Everything posted by ThatDude
-
Block the r8169 driver to use r8125 driver in 6.9.2
I had so many seemingly random issues with that driver in subsequent beta versions of unRAID that I gave up and just bought a dual-port Intel 10Gb card from eBay, it was £30 ($35) and has been rock solid, it's 561FLR-T in case you're interested, note I searched for this card on the forum here before I bought it and found only 1 reference stated that it did not, but it has been fine for me - so YMMV. My takeaway is that Realtek just don't have reliable 2.5Gb drivers on Linux, I passed the 2.5Gb card through to a KVM Win11 gaming PC and it run's flawlessly at full speed 🤷♂️
-
libguestfs tools?
Hey, did you ever get anywhere with installing virt-sparsify ?
-
bring down network interface and up again
That's what I was hoping for. A gracefully way to stop all necessary processes for br0 and restart them as necessary. I guess the nuclear option is to stop the array, this triggers a global shutdown of services, but I was hoping for a better option. Perhaps stopping all the dockers, pausing VMs and restarting the interface is enough. Maybe someone with more experience can jump in.
-
bring down network interface and up again
What's the best way to restart the network interface from the command line? I have an issue where every few days my unRIAD server loses it's LAN connection (probably related to the drivers for my 2x10GB BCM57810 NIC), if I unplug the network cable and plug it back in again all is well again for a few more days. I figured I could create a simple workaround with a scheduled userscript to detect the lack of network access and bring the interface down then up again e.g. if ping -c 1 192.168.1.1 &> /dev/null then echo "succces - NOP" else echo "fail - restart NIC" [nic restart command here] fi
-
unRAID 6 NerdPack - CLI tools (iftop, iotop, screen, kbd, etc.)
Is it possible to add rdiff-backup to nerdtools? I see several references to in in the previous replies, and a suggestion to install it using pip but that no longer seems to work.
-
ssh key based access
To answer my own question ....SSHD uses this file to check SSH keys: /etc/ssh/root.pubkeys Don't use ssh-copy-id as it copies the keys to /root/.ssh/authorized_keys which (on my unraid server v6.10.0-rc5) is ignored by SSHD. I'm assuming that you need to manually add keys to /boot/config/ssh/root.pubkeys to have them survive the array stopping and starting.
-
ssh key based access
On my primary workstation (macbook) I used ssh-copy-id to copy my key to unraid and I can now login without a password as expected. However, when I do the same thing from a debian vm (or raspberry pi), ssh-copy-id succeeds but it still prompts me for a password. Can anyone see what I'm doing wrong? Kinda stumped. parallels@debian-gnu-linux-10:~$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/parallels/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/parallels/.ssh/id_rsa. Your public key has been saved in /home/parallels/.ssh/id_rsa.pub. The key fingerprint is: SHA256:REDACTED parallels@debian-gnu-linux-10 The key's randomart image is: +---[RSA 2048]----+ | ....++ o+o| | . o.+..o=o.| | REDACTED .| | . .+ B B .| | So * X oo| | .. + E B=o| | . o +o*.| | o o | | . | +----[SHA256]-----+ parallels@debian-gnu-linux-10:~$ ssh-copy-id root@unraid /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@unraid's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@unraid'" and check to make sure that only the key(s) you wanted were added. parallels@debian-gnu-linux-10:~$ ssh root@unriad root@unraid's password: and here's the debug ssh connection parallels@debian-gnu-linux-10:~$ ssh root@unraid -vvvvv OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1d 10 Sep 2019 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: resolving "unraid" port 22 debug2: ssh_connect_direct debug1: Connecting to unraid [192.168.1.250] port 22. debug1: Connection established. debug1: identity file /home/parallels/.ssh/id_rsa type 0 debug1: identity file /home/parallels/.ssh/id_rsa-cert type -1 debug1: identity file /home/parallels/.ssh/id_dsa type -1 debug1: identity file /home/parallels/.ssh/id_dsa-cert type -1 debug1: identity file /home/parallels/.ssh/id_ecdsa type -1 debug1: identity file /home/parallels/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/parallels/.ssh/id_ed25519 type -1 debug1: identity file /home/parallels/.ssh/id_ed25519-cert type -1 debug1: identity file /home/parallels/.ssh/id_xmss type -1 debug1: identity file /home/parallels/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8 debug1: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to unraid:22 as 'root' debug3: hostkeys_foreach: reading file "/home/parallels/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /home/parallels/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from unraid debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,[email protected],zlib debug2: compression stoc: none,[email protected],zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,[email protected] debug2: compression stoc: none,[email protected] debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ecdsa-sha2-nistp256 SHA256:BYjksZkr04Z0Tywa/zTShZM8Ddm5nEqs8mE9aCmLQnI debug3: hostkeys_foreach: reading file "/home/parallels/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /home/parallels/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from unraid debug3: hostkeys_foreach: reading file "/home/parallels/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /home/parallels/.ssh/known_hosts:2 debug3: load_hostkeys: loaded 1 keys from 192.168.1.250 debug1: Host 'unraid' is known and matches the ECDSA host key. debug1: Found key in /home/parallels/.ssh/known_hosts:1 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug1: Will attempt key: /home/parallels/.ssh/id_rsa RSA SHA256:VnVHD2np+AZLN4O/UD5nk2YF7otDBNIhuPUzUcOr2HY agent debug1: Will attempt key: /home/parallels/.ssh/id_dsa debug1: Will attempt key: /home/parallels/.ssh/id_ecdsa debug1: Will attempt key: /home/parallels/.ssh/id_ed25519 debug1: Will attempt key: /home/parallels/.ssh/id_xmss debug2: pubkey_prepare: done debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/parallels/.ssh/id_rsa RSA SHA256:VnVHD2np+AZLN4O/UD5nk2YF7otDBNIhuPUzUcOr2HY agent debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Trying private key: /home/parallels/.ssh/id_dsa debug3: no such identity: /home/parallels/.ssh/id_dsa: No such file or directory debug1: Trying private key: /home/parallels/.ssh/id_ecdsa debug3: no such identity: /home/parallels/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /home/parallels/.ssh/id_ed25519 debug3: no such identity: /home/parallels/.ssh/id_ed25519: No such file or directory debug1: Trying private key: /home/parallels/.ssh/id_xmss debug3: no such identity: /home/parallels/.ssh/id_xmss: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug3: send packet: type 50 debug2: we sent a keyboard-interactive packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: userauth_kbdint: disable: no info_req_seen debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: debug3: authmethod_is_enabled password debug1: Next authentication method: password root@unraid's password:
-
SSH and Denyhosts updated for v6.1
Thank you for this, I already had Borg installed via nerd-tools and your solution partly solves the securtiy issue. The remaining problem is that the Borg util still has access the the entire root file system and could be used maliciously. The solution I'm looking at is to run sshserver as a sandboxed docker: https://github.com/linuxserver/docker-openssh-server But also using the extra security you mentioned above (which is new to me - and great).
-
SSH and Denyhosts updated for v6.1
Sorry is this is a silly questions, can I use this plugin to jail a SSH user to a specific directory? I wan't to use Borg on a separate machine to backup to my unraid but I don't want that user to have access to the root file system.
-
[support] Vaultwarden (formerly Bitwarden_rs)
Is there any security issue if I place my LE wild card certificate files in the VaultWarden data folder, then add a variable to use them directly without a reverse proxy (see attached)? I access my VaultWarden from within my LAN (I re-direct the URL to the unRAID server IP) e.g. https://vaultwarden.mydomain.com:4743 > 192.168.1.253 and when I'm outside my LAN my WireGuard VPN runs continuously on my devices so I have direct access to my server (and VaultWarden). This appears to work fine but I'm concerned that I might be missing something.
-
[SUPPORT] SmartPhoneLover - Vorta (GUI for Borg Backup)
Where does this docker store it's ssh public key? I'd like to connect to an already existing Borg backup on a remote host. My connection string (from the command line) is like this: ssh://[email protected]:10222/mnt/user/borgbackup This assumes that I have the local ssh key in the authorised hosts file on the remote system, but I can't see where this docker's ssh public key is located.
-
Block the r8169 driver to use r8125 driver in 6.9.2
Upgraded to RC2 - seems to have the same problem. echo "blacklist r8169" > /boot/config/modprobe.d/r8169.conf Seems to have fixed it - still testing.
-
Block the r8169 driver to use r8125 driver in 6.9.2
Update: After 14 hours of uptime my network remains stable with no dropouts and a solid 2.5GB link. > iperf3 -c 192.168.100.250 -w 128k Connecting to host 192.168.100.250, port 5201 [ 5] local 192.168.100.30 port 49367 connected to 192.168.100.250 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 274 MBytes 2.30 Gbits/sec [ 5] 1.00-2.00 sec 274 MBytes 2.30 Gbits/sec [ 5] 2.00-3.00 sec 275 MBytes 2.31 Gbits/sec [ 5] 3.00-4.00 sec 274 MBytes 2.30 Gbits/sec [ 5] 4.00-5.00 sec 274 MBytes 2.30 Gbits/sec [ 5] 5.00-6.00 sec 275 MBytes 2.30 Gbits/sec [ 5] 6.00-7.00 sec 273 MBytes 2.29 Gbits/sec [ 5] 7.00-8.00 sec 274 MBytes 2.30 Gbits/sec [ 5] 8.00-9.00 sec 275 MBytes 2.30 Gbits/sec [ 5] 9.00-10.00 sec 274 MBytes 2.30 Gbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate [ 5] 0.00-10.00 sec 2.68 GBytes 2.30 Gbits/sec sender [ 5] 0.00-10.00 sec 2.68 GBytes 2.30 Gbits/sec receiver
-
Block the r8169 driver to use r8125 driver in 6.9.2
WARNING: I don't know if this is the correct way to block the r8169 driver Slackware seems to block drivers via a file created in: /boot/config/modprobe.d Depending on what you read, the file should be called either "blacklist" or "blacklist.conf" - I created both just to be sure. The file contains a single line: blacklist r8169 It seems to have works and I now see this line in the log: Oct 27 18:45:03 kernel: r8125 2.5Gigabit Ethernet driver 9.005.01-NAPI loaded
-
[REQUEST] SMTP Translator
Thanks, that worked great. Is there a simple way to get this into the Community Apps store? I have 8 unRAID servers that I need to deploy this docker on, so that seems like a better solution.
-
[REQUEST] SMTP Translator
https://hub.docker.com/r/whumphrey/smtp-translator This is a simple docket that accepts email and coverts it to a pushover message. It's handy for device that support email but nothing else. Would it be possible to make this into an unRAID docker? I can get it working from the command line by pulling the docker: docker pull whumphrey/smtp-translator then starting it: docker run -it --rm -p 25:25 -e PUSHOVER_TOKEN=pushover.application.token whumphrey/smtp-translator But as soon as I shut down the terminal it halts ...and that's where my docker skills end 🙂
-
[Support] jbreed - nessus
I came here to ask the same question - any way to get this updated? TIA
-
Remote access behind NAT firewall
I have a slightly out-of-bounds use case for unRAID, I use a small micro server that I ship to my clients, I then connect to it to audit their LAN using an OpenVAS docker and a Kali Linux VM. I've configured the server to auto-start along with the Zero-Tier docker which allows me to bypass any NAT firewalls at the client end - This works great. Now I would like to enable encryption of the data at rest, easily achieved with unRAID's built in encryption. However, once I do that my server no longer auto-starts until the password is entered, which means no Zero-Tier docker and no remote access. So my question is, does anyone have a suggestion of how to get around this? My first thought was a ZeroTier plugin rather than a docker, but I'm not sure if that's possible? Failing that I was thinking maybe it's possible to run a script at boot to setup a reverse shell. -- I figured out a workaround. Don't encrypt the unRAID drives which allows the server to boot and start normally, including the ZeroTier docker. Then SSH in and mount an encrypted 'Unassigned' drive used to store the VM's and reporting data.
-
Unraid OS version 6.9.1 available
I'm experiencing extremely high CPU activity in my Windows 10 VM since upgrading from 6.8.x to 6.9.1, is anyone getting this? The VM is BlueIris CCTV server and uses a pass through NV710 PCI-E GPU for decoding, I've checked that GPU decoding is working, and it is. But even when I stop the BlueIris service, the base VM when idle is consuming 100% of the 3 CPU's assigned to it. Task manager keeps highlighting system interrupts, so I implemented the two known workarounds for those but it hasn't made a tangible difference.
-
unRAID 6 NerdPack - CLI tools (iftop, iotop, screen, kbd, etc.)
Updated it Amazing, thanks so much
-
unRAID 6 NerdPack - CLI tools (iftop, iotop, screen, kbd, etc.)
Would it be possible to update the version of LFTP in nerpack? The 4.8.4 version has a couple of showstopper bugs that are driving me nuts. This one works great: http://slackware.cs.utah.edu/pub/slackware/slackware64-current/slackware64/n/lftp-4.9.1-x86_64-1.txz I've been running: upgradepkg --install-new lftp-4.9.1-x86_64-1.txz To get it installed after each boot, but obviously nerd pack is the way to go.
-
[Plugin] CA Fix Common Problems
I'm having an issue on one of my unraid servers where FCP times out, I get this in the error log: Jun 24 07:40:31 bigbird nginx: 2019/06/24 07:40:31 [error] 3771#3771: *8043 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 192.168.12.140, server: , request: "POST /plugins/fix.common.problems/include/fixExec.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock", host: "192.168.12.250", referrer: "http://192.168.12.250/Settings/FixProblems" Is there another error log that I can check to see what's happening?
-
OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)
I figured out a workaround to set the DNS from the client side, open the ovpn file and add the following directives. #ipv4 pull-filter ignore "dhcp-option DNS" #ipv6 pull-filter ignore "dhcp-option DNS6" # put prefered dns name here dhcp-option DNS 192.168.0.200
-
OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)
Is there any way to push a user-specified DNS server? I have a Pi-Hole running on my LAN and I'd like my connected devices to use it's DNS IP address instead. This allows me to block ads on my connected iOS devices and for local name resolution - really useful.
-
OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)
Thank you for this! I was getting completely stuck following the instructions in the readme that's generated with the cert.