Jacob Bachmeyer via cfarm-users writes:
>512-bit RSA is definitely breakable and should not be used for a long-term
>key. 768 bits is also too short; 1024 is currently marginal and definitely
>not suitable for a high-value target, but impersonating a cfarm host will not
>get an attacker much oth
Martin Guy via cfarm-users wrote:
On 15/09/24 11:40, Peter Gutmann via cfarm-users wrote:
Jonathan Wakely writes:
SSH_ARGS="-o PubkeyAcceptedAlgorithms=+ssh-rsa -o
KexAlgorithms=+diffie-hellman-group-exchange-sha1 -o
HostKeyAlgorithms=+ssh-rsa -o StrictHostKeyChecking=no"
Thanks. I've now s
On Tue, Sep 17, 2024 at 12:50 PM Martin Guy via cfarm-users
wrote:
>
> On 15/09/24 11:40, Peter Gutmann via cfarm-users wrote:
> > Jonathan Wakely writes:
> > SSH_ARGS="-o PubkeyAcceptedAlgorithms=+ssh-rsa -o
> > KexAlgorithms=+diffie-hellman-group-exchange-sha1 -o
> > HostKeyAlgorithms=+ssh-rs
On 15/09/24 11:40, Peter Gutmann via cfarm-users wrote:
Jonathan Wakely writes:
SSH_ARGS="-o PubkeyAcceptedAlgorithms=+ssh-rsa -o
KexAlgorithms=+diffie-hellman-group-exchange-sha1 -o HostKeyAlgorithms=+ssh-rsa -o
StrictHostKeyChecking=no"
Thanks. I've now set these in .ssh/config but got
Thorsten Glaser via cfarm-users writes:
>It’s not, for example you can use double quotes "…" only either around or
>inside accent-gravis-style command substitutions `…` but not both at the same
>time.
Oh, I meant in my case where everything was `` to begin with and got seek-and-
replaced with $(
On Mon, 16 Sep 2024, Peter Gutmann via cfarm-users wrote:
>use ``, more to document the issue than anything else since it's otherwise
>identical to $(). For anyone else needing to do this all it takes is:
It’s not, for example you can use double quotes "…" only either around
or inside accent-gra
On Mon, Sep 16, 2024 at 4:38 AM Peter Gutmann via cfarm-users
wrote:
>
> Denis Ovsienko via cfarm-users writes:
>
> >I ran into this particular thing after following the advice of shellcheck and
> >replacing `` with $(), which promptly broke the script on Solaris 10, which
> >is supposed to be PO
Denis Ovsienko via cfarm-users writes:
>I ran into this particular thing after following the advice of shellcheck and
>replacing `` with $(), which promptly broke the script on Solaris 10, which
>is supposed to be POSIX-compliant, at least in the shell department. As far
>as I remember, eventual
On Sun, 15 Sep 2024 15:39:18 +
Peter Gutmann via cfarm-users wrote:
> (OK, it's not quite that bad, but several things are pre-Posix at
> least, e.g. /bin/sh doesn't understand "$(...)" but requires `...`).
I ran into this particular thing after following the advice of
shellcheck and replaci
Bruno Haible writes:
>Look at the PATH column in
>https://gitlab.com/ghwiki/gnow-how/-/wikis/Platforms/Configuration.
Ah, that fixed it, thanks, I was missing /usr/ccs/bin.
Speaking of /usr/ccs/bin, it's nice to have an excuse to haul out my Version 7
Unix manuals again.
(OK, it's not quite th
On 15-09-24, Peter Gutmann via cfarm-users wrote:
> For anyone else needing to do this from a script, the magic for SSH is:
>
> SSH_ARGS="-o PubkeyAcceptedAlgorithms=+ssh-rsa -o
> KexAlgorithms=+diffie-hellman-group-exchange-sha1 -o
> HostKeyAlgorithms=+ssh-rsa -o StrictHostKeyChecking=no"
Docu
On Sun, 15 Sept 2024 at 10:52, Jonathan Wakely wrote:
>
> On Sun, 15 Sept 2024 at 10:40, Peter Gutmann
> wrote:
> >
> > Jonathan Wakely writes:
> >
> > >>cfarm210 is running an ancient version of SSH that requires all sorts of
> > >>algorithm downgrades to work. This isn't a big deal security-
On Sun, 15 Sept 2024 at 10:40, Peter Gutmann wrote:
>
> Jonathan Wakely writes:
>
> >>cfarm210 is running an ancient version of SSH that requires all sorts of
> >>algorithm downgrades to work. This isn't a big deal security-wise, but it
> >>does mean adding a pile of overrides to the client-side
Peter Gutmann wrote:
> >/opt/csw/bin
>
> I'd looked in there but couldn't find anything (make, ar, strip, etc).
Look at the PATH column in
https://gitlab.com/ghwiki/gnow-how/-/wikis/Platforms/Configuration.
> There's
> g present, but I was hoping to test with Sun tools to verify the
> ability to
Jonathan Wakely writes:
>>cfarm210 is running an ancient version of SSH that requires all sorts of
>>algorithm downgrades to work. This isn't a big deal security-wise, but it
>>does mean adding a pile of overrides to the client-side SSH.
>
>That's an out-of-support version of Solaris, there's a
On Sun, Sep 15, 2024 at 3:41 AM Peter Gutmann via cfarm-users
wrote:
>
> [...]
> cfarm119 has no dev tools that I can find:
>
> -bash-5.1$ which xlc
> which: 0652-141 There is no xlc in /usr/bin /etc /usr/sbin /usr/ucb
> /home/peter/bin /usr/bin/X11 /sbin ..
> -bash-5.1$ lslpp -l | grep xlc
> -ba
On Sun, 15 Sept 2024 at 10:21, Peter Gutmann via cfarm-users
wrote:
>
> Bruno Haible writes:
>
> >cfarm119 has two compilers installed:
> > - A GCC that works, in /opt/freeware/bin.
> > - An IBM derivate of clang, named ibm-clang and ibm-clang++,
> >in /opt/IBM/openxlC/17.1.1/bin. But it is
Peter Gutmann wrote:
> >cfarm119 has two compilers installed:
> > - A GCC that works, in /opt/freeware/bin.
> > - An IBM derivate of clang, named ibm-clang and ibm-clang++,
> >in /opt/IBM/openxlC/17.1.1/bin. But it is broken (miscompiles various
> >things here and there).
>
> Ah, OK. Ac
Bruno Haible writes:
>cfarm119 has two compilers installed:
> - A GCC that works, in /opt/freeware/bin.
> - An IBM derivate of clang, named ibm-clang and ibm-clang++,
>in /opt/IBM/openxlC/17.1.1/bin. But it is broken (miscompiles various
>things here and there).
Ah, OK. According to m
Peter Gutmann wrote:
> Playing with my own build-on-everything script I've found some issues with
> several systems
Special compiler options or environment variables are needed on many systems.
See https://gitlab.com/ghwiki/gnow-how/-/wikis/Platforms/Configuration .
> cfarm119 has no dev tools th
On Sun, 15 Sept 2024 at 09:54, Jonathan Wakely wrote:
>
> On Sun, 15 Sept 2024 at 08:41, Peter Gutmann via cfarm-users
> wrote:
> >
> > Playing with my own build-on-everything script I've found some issues with
> > several systems, when doing things manually I've just skipped over them but
> > th
On Sun, 15 Sept 2024 at 08:41, Peter Gutmann via cfarm-users
wrote:
>
> Playing with my own build-on-everything script I've found some issues with
> several systems, when doing things manually I've just skipped over them but
> the script is less forgiving...
>
> cfarm23 has an ancient clang instal
Playing with my own build-on-everything script I've found some issues with
several systems, when doing things manually I've just skipped over them but
the script is less forgiving...
cfarm23 has an ancient clang install that dies with an internal error trying
to generate code.
cfarm112 has a brok
On 12/09/24 03:15, Peter Gutmann wrote:
Martin Guy via cfarm-users writes:
Funny you should ask.
Very useful, thanks
You're welcome. You made me generalise and improve it which has helped
me too. More to do. Keep updated.
, and it's written in bash
in sh for bash/dash/ksh/whatever. I also
Paul H. Hargrove writes:
>Have a look at `ControlPath`, `ControlPersist` and similar in the ssh man
>page.
Very useful, thanks! Looks like others have run into, and already solved,
this problem in the past.
Peter.
___
cfarm-users mailing list
cfarm-u
Peter,
Have a look at `ControlPath`, `ControlPersist` and similar in the ssh man
page.
With a non-zero Persist, this feature can be used to reuse an initial
connection several times, with `sshd` only participating in the initial
setup.
This is useful in my own testing infrastructure (in perl, fwi
Peter Gutmann via cfarm-users writes:
>I was hoping to open one SSH connection, run a sequence of commands, then
>disconnect, in order to avoid hammering the servers with repeated SSH
>handshakes.
Forestalling the inevitable responses :-), I'm aware of the use of '... && ...
&& ... && ...' but t
Martin Guy via cfarm-users writes:
>Funny you should ask. I just implemented a set of scripts to perform
>operations on all compile farm machines including installing build
>dependencies under $HOME, configuring with different flags on some
>architectures, compiling a prog and running its regress
Funny you should ask. I just implemented a set of scripts to perform
operations on all compile farm machines including installing build
dependencies under $HOME, configuring with different flags on some
architectures, compiling a prog and running its regression test suite
everywhere.
It was s
On Mon, 9 Sept 2024 at 14:00, Simon Josefsson via cfarm-users
wrote:
>
> Peter Gutmann via cfarm-users
> writes:
>
> > Is anyone doing CI-style automated deployment across multiple cfarm hosts,
> > or
> > more generally on systems where all you've got to play with are SSH,
> > sh/bash,
> > and
Simon Josefsson writes:
>I thought this usage was against the recommended use of the cfarm, but I
>cannot find a reference now -- was the acceptable use policy modified?
It's just scripting what's otherwise done manually, it's taking the same
commands that I'd normally type out and putting them i
Peter Gutmann via cfarm-users
writes:
> Is anyone doing CI-style automated deployment across multiple cfarm hosts, or
> more generally on systems where all you've got to play with are SSH, sh/bash,
> and a compiler? Conventional approaches seem to require installing CI agents
> on each target sy
32 matches
Mail list logo
