Hello, Using openbsd as a firewall in several cases - a few small businesses, and also for home use. Some websites, such as grc.com, stress that "stealth mode" (which openbsd handles with ease) is the safest. But I've also read that using 'return' instead of 'drop' is good netizenship. So I'm wondered how others are handling this and what recommendations you might have. Thanks, Chris

First of all, I would like to it clear (and try to avoid a flame war), that I am not complaining about it. I am really happy with OpenBSD, and I want to congratulate every developer for their great work. Unfortunatelly, I have no skills to contribute to this fix. Until a couple of weeks ago, I was using OpenBSD 3.7 (i386, P4 3Ghz, 1GB RAM) on a really busy web server (stock Apache and PHP4 from ports) that started to get some panics related to UVM, or most of the times, just froze, with no r...

have you tried the OpenSSH list? openssh-unix-dev@mindrot.org chris -- Christopher Linn <celinn at mtu.edu> | By no means shall either the CEC System Administrator II | or MTU be held in any way liable Center for Experimental Computation | for any opinions or conjecture I Michigan Technological University | hold to or imply to hold herein.

I have the same problem with the new debian 4.0. Default sshd_config/ssh_config. I am not able to ssh into openbsd-3.9. authlog on openbsd-server: ... sshd[21822]: fatal: Timeout before authentication ...

# /usr/sbin/sshd -D -ddd -e -p 9999 debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 132 debug2: parse_server_config: config /etc/ssh/sshd_config len 132 debug1: sshd version OpenSSH_4.2 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private ...

just to eliminate the obvious: you have checked that name resolution (forwards and backwards) is working? -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

I once had a problem with ssh, and it was because of wrong permissions: too large (writable by group and/or others). Just for eliminating another obvious, you could try: chmod 700 ~/.ssh (755 should work too) R-C Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca

I second this verification. Rui -- + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...? [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

I agree. I think that the problem is the /etc/ssh/ssh_config of my Ubuntu machine (I didn't change anything from that file, it's the default contents), that's the reason why I quoted that file in my first email.

/dev/r* are 'raw' devices, corresponding to the non-raw devices. They both access the same hardware. The letterings after /dev/wd0* are defined by the disklabel which the kernel reads on boot up--they are entirely up to you, except that 'a' is always /, 'b' is always swap, and 'c' is always the entire disk. See the FAQ: http://www.openbsd.org/faq/faq14.html#disklabel Thus, converting between what you see in `fdisk wd0` and what is actually in /dev is complex, and depends on your disklabel. It so...

Last time I looked, there were packages on the cd too... -- [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax

while doing a 'pkg_add -ui -F update -F updatedepends' on a machine with the most recent snapshot I could get my hands on, I get the message Not updating .libs-ImageMagick-6.2.6.1, remember to clean it for a number of packages, apparently corresponding to directories under /var/db/pkg. This being OpenBSD, I know it's most likely harmless and informational, but I wonder - does this mean I should 'clean out' these .libs-* directories by deleting them manually? That is, if they're still ...

run pkg_delete /var/db/pkg/.libs* bye Julian

Nagging point: iirc, the disklabel is written immediately after the master boot record. I know for sure there is only one disklabel per disk (because you use disklabel as `disklabel $DISK`). This is not the same as "each slice gets it's own disklabel"; it's the other way around, each slice gets an entry in the disklabel. -Nick

Is it not each DOS *partition* gets it's on disklabel, .. unless you choose 'use entire disk', at which point the entire disk is assigned to DOS partition 3 & single disklabel there? Lee

I'm having a bit of a hard time trying to set up a root on software raid with raidctl with two external usb hard drives. The reason why I am trying to configure this as root on raid is because I have a fast notebook that is continually frying hard drives (I personally think that it has a blown capacitor, but this is not the point) that I do not want to go to waste. So basically what I wanted to do is to configure it as a small vpn and file server to store my personal photos, music, etc. and learn a l...

Are you running chroot'd (default)? If so, you need something like 'mini_sendmail', or run Apache 'naked' with a -u. OR, you could RTFM & Google. Lee ================================================ Leland V. Lammert lvl@omnitec.net Chief Scientist Omnitec Corporation Network/Internet Consultants www.omnitec.net ================================================

First make sure mini_sendmail is located in /var/www/bin. Second add or edit the sendmail_path in your php.ini and restart apache. Make it look something like this: sendmail_path = "/bin/mini_sendmail -t -fwww@blahblah.com" where -fwww@blahblah.com is the address you want the mail to come from. Hope this helps.

I was writing my answer when i receive your mail, and that's it... http://hanz.nl/p/showblog&blog_key=39 told to make a symbolinc link, that was not working on my server.. anyway, here we are, that's working ! Thanks a lot to everybody ! See you in the tube! Greg

Do Apache is in chroot? Did you tried to run that php script in chroot? -- Daniel 'Shinden' Horecki http://morr.pl

Hi all, Thx for your all answer... someone talk to me about the Apache chroot, so I unchroot it, and it's well functional. But, If you follow me, I don't want that my apache be not chrooted (even if i'm a big noob in security question, i'm not totally insane ^^). So, Stuart, thanks for the femail pist, i will try it right now, but telle me: is that a standalone emai server or it's living like an interface between apache and the MTA? thanks all, Greg

It's an interface, it takes the message and sends it to the MTA by SMTP (by default, to port 25 on localhost; just copy it into the chroot jail, and configure sendmail_path in php.ini). (There are at least two other programs like this, femail is simpler and less messy than the ones I know of).

Thank you for your message. I am currently out of the office but will be checking emails and will try and respond to your message. Regards, Luke Warren

I would like to use subversion such that people can checkout files using http://. But since OpenBSD doesn't come with Apache2, I guess I need to compile Apache2. Is there any way around this? Thanks.

apache2, mod_svn_ap2, and mod_dav_svn_ap2 are all available in the ports tree as of 4.1-current. -- Mathieu Sauve-Frankel