Re: nmap
On Sep 4, 2018, at 9:46 PM, James Linder wrote: >> On 5 Sep 2018, at 4:45 am, Daniel J. Luke wrote: >> On Sep 4, 2018, at 4:39 PM, Ryan Schmidt wrote: >>> It looks like he's showing us that nmap on his Linux machine found 11 hosts >>> while on his Mac it only found 6 hosts. >> >> maybe? and there a lots of reasons why that might be the case. > > Just to be more exact the linux machine is a vm on my mac with a bridged > network. > Daniel what can the ‘lots of reasons’ be? I can think of many, but it's probably not going to be helpful for you to enumerate the possible issues as the start of determining what's happening. I would probably start with seeing if I can ping all the hosts I expect to be able to ping from both the linux VM and from the Mac. -- Daniel J. Luke
Re: ClamAV: freshclam vs. sudo freshclam
Were you able to get this working? If not, can you post the complete output from both the successful and unsuccessful runs? > On Aug 20, 2018, at 7:51 PM, Michael Newman via macports-users > wrote: > > If I run freshclam as a non-privileged user, it runs fine with no warnings or > error messages. Here’s the last line of the response: > > Database updated (6622193 signatures) from db.TH.clamav.net (IP: > 104.16.188.138) > > But, if I run sudo freshclam it fails with numerous errors, some of which are > shown below. > > What do I need to do to fix this? > > WARNING: Can't query current.cvd.clamav.net > WARNING: Invalid DNS reply. Falling back to HTTP mode. > If-Modified-Since: Wed, 07 Jun 2017 21:38:10 GMT > Reading CVD header (main.cvd): nonblock_connect: connect(): fd=6 errno=64: > Host is down > Can't connect to port 80 of host db.TH.clamav.net (IP: 104.16.186.138) > nonblock_connect: connect(): fd=6 errno=64: Host is down > Can't connect to port 80 of host db.TH.clamav.net (IP: 104.16.188.138) > Trying host db.TH.clamav.net (104.16.187.138)... > nonblock_connect: connect(): fd=6 errno=64: Host is down > Can't connect to port 80 of host db.TH.clamav.net (IP: 104.16.187.138) > Trying host db.TH.clamav.net (104.16.189.138)... > nonblock_connect: connect(): fd=6 errno=64: Host is down > > WARNING: Can't read main.cvd header from database.clamav.net (IP: ) > Giving up on database.clamav.net... > Update failed. Your network may be down or none of the mirrors listed in > /opt/local/etc/freshclam.conf is working. Check > https://www.clamav.net/documents/official-mirror-faq for possible reasons. -- Daniel J. Luke
Re: nmap
I know when I was doing some heavy scanning with nmap and macOS I came across an issue with the kernel limiting the ICMP rate and that causing it to skip ports. I tried fooling with net.inet.icmp.icmplim but ran into other problems. My ultimate conclusion was it was easier to run it in Docker using CentOS 7 :/ On Tue, Sep 4, 2018 at 9:11 PM James Linder wrote: > > > > On 5 Sep 2018, at 4:45 am, Daniel J. Luke wrote: > > > > On Sep 4, 2018, at 4:39 PM, Ryan Schmidt > wrote: > >> It looks like he's showing us that nmap on his Linux machine found 11 > hosts while on his Mac it only found 6 hosts. > > > > maybe? and there a lots of reasons why that might be the case. > > Just to be more exact the linux machine is a vm on my mac with a bridged > network. > Daniel what can the ‘lots of reasons’ be? > > Thanks > James > >
Re: nmap
ma > On 5 Sep 2018, at 10:01 pm, Daniel J. Luke wrote: > > On Sep 4, 2018, at 9:46 PM, James Linder wrote: >>> On 5 Sep 2018, at 4:45 am, Daniel J. Luke wrote: >>> On Sep 4, 2018, at 4:39 PM, Ryan Schmidt wrote: It looks like he's showing us that nmap on his Linux machine found 11 hosts while on his Mac it only found 6 hosts. >>> >>> maybe? and there a lots of reasons why that might be the case. >> >> Just to be more exact the linux machine is a vm on my mac with a bridged >> network. >> Daniel what can the ‘lots of reasons’ be? > > I can think of many, but it's probably not going to be helpful for you to > enumerate the possible issues as the start of determining what's happening. > > I would probably start with seeing if I can ping all the hosts I expect to be > able to ping from both the linux VM and from the Mac. Daniel thanks. Yup ofcourse I can ping every host, it is a bridged VM. Stephen’s explanation seems very likely. “the the kernel limits ICMP rate" Thanks Steven. James
Re: ClamAV: freshclam vs. sudo freshclam
For the list archives - Michael and I did some investigation off-list and it turned out to be Little Snitch blocking the freshclam invocation that wasn't working. > On Sep 5, 2018, at 10:03 AM, Daniel J. Luke wrote: > Were you able to get this working? > > If not, can you post the complete output from both the successful and > unsuccessful runs? > >> On Aug 20, 2018, at 7:51 PM, Michael Newman via macports-users >> wrote: >> If I run freshclam as a non-privileged user, it runs fine with no warnings >> or error messages. Here’s the last line of the response: -- Daniel J. Luke
Re: quite OT
Hi All > What is the difference between what this server says in the logs, > and what the previous server says in the logs? In my growing frustration I was quite rude to Jan. Humble appologies. I was able to do password-less login to another High Sierra machine exactly as you would expect !!! My only hint on my desktop machine is this system.log:Sep 6 10:09:27 haycorn com.apple.xpc.launchd[1] (com.openssh.sshd.D2A41AA4-87E8-4832-8745-93B2D3AD3796[580]): Service exited with abnormal code: 255 As promised I’ll stop abusing the list, port openssh behaves exactly as the built in server. Aa a final resort I may end up doing a re-install, with time machine to hold my hand. Cheers James PS Jan asked for and here is the tail of -vvv ….from my desktop to a mac that does accept passwd-less debug2: key: /Users/jam/.ssh/id_rsa (0x7fdfbd4032c0) debug2: key: /Users/jam/.ssh/id_dsa (0x0) debug2: key: /Users/jam/.ssh/id_ecdsa (0x0) debug2: key: /Users/jam/.ssh/id_ed25519 (0x0) debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred publickey debug3: authmethod_lookup publickey debug3: remaining preferred: debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: RSA SHA256:/FjP5L3Grrw1P4KXIq5SsfkEy5RWhmeVehgG5+8k5rk /Users/jam/.ssh/id_rsa debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 60 debug1: Server accepts key: pkalg rsa-sha2-512 blen 279 debug2: input_userauth_pk_ok: fp SHA256:/FjP5L3Grrw1P4KXIq5SsfkEy5RWhmeVehgG5+8k5rk debug3: sign_and_send_pubkey: RSA SHA256:/FjP5L3Grrw1P4KXIq5SsfkEy5RWhmeVehgG5+8k5rk debug3: send packet: type 50 debug3: receive packet: type 52 debug1: Authentication succeeded (publickey). Authenticated to ws111 ([192.168.5.111]:22). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug3: send packet: type 90 debug1: Requesting no-more-sessi...@openssh.com debug3: send packet: type 80 debug1: Entering interactive session. debug1: pledge: network debug3: receive packet: type 80 debug1: client_input_global_request: rtype hostkeys...@openssh.com want_reply 0 debug3: receive packet: type 91 debug2: channel_input_open_confirmation: channel 0: callback start debug2: fd 5 setting TCP_NODELAY debug3: ssh_packet_set_tos: set IP_TOS 0x10 debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 1 debug3: send packet: type 98 debug2: channel 0: request shell confirm 1 debug3: preferred publickey debug3: authmethod_lookup publickey debug3: remaining preferred: debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: RSA SHA256:/FjP5L3Grrw1P4KXIq5SsfkEy5RWhmeVehgG5+8k5rk /Users/jam/.ssh/id_rsa debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 60 debug1: Server accepts key: pkalg rsa-sha2-512 blen 279 debug2: input_userauth_pk_ok: fp SHA256:/FjP5L3Grrw1P4KXIq5SsfkEy5RWhmeVehgG5+8k5rk debug3: sign_and_send_pubkey: RSA SHA256:/FjP5L3Grrw1P4KXIq5SsfkEy5RWhmeVehgG5+8k5rk debug3: send packet: type 50 debug3: receive packet: type 52 debug1: Authentication succeeded (publickey). Authenticated to ws111 ([192.168.5.111]:22). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug3: send packet: type 90 debug1: Requesting no-more-sessi...@openssh.com debug3: send packet: type 80 debug1: Entering interactive session. debug1: pledge: network debug3: receive packet: type 80 debug1: client_input_global_request: rtype hostkeys...@openssh.com want_reply 0 debug3: receive packet: type 91 debug2: channel_input_open_confirmation: channel 0: callback start debug2: fd 5 setting TCP_NODELAY debug3: ssh_packet_set_tos: set IP_TOS 0x10 debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 1 debug3: send packet: type 98 debug2: channel 0: request shell confirm 1 debug3: send packet: type 98 debug2: channel_input_open_confirmation: channel 0: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug3: receive packet: type 99 debug2: channel_input_status_confirm: type 99 id 0 debug2: PTY allocation request accepted on channel 0 debug2: channel 0: rcvd adjust 2097152 debug3: receive packet: type 99 debug2: channel_input_status_confirm: type 99 id 0 debug2: shell request accepted on channel 0 Last login: Thu Sep 6 10:07:4
Re: quite OT (James)
Hi All just in case this is the issue, both machines being “up to date”, and it affects others This works (passwd-less login): [pussycat] /Users/mary [501]% sshd --help OpenSSH_7.5p1, LibreSSL 2.5.4 This does not (identical keys and config files) [haycorn] /Users/jam [291]% sshd --help OpenSSH_7.6p1, OpenSSL 1.0.2p 14 Aug 2018 James
Re: quite OT (James)
Hi All just in case this is the issue, both machines being “up to date”, and it affects others it is not an issue no more noise I promise --- This works (passwd-less login): [pussycat] /Users/mary [501]% sshd --help OpenSSH_7.5p1, LibreSSL 2.5.4 This does not (identical keys and config files) [haycorn] /Users/jam [291]% sshd --help OpenSSH_7.6p1, OpenSSL 1.0.2p 14 Aug 2018 James
Re: quite OT
On Sep 06 11:40:41, j...@tigger.ws wrote: > > What is the difference between what this server says in the logs, > > and what the previous server says in the logs? > > I was able to do password-less login to another High Sierra machine > exactly as you would expect !!! Yes, we already know that. What we don't know is why it doesn't work on this one machine. > My only hint on my desktop machine is this "Desktop machine"? This is a log from "haycorn", which previously was the sshd _server_, right? > system.log:Sep 6 10:09:27 haycorn com.apple.xpc.launchd[1] > (com.openssh.sshd.D2A41AA4-87E8-4832-8745-93B2D3AD3796[580]): Service exited > with abnormal code: 255 This is system.log, saying that the sshd launched by launchd exoted with 255. Show us the sshd log itself, as verbose as possible, which says what failed. > As promised I’ll stop abusing the list, > port openssh behaves exactly as the built in server. No. The oepnssh port is linked (by default) with OpenSSL. The built in OpenSSH suite uses the system LibreSSL. > ….from my desktop to a mac that does accept passwd-less [A successful login to yet another machine not mentioned before.] > from that machine back to me Aaaargh. Another login of a different user, with a different key, from a different machine. Can you stick to the one failing case? You are making it quite hard to help you. > debug2: key: /Users/mary/.ssh/id_rsa (0x7f9cffd16f40) > debug2: key: /Users/mary/.ssh/id_dsa (0x0) > debug2: key: /Users/mary/.ssh/id_ecdsa (0x0) > debug2: key: /Users/mary/.ssh/id_ed25519 (0x0) > debug3: send packet: type 5 > debug3: receive packet: type 7 > debug1: SSH2_MSG_EXT_INFO received > debug1: kex_input_ext_info: > server-sig-algs= > debug3: receive packet: type 6 > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug3: send packet: type 50 > debug3: receive packet: type 51 Is this the "error 51" you mentioned before? What exactly is the chmod of the $HOME, $HOME/.ssh/ and $HOME/.ssh/authorized_keys of the target user on the remote side? Jan > debug1: Authentications that can continue: > publickey,password,keyboard-interactive > debug3: start over, passed a different list > publickey,password,keyboard-interactive > debug3: preferred publickey,keyboard-interactive,password > debug3: authmethod_lookup publickey > debug3: remaining preferred: keyboard-interactive,password > debug3: authmethod_is_enabled publickey > debug1: Next authentication method: publickey > debug1: Offering RSA public key: /Users/mary/.ssh/id_rsa > debug3: send_pubkey_test > debug3: send packet: type 50 > debug2: we sent a publickey packet, wait for reply > debug3: receive packet: type 51 > debug1: Authentications that can continue: > publickey,password,keyboard-interactive > debug1: Trying private key: /Users/mary/.ssh/id_dsa > debug3: no such identity: /Users/mary/.ssh/id_dsa: No such file or directory > debug1: Trying private key: /Users/mary/.ssh/id_ecdsa > debug3: no such identity: /Users/mary/.ssh/id_ecdsa: No such file or directory > debug1: Trying private key: /Users/mary/.ssh/id_ed25519 > debug3: no such identity: /Users/mary/.ssh/id_ed25519: No such file or > directory > debug2: we did not send a packet, disable method > debug3: authmethod_lookup keyboard-interactive > debug3: remaining preferred: password > debug3: authmethod_is_enabled keyboard-interactive > debug1: Next authentication method: keyboard-interactive > debug2: userauth_kbdint > debug3: send packet: type 50 > debug2: we sent a keyboard-interactive packet, wait for reply > debug3: receive packet: type 60 > debug2: input_userauth_info_req > debug2: input_userauth_info_req: num_prompts 1 > Password: > >
Re: quite OT (James)
On Sep 06 12:41:56, j...@tigger.ws wrote: > Hi All > > just in case this is the issue, both machines being “up to date”, and it > affects others > > This works (passwd-less login): > > [pussycat] /Users/mary [501]% sshd --help > OpenSSH_7.5p1, LibreSSL 2.5.4 This is presumably the system sshd (using the system libressl). > This does not (identical keys and config files) > > [haycorn] /Users/jam [291]% sshd --help > OpenSSH_7.6p1, OpenSSL 1.0.2p 14 Aug 2018 This is presumably the OpenSSH port (using the openssl port). (Why are you even thrying to use it if the system default works for you?) Jan
Re: quite OT (James)
On Sep 06 12:41:56, j...@tigger.ws wrote: > This does not (identical keys and config files) The sshd from the openssh port uses a different config. > [haycorn] /Users/jam [291]% sshd --help > OpenSSH_7.6p1, OpenSSL 1.0.2p 14 Aug 2018 What happens if you run the ysstem sshd on haycorn? Jan
