[09:55:35]
<tituspijean> @hercut:matrix.org https://www.w3.org/Daemon/User/Installation/PrivilegedPorts.html
[09:55:35]
<Aleks (he/him/il/lui)> parce que seul root peut lancer des programmes en dessous de 1024. Si ton serveur SSH tourne avec un port superieur à 1024, en théorie un utilisateur random du système pourrait trouver un moyen de lancer un "faux" serveur SSH tournant sur le meme port **avant** que le vrai serveur SSH se lance (ou alors si le vrai serveur SSH crash pour une raison ...), et du coup intercepter le traffic ...
[09:55:54]
<Aleks (he/him/il/lui)> m'enfin ça fait beaucoup de "si" et d'alignement de planète nécessaire pour que ça marche, et même si ça arrivait, SSH avertirait que l'identité cryptographique du serveur a changé et que "someone is doing something nasty"
[09:55:55]
<Aleks (he/him/il/lui)> perso j'ai du mal à trouver ça crédible comme scénario mais bon
[09:57:26]
<hercut> Aie
[09:57:27]
<hercut> Ok, tu penses que mettre par exemple 2280 ne serait pas vraiment risqué, ou du moins faudrait vraiment que le gars en contre moi pour faire ce que tu dis
[09:59:14]
<Aleks (he/him/il/lui)> perso j'aurais tendance à dire que si c'est le cas, y'a des moyens plus simple d'escalader que de faire une usurpation de serveur SSH qui nécessite que le vrai serveur SSH soit down ...
[09:59:14]
<Aleks (he/him/il/lui)> bah deja faut que l'attaquant puisse exécuter du code arbitraire sur la machine
[10:01:10]
<hercut> Aleks (he/him/il/lui): Merci pour tes explications !
[10:01:32]
<hercut> Je cherchais un port facile a retenir pour changer celui du SSH
[10:01:33]
<hercut> Et quand j'ai lu le message, ca ma un peu refroidi :)
[10:13:36]
<Aleks (he/him/il/lui)> j'allais dire un port facile à retenir c'est genre "1234" mais c'est supérieur à 1024 T_T
[10:49:06]
<hercut> ahah
[10:49:52]
<hercut> chatgpt a dit que c'etait pas utilisé sauf comme port alternatif a 22 jsutement
[10:50:08]
<hercut> je vais tenté le 222
[13:05:40]
<tituspijean> SSH sur un clavier téléphonique : 774
[13:05:41]
<xs> > <@hercut:matrix.org> Je cherchais un port facile a retenir pour changer celui du SSH
En pratique tu n'as pas besoin de le retenir, tu utilises la directive Port de ssh_config.
[16:35:57]
<xs> Oui, le port est alors enregistré dans la configuration du client ssh pour une machine ou un groupe de machines donné.
[16:35:57]
<hercut> Je comprend pas :/ Ca veut dire que quand je veux me connecté c'est pas utile de mettre le port ?
[16:35:58]
<beedee> [@orhtej2:circledsquareroot.ovh](https://matrix.to/#/@orhtej2:circledsquareroot.ovh)for example is there a price that could convince you to add https://github.com/alexta69/metube
[16:35:58]
<beedee> The current YouTube-dl gui app offered in yuno is next to useless since the upstream froze years ago so I would love to get a proper replacement and metube works so well on TrueNAS
[16:35:58]
<beedee> (Hopefully I didn’t offend you asking)
[16:35:58]
<beedee> [@orhtej2:circledsquareroot.ovh](https://matrix.to/#/@orhtej2:circledsquareroot.ovh)do you offer bounties for apps?
[16:42:39]
<apreiml> No difference. It still fails. Also there's no GUI indicator that the login fails. The request is only noticable if you open the browser consoel.
[16:42:39]
<apreiml> Hi everyone. After upgrading to yunohost 12, my users can't login to their profiles anymore. It only works for me as an admin, it seems. I simply get an 401 response. In the yunohost-portalapi.log, i only see an INFO entry that a 401 response was returend. Any ideas?
[16:42:39]
<orhtej2> Also, just to make sure, have you restarted the server after upgrade?
[16:42:39]
<orhtej2> > <@apreiml:strohwolke.at> Hi everyone. After upgrading to yunohost 12, my users can't login to their profiles anymore. It only works for me as an admin, it seems. I simply get an 401 response. In the yunohost-portalapi.log, i only see an INFO entry that a 401 response was returend. Any ideas?
Clear cookies/try from incognito window?
[16:42:53]
<orhtej2> > <@beedee:matrix.org> (Hopefully I didn’t offend you asking)
No worries 😉
[16:42:53]
<orhtej2> > <@beedee:matrix.org> [@orhtej2:circledsquareroot.ovh](https://matrix.to/#/@orhtej2:circledsquareroot.ovh)do you offer bounties for apps?
I don't, adding to wishlist is a better approach
[19:17:39]
<James Richardson (tokenwizard)> For the YH Friendica package, is there a manual way to enable my user as Instance Admin? I enabled the ldapauth plugin but my YH user can't even log into Friendica. I was able to register a new account, but now I need to make it the instance admin since I can't login with my YH admin user.
[19:17:47]
<beedee> > <@ericg:matrix.org> beedee: feel free to package it with https://appgenerator.yunohost.org/
i will give that a try. fingers crossed
[20:11:02]
<isAAAc> yes
[20:12:27]
<isAAAc> James Richardson (tokenwizard): check this link: https://wiki.krashboyz.org/en/home/krashboyz/services/Friendica#les-commandes-cli the wiki is in french, but the commands are the same ;)
[20:13:25]
<James Richardson (tokenwizard)> It wants a sign in to access. Is that the same as the english YN Forum?
[20:14:30]
<isAAAc> James Richardson (tokenwizard):
```
sudo yunohost app shell friendica # pour passer dans le shell applicatif (il faut lees droits sudo)
# une fois dans le shell applicatif:
bin/console user add <username> <nickname> <mail-address> <language-code> # where the mail address must be the one selected for the admin at YunoHost
bin/console user password <password> # to set a passwd
```
[20:16:51]
<James Richardson (tokenwizard)> Ok, so this will let me create a new user for Admin aside from my existing one. Gotcha.
[20:17:02]
<James Richardson (tokenwizard)> Thanks again. I'll give this a go shortly.
[20:22:34]
<James Richardson (tokenwizard)> This seems to have just let me create another non-admin account. I already had one of those configured. What I need is a way to make one of these users an admin for the instance.
[20:37:47]
<isAAAc> searching for the good syntax, i didn't note it
[20:38:22]
<James Richardson (tokenwizard)> Thanks I was playing with the user set commands but haven't been able to figure it out yet.
[20:50:06]
<beedee> [@ericg:matrix.org](https://matrix.to/#/@ericg:matrix.org)I am struggling to figure out the app generator since metube is a docker image. Is this still possible?
[20:52:18]
<eric_G> you should be able to install without docker
[20:52:59]
<beedee> i don’t know that metube is setup for that
[20:53:11]
<beedee> but im also a very novice user
[20:53:33]
<vermi111on> https://aria.im/_bifrost/v1/media/download/AWn4MhPJwQSPIS6c7JY-4gzeyI2OgFT-Z7Hi_ovGfQLAN4x6jUTNgcKwOahjpMlrDWAlfD1_xbensEoSc1LqMu5CeUuP2RHwAG1hdHJpeC5vcmcvekxIdHRWRUNhUWFBSnliRFBMcGFhSk1D
[20:53:33]
<vermi111on> Hello all, very new to self hosting and having issues setting up port forwarding. I've set the necessary ports for yunohost for port forwarding on my router and enabled IP passthrough, but I'm still receiving errors that these ports aren't accessible from diagnosis. Any tips appreciated
[20:58:14]
<isAAAc> an other way could be to change the good value in the friendica db, but i can't figure wich one for now
[21:10:50]
<isAAAc> James Richardson (tokenwizard): have you done this step after install ? https://forum.yunohost.org/t/friendica-logging-in-as-admin-after-new-installation/28034
[21:17:17]
<James Richardson (tokenwizard)> Yeah, This is what I tried immediately after install but my YH admin (SSO/LDAP) is not being accepted.
[21:18:11]
<isAAAc> ok , you set an "admin user" during the installation steps of friendica , you need to login with this ldap user , with the same email as this user, use the email as login, and the ldap password,
was it what you tried ?
[21:18:20]
<James Richardson (tokenwizard)> Disregard, I was going by the post-install instructions, not the update in that thread.
[21:19:13]
<isAAAc> i did this in the middle of a night and i can't precisely remind how i did ^^
[21:19:24]
<James Richardson (tokenwizard)> Yes, that did not work. But that post says that is no longer relevant and you have to actually CREATE a user with the same credentials as your YH user. If I read that post correctly.
[21:20:02]
<pr-o-xy> having some issues with port forwarding - I'm very new to self-hosting. I've set the necessary ports on my router and turned on IP passthrough, but still getting errors that ports are not accessible from the outside
[21:20:38]
<isAAAc> is your server in DMZ ?
[21:21:15]
<pr-o-xy> apologies, not sure what that is (just had to google it), how would I check in yunohost?
[21:21:57]
<isAAAc> if not you need to enable upnp, but imho, DMZ is a good choice
[21:21:58]
<isAAAc> DMZ is in your router config, not on ynh
[21:22:58]
<isAAAc> DMZ == openbar, no restriction == your ynh is directly on the web, no port NATing needed
[21:23:54]
<James Richardson (tokenwizard)> Ok, new hurdle...my YH user (james@tjserver.dev) doesn't have working email config to receive the generated password). I'll work on that offline. Thanks agai for your help.
[21:24:41]
<isAAAc> good luck, ping me if i can help further
[21:31:54]
<James Richardson (tokenwizard)> Well, I tried creating the user via the cli so I could specify my username as the YH user (james@tjserver.dev) and a working email. I then set the password for this user to match YH, but it is not treating it as an admin. So I'm giving up for the day. lol. I'll try something more tomorrow.
[21:34:28]
<isAAAc> perhaps the quicker way could be to completely remove the app , and reinstall it again (i did it many times before getting it well working ;) )
[21:34:34]
<James Richardson (tokenwizard)> I did that twice before reaching out here. 😅
[21:35:57]
<isAAAc> i did like that: https://github.com/YunoHost-Apps/friendica_ynh/issues/146
[21:36:12]
<isAAAc> it should work
[21:36:26]
<James Richardson (tokenwizard)> Ok, I'll give it a try tomorrow.
[21:48:19]
<pr-o-xy> [ERROR] Port 22 is not reachable from the outside in IPv6.
- Exposing this port is needed for admin features (service ssh)
- To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config
[ERROR] Port 25 is not reachable from the outside in IPv6.
- Exposing this port is needed for email features (service postfix)
- To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config
[ERROR] Port 80 is not reachable from the outside in IPv6.
- Exposing this port is needed for web features (service nginx)
- To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config
[ERROR] Port 443 is not reachable from the outside in IPv6.
- Exposing this port is needed for web features (service nginx)
- To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config
[ERROR] Port 587 is not reachable from the outside in IPv6.
- Exposing this port is needed for email features (service postfix)
- To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config
[ERROR] Port 993 is not reachable from the outside in IPv6.
- Exposing this port is needed for email features (service dovecot)
- To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config
[21:48:41]
<pr-o-xy> can't seem to figure out DMZ, but UPnP is disabled on my router so I'd rather just get ports forwarded if possible. Only these are not working even though I've forwarded them and others required by ynh
[21:55:00]
<isAAAc> pr-o-xy: looks like you forget ipv6 ;)
[21:55:57]
<pr-o-xy> Would that require anything besides enabling it in my router? It's already enabled
[21:58:06]
<isAAAc> perhaps this could help https://doc.yunohost.org/en/ipv6
[21:58:25]
<isAAAc> what is your router ?
[21:58:50]
<pr-o-xy> att bgw320
[22:02:53]
<isAAAc> https://www.att.com/support/smallbusiness/article/smb-internet/KM1188700/ perhaps
[22:03:50]
<pr-o-xy> this seems to be primarily for cloud servers from OVH, and yes, I am using my at&t router 😭 I figured it may be the reason, gonna try out the steps on that link thank you
[22:04:41]
<isAAAc> yes, it is for vps
[22:04:51]
<isAAAc> or this one ? https://www.devonstephens.com/how-to-enable-ip-passthrough-on-att-bgw320-505/
[22:06:12]
<isAAAc> but ipv6 is not a "must have", it should work without ipv6, and you can take your time to fix it later (i think)
[22:23:47]
<pr-o-xy> Thanks for the help, still couldn't get it working with those links but just going to rock with ipv4 for now, I'll probably be back with more questions
[23:32:27]
<rodinux> hello, I am trying debug upgrading zabbix... with this issue https://github.com/YunoHost-Apps/zabbix_ynh/issues/79
[23:33:21]
<rodinux> but I am on a loop
```
Info : [##########++........] > Setting up application...
Attention : (this may take some time)
Info : The service zabbix-server has correctly executed the action restart.
Attention : ERROR 1045 (28000): Access denied for user 'zabbix'@'localhost' (using password: NO)
Attention : Échec de l'exécution du script : /etc/yunohost/hooks.d/post_user_create/50-zabbix
Info : Enable admin user
Info : Admin user enabled
Attention : ? Username (Admin): ? Password: ✗ ERROR: Input cannot be empty.
Attention : ? Password: ✗ ERROR: Input cannot be empty.
Attention : ? Password: ✗ ERROR: Input cannot be empty.
Attention : ? Password: ✗ ERROR: Input cannot be empty.
Attention : ? Password: ✗ ERROR: Input cannot be empty.
Attention : ? Password: ✗ ERROR: Input cannot be empty.
Attention : ? Password: ✗ ERROR: Input cannot be empty.
Attention : ? Password: ✗ ERROR: Input cannot be empty.
Attention : ? Password: ✗ ERROR: Input cannot be empty.
Attention : ? Password: ✗ ERROR: Input cannot be empty.
Attention : ? Password: ✗ ERROR: Input cannot be empty.
Attention : ? Password: ✗ ERROR: Input cannot be empty.
Attention : ? Password: ✗ ERROR: Input cannot be empty.
Attention : ? Password: ✗ ERROR: Input cannot be empty.
Attention : ? Password: ✗ ERROR: Input cannot be empty.
Attention : ? Password: ✗ ERROR: Input cannot be empty.
Attention : ? Password: ✗ ERROR: Input cannot be empty.
Attention : ? Password: ✗ ERROR: Input cannot be empty.
Attention : ? Password: ✗ ERROR: Input cannot be empty.
```
[23:34:11]
<rodinux> don't know what to do... I think I have to stop and reinstall !! another time
[23:56:21]
<rodinux> well the restore have worked this time after interrupt manually the upgrade...