21 | | || '''Step''' || '''State''' || '''Date completed''' || '''Open Tickets''' || '''Closed Tickets/Comments''' || |
22 | | || 1A || [[Color(orange,Blocked)]] || || [exoticket:34] || blocked on information about bbn-hn configuration || |
23 | | || 1B || [[Color(green,Pass)]] || 2012-05-27 || || || |
24 | | || 1C || [[Color(green,Pass)]] || 2012-05-27 || || || |
25 | | || 2A || [[Color(yellow,Complete)]] || || || retest when experiments are known to be running on the worker || |
26 | | || 2B || [[Color(orange,Blocked)]] || || || blocked on retest of 2A; this is n/a if no public IPs || |
27 | | || 2C || [[Color(green,Pass)]] || 2012-05-27 || || || |
28 | | || 3A || [[Color(green,Pass)]] || 2012-05-27 || || ([exoticket:10]) ready to test || |
29 | | || 3B || [[Color(lightgreen,Pass: most criteria)]] || 2012-05-27 || || enable mode on switch not available to site admins, but available information appears sufficient || |
30 | | || 3C || [[Color(green,Pass)]] || 2012-05-28 || || || |
31 | | || 3D || [[Color(orange,Blocked)]] || || [exoticket:19] || ([exoticket:10]) blocked on serial access to switches || |
32 | | || 4A || || || || ([exoticket:10]) ready to test || |
33 | | || 4B || [[Color(lightgreen,Pass: most criteria)]] || 2012-05-28 || || enable mode on switch not available to site admins, but available information seems sufficient || |
34 | | || 4C || [[Color(lightgreen,Pass: most criteria)]] || 2012-05-28 || || http access may be enabled, but probably does not work at all, and at most works on the private network || |
35 | | || 4D || [[Color(orange,Blocked)]] || || [exoticket:19] || ([exoticket:10]) blocked on serial access to switches || |
| 21 | || '''Step''' || '''State''' || '''Date completed''' || '''Open Tickets''' || '''Closed Tickets/Comments''' || |
| 22 | || 1A || [[Color(#63B8FF,In Progress)]] || || [exoticket:34] || iterating about bbn-hn configuration || |
| 23 | || 1B || [[Color(green,Pass)]] || 2012-05-27 || || || |
| 24 | || 1C || [[Color(green,Pass)]] || 2012-05-27 || || || |
| 25 | || 2A || [[Color(yellow,Complete)]] || || || retest when experiments are known to be running on the worker || |
| 26 | || 2B || [[Color(orange,Blocked)]] || || || blocked on retest of 2A; this is n/a if no public IPs || |
| 27 | || 2C || [[Color(green,Pass)]] || 2012-05-27 || || || |
| 28 | || 3A || [[Color(green,Pass)]] || 2012-05-27 || || ([exoticket:10]) ready to test || |
| 29 | || 3B || [[Color(lightgreen,Pass: most criteria)]] || 2012-05-27 || || enable mode on switch not available to site admins, but available information appears sufficient || |
| 30 | || 3C || [[Color(green,Pass)]] || 2012-05-28 || || || |
| 31 | || 3D || [[Color(orange,Blocked)]] || || [exoticket:19] || ([exoticket:10]) blocked on serial access to switches || |
| 32 | || 4A || || || || ([exoticket:10]) ready to test || |
| 33 | || 4B || [[Color(lightgreen,Pass: most criteria)]] || 2012-05-28 || || enable mode on switch not available to site admins, but available information seems sufficient || |
| 34 | || 4C || [[Color(lightgreen,Pass: most criteria)]] || 2012-05-28 || || http access may be enabled, but probably does not work at all, and at most works on the private network || |
| 35 | || 4D || [[Color(orange,Blocked)]] || || [exoticket:19] || ([exoticket:10]) blocked on serial access to switches || |
| 98 | ==== Results of testing step 1A: 2012-07-23 ==== |
| 99 | |
| 100 | According to [http://groups.geni.net/exogeni/ticket/34#comment:1], i should expect: |
| 101 | * If i attempt to login to bbn-hn.exogeni.gpolab.bbn.com as valid user chaos, and fail five times, my IP address will be added to `/etc/hosts.deny` |
| 102 | * If i attempt to login to bbn-hn.exogeni.gpolab.bbn.com as invalid user xyzzy, and fail a smaller number of times, my IP address will be added to `/etc/hosts.deny`. |
| 103 | * If i attempt to login to bbn-hn.exogeni.gpolab.bbn.com as root, and fail a smaller number of times, my IP address will be added to `/etc/hosts.deny`. |
| 104 | |
| 105 | Testing this: |
| 106 | * Look at `/etc/hosts.deny`: |
| 107 | {{{ |
| 108 | bbn-hn,[~],20:06(0)$ cat /etc/hosts.deny |
| 109 | ... |
| 110 | # DenyHosts: Mon Jul 23 18:10:48 2012 | sshd: 192.96.129.254 |
| 111 | sshd: 192.96.129.254 |
| 112 | }}} |
| 113 | * Try to login from tarabon.gpolab.bbn.com and fail five times: |
| 114 | {{{ |
| 115 | tarabon,[~],16:09(0)$ ssh bbn-hn.exogeni |
| 116 | The authenticity of host 'bbn-hn.exogeni (192.1.242.3)' can't be established. |
| 117 | RSA key fingerprint is 2f:71:d6:ab:03:00:f5:2d:f2:69:55:46:b5:67:84:ce. |
| 118 | Are you sure you want to continue connecting (yes/no)? yes |
| 119 | Warning: Permanently added 'bbn-hn.exogeni,192.1.242.3' (RSA) to the list of known hosts. |
| 120 | chaos@bbn-hn.exogeni's password: |
| 121 | Permission denied, please try again. |
| 122 | chaos@bbn-hn.exogeni's password: |
| 123 | Permission denied, please try again. |
| 124 | chaos@bbn-hn.exogeni's password: |
| 125 | Permission denied (publickey,password). |
| 126 | tarabon,[~],16:09(255)$ ssh bbn-hn.exogeni |
| 127 | chaos@bbn-hn.exogeni's password: |
| 128 | Permission denied, please try again. |
| 129 | chaos@bbn-hn.exogeni's password: |
| 130 | Permission denied, please try again. |
| 131 | chaos@bbn-hn.exogeni's password: |
| 132 | Permission denied (publickey,password). |
| 133 | tarabon,[~],16:10(255)$ ssh bbn-hn.exogeni |
| 134 | chaos@bbn-hn.exogeni's password: |
| 135 | Permission denied, please try again. |
| 136 | chaos@bbn-hn.exogeni's password: |
| 137 | Permission denied, please try again. |
| 138 | chaos@bbn-hn.exogeni's password: |
| 139 | Permission denied (publickey,password). |
| 140 | tarabon,[~],16:10(255)$ ssh bbn-hn.exogeni |
| 141 | chaos@bbn-hn.exogeni's password: |
| 142 | Permission denied, please try again. |
| 143 | chaos@bbn-hn.exogeni's password: |
| 144 | Permission denied, please try again. |
| 145 | chaos@bbn-hn.exogeni's password: |
| 146 | Permission denied (publickey,password). |
| 147 | tarabon,[~],16:11(255)$ ssh bbn-hn.exogeni |
| 148 | ssh_exchange_identification: Connection closed by remote host |
| 149 | tarabon,[~],16:11(255)$ |
| 150 | }}} |
| 151 | * And then look at hosts.deny again: |
| 152 | {{{ |
| 153 | bbn-hn,[~],20:11(0)$ cat /etc/hosts.deny |
| 154 | ... |
| 155 | # DenyHosts: Mon Jul 23 20:11:11 2012 | sshd: 128.89.91.28 |
| 156 | sshd: 128.89.91.28 |
| 157 | }}} |
| 158 | So, with a known user, it let me try 12 passwords. |
| 159 | * Okay, now trying to login as xyzzy from another lab host in the same subnet, picon.gpolab.bbn.com: |
| 160 | {{{ |
| 161 | picon,[~],16:14(0)$ ssh xyzzy@bbn-hn.exogeni |
| 162 | The authenticity of host 'bbn-hn.exogeni (192.1.242.3)' can't be established. |
| 163 | RSA key fingerprint is 2f:71:d6:ab:03:00:f5:2d:f2:69:55:46:b5:67:84:ce. |
| 164 | Are you sure you want to continue connecting (yes/no)? yes |
| 165 | Warning: Permanently added 'bbn-hn.exogeni,192.1.242.3' (RSA) to the list of known hosts. |
| 166 | xyzzy@bbn-hn.exogeni's password: |
| 167 | Permission denied, please try again. |
| 168 | xyzzy@bbn-hn.exogeni's password: |
| 169 | Permission denied, please try again. |
| 170 | xyzzy@bbn-hn.exogeni's password: |
| 171 | Permission denied (publickey,password). |
| 172 | picon,[~],16:15(255)$ ssh xyzzy@bbn-hn.exogeni |
| 173 | xyzzy@bbn-hn.exogeni's password: |
| 174 | Permission denied, please try again. |
| 175 | xyzzy@bbn-hn.exogeni's password: |
| 176 | Permission denied, please try again. |
| 177 | xyzzy@bbn-hn.exogeni's password: |
| 178 | Permission denied (publickey,password). |
| 179 | picon,[~],16:15(255)$ ssh xyzzy@bbn-hn.exogeni |
| 180 | ssh_exchange_identification: Connection closed by remote host |
| 181 | picon,[~],16:15(255)$ |
| 182 | }}} |
| 183 | * And, indeed: |
| 184 | {{{ |
| 185 | bbn-hn,[~],20:16(0)$ cat /etc/hosts.deny |
| 186 | ... |
| 187 | # DenyHosts: Mon Jul 23 20:15:43 2012 | sshd: 128.89.91.48 |
| 188 | sshd: 128.89.91.48 |
| 189 | }}} |
| 190 | * Now trying login as root from another lab machine, virgon.gpolab.bbn.com: |
| 191 | {{{ |
| 192 | virgon,[~],16:16(0)$ ssh root@bbn-hn.exogeni |
| 193 | The authenticity of host 'bbn-hn.exogeni (192.1.242.3)' can't be established. |
| 194 | RSA key fingerprint is 2f:71:d6:ab:03:00:f5:2d:f2:69:55:46:b5:67:84:ce. |
| 195 | Are you sure you want to continue connecting (yes/no)? yes |
| 196 | Warning: Permanently added 'bbn-hn.exogeni,192.1.242.3' (RSA) to the list of known hosts. |
| 197 | root@bbn-hn.exogeni's password: |
| 198 | Permission denied, please try again. |
| 199 | root@bbn-hn.exogeni's password: |
| 200 | Permission denied, please try again. |
| 201 | root@bbn-hn.exogeni's password: |
| 202 | Permission denied (publickey,password). |
| 203 | virgon,[~],16:17(255)$ ssh root@bbn-hn.exogeni |
| 204 | root@bbn-hn.exogeni's password: |
| 205 | Permission denied, please try again. |
| 206 | root@bbn-hn.exogeni's password: |
| 207 | Permission denied, please try again. |
| 208 | root@bbn-hn.exogeni's password: |
| 209 | Permission denied (publickey,password). |
| 210 | virgon,[~],16:17(255)$ ssh root@bbn-hn.exogeni |
| 211 | root@bbn-hn.exogeni's password: |
| 212 | Permission denied, please try again. |
| 213 | root@bbn-hn.exogeni's password: |
| 214 | Permission denied, please try again. |
| 215 | root@bbn-hn.exogeni's password: |
| 216 | Permission denied (publickey,password). |
| 217 | virgon,[~],16:17(255)$ ssh root@bbn-hn.exogeni |
| 218 | ssh_exchange_identification: Connection closed by remote host |
| 219 | virgon,[~],16:17(255)$ |
| 220 | }}} |
| 221 | * And, indeed: |
| 222 | {{{ |
| 223 | bbn-hn,[~],20:18(0)$ cat /etc/hosts.deny |
| 224 | ... |
| 225 | # DenyHosts: Mon Jul 23 20:17:43 2012 | sshd: 128.89.91.49 |
| 226 | sshd: 128.89.91.49 |
| 227 | }}} |
| 228 | |
| 229 | |