ThatDude

Members
  • Posts

    114
  • Joined

  • Last visited

Converted

  • Gender
    Male
  • Location
    UK
  • Personal Text
    “I bent my wookie.”

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

ThatDude's Achievements

Apprentice

Apprentice (3/14)

4

Reputation

  1. Is it possible to add rdiff-backup to nerdtools? I see several references to in in the previous replies, and a suggestion to install it using pip but that no longer seems to work.
  2. To answer my own question ....SSHD uses this file to check SSH keys: /etc/ssh/root.pubkeys Don't use ssh-copy-id as it copies the keys to /root/.ssh/authorized_keys which (on my unraid server v6.10.0-rc5) is ignored by SSHD. I'm assuming that you need to manually add keys to /boot/config/ssh/root.pubkeys to have them survive the array stopping and starting.
  3. On my primary workstation (macbook) I used ssh-copy-id to copy my key to unraid and I can now login without a password as expected. However, when I do the same thing from a debian vm (or raspberry pi), ssh-copy-id succeeds but it still prompts me for a password. Can anyone see what I'm doing wrong? Kinda stumped. parallels@debian-gnu-linux-10:~$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/parallels/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/parallels/.ssh/id_rsa. Your public key has been saved in /home/parallels/.ssh/id_rsa.pub. The key fingerprint is: SHA256:REDACTED parallels@debian-gnu-linux-10 The key's randomart image is: +---[RSA 2048]----+ | ....++ o+o| | . o.+..o=o.| | REDACTED .| | . .+ B B .| | So * X oo| | .. + E B=o| | . o +o*.| | o o | | . | +----[SHA256]-----+ parallels@debian-gnu-linux-10:~$ ssh-copy-id root@unraid /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@unraid's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@unraid'" and check to make sure that only the key(s) you wanted were added. parallels@debian-gnu-linux-10:~$ ssh root@unriad root@unraid's password: and here's the debug ssh connection parallels@debian-gnu-linux-10:~$ ssh root@unraid -vvvvv OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1d 10 Sep 2019 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: resolving "unraid" port 22 debug2: ssh_connect_direct debug1: Connecting to unraid [192.168.1.250] port 22. debug1: Connection established. debug1: identity file /home/parallels/.ssh/id_rsa type 0 debug1: identity file /home/parallels/.ssh/id_rsa-cert type -1 debug1: identity file /home/parallels/.ssh/id_dsa type -1 debug1: identity file /home/parallels/.ssh/id_dsa-cert type -1 debug1: identity file /home/parallels/.ssh/id_ecdsa type -1 debug1: identity file /home/parallels/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/parallels/.ssh/id_ed25519 type -1 debug1: identity file /home/parallels/.ssh/id_ed25519-cert type -1 debug1: identity file /home/parallels/.ssh/id_xmss type -1 debug1: identity file /home/parallels/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8 debug1: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to unraid:22 as 'root' debug3: hostkeys_foreach: reading file "/home/parallels/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /home/parallels/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from unraid debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com debug2: compression stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ecdsa-sha2-nistp256 SHA256:BYjksZkr04Z0Tywa/zTShZM8Ddm5nEqs8mE9aCmLQnI debug3: hostkeys_foreach: reading file "/home/parallels/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /home/parallels/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from unraid debug3: hostkeys_foreach: reading file "/home/parallels/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /home/parallels/.ssh/known_hosts:2 debug3: load_hostkeys: loaded 1 keys from 192.168.1.250 debug1: Host 'unraid' is known and matches the ECDSA host key. debug1: Found key in /home/parallels/.ssh/known_hosts:1 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug1: Will attempt key: /home/parallels/.ssh/id_rsa RSA SHA256:VnVHD2np+AZLN4O/UD5nk2YF7otDBNIhuPUzUcOr2HY agent debug1: Will attempt key: /home/parallels/.ssh/id_dsa debug1: Will attempt key: /home/parallels/.ssh/id_ecdsa debug1: Will attempt key: /home/parallels/.ssh/id_ed25519 debug1: Will attempt key: /home/parallels/.ssh/id_xmss debug2: pubkey_prepare: done debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/parallels/.ssh/id_rsa RSA SHA256:VnVHD2np+AZLN4O/UD5nk2YF7otDBNIhuPUzUcOr2HY agent debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Trying private key: /home/parallels/.ssh/id_dsa debug3: no such identity: /home/parallels/.ssh/id_dsa: No such file or directory debug1: Trying private key: /home/parallels/.ssh/id_ecdsa debug3: no such identity: /home/parallels/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /home/parallels/.ssh/id_ed25519 debug3: no such identity: /home/parallels/.ssh/id_ed25519: No such file or directory debug1: Trying private key: /home/parallels/.ssh/id_xmss debug3: no such identity: /home/parallels/.ssh/id_xmss: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug3: send packet: type 50 debug2: we sent a keyboard-interactive packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: userauth_kbdint: disable: no info_req_seen debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: debug3: authmethod_is_enabled password debug1: Next authentication method: password root@unraid's password:
  4. Mine is detected as RTL8125 [10ec:8125] 28:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8125 2.5GbE Controller
  5. I'm having lot of issues with my PCI-E add-in 2.5GB network card on RC4. It seems to be far worse once I start a VM (Windows 10). Is this a known issue? Apr 12 14:15:24 bigbird kernel: r8169 0000:28:00.0 eth0: Link is Down Apr 12 14:15:24 bigbird kernel: bond0: (slave eth0): link status definitely down, disabling slave Apr 12 14:15:24 bigbird kernel: device eth0 left promiscuous mode Apr 12 14:15:24 bigbird kernel: bond0: now running without any active interface! Apr 12 14:15:24 bigbird kernel: br0: port 1(bond0) entered disabled state Apr 12 14:15:28 bigbird kernel: r8169 0000:28:00.0 eth0: Link is Up - 2.5Gbps/Full - flow control off Apr 12 14:15:28 bigbird kernel: bond0: (slave eth0): link status definitely up, 2500 Mbps full duplex Apr 12 14:15:28 bigbird kernel: bond0: (slave eth0): making interface the new active one Apr 12 14:15:28 bigbird kernel: device eth0 entered promiscuous mode Apr 12 14:15:28 bigbird kernel: bond0: active interface up! Apr 12 14:15:28 bigbird kernel: br0: port 1(bond0) entered blocking state Apr 12 14:15:28 bigbird kernel: br0: port 1(bond0) entered forwarding state Apr 12 14:15:40 bigbird kernel: r8169 0000:28:00.0 eth0: Link is Down Apr 12 14:15:40 bigbird kernel: bond0: (slave eth0): link status definitely down, disabling slave Apr 12 14:15:40 bigbird kernel: device eth0 left promiscuous mode Apr 12 14:15:40 bigbird kernel: bond0: now running without any active interface! Apr 12 14:15:40 bigbird kernel: br0: port 1(bond0) entered disabled state Apr 12 14:15:44 bigbird kernel: r8169 0000:28:00.0 eth0: Link is Up - 2.5Gbps/Full - flow control off Apr 12 14:15:44 bigbird kernel: bond0: (slave eth0): link status definitely up, 2500 Mbps full duplex Apr 12 14:15:44 bigbird kernel: bond0: (slave eth0): making interface the new active one Apr 12 14:15:44 bigbird kernel: device eth0 entered promiscuous mode Apr 12 14:15:44 bigbird kernel: bond0: active interface up! Apr 12 14:15:44 bigbird kernel: br0: port 1(bond0) entered blocking state Apr 12 14:15:44 bigbird kernel: br0: port 1(bond0) entered forwarding state Apr 12 14:15:46 bigbird kernel: r8169 0000:28:00.0 eth0: Link is Down Apr 12 14:15:46 bigbird kernel: bond0: (slave eth0): link status definitely down, disabling slave Apr 12 14:15:46 bigbird kernel: device eth0 left promiscuous mode Apr 12 14:15:46 bigbird kernel: bond0: now running without any active interface! Apr 12 14:15:46 bigbird kernel: br0: port 1(bond0) entered disabled state Apr 12 14:15:50 bigbird kernel: r8169 0000:28:00.0 eth0: Link is Up - 2.5Gbps/Full - flow control off Apr 12 14:15:50 bigbird kernel: bond0: (slave eth0): link status definitely up, 2500 Mbps full duplex Apr 12 14:15:50 bigbird kernel: bond0: (slave eth0): making interface the new active one Apr 12 14:15:50 bigbird kernel: device eth0 entered promiscuous mode Apr 12 14:15:50 bigbird kernel: bond0: active interface up! Apr 12 14:15:50 bigbird kernel: br0: port 1(bond0) entered blocking state Apr 12 14:15:50 bigbird kernel: br0: port 1(bond0) entered forwarding state Apr 12 14:15:52 bigbird kernel: r8169 0000:28:00.0 eth0: Link is Down Apr 12 14:15:52 bigbird kernel: bond0: (slave eth0): link status definitely down, disabling slave Apr 12 14:15:52 bigbird kernel: device eth0 left promiscuous mode Apr 12 14:15:52 bigbird kernel: bond0: now running without any active interface! Apr 12 14:15:52 bigbird kernel: br0: port 1(bond0) entered disabled state Apr 12 14:15:56 bigbird kernel: r8169 0000:28:00.0 eth0: Link is Up - 2.5Gbps/Full - flow control off Apr 12 14:15:56 bigbird kernel: bond0: (slave eth0): link status definitely up, 2500 Mbps full duplex Apr 12 14:15:56 bigbird kernel: bond0: (slave eth0): making interface the new active one Apr 12 14:15:56 bigbird kernel: device eth0 entered promiscuous mode Apr 12 14:15:56 bigbird kernel: bond0: active interface up! Apr 12 14:15:56 bigbird kernel: br0: port 1(bond0) entered blocking state Apr 12 14:15:56 bigbird kernel: br0: port 1(bond0) entered forwarding state Apr 12 14:15:57 bigbird kernel: r8169 0000:28:00.0 eth0: Link is Down Apr 12 14:15:57 bigbird kernel: bond0: (slave eth0): link status definitely down, disabling slave Apr 12 14:15:57 bigbird kernel: device eth0 left promiscuous mode Apr 12 14:15:57 bigbird kernel: bond0: now running without any active interface! Apr 12 14:15:57 bigbird kernel: br0: port 1(bond0) entered disabled state Apr 12 14:16:02 bigbird kernel: r8169 0000:28:00.0 eth0: Link is Up - 2.5Gbps/Full - flow control off Apr 12 14:16:02 bigbird kernel: bond0: (slave eth0): link status definitely up, 2500 Mbps full duplex Apr 12 14:16:02 bigbird kernel: bond0: (slave eth0): making interface the new active one Apr 12 14:16:02 bigbird kernel: device eth0 entered promiscuous mode Apr 12 14:16:02 bigbird kernel: bond0: active interface up! Apr 12 14:16:02 bigbird kernel: br0: port 1(bond0) entered blocking state Apr 12 14:16:02 bigbird kernel: br0: port 1(bond0) entered forwarding state Apr 12 14:16:03 bigbird kernel: r8169 0000:28:00.0 eth0: Link is Down Apr 12 14:16:03 bigbird kernel: bond0: (slave eth0): link status definitely down, disabling slave Apr 12 14:16:03 bigbird kernel: device eth0 left promiscuous mode Apr 12 14:16:03 bigbird kernel: bond0: now running without any active interface! Apr 12 14:16:03 bigbird kernel: br0: port 1(bond0) entered disabled state Apr 12 14:16:07 bigbird kernel: r8169 0000:28:00.0 eth0: Link is Up - 2.5Gbps/Full - flow control off Apr 12 14:16:07 bigbird kernel: bond0: (slave eth0): link status definitely up, 2500 Mbps full duplex Apr 12 14:16:07 bigbird kernel: bond0: (slave eth0): making interface the new active one Apr 12 14:16:07 bigbird kernel: device eth0 entered promiscuous mode Apr 12 14:16:07 bigbird kernel: bond0: active interface up! Apr 12 14:16:07 bigbird kernel: br0: port 1(bond0) entered blocking state Apr 12 14:16:07 bigbird kernel: br0: port 1(bond0) entered forwarding state Apr 12 14:16:09 bigbird kernel: r8169 0000:28:00.0 eth0: Link is Down Apr 12 14:16:09 bigbird kernel: bond0: (slave eth0): link status definitely down, disabling slave Apr 12 14:16:09 bigbird kernel: device eth0 left promiscuous mode Apr 12 14:16:09 bigbird kernel: bond0: now running without any active interface! Apr 12 14:16:09 bigbird kernel: br0: port 1(bond0) entered disabled state Apr 12 14:16:13 bigbird kernel: r8169 0000:28:00.0 eth0: Link is Up - 2.5Gbps/Full - flow control off Apr 12 14:16:13 bigbird kernel: bond0: (slave eth0): link status definitely up, 2500 Mbps full duplex Apr 12 14:16:13 bigbird kernel: bond0: (slave eth0): making interface the new active one Apr 12 14:16:13 bigbird kernel: device eth0 entered promiscuous mode Apr 12 14:16:13 bigbird kernel: bond0: active interface up! Apr 12 14:16:13 bigbird kernel: br0: port 1(bond0) entered blocking state Apr 12 14:16:13 bigbird kernel: br0: port 1(bond0) entered forwarding state
  6. Thank you for this, I already had Borg installed via nerd-tools and your solution partly solves the securtiy issue. The remaining problem is that the Borg util still has access the the entire root file system and could be used maliciously. The solution I'm looking at is to run sshserver as a sandboxed docker: https://github.com/linuxserver/docker-openssh-server But also using the extra security you mentioned above (which is new to me - and great).
  7. Sorry is this is a silly questions, can I use this plugin to jail a SSH user to a specific directory? I wan't to use Borg on a separate machine to backup to my unraid but I don't want that user to have access to the root file system.
  8. Is there any security issue if I place my LE wild card certificate files in the VaultWarden data folder, then add a variable to use them directly without a reverse proxy (see attached)? I access my VaultWarden from within my LAN (I re-direct the URL to the unRAID server IP) e.g. https://vaultwarden.mydomain.com:4743 > 192.168.1.253 and when I'm outside my LAN my WireGuard VPN runs continuously on my devices so I have direct access to my server (and VaultWarden). This appears to work fine but I'm concerned that I might be missing something.
  9. Where does this docker store it's ssh public key? I'd like to connect to an already existing Borg backup on a remote host. My connection string (from the command line) is like this: ssh://root@12.23.34.45:10222/mnt/user/borgbackup This assumes that I have the local ssh key in the authorised hosts file on the remote system, but I can't see where this docker's ssh public key is located.
  10. Thanks Maxrad, the 45 drives link offers valuable insights.
  11. Was any progress made regards samba and access from Monterey based Macs? I was hoping a Samba extra configuration change could address the issue(s).
  12. I've checked and the RAM is not overclocked with XMP / AMP, I've also completed a 12 hour Memtest successfully. I feel like this is side tracking from the reported issue - why is unRAID allowing the array to start with an "unmountable unsupported disk"? Why is that disk not being emulated? How is party still valid in this situation? And why would a further 2 reboots suddenly fix it (and maintain a valid parity)? So far as I am aware the screenshot that I posted (earlier in this thread) should not be possible in unRAID.
  13. I am using a Ryzen CPU, I have 32GB of DDR4-2666 running at stock speeds. It passed a 24 hour memtest a couple of months ago but I'm happy to re-test it if you think that could explain this issue.
  14. Two more reboots and it suddenly returned to normal! I'm assuming that parity is not valid even though it's reported as such - I'll rebuild it over night and keep an eye on it.
  15. Upgraded to RC2 - seems to have the same problem. echo "blacklist r8169" > /boot/config/modprobe.d/r8169.conf Seems to have fixed it - still testing.