It tells me:
Unable to locate GNOME Shell settings or version. Make sure it is installed and running.
And:
GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface 'org.gnome.Shell.Extensions' on object at path /org/gnome/Shell
I have located and gone into each of the extension JSON files and verified that the version listed matches the installed version (3.24). I have also noted that there is no ~/.local/share/gnome-shell folder on the machine (not idea why).
So I am completely out of ideas here, anyone got any suggestions about what I am doing wrong? All my google results seem to imply that this should be a pretty easy thing to do, with just one or two commends. But NOTHING I find it working.
For the record, this machine is running the Nvidia proprietary drivers for the display, but most everything else is out of the box Ubuntu 17.10 stuff.
With help from @anthonyh we were able to come up with a work around.
I set the user's home folder (/home/<user>) as the CHroot path, set that as root:root with 755 permissions. Then I created a bind mount to a subfolder called website (so /home/<user>/website is a bind mount for /var/www/sites/site.domain.com/<user>), then chowned that folder to <user>:root with 755 permissions.
Now they can SFTP in, and change to the website folder and put their stuff there. No more seeing all the other users and folders.
For the record here is my SSHD config lines:
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group sftpgroup
ChrootDirectory /home/%u # or %h either would work
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
And the steps I used to get this working:
sudo adduser <user> --ingroup sftpgroup --shell /bin/nologin
sudo mkdir /var/www/sites/site.domain.com/<user>
sudo chown <user>:root /var/www/site/site.domain.com/<user>
sudo mkdir /home/<user>/website
sudo mount --bind /var/www/site/site.domain.com/<user> /home/<user>/website
sudo chown root:root /home/<user>
sudo nano /etc/fstab
/var/www/site/site.domain.com/<user> /home/<user>/website none rw,bind 0 0
It's not as neat as I'd like it, but it works.
I tried that, and the user could not connect at all.
they are set to 755 and chowned to root:root, anything else and you cannot connect.
Ok, so I have a user setup for SFTP only access, and I have this in the SSH config file:
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group sftpgroup
ChrootDirectory /var/www/sites/site.domain.com/%u
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
The user is created by using this command:
adduser <user> --ingroup sftpgroup --shell /bin/nologin
They can SFTP in, and they get dumped into the right folder (their username folder) but they cannot create folder or files, they have read only access if I change the permissions on their folder, then I cannot connect and if I change the path of the ChrootDirectory to be one folder up they can then get into their folder and do what is needed, however they then have access (read and execute) on all the other user folders.
And I do not want to add a subfolder under their folder for them write to, that would end with their site being site.domain.com/user/folder, which is silly.
Any suggestions on how I can get this working?
I copied Anthonyh's setup, but I used Ubuntu 16.04 server, and it works very well, the DNS response time is significantly faster than from my off the shelf asus router. It was a great learning experience.
@strongbad said in Examining unRAID Storage:
@jrc said in Examining unRAID Storage:
Yes, I could do this with a stand alone linux install, but ain't no one got time for that.
It HAS to be faster to deploy Linux than unRAID. I mean, it literally seems like an impossible thing to say. And Docket is this...
dnf install docker
That's all that there is. Docker is super fast and easy to install.
Yeah, that's just docker installed. You then need to create the container with the solution in it that you want to use, and this would be far more time consuming that just a single command. In unRAID I locate the pre-built docker container with the app in it that I want to use and click install. 30 seconds later it is installed and ready to go.
unRAID is a turnkey solution, with hundreds, if not thousands, of pre-build add-ons, plugins and docker containers. This lowers the barrier to entry significantly for most people and for me it means deploying services on my home network with minimal need for research or parsing how-tos.
Would a vanilla Linux install with KVM and Docker to what unRAID does, yes it would. Would that be a "better" way to go? Well that entirely depends on how you define better. In my case, no it would not as I do not have the time or inclination to spend the time to tune that just right for my needs, instead I want to click on the library of add-ons/pre-built docker containers, find the one that I need and click install and start using it.
Do I care that I am not getting the performance of a true RAID 5 or 10? No, I do not. Do I care that the redundancy of the server is not as good as a RAID 10? Once again, no, not really. The unRAID setup can suffer a single drive failure and still allow me to rebuild, and I am ok with that. It can suffer more than one drive failing, with some data loss as opposed to a RAID 10 where multiple drive failures = all data gone, and I am ok with that too.
@scottalanmiller said in Examining unRAID Storage:
@jrc said in Examining unRAID Storage:
I'd not use it in an enterprise production environment but I use it at home, have done so for the last 2 or so years. Works just fine for my use, plus I get to use the hardware it's on for other things such as some docker containers and one or two VMs.
Before that I ran FreeNAS, and was not as happy with it, kept having kernel issues and could not get it to update.
Why not just use KVM? What does unRAID bring to the table?
A very large library of pre-made docker containers, plugins and customizations that allow you to do all manner of things and a very active dedicated community. Great for a home network since most of them can be deployed in a few clicks.
As an example, I had a pre-made Emby server up and running in about 30 seconds with a pre built docker container.
Yes, I could do this with a stand alone linux install, but ain't no one got time for that.
I'd not use it in an enterprise production environment but I use it at home, have done so for the last 2 or so years. Works just fine for my use, plus I get to use the hardware it's on for other things such as some docker containers and one or two VMs.
Before that I ran FreeNAS, and was not as happy with it, kept having kernel issues and could not get it to update.
@coliver said in Cisco Unity and UCM - Reset SSH Keys:
@jrc said in Cisco Unity and UCM - Reset SSH Keys:
@scottalanmiller said in Cisco Unity and UCM - Reset SSH Keys:
@jrc said in Cisco Unity and UCM - Reset SSH Keys:
I don't think you are understanding my issue.
When an SSH client connects to a SSH server with a username and password you get asked if you want to trust the connection based on the key your client gets handed, this key is then added into your .ssh/known_hosts, this is then used every time you connect to make sure the server is the same one as last time. If that server gets retired and/or another one ends up on it's IP you cannot connect as the SSH client throws up a warning saying the cached key does not match. You can then go into the known_hosts file and simply remove the cached key and it will then connect.
This is what I am asking, what is the equivalent way to do this on a Unity and UCM ? Their cached keys no longer match the SFTP server and therefore they cannot connect (SSH won't let them).
I have no idea how to explain this better so hopefully this helps clear it up.
I see. but UCM lacks a known_hosts file?
I have no idea. I am asking what the Cisco Unity and USCM equivalent is, and how do to the equivalent action (edit and remove) on them.
Do you have smartnet?
If I did I'd not be asking here, I'd be in the phone with a Cisco engineer. SmartNET on these two are way out of our budget (quoted us $8k per year).
@scottalanmiller said in Cisco Unity and UCM - Reset SSH Keys:
@jrc said in Cisco Unity and UCM - Reset SSH Keys:
I don't think you are understanding my issue.
When an SSH client connects to a SSH server with a username and password you get asked if you want to trust the connection based on the key your client gets handed, this key is then added into your .ssh/known_hosts, this is then used every time you connect to make sure the server is the same one as last time. If that server gets retired and/or another one ends up on it's IP you cannot connect as the SSH client throws up a warning saying the cached key does not match. You can then go into the known_hosts file and simply remove the cached key and it will then connect.
This is what I am asking, what is the equivalent way to do this on a Unity and UCM ? Their cached keys no longer match the SFTP server and therefore they cannot connect (SSH won't let them).
I have no idea how to explain this better so hopefully this helps clear it up.
I see. but UCM lacks a known_hosts file?
I have no idea. I am asking what the Cisco Unity and USCM equivalent is, and how do to the equivalent action (edit and remove) on them.
@travisdh1 said in Cisco Unity and UCM - Reset SSH Keys:
@jrc said in Cisco Unity and UCM - Reset SSH Keys:
I don't think you are understanding my issue.
When an SSH client connects to a SSH server with a username and password you get asked if you want to trust the connection based on the key your client gets handed, this key is then added into your .ssh/known_hosts, this is then used every time you connect to make sure the server is the same one as last time. If that server gets retired and/or another one ends up on it's IP you cannot connect as the SSH client throws up a warning saying the cached key does not match. You can then go into the known_hosts file and simply remove the cached key and it will then connect.
This is what I am asking, what is the equivalent way to do this on a Unity and UCM ? Their cached keys no longer match the SFTP server and therefore they cannot connect (SSH won't let them).
I have no idea how to explain this better so hopefully this helps clear it up.
Removing an existing ssh key should be quite easy, older versions just edit the known_hosts file and remove the line with the device having issues and the latest SSH versions give you instructions on how to accomplish this right in the command line your using.
Exactly right, I know this is more than likely the solution and my question is how do I do that on Cisco's Unity and UCM platforms? This is the core question I am asking, regenerating the keys won't do a thing for me if I cannot answer this question.
I don't think you are understanding my issue.
When an SSH client connects to a SSH server with a username and password you get asked if you want to trust the connection based on the key your client gets handed, this key is then added into your .ssh/known_hosts, this is then used every time you connect to make sure the server is the same one as last time. If that server gets retired and/or another one ends up on it's IP you cannot connect as the SSH client throws up a warning saying the cached key does not match. You can then go into the known_hosts file and simply remove the cached key and it will then connect.
This is what I am asking, what is the equivalent way to do this on a Unity and UCM ? Their cached keys no longer match the SFTP server and therefore they cannot connect (SSH won't let them).
I have no idea how to explain this better so hopefully this helps clear it up.
@scottalanmiller said in Cisco Unity and UCM - Reset SSH Keys:
Depends on your SFTP server.
Sorry, I guess I was not clear. The keys in question are the local ones on the Unity and UCM side. This would be similar to how you'd empty out the ssh/known_hosts file on a regular linux machine. IE the keys used by the client to verify that the server is the same one that it connected to in the past.
As I said there is nothing wrong with my SFTP server, I can connect to it just fine from other machines, and even ping it from Unity and UCM.
So both my Cisco Unity and UCM servers have stopped doing SFTP backups, and I strongly suspect this is due to the SSH keys going wonky. I can ping the SFTP server from Unity and I can SFTP into the server from any other client, but both say "Unable to Connect" when I try to get to connect (it took me about an hour to get that much out of the systems, they just say "Error" in most places with little indication of what the error was).
So how do I go in and delete/reset the SSH keys it uses for SFTP?
@r3dpand4 said in Active Directory - Scripting the adding/removal of users to group:
@anthonyh You're fine I'm also half dead from a head cold/sinus infection, I just reread the post. Query the groups you're wanting, run a foreach loop against the results, then an if/else statement with the -like switch against whatever the domain is you're wanting to filter to specify your action.
I suspect that the OP is wanting some code examples. At least that's what I'd be after if I were him.
Anthony:
https://technet.microsoft.com/en-us/library/ee617193.aspx?f=255&MSPPError=-2147217396 is a place to start, it'll help you write the bit that get's group members.
https://gallery.technet.microsoft.com/scriptcenter/Getting-Users-ALL-7417b71d - May have some useable snippets to get the info you need from the user.