[tech] Flame VM (was Re: Reducing entropy on mooneye )
Nick Bannon
nick at ucc.gu.uwa.edu.au
Wed Jun 17 20:53:26 AWST 2020
On Sat, Jun 13, 2020 at 03:27:42PM +0800, Mark Tearle wrote:
[maculatus.ucc.gu.uwa.edu.au]
> No worries. I'll leave it up to you to automate, other than to note that this VM is _NOT_
> currently in the UCC backups.
Fixed! It is a selective backup, though - is there anything specific
that should be included, outside of the shared /home ?
Although there is an oddity with SSH reverse DNS lookups...
/root/.ssh/authorized_keys:
command="rdiff-backup --server --restrict-read-only
/",from="mollitz.ucc.gu.uwa.edu.au",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
ssh-rsa AAAAB3NzaC1yc2EAAA...
...is not sufficient to allow mollitz to initiate a backup. maculatus's
sshd complains as follows:
Jun 17 18:34:52 maculatus sshd[20311]: /root/.ssh/authorized_keys:36: Authentication tried for root with correct key but not from a permitted host (host=203.135.184.99, ip=203.135.184.99, required=mollitz.ucc.gu.uwa.edu.au).
Adding this fixes it:
/root/.ssh/authorized_keys:
command="rdiff-backup --server --restrict-read-only /",from="203.135.184.99",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
ssh-rsa AAAAB3NzaC1yc2EAAA...
Nick.
--
Nick Bannon | "I made this letter longer than usual because
nick-sig at rcpt.to | I lack the time to make it shorter." - Pascal
More information about the tech
mailing list