-
Licaon_Kter
sudo package update in Debian, Ubuntu and CentOS at the same time. FYI
-
jonas’
yeah, local root✎ -
jonas’
yeah, unauthenticated local root exploit ✏
-
pepta.net
edhelas: > I have this theory that if we continue to block the dumb bots and scripts that are creating fake accounts on our servers, after a while they will have to make accounts that are more and more realistic until a point where we're not able anymore to differentiate from a real one. If they also send messages that could not be differentiated from a real conversation (instead of spam), it would be for good ;-) At least there will always be some pattern to fight spam after account creation like same messages / lots of messages to contacts not in roster / or rely on spam reports.
-
arne
Hi, does anyone uses lxqt vor servers?
-
jonas’
I don’t run GUIs on servers.
-
arne
I on devuan and it uses xfce as standard but I thought about a more lightweight environment..
-
jonas’
GUIs are waaaaay too much attack surface
-
arne
yes sure
-
arne
and ssh?
-
jonas’
hm?
-
MattJ
and sudo
-
jonas’
:D
-
vanitasvitae
> https://upload.esaanchez.net/716b9766f49b549c3916d680ca95e63cbc4e715d/MLDhdja7abyhepCVkqbAa7LGX9Rd1ZwbWL2gAdNB/Xg_3o5MPRdql5py6YwnhYg.jpg > and the winner of the contest for the longest http upload URL iiiiiiiisss .... tom! thats standard ejabberd url format, isn't it? 😀
-
jonas’
yeah, thinking about that it’s probably safer, trusted-computing-base-wise, to log in as root with key authentication than as normal user with suod :)✎ -
jonas’
yeah, thinking about that it’s probably safer, trusted-computing-base-wise, to log in as root with key authentication than as normal user with sudo :) ✏
-
arne
normaly I didn't use any desktop environment on my main server and also no ssh
-
arne
x'D
-
MattJ
But when sudo became a thing we were told the opposite, root accessible over ssh is terrible!
-
MattJ
Also you often want to give multiple people root access on a server anyway, and then giving them a normal user account makes auditing and access control simpler
-
MattJ
Compared to dropping a bunch of keys in ~root's .ssh
-
mathieui
MattJ, ssh CAs?
-
jonas’
MattJ, agreed
-
jonas’
mathieui, revoking the signatures is no fun
-
mathieui
So I was told
-
arne
still the best is no ssh and no desktop environment I guess, hehe.
-
jonas’
arne, what would one use instead? telnet ;D
-
mathieui
arne, if you can afford it, sure
-
mathieui
I guess you can use hashicorp vault to manage ssh certs, though, jonas’
-
mathieui
not sure if it helps with revoking otoh
-
arne
na I'm selfhosting so I can just use a monitor :D
-
jonas’
ah, hosting at home doesn’t work well with the high availability I want to achieve :)
-
arne
mh, didn't you see my project jonas' ?
-
arne
my little data center is nearly autarkic with backup connection
-
mathieui
if you can do it, a dedicated network interface on a separate (private) network for ssh is probably the best you can achieve
-
arne
yes this would be possible mathieui
-
Licaon_Kter
arne: > mh, didn't you see my project jonas' ? Link?
-
arne
https://monocles.de/more/
-
arne
but still not finished, waiting for some recycled batteries
-
mwk
Hi
-
mwk
Any one try to build xmpp server at his home ?
-
mwk
https://jabber.hot-chilli.net/jabberupload/share_v2.php/f177caf4-d444-4dec-8812-6834a31fbcf7/RECORDING_20210127_233231923.m4a
-
Kris
sure, easy to do. just set up a dynDNS and run it on a cheab SBC✎ -
Kris
sure, easy to do. just set up a dynDNS and run it on a cheap SBC ✏
-
jayteeuk
Yep, very doable.
-
jayteeuk
Has anyone installed Salut à Toi core using something like Ansible?
-
ben
I run ejabberd on a thinkpad x230 in my living room
-
ben
works great
-
mwk
What you mean run it in cheap SBC ?
-
mwk
I try to run xmpp server from android app in playstore but i cant know how to run
-
mwk
I will post link for that app
-
mwk
https://play.google.com/store/apps/details?id=com.icecoldapps.serversultimatepro
-
mwk
https://jabber.hot-chilli.net/jabberupload/share_v2.php/f5d15772-9c88-4606-b30d-3410cf7160e6/aBOOWXPvRFCsscMDdsa6zA.jpg
-
mwk
But i cant make it success to run server in local lan or wan
-
mjk
mwk: sooo... you wanna run it on a phone, or you have a googlified android installed on an sbc such as raspberry pi?
-
mwk
On my phone
-
mwk
Brows the app in playstore and read details about it
-
mwk
I put playstore link for it
-
pepta.net
mwk: software probably violating open source licenses. Then, all-in one soft is probably the worst thing to have... Security holes, ...
-
mjk
That's... unusual, but with power plugged, I guess it can work out
-
mjk
Make sure android doesn't kill the server every once in a while
-
mwk
I success ftp server and make dynamic dns and success login to my phone server from different city
-
mwk
But i cant make xmpp server
-
mwk
https://jabber.hot-chilli.net/jabberupload/share_v2.php/45f67894-f38c-4670-8bc7-e5be1efa798c/qzGT8h-bTgmbPDtus3onMQ.jpg
-
mwk
https://jabber.hot-chilli.net/jabberupload/share_v2.php/4d66295d-75cb-44d9-99fb-664e96e5ef81/_RuO-HzMTz2uOjUmoPx35A.jpg
-
mwk
In server name what should i put ? Any thing like test .
-
mwk
?
-
mwk
And in domain name put my home external ip adress ?
-
mwk
https://jabber.hot-chilli.net/jabberupload/share_v2.php/fee73464-6f05-4a96-b5b1-898f493b09aa/EWt5mYvqR1O0N0jIg7nX1Q.jpg
-
mwk
In user what should add ? The same server name like test
-
pepta.net
mwk: This is a commercial app, please contact related support.
-
mjk
mwk: You should consult the app's documentation or seek support from the developers.
-
mwk
How to login ? Like test@ipadress
-
mwk
Is there recommended xmpp server for raspberry pi ?
-
mjk
I don't think anyone here has experience with it, and tgere's certainly no psychics here to guess what 'server name' means :)
-
mjk
> Is there recommended xmpp server for raspberry pi ? ejabberd and prosory come to mind first✎ -
mwk
Ok , no problem , any experience with setup pi as a server
-
mjk
> Is there recommended xmpp server for raspberry pi ? ejabberd and prosody come to mind first ✏
-
mwk
And login to that server from here , from conversation app
-
mwk
Login on local lan and from outside to pi
-
mjk
> any experience with setup pi as a server Just general linux stuff, nothing specific for the pi, except if you expect a lot of users, maybe put the databases on an external drive, not the microsd. And maybe logs too.
-
mwk
Is there ready to use tool in github xmpp server ?
-
mjk
Here's one good guide https://www.process-one.net/blog/how-to-move-the-office-to-real-time-im-on-ejabberd/
-
mjk
> Login on local lan ...may require you to specify connection address manually in your client (Conversations does support that). But it's probably better to just let the router do its job: to route packets locally
-
mjk
Disclaimer: I have no first-hand experience with xmpp servers, others here would be able to help much more
-
mwk
And from external connection ? Does i need to call ISP to open port 5222 for external ? Or no need for that ?
-
mjk
Yes, you need 5222 open for client connections from outside
-
mjk
And 5223 (was it?) for server-to-server connections. Unless you don't want to federate
-
mjk
443 for http file uploads & downloads✎ -
mjk
5443 for http file uploads & downloads ✏
-
mwk
I call isp to open all ports , but when i test it it open ports 21 , 22 , 80 , 8080 just !
-
mjk
> And 5223 (was it?) for server-to-server connections. Sorry, that's wrong. The guide I linked has it all anyway, just read it :)
-
mjk
Bad provider!
-
mjk
They may have some kind of user-configurable firewall that would allow you to upen all ports
-
mwk
If i make port forwarding in my router to 5222 to fix lan ip adress that run server , is that work ?
-
mjk
Or they may not
-
mwk
The port 5222 for my ip when i try external port test , i see it closed
-
mwk
Or if i make DMZ in my adsl router to server ip , does that work ?
-
mjk
Xmpp client connection can work on any port, actually, provided you can setup SRV records for your domain
-
mjk
> Or if i make DMZ in my adsl router to server ip , does that work ? Not sure I understand. Can you rephrase?
-
mwk
What you mean i can setup SRV record for my ip
-
mwk
?
-
mjk
Yes, you can specify connection ports in SRV records
-
mjk
So you can actually use any available ports
-
mwk
I dont know what you mean by srv record
-
mjk
> Xmpp ~client~ connection can work on any port Corrected ↑
-
mwk
Ya
-
mjk
Start here: https://en.m.wikipedia.org/wiki/SRV :✎ -
mjk
Start here: https://en.m.wikipedia.org/wiki/SRV :) ✏
-
mjk
Then see if your dns server provider allows you to add these
-
mwk
If you setup server in your home , you need to make 1 user admin and password for that server like john , and how to connect from conversation app ? Like john@externalipofmyhome.
-
mjk
Pretty much
-
mwk
> Then see if your dns server provider allows you to add these I will read them ... Thanks 😊
-
Menel
Don't know about ejabberd but with prosody reading the manual helps and gives better understanding then a quick start guide.. And all you don't understand --> search engine.
-
mwk
> Don't know about ejabberd but with prosody reading the manual helps and gives better understanding then a quick start guide.. And all you don't understand --> search engine. Thanks 😊 i will
-
mwk
> Start here: https://en.m.wikipedia.org/wiki/SRV :) So i need to call my local ISP and request from them SRV RECORD to my ip adress ?
-
mwk
Thats should i need to do ?
-
mjk
You said you have dynamic dns setup, that means you already have an A or AAAA record with your IP address, so check with them if they allow adding SRV records
-
mjk
If your dns provider is your ISP, then yes, ask them
-
mwk
Ask them i need SRV Record ?
-
mjk
Yep
-
mwk
They know it
-
mwk
They add that service from there system to my ip ?
-
mwk
My dynamic dns on no-ip
-
mjk
Usually they'd give you web interface for doing that
-
mjk
Without srv records and without the standard server-to-server connection port number, I think you'd be unable to receive messages from other servers. But at least clients should be able to connect, by specifying the non-standard port number
-
mwk
Ya
-
mwk
> Usually they'd give you web interface for doing that Can add srv in no-ip website that i added in ddns
-
mjk
Good
-
mjk
Next, read up on the necessary xmpp srv records somewhere in the interwebs :)
-
mwk
If i dont need to communicate with other servers . So no need for srv record? If just me and my family connect to my host server dynamic dns ,.from lan or from outside 3g or 4g phone , so in this case , no need srv ?