Search Results

Search found 4462 results on 179 pages for 'ssh'.

Page 26/179 | < Previous Page | 22 23 24 25 26 27 28 29 30 31 32 33  | Next Page >

• iptables (NAT/PAT) setup for SSH & Samba

  - by IanVaughan

  I need to access a Linux box via SSH & Samba that is hidden/connected behind another one. Setup :- A switch B C |----| |---| |----| |----| |eth0|----| |----|eth0| | | |----| |---| |eth1|----|eth1| |----| |----| Eg, SSH/Samba from A to C How does one go about this? I was thinking that it cannot be done via IP alone? Or can it? Could B say "hi on eth0, if your looking for 192.168.0.2, its here on eth1"? Is this NAT? This is a large private network, so what about if another PC has that IP?! More likely it would be PAT? A would say "hi 192.168.109.15:1234" B would say "hi on eth0, traffic for port 1234 goes on here eth1" How could that be done? And would the SSH/Samba demons see the correct packet header info and work?? IP info :- A - eth0 - 192.168.109.2 B - eth0 - 192.168.109.15 - eth1 - 192.168.0.1 C - eth1 - 192.168.0.2 A, B & C are RHEL (RedHat) But Windows computers can be connected to the switch. I configured the 192.168.0.* IPs, they are changeable. Any help?

  Read the article

• Encoding over SSH Issues

  - by user1104160

  I have a Linux machine and a Windows machine, both using Vim with the Powerline plugin. They both work great with patched fonts. Next, I want to SSH onto an OSX 10.6 machine and also use the Powerline in the terminal with Vim. However, I get weird symbols with normal mode ("^^B" in one area) and fancy mode ("~@" and "~B" spread throughout the bar. I thought this mixup was an encoding issue, but when I look at Putty's encoding it is using UTF-8 and the same with the Ubuntu terminal. Additionally, on the OSX machine, "locale" returns "en_US.UTF-8" for all variables (I set it to do that in order to troubleshoot). However, the symbols are still showing. I am using a patched font (Inconsolata, the same one as the Ubuntu terminal) for the OSX terminal, so I am stumped. Is there a missing component to this equation? Are there additional problems that can arise from SSH encoding? On the OSX end, additionally, these same symbols appear, so it may not even be related to SSH and therefore I'm totally lost.

  Read the article

• ssh key questions

  - by Tim

  I have some questions regarding generating keys for ssh access: (1) Supposed there are two computers running ssh server service and I have generated a pair of key files on computer A and copy the public file to computer B. Is it true that this is only a one-way key: We only gave computer A permission to access computer B, not gave computer B permission to access computer A? If I now want to ssh from computer B to computer A, must I generat another pair of key files on computer B and copy the public file to computer A? (2) If I would like to connect a single local computer to several remote servers, is it to generate a common pair of key files only once on the local and copy the same public file to the remote servers, or to generate different pair of key files on the local for different remote servers? (3) If I would like to connect several local computers to a single remote server, when copying the public files from different local computers to the remote server, is it to combine them together into a single authorized_keys file or store them in different authorized_keys files? (4) If there are several servers shared the same file system by, for example, NFS, how to generate keys and arrange the key files for accessing from one server to the other? Also how to still generate keys and arrange the key files for a local computer to access anyone of the servers? All the machines above are Linux.Please provide examples and commands in your reply so that I can better understand how to solve the problems. Thanks and regards!

  Read the article

• Start and shutdown tomcat via ssh

  - by bxshi

  Updated I find out that the path of jdk it using is wrong. eval: 1: /opt/Java/jdk1.6.0_25/jre/bin/java: not found the Java should be lower case java, how is that happen? When I run this script directly on server, it is just okay. I'm trying to start or shutdown tomcat via a remote client. On my server, I've got 3 different tomcat: tomcat1, tomcat2, and tomcat3. Firstly, I've tried to run tomcat_path/bin/shutdown.sh to stop it via ssh, and the command is ssh [email protected] "cd /home/jake/tomcat2/bin;exec bash ./shutdown.sh" both " and ' are tried, but do not work, the output is eval: 1: /opt/Java/jdk1.6.0_25/jre/bin/java: not found it seems that the shell script runs on my local client, because on server it has this file. Is there any way to run a shell script on remote server correctly? updated I've run ssh [email protected] "sh -x /home/jake/tomcat/bin/shutdown.sh > /home/jake/tomcat.log 2>&1" and the output in tomcat.log is : + PRG=/home/jake/tomcat/bin/shutdown.sh + [ -h /home/jake/tomcat/bin/shutdown.sh ] + dirname /home/jake/tomcat/bin/shutdown.sh + PRGDIR=/home/jake/tomcat/bin + EXECUTABLE=catalina.sh + [ ! -x /home/jake/tomcat/bin/catalina.sh ] + exec /home/jake/tomcat/bin/catalina.sh stop eval: 1: /opt/Java/jdk1.6.0_25/jre/bin/java: not found

  Read the article

• Gerrit ssh key setup on windows server

  - by hotpotato

  I am attempting to configure google's 'Gerrit' code review web app on a Windows server 2008 virtual machine on our internal network. We are using Apache Tomcat (6.0.36) to host the web app and have deployed the gerrit.war to tomcats webapp folder, setup the context.xml, web.xml etc for the web app correctly i believe. However when i startup Tomcat using the $CATALINA_HOME/bin/startup.bat i get the following message in the tomcat logs: *Dec 07, 2012 1:03:54 PM org.apache.catalina.core.StandardContext listenerStart SEVERE: Exception sending context initialized event to listener instance of class com.google.gerrit.httpd.WebAppInitializer com.google.inject.CreationException: Guice creation errors:* 1) No SSH keys under C:\Gerrit\config\etc while locating com.google.gerrit.sshd.HostKeyProvider at com.google.gerrit.sshd.SshModule.configure(SshModule.java:90) I have created a is_rsa.pub SSH key and placed it in the specified directory to no avail. I have been googling this for about a week now and can't seem to find any information about the file or format it is expecting... documentation on setting gerrit up on windows seems hard to come by! Can anyone provide useful information about how to correctly configure a host SSH key in this context?

  Read the article

• bash script with permanent ssh connection

  - by samuelf

  I use a bash script which runs /usr/bin/ssh -f -N -T -L8888:127.0.0.1:3306 [email protected] However, when I run the bash script, it waits.. I see the connection coming up but the script doesn't exit.. it's like it's waiting for the SSH process to finish, because when I manually kill it the bash script finishes as well. Any ideas how to resolve this? UPDATE: I have croned this script.. and the cron process is the one that becomes a zombie.. the actual scripts runs just fine, sorry about that, with ps -auxf I get: root 597 0.0 0.7 2372 912 ? Ss Jul12 0:00 cron root 2595 0.0 0.8 2552 1064 ? S 02:09 0:00 \_ CRON 1001 2597 0.0 0.0 0 0 ? Zs 02:09 0:00 \_ [sh] <defunct> 1001 2603 0.0 0.0 0 0 ? Z 02:09 0:00 \_ [cron] <defunct> and when I kill the ssh the defuncts disappear.. why would they become defunct?

  Read the article

• bash script with permanent ssh connection

  - by samuelf

  Hi, I use a bash script which runs /usr/bin/ssh -f -N -T -L8888:127.0.0.1:3306 [email protected] However, when I run the bash script, it waits.. I see the connection coming up but the script doesn't exit.. it's like it's waiting for the SSH process to finish, because when I manually kill it the bash script finishes as well. Any ideas how to resolve this? UPDATE: I have croned this script.. and the cron process is the one that becomes a zombie.. the actual scripts runs just fine, sorry about that, with ps -auxf I get: root 597 0.0 0.7 2372 912 ? Ss Jul12 0:00 cron root 2595 0.0 0.8 2552 1064 ? S 02:09 0:00 \_ CRON 1001 2597 0.0 0.0 0 0 ? Zs 02:09 0:00 \_ [sh] <defunct> 1001 2603 0.0 0.0 0 0 ? Z 02:09 0:00 \_ [cron] <defunct> and when I kill the ssh the defuncts disappear.. why would they become defunct?

  Read the article

• 1and1 ssh - connection refused

  - by kitensei

  I'm having troubles connecting through SSH to my 1&1 account. When I try to connect with command userXXX@host -p22 -vv I have the following output: OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to mySite.com [ip_here] port 22. debug1: connect to address ip_here port 22: Connection refused Moreover, once I try to connect through SSH and it fails, even the HTTP access is dead, I cannot access the website through explorer anymore :/ please help < I'm running ubuntu 11.10 EDIT: don't know if it can help, here's the .htaccess of the 1and1 server Options +Indexes Satisfy any Order Deny,Allow Allow from 212.227.X.X Deny from all RemoveType .html .gif AuthType Basic AuthName "Access to /logs" AuthUserFile /kunden/homepages/43/d376072470/htpasswd Require user "user_here" and sftp.log: Mar 26 09:21:24 193.251.X USER_HERE Connection from 193.251.X port 51809 Mar 26 09:21:30 193.251.X USER_HERE Failed password for USER_HERE from 193.251.X port 51809 ssh2 Mar 26 09:23:39 193.251.X USER_HERE Failed password for USER_HERE from 193.251.X port 51809 ssh2 Mar 26 09:23:41 193.251.X USER_HERE Failed password for USER_HERE from 193.251.X port 51809 ssh2 Mar 26 09:23:45 193.251.X USER_HERE Failed password for USER_HERE from 193.251.X port 51809 ssh2 Mar 26 09:23:57 193.251.X USER_HERE Failed password for USER_HERE from 193.251.X port 51809 ssh2 Mar 26 10:53:36 212.227.X tmp64459736-3228 Connection from 212.227.X port 23275 Mar 26 10:53:36 212.227.X tmp64459736-3228 Accepted password for tmp64459736-3228 from 212.227.X port 23275 ssh2 Mar 26 11:53:37 212.227.X tmp64459736-3228 Connection closed by 212.227.X Mar 26 18:58:17 212.227.X tmp64459736-5363 Connection from 212.227.X port 23353 Mar 26 18:58:17 212.227.X tmp64459736-5363 Accepted password for tmp64459736-5363 from 212.227.X port 23353 ssh2 Mar 26 19:53:36 212.227.X tmp64459736-8525 Connection from 212.227.X port 5166 Mar 26 19:53:36 212.227.X tmp64459736-8525 Accepted password for tmp64459736-8525 from 212.227.X port 5166 ssh2 Mar 26 19:58:17 212.227.X tmp64459736-5363 Connection closed by 212.227.X

  Read the article

• Securing SSH/SFTP and best practices on security

  - by MultiformeIngegno

  I'm on a fresh VPS with Ubuntu Server 12.04. I wanted to ask you the good practices to apply to enhance security over a stock Ubuntu-server. This is what I did up to now: I added Google Authenticator to SSH, then I created a new user (whom I'll use instead of 'root' for SSH & SFTP access) which I added to my /etc/sudoers list below 'root', so now it's: # User privilege specification root ALL=(ALL:ALL) ALL new_user ALL=(ALL:ALL) ALL Then I edited sshd_config and set PermitRootLogin to 'no'. Then restarted the ssh service. Is this ok? There are a few things I'd like to ask you though: 1) What's the sense of adding a new (sudoer) user whilst the root user still exist (ok it can't access with root privilege but it's still there..)? 2) System files are owned by 'root'.. I want to use my new_user to access via SFTP but with it I can't edit those files!! Should I mass-CHMOD 'em so that new_user has write perms too? What's the good practice on this? Thanks in advance, I hope you'll tell me if I did something wrong and/or other ways to secure the system. :)

  Read the article

• Connection refused in ssh tunnel to apache forward proxy setup

  - by arkascha

  I am trying to setup a private forward proxy in a small server. I mean to use it during a conference to tunnel my internet access through an ssh tunnel to the proxy server. So I created a virtual host inside apache-2.2 running the proxy, the proxy_http and the proxy_connect module. I use this configuration: <VirtualHost localhost:8080> ServerAdmin xxxxxxxxxxxxxxxxxxxx ServerName yyyyyyyyyyyyyyyyyyyy ErrorLog /var/log/apache2/proxy-error_log CustomLog /var/log/apache2/proxy-access_log combined <IfModule mod_proxy.c> ProxyRequests On <Proxy *> # deny access to all IP addresses except localhost Order deny,allow Deny from all Allow from 127.0.0.1 </Proxy> # The following is my preference. Your mileage may vary. ProxyVia Block ## allow SSL proxy AllowCONNECT 443 </IfModule> </VirtualHost> After restarting apache I create a tunnel from client to server: #> ssh -L8080:localhost:8080 <server address> and try to access the internet through that tunnel: #> links -http-proxy localhost:8080 http://www.linux.org I would expect to see the requested page. Instead a get a "connection refused" error. In the shell holding open the ssh tunnel I get this: channel 3: open failed: connect failed: Connection refused Anyone got an idea why this connection is refused ?

  Read the article

• Time-Machine backup over SSH tunnel to NFS mount

  - by BTZ

  I've recently started using a new NAS which runs CentOS 6.2. One of the purposes of the NAS would be to serve as a backup target. Whilst I have been using Apple's Time-Machine for a while and I am very satisfied with it, I'd like to continue using it. Backing up directly to an address in my network is no hassle; all works fine. For security reasons I'd like all my traffic to go through an ssh tunnel to the NAS. This way I can avoid needing to get a VPNserver (for personal reasons). As of NFSv4 the NFS deamon is bound to port 2049, which makes it easy for me to direct all traffic through a ssh tunnel. Tunnel: ssh -f admin@ms -L 2000:localhost:2049 -N Mount: mount -t nfs -o nfsvers=4,rw,proto=tcp,sync,intr,hard,timeo=600,retrans=10,wsize=32768,rsize=32768,port=2000 localhost:/mac_backup /Volumes/backup This works fine for Finder/terminal and throughput is almost equal to direct traffic. (CPU of the NAS does ride high when I reach max bandwidth though) Now the problem: With Time-Machine I can't use the NFS mount point mounted on localhost. TM seems to try to connect to it and then give me a "OSStatus error 65". I also tried using NFSv3 (I correctly forwarded all ports) with no luck. Can anyone shed a light on this and/or give a solution?

  Read the article

• SSH Interactive mode not working

  - by Ekin Koc

  I have a Debian based linux server running for a year or so, without any problems. A couple of days ago, ssh interactive mode stopped working for no reason. I mean, I can open an ssh connection just fine, the server greets me with shell but I just can't type anything. However, if I send commands like this: ssh [email protected] cat /var/log/messages, I get the response. I dug through several logs and found one message, which feels remotely relevant to the problem; sh kernel: [10222733.062511] ------------[ cut here ]------------ sh kernel: [10222733.062522] WARNING: at /build/buildd-linux-2.6_2.6.32-39-amd64-7yVIH2/linux-2.6-2.6.32/debian/build/source_amd64_none/drivers/char/tty_ldisc.c:738 tty_ldisc_reinit+0x46/0x7b() sh kernel: [10222733.062526] Hardware name: PowerEdge R210 II sh kernel: [10222733.062528] Modules linked in: ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 ip_tables x_tables sha1_generic arc4 ecb ppp_mppe ppp_async crc_ccitt ppp_generic slhc loop snd_pcm snd_timer snd soundcore snd_page_alloc i2c_i801 i2c_core pcspkr evdev joydev dcdbas container button processor ext3 jbd mbcache sg sd_mod sr_mod crc_t10dif cdrom usb_storage usbhid hid mpt2sas ahci ehci_hcd libata scsi_transport_sas usbcore bnx2 nls_base scsi_mod fan thermal thermal_sys [last unloaded: scsi_wait_scan] sh kernel: [10222733.062568] Pid: 8662, comm: sshd Not tainted 2.6.32-5-amd64 #1 sh kernel: [10222733.062569] Call Trace: sh kernel: [10222733.062572] [<ffffffff811ff056>] ? tty_ldisc_reinit+0x46/0x7b sh kernel: [10222733.062574] [<ffffffff811ff056>] ? tty_ldisc_reinit+0x46/0x7b Is there any way to get back the sshd working in interactive mode? I tried restarting sshd but that is no help. And somehow, I can not reboot the server. Tried sending shutdown -r now and reboot but it refuses to go down. Should I go ahead and request a physical reboot?

  Read the article

• use ssh tunnel with phpmyadmin

  - by JohnMerlino

  I been using ssh tunnel to bypass firewall of remote mysql server. On my Ubuntu 12.04 installation, it works via the terminal and it works when using a program called mysql workbench. However, that program freezes often and I want to try phpmyadmin as an alternative. However, I cannot connect to remote server using ssh tunnel on phpmyadmin, albeit I can connect locally. These are the steps I've tried: 1) Open a tunnel, listening on localhost:3307 and forwarding everything to xxx.xxx.xxx.xxx:3306 (used 3307 because MySQL on my local machine uses the default port 3306): ssh -L 3307:localhost:3306 [email protected] So now I have the port for tunnel open and I have my local mysql installation default port: $ netstat -tln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:3307 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN ... 2) Now I can easily connect to remote server via localhost using the terminal: $ mysql -u user.name -p -h 127.0.0.1 -P 3307 Notice that I expicitly identify 3307 as the port, so traffic forwards to the remote server, and hence it logs me in to the remote server. Unfortunately, the localhost/phpmyadmin local login interface doesn't allow you to specify a port option. So I modify the config-db.php file and change the $dbport variable to 3307, under the impression that the phpmyadmin interface will now work with port 3307: $ sudo vim /etc/phpmyadmin/config-db.php $dbport='3307'; Then I restart the mysql server. Unfortunately, it didn't work. When I use the remote credentials to login, it gives me error: #1045 Cannot log in to the MySQL server

  Read the article

• Mac dev folder missing, SSH not working

  - by SamGoody

  A few days ago, SSH stopped working. When I try logging in a get the following message: PTY allocation request failed on channel 0 stdin: is not a tty fatal: unrecognized command '' Connection to 74.52.61.194 closed. Web searches have shown me that there might be something wrong with /dev/std. But my computer lacks a /dev/ drive. There is an Alias to /dev/ [hidden, but I've revealed hidden files to do this search], but when I try to open it I am told that it cannot find the folder it is aliasing. Now, many a web search tells me that without a dev folder, the computer doesn't work, but it does seem to work, except the SSH. Also, are there any tools that can save my SSH preferences so that I don't have to, each time, type out the username@adrees, password, path all of which are long and complex? Not looking for a Filezilla type client, there are many of those. Looking for a command line like putty, that lets me use bash on the remote client. Am on Macbook Pro, latest version of Tiger.

  Read the article

• Equivalent of scp -l bandwidth_cap for .ssh/config?

  - by Mark Bennett

  Short form: You can limit the bandwidth the scp uses with the -l switch, you pass a number that's in kbits/sec. I'd rather set this in my .ssh/config file for certain names machines. What's the equivalent named setting for -l ? I haven't been able to find it. Followup question: Generally, not sure how to map back and forth between ssh command line options and config names, short of doing Google searches or manually comparing man pages on a case by case basis. Is there a table that directly equates the two? Longer form of first question, with context: I've started using ssh config quite a bit, especially now that I need to go through a proxy and do lots of port mappings. I even define the same machine more than once depending on what type of tunneling I need. However, when uploading a large file, it's difficult to do anything else on my machine. Even though I have more download bandwidth than up, I think that scp saturates the link so even my small requests can't reach the Internet. There's a fix for this, using the -l bandwidth command line switch for scp. scp -l 1000 bigfile.zip titan: I'd like to use this in my config instead, so I'd create an additional named entry called "titan-upload" and I'd use that as the target whenever I upload. So instead of: scp bigfile.zip titan: I'd say: scp bigfile.zip titan-upload Or even set different caps depending on where I am: scp bigfile.zip titan-upload-from-home vs. scp bigfile.zip titan-upload-from-work I'm generally on Mac and Linux.

  Read the article

• SSH does not allow the use of a key with group readable permissions

  - by scjr

  I have a development git server that deploys to a live server when the live branch is pushed to. Every user has their own login and therefore the post-receive hook which does the live deployment is run under their own user. Because I don't want to have to maintain the users public keys as authorized keys on the remote live server I have made up a set of keys that 'belong's to the git system to add to remote live servers (In the post-receive hook I am using $GIT_SSH to set the private key with the -i option). My problem is that because of all the users might want to deploy to live, the git system's private key has to be at least group readable and SSH really doesn't like this. Here's a sample of the error: XXXX@XXXX /srv/git/identity % ssh -i id_rsa XXXXX@XXXXX @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0640 for 'id_rsa' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: id_rsa I've looked around expecting to find something in the way of forcing ssh to just go through with the connection but I've found nothing but people blindly saying that you just shouldn't allow access to anything but a single user.

  Read the article

• Strange IP address showing up with OS X ssh

  - by user50799

  I was futzing around with DTrace on Mac OS X and found the following script that prints out information about connections being established: $ cat script.d syscall::connect:entry { printf("execname: %s\n", execname); printf("pid: %d\n", pid); printf("sockfd: %d\n",arg0); socks = (struct sockaddr*)copyin(arg1, arg2); hport = (uint_t)socks->sa_data[0]; lport = (uint_t)socks->sa_data[1]; hport <<= 8; port = hport + lport; printf("Port number: %d\n", port); printf("IP address: %d.%d.%d.%d\n", socks->sa_data[2], socks->sa_data[3], socks->sa_data[4], socks->sa_data[5]); printf("======\n"); } I run it in one window: $ sudo dtrace -s ./script.d Then I ssh to another machine from another window. I get this output from my dtrace window: CPU ID FUNCTION:NAME 0 18696 connect:entry execname: ssh pid: 5446 sockfd: 3 Port number: 22 IP address: 192.168.0.207 ====== 0 18696 connect:entry execname: ssh pid: 5446 sockfd: 5 Port number: 12148 IP address: 109.112.47.108 ====== ^C The first IP address I can explain (192.168.0.207), that's the machine I'm connecting to. But what's with the 109.112.47.108 machine? It doesn't show up in tcpdump nor netstat -an Is there something with my dtrace code or my understanding of how the connect system call works?

  Read the article

• Cannot ssh into server

  - by revolver

  I am trying to SSH into a linux machine running ubuntu, but the interactive shell stuck somewhere and I can't key in anything. I am on Mac OS X Lion. This only happens when I am trying to access via an external IP. Local LAN SSH is working perfectly. macbook:~ user$ ssh -v -v user@serverip // i skipped the rest of the log, but I can paste it here again if needed. Authenticated to serverip debug1: channel 0: new [client-session] debug2: channel 0: send open debug1: Requesting [email protected] debug1: Entering interactive session. debug2: callback start debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 1 debug1: Sending environment. debug1: Sending env LC_CTYPE = UTF-8 debug2: channel 0: request env confirm 0 debug2: channel 0: request shell confirm 1 debug2: fd 3 setting TCP_NODELAY debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 My terminal shell just hang after this, and I can't key in anything. I checked var/log/auth on the server and saw that the a session is being created and I had already logged in, but I don't see any responses on my client machine. I googled around and a lot of the solution had to do with the Broadcom wireless driver, but I am not even using one, so I am pretty clueless here. To give you more information, the linux machine is also running a web server, and I have no problem accessing the web server. Thanks. Any help is appreciated.

  Read the article

• Anonymizing OpenVPN Allow SSH Access to Internal Server

  - by Lionel

  I'm using an anonymizing VPN, but want SSH access to internal computer. How do I access my internal computer through SSH? When I do ssh 98.123.45.6, the connection times out. IP address from cable provider: 98.123.45.6 Anonymous IP through VPN: 50.1.2.3 Internal computer: 192.168.1.123 When searching around, I found recommendations to either set up iptables rules, routing rules, or to add ListenAddress to sshd_config. Which of these applies to my case? Here is my route: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.115.81.1 10.115.81.9 255.255.255.255 UGH 0 0 0 tun0 10.115.81.9 * 255.255.255.255 UH 0 0 0 tun0 50.1.2.3-sta ddwrt 255.255.255.255 UGH 0 0 0 eth0 192.168.1.0 * 255.255.255.0 U 202 0 0 eth0 169.254.0.0 * 255.255.0.0 U 204 0 0 vboxnet0 loopback * 255.0.0.0 U 0 0 0 lo default 10.115.81.9 128.0.0.0 UG 0 0 0 tun0 128.0.0.0 10.115.81.9 128.0.0.0 UG 0 0 0 tun0 default ddwrt 0.0.0.0 UG 202 0 0 eth0

  Read the article

• Capistrano asks for SSH password when deploying from local machine to server

  - by GhostRider

  When I try to ssh to a server, I'm able to do it as my id_rsa.pub key is added to the authorized keys in the server. Now when I try to deploy my code via Capistrano to the server from my local project folder, the server asks for a password. I'm unable to understand what could be the issue if I'm able to ssh and unable to deploy to the same server. $ cap deploy:setup "no seed data" triggering start callbacks for `deploy:setup' * 13:42:18 == Currently executing `multistage:ensure' *** Defaulting to `development' * 13:42:18 == Currently executing `development' * 13:42:18 == Currently executing `deploy:setup' triggering before callbacks for `deploy:setup' * 13:42:18 == Currently executing `db:configure_mongoid' * executing "mkdir -p /home/deploy/apps/development/flyingbird/shared/config" servers: ["dev1.noob.com", "176.9.24.217"] Password: Cap script: # gem install capistrano capistrano-ext capistrano_colors begin; require 'capistrano_colors'; rescue LoadError; end require "bundler/capistrano" # RVM bootstrap # $:.unshift(File.expand_path('./lib', ENV['rvm_path'])) require 'rvm/capistrano' set :rvm_ruby_string, 'ruby-1.9.2-p290' set :rvm_type, :user # or :user # Application setup default_run_options[:pty] = true # allow pseudo-terminals ssh_options[:forward_agent] = true # forward SSH keys (this will use your SSH key to get the code from git repository) ssh_options[:port] = 22 set :ip, "dev1.noob.com" set :application, "flyingbird" set :repository, "repo-path" set :scm, :git set :branch, fetch(:branch, "master") set :deploy_via, :remote_cache set :rails_env, "production" set :use_sudo, false set :scm_username, "user" set :user, "user1" set(:database_username) { application } set(:production_database) { application + "_production" } set(:staging_database) { application + "_staging" } set(:development_database) { application + "_development" } role :web, ip # Your HTTP server, Apache/etc role :app, ip # This may be the same as your `Web` server role :db, ip, :primary => true # This is where Rails migrations will run # Use multi-staging require "capistrano/ext/multistage" set :stages, ["development", "staging", "production"] set :default_stage, rails_env before "deploy:setup", "db:configure_mongoid" # Uncomment if you use any of these databases after "deploy:update_code", "db:symlink_mongoid" after "deploy:update_code", "uploads:configure_shared" after "uploads:configure_shared", "uploads:symlink" after 'deploy:update_code', 'bundler:symlink_bundled_gems' after 'deploy:update_code', 'bundler:install' after "deploy:update_code", "rvm:trust_rvmrc" # Use this to update crontab if you use 'whenever' gem # after "deploy:symlink", "deploy:update_crontab" if ARGV.include?("seed_data") after "deploy", "db:seed" else p "no seed data" end #Custom tasks to handle resque and redis restart before "deploy", "deploy:stop_workers" after "deploy", "deploy:restart_redis" after "deploy", "deploy:start_workers" after "deploy", "deploy:cleanup" 'Create symlink for public uploads' namespace :uploads do task :symlink do run <<-CMD rm -rf #{release_path}/public/uploads && mkdir -p #{release_path}/public && ln -nfs #{shared_path}/public/uploads #{release_path}/public/uploads CMD end task :configure_shared do run "mkdir -p #{shared_path}/public" run "mkdir -p #{shared_path}/public/uploads" end end namespace :rvm do desc 'Trust rvmrc file' task :trust_rvmrc do run "rvm rvmrc trust #{current_release}" end end namespace :db do desc "Create mongoid.yml in shared path" task :configure_mongoid do db_config = <<-EOF defaults: &defaults host: localhost production: <<: *defaults database: #{production_database} staging: <<: *defaults database: #{staging_database} EOF run "mkdir -p #{shared_path}/config" put db_config, "#{shared_path}/config/mongoid.yml" end desc "Make symlink for mongoid.yml" task :symlink_mongoid do run "ln -nfs #{shared_path}/config/mongoid.yml #{release_path}/config/mongoid.yml" end desc "Fill the database with seed data" task :seed do run "cd #{current_path}; RAILS_ENV=#{default_stage} bundle exec rake db:seed" end end namespace :bundler do desc "Symlink bundled gems on each release" task :symlink_bundled_gems, :roles => :app do run "mkdir -p #{shared_path}/bundled_gems" run "ln -nfs #{shared_path}/bundled_gems #{release_path}/vendor/bundle" end desc "Install bundled gems " task :install, :roles => :app do run "cd #{release_path} && bundle install --deployment" end end namespace :deploy do task :start, :roles => :app do run "touch #{current_path}/tmp/restart.txt" end desc "Restart the app" task :restart, :roles => :app do run "touch #{current_path}/tmp/restart.txt" end desc "Start the workers" task :stop_workers do run "cd #{current_path}; RAILS_ENV=#{default_stage} bundle exec rake resque:stop_workers" end desc "Restart Redis server" task :restart_redis do "/etc/init.d/redis-server restart" end desc "Start the workers" task :start_workers do run "cd #{current_path}; RAILS_ENV=#{default_stage} bundle exec rake resque:start_workers" end end

  Read the article

• How can I audit users and access attempts to SSH on my server?

  - by RadiantHex

  I've had a few security problems with a server of mine, a few SSH users have been setting up fires aka giving problems. I would like to: Track user logins and logouts Track activity of these SSH, in order to discover any malicious activity Prevent users from deleting logs I am not much of a sys admin and I am quite inexperienced in this matter, so any kind of advice would be very welcome and very helpful. :)

  Read the article

• How can I force SSH to give an RSA key instead of ECDSA?

  - by broiyan

  Upon the first time accessing a server, how can I force SSH to give me the RSA key and automatically store it if the user approves? Presently it is offering me the ECDSA key. Because I already know the RSA key, I would prefer to see the RSA key presented at this point. I have tried: ssh -o RSAAuthentication=yes user@server Unfortunately this gives me an ECDSA key and the Are you sure you want to continue connecting (yes/no)? message.

  Read the article

• Operation times out trying to SSH outside LAN i.e. from internet to LAN no connection is established

  - by Pelle L

  I run Ubuntu 12.04 and have no success connecting with SSH from "Internet". The router is a TL-MR3420 which is set up to forward requests to one of the NIC's on ubuntu machine (which has in total 3 NICs). I can SSH from a client on the "local" network/LAN. The forward mechanism in the router seems to work. If I stop SSH service on the Ubuntu machine and instead start one on the windows machine - it works like a charm. I do not use the Std port 22 but that shouldn't be an issue as far as I understand - sine it works on the same port on the win machine. Since my public IS isn't static I use a dynDNS service but as said earlier the same setup works from the win machine. The router is located on 192.168.0.1 The Ubuntu NICs has the following IP: eth2 192.168.0.100 , eth1 192.168.0.101 , eth0 192.168.0.102 and I have forwarded the "outside" request to 192.168.0.100 In regards for firewall settings on the Ubuntu machine I have disabled the ufw and the command ufw status give status: inactive. I don't now it this is relevant information but teh command iptables --list give: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination I have tried to catch traffic with help of wireshark (a tool I'm not too used to use) and it seems as a few (3?) "requests" actually reaches the NIC but ... nothing happens. The syslog does not show any entries during these attempts. Perhaps it could be some routing issues but I have reached my level of competence and are stuck ... all help and support to get this sorted out is much appreciated. I'm new to Linux so please do not assume I have a configuration that is correct - but as I wrote earlier - if the client that initiate SSH is on the LAN it all works. PS:I have also tried to get VPN (PPP) working from Internet with no success - once again VPN works on the windows machine ... so my best guess is that this is related to how the ubuntu machine handles (IP) traffic and not the TL-MR3420 router or other network issues.

  Read the article

• is it possible to ssh into ubuntu server with keys and from another computer using password?

  - by Sandro Dzneladze

  I have ubuntu server at home, and I use SSH keys to log in via terminal from my laptop. Rarely, but mostly from work, I need to access this server, but I dont want to copy keys on my work laptop - Id rather just use plain password for that. So if I enable password log in from ssh config file, it will ask me password on my laptop too even though it contains keys, right? Is there a way to stop this behavior? Thanks.

  Read the article

• AWS Amazon EC2 - password-less SSH login for non-root users using PEM keypairs

  - by Mark White

  We've got a couple of clusters running on AWS (HAProxy/Solr, PGPool/PostgreSQL) and we've setup scripts to allow new slave instances to be auto-included into the clusters by updating their IPs to config files held on S3, then SSHing to the master instance to kick them to download the revised config and restart the service. It's all working nicely, but in testing we're using our master pem for SSH which means it needs to be stored on an instance. Not good. I want a non-root user that can use an AWS keypair who will have sudo access to run the download-config-and-restart scripts, but nothing else. rbash seems to be the way to go, but I understand this can be insecure unless setup correctly. So what security holes are there in this approach: New AWS keypair created for user.pem (not really called 'user') New user on instances: user Public key for user is in ~user/.ssh/authorized_keys (taken by creating new instance with user.pem, and copying it from /root/.ssh/authorized_keys) Private key for user is in ~user/.ssh/user.pem 'user' has login shell of /home/user/bin/rbash ~user/bin/ contains symbolic links to /bin/rbash and /usr/bin/sudo /etc/sudoers has entry "user ALL=(root) NOPASSWD: ~user/.bashrc sets PATH to /home/user/bin/ only ~user/.inputrc has 'set disable-completion on' to prevent double tabbing from 'sudo /' to find paths. ~user/ -R is owned by root with read-only access to user, except for ~user/.ssh which has write access for user (for writing known_hosts), and ~user/bin/* which are +x Inter-instance communication uses 'ssh -o StrictHostKeyChecking=no -i ~user/.ssh/user.pem user@ sudo ' Any thoughts would be welcome. Mark...

  Read the article

< Previous Page | 22 23 24 25 26 27 28 29 30 31 32 33  | Next Page >