Custom Query (98 matches)

When i login to the web console for the pc3 iLO (at 155.98.34.104) using firefox, i get the standard firefox "do you want to trust this certificate?" dialogue, and am able to successfully connect.

If i subsequently try to connect to the pc1 iLO (at 155.98.34.103) using the same firefox instance, i get the error:

Secure Connection Failed
      
An error occurred during a connection to 155.98.34.103.

You have received an invalid certificate.  Please contact the server
administrator or email correspondent and give them the following
information:

Your certificate contains the same serial number as another certificate
issued by the certificate authority.  Please get a new certificate
containing a unique serial number.

(Error code: sec_error_reused_issuer_and_serial)

 The page you are trying to view can not be shown because the
 authenticity of the received data could not be verified.

Please contact the web site owners to inform them of this problem.
Alternatively, use the command found in the help menu to report
this broken site.

If i delete the SSL information for 155.98.34.104 from my browser and clear the cache, i can subsequently browse to .103 normally (but of course get this error again when i go back to .104).

From the iLO logins, i see the following SSL information for the two devices:

• pc1 (155.98.34.103):

  Issued To 	CN=ILOUSE211XXJR.utah.geniracks.net, OU=ISS, O=Hewlett-Packard Company, L=Houston, ST=Texas, C=US
  Issued By 	C=US, ST=TX, L=Houston, O=Hewlett-Packard Company, OU=ISS, CN=iLO3 Default Issuer (Do not trust)
  Valid From 	Wed, 11 Jan 2012
  Valid Until 	Mon, 12 Jan 2037
  Serial Number 	57
  

• pc3 (155.98.34.104):

  Issued To 	CN=ILOUSE211XXJS.utah.geniracks.net, OU=ISS, O=Hewlett-Packard Company, L=Houston, ST=Texas, C=US
  Issued By 	C=US, ST=TX, L=Houston, O=Hewlett-Packard Company, OU=ISS, CN=iLO3 Default Issuer (Do not trust)
  Valid From 	Wed, 11 Jan 2012
  Valid Until 	Mon, 12 Jan 2037
  Serial Number 	57
  

So those serial numbers are indeed identical. I have verified that the other three iLOs have unique serial numbers (pc2=55, pc4=53, pc5=54), and do not experience this problem.

Two prospective issues related to password-based login to ops.utah.geniracks.net:

1. Remote password-based SSH login to my user account (chaos) succeeds. Is there a plan to protect against password-guessing attacks on user accounts, which can be shared with site admins?
2. Since /etc/ssh/sshd_config contains:

   PermitRootLogin yes
   

   I am concerned that password-based root login may in fact be permitted on ops. Is that the case? If so, could this setting be changed to without-password?

There is a rack requirement that site admins be able to figure out where the software installed on their rack came from. In looking at boss.utah.geniracks.net (performing IG-MON-1 step 1), i was able to track down most things, but have the following three caveats in terms of tracking system binaries back to source code:

1. Since Emulab system binaries are installed by a make install type process, the easiest way to verify where they came from (that i can think of) is to md5 the binary and compare it to a binary in an .../obj tree whose corresponding .../src tree is known. On boss right now, that tree seems to be /users/stoller/testbed/{src,obj}. So that works well, but i had to make a guess about where the tree was likely to be. Are you planning a standard location for the {src,obj} from which each rack's Emulab software will be installed, or will it vary?
2. If the OS base install had been upgraded, i could do the same thing for verifying FreeBSD base system software by looking in /usr/{src,obj}. However, right now, boss has a FreeBSD base install, so there is no base software in /usr/obj. Does FreeBSD provide a standard solution for this, or do they assume that anyone who cares what version they're running has recompiled their base and thus has something in /usr/obj? Any thoughts?
3. Some software on the system comes from FreeBSD packages, which i believe are created by Utah. Is the source/patches/etc used to create those packages available somewhere?