From cross+conserver@distal.com Tue Oct 4 13:17:49 2005 Received: from omzesmtp02.mci.com (omzesmtp02.mci.com [199.249.17.9]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j94KHftf015739; Tue, 4 Oct 2005 13:17:47 -0700 (PDT) Received: from dgismtp04.wcomnet.com ([166.38.58.144]) by firewall.mci.com (Iplanet MTA 5.2) with ESMTP id <0INU00CIJR1HMB@firewall.mci.com>; Tue, 04 Oct 2005 20:17:41 +0000 (GMT) Received: from dgismtp04.wcomnet.com by dgismtp04.mcilink.com (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with SMTP id <0INU00601R08IA@dgismtp04.mcilink.com>; Tue, 04 Oct 2005 20:17:40 +0000 (GMT) Received: from [153.39.148.200] by dgismtp04.mcilink.com (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with ESMTP id <0INU0066AR02D5@dgismtp04.mcilink.com>; Tue, 04 Oct 2005 20:16:51 +0000 (GMT) Date: Tue, 04 Oct 2005 16:16:50 -0400 From: Chris Ross Subject: Re: SSL, certs, and conserver (fix included) In-reply-to: <20050602062918.GJ4552@underdog.stansell.org> To: Bryan Stansell Message-id: <4342E332.9030109@distal.com> MIME-version: 1.0 Content-type: text/plain; format=flowed; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050720) References: <20050602062918.GJ4552@underdog.stansell.org> X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Oct 2005 20:17:50 -0000 I'm having a problem with getting conserver (8.1.12) working with an SSL connection. I presume 8.1.12 doesn't need the patch that you posted to the list, as it's release date is after the date of this email. :-) Bryan Stansell wrote: > here's a description of how things are coded to work (once you apply the > patch).... > > - neither side uses -c > > the ssl bits are allowed to use an unauthenticated cipher to set up > the encryption. that just works. This is what I'm trying to do. I have my conserver.cf set up so that ssl is required, and when I try running the client to connect to it, I get: % console -x -p 782 console: SSL negotiation failed 2173:error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable:../../../../common/openssl/ssl/t1_enc.c:449: % I'm not sure what that means. This is on a solaris 10 system, using the ssl libraries that are part of the installed OS. These are OpenSSL as of about January of 2005, but I can't see a version number in the package info. The header suggests it is, or was, 0.9.7d. Bryan, do you have any idea what I'm doing wrong here? I'm running the client on the same machine the server daemon is running on, and the name compiled into the binaries is CNAME'd to this machines external address. If I "-M localhost" I get the same error message, however. Thanks. Any help appreciated. - Chris From bryan@stansell.org Tue Oct 4 16:07:30 2005 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j94N7UaB016899 for ; Tue, 4 Oct 2005 16:07:30 -0700 (PDT) Received: (from bryan@localhost) by underdog.stansell.org (8.13.5/8.13.5/Submit) id j94N7UDU016898 for users@conserver.com; Tue, 4 Oct 2005 16:07:30 -0700 (PDT) Date: Tue, 4 Oct 2005 16:07:30 -0700 From: Bryan Stansell To: users@conserver.com Subject: Re: SSL, certs, and conserver (fix included) Message-ID: <20051004230730.GD19884@underdog.stansell.org> References: <20050602062918.GJ4552@underdog.stansell.org> <4342E332.9030109@distal.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4342E332.9030109@distal.com> User-Agent: Mutt/1.4.2.1i X-Scanned-By: MIMEDefang 2.39 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Oct 2005 23:07:31 -0000 On Tue, Oct 04, 2005 at 04:16:50PM -0400, Chris Ross wrote: > I'm having a problem with getting conserver (8.1.12) working > with an SSL connection. I presume 8.1.12 doesn't need the > patch that you posted to the list, as it's release date is > after the date of this email. :-) correct...it's part of 8.1.12. > console: SSL negotiation failed > 2173:error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash > unavailable:../../../../common/openssl/ssl/t1_enc.c:449: > % > > I'm not sure what that means. This is on a solaris 10 > system, using the ssl libraries that are part of the > installed OS. These are OpenSSL as of about January > of 2005, but I can't see a version number in the package > info. The header suggests it is, or was, 0.9.7d. my best guess, based on the "cipher or hash unavailable" is that however solaris 10 has openssl configured, the anonymous ciphers aren't there. at least, that's my best bet. i tried a solaris 10 x86 host with openssl 0.9.7e (compiled from source) and it works just fine. if you create certificates (installed appropriately, etc) and it works, then that's probably it. it might be easier to just build openssl. on my box, i do "strings /usr/local/lib/libssl.a |grep -i ADH" and get: EXP-ADH-RC4-MD5 ADH-RC4-MD5 EXP-ADH-DES-CBC-SHA ADH-DES-CBC-SHA ADH-DES-CBC3-SHA ADH-AES128-SHA ADH-AES256-SHA ALL:!ADH:+RC4:@STRENGTH ALL:!ADH:+RC4:@STRENGTH i'm not sure if those disappear if you compile openssl without the anonymous ciphers. but if the library doesn't have references to them, that's probably it. hopefully something along those lines shed some light. Bryan From dj@gregor.com Tue Oct 4 19:56:03 2005 Received: from pine.he.net (pine.he.net [216.218.254.226]) by underdog.stansell.org (8.13.5/8.13.5) with SMTP id j952tube018293 for ; Tue, 4 Oct 2005 19:56:01 -0700 (PDT) Received: from IPv6:::1 ([66.148.172.114]) by pine.he.net for ; Tue, 4 Oct 2005 19:56:51 -0700 Mime-Version: 1.0 (Apple Message framework v623) In-Reply-To: <4342E332.9030109@distal.com> References: <20050602062918.GJ4552@underdog.stansell.org> <4342E332.9030109@distal.com> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <93b8fd42b3b363f593d04ec6b9f75a66@gregor.com> Content-Transfer-Encoding: 7bit From: DJ Gregor Subject: Re: SSL, certs, and conserver (fix included) Date: Tue, 4 Oct 2005 22:55:50 -0400 To: users@conserver.com X-Mailer: Apple Mail (2.623) X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Oct 2005 02:56:04 -0000 The OpenSSL libraries that ship in /usr/sfw on Solaris 10 are broken and/or don't work with most of the clients out there. You might want to check for a patch, install OpenSSL from Sun Freeware or Blastwave, or compile OpenSSL yourself. I had similar problems when compiling SSL apps a few months ago (in my case, an SSL-enabled version of WU-imapd). - djg On Oct 4, 2005, at 4:16 PM, Chris Ross wrote: > % console -x -p 782 > console: SSL negotiation failed > 2173:error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash > unavailable:../../../../common/openssl/ssl/t1_enc.c:449: > % > > I'm not sure what that means. This is on a solaris 10 > system, using the ssl libraries that are part of the > installed OS. These are OpenSSL as of about January > of 2005, but I can't see a version number in the package > info. The header suggests it is, or was, 0.9.7d. From phil@ticketmaster.com Mon Oct 10 18:33:52 2005 Received: from sun1rly1.tmcs.net (sun1rly1.tmcs.net [209.104.55.97]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9B1XiF6025063 for ; Mon, 10 Oct 2005 18:33:50 -0700 (PDT) Received: from corpmail.office.tmcs ([172.28.10.16]) by sun1rly1.tmcs.net (8.12.10/8.12.9/200406301403) with ESMTP id j9B1Xigj005724 for ; Mon, 10 Oct 2005 18:33:44 -0700 Received: from [172.28.61.111] (tm-sun1-111-61-28-172-dhcp.office.tmcs [172.28.61.111]) by corpmail.office.tmcs with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id PY0MRVVM; Mon, 10 Oct 2005 18:33:44 -0700 Message-ID: <434B1677.6040306@ticketmaster.com> Date: Mon, 10 Oct 2005 18:33:43 -0700 From: Phil Dibowitz User-Agent: Debian Thunderbird 1.0.6 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: users@conserver.com Subject: conserver -> cyclade, ssh timeouts X-Enigmail-Version: 0.92.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Oct 2005 01:33:52 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey folks, So I've brought conserver to my next company - or at least I'm trying to. ;) I'm having a problem where the ssh connection from conserver to the cyclades times out, and the ssh client sees it happen, and thus conserver sees it happen - but the cyclade never sees this happen, and thus the sock_sshd for that port lives on and the cyclade can never connect. I know this is more of a cyclades question and less of a conserver question - but I figure this is probably one of the best places to ask if anyone's run into this. Presumably the connection dies because there are firewalls in between the two boxes that limit inactive state timeouts. I've tried turning on keep alives on both sides... but haven't solved the problem... Thoughts? - -- Phil Dibowitz P: 310-360-2330 C: 213-923-5115 Unix Admin, Ticketmaster.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDSxZ39q0UmHR94IoRAqX3AJ0dWcwHJbS1qUCuEqAgNNcTSh7I3QCdEal9 1jfKR2mDmSxW33mcgxB6/38= =RAtv -----END PGP SIGNATURE----- From cfowler@outpostsentinel.com Mon Oct 10 18:49:53 2005 Received: from www.linuxiceberg.com (66-23-224-81.clients.speedfactory.net [66.23.224.81]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9B1niWR025213 for ; Mon, 10 Oct 2005 18:49:50 -0700 (PDT) Received: from [192.168.1.115] ([192.168.1.115]) by www.linuxiceberg.com (8.11.6/8.11.6) with ESMTP id j9B1oTT23648; Mon, 10 Oct 2005 21:50:29 -0400 Subject: Re: conserver -> cyclade, ssh timeouts From: Christopher Fowler To: Phil Dibowitz In-Reply-To: <434B1677.6040306@ticketmaster.com> References: <434B1677.6040306@ticketmaster.com> Content-Type: text/plain Date: Mon, 10 Oct 2005 21:49:38 -0400 Message-Id: <1128995378.25552.18.camel@shuttle.linxdev.com> Mime-Version: 1.0 X-Mailer: Evolution 2.0.4 (2.0.4-6) Content-Transfer-Encoding: 7bit X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Oct 2005 01:49:53 -0000 Tune the keep alives to be more often. I think the default is 7200 seconds. Make it 300? I had the same issue with VPN tunnels between devices that needed to stay connected but were quiet. I told pppd to send an echo packet every 60 seconds. That solved that problem. Some firewalls/routers may be intelligent enough to see a keep alive and not count it. I'm not a pro on that subject so I'm not sure. What concerns me most is why the Cyclades box does not see the failed connection. when this happens are you basically locked out of that port until you do something like a reboot on the Cyclades? If so I would call support and ask if there is a patch that fixes this. On Mon, 2005-10-10 at 18:33 -0700, Phil Dibowitz wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hey folks, > > So I've brought conserver to my next company - or at least I'm trying to. ;) > > I'm having a problem where the ssh connection from conserver to the > cyclades times out, and the ssh client sees it happen, and thus > conserver sees it happen - but the cyclade never sees this happen, and > thus the sock_sshd for that port lives on and the cyclade can never connect. > > I know this is more of a cyclades question and less of a conserver > question - but I figure this is probably one of the best places to ask > if anyone's run into this. > > Presumably the connection dies because there are firewalls in between > the two boxes that limit inactive state timeouts. > > I've tried turning on keep alives on both sides... but haven't solved > the problem... > > Thoughts? > > - -- > Phil Dibowitz > P: 310-360-2330 C: 213-923-5115 > Unix Admin, Ticketmaster.com > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > > iD8DBQFDSxZ39q0UmHR94IoRAqX3AJ0dWcwHJbS1qUCuEqAgNNcTSh7I3QCdEal9 > 1jfKR2mDmSxW33mcgxB6/38= > =RAtv > -----END PGP SIGNATURE----- > _______________________________________________ > users mailing list > users@conserver.com > https://www.conserver.com/mailman/listinfo/users From phil@ticketmaster.com Mon Oct 10 18:51:39 2005 Received: from sun1rly2.tmcs.net (sun1rly2.tmcs.net [209.104.55.98]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9B1pWY0025265 for ; Mon, 10 Oct 2005 18:51:37 -0700 (PDT) Received: from corpmail.office.tmcs ([172.28.10.16]) by sun1rly2.tmcs.net (8.12.10/8.12.9/200406301403) with ESMTP id j9B1pV3Q003045; Mon, 10 Oct 2005 18:51:31 -0700 Received: from [172.28.61.111] (tm-sun1-111-61-28-172-dhcp.office.tmcs [172.28.61.111]) by corpmail.office.tmcs with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id PY0MRWPK; Mon, 10 Oct 2005 18:51:31 -0700 Message-ID: <434B1AA3.6070204@ticketmaster.com> Date: Mon, 10 Oct 2005 18:51:31 -0700 From: Phil Dibowitz User-Agent: Debian Thunderbird 1.0.6 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Christopher Fowler Subject: Re: conserver -> cyclade, ssh timeouts References: <434B1677.6040306@ticketmaster.com> <1128995378.25552.18.camel@shuttle.linxdev.com> In-Reply-To: <1128995378.25552.18.camel@shuttle.linxdev.com> X-Enigmail-Version: 0.92.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Oct 2005 01:51:40 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Christopher Fowler wrote: > Tune the keep alives to be more often. I think the default is 7200 > seconds. Make it 300? > > I had the same issue with VPN tunnels between devices that needed to > stay connected but were quiet. I told pppd to send an echo packet every > 60 seconds. That solved that problem. > > Some firewalls/routers may be intelligent enough to see a keep alive and > not count it. I'm not a pro on that subject so I'm not sure. > > What concerns me most is why the Cyclades box does not see the failed > connection. when this happens are you basically locked out of that port > until you do something like a reboot on the Cyclades? If so I would > call support and ask if there is a patch that fixes this. I don't have to reboot, but yes, I'm locked out of the port until I log in and kill the sock_sshd process attached to that port. - -- Phil Dibowitz P: 310-360-2330 C: 213-923-5115 Unix Admin, Ticketmaster.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDSxqj9q0UmHR94IoRAjq/AJ91LWMVmOCCBWjosJk5SHlGdIXOKgCgkxk6 s3sMjqZ04UEop4o3ZN9BXi0= =Z4KU -----END PGP SIGNATURE----- From zonker@jeffk.com Mon Oct 10 22:01:17 2005 Received: from westernweb.com (rdns.162.240.218.216.fre.communitycolo.net [216.218.240.162]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9B518as026553 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 10 Oct 2005 22:01:13 -0700 (PDT) Received: from zonker by westernweb.com with local (Exim 4.54) id 1EPCC8-0000HX-TV for users@conserver.com; Mon, 10 Oct 2005 21:56:56 -0700 Date: Mon, 10 Oct 2005 21:56:56 -0700 From: "David K. Z. Harris" To: users@conserver.com Subject: Re: conserver -> cyclade, ssh timeouts Message-ID: <20051011045656.GA547@jeffk.com> References: <434B1677.6040306@ticketmaster.com> <1128995378.25552.18.camel@shuttle.linxdev.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1128995378.25552.18.camel@shuttle.linxdev.com> User-Agent: Mutt/1.4.2.1i Sender: "David K. Z. Harris" X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: zonker@jeffk.com X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Oct 2005 05:01:17 -0000 On Mon, Oct 10, 2005 at 09:49:38PM -0400, Christopher Fowler wrote: > Tune the keep alives to be more often. I think the default is 7200 > seconds. Make it 300? > > I had the same issue with VPN tunnels between devices that needed to > stay connected but were quiet. I told pppd to send an echo packet every > 60 seconds. That solved that problem. > > Some firewalls/routers may be intelligent enough to see a keep alive and > not count it. I'm not a pro on that subject so I'm not sure. > > What concerns me most is why the Cyclades box does not see the failed > connection. when this happens are you basically locked out of that port > until you do something like a reboot on the Cyclades? If so I would > call support and ask if there is a patch that fixes this. > > On Mon, 2005-10-10 at 18:33 -0700, Phil Dibowitz wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > I'm having a problem where the ssh connection from conserver to the > > cyclades times out, and the ssh client sees it happen, and thus > > conserver sees it happen - but the cyclade never sees this happen, and > > thus the sock_sshd for that port lives on and the cyclade can never connect. > > > > I know this is more of a cyclades question and less of a conserver > > question - but I figure this is probably one of the best places to ask > > if anyone's run into this. > > > > Presumably the connection dies because there are firewalls in between > > the two boxes that limit inactive state timeouts. > > > > I've tried turning on keep alives on both sides... but haven't solved > > the problem... I'm with Charlie on this one...when Phil says "the ssh client sees it happen", does this mean that the SSH session from the Conserver host to the Cyclades port recieved a FIN, to close the session? If so, can you tell if the firewall sent the FIN (maybe because it was going to drop an idle connection?), or did the SSH client itself timeout, and try to send a FIN to the Cyclades, while closing the connection to Conserver? Maybe the firewall has closed the idle-looking session by then. In the 'plain vanilla' telnet world, it was pretty common to see a reverse TCP session (or many) be initialized, and then have the host crash, or otherwise need to be rebooted. At that point, the host had no chance to send a FIN to any of the reverse TCP sessions prior to the reboot, and all of those sessions were lost in the reboot. When the host recovered, and tried to re-make the reverse TCP sessions, it woudl be refused, as the sessions were already in use... On the console server, the session is still established. Just because it hasn't heard from the host doesn't mean there is a problem. BUT, if something comes in the serial port, and the console server tries to send it to the coresponding session on the host, the host never answers, and the Console Server will close *that* session because the host was not answering. If nothing comes in the serial port, to stimulate that action, the session could stay up indefinitely. In these cases, you woul dneed to log into the conosle server, attain elevated privileges, and "clear" or "reset" the line(s) in question. An ugly solution, but the alternative is rebooting the Console Server. (Clearing the lines manually will preserve the uptime on your Console Server, if such metrics are important to you. ;-) I like the 60-second timeout. A bit chatty, but not bad. Which firewall or VPN solution are you trying to plumb this through? :-) -Z- From nhruby@uga.edu Tue Oct 11 06:50:33 2005 Received: from askew.ucns.uga.edu (askew.ucns.uga.edu [128.192.6.44]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9BDoPhS006094 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 11 Oct 2005 06:50:31 -0700 (PDT) Received: from askew.ucns.uga.edu (localhost.localdomain [127.0.0.1]) by askew.ucns.uga.edu (8.12.11/8.12.11) with ESMTP id j9BDoLl1031310 for ; Tue, 11 Oct 2005 09:50:22 -0400 Received: from localhost (nathan@localhost) by askew.ucns.uga.edu (8.12.11/8.12.11/Submit) with ESMTP id j9BDoL6f031306 for ; Tue, 11 Oct 2005 09:50:21 -0400 X-Authentication-Warning: askew.ucns.uga.edu: nathan owned process doing -bs Date: Tue, 11 Oct 2005 09:50:21 -0400 (EDT) From: "nathan r. hruby" X-X-Sender: nathan@askew.ucns.uga.edu To: users@conserver.com Subject: Re: conserver -> cyclade, ssh timeouts In-Reply-To: <434B1677.6040306@ticketmaster.com> Message-ID: References: <434B1677.6040306@ticketmaster.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Oct 2005 13:50:33 -0000 On Mon, 10 Oct 2005, Phil Dibowitz wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hey folks, > > So I've brought conserver to my next company - or at least I'm trying to. ;) > > I'm having a problem where the ssh connection from conserver to the > cyclades times out, and the ssh client sees it happen, and thus > conserver sees it happen - but the cyclade never sees this happen, and > thus the sock_sshd for that port lives on and the cyclade can never connect. > > I know this is more of a cyclades question and less of a conserver > question - but I figure this is probably one of the best places to ask > if anyone's run into this. > FWIW, cyclades has a mailing list for users at cyusers@cyclades.com. It's a very low traffic list and their support folks and lower middle management do monitor the list and take problem reports seriously. This list is not easy to find on their website, which I think is part of the reason it's low traffic :) HTH, -n -- ------------------------------------------- nathan hruby uga enterprise information technology services production systems support ------------------------------------------- From phil@ticketmaster.com Tue Oct 11 10:37:38 2005 Received: from sun1rly4.tmcs.net (sun1rly4.tmcs.net [209.104.55.100]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9BHbU6o007641 for ; Tue, 11 Oct 2005 10:37:35 -0700 (PDT) Received: from corpmail.office.tmcs ([172.28.10.16]) by sun1rly4.tmcs.net (8.12.10/8.12.9/200406301403) with ESMTP id j9BHbTLt002179; Tue, 11 Oct 2005 10:37:29 -0700 Received: from [172.28.61.111] (tm-sun1-111-61-28-172-dhcp.office.tmcs [172.28.61.111]) by corpmail.office.tmcs with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id PY0MT3CQ; Tue, 11 Oct 2005 10:37:29 -0700 Message-ID: <434BF855.1090401@ticketmaster.com> Date: Tue, 11 Oct 2005 10:37:25 -0700 From: Phil Dibowitz User-Agent: Debian Thunderbird 1.0.7 (X11/20051001) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "nathan r. hruby" Subject: Re: conserver -> cyclade, ssh timeouts References: <434B1677.6040306@ticketmaster.com> In-Reply-To: X-Enigmail-Version: 0.92.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Oct 2005 17:37:38 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 nathan r. hruby wrote: > On Mon, 10 Oct 2005, Phil Dibowitz wrote: > > >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>Hey folks, >> >>So I've brought conserver to my next company - or at least I'm trying to. ;) >> >>I'm having a problem where the ssh connection from conserver to the >>cyclades times out, and the ssh client sees it happen, and thus >>conserver sees it happen - but the cyclade never sees this happen, and >>thus the sock_sshd for that port lives on and the cyclade can never connect. >> >>I know this is more of a cyclades question and less of a conserver >>question - but I figure this is probably one of the best places to ask >>if anyone's run into this. >> > > > FWIW, cyclades has a mailing list for users at cyusers@cyclades.com. It's > a very low traffic list and their support folks and lower middle > management do monitor the list and take problem reports seriously. This > list is not easy to find on their website, which I think is part of the > reason it's low traffic :) Sweet! Some extra hunting and I found the subscription page. It is well hidden. ;) Thanks, I'll post this over there, and I'll also call them today (no one here is clear if we're still under warantee or not). - -- Phil Dibowitz P: 310-360-2330 C: 213-923-5115 Unix Admin, Ticketmaster.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDS/hV9q0UmHR94IoRAnLLAJ421ZuPrl0LlARcS0a3YLZPYhSrbACeNE7K NW7jIPoYe6ShN+HPUBz7GzM= =GnqM -----END PGP SIGNATURE----- From cpz@tuunq.com Tue Oct 11 11:08:35 2005 Received: from mail.tuunq.com (64-142-29-64.dsl.static.sonic.net [64.142.29.64]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9BI8SI3007923 for ; Tue, 11 Oct 2005 11:08:34 -0700 (PDT) Received: by mail.tuunq.com (Postfix, from userid 100) id A2BFC7AE; Tue, 11 Oct 2005 11:08:25 -0700 (PDT) Subject: Re: conserver -> cyclade, ssh timeouts In-Reply-To: <434BF855.1090401@ticketmaster.com> from Phil Dibowitz at "Oct 11, 2005 10:37:25 am" To: Phil Dibowitz Date: Tue, 11 Oct 2005 11:08:24 -0700 (PDT) X-Mailer: ELM [version 2.4ME+ PL66 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20051011180825.A2BFC7AE@mail.tuunq.com> From: cpz@tuunq.com (Carl Zwanzig) X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Oct 2005 18:08:36 -0000 In a flurry of recycled electrons, Phil Dibowitz wrote: > Sweet! Some extra hunting and I found the subscription page. > > It is well hidden. ;) Share (& Enjoy)? z! From cross+conserver@distal.com Tue Oct 11 14:50:27 2005 Received: from omzesmtp03.mci.com (omzesmtp03.mci.com [199.249.17.11]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9BLoLqX009588; Tue, 11 Oct 2005 14:50:27 -0700 (PDT) Received: from dgismtp06.wcomnet.com ([166.38.58.89]) by firewall.mci.com (Iplanet MTA 5.2) with ESMTP id <0IO700BDTTZWQR@firewall.mci.com>; Tue, 11 Oct 2005 21:50:20 +0000 (GMT) Received: from dgismtp06.wcomnet.com by dgismtp06.mcilink.com (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with SMTP id <0IO700I01TY07A@dgismtp06.mcilink.com>; Tue, 11 Oct 2005 21:50:20 +0000 (GMT) Received: from [131.146.12.24] by dgismtp06.mcilink.com (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with ESMTP id <0IO700HAYTZUS6@dgismtp06.mcilink.com>; Tue, 11 Oct 2005 21:50:18 +0000 (GMT) Date: Tue, 11 Oct 2005 17:50:15 -0400 From: Chris Ross Subject: Re: SSL, certs, and conserver (fix included) In-reply-to: <20051004230730.GD19884@underdog.stansell.org> To: Bryan Stansell Message-id: <434C3397.5040201@distal.com> MIME-version: 1.0 Content-type: text/plain; format=flowed; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) References: <20050602062918.GJ4552@underdog.stansell.org> <4342E332.9030109@distal.com> <20051004230730.GD19884@underdog.stansell.org> X-Spam-Score: -4.901 () BAYES_00,UPPERCASE_25_50 X-Scanned-By: MIMEDefang 2.39 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Oct 2005 21:50:29 -0000 Bryan Stansell wrote: > on my box, i do "strings /usr/local/lib/libssl.a |grep -i ADH" and get: > > EXP-ADH-RC4-MD5 > ADH-RC4-MD5 > EXP-ADH-DES-CBC-SHA > ADH-DES-CBC-SHA > ADH-DES-CBC3-SHA > ADH-AES128-SHA > ADH-AES256-SHA > ALL:!ADH:+RC4:@STRENGTH > ALL:!ADH:+RC4:@STRENGTH > > i'm not sure if those disappear if you compile openssl without the > anonymous ciphers. but if the library doesn't have references to them, > that's probably it. Sorry it took me so long to get back to this... Sadly, that doesn't tell me much. I get: % strings /usr/sfw/lib/libssl.so.0.9.7 |grep -i ADH EXP-ADH-RC4-MD5 ADH-RC4-MD5 EXP-ADH-DES-CBC-SHA ADH-DES-CBC-SHA ADH-DES-CBC3-SHA ADH-AES128-SHA ADH-AES256-SHA ALL:!DHE-RSA-AES256-SHA:!DHE-DSS-AES256-SHA:!AES256-SHA:!ADH:+RC4:@STRENGTH ALL:!DHE-RSA-AES256-SHA:!DHE-DSS-AES256-SHA:!AES256-SHA:!ADH:+RC4:@STRENGTH ALL:!DHE-RSA-AES256-SHA:!DHE-DSS-AES256-SHA:!AES256-SHA:!ADH:+RC4:@STRENGTH % So, about the same thing... Anyone have any idea if I can compile a program against the libraries to confirm or debate the suspicion that my conserver SSL problems are based on the way OpenSSL was modified and/or built? Or a suggestion as to what calls I would use to write one myself... Thanks... - Chris From cross+conserver@distal.com Thu Oct 13 10:13:56 2005 Received: from pmesmtp02.mci.com (pmesmtp02.wcom.com [199.249.20.2]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9DHDnqq007886; Thu, 13 Oct 2005 10:13:54 -0700 (PDT) Received: from dgismtp01.wcomnet.com ([166.38.58.141]) by firewall.mci.com (Iplanet MTA 5.2) with ESMTP id <0IOB0073A6IY6G@firewall.mci.com>; Thu, 13 Oct 2005 17:13:46 +0000 (GMT) Received: from dgismtp01.wcomnet.com by dgismtp01.mcilink.com (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with SMTP id <0IOB009016GL4M@dgismtp01.mcilink.com>; Thu, 13 Oct 2005 17:13:46 +0000 (GMT) Received: from [153.39.148.200] by dgismtp01.mcilink.com (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with ESMTP id <0IOB009FI6IE3R@dgismtp01.mcilink.com>; Thu, 13 Oct 2005 17:13:26 +0000 (GMT) Date: Thu, 13 Oct 2005 13:13:25 -0400 From: Chris Ross Subject: Re: SSL, certs, and conserver (fix included) In-reply-to: <434C3397.5040201@distal.com> To: Bryan Stansell Message-id: <434E95B5.8030805@distal.com> MIME-version: 1.0 Content-type: text/plain; format=flowed; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050720) References: <20050602062918.GJ4552@underdog.stansell.org> <4342E332.9030109@distal.com> <20051004230730.GD19884@underdog.stansell.org> <434C3397.5040201@distal.com> X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Oct 2005 17:13:57 -0000 Okay. So I got back to this. It appears that even with my own compiled OpenSSL, I'm still getting a problem. I no longer get the error from within the SSL library that I was getting with the OpenSSL that solaris ships, but if I run conserver and console compiled against static libssl and libcrypto from either 0.9.7d or 0.9.7h, the server runs, and the client exits saying: % console -x console: SSL negotiation failed % At this point, the server reports: [Thu Oct 13 13:09:11 2005] conserver (4041): ERROR: FileSSLAccept(): SSL error on fd 5 So. Even less debugging information. :-( Anyone have any idea what's going on here? Bryan? - Chris From bryan@stansell.org Thu Oct 13 16:34:33 2005 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9DNYXeb010857 for ; Thu, 13 Oct 2005 16:34:33 -0700 (PDT) Received: (from bryan@localhost) by underdog.stansell.org (8.13.5/8.13.5/Submit) id j9DNYX22010856 for users@conserver.com; Thu, 13 Oct 2005 16:34:33 -0700 (PDT) Date: Thu, 13 Oct 2005 16:34:33 -0700 From: Bryan Stansell To: users@conserver.com Subject: Re: SSL, certs, and conserver (fix included) Message-ID: <20051013233433.GN19884@underdog.stansell.org> References: <20050602062918.GJ4552@underdog.stansell.org> <4342E332.9030109@distal.com> <20051004230730.GD19884@underdog.stansell.org> <434C3397.5040201@distal.com> <434E95B5.8030805@distal.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <434E95B5.8030805@distal.com> User-Agent: Mutt/1.4.2.1i X-Scanned-By: MIMEDefang 2.39 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Oct 2005 23:34:34 -0000 well, i'm seriously lacking on ideas. can you show me a 'conserver -V', so i know how it was compiled, etc? and can you make sure that you're using one version of conserver (not picking up the wrong binary because of multiple installs or a $PATH issue or something)? and perhaps the conserver.cf (with whatever you want made generic). or, better yet, if you point conserver to the test/test1.cf config file and try things with that, does it produce the same issue? i can't reproduce the problem, so i'm fishin'... Bryan From cross+conserver@distal.com Wed Oct 19 11:57:59 2005 Received: from pmesmtp03.mci.com (pmesmtp03.mci.com [199.249.20.32]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9JIvki0003685; Wed, 19 Oct 2005 11:57:56 -0700 (PDT) Received: from pmismtp05.wcomnet.com ([166.38.62.53]) by firewall.mci.com (Iplanet MTA 5.2) with ESMTP id <0IOM00JINFA6QE@firewall.mci.com>; Wed, 19 Oct 2005 18:56:30 +0000 (GMT) Received: from pmismtp05.wcomnet.com by pmismtp05.mcilink.com (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with SMTP id <0IOM00E01F6JIC@pmismtp05.mcilink.com>; Wed, 19 Oct 2005 18:56:30 +0000 (GMT) Received: from [153.39.148.200] by pmismtp05.mcilink.com (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with ESMTP id <0IOM00DNVF8EMU@pmismtp05.mcilink.com>; Wed, 19 Oct 2005 18:55:27 +0000 (GMT) Date: Wed, 19 Oct 2005 14:55:26 -0400 From: Chris Ross Subject: Re: SSL, certs, and conserver (fix included) In-reply-to: <20051013233433.GN19884@underdog.stansell.org> To: Bryan Stansell Message-id: <4356969E.6090908@distal.com> MIME-version: 1.0 Content-type: text/plain; format=flowed; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050720) References: <20050602062918.GJ4552@underdog.stansell.org> <4342E332.9030109@distal.com> <20051004230730.GD19884@underdog.stansell.org> <434C3397.5040201@distal.com> <434E95B5.8030805@distal.com> <20051013233433.GN19884@underdog.stansell.org> X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Oct 2005 18:58:00 -0000 Bryan Stansell wrote: > well, i'm seriously lacking on ideas. can you show me a 'conserver -V', > so i know how it was compiled, etc? and can you make sure that you're > using one version of conserver (not picking up the wrong binary because > of multiple installs or a $PATH issue or something)? and perhaps the > conserver.cf (with whatever you want made generic). or, better yet, if > you point conserver to the test/test1.cf config file and try things with > that, does it produce the same issue? Okay. I did the latter. The conserver -V produces: conserver: conserver.com version 8.1.12 conserver: default access type `r' conserver: default escape sequence `^Ec' conserver: default configuration in `/etc/conserver/conserver.cf' conserver: default password in `/etc/conserver/conserver.passwd' conserver: default logfile is `/var/log/conserver' conserver: default pidfile is `/var/run/conserver.pid' conserver: default limit is 16 members per group conserver: default primary port referenced as `782' conserver: default secondary base port referenced as `0' conserver: options: libwrap, openssl, pam conserver: openssl version: OpenSSL 0.9.7d 17 Mar 2004 conserver: built with `./configure --sysconfdir=/etc/conserver --prefix=/usr/local --with-openssl=/usr/sfw --with-pam --with-libwrap --with-port=782 --with-master=sesirm-console' But, despite the --with-openssl, I whacked the makefile so that it built with a libssl.a and libcrypto.a that I built. ldd confirms it doesn't link with the Solaris libssl.so and libcrypto.so (solaris doesn't ship .a versions of those libs). When I run it with test/test1.cf, it says: # /usr/local/sbin/conserver -C /tmp/conserver-8.1.12/test/test1.cf [Wed Oct 19 14:48:46 2005] conserver (6010): conserver.com version 8.1.12 [Wed Oct 19 14:48:46 2005] conserver (6010): started as `root' by `cross' [Wed Oct 19 14:50:19 2005] conserver (6010): ERROR: FileSSLAccept(): SSL error on fd 5 ^C[Wed Oct 19 14:51:03 2005] conserver (6010): terminated # That ERROR line was produced when I ran the client, as follows: % /usr/local/bin/console -x sesirm-console: access from your host refused % /usr/local/bin/console -M 127.0.0.1 -x console: SSL negotiation failed % Obviously, only the second one succeeded, and produced the error listed above. I don't know if this helps at all, or not. If you can suggest to me where in the code I should start debugging, I can do that. I'm pretty good at code, but could use a pointer as to where to start sticking in the debugging printf's. :-) - Chris From cross+conserver@distal.com Wed Oct 19 12:18:37 2005 Received: from omzesmtp03.mci.com (omzesmtp03.mci.com [199.249.17.11]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9JJITs7003879; Wed, 19 Oct 2005 12:18:35 -0700 (PDT) Received: from pmismtp06.wcomnet.com ([166.38.62.54]) by firewall.mci.com (Iplanet MTA 5.2) with ESMTP id <0IOM007LLGAOQ3@firewall.mci.com>; Wed, 19 Oct 2005 19:18:24 +0000 (GMT) Received: from pmismtp06.wcomnet.com by pmismtp06.mcilink.com (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with SMTP id <0IOM00C01G9FK4@pmismtp06.mcilink.com>; Wed, 19 Oct 2005 19:18:24 +0000 (GMT) Received: from [153.39.148.200] by pmismtp06.mcilink.com (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with ESMTP id <0IOM00CLLG8ABW@pmismtp06.mcilink.com>; Wed, 19 Oct 2005 19:16:59 +0000 (GMT) Date: Wed, 19 Oct 2005 15:16:58 -0400 From: Chris Ross Subject: Re: SSL, certs, and conserver (fix included) In-reply-to: <4356969E.6090908@distal.com> To: Bryan Stansell Message-id: <43569BAA.5040308@distal.com> MIME-version: 1.0 Content-type: text/plain; format=flowed; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050720) References: <20050602062918.GJ4552@underdog.stansell.org> <4342E332.9030109@distal.com> <20051004230730.GD19884@underdog.stansell.org> <434C3397.5040201@distal.com> <434E95B5.8030805@distal.com> <20051013233433.GN19884@underdog.stansell.org> <4356969E.6090908@distal.com> X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Oct 2005 19:18:38 -0000 Ah-ha. Okay, I'm still curious what was wrong. But, I was a bit more careful about what include files I used, and what libraries I used. I think I had previously tried with both 0.9.7d, and 0.9.7h. But, it appears I didn't try 0.9.7h *right*. I made sure to *not* use the installed (0.9.7d) include files, and use the 0.9.7h include files, and static libraries. Now I get a binary that works correctly. The same compilation process, with 0.9.7d and the installed headers, yields the same error... # /usr/local/sbin/conserver -C /tmp/conserver-8.1.12/test/test1.cf -V conserver: conserver.com version 8.1.12 conserver: default access type `r' conserver: default escape sequence `^Ec' conserver: default configuration in `/etc/conserver/conserver.cf' conserver: default password in `/etc/conserver/conserver.passwd' conserver: default logfile is `/var/log/conserver' conserver: default pidfile is `/var/run/conserver.pid' conserver: default limit is 16 members per group conserver: default primary port referenced as `782' conserver: default secondary base port referenced as `0' conserver: options: libwrap, openssl, pam conserver: openssl version: OpenSSL 0.9.7h 11 Oct 2005 conserver: built with `./configure --sysconfdir=/etc/conserver --prefix=/usr/local --with-openssl=/tmp/conserver-8.1.12/openssl --with-pam --with-libwrap --with-port=782 --with-master=sesirm-console' # > % /usr/local/bin/console -M 127.0.0.1 -x > console: SSL negotiation failed > % % /usr/local/bin/console -M 127.0.0.1 -x shell2 on /dev/pts/2 at Local shell on /dev/pts/3 at Local % Tho, it now occurs to me, maybe it's the installed header files. Could the installed header files be messed up such that something fails, even if the library itself isn't messed up? Hmm, let me test that... Hmm, no, even making sure to compile against the headers that ship with openssl-0.9.7d, it still fails in the same way. So, I have a workaround now, but would like to know if you knew that it required something above 0.9.7d? Thanks... - Chris From bryan@stansell.org Wed Oct 19 15:20:54 2005 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9JMKsKt013323 for ; Wed, 19 Oct 2005 15:20:54 -0700 (PDT) Received: (from bryan@localhost) by underdog.stansell.org (8.13.5/8.13.5/Submit) id j9JMKsEo013322 for users@conserver.com; Wed, 19 Oct 2005 15:20:54 -0700 (PDT) Date: Wed, 19 Oct 2005 15:20:54 -0700 From: Bryan Stansell To: users@conserver.com Subject: Re: SSL, certs, and conserver (fix included) Message-ID: <20051019222054.GB9517@underdog.stansell.org> References: <20050602062918.GJ4552@underdog.stansell.org> <4342E332.9030109@distal.com> <20051004230730.GD19884@underdog.stansell.org> <434C3397.5040201@distal.com> <434E95B5.8030805@distal.com> <20051013233433.GN19884@underdog.stansell.org> <4356969E.6090908@distal.com> <43569BAA.5040308@distal.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <43569BAA.5040308@distal.com> User-Agent: Mutt/1.4.2.1i X-Scanned-By: MIMEDefang 2.39 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Oct 2005 22:20:55 -0000 > Hmm, no, even making sure to compile against the > headers that ship with openssl-0.9.7d, it still > fails in the same way. > > So, I have a workaround now, but would like to > know if you knew that it required something above > 0.9.7d? Thanks... i didn't know (or expect) a requirement of using something newer than 0.9.7d. the code used to work with 0.9.6, etc. something could very well have changed such that it's not backward compatible any more - in some way. surprisingly, i have openssl-0.9.7d (as well as a handful of other versions on my box). here's two (0.9.7d and 0.9.7c): underdog 9067:$ ./conserver/conserver -V conserver: conserver.com version 8.1.12 conserver: default access type `r' conserver: default escape sequence `^Ec' conserver: default configuration in `/usr/local/etc/conserver.cf' conserver: default password in `/usr/local/etc/conserver.passwd' conserver: default logfile is `/var/log/conserver' conserver: default pidfile is `/var/run/conserver.pid' conserver: default limit is 16 members per group conserver: default primary port referenced as `9999' conserver: default secondary base port referenced as `0' conserver: options: openssl, pam conserver: openssl version: OpenSSL 0.9.7d 17 Mar 2004 conserver: built with `./configure --with-pam --with-openssl=/tools/openssl-0.9.7d --with-port=9999 --with-master=localhost' underdog 9076:$ ./conserver/conserver -V conserver: conserver.com version 8.1.12 conserver: default access type `r' conserver: default escape sequence `^Ec' conserver: default configuration in `/usr/local/etc/conserver.cf' conserver: default password in `/usr/local/etc/conserver.passwd' conserver: default logfile is `/var/log/conserver' conserver: default pidfile is `/var/run/conserver.pid' conserver: default limit is 16 members per group conserver: default primary port referenced as `9999' conserver: default secondary base port referenced as `0' conserver: options: openssl, pam conserver: openssl version: OpenSSL 0.9.7c 30 Sep 2003 conserver: built with `./configure --with-pam --with-openssl=/tools/openssl-0.9.7c --with-port=9999 --with-master=localhost' both work just fine. so, i'm not sure if there's something with the solaris distribution or what, but it's obviously not "happy". if someone can point out some way in which the conserver code is bad, cool...i'm more than happy to fix it. but right now, i'm going to just assume the solaris distribution is broken/limited/disfunctional. i'm glad it's working for you now! Bryan From batkins@tlcdelivers.com Mon Oct 24 08:05:25 2005 Received: from mail.tlcdelivers.com (mail.tlcdelivers.com [12.145.56.9]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9OF5CM6002580 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 24 Oct 2005 08:05:23 -0700 (PDT) Received: from [10.10.59.97] ([10.10.59.97]) (authenticated bits=0) by mail.tlcdelivers.com (8.13.4/8.13.4) with ESMTP id j9OEw5Ks031125 for ; Mon, 24 Oct 2005 10:58:05 -0400 Message-ID: <435CF741.3050703@tlcdelivers.com> Date: Mon, 24 Oct 2005 11:01:21 -0400 From: Brian Atkins User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: users@conserver.com Subject: Getting started with conserver Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-TLC-MailScanner-Information: Please contact the TLC Postmaster X-TLC-MailScanner: Found to be clean X-TLC-MailScanner-From: batkins@tlcdelivers.com X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Oct 2005 15:05:26 -0000 Good morning. I'm just getting started with conserver and have been been trying to deploy it in a test environment prior to moving it into production. Although the FAQ's and docs on the site are limited, they appear to be relatively clear. However, after doing the basic "configure, make, make install", setting up the conserver.cf and conserver.passwd files, I am getting the following error when running `conserver -d`: # conserver -vd [Mon Oct 24 10:50:58 2005] conserver (11072): conserver.com version 8.1.12 [Mon Oct 24 10:50:58 2005] conserver (11072): started as `root' by `root' [Mon Oct 24 10:50:58 2005] conserver (11072): INFO: interface address 127.0.0.1 (lo) [Mon Oct 24 10:50:58 2005] conserver (11072): INFO: interface address 10.10.59.55 (eth0) [Mon Oct 24 10:50:58 2005] conserver (11072): ERROR: getservbyname(conserver) failed The best I can figure is that the reference for conserver is not found in /etc/services? Also, there is no mention of it on the site, but I don't see anything that mentions a service listening on the client side. Right now I have the menu.lst (grub) configured with: default 0 timeout 8 gfxmenu (hd0,1)/boot/message serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1 terminal --timeout=10 serial console title SUSE LINUX 9.3 kernel (hd0,1)/boot/vmlinuz root=/dev/hda2 selinux=0 \ console=ttyS0,9600n8 x11i=vesa resume=/dev/hda1 showopts initrd (hd0,1)/boot/initrd Which, by all rights, should accept logins via ttyS0. Any input or better documentation available? Thanks, -- Brian "An adventure is never an adventure when it’s happening. Challenging experiences need time to ferment, and adventure is simply physical and emotional comfort recollected in tranquility." - Tim Cahill (Hold the Enlightenment - 2002) From brodie@mcw.edu Mon Oct 24 08:10:24 2005 Received: from guyton.phys.mcw.edu (guyton.phys.mcw.edu [141.106.188.33]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9OFAFBc002637 for ; Mon, 24 Oct 2005 08:10:21 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: Getting started with conserver Date: Mon, 24 Oct 2005 10:10:14 -0500 Message-ID: <8F78639AC56F4143B267FE5F5A1B92C8C981@guyton.phys.mcw.edu> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Getting started with conserver Thread-Index: AcXYrK7l1DTa0eyxQ6aqiYIHaf7ZhwAADAtg From: "Brodie, Kent" To: "Brian Atkins" X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by underdog.stansell.org id j9OFAFBc002637 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Oct 2005 15:10:24 -0000 Brian-- You're close... what it means is that you need an entry in your /etc/hosts file that identifies the node as the conserver node. For example, a line in my /etc/hosts files looks like: 127.0.0.1 localhost.localdomain localhost conserver console -----Original Message----- From: users-bounces@conserver.com [mailto:users-bounces@conserver.com] On Behalf Of Brian Atkins Sent: Monday, October 24, 2005 10:01 AM To: users@conserver.com Subject: Getting started with conserver Good morning. I'm just getting started with conserver and have been been trying to deploy it in a test environment prior to moving it into production. Although the FAQ's and docs on the site are limited, they appear to be relatively clear. However, after doing the basic "configure, make, make install", setting up the conserver.cf and conserver.passwd files, I am getting the following error when running `conserver -d`: # conserver -vd [Mon Oct 24 10:50:58 2005] conserver (11072): conserver.com version 8.1.12 [Mon Oct 24 10:50:58 2005] conserver (11072): started as `root' by `root' [Mon Oct 24 10:50:58 2005] conserver (11072): INFO: interface address 127.0.0.1 (lo) [Mon Oct 24 10:50:58 2005] conserver (11072): INFO: interface address 10.10.59.55 (eth0) [Mon Oct 24 10:50:58 2005] conserver (11072): ERROR: getservbyname(conserver) failed The best I can figure is that the reference for conserver is not found in /etc/services? Also, there is no mention of it on the site, but I don't see anything that mentions a service listening on the client side. Right now I have the menu.lst (grub) configured with: default 0 timeout 8 gfxmenu (hd0,1)/boot/message serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1 terminal --timeout=10 serial console title SUSE LINUX 9.3 kernel (hd0,1)/boot/vmlinuz root=/dev/hda2 selinux=0 \ console=ttyS0,9600n8 x11i=vesa resume=/dev/hda1 showopts initrd (hd0,1)/boot/initrd Which, by all rights, should accept logins via ttyS0. Any input or better documentation available? Thanks, -- Brian "An adventure is never an adventure when it's happening. Challenging experiences need time to ferment, and adventure is simply physical and emotional comfort recollected in tranquility." - Tim Cahill (Hold the Enlightenment - 2002) _______________________________________________ users mailing list users@conserver.com https://www.conserver.com/mailman/listinfo/users From batkins@tlcdelivers.com Mon Oct 24 08:25:01 2005 Received: from mail.tlcdelivers.com (mail.tlcdelivers.com [12.145.56.9]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9OFOqpK002825 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 24 Oct 2005 08:24:58 -0700 (PDT) Received: from [10.10.59.97] ([10.10.59.97]) (authenticated bits=0) by mail.tlcdelivers.com (8.13.4/8.13.4) with ESMTP id j9OFFMr5002114; Mon, 24 Oct 2005 11:15:22 -0400 Message-ID: <435CFB4E.2080409@tlcdelivers.com> Date: Mon, 24 Oct 2005 11:18:38 -0400 From: Brian Atkins User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Brodie, Kent" Subject: Re: Getting started with conserver References: <8F78639AC56F4143B267FE5F5A1B92C8C981@guyton.phys.mcw.edu> In-Reply-To: <8F78639AC56F4143B267FE5F5A1B92C8C981@guyton.phys.mcw.edu> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-TLC-MailScanner-Information: Please contact the TLC Postmaster X-TLC-MailScanner: Found to be clean X-TLC-MailScanner-From: batkins@tlcdelivers.com X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Oct 2005 15:25:02 -0000 Like this?: # more /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost conserver\ console I still get: # conserver -vd [Mon Oct 24 11:14:33 2005] conserver (11085): conserver.com version 8.1.12 [Mon Oct 24 11:14:33 2005] conserver (11085): started as `root' by `root' [Mon Oct 24 11:14:33 2005] conserver (11085): INFO: interface address 127.0.0.1 (lo) [Mon Oct 24 11:14:33 2005] conserver (11085): INFO: interface address 10.10.59.55 (eth0) [Mon Oct 24 11:14:33 2005] conserver (11085): ERROR: getservbyname(conserver) failed Brodie, Kent wrote: > Brian-- > > You're close... what it means is that you need an entry in your > /etc/hosts file that identifies the node as the conserver node. > > For example, a line in my /etc/hosts files looks like: > > 127.0.0.1 localhost.localdomain localhost conserver > console > > > > > > -----Original Message----- > From: users-bounces@conserver.com [mailto:users-bounces@conserver.com] > On Behalf Of Brian Atkins > Sent: Monday, October 24, 2005 10:01 AM > To: users@conserver.com > Subject: Getting started with conserver > > Good morning. I'm just getting started with conserver and have been been > > trying to deploy it in a test environment prior to moving it into > production. Although the FAQ's and docs on the site are limited, they > appear to be relatively clear. > > However, after doing the basic "configure, make, make install", setting > up the conserver.cf and conserver.passwd files, I am getting the > following error when running `conserver -d`: > > # conserver -vd > [Mon Oct 24 10:50:58 2005] conserver (11072): conserver.com version > 8.1.12 > [Mon Oct 24 10:50:58 2005] conserver (11072): started as `root' by > `root' > [Mon Oct 24 10:50:58 2005] conserver (11072): INFO: interface address > 127.0.0.1 (lo) > [Mon Oct 24 10:50:58 2005] conserver (11072): INFO: interface address > 10.10.59.55 (eth0) > [Mon Oct 24 10:50:58 2005] conserver (11072): ERROR: > getservbyname(conserver) failed > > The best I can figure is that the reference for conserver is not found > in /etc/services? > > Also, there is no mention of it on the site, but I don't see anything > that mentions a service listening on the client side. Right now I have > the menu.lst (grub) configured with: > > default 0 > timeout 8 > gfxmenu (hd0,1)/boot/message > serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1 > terminal --timeout=10 serial console > title SUSE LINUX 9.3 > kernel (hd0,1)/boot/vmlinuz root=/dev/hda2 selinux=0 \ > console=ttyS0,9600n8 x11i=vesa resume=/dev/hda1 showopts > initrd (hd0,1)/boot/initrd > > Which, by all rights, should accept logins via ttyS0. > > Any input or better documentation available? > > Thanks, > -- Brian Atkins The Library Corporation Research Park Inwood, WV 25428 Toll Free 800.624.0559 Local Ph 304.229.0100 Fax 304.229.0295 "An adventure is never an adventure when it’s happening. Challenging experiences need time to ferment, and adventure is simply physical and emotional comfort recollected in tranquility." - Tim Cahill (Hold the Enlightenment - 2002) From bryan@stansell.org Mon Oct 24 08:52:00 2005 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9OFq0pR003058 for ; Mon, 24 Oct 2005 08:52:00 -0700 (PDT) Received: (from bryan@localhost) by underdog.stansell.org (8.13.5/8.13.5/Submit) id j9OFq0xe003057 for users@conserver.com; Mon, 24 Oct 2005 08:52:00 -0700 (PDT) Date: Mon, 24 Oct 2005 08:52:00 -0700 From: Bryan Stansell To: users@conserver.com Subject: Re: Getting started with conserver Message-ID: <20051024155200.GF9517@underdog.stansell.org> References: <8F78639AC56F4143B267FE5F5A1B92C8C981@guyton.phys.mcw.edu> <435CFB4E.2080409@tlcdelivers.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <435CFB4E.2080409@tlcdelivers.com> User-Agent: Mutt/1.4.2.1i X-Scanned-By: MIMEDefang 2.39 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Oct 2005 15:52:01 -0000 while having a 'console' entry in /etc/hosts might be necessary for the client to connect (and you have a backslash there...that might not be desired), the error was regarding getservbyname(), which means it's a missing entry in /etc/services. FAQ question #5 talks about that (briefly) as well as the INSTALL file (again, briefly - the --with-port configuration step). basically, what you need is: console 782/tcp conserver # console server listed in /etc/services. then, you should be good to go (with the caveat regarding /etc/hosts above). Bryan On Mon, Oct 24, 2005 at 11:18:38AM -0400, Brian Atkins wrote: > # more /etc/hosts > # Do not remove the following line, or various programs > # that require network functionality will fail. > 127.0.0.1 localhost.localdomain localhost conserver\ console > > I still get: > > # conserver -vd > [Mon Oct 24 11:14:33 2005] conserver (11085): conserver.com version 8.1.12 > [Mon Oct 24 11:14:33 2005] conserver (11085): started as `root' by `root' > [Mon Oct 24 11:14:33 2005] conserver (11085): INFO: interface address > 127.0.0.1 (lo) > [Mon Oct 24 11:14:33 2005] conserver (11085): INFO: interface address > 10.10.59.55 (eth0) > [Mon Oct 24 11:14:33 2005] conserver (11085): ERROR: > getservbyname(conserver) failed From batkins@tlcdelivers.com Mon Oct 24 09:05:03 2005 Received: from mail.tlcdelivers.com (mail.tlcdelivers.com [12.145.56.9]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9OG4tkH003178 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 24 Oct 2005 09:05:01 -0700 (PDT) Received: from [10.10.59.97] ([10.10.59.97]) (authenticated bits=0) by mail.tlcdelivers.com (8.13.4/8.13.4) with ESMTP id j9OFxCmJ010854; Mon, 24 Oct 2005 11:59:12 -0400 Message-ID: <435D0595.8080202@tlcdelivers.com> Date: Mon, 24 Oct 2005 12:02:29 -0400 From: Brian Atkins User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Bryan Stansell Subject: Re: Getting started with conserver References: <8F78639AC56F4143B267FE5F5A1B92C8C981@guyton.phys.mcw.edu> <435CFB4E.2080409@tlcdelivers.com> <20051024155200.GF9517@underdog.stansell.org> In-Reply-To: <20051024155200.GF9517@underdog.stansell.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-TLC-MailScanner-Information: Please contact the TLC Postmaster X-TLC-MailScanner: Found to be clean X-TLC-MailScanner-From: batkins@tlcdelivers.com X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Oct 2005 16:05:04 -0000 That got it. Thanks, Bryan. Bryan Stansell wrote: > while having a 'console' entry in /etc/hosts might be necessary for the > client to connect (and you have a backslash there...that might not be > desired), the error was regarding getservbyname(), which means it's a > missing entry in /etc/services. FAQ question #5 talks about that > (briefly) as well as the INSTALL file (again, briefly - the --with-port > configuration step). basically, what you need is: > > console 782/tcp conserver # console server > > listed in /etc/services. then, you should be good to go (with the > caveat regarding /etc/hosts above). > > Bryan > > On Mon, Oct 24, 2005 at 11:18:38AM -0400, Brian Atkins wrote: > >># more /etc/hosts >># Do not remove the following line, or various programs >># that require network functionality will fail. >>127.0.0.1 localhost.localdomain localhost conserver\ console >> >>I still get: >> >># conserver -vd >>[Mon Oct 24 11:14:33 2005] conserver (11085): conserver.com version 8.1.12 >>[Mon Oct 24 11:14:33 2005] conserver (11085): started as `root' by `root' >>[Mon Oct 24 11:14:33 2005] conserver (11085): INFO: interface address >>127.0.0.1 (lo) >>[Mon Oct 24 11:14:33 2005] conserver (11085): INFO: interface address >>10.10.59.55 (eth0) >>[Mon Oct 24 11:14:33 2005] conserver (11085): ERROR: >>getservbyname(conserver) failed > > _______________________________________________ > users mailing list > users@conserver.com > https://www.conserver.com/mailman/listinfo/users > -- Brian "An adventure is never an adventure when it’s happening. Challenging experiences need time to ferment, and adventure is simply physical and emotional comfort recollected in tranquility." - Tim Cahill (Hold the Enlightenment - 2002) From ajc22@york.ac.uk Tue Oct 25 07:44:09 2005 Received: from mail-gw0.york.ac.uk (mail-gw0.york.ac.uk [144.32.128.245]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9PEi29s025457 for ; Tue, 25 Oct 2005 07:44:08 -0700 (PDT) Received: from [144.32.226.25] (kremer.york.ac.uk [144.32.226.25]) by mail-gw0.york.ac.uk (8.12.10/8.12.10) with ESMTP id j9PEhpdw023015 for ; Tue, 25 Oct 2005 15:43:51 +0100 (BST) Mime-Version: 1.0 (Apple Message framework v734) Content-Transfer-Encoding: 7bit Message-Id: Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed To: users@conserver.com From: Arthur Clune Subject: bug in os/x version of conserver Date: Tue, 25 Oct 2005 15:43:52 +0100 X-Mailer: Apple Mail (2.734) X-York-MailScanner: Found to be clean X-York-MailScanner-From: ajc22@york.ac.uk X-Spam-Score: -3.938 () BAYES_00,FROM_ENDS_IN_NUMS,MAILTO_TO_SPAM_ADDR X-Scanned-By: MIMEDefang 2.39 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Oct 2005 14:44:10 -0000 This might actually break on other versions, I don't know. Given this snippet of (incorrect) config file: default csrvcs5 { type exec; host aconsole.com; # initcmd '/opt/test/etc/shiva-chat'; # exec /usr/bin/telnet -E H P; execsubst H=hs,P=Pd; portbase 3000; portinc 1; } conserver crashes with a bus error kremer:~/code/conserver $ sudo ./conserver.init Password: [Tue Oct 25 15:42:35 2005] conserver (17317): conserver.com version 8.1.12 [Tue Oct 25 15:42:35 2005] conserver (17317): started as `root' by `arthur' [Tue Oct 25 15:42:35 2005] conserver (17317): INFO: interface address 127.0.0.1 (-M option) ./conserver.init: line 3: 17317 Bus error /opt/test/ sbin//conserver -M127.0.0.1 -p 6666 -U /opt/test/var/log/consoles/ unified -v kremer:~/code/conserver $ Machine details: kremer:~/code/conserver $ uname -a Darwin kremer.york.ac.uk 8.2.0 Darwin Kernel Version 8.2.0: Fri Jun 24 17:46:54 PDT 2005; root:xnu-792.2.4.obj~3/RELEASE_PPC Power Macintosh powerpc kremer:~/code/conserver $ gcc --version powerpc-apple-darwin8-gcc-4.0.0 (GCC) 4.0.0 20041026 (Apple Computer, Inc. build 4061) Copyright (C) 2004 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. kremer:~/code/conserver $ -- Dr. A. Clune, Systems Security Advisor The Computing Service, University of York ajc22@york.ac.uk 01904 433129 From ajc22@york.ac.uk Tue Oct 25 07:51:16 2005 Received: from mail-gw0.york.ac.uk (mail-gw0.york.ac.uk [144.32.128.245]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9PEpAJB025595 for ; Tue, 25 Oct 2005 07:51:15 -0700 (PDT) Received: from [144.32.226.25] (kremer.york.ac.uk [144.32.226.25]) by mail-gw0.york.ac.uk (8.12.10/8.12.10) with ESMTP id j9PEp2dw024715 for ; Tue, 25 Oct 2005 15:51:02 +0100 (BST) Mime-Version: 1.0 (Apple Message framework v734) Content-Transfer-Encoding: 7bit Message-Id: <209FE230-31AC-47E0-9802-F44C60BA610B@york.ac.uk> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed To: users@conserver.com From: Arthur Clune Subject: talking to terminal servers Date: Tue, 25 Oct 2005 15:51:04 +0100 X-Mailer: Apple Mail (2.734) X-York-MailScanner: Found to be clean X-York-MailScanner-From: ajc22@york.ac.uk X-Spam-Score: -4.224 () BAYES_00,FROM_ENDS_IN_NUMS X-Scanned-By: MIMEDefang 2.39 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Oct 2005 14:51:17 -0000 I think I must be missing something here. The TODO list says that initcmd will do what I want, but I can't make it work. The background: I want to talk to a terminal server. The session should go something like this: kremer:~/code/conserver $ telnet my.consoleserver.com 3022 Trying 1.2.3.4... Connected to my.consoleserver.com. Escape character is '^]'. Enter Password: Red Hat Enterprise Linux AS release 3 (Taroon Update 5) -- and now I have a console. Now when I try this with conserver, I try the following config: default console { type exec; host console; initcmd "/opt/test/bin/chat -f /opt/test/etc/chat.cfg"; exec /usr/bin/telnet -E H P; execsubst H=hs,P=Pd; portbase 3000; portinc 1; } console fred { include console; port 22; } where chat is built from the conserver distribution and chat.cfg looks like ssword:--ssword: mypass\r What I'd like to happen is for conserver to connect to the console server (via telnet), run the chat script, then give me back the console. What actually happens is that initcmd gets run before the exec, so the console server crashes :( How do I handle this? I've read what I can that looks relevant on the mailing list archive and others have asked basically the same question https://www.conserver.com/pipermail/users/2005-January/msg00001.html but I couldn't see an answer in the archives. Thanks in advance, Arthur From sommerfeld@sun.com Tue Oct 25 08:18:28 2005 Received: from nwkea-mail-2.sun.com (nwkea-mail-2.sun.com [192.18.42.14]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9PFIL0J026269 for ; Tue, 25 Oct 2005 08:18:27 -0700 (PDT) Received: from eastmail1bur.East.Sun.COM ([129.148.9.49]) by nwkea-mail-2.sun.com (8.12.10/8.12.9) with ESMTP id j9PFII4u013316 for ; Tue, 25 Oct 2005 08:18:19 -0700 (PDT) Received: from localhost.east.sun.com (punchin-sommerfeld.East.Sun.COM [129.148.19.3]) by eastmail1bur.East.Sun.COM (8.12.10+Sun/8.12.10/ENSMAIL, v2.2) with ESMTP id j9PFIIKQ012595 for ; Tue, 25 Oct 2005 11:18:18 -0400 (EDT) Received: from localhost.east.sun.com (localhost [127.0.0.1]) by localhost.east.sun.com (8.13.4+Sun/8.13.4) with ESMTP id j9PFHutP020895; Tue, 25 Oct 2005 11:17:56 -0400 (EDT) Received: (from sommerfeld@localhost) by localhost.east.sun.com (8.13.4+Sun/8.13.4/Submit) id j9PFHt4G020894; Tue, 25 Oct 2005 11:17:55 -0400 (EDT) X-Authentication-Warning: localhost.east.sun.com: sommerfeld set sender to sommerfeld@sun.com using -f Subject: Re: talking to terminal servers From: Bill Sommerfeld To: Arthur Clune In-Reply-To: <209FE230-31AC-47E0-9802-F44C60BA610B@york.ac.uk> References: <209FE230-31AC-47E0-9802-F44C60BA610B@york.ac.uk> Content-Type: text/plain Content-Transfer-Encoding: 7bit Message-Id: <1130253475.17423.27.camel@localhost> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6.324 Date: Tue, 25 Oct 2005 11:17:55 -0400 X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Oct 2005 15:18:30 -0000 On Tue, 2005-10-25 at 10:51, Arthur Clune wrote: > default console { type exec; > host console; > initcmd "/opt/test/bin/chat -f /opt/test/etc/chat.cfg"; > exec /usr/bin/telnet -E H P; > execsubst H=hs,P=Pd; > portbase 3000; > portinc 1; > } conserver has a built-in telnet client so you shouldn't need to exec telnet. - Bill From ajc22@york.ac.uk Tue Oct 25 08:58:13 2005 Received: from mail-gw0.york.ac.uk (mail-gw0.york.ac.uk [144.32.128.245]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9PFw6gB026611 for ; Tue, 25 Oct 2005 08:58:12 -0700 (PDT) Received: from [144.32.226.25] (kremer.york.ac.uk [144.32.226.25]) by mail-gw0.york.ac.uk (8.12.10/8.12.10) with ESMTP id j9PFuVdw014506; Tue, 25 Oct 2005 16:56:31 +0100 (BST) Mime-Version: 1.0 (Apple Message framework v734) In-Reply-To: <1130253475.17423.27.camel@localhost> References: <209FE230-31AC-47E0-9802-F44C60BA610B@york.ac.uk> <1130253475.17423.27.camel@localhost> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Arthur Clune Subject: Re: talking to terminal servers Date: Tue, 25 Oct 2005 16:56:34 +0100 To: Bill Sommerfeld , users@conserver.com X-Mailer: Apple Mail (2.734) X-York-MailScanner: Found to be clean X-York-MailScanner-From: ajc22@york.ac.uk X-Spam-Score: -4.224 () BAYES_00,FROM_ENDS_IN_NUMS X-Scanned-By: MIMEDefang 2.39 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Oct 2005 15:58:13 -0000 On 25 Oct 2005, at 16:17, Bill Sommerfeld wrote: > > conserver has a built-in telnet client so you shouldn't need to exec > telnet. Ah! Got it. Many thanks. Maybe something for the FAQ? So for anyone searching the archives in future, this works fine: In conserver.cf ---- default ts_server { type exec; host tsserver; initcmd '/opt/test/etc/shiva-chat'; type host; portbase 3000; portinc 1; } console fred { include ts_server; port 22; } ----- chat-shiva contains: ----- #!/bin/sh /opt/test/bin/chat -I -t 10 "Password: " "mypass" ----- Many thanks, Arthur From bryan@stansell.org Wed Oct 26 10:47:26 2005 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9QHlQbY013024 for ; Wed, 26 Oct 2005 10:47:26 -0700 (PDT) Received: (from bryan@localhost) by underdog.stansell.org (8.13.5/8.13.5/Submit) id j9QHlPb3013023 for users@conserver.com; Wed, 26 Oct 2005 10:47:25 -0700 (PDT) Date: Wed, 26 Oct 2005 10:47:25 -0700 From: Bryan Stansell To: users@conserver.com Subject: Re: bug in os/x version of conserver Message-ID: <20051026174725.GH9517@underdog.stansell.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i X-Scanned-By: MIMEDefang 2.39 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Oct 2005 17:47:26 -0000 yikers. i took the chunk of config file and included it in a normal config file, trying to include it in a console definition and not. nothing bad happened. is there a full config file you can share that tickles the problem? btw, thanks for the OS X notes for compilation, etc you sent directly to me. i'll work on integrating them to make it easier in the next release. Bryan On Tue, Oct 25, 2005 at 03:43:52PM +0100, Arthur Clune wrote: > Given this snippet of (incorrect) config file: > > > default csrvcs5 { > type exec; > host aconsole.com; > # initcmd '/opt/test/etc/shiva-chat'; > # exec /usr/bin/telnet -E H P; > execsubst H=hs,P=Pd; > portbase 3000; > portinc 1; > } > > conserver crashes with a bus error From bryan@stansell.org Wed Oct 26 12:26:54 2005 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9QJQs5i013782 for ; Wed, 26 Oct 2005 12:26:54 -0700 (PDT) Received: (from bryan@localhost) by underdog.stansell.org (8.13.5/8.13.5/Submit) id j9QJQsmM013781 for users@conserver.com; Wed, 26 Oct 2005 12:26:54 -0700 (PDT) Date: Wed, 26 Oct 2005 12:26:54 -0700 From: Bryan Stansell To: users@conserver.com Subject: Re: bug in os/x version of conserver Message-ID: <20051026192654.GJ9517@underdog.stansell.org> References: <20051026174725.GH9517@underdog.stansell.org> <44105379-CD50-42D2-85CB-D4E59F837CAD@york.ac.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44105379-CD50-42D2-85CB-D4E59F837CAD@york.ac.uk> User-Agent: Mutt/1.4.2.1i X-Scanned-By: MIMEDefang 2.39 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Oct 2005 19:26:55 -0000 On Wed, Oct 26, 2005 at 07:57:38PM +0100, Arthur Clune wrote: > See attached files, including my ./configure. Just took me a few > minutes to recreate it since I'd replaced the config file with a > working version. thanks for sending the config file. yep...there's a bug. here's a fix to get around it (might not be my final fix, but perhaps). figured everyone might want it, just in case... *** cutil.c.old Wed Oct 26 12:18:39 2005 --- cutil.c Wed Oct 26 12:17:23 2005 *************** *** 3187,3193 **** OutOfMem(); } ! if (s != (SUBST *)0 && repl != (char **)0) { static STRING *result = (STRING *)0; if (result == (STRING *)0) --- 3187,3193 ---- OutOfMem(); } ! if (s != (SUBST *)0 && repl != (char **)0 && *repl != (char *)0) { static STRING *result = (STRING *)0; if (result == (STRING *)0) Bryan From rory@orangetech.co.nz Thu Oct 27 20:06:01 2005 Received: from smtp02.maxnet.net.nz (smtp02.maxnet.net.nz [202.89.32.10]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9S35rOh002459 for ; Thu, 27 Oct 2005 20:05:59 -0700 (PDT) Received: from [192.168.0.102] (port160-53.ubs.netguardian.co.nz [203.89.160.53]) by smtp02.maxnet.net.nz (Postfix) with ESMTP id 3B6CE42BE69 for ; Fri, 28 Oct 2005 16:29:12 +1300 (NZDT) Subject: Almost working... From: Rory White To: users@conserver.com Content-Type: text/plain Date: Fri, 28 Oct 2005 03:05:49 +0000 Message-Id: <1130468749.8157.8.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 (2.2.3-2.fc4) Content-Transfer-Encoding: 7bit X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Oct 2005 03:06:02 -0000 I've just set up Conserver on a Fedora Core 4 linux box. I want to use Conserver to communicate with the serial port (ttyS0) and control an RS232 device hanging off that. I'm testing using an external modem attached to the serial port and minicom works fine. The Conserver server is running fine and using "console ttyS0" I can send an AT command and receive OK. However when I try to use the telnet approach I don't get the OK characters back from the modem. I do: telnet 192.168.0.1 782 login bob call ttyS0 to get the port number then exit Then I do: telnet 192.168.0.1 38762 login bob call ttyS0 The response comes back: [attached] At this point I can send AT to the modem (and the lights show that it receives it and sends something back) but the OK character does not appear in the telnet session. Is there something I'm doing wrong? I would expect the OK characters to be echoed back as part of the telnet session. Any help would be much appreciated. Rory White From bryan@stansell.org Fri Oct 28 08:02:06 2005 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9SF26jb013864 for ; Fri, 28 Oct 2005 08:02:06 -0700 (PDT) Received: (from bryan@localhost) by underdog.stansell.org (8.13.5/8.13.5/Submit) id j9SF26Bb013863 for users@conserver.com; Fri, 28 Oct 2005 08:02:06 -0700 (PDT) Date: Fri, 28 Oct 2005 08:02:06 -0700 From: Bryan Stansell To: users@conserver.com Subject: Re: Almost working... Message-ID: <20051028150206.GK9517@underdog.stansell.org> References: <1130468749.8157.8.camel@localhost.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1130468749.8157.8.camel@localhost.localdomain> User-Agent: Mutt/1.4.2.1i X-Scanned-By: MIMEDefang 2.39 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Oct 2005 15:02:07 -0000 On Fri, Oct 28, 2005 at 03:05:49AM +0000, Rory White wrote: > Is there something I'm doing wrong? I would expect the OK characters to > be echoed back as part of the telnet session. you haven't finished the login process...there's one more step (^Ec;) to signal the server that you're ready for output. yes, the protocol isn't well documented (and this is something new since i wrote up the PROTOCOL file, i believe). if you send that, you should then see output. are you needing to talk directly to the server without going through the client for any particular reason? if there's a limitation you're trying to avoid, i'd love to hear about it. Bryan From rory@orangetech.co.nz Sat Oct 29 17:41:01 2005 Received: from smtp02.maxnet.net.nz (smtp02.maxnet.net.nz [202.89.32.10]) by underdog.stansell.org (8.13.5/8.13.5) with ESMTP id j9U0es2a010678 for ; Sat, 29 Oct 2005 17:40:59 -0700 (PDT) Received: from [192.168.0.102] (port160-195.ubs.netguardian.co.nz [203.89.160.195]) by smtp02.maxnet.net.nz (Postfix) with ESMTP id EF6CB42BBA7 for ; Sun, 30 Oct 2005 14:04:37 +1300 (NZDT) Subject: Re: Almost working... From: Rory White To: users@conserver.com Content-Type: text/plain Date: Sun, 30 Oct 2005 13:40:52 +1300 Message-Id: <1130632852.3800.4.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 (2.2.3-2.fc4) Content-Transfer-Encoding: 7bit X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.6 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Oct 2005 00:41:01 -0000 Thanks Bryan, That gave me enough to work with. It's now working fine using the Telnet on my Windoze box, and that's enabled me to write a PHP script that wraps around the telnet and gives me web access. The telnet client on Fedora Linux is still not echoing the 'OK' string back, but I don't need that now and I'm happy that Conserver is doing all it's supposed to. For any users that are interested, I'm using Conserver as part of a home automation set-up. The system looks like: - PHP pages accessible via web to server at home - Home server (Fedora Linux) runs Apache/PHP - Home server also runs Conserver - PHP pages open/send/receive telnet data to Conserver - Conserver forwards data to serial port devices - Home automation device(s) connected to back of home server on RS232 (ttyS0) ports Thanks for your help, Rory