tuxbass

Members
  • Posts

    131
  • Joined

  • Last visited

Converted

  • Gender
    Undisclosed

Recent Profile Visitors

2276 profile views

tuxbass's Achievements

Apprentice

Apprentice (3/14)

0

Reputation

  1. Can't quite figure out the docker icon caching setup. Can see files stored in /var/lib/docker/unraid/images /var/local/emhttp/plugins/dynamix.docker.manager/images /boot/config/plugins/dockerMan/images latter location doesn't contain all the icons, in fact last mod time is from 2019. Which directory should be backed up?
  2. That's pretty much what i've been doing so far. In go file there's this section for ssh changes: _ssh="/root/.ssh" sshd_conf="/etc/ssh/sshd_config" [[ -d "$_ssh" ]] || ln -s -- /boot/config/ssh "$_ssh" find -L "$_ssh/" \( -type f -o -type d \) -exec chmod 'u=rwX,g=,o=' -- '{}' \+ sed --follow-symlinks -i '/^PermitEmptyPasswords.*/d' "$sshd_conf" sed --follow-symlinks -i '/^PasswordAuthentication.*/d' "$sshd_conf" echo 'PermitEmptyPasswords no' >> "$sshd_conf" echo 'PasswordAuthentication no' >> "$sshd_conf" # restart sshd service: /etc/rc.d/rc.sshd restart ### /sshd
  3. In creating the symlink the only file that was manually created was the link in /root/.ssh/, pointing to /boot/config/ssh, so latter contents were not modified. Ah so it's actively manged on startup? Good call, will give that a try. Great tips, will try copying sshd_config to /boot/config/ssh as opposed to editing the file in /etc via go-file. I know key-only login was never enabled, but the method I described used to work until 6.9.0.
  4. Couple of questions re. ssh changes: Now /boot/config/ssh looks like this: ┌─[Tower]─[/boot/config/ssh] └──╼ + ls -lt total 96K drwx------ 2 root root 8.0K Mar 19 12:00 root -rw------- 1 root root 812 Feb 18 11:32 authorized_keys -rw------- 1 root root 177 Dec 1 23:09 known_hosts -rw------- 1 root root 352 Dec 1 23:09 known_hosts~ -rw------- 1 root root 668 May 11 2019 ssh_host_dsa_key -rw------- 1 root root 600 May 11 2019 ssh_host_dsa_key.pub -rw------- 1 root root 227 May 11 2019 ssh_host_ecdsa_key -rw------- 1 root root 172 May 11 2019 ssh_host_ecdsa_key.pub -rw------- 1 root root 399 May 11 2019 ssh_host_ed25519_key -rw------- 1 root root 92 May 11 2019 ssh_host_ed25519_key.pub -rw------- 1 root root 1.7K May 11 2019 ssh_host_rsa_key -rw------- 1 root root 392 May 11 2019 ssh_host_rsa_key.pub with root/ dir being empty, think the update introduced it. So far I had been creating /root/.ssh -> /boot/config/ssh symlink myself from the go file. 1) Is it safe to move all the keys files from /boot/config/ssh to /boot/config/ssh/root? Note the keys were created by unraid (likely during the very initial installation years ago), as I haven't generated them myself. Unsure what such a move might affect. ----------------------------------------------------------------------- My /etc/ssh/sshd_config has following line: PasswordAuthentication no After adding said line and restarting sshd (via /etc/rc.d/rc.sshd restart) password login is still allowed. 2) What has changed, why isn't key-only login enforced anymore?
  5. Ah i'm mixing things up. So only the vfio binding is to be removed from syslinux when the new binding method is to be used; acs_override and i2c_i801,i2c_smbus modules blacklisting still remains there. Thanks!
  6. I'm not quite following the implications the changes to VFIO have in this update. In order to pass the iGPU (on 6700K cpu) _with sound_ through to a VM, following sysconfig change has been added: pcie_acs_override=downstream vfio-pci.ids=<my_device_id> modprobe.blacklist=i2c_i801,i2c_smbus "my_device_id" being the vendor:device of the audio device. Is this still needed or there's another way this should be solved now?
  7. Would it be possible to query VM running state from a docker container? Are there any temp files or sockets that could be passed to container for detection?
  8. Under 'Users' tab in web UI we can see two users created by default - root & guest. What's the purpose of guest user? And how come it doesn't have a corresponding /home/guest/ directory?
  9. Looking at dockerfile, why is this copy operation necessary?: cp -R -n /usr/share/jupyter/* /appdata Additionally, any particular reason you opted for archlinux, instead of say debian(-testing) slim or alpine linux or any other minimal distros?
  10. Have you configured unraid SSH with key-only? If so, could you walk me through?
  11. Also interested if this still works in 2020? Tried curling different endpoints, but either receive stock nginx page, or 'file not found.
  12. Were any errors reported during previous days' backup runs?
  13. What's the _unraid way_ of turning on key-only login access to unraid host? Can see there are some set of keys in /boot/config/ssh but there's no sshd_config found under /boot to enforce their usage. Why are there keys under boot/config/ssh to begin with if they're not used? Just to be clear, the goal is to secure ssh access so no bad actor on LAN can wreak havoc.
  14. Believe that's by design. Eg try passing (now-deprecated, I know) --link param when _not_ using self-created network.
  15. Interesting. How come tarring doesn't have the same issues - isn't it all simply a read operation on source endpoints anyway? Or the problem is caused by write? Anyhow cheers, will enable v1 again.