Re: [OpenIndiana-discuss] ssh root login

2013-01-12 Thread Ray Butler 
rolemod -K type=normal root

I set PermitRootLogin without-password and it works without issue.



On Sat, Jan 12, 2013 at 8:37 PM, Gregory S. Youngblood <
greg...@youngblood.me> wrote:

> Don't forget by default root is not a regular user account. Or at least it
> didn't used to be. You may need to issue the command to make root a full
> account before you can ssh to the root account.
>
> Also, depending on what you're doing, you might consider ssh to a regular
> user and then escalate via sudo or pfexex instead of ssh to the root user
> directly.
>
> Greg
>
>
> --
> Sent from my Jelly Bean Galaxy Nexus
>
> Bob Friesenhahn  wrote:
>
> >On Sun, 13 Jan 2013, Serge Fonville wrote:
> >
> >> It took me 2 minutes to set it up, succesfully
> >>
> >> The steps I took:
> >>
> >>> create key using ssh-keygen
> >>> edit sshd_config and set PermitRootLogin to yes
> >>> restarted sshd
> >>> added the public key to authorized_keys
> >>> specified the private key in the connection
> >>
> >> I tried with and without and empty root password
> >>
> >> What did you do different?
> >
> >As far as I know, that is what I did.
> >
> >Various other people have experienced similar Solaris related issues.
> >These postings suggest editing /etc/pam.conf.  Neither edit worked for
> >me:
> >
> >
> http://snltd.co.uk/snippets/index.php?c=v&sn=ssh_as_root.php&PHPSESSID=25648260eca8ea5afc1e120278b2b1f6
> >
> >
> http://www.semicomplete.com/blog/geekery/solaris-10-sshd-publickey-solution.html
> >
> >If it makes any difference, I am using OpenIndiana oi_151a7 on the
> >server host.  Ssh on the server host identifies itself as
> >
> >Sun_SSH_1.5, SSH protocols 1.5/2.0, OpenSSL 0x0090818f
> >
> >And the ssh client (Solaris 10) is
> >
> >Sun_SSH_1.1.5, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
> >
> >I am only using files+DNS for configuration.  No LDAP, NIS, or
> >anything fancy like that.
> >
> >Bob
> >--
> >Bob Friesenhahn
> >bfrie...@simple.dallas.tx.us,
> http://www.simplesystems.org/users/bfriesen/
> >GraphicsMagick Maintainer,http://www.GraphicsMagick.org/
> >
> >___
> >OpenIndiana-discuss mailing list
> >OpenIndiana-discuss@openindiana.org
> >http://openindiana.org/mailman/listinfo/openindiana-discuss
> ___
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss@openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>



-- 
*
*
___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] ssh root login

2013-01-12 Thread Ray Butler 
You could also run a second ssh instance (port 26) and set up a trusted
host configuration. For this instance set PermitRootLogin to yes and reset
the public ssh access (port 22) to PermitRootLogin no. It's more legwork,
as you'd need to package another ssh installation, but it would safeguard
your setup as only hosts defined as authorized hosts will be able to ssh as
root. We did this internally at Sun and I'm trying to get my current
employer to look at this as we don't allow sudo and we have to ssh as a
normal user then su to root.

Ray


On Sat, Jan 12, 2013 at 9:02 PM, Bob Friesenhahn <
bfrie...@simple.dallas.tx.us> wrote:

> On Sat, 12 Jan 2013, Gregory S. Youngblood wrote:
>
>  Don't forget by default root is not a regular user account. Or at least
>> it didn't used to be. You may need to issue the command to make root a full
>> account before you can ssh to the root account.
>>
>> Also, depending on what you're doing, you might consider ssh to a regular
>> user and then escalate via sudo or pfexex instead of ssh to the root user
>> directly.
>>
>
> Yes, I agree that this approach would be better.  The main problem is that
> I intentionally have a wide-variety of systems (hope to add more) and each
> one behaves a little differently.  I would need to create a new user
> account account on all the systems and add a way to accomplish the
> equivalent of 'sudo' on all those systems (perhaps via a suid wrapper).
>
> Bob
> --
> Bob Friesenhahn
> bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/**
> users/bfriesen/ 
> GraphicsMagick Maintainer,http://www.GraphicsMagick.org/
>
> __**_
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss@**openindiana.org
> http://openindiana.org/**mailman/listinfo/openindiana-**discuss
>



-- 
*
*
___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Offtopic question to old SPARC users

2013-11-23 Thread Ray Butler 
You can get replacement NVRAMs from here
http://www.memoryxsun.com/5251673.html.
I have hundreds of still in production Netra AX1105's and this is the only
source I've found for Sun NVRAM.
They come pre-programmed with MAC/Host ID so if you need the existing
config you'll have to program it yourself
http://www.squirrel.com/squirrel/sun-nvram-hostid.faq

Ray



On Sat, Nov 23, 2013 at 8:06 PM, Lou Picciano wrote:

> Hello Jim,
>
> We've got a few of these old beasts around; the last of 'em still
> anxiously awaiting its, uhhh... 'Retirement Party'.
>
> Seems to me we had to replace a battery on at least one of these at some
> point, but don't think it was the CR2032 'button' type, as I recall. Happy
> to send you some parts as needed(?), though distances probably an issue!(?)
> Happy, too, to disassemble one to find battery?
>
> I do remember the project of flashing the EPROM when we got these
> things...  Jumpers to be set, etc,; great fun!
>
> Lou Picciano
>
> - Original Message -
> From: "Jim Klimov" 
> To: "Discussion list for OpenIndiana"  >
> Sent: Friday, November 22, 2013 5:45:19 PM
> Subject: [OpenIndiana-discuss] Offtopic question to old SPARC users
>
> Hello all,
>
>My attention was requested to an old UltraSPARC E450 machine with
> Solaris 8, whose clock was going slower and worse for the past few
> days, maybe weeks. Since about today it has practically stopped -
> or more precisely, loops over the same 2-3 second interval over and
> over, even with NTP client enabled.
>
>My hunch would be a dead battery on CMOS, or whatever the analog
> of one would be. Any ideas where it might be located, and what model
> it is (like CR2032 on Intel-compatibles)? Any more ideas?
>
>So far they are doing backups and the machine will go into a diag
> reboot; normal reboot did not clear the errors at least.
>
>The beast is old, but serves as an appliance of an old database
> which nobody knows how to manage or migrate nowadays, even if into
> a Solaris8 branded zone on a newer SPARC, and the production payload
> is needed and important. Nobody knows how it works, but they know
> too well what for. Bummer...
>
> Thanks for any hints, hunches, anecdotes...
> //Jim Klimov
>
> ___
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss@openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>
> ___
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss@openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>



-- 

*raymond.but...@gmail.com *
___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] Upgrade Conflicts with 151a9

2014-01-21 Thread Ray Butler 
Hello Experts,

Attemping to upgrade my home server to 151a9 today and I'm getting several
conflicts which apparently are due to my using the legacy repo. Any way to
get around this other than a reinstall? Thanks in advance.


The following packages all deliver file actions to
usr/share/gtk-doc/html/gdk-pixbuf/gdk-pixbuf-csource.html:

  pkg://
openindiana.org/library/desktop/gdk-pixbuf@0.5.11,5.11-0.151.1.9:20140117T202422Z
  pkg://
openindiana.org/library/desktop/gtk2@2.20.1,5.11-0.151.1.8:20130406T215741Z

These packages may not be installed together. Any non-conflicting set may
be, or the packages must be corrected before they can be installed.

The following packages all deliver file actions to
usr/share/gtk-doc/html/gdk-pixbuf/GdkPixbufLoader.html:

  pkg://
openindiana.org/library/desktop/gdk-pixbuf@0.5.11,5.11-0.151.1.9:20140117T202422Z
  pkg://
openindiana.org/library/desktop/gtk2@2.20.1,5.11-0.151.1.8:20130406T215741Z

These packages may not be installed together. Any non-conflicting set may
be, or the packages must be corrected before they can be installed.

The requested change to the system attempts to install multiple actions
for link 'usr/bin/apu-1-config' with conflicting attributes:

1 package delivers 'link path=usr/bin/apu-1-config
target=../apr-util/1.3/bin/apu-1-config':
pkg://
openindiana.org/library/apr-util-13@1.5.3,5.11-0.151.1.9:20140117T202444Z
1 package delivers 'link path=usr/bin/apu-1-config
target=../apr-util/bin/apu-1-config':
pkg://
openindiana.org/library/apr-util@1.5.2,5.11-0.151.1.8.1:20130802T181015Z

These packages may not be installed together.  Any non-conflicting set may
be, or the packages must be corrected before they can be installed.

The following packages all deliver file actions to
usr/bin/amd64/gdk-pixbuf-query-loaders:

  pkg://
openindiana.org/library/desktop/gdk-pixbuf@0.5.11,5.11-0.151.1.9:20140117T202422Z
  pkg://
openindiana.org/library/desktop/gtk2@2.20.1,5.11-0.151.1.8:20130406T215741Z

These packages may not be installed together. Any non-conflicting set may
be, or the packages must be corrected before they can be installed.



-- 

*raymond.but...@gmail.com  *
___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] configuring dhcp on OpenIndiana?

2014-12-11 Thread Ray Butler 
 # dladm show-phys
 # dladm show-link
 # ipadm show-if

 # svcadm disable nwam
 # svcadm enable network/physical:default
 # svcadm restart milestone/network:default
 # ipadm create-if bge0

Static IP
 # ipadm create-addr -T static -a 192.168.100.200/24 bge0/v4

DHCP
 # ipadm create-addr -T dhcp bge0/v4

Default Route
 # route -p add default 192.168.100.1

On Thu, Dec 11, 2014 at 2:08 PM, Thomas Schweikle 
wrote:

> Hi!
>
> Searching for a hint how to configure dhcp in OpenIndiana I only found
> how to configure a static address. But I need a way to configure dhcp.
> Is there any page in the web describing how to configure a network
> interface to use dhcp?
>
> --
> Thomas
>
> ___
> openindiana-discuss mailing list
> openindiana-discuss@openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>



-- 

*raymond.but...@gmail.com *
___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss