[19:26:53]
<thatoo> This works
[19:26:54]
<thatoo> https://aria.im/_matrix/media/v1/download/defis.info/ysDaDcIiyQYezrUmRaPbZibs
[19:26:54]
<thatoo> but indeed, this
[19:26:54]
<thatoo> doesn't work
[19:26:54]
<thatoo> https://aria.im/_matrix/media/v1/download/defis.info/KaknwAodvjgNkgHhOMnBMlLJ
[19:26:54]
<thatoo> > Échec du test de synchronisation. Vérifier que la connexion au serveur est correctement configurée et permet les mises à jour LDAP: 65 Object class violation
[19:26:55]
<thatoo> I guess the user `` uid=administrateur,ou=users,dc=yunohost,dc=org `` doesn't have write permission on ldap. Is it very risky to give permission to one user that would be created only to do that?
The idea is that when a new member is created in dolibarr its user would be automatically created in yunohost in the group "member" that would allow her/him to use some services like nextcloud...
[19:30:49]
<Aleks (he/him/il/lui)> Creating a user in yunohost is not just about adding it to the ldap database
[19:36:57]
<tonton> Hi, trying to setup headscale but it seems I can't connect ('tailscale up --login-server myserver' on client just hangs for several minutes til I stop it). I'm thinking to start testing dex and see if the setup there is good. Not sure how to test dex though...
[19:37:50]
<Aleks (he/him/il/lui)> `cert-renew` -> `cert renew`
[19:37:55]
<Aleks (he/him/il/lui)> >Je pourrais probablement faire du tri dans mes sous-domaines
à l'arrache, quelque chose comme:
```
DOMAINS=$(sudo yunohost domain list --output-as json | jq -r '.domains[]')
for DOMAIN in $DOMAINS;
do
grep -q "domain: $DOMAIN" /etc/yunohost/apps/*/settings.yml || echo "$DOMAIN appear unused?"
done
```
[19:37:56]
<Aleks (he/him/il/lui)> yep
[19:37:56]
<Aleks (he/him/il/lui)> après dans l'absolu ça veut pas dire que le domaine est pas utilisé pour autre chose des apps genre pour des addresse mail
[19:38:00]
<Aleks (he/him/il/lui)> mer il et fou
[19:38:00]
<Aleks (he/him/il/lui)> bruh
[19:38:00]
<Aleks (he/him/il/lui)> u wot m8
[19:38:00]
<Aleks (he/him/il/lui)> 60wat
[19:38:00]
<Aleks (he/him/il/lui)> mais le truc principal c'est les apps
[19:39:36]
*isAAAc hésite à pousser en v12 beta
[19:39:36]
<orhtej2> I have regular YNH 11 running on domain.tld and bookworm/testing running on bookworm.domain.tld. I'm logged into domain.tld (no problem), but when I try to log in bookworm with different username I get chain-redirected back to log in screen. This does not happen in private mode so clearly a cookie clash, anything I can do to dig further?
[19:39:37]
<Aleks (he/him/il/lui)> > <@louisvgn:matrix.org> Hey, I lost my public key due to hard drive issue. How can I get ssh login to work again? I have tried from the web console to set "enable ssh with password", but everytime I try to login I get `Received disconnect from [IP] port 22:2: Too many authentication failures`
could be that the change ain't propagated because you manually modified the ssh config idk
[19:39:37]
<Aleks (he/him/il/lui)> > I have regular YNH 11 running on domain.tld and bookworm/testing running on bookworm.domain.tld. I'm logged into domain.tld (no problem), but when I try to log in bookworm with different username I get chain-redirected back to log in screen. This does not happen in private mode so clearly a cookie clash, anything I can do to dig further?
eeeh that's weird .. if i remember correctly the cookie name is different in bookworm compared to bullseye (due to the ssowat refactoring) soo i'm puzzled if this is really related to having bullseye on the same domain
[19:39:37]
<Louis> Hey, I lost my public key due to hard drive issue. How can I get ssh login to work again? I have tried from the web console to set "enable ssh with password", but everytime I try to login I get `Received disconnect from [IP] port 22:2: Too many authentication failures`
[19:39:38]
<Xan> > <@Alekswag:matrix.org> `cert-renew` -> `cert renew`
Simple et efficace, merci beaucoup ! 😃
[19:39:38]
<Aleks (he/him/il/lui)> alternatively you can install the shellinabox app to get a shell access in the browser (at least temporarily)
[19:39:38]
<Xan> > <@Alekswag:matrix.org> yep
Merci beaucoup 😊 Ça a l'air cohérent
Oui justement c'était là l'objet de ma question : comprendre ce que fait ton script pour savoir ce qu'il faut que je vérifie d'autre 😁
[19:39:39]
<Xan> Après, si vous avez une commande pour me lister les sous-domaines inutilisés (sans application dessus) ça peut déjà m'aider à dégrossir le boulot 😁
[19:39:39]
<Xan> 60 sous-domaines visiblement inutilisés (j'avais dit que j'en avais une pléthore 😂), des restes de nombreux tests d'applications faits sur ce serveur et un long historique 😊 Comme quoi ça tient dans la durée, le serveur doit avoir environ 5 ans 😬
[19:39:39]
<Xan> Bonjour tout le monde, petite question facile (je crois 😅) : ayant une pléthore de sous-domaines sur mon YunoHost, le système était devenu incapable de renouveler les certificats SSL lui-même. Pour contourner cela, j'ai un petit bash qui tourne 1 fois par jour (via appel cron) pour renouveler les certificats via la commande `yunohost domain cert-renew --no-checks $domain`.
Cependant j'ai un petit message m'indiquant que cette commande va bientôt disparaître car elle est dépréciée. Une autre alternative à me proposer ? 😅
Je pourrais probablement faire du tri dans mes sous-domaines, mais ça va me prendre un temps dingue 😂
[19:39:40]
<orhtej2> > <@Alekswag:matrix.org> eeeh that's weird .. if i remember correctly the cookie name is different in bookworm compared to bullseye (due to the ssowat refactoring) soo i'm puzzled if this is really related to having bullseye on the same domain
hmm indeed it's `SSOwAuth*` vs `yunohost.portal`.
I've cleared the cookies and now stuff works, must have been the wind
[19:39:40]
<Xan> > <@Alekswag:matrix.org> >Je pourrais probablement faire du tri dans mes sous-domaines
>
> à l'arrache, quelque chose comme:
>
> ```
> DOMAINS=$(sudo yunohost domain list --output-as json | jq -r '.domains[]')
> for DOMAIN in $DOMAINS;
> do
> grep -q "domain: $DOMAIN" /etc/yunohost/apps/*/settings.yml || echo "$DOMAIN appear unused?"
> done
> ```
Le résultat est cohérent, merci beaucoup 😊
Du coup si je comprends bien, ton script recherche dans tous les fichiers settings.yml sous `/etc/yunohost/apps` s'il y a une entrée correspondante au domaine (précédée de `domain:`) et il affiche la phrase "appear unused ?" s'il ne trouve aucun résultat pour le domaine en question. J'ai bon ?
[19:39:40]
<orhtej2> > <@louisvgn:matrix.org> I did not manually modified the ssh config… So you agree that it’s a weird error? It should not happen?
you were blocked by fail2ban, try stopping the service (TEMPORARILY!) from web admin and reconnecting with ssh perhaps?
[19:39:40]
<Louis> I did not manually modified the ssh config… So you agree that it’s a weird error? It should not happen?
[19:39:41]
<Louis> Right, I looked at the logs as well, but I’m in no jail
[19:39:41]
<Aleks (he/him/il/lui)> and of course you're 100% sure about the password ?
[19:39:41]
<Aleks (he/him/il/lui)> (i'm not sure it's fail2ban, fail2ban ban usually ends up with the server not responding at all, here's it's more like "regular" ssh kicking you after 3 failed login attempts?)
[19:39:41]
<orhtej2> (and then unblock your IP however one does that)
[19:39:42]
<Louis> I right away get the error
[19:39:42]
<Aleks (he/him/il/lui)> ah
[19:39:42]
<Louis> @Alekswag:matrix.org: Yes that’s more like it
[19:39:42]
<Louis> It doesn’t even prompt me for the password
[19:39:43]
<Louis> But no shell
[19:39:43]
<orhtej2> you can always try logging in via terminal, either physically if you run your own server on bare metal or via terminal emulation that may or may not be available from your VPS provider
[19:39:43]
<Louis> From the webadmin
[19:39:43]
<Aleks (he/him/il/lui)> well in that case it does feel like the "enable password auth" option really ain't taken into account
[19:39:43]
<Aleks (he/him/il/lui)> you do have a shell access i'm guessing, if you're able to see the logs ? or are you checking the logs from the webadmin ?
[19:39:44]
<Louis> I’m webshell if that’s how you call it
[19:39:45]
<Louis> I haven’t install shellinabox (it says it’s unmaintained)
[19:39:45]
<Louis> You mean on the host machine?
[19:39:45]
<Aleks (he/him/il/lui)> (note that it's expected there's two different lines found)
[19:39:45]
<Aleks (he/him/il/lui)> then let's look at `grep PasswordAuthentication /etc/ssh/sshd_config`
[19:39:46]
<Louis> Should I still try it?
[19:39:46]
<Louis> Wait, is there no option to force ssh to ask password and not try passkeys?
[19:39:46]
<Louis> This did the trick `ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no user@hostname`
[19:39:46]
<Louis> asked my password and I now I’m in
[19:39:46]
<Louis> Yeessss let’s go
[19:39:47]
<Louis> @Alekswag:matrix.org: No I meant forcing on the client side to not try the passkeys and try password auth, and if enabled on server side, then prompt for the password.
[19:39:47]
<Aleks (he/him/il/lui)> > <@louisvgn:matrix.org> Wait, is there no option to force ssh to ask password and not try passkeys?
well yes if you're able to edit the server configuration ? but not from the client of course since that would be a security issue ... the point of disabling password authentication is to reduce attack surface so there's no point if the attacker can attempt password auth anyway...
[19:39:47]
<orhtej2> ah so it was a client-side issue after all
[19:39:47]
<Louis> Yes, I believe it’s because somehow I did backup my `knownhost` file and thus tried existing passkeys, but somehow did not backup my passkey itself so it tried every passkeys, and then, I got the error `too many authentication failures`
[19:39:48]
<Louis> What the hell?
[19:39:48]
<Louis> Wow now it’s even weirder. I removed the old pub key from the `authorized_keys` file. I found the "lost" key (cause I’m stupid, it was just in another file…). But now, even with the old pub key removed from the file, I can still connect
[19:39:48]
<Louis> I did enable it from the web console, so now it works
[19:39:49]
<Aleks (he/him/il/lui)> and by "authorized_keys" you mean the one in `/home/{user}/.ssh` ?
[19:50:15]
<isAAAc> > * <@isaaac:matrix.krashboyz.org> hésite à pousser en v12 beta
premier serveur passé en v12 sans gros problème en cli,
juste eu à restarter nginx et mattermost manuellement,
j'ai des messages à propos des sources.list, mais il me semble que le mode opératoire à suivre est dans le post du forum https://forum.yunohost.org/t/beta-stage-testing-for-yunohost-12-0-bookworm-and-bullseye-bookworm-migration/30496,
j'ai égalment installé rspamd et rspamdui (cool)
merci la team 🙏
[19:50:16]
<isAAAc> c'était le "petit" ynh,
je tente surle gros qui a bien plus d'applis
[20:29:51]
<isAAAc> je repasse filer des news tout à l'heure
[20:29:52]
<Paprika> What is the best way to limit Wireguard traffic?
I can always use WG on my router, but connecting to Wireguard on YNH gives more speed (about 40Mbps more), but I don’t think I can limit what IPs can WG clients access when they connect through YNH, because WG masquerades traffic.
Would love some advice here
[20:29:52]
<isAAAc> > c'était le "petit" ynh,
> je tente surle gros qui a bien plus d'applis
bon , pas aussi simple que sur le premier: https://forum.yunohost.org/t/beta-stage-testing-for-yunohost-12-0-bookworm-and-bullseye-bookworm-migration/30496/116?u=isaaac
comme indiqué dans le post, j'ai réussi à relancer via la commande aptitude proposée,
ça tourne encore
[20:54:38]
<Louis> > <@Alekswag:matrix.org> and by "authorized_keys" you mean the one in `/home/{user}/.ssh` ?
yes
[20:56:41]
<isAAAc> > je repasse filer des news tout à l'heure
ça a fini de mouliner la commande aptitude , je relance la migration
[21:02:13]
<beernutz> Does anyone know how to get an owncloud instance set up? I can get it going and point it at my domain, but it wants me to log in as "admin" and that does not work.
** SOLVED ** You have to allow it access to "Visitors" as it has it's own login system.
[21:22:42]
<isAAAc> > ça a fini de mouliner la commande aptitude , je relance la migration
migration terminée, relance de nginx et mattermost ;
funkwhale-beat ne veux pas repartir,
pytition non plus
(ce sont deux applis un peu capricieuses, je vais investiguer plus profondément plus tard),
je vais reinstaller rspamd et rspamdui,
je pense que c'est plutot une réussite <3
merci la team !