Search Results

Search found 18781 results on 752 pages for 'ip port'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 230/752 | < Previous Page | 226 227 228 229 230 231 232 233 234 235 236 237  | Next Page >

  • Virtualhost entries gets over-written when apache httpd.conf is rebuilt

    - by Amitabh
    Background: We have been trying to get a wildcard SSL working on multiple sub domains on a single dedicated address.. We have two sub domains next.my-personal-website.com and blog.my-personal-website.com Part of our strategy has been to edit the httpd.conf and add the NameVirtualHost xx.xx.144.72:443 directive and the virtualhost entries for port 443 for the subdomains there. This works good if we just edit the httpd.conf, add the entries, save it and restart the apache. The problem: But if we add a new sub domain from cpanel or we run the # /usr/local/cpanel/bin/apache_conf_distiller --update # /scripts/rebuildhttpdconf the virtualhost entries that we added manually are no more there in the newly generated httpd.conf file. Only the virtualhost entry for the main domain for port 443 that was there before we made edits to the httpd.conf is there(assuming we are not discussing virtualhost entries for port 80). I understand we need to put the new virtualhost entries in some include files as mentioned here in the cpanel documentation. But am not sure where to. So the question would be where do I put the NameVirtualHost xx.xx.144.72:443 directive and the two virtualhost directive for port 443, so that they are not overwritten when httpd.conf is rebuilt/regenerated later. Virtualhost entries: The two virtualhost entries for the subdomains are: <VirtualHost xx.xx.144.72:443> ServerName next.my-personal-website.com ServerAlias www.next.my-personal-website.com DocumentRoot /home/myguardi/public_html/next.my-personal-website.com ServerAdmin [email protected] UseCanonicalName On CustomLog /usr/local/apache/domlogs/next.my-personal-website.com combined CustomLog /usr/local/apache/domlogs/next.my-personal-website.com-bytes_log "%{%s}t %I .\n%{%s}t %O ." ## User myguardi # Needed for Cpanel::ApacheConf <IfModule mod_suphp.c> suPHP_UserGroup myguardi myguardi </IfModule> <IfModule !mod_disable_suexec.c> SuexecUserGroup myguardi myguardi </IfModule> ScriptAlias /cgi-bin/ /home/myguardi/public_html/next.my-personal-website.com/cgi-bin/ SSLEngine on SSLCertificateFile /etc/ssl/certs/my-personal-website.com.crt SSLCertificateKeyFile /etc/ssl/private/my-personal-website.com.key SSLCACertificateFile /etc/ssl/certs/my-personal-website.com.cabundle CustomLog /usr/local/apache/domlogs/next.my-personal-website.com-ssl_log combined SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown <Directory "/home/myguardi/public_html/cgi-bin"> SSLOptions +StdEnvVars </Directory> and <VirtualHost xx.xx.144.72:443> ServerName blog.my-personal-website.com ServerAlias www.blog.my-personal-website.com DocumentRoot /home/myguardi/public_html/blog.my-personal-website.com ServerAdmin [email protected] UseCanonicalName On CustomLog /usr/local/apache/domlogs/blog.my-personal-website.com combined CustomLog /usr/local/apache/domlogs/blog.my-personal-website.com-bytes_log "%{%s}t %I .\n%{%s}t %O ." ## User myguardi # Needed for Cpanel::ApacheConf <IfModule mod_suphp.c> suPHP_UserGroup myguardi myguardi </IfModule> <IfModule !mod_disable_suexec.c> SuexecUserGroup myguardi myguardi </IfModule> ScriptAlias /cgi-bin/ /home/myguardi/public_html/blog.my-personal-website.com/cgi-bin/ SSLEngine on SSLCertificateFile /etc/ssl/certs/my-personal-website.com.crt SSLCertificateKeyFile /etc/ssl/private/my-personal-website.com.key SSLCACertificateFile /etc/ssl/certs/my-personal-website.com.cabundle CustomLog /usr/local/apache/domlogs/blog.my-personal-website.com-ssl_log combined SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown <Directory "/home/myguardi/public_html/cgi-bin"> SSLOptions +StdEnvVars </Directory> and the automatically generated virtualhost entry for the main domain for port 443 is <VirtualHost xx.xx.144.72:443> ServerName my-personal-website.com ServerAlias www.my-personal-website.com DocumentRoot /home/myguardi/public_html ServerAdmin [email protected] UseCanonicalName Off CustomLog /usr/local/apache/domlogs/my-personal-website.com combined CustomLog /usr/local/apache/domlogs/my-personal-website.com-bytes_log "%{%s}t %I .\n%{%s}t %O ." ## User myguardi # Needed for Cpanel::ApacheConf <IfModule mod_suphp.c> suPHP_UserGroup myguardi myguardi </IfModule> <IfModule !mod_disable_suexec.c> SuexecUserGroup myguardi myguardi </IfModule> ScriptAlias /cgi-bin/ /home/myguardi/public_html/cgi-bin/ SSLEngine on SSLCertificateFile /etc/ssl/certs/my-personal-website.com.crt SSLCertificateKeyFile /etc/ssl/private/my-personal-website.com.key SSLCACertificateFile /etc/ssl/certs/my-personal-website.com.cabundle CustomLog /usr/local/apache/domlogs/my-personal-website.com-ssl_log combined SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown <Directory "/home/myguardi/public_html/cgi-bin"> SSLOptions +StdEnvVars </Directory> # To customize this VirtualHost use an include file at the following location # Include "/usr/local/apache/conf/userdata/ssl/2/myguardi/my-personal-website.com/*.conf" I really appreciate if somebody can tell me how to proceed on this. Thank you. Update: Include directives present are: `Include "/usr/local/apache/conf/includes/pre_main_global.conf" Include "/usr/local/apache/conf/includes/pre_main_2.conf" Include "/usr/local/apache/conf/php.conf" Include "/usr/local/apache/conf/includes/errordocument.conf" Include "/usr/local/apache/conf/modsec2.conf" Include "/usr/local/apache/conf/includes/pre_virtualhost_global.conf" Include "/usr/local/apache/conf/includes/pre_virtualhost_2.conf" ` These are the entries that are generated before any virtualhost entry is defined. Towards the end of the httpd.conf file , the following two entries are added Include "/usr/local/apache/conf/includes/post_virtualhost_global.conf" Include "/usr/local/apache/conf/includes/post_virtualhost_2.conf" The older httpd.conf file before we added the virtualhost entries for sub domains for port 443 can be viewed here

    Read the article

  • Extend my LAN network

    - by user268291
    i have a patch panel and hardwiring already setup in my office. The patch panel is 24-port and all the ports are engaged. All my switch ports are engaged. Now, I have a printer connected to a wall point (RJ45) which I want to shift to a new room where there is no LAN setup. I want to have two RJ45 wall plugs in the new room so that I can connect one RJ45 port to have my LAN in the new room and the other RJ45 wall port I want to use for my printer. There is no option other than LAN (no wireless). Please help me and tell me how do I get the two RJ45 wall plate plugs in the new room up and keep my LAN running. It is a little urgent for me. Please help.

    Read the article

  • Duplicate incoming TCP traffic on Debian Squeeze

    - by Erwan Queffélec
    I have to test a homebrew server that accepts a lot of incoming TCP traffic on a single port. The protocol is homebrew as well. For testing purposes, I'd like to send this traffic both : - to the production server (say, listening on port 12345) - to the test server (say, listening on port 23456) My clients apps are "dumb" : they never read data back, and the server never replies anyway, my server only accepts connections, and do statistical computations and store/forward/service both raw and computed data. Actually, client apps and hardware are so simple there is no way I can tell clients to send their stream on both servers... And using "fake" clients is not good enough. What could be the simplest solution ? I can of course write an intermediary app that just copy incoming data and send it back to the testing server, pretending to be the client. I have a single server running Squeeze and have total control over it. Thanks in advance for your replies.

    Read the article

  • Network Configuration

    - by Dario
    Hello, This is my situation: Router A: IP 192.168.1.1 Mask 192.168.1.0/24 - Connected to the internet. Server: - Interface eth0: inet addr:10.1.1.125 Mask:255.255.255.0 (connected to router B) - Interface ra0: inet addr:192.168.1.125 Mask:255.255.255.0 (connected to router A) Router B: IP 10.1.1.254 Mask 10.1.1.0/24 - Connected to Server's eth0 Computer: connected to Router B via WiFi connection. I configured a static route on Router B that use as default gateway 192.168.1.125 and i can ping that ip from computer. The problem is: how i can connect to the internet ? In other words, traffic coming from Server eth0 should use ra0 as gateway. Any suggestion ? Thank you

    Read the article

  • PXE boot not happening due to DHCP issue .

    - by Nishant
    I could PXE boot this laptop to some extent yesterday but all of a sudden after some time it started to show this error message . I reinstalled my tftp server etc in between . It seems that DHCP lease issue is happening . The client wants some specific address I think ? How to resolve List item Client requested address 0.68.101.98 [06/06 04:37:27.658] no more address or address previously allocated by another server [06/06 04:37:27.658] Rcvd DHCP Discover Msg for IP 0.0.0.0, Mac 00:0E:7B:23:FA:11 [06/06 04:37:29.670] Client requested address 0.68.101.98 [06/06 04:37:29.670] no more address or address previously allocated by another server [06/06 04:37:29.670] Rcvd DHCP Discover Msg for IP 0.0.0.0, Mac 00:0E:7B:23:FA:11 [06/06 04:37:33.679] Client requested address 0.68.101.98 [06/06 04:37:33.679] no more address or address previously allocated by another server [06/06 04:37:33.679] Rcvd DHCP Discover Msg for IP 0.0.0.0, Mac 00:0E:7B:23:FA:11 [06/06 04:37:41.699]

    Read the article

  • why would you create two different subnets on the same physical network?

    - by xirtyllo
    I'm working at a messy location, one of the strange (for me) things is that on the same physical network there are two different subnets. Specifically some computers will have 10.0.0.0/24 and some others will have 172.16.0.0/24. There is only one DHCP server, which gives IPs on the 10.0.0.0/24 range, and there are two internet gateways, one with IP 172.16.0.1 and one with IP 10.0.0.1 . To give an example, I can easily swap one PC from one subnet to the other just by changing its IP and gateway settings. I am trying to imagine why they created the network this way, and which may be the possible advantages and/or drawbacks of having two different subnets on the same physical network. Any thoughts?

    Read the article

  • Bug in CDP implementation

    - by Suraj
    We are developing a Linux based ethernet switch which has 6 ports. We are done with CDP protocol. I have connected a Cisco device to port 2. When I quiery for the Cisco device, I get the reply and instead of getting lan1 (port 1 - lan0 .. port 6 = lan5), I always get the interface name as eth0. The same is the case for all the ports. What changes are required to get the correct interface name? I will be very thankful for the information. The snap packet is received in the routine snap_rcv() in the file "linux._2.6.XX/net/802/psnap.c"; Regards, Suraj..

    Read the article

  • Cisco FC SAN switch decision

    - by Chopper3
    I've got to buy a bunch of FC SAN switches in the next week or so, I have to, and want to, buy Cisco MDSs. Servers are HP BL490c G6's in C7000 chassis with Virtual-Connect Flex-10 ethernet interconnects and VC FC interconnects (Emulex HBAs btw), all running ESX 3.5U4 (for now). I think I've only really got two choices; MDS 9509's with dual-supervisors with a single 48-port 4Gb FC card MDS 9222i's with single supervisor and the built-in 18-FC-port/4-GigE-FCIP-port option Both have the same functionality (I think, buying the enterprise licence btw), both have plenty enough performance and adequate ports for now and the next three years. The 9222i's are about 55% the price of the 9509's - logic says get the 'i's but will I really miss the dual-supervisors? I've got lots of 9509's with dual-supervisors that I'm very happy with but I'm not sure I've every benefitted from the dual-sups in the past and they are nearly twice the price - but if I don't buy them and miss them I can't retrofit them later. What are your thoughts?

    Read the article

  • Can I log into a Domain account without pointing DNS to the domain controller?

    - by user72593
    My situation is as follows: I have a Windows 2003 Domain Controller which is also my DNS server. I have 10 Windows XP Pro PC's which all login to domain accounts. I am about the forward my DNS requests to OPENDNS so I can regulate web access but I have (2) PC's that I would like to keep unregulated. I manually changed their DNS server IP to (8.8.8.8) which worked but that caused my login to fail (by creating a 3 minute delay before it would let me get to the desktop) when I change the DNS IP back to the IP of the Domain Controller, everything works smoothly. Question is, how can I continue to login to the domain but have a different DNS path...is this possible ?

    Read the article

  • How to legitimately work around ISP rate limits

    - by Derek Ting
    A lot of ISP rate limit the amount of e-mails that is sent from a particular IP address. What is the proper way to get around that rate limit? Our company has an iPhone application that sends many e-mails because of our large user base and many e-mails go to different ISPs that rate limit the number of messages coming from a specific IP. We do not send spam and we are a legitimate business. However, is there a better way to resolve this limitation rather than just getting a ton of IP addresses? Ideally, I wouldn't want to rely on a third party service to send mail. However, if its the only possible solution, we would consider.

    Read the article

  • How should I remotely manage Dell Poweredge 2850 running Ubuntu server?

    - by Saul
    First I've got to say I'm a Linux / Ubuntu novice, so go gentle on me as I'm on day 3. I've managed to get Ubuntu server Ubuntu 8.04 LTS installed and running on the Poweredge 1850 I bought off ebay. The box will go in a rack at my office but I want to be able to work on it and power on and off from home and I gather that (maybe) IPMI over LAN might be the way to do this, or maybe its something to do with BMC or something? I want to be able to administer/manage from a client PC at home running XP. I will be configuring the office router to port forward port 80 and 443 to the Ubuntu server running Apache2, and I'm puzzled about how the remote management works (unless it comes on a different port forwarded to a different internal IP) Thanks for any help

    Read the article

  • Apache localhost problem

    - by hart1994
    I have set up Apache on my Windows 7 PC. Now I have it working fine on the PC, by going to localhost or the IP (192.168.1.71). However when I go to my Mac I try to connect to it via its IP and it doesn't connect. I have also tried this on another computer. Oops! Google Chrome could not connect to 192.168.1.71 Now is there something wrong with the code in the Apache httpd file? EDIT: I have also tried to ping the IP address and it works fine.

    Read the article

  • SSL Proxy: Forwarding without the encryption

    - by John
    I have a python application listening on port 9001 for HTTP traffic. I'm trying to configure Apache (or anything, really) to listen on port 443 for HTTPS connections, and then forward the connection, sans encryption, to port 9001 on the same machine. My application would then reply via the proxy, where the encryption would be reapplied, and returned to the client transparently. I'm not doing anything crazy with the site names and SSL certs, I have one public IP, one hostname, and one SSL cert. Stripping the encryption at the proxy doesn't seem to be a common requirement. Is what I'm asking for a normal requirement? Are there other concerns with this sort of configuration?

    Read the article

  • Connectiong adsl router/modem and router with bridgemode

    - by Zvonko Telefonko
    I have one adsl modem/router which is not "top" of the line and it lack allot of options which I need. I was able to acquire one Cisco router recently which has all options that I need ( like DMZ, VPN, port forwarding, etc). I'm interested, if I connect the old modem/router to new Cisco router using bridge mode, will I be able to use all the features on the Cisco? For instance, the old router is lacking of port forward options. Does this mean that I will not be able to use port forwarding on Cisco router either or, since I will be using bridge mode, this will not affect Cisco router and it will work as the modem is in him? thank you

    Read the article

  • OpenVPN Push DNS Not Working Correctly On Windows

    - by woodsbw
    I currently have OpenVPN server setup on an Ubuntu machine, as well as DNSMasq. I am wanting to push DNS to the client (road warrior setup.) I had the push "dhcp-option DNS x.x.x.x" where x.x.x.x was an open OpenDNS server, for testing, and everything was working when I connected from my Windows client But now that I have DNSMasq setup, and I changed the "dhcp-option DNS x.x.x.x" to the DNSMasq server, but when they client connects it still receives the old, OpenDNS DNS server IP. I'm at a bit of a loss here, I have tried flushing DNS on the client, rebooting the server, and I even grep'd the entire server to see if the OpenDNS IP was in some other config I was missing...it wasn't. One other note, when connect to the VPN and explicitly run nslookup against against the DNSMasq IP, the addresses resolve correctly, so it isn't a DNSMasq issue.

    Read the article

  • Net Screen manager setup

    - by Codezy
    I'm having an issue with our NSMExpress box. I'm trying to manage all our devices, range from ns5gt to ssg320m, and some of those devices have addresses assigned by dhcp from the ISP (like pppoe or dsl). The addresses are actually static but we have the register the MAC address in order to get this address. I can actually add the device in NSM except the IP that's on the untrust side isn't imported in as it's dynamic. Because of this I cannot change many options that pertian to the untrust interface as there is no IP. I've talked to JTAC on this and they didn't know if there was a way to do this or not but then they stated that Tim Hortons does this so I'm confused on how to get this working. Maybe i'm just missing something as I imagine that other people must be doing this as well. Any assistance is appreciated! Furthermore when I import a device this is the message I get: Warnings: Interface ethernet0/0 is a pppoe/dhcp/pppoa client and its ip is NOT IMPORTED because it may be dynamic.

    Read the article

  • Calculate data transferred in a local LAN

    - by ramdaz
    How do you calculate the data flown between a computer and the gateway computer. I have a Linux router/gateway running IP Tables which routes internet traffic in a LAN. I have individual users with IP/MAC Address mapped who access Interet through the gateway computer. I would like to find out the traffic utilized by individual users. Is it possible for us to find out what kind of traffic was HTTP, SMTP, FTP etc. Is it also possible to pool the information on hourly basis, and get specific info so that I can store information in a database? I have heard of IP Accounting? Is that the right way

    Read the article

  • Security question pertaining web application deployment

    - by orokusaki
    I am about to deploy a web application (in a couple months) with the following set-up (perhaps anyways): Ubuntu Lucid Lynx with: IP Tables firewall (white-list style with only 3 ports open) Custom SSH port (like 31847 or something) No "root" SSH access Long, random username (not just "admin" or something) with a long password (65 chars) PostgreSQL which only listens to localhost 256 bit SSL Cert Reverse proxy from NGINX to my application server (UWSGI) Assume that my colo is secure (Physical access isn't my concern for the time being) Application-level security (SQL injection, XSS, Directory Traversal, CSRF, etc) Perhaps IP masquerading (but I don't really understand this yet) Does this sound like a secure setup? I hear about people's web apps getting hacked all the time, and part of me thinks, "maybe they're just neglecting something", but the other part of me thinks, "maybe there's nothing you can do to protect your server, and those things are just measures to make it a little harder for script kiddies to get in". If I told you all of this, gave you my IP address, and told you what ports were available, would it be possible for you to get in (assuming you have a penetration testing tool), or is this really protected well.

    Read the article

  • Microsoft ISA 2004 - Failed Connection Attempt

    - by Arief
    I have an issue where users with Android tablet cannot download apps through ISA 2004. This is what I get from the ISA 2004 logging: I did try to add the source ip address and the destination ip address in All for All Modified rule. However, it does not fix that problem. I also use GFI Web Monitoring. I did add the 151.101.13.80 ip address into the Whitelist, and no luck. What Failed Connection Attempt exactly is? How to overcome this. The Android tablet is throwing an error 495, could not be downloaded. Thanks everyone.

    Read the article

  • Sonicwall settings for Polycom TFTP

    - by Michael Glenn
    I'm switching our VoIP phones (Polycom 301s and 501s) to our data network. They were previously segmented to their own network. This means disabling the DHCP on the Trixbox (Asterisk) server and configuring the Sonicwall TZ 210 DHCP to indicate that Trixbox is the TFTP server. The Polycom phones are stating "could not contact boot server". All phones are configured to TFTP and were confirmed working when previously using the Trixbox server for DHCP. Trixbox DHCP is now turned off. I've configured options 66(as String), 128(as IP) and 150(as IP) in DHCP and added them to a TFTP Option Group. I've enabled "Allow BOOTP Clients to use Range" for the Dynamic IP range and assigned the Option Group TFTP as the DHCP Generic Option Group. Any idea what I'm missing? Is there a separate tool to inspect the DHCP response to compare Trixbox to the Sonicwall?

    Read the article

  • Cannot connect to xdebug over virtual network - Vagrant Virtualbox

    - by smix96
    I'm trying to set up a development box using Virtualbox / Vagrant / Puppet with the intention of eventually provisioning all my machines up to production. However this is stopping me going forward at the moment. I've installed ubuntu lucid over windows 7. When trying to connect to xdebug by starting a debugging session in eclipse, it hangs at 57% (common in eclipse when it cannot communicate with xdebug). Here is my xdebug.ini and the settings here are appearing in phpinfo(). xdebug.remote_enable=On xdebug.remote_handler=dbgp xdebug.remote_host=192.168.56.1 xdebug.remote_port=9000 I'm now wondering if it's an issue with port forwarding? If eclipse is looking on port 9000, will it find port 9000 on a virtual machine? Any help would be greatly appreciated!

    Read the article

  • Setting up a proxy for FTP - Windows

    - by RadiantHex
    Hi folks, I have 2 windows machines and a server. 1 is my laptop, the other is a workstation that the IP of which is white-listed on the server. The laptop has a dynamic IP, so the IP cannot be white-listed. I would like to be able to perform FTP transfers from my laptop to the server, while using the workstation as a proxy. Both machines are using Windows 7. Is this possible? Help would be amazing!

    Read the article

  • FortiGate firewall configuration with /30 and /28 networks

    - by slyderc
    I have fiber coming in from a new ISP which is being handed off via Ethernet on a single physical port. I'm having doubts about how to approach the configuration on my FortiGate 200A firewall because I've been given a /30 containing the ISP's gateway and another /28 for external IPs I can use: x.y.76.12/30 (.13 is the GW) x.y.76.64/28 (public IP space) How do I configure the FG200A's WAN1 interface to be aware of the two networks? As I only have one physical ISP port, will I need to plug it into a switch to break-out two cables and use a DMZ port on the FG200A for setting up the /28? Thanks in advance for your insight!

    Read the article

  • Windows 2008 Incoming Connection: Where/How is Server IPv4 address defined

    - by revelate
    We're evaluating a VM hosted externally which runs Windows Server 2008 R2 Web Server Edition and wish to access it via a VPN connection for maintenance and administration. RRAS isn't included in Web Server Edition, but it does have a form of VPN server called "Incoming Connections". This appears to work well and even supports multiple simultaneous connections. As we'll be using this VPN regularly we'd like to know if this is a viable solution or if we'd be better off upgrading to Standard Edition and full-fledged RRAS. In particular we're accessing the VM via the Private IP given by the Incoming Connection (currently 169.254.135.207) so we'd like know: if the server private IP might change every so often? if so is there any way to define it manually? or should we be using the server name rather than the private IP address? if so how can we be sure that it will resolve correctly? Name resolution over the "Incoming Connection" has worked on and off during our tests. Thanks for your help

    Read the article

  • Can't log in via SSH to any accounts set to use /bin/bash as a default shell

    - by Gui Ambros
    I'm trying to install bash as the default shell on a ARM Linux running on an embedded device (Synology DS212+ NAS). But there's something really wrong, and I can't figure out what it is. Symptoms: 1) Root has /bin/bash as default shell, and can log in normally via SSH: $ grep root /etc/passwd root:x:0:0:root:/root:/bin/bash $ ssh root@NAS root@NAS's password: Last login: Sun Dec 16 14:06:56 2012 from desktop # 2) joeuser has /bin/bash as default shell, and receives "Permission denied" when trying to log in via SSH: $ grep joeuser /etc/passwd joeuser:x:1029:100:Joe User:/home/joeuser:/bin/bash $ ssh joeuser@localhost joeuser@NAS's password: Last login: Sun Dec 16 14:07:22 2012 from desktop Permission denied, please try again. Connection to localhost closed. 3) changing joeuser's shell back to /bin/sh: $ grep joeuser /etc/passwd joeuser:x:1029:100:Joe User:/home/joeuser:/bin/sh $ ssh joeuser@localhost Last login: Sun Dec 16 15:50:52 2012 from localhost $ To make things even more strange, I can log in as joeuser using /bin/bash using the serial console (!). Also a su - joeuser as root works fine, so the bash binary itself is working fine. In an act of despair, I changed joeuser's uid to 0 on /etc/passwd, but also didn't work, so it doesn't seem to be anything permission related. Seems that bash is doing some extra checking that sshd didn't like, and blocking the connections for non-root users. Maybe some sort of sanity checking - or terminal emulation - that is triggering the SIGCHLD, but only when called via ssh. I already went through every single item on sshd_config, and also put SSHD in debug mode, but didn't find anything strange. Here's my /etc/ssh/sshd_config: LogLevel DEBUG LoginGraceTime 2m PermitRootLogin yes RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys ChallengeResponseAuthentication no UsePAM yes AllowTcpForwarding no ChrootDirectory none Subsystem sftp internal-sftp -f DAEMON -u 000 And here's the output from /usr/syno/sbin/sshd -d, showing the failed attempt of joeuser trying to log in, with /bin/bash as the shell: debug1: Config token is loglevel debug1: Config token is logingracetime debug1: Config token is permitrootlogin debug1: Config token is rsaauthentication debug1: Config token is pubkeyauthentication debug1: Config token is authorizedkeysfile debug1: Config token is challengeresponseauthentication debug1: Config token is usepam debug1: Config token is allowtcpforwarding debug1: Config token is chrootdirectory debug1: Config token is subsystem debug1: HPN Buffer Size: 87380 debug1: sshd version OpenSSH_5.8p1-hpn13v11 debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: read PEM private key done: type ECDSA debug1: private host key: #2 type 3 ECDSA debug1: rexec_argv[0]='/usr/syno/sbin/sshd' debug1: rexec_argv[1]='-d' Set /proc/self/oom_adj from 0 to -17 debug1: Bind to port 22 on ::. debug1: Server TCP RWIN socket size: 87380 debug1: HPN Buffer Size: 87380 Server listening on :: port 22. debug1: Bind to port 22 on 0.0.0.0. debug1: Server TCP RWIN socket size: 87380 debug1: HPN Buffer Size: 87380 Server listening on 0.0.0.0 port 22. debug1: Server will not fork when running in debugging mode. debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 9 debug1: inetd sockets after dupping: 4, 4 Connection from 127.0.0.1 port 52212 debug1: HPN Disabled: 0, HPN Buffer Size: 87380 debug1: Client protocol version 2.0; client software version OpenSSH_5.8p1-hpn13v11 SSH: Server;Ltype: Version;Remote: 127.0.0.1-52212;Protocol: 2.0;Client: OpenSSH_5.8p1-hpn13v11 debug1: match: OpenSSH_5.8p1-hpn13v11 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.8p1-hpn13v11 debug1: permanently_set_uid: 1024/100 debug1: MYFLAG IS 1 debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: AUTH STATE IS 0 debug1: REQUESTED ENC.NAME is 'aes128-ctr' debug1: kex: client->server aes128-ctr hmac-md5 none SSH: Server;Ltype: Kex;Remote: 127.0.0.1-52212;Enc: aes128-ctr;MAC: hmac-md5;Comp: none debug1: REQUESTED ENC.NAME is 'aes128-ctr' debug1: kex: server->client aes128-ctr hmac-md5 none debug1: expecting SSH2_MSG_KEX_ECDH_INIT debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user joeuser service ssh-connection method none SSH: Server;Ltype: Authname;Remote: 127.0.0.1-52212;Name: joeuser debug1: attempt 0 failures 0 debug1: Config token is loglevel debug1: Config token is logingracetime debug1: Config token is permitrootlogin debug1: Config token is rsaauthentication debug1: Config token is pubkeyauthentication debug1: Config token is authorizedkeysfile debug1: Config token is challengeresponseauthentication debug1: Config token is usepam debug1: Config token is allowtcpforwarding debug1: Config token is chrootdirectory debug1: Config token is subsystem debug1: PAM: initializing for "joeuser" debug1: PAM: setting PAM_RHOST to "localhost" debug1: PAM: setting PAM_TTY to "ssh" debug1: userauth-request for user joeuser service ssh-connection method password debug1: attempt 1 failures 0 debug1: do_pam_account: called Accepted password for joeuser from 127.0.0.1 port 52212 ssh2 debug1: monitor_child_preauth: joeuser has been authenticated by privileged process debug1: PAM: establishing credentials User child is on pid 9129 debug1: Entering interactive session for SSH2. debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_global_request: rtype [email protected] want_reply 0 debug1: server_input_channel_req: channel 0 request pty-req reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug1: session_new: session 0 debug1: session_pty_req: session 0 alloc /dev/pts/1 debug1: server_input_channel_req: channel 0 request shell reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell debug1: Setting controlling tty using TIOCSCTTY. debug1: Received SIGCHLD. debug1: session_by_pid: pid 9130 debug1: session_exit_message: session 0 channel 0 pid 9130 debug1: session_exit_message: release channel 0 debug1: session_by_tty: session 0 tty /dev/pts/1 debug1: session_pty_cleanup: session 0 release /dev/pts/1 Received disconnect from 127.0.0.1: 11: disconnected by user debug1: do_cleanup debug1: do_cleanup debug1: PAM: cleanup debug1: PAM: closing session debug1: PAM: deleting credentials Here you have the full output of sshd -dd, together with ssh -vv. Bash: # bash --version GNU bash, version 3.2.49(1)-release (arm-none-linux-gnueabi) Copyright (C) 2007 Free Software Foundation, Inc. The bash binary was cross compiled from source. I also tried using a pre-compiled binary from the Optware distribution, but had the exact same problem. I checked for missing shared libraries using objdump -x, but they're all there. Any ideas what could be causing this "Permission denied, please try again."? I'm almost diving in the bash source code to investigate, but trying to avoid hours chasing something that may be silly.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 226 227 228 229 230 231 232 233 234 235 236 237  | Next Page >