Re: Terminally Multi-Perplexed
Thank you Otto, I went ahead and reached out to him directly. Just saw a similar report come in to the mailing list so wanted to give that update. On Fri, Jul 14, 2023 at 07:11:22PM +0200, Otto Moerbeek wrote: On Thu, Jul 13, 2023 at 09:01:13PM +, Ares wrote: Howdy, I've experienced occasional but reproducible zombie process creation when ^D'ing a tmux pane. This is on amd64 current and have noticed the behavior since #1279. To reproduce I simply start tmux without any additional flags and then create and ^D about 10-20 panes. Eventually one should hang just after the ^D print and require a tmux server restart. I should also mention that I mfs mount /tmp since that is where tmux saves some of its session files and according to what little I was able to gleem from the ktrace it may be relevant. Obligatory log and configuration files below, let me know if I missed a useful one, and thank you: Hi, Don't know if nicm (the tmux maintainer) reads misc@. I you don't get any reply after a few days see https://github.com/tmux/tmux/wiki/FAQ for other ways to report tmux bugs. -Otto --
Re: hidden services stopped working
Thanks for the reply and the help Ivan but I'm actually already doing exactly
what you suggested. Checking the time is one of the first things I thought of
but this is not that unfortunately. I don't have this problem on 5.9 myself
and even snapshots were fine up until the update. Your problem is
interesting though.
Let me know if you come accross anything new on that, again thanks for you
time on this.
>> connections taken from the wiki @ https://trac.torproject.org/projects/
>> tor/wiki/doc/TransparentProxy#BSDPF. With the exception of using
>> divert-to rules istead of the rdr-to rules everything else is exactly
>> the same. It all worked fine up to the recent update. After a few days
>> and a few snapshot versions I can't seem to troubleshoot what's changed
>> or where it's failing. No errors or blocks in syslog or pflog
>> repectively.
>> Clearnet works fine and is all routed through tor and using tor-resolve
>> on hidden services resolves the address just fine but trying to connect
>> through irc or web browser to hidden services fails after timeout. Any
>> help would be greatly appreciated. Attached a ktrace of lynx trying to
>> connect to the duckduckgo hidden service. Thanks in advance guys!
>> P.S. Triple checked pf rules and entire tor config, system time, and
>> virtual address allocation
>
> I've encountered recently that system time jumps repeatedly thus
> breaking all curcuits and even more time-sensitive Onion Services as
> well. This is a problem that I'm now investigating.
> As you said, you're using snapshot version. But this problem also
> present in 5.9 release branch and started around the same time. Then it
> should not have roots in the recent code.
>
> At the moment the problem narrows down to `ntpd.conf` in the default
> install. According to this [1] commit, `ntpd` is enabled by default and
> uses contraints over TLS from `www.google.com` (do we trust Google
> now??). Same NTP peers work fine on another non-OpenBSD machines so my
> best guess at the moment that time taken from `www.google.com` is wrong
> (or the fetching method). Maybe Google changed their time logic.
>
> Another hint is that these OpenBSD machines do DNS over Tor ('DNSPort'
> option) and thus get different Google IP each time (Google tries to
> resolve IP addresses that are nearby). Then ntpd takes average of these
> clocks (different IPs) according to the manpage.
>
> As a quick fix I recommend you to disable `ntpd` [2] and use `tlsdate`
> [3] to fetch time over TLS. It works fine for me for several days by now.
>
>
> [1]
> http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/ntpd.conf.diff?r1=1.12&r2=1.13
> [2] /etc/rc.d/ntpd stop
> rcctl disable ntpd
> [3] https://github.com/ioerror/tlsdate
>
> --
> Ivan Markin
Re: hidden services stopped working
Ok, I'm not sure where how this thread went sideways quite so quickly but just to be clear I'm running as of right now the most current snapshot available on ftp5.usa and the only things I have installed are lynx and tor, I have made sure the system time is correct and turn tor's log doesn't throw any errors at all, and all clearnet address connect just fine, I've tried looking through dameon, messages, and pflog for any errors or misrouted packets respectively, this setup was working just fine and has been for quite a while until a few days ago, I'm not trying to gripe or install anything else I know I'm using snapshots and what that means I'm simply asking for help in other ways I can apprach this problem to try and find the solution since I was definitely call myself a noob or if maybe someone knew of some changes between the snapshot versions that might be related. If I can provide any other information that someone thinks will help I'm more than happy to do so. P.S.- Sorry for the epic run on sentence. >> >> What do you mean by "checking the time"? It just jumps forward for about >> 150s and immediately restores. So it's not so visible. Though it makes >> Tor to break all built circuits. Have a look at your Tor log with >> `notice` debug level. There are probably reports like this: >> >> "Your system clock just jumped 150 seconds forward; assuming established >> circuits no longer work." > > I am really impressed by the analytical skills I observe here. > > I observe: "the system is complex, I can't figure it out, I'll blame > everything, and use more stuff I don't understand". > > Maybe the fortress fell over because you didn't have enough Lego.
Re: hidden services stopped working
I'm not sure it's the same problem. Though it sounds interesting, what's in your torrc? Try the enabling: CloseHSClientCircuitsImmediatelyOnTimeout 1 CloseHSServiceRendCircuitsImmediatelyOnTimeout 1 UserspaceIOCPBuffers 1 AvoidDiskWrites 1 I'm not sure what happened to my setup quite yet I've been trying to figure it out while staying current with snapshots. So following the logs the virtual address get's allocated and automapped for the .onion and tries to pass it off to rewrite_and_attach_if_allowed and that's where it gets stuck. Thought it was a permission thing or a side effect of w^x being turned on but I've since eliminated those possibilities. It seems the function evdns_server_callback() is unable to pass the automap to rewrite_and_attach_if_allowed and just continues in a loop trying until timeout or max retries is hit. Not really sure how to proceed at this very moment but I'll keep pondering away. On 2016-05-31 16:52, Juuso Lapinlampi wrote: This may be related: > em(4) interface hangs randomly, receive buffer full (Intel i210) https://marc.info/?l=openbsd-misc&m=145696725605233&w=2 I've been having those Tor hangs for months. The same issue, clock skips ahead some minutes and breaks Tor connections but not clearnet. They happen quite frequently, at least three times a week to say. Heck, I've seen this issue for more than a year since OpenBSD 5.6 or 5.7. The issue became worse late OpenBSD 5.8. It seems like the issue gets worse when Tor's HardwareAccel option is enabled (HardwareAccel 1). Disabling it has helped a lot, but hasn't resolved the issue. I've also never been able to get more than ~1 MB/s throughput for some reason with or without HardwareAccel on OpenBSD. No idea why, probably the constantly breaking circuits. I spent 2.5 months debugging the issue and it's still persisting. I've posted a full email transcript with more details.[1] It seems to be a little random which Tor connections get dropped. There are IRC users connecting to an .onion address, and for years only some of them have dropped connections and some kept going. This server also uses OpenNTPD for syncing the clock from NTP.org Sweden pool. I haven't tried disabling it yet to see what would happen. [1]: https://partyvan.eu/transparency/emails/2016-02-16-portlane-nic-downtime.txt
Re: Unable to log in with Pubkey after upgrade to 7.0
On Fri, Oct 22, 2021 at 08:56:13AM -0600, Theo de Raadt wrote: Emiel Kollof wrote: Ivo Chutkin schreef op vr 22-10-2021 om 15:23 [+0300]: > Hello all, > > I am unable to log in with Pubkey after upgrade to 7.0 > > I can log in with user/password. > > What i get in the log is: > > Oct 22 15:10:01 sklad sshd[88986]: userauth_pubkey: key type ssh-rsa See https://www.openssh.com/releasenotes.html Suggested workaround in your ssh config: Host old-host HostkeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa Please stop telling people to work around it. We removed ssh-rsa for a damn good reason. Do you still use a horse buggy to visit the grocery store? While I'm not arguing with your damn good reasons for taking such actions. We don't always have the luxury of having the necessary permission to update the other side of a connection. Also yes, in my hometown of Lancaster plenty of people still take a horse buggy to get groceries.
