tuxbass

Members
  • Content Count

    130
  • Joined

  • Last visited

Community Reputation

0 Neutral

About tuxbass

  • Rank
    Member

Converted

  • Gender
    Undisclosed

Recent Profile Visitors

2096 profile views
  1. That's pretty much what i've been doing so far. In go file there's this section for ssh changes: _ssh="/root/.ssh" sshd_conf="/etc/ssh/sshd_config" [[ -d "$_ssh" ]] || ln -s -- /boot/config/ssh "$_ssh" find -L "$_ssh/" \( -type f -o -type d \) -exec chmod 'u=rwX,g=,o=' -- '{}' \+ sed --follow-symlinks -i '/^PermitEmptyPasswords.*/d' "$sshd_conf" sed --follow-symlinks -i '/^PasswordAuthentication.*/d' "$sshd_conf" echo 'PermitEmptyPasswords no' >> "$sshd_conf" echo 'PasswordAuthentication no' >> "$sshd_conf" # restart sshd service: /etc/rc.d/rc.sshd restart ### /sshd
  2. In creating the symlink the only file that was manually created was the link in /root/.ssh/, pointing to /boot/config/ssh, so latter contents were not modified. Ah so it's actively manged on startup? Good call, will give that a try. Great tips, will try copying sshd_config to /boot/config/ssh as opposed to editing the file in /etc via go-file. I know key-only login was never enabled, but the method I described used to work until 6.9.0.
  3. Couple of questions re. ssh changes: Now /boot/config/ssh looks like this: ┌─[Tower]─[/boot/config/ssh] └──╼ + ls -lt total 96K drwx------ 2 root root 8.0K Mar 19 12:00 root -rw------- 1 root root 812 Feb 18 11:32 authorized_keys -rw------- 1 root root 177 Dec 1 23:09 known_hosts -rw------- 1 root root 352 Dec 1 23:09 known_hosts~ -rw------- 1 root root 668 May 11 2019 ssh_host_dsa_key -rw------- 1 root root 600 May 11 2019 ssh_host_dsa_key.pub -rw------- 1 root root 227 May 11 2019 ssh_host_ecdsa_key -rw------- 1 root root 172 May 11 2019 ssh_host_ecdsa_key.pub -rw---
  4. Ah i'm mixing things up. So only the vfio binding is to be removed from syslinux when the new binding method is to be used; acs_override and i2c_i801,i2c_smbus modules blacklisting still remains there. Thanks!
  5. I'm not quite following the implications the changes to VFIO have in this update. In order to pass the iGPU (on 6700K cpu) _with sound_ through to a VM, following sysconfig change has been added: pcie_acs_override=downstream vfio-pci.ids=<my_device_id> modprobe.blacklist=i2c_i801,i2c_smbus "my_device_id" being the vendor:device of the audio device. Is this still needed or there's another way this should be solved now?
  6. Would it be possible to query VM running state from a docker container? Are there any temp files or sockets that could be passed to container for detection?
  7. Under 'Users' tab in web UI we can see two users created by default - root & guest. What's the purpose of guest user? And how come it doesn't have a corresponding /home/guest/ directory?
  8. Looking at dockerfile, why is this copy operation necessary?: cp -R -n /usr/share/jupyter/* /appdata Additionally, any particular reason you opted for archlinux, instead of say debian(-testing) slim or alpine linux or any other minimal distros?
  9. Have you configured unraid SSH with key-only? If so, could you walk me through?
  10. Also interested if this still works in 2020? Tried curling different endpoints, but either receive stock nginx page, or 'file not found.
  11. Were any errors reported during previous days' backup runs?
  12. What's the _unraid way_ of turning on key-only login access to unraid host? Can see there are some set of keys in /boot/config/ssh but there's no sshd_config found under /boot to enforce their usage. Why are there keys under boot/config/ssh to begin with if they're not used? Just to be clear, the goal is to secure ssh access so no bad actor on LAN can wreak havoc.
  13. Believe that's by design. Eg try passing (now-deprecated, I know) --link param when _not_ using self-created network.
  14. Interesting. How come tarring doesn't have the same issues - isn't it all simply a read operation on source endpoints anyway? Or the problem is caused by write? Anyhow cheers, will enable v1 again.
  15. I know it's going to be an unpopular request, but could we have "Use tar?" option before "Use Comporession?", latter being disabled & defaulting to 'no' if user opts out of tarring. There are use-cases when simply copying the files as-is can be preferred.