Yes, I have a script to send a nice melody to my living room computer when my coffee is ready that uses at and ssh.
But, I often log in and get up and do things and theoretically someone could walk in the front door and sit down. Not that I'm paranoid, but I don't like the session/user to be able to do too much or know too much. So I don't make accessing another box too easy, unless I have a good reason. Plus there is the whole layered defense concept and all that.
So, for a lot of scripting with ssh certificates, I use user operator. It was just sitting around with it's teeth in its mouth, so I put it to work. Plus the name sounded sort of descriptive. I wrote a script to do clipboard sharing over the network, for example. And, since I don't log in as operator ever, unless I am adding scripts or features, I have less of a security concern.
-Gary
----- Forwarded message from Linus Sphinx <sphinxtar(a)gmail.com> -----
Date: Wed, 6 Jul 2022 07:54:01 -0600
From: Linus Sphinx <sphinxtar(a)gmail.com>
To: Gary <saclug(a)garymcglinn.com>
Subject: Re: [Lug-nuts] [sphinxtar(a)gmail.com: Re: Basic SSH]
Way we had everything wired at etrade, made for some nice easy scripting.
On Wed, Jul 6, 2022 at 6:37 AM Gary <saclug(a)garymcglinn.com> wrote:
> I was thining of tyring that just to see if it would work. You would
> think there would be an example of it somewhere. It's not how I'd like to
> use it, but it would be a good way to figure things out.
>
> ----- Forwarded message from Linus Sphinx <sphinxtar(a)gmail.com> -----
>
> Date: Wed, 6 Jul 2022 05:01:48 -0600
> From: Linus Sphinx <sphinxtar(a)gmail.com>
> To: Gary <saclug(a)garymcglinn.com>
> Subject: Re: [Lug-nuts] Basic SSH
>
> Do you own both servers? Maybe generate keys and exchange them? Sorry for
> the RTFM: https://man7.org/linux/man-pages/man1/ssh-keygen.1.html
>
>
> On Tue, Jul 5, 2022 at 11:35 PM Gary <saclug(a)garymcglinn.com> wrote:
>
> > So, my eyes grow weary of google nonsense.
> >
> > But is there ever a way to use anything other than:
> >
> > ssh -L xxxx:localhost:yyyy server.com
> > or
> > ssh -L xxxx:server.com:yyyy server.com
> >
> > for example
> >
> > ssh -L xxxx:anotherserver.com:yyyy server.com
> >
> > for example when there are firewalls.
> >
> > How would it work? Certificates only? I'd like to use a password on
> > anotherserver.com
> >
> > I know I could get what I want using a double login and chaining ports.
> > But, it seems like a real waste if the :localhost: is just to tickle the
> > bind addresses on the server.
> >
> > -Gary
> >
> > _______________________________________________
> > Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
> > To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
> >
>
> ----- End forwarded message -----
> _______________________________________________
> Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
> To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
>
----- End forwarded message -----
I was thining of tyring that just to see if it would work. You would think there would be an example of it somewhere. It's not how I'd like to use it, but it would be a good way to figure things out.
----- Forwarded message from Linus Sphinx <sphinxtar(a)gmail.com> -----
Date: Wed, 6 Jul 2022 05:01:48 -0600
From: Linus Sphinx <sphinxtar(a)gmail.com>
To: Gary <saclug(a)garymcglinn.com>
Subject: Re: [Lug-nuts] Basic SSH
Do you own both servers? Maybe generate keys and exchange them? Sorry for
the RTFM: https://man7.org/linux/man-pages/man1/ssh-keygen.1.html
On Tue, Jul 5, 2022 at 11:35 PM Gary <saclug(a)garymcglinn.com> wrote:
> So, my eyes grow weary of google nonsense.
>
> But is there ever a way to use anything other than:
>
> ssh -L xxxx:localhost:yyyy server.com
> or
> ssh -L xxxx:server.com:yyyy server.com
>
> for example
>
> ssh -L xxxx:anotherserver.com:yyyy server.com
>
> for example when there are firewalls.
>
> How would it work? Certificates only? I'd like to use a password on
> anotherserver.com
>
> I know I could get what I want using a double login and chaining ports.
> But, it seems like a real waste if the :localhost: is just to tickle the
> bind addresses on the server.
>
> -Gary
>
> _______________________________________________
> Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
> To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
>
----- End forwarded message -----
I'm Ron.
I live in Sacramento, near Bradshaw and Old Placerville. I am retired, at least for now. I hope I don't have to go back to work. When I was working I was a helpdesk worker for several companies and for the last 10 years I worked in one of the bigger Data Centers here in SAC.
I use Kubuntu by the way. : ^ )
Hobbies: Python and C programming, Running Emulators for OLD computers. Have had a working mainframe emulator working but don't right now.
List still working?
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
I just upgraded a system to Fedora 36 today!
Brian
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
So, as a longtime Mailman2 site-admin, I've been poking around Brian's
Mailman3 installation, getting to know it better. Mailman3 was a
from-scratch rewrite. Among other things, the familiar "pipermail"
archiver (in Python 2.7.x) has been replaced with "hyperkitty" in
Python 3, and the familiar "listinfo" Web interface for subscribers and
site-admins has been replaced by "postorius".
Those of us still running Mailman2 (see for comparsion
http://linuxmafia.com/mailman/listinfo/conspire ) have a near-term
problem, because Python 2.7.x is now dead, dead, dead, and therefore
so is pre 3.x Mailman. OTOH, Mailman3 has been controversial for
reasons I don't want to get deep into, to the point that some site
admins are looking at ways to move sideways to other MLMs (mailing list
managers).
The postorius page for lug-nuts is here:
https://bigbrie.com/mailman3/postorius/lists/lug-nuts.bigbrie.com/
The archives ("hyperkitty") page is here:
https://bigbrie.com/mailman3/hyperkitty/list/lug-nuts@bigbrie.com/
(As with Mailman2, those two pages cross-link to each other.)
Point 1: Brian, maybe you should add one of those URLs (maybe the
postorius one) to the standard footer applied to postings by Mailman.
IMO, that was a very useful default feature of Mailman2. Anticipating
the objection: Yes, that information is provided in a MLM-added
header in all postings, which anyone who shows full headers can see.
That's in fact how I found those two pages. However, IMO, it's really
handy to have one in the footer, where _non_-technical people might
notice it. (Like, I'll bet that maybe two other people reading this
comment were aware of those normally-hidden headers.)
Point 2: On the postorius page, I notice there's no link for
subscribers to view the membership roster, as there was on the
corresponding Mailman2 listinfo page. Brian, is that public-facing
feature just totally gone? Is there a way to switch it back on?
IMO, there are multiple good reasons why, for most mailing lists, the
subscribers should have access to view the subscriber roster. Among
them is continuity: It makes a mailing list easier to re-host if
any of a variety of bad things happen. (Like, sadly, we're all mortal.)
Point 3: On a hunch that the "Subscription/Unsubscription" link
on the postorius page gives access to subscription options, as it did on
the Mailman2 listinfo page, I tried that "Log in" button, taking me to
https://bigbrie.com/mailman3/accounts/login/?next=/mailman3/postorius/lists…
.
That page has "Username or e-maiL" and "Password" fields, and also a
"Forgot Password?" link. Attempting my subscriber e-mail address and
what I _historically_ used as my subscription password, I got
"The e-mail address and/or password you specified are not correct."
OK, fair enough. Quite probably, Brian let Mailman3 generate random
subscriber passwords when he re-hosted the mailing list. So, I go back to
https://bigbrie.com/mailman3/accounts/login/?next=/mailman3/postorius/lists…
, and attempt "forgot Password?", which goes to
https://bigbrie.com/mailman3/accounts/password/reset/ , where you can
re-enter your e-mail address and hit the "Reset My Password" button.
When I do that, I see "The e-mail address is not assigned to any user
account" -- and cannot do subscriber-password reset.
So, Brian, although I'm self-evidently subscribed, Mailman3 claims I'm
not when I ask to reset my password. Stalemate. Something is broken.
Point 4: On the
https://bigbrie.com/mailman3/hyperkitty/list/lug-nuts@bigbrie.com/
archives page, _yesterday_ when I tried to drill down to individual
archived threads and postings, I got HTTP errors. I was just now
rechecking, in order to cite specifics, and _now_ all those links appear
to work.
So, I guess there's no reproducible bug to investigate, but I swear I
wasn't hallucinating. ;-> If I had to guess, I think there were
glitches in hyperkitty's back-end database at the time. Be advised.
Point 5: Any chance you can get the pre-Feb. 28, 2022 mailing list
archive from Roberto Leibman, and import it into the Mailman3 history?
I'm sure hyperkitty has the facility to read in the mbox file from a
Mailman2 mailing list, as part of the migration/upgrade facilities.
I can't really look now, its all updated :)
But although the OS was old, the browser,firefox-dev, was pretty current.
The process of upgrading to 35/XFCE was pretty smooth, except I had misused my /var partition. There were some interesting gotchas. Using the "Custom" partition manager in the installer, I couldn't define a root, '/', partition. I would revert to whatever was there earlier. I had to use "Custom Advanced". And the progress meters were a little wonky, which made me wonder if I was hung a couple of times.
I went through all this because I was trying to build Matter, home automation, and it didn't like my python version. It still doesn't like my python version LOL.
I installed GIMP and it installed python2, so I might have to see was is going on there. Also, just as previously, ImageMagick display images are all very translucent. It makes me think there is a setting that is off in my home directory, but I haven't been able to find anything.
-Gary
On Thu, Mar 24, 2022 at 01:19:24PM -0700, Linus Sphinx wrote:
> Could it be a TLS error in your browser being so ancient? 1,0 and 1.1 have
> both been deprecated. I quit fighting it and went with gnome.
>
> On Wed, Mar 23, 2022 at 7:59 AM Gary <saclug(a)garymcglinn.com> wrote:
>
> > I was trying to do an install/build on my Fedora 23 development system,
> > which, admittedly, is old. My python version was too old. I decided to
> > get the latest Fedora and upgrade things. When I tried to initiate the
> > download I received an invalid certificate error. Really. Considering
> > what I'm downloading, I decided not to override.
> >
> > Anyone else seen this? I consider this a sign of rapidly approaching
> > death, most of the time. Also, I couldn't find the usual "spins" option
> > for the download. I like to use XFCE.
> >
> > For now, I'm going to python.org and taking my chances there.
> >
> > -Gary
> > _______________________________________________
> > Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
> > To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
> >
I was trying to do an install/build on my Fedora 23 development system, which, admittedly, is old. My python version was too old. I decided to get the latest Fedora and upgrade things. When I tried to initiate the download I received an invalid certificate error. Really. Considering what I'm downloading, I decided not to override.
Anyone else seen this? I consider this a sign of rapidly approaching death, most of the time. Also, I couldn't find the usual "spins" option for the download. I like to use XFCE.
For now, I'm going to python.org and taking my chances there.
-Gary
This article is a little "old", yet I thought it was interesting how
things progressed during pandemic.
https://www.zdnet.com/article/developer-jobs-demand-for-programming-languag…
I really like the way I can use Java 8, 11, and recent on Fedora!
https://adoptium.net/
Plus, I really like being able to use Maven and just throw in a few
dependencies and it just works!
Brian
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
