ssh -R

tony.chamberlain at lemko.com tony.chamberlain at lemko.com
Tue Apr 15 16:38:47 UTC 2008


-----Original Message-----
From: fedora-list-request at redhat.com [mailto:fedora-list-request at redhat.com]
Sent: Tuesday, April 15, 2008 09:11 AM
To: fedora-list at redhat.com
Subject: fedora-list Digest, Vol 50, Issue 104

Send fedora-list mailing list submissions to	fedora-list at redhat.comTo subscribe or unsubscribe via the World Wide Web, visit	https://www.redhat.com/mailman/listinfo/fedora-listor, via email, send a message with subject or body 'help' to	fedora-list-request at redhat.comYou can reach the person managing the list at	fedora-list-owner at redhat.comWhen replying, please edit your Subject line so it is more specificthan "Re: Contents of fedora-list digest..."Today's Topics: 1. Re: two questions (Tim) 2. Re: Samba won't dance (Mike Chambers) 3. Sysad Burma Shave nuggets (was Re: some attack to fedora machine ) (Andrew Kelly) 4. Re: two questions (Jon Ingason) 5. ssh -R (tony.chamberlain at lemko.com) 6. Re: ssh -R (Manuel Ar?stegui) 7. Re: ssh -R (Steve Searle) 8. canonical approach to shared sound? (Matthew Miller) 9. Re: Samba won't dance (more info) (Claude Jones) 10. respawn java process (James Pifer) 11. Re: ssh -R (Chris G) 12. Re: Samba won't dance (more info) (Tim) 13. Re: Samba won't dance (more info) (max bianco) 14. Re: canonical approach to shared sound? (Patrick O'Callaghan) 15. Re: respawn java process (Tim) 16. Re: Problem with sata2 and raid1. (Bruno Wolff III)----------------------------------------------------------------------Message: 1Date: Tue, 15 Apr 2008 13:53:47 +0930From: Tim Subject: Re: two questionsTo: For users of Fedora Message-ID: <1208233427.4264.6.camel at suspishus.lan.cameratim.com>Content-Type: text/plainOn Tue, 2008-04-15 at 00:42 +0200, mattias jonsson wrote:> ok> i'm blind how can i insatll fedora> in debian and ubuntu there are intergrated braille support> and exist fedora 9?There's one or two blind users on this list, I seem to recall that oneof them was Scott Berry (from around the end of last year). Perhaps ifyou re-posted with a suitable subject line, someone who knows more aboutthe subject in question might notice your message and respond. Messageswith inappropriate subject descriptions get ignored by a lot of people.-- (This computer runs FC7, my others run FC4, FC5 & FC6, in case that's important to the thread.)Don't send private replies to my address, the mailbox is ignored.I read messages from the public lists.------------------------------Message: 2Date: Tue, 15 Apr 2008 04:42:23 -0500From: Mike Chambers Subject: Re: Samba won't danceTo: For users of Fedora Message-ID: <1208252543.2825.5.camel at scrappy.miketc.com>Content-Type: text/plainOn Mon, 2008-04-14 at 23:49 -0400, Claude Jones wrote:> OK, I did it. The version on the PCLinux box is 3.0.23b-PCLOS2007 and the one > on Fedora is 3.0.28a-0.fc8. The result is interesting. Now, smbk4 on Fedora > is listing both the machine's IP addresses upstairs, and their shares, but, > it's still unable to mount those shares...some progress, tho. Maybe dns issue? Are all the boxes setup via dns correctly and listedin full on whatever the dns box is? Maybe list each one in the dnsboxes /etc/hosts file or relook at your dns or something for locally andnot so much outside of it?Haven't read the previous few posts except teh last 5 or so, so haven'tbeen following along on your progress. Sorry if these were alreadytried.-- Mike ChambersFedora Project - Ambassador, Bug Zapper, Tester, User, etc..mikec302 at fedoraproject.org------------------------------Message: 3Date: Tue, 15 Apr 2008 12:36:19 +0200From: Andrew Kelly Subject: Sysad Burma Shave nuggets (was Re: some attack to fedora	machine )To: For users of Fedora Message-ID: <1208255779.6233.42.camel at thegrind>Content-Type: text/plainOn Tue, 2008-04-15 at 00:05 -0400, Ric Moore wrote:> On Mon, 2008-04-14 at 15:19 +0200, Andrew Kelly wrote:> > > You know, if I could turn writing stuff like that my day > > job, I think I'd be a lot happier camper.> > > > Hmm, to be honest, exactly that scenario has been preoccupying most of> > my free brain cycles lately...> > Try using Hiaku's or knock-offs of the old Burma Shave signs for your> subject lines when replying to tech support requests. I did. > During Bob Young's reign at Red Hat, we could do pretty much as we> pleased, as long as the customer was happy with the reply content> itself. We pretty much sobered up with Matt. Matt could smile, but not> with the gnome eye-twinkles that Bob had.  I bet the> pinball machines are long gone. Ric> > > Partition My Drive?, What Do I Do? > We'll Start With Fdisk, To Fix It For You. > RedHat Saves. >  > Tasty!Port 22 is Open! My box is in Danger!Iptables Can Help. You're Safe as a Lamb in a Manger.RedHat Staves.Andy------------------------------Message: 4Date: Tue, 15 Apr 2008 13:16:03 +0200From: Jon Ingason Subject: Re: two questionsTo: For users of Fedora Message-ID: <48048E73.3070803 at sentor.se>Content-Type: text/plain; charset=ISO-8859-1; format=flowed-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1mattias jonsson skrev:| ok| i'm blind how can i insatll fedora| in debian and ubuntu there are intergrated braille supportI think you should look att orca| and exist fedora 9?In few week if I am not wrong.https://www.redhat.com/archives/fedora-announce-list/2008-March/msg00011.html||| -----| mattias| mobil 0763396420| www.mjw.se|||- --Med v?nliga h?lsningar/RegardsJon Ingason-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.7 (MingW32)Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.orgiD8DBQFIBI5zWn396VE8BCsRAtvpAKCxvuWpwhFe7BzcnGMM80utgwC6mwCeK7GDIbM+DjgPvHkTAfL8Gyc8q0c==xirY-----END PGP SIGNATURE-----------------------------------Message: 5Date: Tue, 15 Apr 2008 11:33:54 +0000From: tony.chamberlain at lemko.comSubject: ssh -RTo: fedora-list at redhat.comMessage-ID: Content-Type: text/plain; charset="us-ascii"The following is for CentOS 4.5We have an internal network (192.168.5.0/255.255.255.0).We have one machine reachable from inside and outside(NOT on the 192.168.5 network). Just for this examplecall it 10.20.30.40 (though that is not its real address.I don't put the real address, for security concerns here).Anyway my machine is 192.168.5.19 so from my machineI do an ssh -l root -R 10022:127.0.0.1:22 10.20.30.40Then I log into 10.20.30.40 from another machine and do a ssh -l tony -p 10022 127.0.0.1which gets me into my machine. Test passes. Problem is, bythe time I get home, my ssh -l root -R 10022:127.0.0.1:22 10.20.30.40has timed out or something and I can no longer get to my local machine.Do you know what I can do to keep it from timing out (or maybe locking up)?I do have root access to both machines so if there is something insshd_config to change, I can do it.-------------- next part --------------An HTML attachment was scrubbed...URL: https://www.redhat.com/archives/fedora-list/attachments/20080415/16dd7ae7/attachment.html------------------------------Message: 6Date: Tue, 15 Apr 2008 13:39:35 +0200From: Manuel Ar?stegui Subject: Re: ssh -RTo: For users of Fedora Message-ID: <1208259575.5900.32.camel at life>Content-Type: text/plainOn Tue, 2008-04-15 at 11:33 +0000, tony.chamberlain at lemko.com wrote:> > The following is for CentOS 4.5> > > We have an internal network (192.168.5.0/255.255.255.0).> We have one machine reachable from inside and outside> (NOT on the 192.168.5 network). Just for this example> call it 10.20.30.40 (though that is not its real address.> I don't put the real address, for security concerns here).> > Anyway my machine is 192.168.5.19 so from my machine> I do an> > ssh -l root -R 10022:127.0.0.1:22 10.20.30.40> > Then I log into 10.20.30.40 from another machine and do a> > ssh -l tony -p 10022 127.0.0.1> > which gets me into my machine. Test passes. Problem is, by> the time I get home, my ssh -l root -R 10022:127.0.0.1:22 10.20.30.40> has timed out or something and I can no longer get to my local> machine.> Do you know what I can do to keep it from timing out (or maybe locking> up)?> I do have root access to both machines so if there is something in> sshd_config to change, I can do it.What's you ClientAliveInterval value in /etc/ssh/sshd_config ?Manuel.------------------------------Message: 7Date: Tue, 15 Apr 2008 12:53:40 +0100From: Steve Searle Subject: Re: ssh -RTo: For users of Fedora Message-ID: <20080415115340.GB6311 at jackdaw.stevesearle.com>Content-Type: text/plain; charset="us-ascii"Around 12:33pm on Tuesday, April 15, 2008 (UK time), tony.chamberlain at lemko.com scrawled:> Do you know what I can do to keep it from timing out (or maybe locking up)?> I do have root access to both machines so if there is something in> sshd_config to change, I can do it.TryClientAliveInterval 30ClientAliveCountMax 5in sshd_config on the server - seehttp://www.stevesearle.com/tech/centos5.0.svr.html#securesshSteve-- A: Because it messes up the order in which people normally read text.Q: Why is top-posting a bad thing? 12:52:29 up 15 days, 14:53, 1 user, load average: 0.28, 0.10, 0.04-------------- next part --------------A non-text attachment was scrubbed...Name: not availableType: application/pgp-signatureSize: 189 bytesDesc: not availableUrl : https://www.redhat.com/archives/fedora-list/attachments/20080415/0820388a/attachment.bin------------------------------Message: 8Date: Tue, 15 Apr 2008 08:10:14 -0400From: Matthew Miller Subject: canonical approach to shared sound?To: fedora-list at redhat.comMessage-ID: <20080415121014.GA21661 at jadzia.bu.edu>Content-Type: text/plain; charset=us-asciiI do the not-so-rare "trick" of having two X sessions running, allowingctrl-alt-f7 / ctrl-alt-f8 to be a very painless fast-user-switch.In order for this to work, I want more lax permissions on the sound devices.(All members of group "sndshare" get access.) Previously, this wasaccomplished by changing the settings for the  device class in a filein /etc/security/console.perms.That device class no longer exists in that file. I assume this is becausethere is some new special modern udev way of accomplishing the same goal.But, since all of the udev .rules files contain the line "# do not edit thisfile, it will be overwritten on update", I'm not quite sure where is proper.Plus, the 40-alsa-rules doesn't seem to be quite comprehensive -- some ofthe devices must be created via defaults somewhere else.So, what's the Right Thing To Do? (I'm using F9beta but I think the samething applies to F8, which I skipped.)-- Matthew Miller mattdm at mattdm.org Boston University Linux ------> ------------------------------Message: 9Date: Tue, 15 Apr 2008 08:10:56 -0400From: Claude Jones Subject: Re: Samba won't dance (more info)To: For users of Fedora Message-ID: <200804150810.56479.cjones at levitjames.com>Content-Type: text/plain; charset="utf-8"On Mon April 14 2008, Craig White wrote:> > > You can ping each of these systems from the Fedora box?> >> > just tried this and no, the machines that don't display their IP or show> > their shares aren't responding to pings>> ----> clue here Claude...this isn't a samba issuewell, the problem is, the importation of the smb.conf file from the PCLinuxOS box seems to have gotten things working -- at least, it was after that that things worked; I did a number of things last evening, and I've noticed that sometimes, changes you make to Samba networking don't 'take' instantly, even when you restart smb and nmb services; I did also swap out the cable last night, but immediately after doing that, there was no changethe only remaining problem is that mounting is messed up - I can't mount my shares from the Fedora box, even though they mount readily from the PCLinuxOS machine, but at least now, all machines that are up on the lan are showing up in the list, and all their shares are visibleso, how does this all compute with the inability to ping? - I just don't know!I said I wanted to really figure out what was causing these problems, yesterday, but, I don't feel any closer to that understanding than I did before I started all this.....I need to go through those two smb.conf configuration files and see what's different, for one thing -- that should tell me something.-- Claude JonesBrunswick, MD, USA------------------------------Message: 10Date: Tue, 15 Apr 2008 08:47:23 -0400From: James Pifer Subject: respawn java processTo: Fedora Message-ID: <1208263643.1941.15.camel at storage.obrien-pifer.com>Content-Type: text/plainI run a small java program called jredirect for forwarding a port. Theproblem is after a while the process halts. I don't know why and therearen't a lot of options, such as logging. It's run like this:/usr/java/j2re1.4.2_03/bin/java -cp /usr/java/jredirect/jredirect.jar jredirect.Main --poolsize 50 host_ip:src_port-dst_ip:dst_portSo to forward 443 to a nonstandard port you could do:/usr/java/j2re1.4.2_03/bin/java -cp /usr/java/jredirect/jredirect.jar jredirect.Main --poolsize 50 192.168.1.30:443-192.168.1.40:445How could I set this up to respawn of the process goes away? ANDHow quickly does something respawn? I've also tried to get port forwarding working with iptables, figuringit would be more stable, but I could not get it to work. Even if I openiptables wide open it doesn't work for me. Here are the commands I'vetried:/sbin/iptables -t nat -A PREROUTING -p tcp -d 192.168.1.30 --dport 443 -j DNAT --to 192.168.1.40:445/sbin/iptables -A FORWARD -p tcp -d 192.168.1.30 --dport 443 -j ACCEPTThe examples of forwarding I've seen usually include -i plus theinterface, like -i eth0. I do not have this in there because the addressI need it associated to is a virtual, so it's eth0:2 for example. Afterrunning the commands above I can run iptables -L and it looks ok. Any suggestions or recommendations are appreciated. Thanks,James------------------------------Message: 11Date: Tue, 15 Apr 2008 14:20:14 +0100From: Chris G Subject: Re: ssh -RTo: fedora-list at redhat.comMessage-ID: <20080415132014.GA6772 at th-shell-1>Content-Type: text/plain; charset=us-asciiOn Tue, Apr 15, 2008 at 11:33:54AM +0000, tony.chamberlain at lemko.com wrote:> > > > The following is for CentOS 4.5> We have an internal network (192.168.5.0/255.255.255.0).> We have one machine reachable from inside and outside> (NOT on the 192.168.5 network). Just for this example> call it 10.20.30.40 (though that is not its real address.> I don't put the real address, for security concerns here).> Anyway my machine is 192.168.5.19 so from my machine> I do an> ssh -l root -R 10022:127.0.0.1:22 10.20.30.40> Then I log into 10.20.30.40 from another machine and do a> ssh -l tony -p 10022 127.0.0.1> which gets me into my machine. Test passes. Problem is, by> the time I get home, my ssh -l root -R 10022:127.0.0.1:22 10.20.30.40> has timed out or something and I can no longer get to my local machine.> Do you know what I can do to keep it from timing out (or maybe locking up)?> I do have root access to both machines so if there is something in> sshd_config to change, I can do it.I have a cron job which runs the script below every 15 minutes to see ifthe ssh is still running and restart it if it isn't:- # # # Script to set up a secure tunnel from home system # cn=`ps -ef | grep "ssh -l chris -R 50022:apollo:22 -N xx.yy.zz.aa" | grep -v 'grep ssh'` if [ -n "$cn" ] then echo `date` "hssh is running" >/home/chris/tmp/hssh.log else /proj/chris/bin/ssh -l chris -R 50022:apollo:22 -N xx.yy.zz.aa fiIt means that even if there *is* a connection which has got screwedup for some reason I can kill the ssh running on my home machine andwithin 15 minutes the cron job and script above will start a newsession.-- Chris Green------------------------------Message: 12Date: Tue, 15 Apr 2008 23:06:10 +0930From: Tim Subject: Re: Samba won't dance (more info)To: For users of Fedora Message-ID: <1208266570.8952.26.camel at suspishus.lan.cameratim.com>Content-Type: text/plainOn Tue, 2008-04-15 at 08:10 -0400, Claude Jones wrote:> I've noticed that sometimes, changes you make to Samba networking> don't 'take' instantly, even when you restart smb and nmb services That's the nature of the beast. Changes don't happen instantly, andchanges invoke another contest round for who gets to be the master,which can introduce a lot of delays. Dynamic DNS will make things worse(DHCP that doles out the same IPs to the same machines should be thesame as static IPs). Watching a friend's all-XP network, over a number of years, has shown methat SMB doesn't work any better in its native environment (frequentbreakdowns in traffic part way through use, unable to see othercomputers on the network, etc.).As I've been watching this thread, name resolution sprang to mind as thefirst thing: What method is used (hosts, DNS, lmhosts) in which order,and whether they have the answer. And SELinux booleans related toSamba.But being unable to ping some machines sounded like more basicnetworking issues at hand (hint: make use of the audio options of theping command - if you're working on the network throughout the house,you can hear the results of behind the desk, or in the next room, cablefumbling when you can't see the screen).Elsewhere in your responses you commented about the topology of yournetwork, and I'm wondering if you're trying to work across what's reallymore than one subnet, while treating it as if it's all one subnet. Thatrather depends on how your wireless set-up is set up.We're yet to see your smb.conf files. You should probably post both theproblem one, and the one that used to work fine for you.It's been ages since I've bothered with Samba. But I used to on anetwork with fixed and dynamic IPs. That had an integrated DNS serverthat resolved all internal addresses correctly, and no computers hadtheir hostname or domain name on the 127.0.0.1 line in the hosts file.All computers were on the same physical subnet. All Sambaconfigurations in the same workgroup (a single all-upper-case word).One machine set to be the master browser, WINS server, and DNS proxy forthem rest. Others deliberately configured not to be masters. Samba"hosts allow" set to the network address (192.168.1.), likewise for"interfaces = 192.168.1.2/24", remote browse sync and remote announceaddresses set appropriately, name resolve order = host wins lmhostsbcast. And that generally worked fine across several different Linuxesand Windows releases. I got mine working looking through man smb.confand the smb.conf file as originally installed.-- (This computer runs FC7, my others run FC4, FC5 & FC6, in case that's important to the thread.)Don't send private replies to my address, the mailbox is ignored.I read messages from the public lists.------------------------------Message: 13Date: Tue, 15 Apr 2008 09:38:50 -0400From: "max bianco" Subject: Re: Samba won't dance (more info)To: "For users of Fedora" Message-ID:	Content-Type: text/plain; charset=ISO-8859-1On Tue, Apr 15, 2008 at 8:10 AM, Claude Jones  wrote:> On Mon April 14 2008, Craig White wrote:> > > > You can ping each of these systems from the Fedora box?> > >> > > just tried this and no, the machines that don't display their IP or show> > > their shares aren't responding to pings> >> > ----> > clue here Claude...this isn't a samba issue>> well, the problem is, the importation of the smb.conf file from the PCLinuxOS> box seems to have gotten things working -- at least, it was after that that> things worked; I did a number of things last evening, and I've noticed that> sometimes, changes you make to Samba networking don't 'take' instantly, even> when you restart smb and nmb services; I did also swap out the cable last> night, but immediately after doing that, there was no change>> the only remaining problem is that mounting is messed up - I can't mount my> shares from the Fedora box, even though they mount readily from the PCLinuxOS> machine, but at least now, all machines that are up on the lan are showing up> in the list, and all their shares are visible>> so, how does this all compute with the inability to ping? - I just don't know!> I said I wanted to really figure out what was causing these problems,> yesterday, but, I don't feel any closer to that understanding than I did> before I started all this.....>> I need to go through those two smb.conf configuration files and see what's> different, for one thing -- that should tell me something.>>> --> Claude Jones> Brunswick, MD, USA>Is this fedora box a dual boot setup?was it ever? have you updated thebios? otherwise tested the hardware? Are you sure the firewall isworking properly? have you port scanned the box to verify what thefirewall reports? The PCOSLinux experiment , you ran that live cd onthe fedora box with the problems right?------------------------------Message: 14Date: Tue, 15 Apr 2008 09:10:14 -0430From: "Patrick O'Callaghan" Subject: Re: canonical approach to shared sound?To: For users of Fedora Message-ID: <1208266814.29829.37.camel at bree>Content-Type: text/plainOn Tue, 2008-04-15 at 08:10 -0400, Matthew Miller wrote:> I do the not-so-rare "trick" of having two X sessions running, allowing> ctrl-alt-f7 / ctrl-alt-f8 to be a very painless fast-user-switch.> > In order for this to work, I want more lax permissions on the sound devices.> (All members of group "sndshare" get access.) Previously, this was> accomplished by changing the settings for the  device class in a file> in /etc/security/console.perms.> > That device class no longer exists in that file. I assume this is because> there is some new special modern udev way of accomplishing the same goal.> But, since all of the udev .rules files contain the line "# do not edit this> file, it will be overwritten on update", I'm not quite sure where is proper.> > Plus, the 40-alsa-rules doesn't seem to be quite comprehensive -- some of> the devices must be created via defaults somewhere else.> > So, what's the Right Thing To Do? (I'm using F9beta but I think the same> thing applies to F8, which I skipped.)AFAIK this should Just Work. ConsoleKit is designed to do this withouthassle, so your best bet may be to back out any changes you've made.I've used it successfully on F8. You can't play sound on two consoles atthe same time, but they can alternate, which seems reasonable.poc------------------------------Message: 15Date: Tue, 15 Apr 2008 23:21:57 +0930From: Tim Subject: Re: respawn java processTo: For users of Fedora Message-ID: <1208267517.8952.39.camel at suspishus.lan.cameratim.com>Content-Type: text/plainOn Tue, 2008-04-15 at 08:47 -0400, James Pifer wrote:> I've also tried to get port forwarding working with iptables, figuring> it would be more stable, but I could not get it to work. Even if I> open iptables wide open it doesn't work for me. Here are the commands> I've tried:> > /sbin/iptables -t nat -A PREROUTING -p tcp -d 192.168.1.30 --dport 443 -j DNAT --to 192.168.1.40:445> /sbin/iptables -A FORWARD -p tcp -d 192.168.1.30 --dport 443 -j ACCEPTYou've got different port numbers on the top line.> The examples of forwarding I've seen usually include -i plus the> interface, like -i eth0. I do not have this in there because the> address I need it associated to is a virtual, so it's eth0:2 for> example. After running the commands above I can run iptables -L and it> looks ok. > > Any suggestions or recommendations are appreciated. Yonks ago, I had iptables rule set up on a PC which used dial-upnetworking to connect to my ISP, and had rules to connect people to awebserver on an internal machine at 192.168.1.1, and onto a differentport (they asked for 8000, and were put through to 80). It sounds asimilar situation to the rules you'd written above, mine were like thefollowing, and without any "FORWARD" rules.iptables --append INPUT --jump ACCEPT --protocol tcp --in-interface ppp+ --destination-port 8000iptables --table nat --append PREROUTING --protocol tcp --in-interface ppp+ --destination-port 8000 --jump DNAT --to-destination 192.168.1.1:80For complex rules, I always stuck to the long form, rather than useabbreviations. They make it simpler to follow, without having to referback to the manual for explanations. But they're equivalent.-- (This computer runs FC7, my others run FC4, FC5 & FC6, in case that's important to the thread.)Don't send private replies to my address, the mailbox is ignored.I read messages from the public lists.------------------------------Message: 16Date: Tue, 15 Apr 2008 06:23:25 -0500From: Bruno Wolff III Subject: Re: Problem with sata2 and raid1.To: Peter Boy Cc: For users of Fedora Message-ID: <20080415112325.GB8693 at wolff.to>Content-Type: text/plain; charset=us-asciiOn Mon, Apr 14, 2008 at 21:51:05 +0200, Peter Boy  wrote:> Am Montag, den 14.04.2008, 16:17 +0200 schrieb Erik P. Olsen:> > > I know next to nothing about md and dmraid. Is there a howto doc somewhere that > > I could read?> > Linux Software Raid:For a fresh install of Fedora you can do a custom layout and configure howyou want to use software raid. It isn't hard to figure out with a littleplaying around. You can even use raid 1 for /boot since the raid informationas at the end of the partition and each element of a raid 1 array lookslike a normal file system to grub.--------------------------------fedora-list mailing listfedora-list at redhat.comhttps://www.redhat.com/mailman/listinfo/fedora-listEnd of fedora-list Digest, Vol 50, Issue 104********************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080415/08b2b660/attachment-0001.htm>


More information about the fedora-list mailing list