Custom Query (98 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (1 - 3 of 98)

1 2 3 4 5 6 7 8 9 10 11
Ticket Resolution Summary Owner Reporter
#1 fixed setup instageni trac instance for InstaGENI testing chaos@bbn.com chaos@bbn.com
Description

Set up a dedicated Trac instance for tickets needed during InstaGENI rack testing.

#18 fixed boss.utah.geniracks.net appears to allow remote password-based login as root somebody chaos@bbn.com
Description

On boss.utah.geniracks.net, i see:

  • Per /etc/master.passwd, root's password is not locked
  • Per /etc/ssh/sshd_config, root is permitted to do password-based remote login

For machines which have public IPs, remote users (particularly root) should be restricted to login via public keys, to reduce the risk from SSH password-guessing attacks.

#21 wontfix iLO web interfaces for pc1 and pc3 claim to have the same SSL issuer and serial number somebody chaos@bbn.com
Description

When i login to the web console for the pc3 iLO (at 155.98.34.104) using firefox, i get the standard firefox "do you want to trust this certificate?" dialogue, and am able to successfully connect.

If i subsequently try to connect to the pc1 iLO (at 155.98.34.103) using the same firefox instance, i get the error:

Secure Connection Failed
      
An error occurred during a connection to 155.98.34.103.

You have received an invalid certificate.  Please contact the server
administrator or email correspondent and give them the following
information:

Your certificate contains the same serial number as another certificate
issued by the certificate authority.  Please get a new certificate
containing a unique serial number.

(Error code: sec_error_reused_issuer_and_serial)

 The page you are trying to view can not be shown because the
 authenticity of the received data could not be verified.

Please contact the web site owners to inform them of this problem.
Alternatively, use the command found in the help menu to report
this broken site.

If i delete the SSL information for 155.98.34.104 from my browser and clear the cache, i can subsequently browse to .103 normally (but of course get this error again when i go back to .104).

From the iLO logins, i see the following SSL information for the two devices:

  • pc1 (155.98.34.103):
    Issued To 	CN=ILOUSE211XXJR.utah.geniracks.net, OU=ISS, O=Hewlett-Packard Company, L=Houston, ST=Texas, C=US
    Issued By 	C=US, ST=TX, L=Houston, O=Hewlett-Packard Company, OU=ISS, CN=iLO3 Default Issuer (Do not trust)
    Valid From 	Wed, 11 Jan 2012
    Valid Until 	Mon, 12 Jan 2037
    Serial Number 	57
    
  • pc3 (155.98.34.104):
    Issued To 	CN=ILOUSE211XXJS.utah.geniracks.net, OU=ISS, O=Hewlett-Packard Company, L=Houston, ST=Texas, C=US
    Issued By 	C=US, ST=TX, L=Houston, O=Hewlett-Packard Company, OU=ISS, CN=iLO3 Default Issuer (Do not trust)
    Valid From 	Wed, 11 Jan 2012
    Valid Until 	Mon, 12 Jan 2037
    Serial Number 	57
    

So those serial numbers are indeed identical. I have verified that the other three iLOs have unique serial numbers (pc2=55, pc4=53, pc5=54), and do not experience this problem.

1 2 3 4 5 6 7 8 9 10 11
Note: See TracQuery for help on using queries.