David,

  I can try to assist you if you want to continue working on this tonight or tomorrow.  Here's my public key for user jboone@gitlab.common-lisp.net

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBqwjwchMCU4S9OrgbkbJuZh7i6ObH31LO0poUaCd4h6

but I don't think I have an ssh login setup.

—jon


On Thu, Dec 26, 2024 at 8:25 PM David Cooper <david.cooper@genworks.com> wrote:

Dear Raymond (and all concerned), 

 I'm having trouble switching the sshd service back to port 22, and I have to give up on it for a little while. 

 If anyone is available to help with this let me know. 

 In the meantime the sshd is on port 4022 and your .ssh/config will need to be configured accordingly. Here is mind for example: 

 
```
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed_github
User dcooper
Port 4022 
PubkeyAcceptedKeyTypes=ssh-ed25519
```


What I tried on the server: 

 1. Added ACCEPT rule to the firewall (nftables with iptables frontend) for port 22. 

 2. Edited /etc/ssh/sshd_config.d/local.conf  and changed Port to 22

 3. Confirmed with `sudo netstat -tulpn | grep 22`  that sshd was listening on port 22

 4. Updated my home .ssh/config to comment out the Port 4022

 5.  Tried ssh from home - did not work (timed out). 

For fear of locking myself out of the server, I set it back to 4022 for now, confirmed I could log in, then rebooted the machine to make sure the firewall and fail2ban are active again.


Dave Cooper



---- On Thu, 26 Dec 2024 19:48:45 -0500 David Cooper <david.cooper@genworks.com> wrote ---


Hi again Raymond,  

Sorry for your frustrations, and this next one is on us for sure: as a security measure, we had updated the ssh port from the standard port 22 to the arbitrary 4022. I'm changing it back to standard 22 now. 

And as you have both a shell login account and Gitlab account, you probably have to add your ed25519 public key both in the .ssh/ directory and .ssh/authorized_keys file, as we ll as pasting into your Gitlab profile through the gitlab web ui (after you can access that), to enable both shell login and git push/pull.  Presumably you already have your ed25519 public key pasted into gitlab, but you can confirm that as soon as you can access the website.  

As an example, here is my .ssh/config for the new host: 

```
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed_github
User dcooper
PubkeyAcceptedKeyTypes=ssh-ed25519
```

Please wait a few minutes while I change the port back to the standard 22. 

Dave Cooper




---- On Thu, 26 Dec 2024 18:34:32 -0500 Raymond Toy <toy.raymond@gmail.com> wrote ---



On Thu, Dec 26, 2024 at 3:19 PM David Cooper <david.cooper@genworks.com> wrote:




Dave Cooper



---- On Thu, 26 Dec 2024 17:41:05 -0500 toy.raymond@gmail.com wrote ----


Can you ssh to gitlab.common-lisp.net ?

It might not accept older rsa keys, i.e.you might need to generate new stronger e.g. ed25519 keys (I'm not gonna go snooping around your .ssh directory unless I need to).  If so, send me your new public key and I'll add it to your .ssh/authorized_keys on the new host. 

Hmm.  I can't ssh to gitlab.common-lisp.net.  I don't think I've ever tried that before.  I still have my old rsa key, but I also switched to ed25519 keys quite a while ago and that's what I use for ssh now.



On Thu, Dec 26, 2024 at 12:53 PM David Cooper <david.cooper@genworks.com> wrote:


Note that the DNS for gitlab.common-lisp.net switched over to a new IP address (a new Hetzner host) Christmas eve. 

What is the correct IP address?  Clearing the OS and browser DNS cache didn't seem to make a difference.  I can ping gitlab.common-lisp.net just fine:
```
64 bytes from future.common-lisp.net (65.108.13.229)
```

So you may need to clear your DNS caches (browsers and OS). 

The toplevel common-lisp.net still resolves to the old host for now, so ssh'ing there will get you to the legacy host.  But the plan is to move that to the new host in due course as well.  I assume you'll need a shell login for the new host? The new host is reachable via future.common-lisp.net or gitlab.common-lisp.net, and i believe your shell login account has been replicated on the new host
Yes, I'd like a shell login.  I still need to access it to upload cmucl release tarballs and such.

Thanks for your help.  I think I should reboot my modem and wifi once again.  I think that's the only way to clear the DNS cache on my wifi router connected to my cable modem.
already. 



Dave Cooper

P.S. these mailing lists are still going through the legacy host. 



---- On Thu, 26 Dec 2024 13:45:50 -0500 toy.raymond@gmail.com wrote ----



On Thu, Dec 26, 2024 at 8:54 AM Jon Boone <ipmonger@delamancha.org> wrote:
I have no problems reaching it via Safari (Version 18.2 (20620.1.16.11.8))  or Chrome (Version 131.0.6778.205 (Official Build) (arm64)) on macOS 15.2 (24C101) as of 2024-12-26 11:55 EST.

Ok, it must be me.  I can't reach it on any of my computers, even after rebooting my modem and wifi point.  But I can over cellular with my phone.  But every other site I try works fine over my home wifi.  I can even ssh into common-lisp.net.

Not sure what's going on.  I didn't update anything or add a proxy or anything like that.



—jon


On Thu, Dec 26, 2024 at 11:26 AM Raymond Toy <toy.raymond@gmail.com> wrote:

On 12/25/24 12:28 PM, Georgiy Tugai wrote:

I believe that the links should be working again now.
FWIW, I can’t reachgitlab.common-lisp.net at all. Firefox says it’s unable to connect. Chrome says it can’t be reached. I think this started a couple of days ago, maybe?


Regards,
Georgiy

On 25/12/2024 21:02, Robert Goldman wrote:

I was trying to follow a link from the projects hub, https://common-lisp.net/phub for usocket, and got a 404.

I've tried clicking some other links and they all 404 also, so maybe there's some rewrite or redirect logic that's busted?

Happy Holidays,
R


&#8203;


--

Ray



--

Ray



--

Ray