Search Results

Search found 4462 results on 179 pages for 'ssh'.

Page 55/179 | < Previous Page | 51 52 53 54 55 56 57 58 59 60 61 62  | Next Page >

  • Cannot SSH to ubuntu server - openssh server owner changed

    - by Kshitiz Shankar
    I am using suPHP with Apache for virtual hosting but somewhere down the line my root ssh access is getting screwed up. I haven't been able to figure out why it is happening but eventually, my root user is not able to ssh to the server. I get this error: *** invalid open call: O_CREAT without mode ***: sshd: root@pts/3 terminated ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f12fe871817] /lib/x86_64-linux-gnu/libc.so.6(+0xeb7e1)[0x7f12fe8527e1] sshd: root@pts/3[0x41a542] sshd: root@pts/3[0x41a9eb] sshd: root@pts/3[0x41aeb8] sshd: root@pts/3[0x409630] sshd: root@pts/3[0x40f9ed] sshd: root@pts/3[0x410dd6] sshd: root@pts/3[0x411994] sshd: root@pts/3[0x411f16] sshd: root@pts/3[0x40b253] sshd: root@pts/3[0x42be24] sshd: root@pts/3[0x40c9cb] sshd: root@pts/3[0x412199] sshd: root@pts/3[0x4061a2] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7f12fe78876d] sshd: root@pts/3[0x407635] ======= Memory map: ======== 00400000-00448000 r-xp 00000000 ca:02 4554758 /usr/sbin/sshd 00647000-00648000 r--p 00047000 ca:02 4554758 /usr/sbin/sshd 00648000-00649000 rw-p 00048000 ca:02 4554758 /usr/sbin/sshd 00649000-00750000 rw-p 00000000 00:00 0 01794000-017b5000 rw-p 00000000 00:00 0 [heap] 7f12fd5ad000-7f12fd5c2000 r-xp 00000000 ca:02 3489844 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f12fd5c2000-7f12fd7c1000 ---p 00015000 ca:02 3489844 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f12fd7c1000-7f12fd7c2000 r--p 00014000 ca:02 3489844 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f12fd7c2000-7f12fd7c3000 rw-p 00015000 ca:02 3489844 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f12fd7c3000-7f12fd7db000 r-xp 00000000 ca:02 3489977 /lib/x86_64-linux-gnu/libresolv-2.15.so 7f12fd7db000-7f12fd9db000 ---p 00018000 ca:02 3489977 /lib/x86_64-linux-gnu/libresolv-2.15.so 7f12fd9db000-7f12fd9dc000 r--p 00018000 ca:02 3489977 /lib/x86_64-linux-gnu/libresolv-2.15.so 7f12fd9dc000-7f12fd9dd000 rw-p 00019000 ca:02 3489977 /lib/x86_64-linux-gnu/libresolv-2.15.so 7f12fd9dd000-7f12fd9df000 rw-p 00000000 00:00 0 7f12fd9df000-7f12fd9e6000 r-xp 00000000 ca:02 3489994 /lib/x86_64-linux-gnu/libnss_dns-2.15.so 7f12fd9e6000-7f12fdbe5000 ---p 00007000 ca:02 3489994 /lib/x86_64-linux-gnu/libnss_dns-2.15.so 7f12fdbe5000-7f12fdbe6000 r--p 00006000 ca:02 3489994 /lib/x86_64-linux-gnu/libnss_dns-2.15.so 7f12fdbe6000-7f12fdbe7000 rw-p 00007000 ca:02 3489994 /lib/x86_64-linux-gnu/libnss_dns-2.15.so 7f12fdbe7000-7f12fdd27000 rw-s 00000000 00:04 6167294 /dev/zero (deleted) 7f12fdd27000-7f12fdd33000 r-xp 00000000 ca:02 3489984 /lib/x86_64-linux-gnu/libnss_files-2.15.so 7f12fdd33000-7f12fdf32000 ---p 0000c000 ca:02 3489984 /lib/x86_64-linux-gnu/libnss_files-2.15.so 7f12fdf32000-7f12fdf33000 r--p 0000b000 ca:02 3489984 /lib/x86_64-linux-gnu/libnss_files-2.15.so 7f12fdf33000-7f12fdf34000 rw-p 0000c000 ca:02 3489984 /lib/x86_64-linux-gnu/libnss_files-2.15.so 7f12fdf34000-7f12fdf3e000 r-xp 00000000 ca:02 3489979 /lib/x86_64-linux-gnu/libnss_nis-2.15.so 7f12fdf3e000-7f12fe13e000 ---p 0000a000 ca:02 3489979 /lib/x86_64-linux-gnu/libnss_nis-2.15.so 7f12fe13e000-7f12fe13f000 r--p 0000a000 ca:02 3489979 /lib/x86_64-linux-gnu/libnss_nis-2.15.so 7f12fe13f000-7f12fe140000 rw-p 0000b000 ca:02 3489979 /lib/x86_64-linux-gnu/libnss_nis-2.15.so 7f12fe140000-7f12fe157000 r-xp 00000000 ca:02 3489996 /lib/x86_64-linux-gnu/libnsl-2.15.so 7f12fe157000-7f12fe356000 ---p 00017000 ca:02 3489996 /lib/x86_64-linux-gnu/libnsl-2.15.so 7f12fe356000-7f12fe357000 r--p 00016000 ca:02 3489996 /lib/x86_64-linux-gnu/libnsl-2.15.so 7f12fe357000-7f12fe358000 rw-p 00017000 ca:02 3489996 /lib/x86_64-linux-gnu/libnsl-2.15.so 7f12fe358000-7f12fe35a000 rw-p 00000000 00:00 0 7f12fe35a000-7f12fe362000 r-xp 00000000 ca:02 3489985 /lib/x86_64-linux-gnu/libnss_compat-2.15.so 7f12fe362000-7f12fe561000 ---p 00008000 ca:02 3489985 /lib/x86_64-linux-gnu/libnss_compat-2.15.so 7f12fe561000-7f12fe562000 r--p 00007000 ca:02 3489985 /lib/x86_64-linux-gnu/libnss_compat-2.15.so 7f12fe562000-7f12fe563000 rw-p 00008000 ca:02 3489985 /lib/x86_64-linux-gnu/libnss_compat-2.15.so 7f12fe563000-7f12fe565000 r-xp 00000000 ca:02 3489886 /lib/x86_64-linux-gnu/libdl-2.15.so 7f12fe565000-7f12fe765000 ---p 00002000 ca:02 3489886 /lib/x86_64-linux-gnu/libdl-2.15.so 7f12fe765000-7f12fe766000 r--p 00002000 ca:02 3489886 /lib/x86_64-linux-gnu/libdl-2.15.so 7f12fe766000-7f12fe767000 rw-p 00003000 ca:02 3489886 /lib/x86_64-linux-gnu/libdl-2.15.so 7f12fe767000-7f12fe91c000 r-xp 00000000 ca:02 3489888 /lib/x86_64-linux-gnu/libc-2.15.so 7f12fe91c000-7f12feb1b000 ---p 001b5000 ca:02 3489888 /lib/x86_64-linux-gnu/libc-2.15.so 7f12feb1b000-7f12feb1f000 r--p 001b4000 ca:02 3489888 /lib/x86_64-linux-gnu/libc-2.15.so 7f12feb1f000-7f12feb21000 rw-p 001b8000 ca:02 3489888 /lib/x86_64-linux-gnu/libc-2.15.so 7f12feb21000-7f12feb26000 rw-p 00000000 00:00 0 7f12feb26000-7f12feb2f000 r-xp 00000000 ca:02 3489983 /lib/x86_64-linux-gnu/libcrypt-2.15.so 7f12feb2f000-7f12fed2f000 ---p 00009000 ca:02 3489983 /lib/x86_64-linux-gnu/libcrypt-2.15.so 7f12fed2f000-7f12fed30000 r--p 00009000 ca:02 3489983 /lib/x86_64-linux-gnu/libcrypt-2.15.so 7f12fed30000-7f12fed31000 rw-p 0000a000 ca:02 3489983 /lib/x86_64-linux-gnu/libcrypt-2.15.so 7f12fed31000-7f12fed5f000 rw-p 00000000 00:00 0 7f12fed5f000-7f12fef10000 r-xp 00000000 ca:02 3489831 /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 7f12fef10000-7f12ff110000 ---p 001b1000 ca:02 3489831 /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 7f12ff110000-7f12ff12b000 r--p 001b1000 ca:02 3489831 /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 7f12ff12b000-7f12ff136000 rw-p 001cc000 ca:02 3489831 /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 7f12ff136000-7f12ff13a000 rw-p 00000000 00:00 0 7f12ff13a000-7f12ff150000 r-xp 00000000 ca:02 3490020 /lib/x86_64-linux-gnu/libz.so.1.2.3.4 7f12ff150000-7f12ff34f000 ---p 00016000 ca:02 3490020 /lib/x86_64-linux-gnu/libz.so.1.2.3.4 7f12ff34f000-7f12ff350000 r--p 00015000 ca:02 3490020 /lib/x86_64-linux-gnu/libz.so.1.2.3.4Connection to stageserver.dockphp.com closed. After some debugging, I was able to narrow it down to a few things. For some reason the sshd daemon is running as root:www-data (apache user) instead of root. My ftp connection works but ssh over terminal fails. I have no idea whether it is getting caused due to suPHP or not (because that is the only place where user permission's etc. change). I really need to narrow it down and fix it asap. Thanks a lot!

    Read the article

  • Connecting git to github on windows 7 without bash

    - by George Mauer
    I'm setting up git on my new Windows 7 machine and I'm hitting a roadblock when it comes to getting github to acknowledge my ssh key. I am doing things a little different from the standard script in that I would rather not use cygwin and prefer to use my powershell prompt. The following is what I did: I installed msysgit (portable). I went to C:\program files\git\bin and used ssh-keygen to generate a public/private ssh keypair which I put in c:\Temp I then created a directory named .ssh\ in c:\Users\myusername\ (on windows 7) I moved both the files generated by the ssh-keygen (id_rsa and id_rsa.pub) into the .ssh directory I went to my account on github, created a new public key, copy-pasted the contents of id_rsa.pub into it and saved I now go to my powershell prompt, set-alias git 'C:\program files\git\bin\git.exe' I try to now do a clone [email protected]:togakangaroo/ps-profile.git which rejects my authentication: Permission denied (publickey). fatal: The remote end hung up unexpectedly Past experience says that this means git is not recognizing my key. What steps am I missing? I have a feeling that I need to somehow configure git so that it knows where my ssh keys are (though it would seem it should look there automatically) but I don't know how to do that. Another possible clue is that when I try to run git config --global user.name "George Mauer" I get an error fatal: $HOME not set I did however set up a HOME environment user variable with the value %HOMEDRIVE%%HOMEPATH%

    Read the article

  • ssh_exchange_identification: Connection closed by remote host under Git bash

    - by MoreFreeze
    I work at win7 and set up git server with sshd. I git --bare init myapp.git, and clone ssh://git@localhost/home/git/myapp.git in Cywgin correctly. But I need config git of Cygwin again, I want to git clone in Git Bash. I run "git clone ssh://git@localhost/home/git/myapp.git" and get following message ssh_exchange_identification: Connection closed by remote host then I run "ssh -vvv git@localhost" in Git Bash and get message debug2: ssh_connect: needpriv 0 debug1: Connecting to localhost [127.0.0.1] port 22. debug1: Connection established. debug1: identity file /c/Users/MoreFreeze/.ssh/identity type -1 debug3: Not a RSA1 key file /c/Users/MoreFreeze/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace // above it repeats 24 times debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /c/Users/MoreFreeze/.ssh/id_rsa type 1 debug1: identity file /c/Users/MoreFreeze/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host it seems my private keys has wrong format? And I find that there are exactly 25 line in private keys without "BEGIN" and "END". I'm confused why it said NOT RSA1 key, I totally ensure it is RSA 2 key. Any advises are welcome. btw, I have read first 3 pages on google about this problem.

    Read the article

  • How To SSH Hop With Key Forwarding from Windows

    - by Aviad
    Do you have the need to work with SSH keys from Windows and you find that this becomes a hassle very quickly? HTG goes into how to make the process as transparent as possible, using The PuTTY package suite. Image by kaneda99. HTG Explains: Does Your Android Phone Need an Antivirus? How To Use USB Drives With the Nexus 7 and Other Android Devices Why Does 64-Bit Windows Need a Separate “Program Files (x86)” Folder?

    Read the article

  • remote control android, a reverse ssh tunnel

    <b>Handle With Linux:</b> "Reasons for using a reverse shell include: you can bypass firewalls, you can connect to your phone without knowing the ip, the connection is initiated from the phone so you don't need to have a ssh server listening on your phone. Just think of all the fun this makes possible!"

    Read the article

  • Remote Debian System Preventing Logon

    - by choobablue
    I have a dozen or so single board computers on a network running Debian (squeeze) and access them via ssh (ssh server is dropbear). To give an idea of the hardware of these computers they're 1.2 GHz x86 processors, 1GB of RAM and 4GB flash drives formatted as ext2 (I avoided ext3 to prevent the added flash write stress from journaling), there is also a swap partition on the drive. Normally the setup I'm using works great and I can access all the computers. Every once in a while one will prevent access. What happens is I try to connect via ssh (putty) and it gives me the login prompt, I enter the username and password and it responds 'Access Denied' and it will also refuse any public key in ~/.ssh/authorized_keys. The credentials are correct as they worked previously. The computer responds to pings and putty recognizes the server public key, which implies to me the system is still running. Restarting the server fixes the problem and I can log in again. (I tried a temporary fix of putting shutdown -r now in the root crontab but this doesn't seem to reliably be run once the hang happens) Once I restart however there doesn't seem to be any information in any of the system logs to indicate what happened, the logs are simply empty for that time period, as if the system had crashed. There is some custom software running on the system which appears to stop working (which is why I wanted to ssh to begin with). I'm assuming that this program is the source of the problems but I'm unsure of how it would cause it and how to debug what is happening. The most likely explanation I can think of is that there is a memory leak in the other program that then prevents dropbear from spawning a new login shell (and crontab from executing shutdown) as there is not enough free memory. But looking at memory usage of the other (working) computers there doesn't seem to be any meaningful increase in memory to indicate a leak (unless it's a very big, fast acting and rare leak). I would think that when the OS ran out of memory it would restart the system or kill processes (the Linux kernel restarts right?). The other thing I wonder about is if the fact that they are running off a flash drive could have some effect, especially the swap partition (which I think I should remove to prevent wear of the flash), but the flash drives are young (~1 month) and I don't think that wear would be a factor yet. Does anybody have an idea of what could cause these symptoms, if it could be done by a memory leak, or something else I haven't thought of. And does anybody know of a method to try to debug the problem and find out more information about what's going wrong?

    Read the article

  • Debian: Adding new user?

    - by Marco
    How can I create a new user then SSH into the server under that user? I ran: useradd marco -d /home/marco -p WuUfhRdt4B Then I added to /etc/ssh/sshd_config: AllowUsers root marco Then restarted ssh: /etc/init.d/ssh restart I can't login. What did I miss? ** Running Debian.

    Read the article

  • Remote Scripted Installation of Sun/Oracle JRE

    - by chrisbunney
    I'm attempting to automate the installation of a Debian server (debian 6.0 squeeze 64bit). Part of the installation requires the Sun JRE package to be installed. This package has a licence agreement, which has to be accepted. I have a script which uses the following lines to accept and install the JRE: echo "sun-java6-bin shared/accepted-sun-dlj-v1-1 boolean true" | debconf-set-selections apt-get install -y sun-java6-jre This works fine when executing the script locally. However, I need to execute the script remotely using the ssh command, e.g.: ssh -i keyFile root@hostname './myScript' This doesn't work. In particular, it fails on apt-get install -y sun-java6-jre. It would seem that in spite of me setting the licence agreement to accepted, when run remotely in this manner it is ignored. Despite setting the value to true, I still get prompted to manually accept the agreement when I run this command: ssh -i keyFile root@hostname 'apt-get install -y sun-java6-jre' I suspect it is something to do with environment that is taken care of when running a proper terminal session, but have no idea what to try next to fix it. So, what do I have to do to get this command (and hence my deployment script) to run correctly when executing it remotely? Or is there an alternative way that allows me to install the JRE remotely by another means? Edit 0: I have compared the output of env when executed remotely via ssh and when executed via a local terminal session. The only difference between the outputs is that the local terminal session has the additional value TERM=xterm.

    Read the article

  • Enable PasswordAuthentication on OpenSuse 10

    - by Riduidel
    Hi, I've a virtual instance of Suse 10 running in my VMWare player, and I'm fighting against it to allow ssh password authentcation. How can I make it working since I already have tuned the /etc/ssh/ssh_config file like that # $OpenBSD: ssh_config,v 1.20 2005/01/28 09:45:53 dtucker Exp $ Host * # ForwardAgent no ForwardX11 yes ForwardX11Trusted yes PubkeyAuthentication no RhostsRSAAuthentication no RSAAuthentication no PasswordAuthentication yes HostbasedAuthentication no Protocol 2 SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT SendEnv LC_IDENTIFICATION LC_ALL With ssh connection sending me the following logs Incoming packet #0x5, type 51 / 0x33 (SSH2_MSG_USERAUTH_FAILURE) 00000000 00 00 00 1e 70 75 62 6c 69 63 6b 65 79 2c 6b 65 ....publickey,ke 00000010 79 62 6f 61 72 64 2d 69 6e 74 65 72 61 63 74 69 yboard-interacti 00000020 76 65 00 ve. Outgoing packet #0x6, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST) 00000000 00 00 00 04 72 6f 6f 74 00 00 00 0e 73 73 68 2d ....root....ssh- 00000010 63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 14 6b 65 connection....ke 00000020 79 62 6f 61 72 64 2d 69 6e 74 65 72 61 63 74 69 yboard-interacti 00000030 76 65 00 00 00 00 00 00 00 00 ve........ Telling me that it expects publickey and keyboard-interactive authentications, which I don't want to use.

    Read the article

  • chef clients behind firewall

    - by tec
    I am currently learning about chef. What I understood so far: I have to install chef-server on an own server or use the hosted chef. I have to install chef-client on the servers that I want to manage aka nodes (manually or using knife bootstrap). I installed several chef tools on my own PC that I can use to manage the nodes, e.g. knife. Now in my case the specialty is that the nodes are behind a firewall/load balancer/proxy. The nodes can access servers on the outside via NAT (http works and I can configure chef-specific hosts to work as well). However they can only be contacted from the outside via a ssh tunnel. There is really much documentation about chef available but I did not find an answer to these questions: When using knife, is it enough when I set up a ssh tunnel manually on my own PC or does the chef server need to contact the nodes? When using knife, can I configure it to setup a ssh tunnel automatically? When using the chef server web ui can I configure it to connect to the nodes via ssh tunnel or do I need a setup where I setup the tunnel myself e.g. using monit? Is this even possible with hosted chef? Instead of using knife or the web ui: Can I issue the same management commands directly on the nodes using chef-client? What solution would you recommend? Thanks a lot for taking your time to help and answering one or more of these related questions

    Read the article

  • Joining an Ubuntu 14.04 machine to active directory with realm and sssd

    - by tubaguy50035
    I've tried following this guide to set up realmd and sssd with active directory: http://funwithlinux.net/2014/04/join-ubuntu-14-04-to-active-directory-domain-using-realmd/ When I run the command realm –verbose join domain.company.com –user-principal=c-u14-dev1/[email protected] –unattended everything seems to connect. My sssd.conf looks like the following: [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 [sssd] domains = DOMAIN.COMPANY.COM config_file_version = 2 services = nss, pam [domain/DOMAIN.COMPANY.COM] ad_domain = DOMAIN.COMPANY.COM krb5_realm = DOMAIN.COMPANY.COM realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = True fallback_homedir = /home/%d/%u access_provider = ad My /etc/pam.d/common-auth looks like this: auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000 auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass auth [success=1 default=ignore] pam_sss.so use_first_pass # here's the fallback if no module succeeds auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around auth required pam_permit.so # and here are more per-package modules (the "Additional" block) auth optional pam_cap.so However, when I try to SSH into the machine with my active directory user, I see the following in auth.log: Aug 21 10:35:59 c-u14-dev1 sshd[11285]: Invalid user nwalke from myip Aug 21 10:35:59 c-u14-dev1 sshd[11285]: input_userauth_request: invalid user nwalke [preauth] Aug 21 10:36:10 c-u14-dev1 sshd[11285]: pam_krb5(sshd:auth): authentication failure; logname=nwalke uid=0 euid=0 tty=ssh ruser= rhost=myiphostname Aug 21 10:36:10 c-u14-dev1 sshd[11285]: pam_unix(sshd:auth): check pass; user unknown Aug 21 10:36:10 c-u14-dev1 sshd[11285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=myiphostname Aug 21 10:36:10 c-u14-dev1 sshd[11285]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=myiphostname user=nwalke Aug 21 10:36:10 c-u14-dev1 sshd[11285]: pam_sss(sshd:auth): received for user nwalke: 10 (User not known to the underlying authentication module) Aug 21 10:36:12 c-u14-dev1 sshd[11285]: Failed password for invalid user nwalke from myip port 34455 ssh2 What do I need to do to allow active directory users the ability to log in?

    Read the article

  • Kerberos & localhost

    - by Alex Leach
    I've got a Kerberos v5 server set up on a Linux machine, and it's working very well when connecting to other hosts (using samba, ldap or ssh), for which there are principals in my kerberos database. Can I use kerberos to authenticate against localhost though? And if I can, are there reasons why I shouldn't? I haven't made a kerberos principal for localhost. I don't think I should; instead I think the principal should resolve to the machine's full hostname. Is that possible? I'd ideally like a way to configure this on just one server (whether kerberos, DNS, or ssh), but if each machine needs some custom configuration, that'd work too. e.g $ ssh -v localhost ... debug1: Unspecified GSS failure. Minor code may provide more information Server host/[email protected] not found in Kerberos database ... EDIT: So I had a bad /etc/hosts file. If I remember correctly, the original version I got with Ubuntu had two 127.0. IP addresses, something like:- 127.0.0.1 localhost 127.0.*1*.1 hostname For no good reason, I'd changed mine a long time ago to: 127.0.0.1 localhost 127.0.*0*.1 hostname.example.com hostname This seemed to work fine with everything until I tried out ssh with kerberos (a recent endeavour). Somehow this configuration led to sshd resolving the machine's kerberos principal to "host/localhost@\n", which I suppose makes sense if it uses /etc/hosts for forward and reverse dns lookups in preference to external dns. So I commented out the latter line, and sshd magically started authenticating with gssapi-with-mic. Awesome. (Then I investigated localhost and asked the question)

    Read the article

  • rhel configure: limit root direct login to systems except through system consoles

    - by zhaojing
    I have to configure to limit root direct access except system consoles. That is, the ways of telnet, ftp, SSH are all prohibited. Root can only login through console. I understand that will require me to configure the file /etc/securetty. I have to comment all the tty, just keep "console" in /etc/securetty. But from google, I found many peoples said that configure /etc/securetty will not limit the way of SSH login. From my experiment, I found it is. (configure /etc/securetty won't limit SSH login). And I add one line in /etc/pam.d/system-auth: auth required pam_securetty It seems root SSH login can be prohibited. But I can't find the reason: What is the difference of configure pam_securetty and /etc/securetty? Can anyone help me with this? Only configure /etc/securetty could work? Or Have I to configure pam_securetty at the same time? Thanks a lot!

    Read the article

  • Using Windows as a gateway to the internet

    - by James Wright
    My customer currently blocks outbound RDP and SSH, which means that none of their employees can get access to external Windows and Linux boxes (at the console level). However, a need has recently arisen to give access to an assortment of RDP and SSH endpoints scattered throughout the internet. The endpoint IP addresses are a moving target, and an access list exists to define what those IP addresses are. So now my customer wants to have a single Windows Server that they control as the sole outbound point for RDP/SSH to the internet. Consider it a jump box to the internet. If one of our admins have an access to this Windows box then they can log on, and from there bounce around to RDP/SSH endpoints on the internet. Is a standard Windows 2008 box going to work as a jump box? For example, I seem to recall that Win2k8 limits the number of users that can log on simultaneously, which means that the jump box may not be accessible if lots of users are on it. Advice as to how to make this work..?

    Read the article

  • Autossh startup on Ubuntu 10.04 - fails after powering off

    - by grant
    I'm using upstart to keep a reverse ssh tunnel alive using auto ssh similar to Using Upstart to Manage AutoSSH Reverse Tunnel. This works fine, except after a manual power down I can no longer connect to the machine through the "central server" using the tunnel. I receive "ssh_exchange_identification: Connection closed by remote host". The autossh process is running on the client. I can connect again after re-starting networking. I'm trying to figure out why this is failing consistently after a manual shutdown. Is it possible that I need to do some cleanup on startup that would allow the tunnel to work in this situation, or are there some other debugging/troubleshooting steps I can take to determine the problem? Machine A is the client machine, using autossh. This machine sits behind a firewall and uses the following command in upstart to create an ssh tunnel: /usr/bin/autossh -fN -i /keyfile -o StrictHostKeyChecking=no -R 20098:localhost:22 user@centralserver Machine B we'll call the "central server", which sits in the cloud and is the host. This machine is "centralserver" in the command above. When Machine A is hard powered off, and back on, I cannot connect to it by SSH'ing from my machine (C) to Machine B in the cloud, then using the following command to get to Machine A: ssh -p 2098 user@localhost Again, after a reboot of the client (A), this works fine. It is only after a hard power down that the problem occurs. There are autossh processes that are running on the client machine (A) after powering down and back up, but they just don't seem to doing their job.

    Read the article

  • Rsync root files between systems without specifying password

    - by xpt
    This seems very tricky to me. I've set up my two systems so that I can rsync files between them as me, without specifying password. Now the the problem is to rsync files that belong to root. On both of my systems, there are no root passwords. The only way to become root is via sudo. So I can neither give a password for sudo rsyn local root@remote:, no use my ssh-agent to supply pass phrase. I don't want to set up a root password on any systems; and I do need the files to be owned by root on both systems. EDIT: Using the files that belong to root is just an example, I need a way for my unprivileged account to read/write system (including root-owned) files easily. One example is to copy my configured /root environment into the freshly-installed system. The two systems are actually two VMs under a single host, so it's not a big concern for me to copy root-owned files between them. EDIT 2: If I only want to copy my configured /root environment into the freshly-installed system, I can use tar: sudo tar cvzf - /root | ssh me@remote sudo tar xvzf - -C / But I do need rsync to update from time to time. Any easy way to make it happen? EDIT 3: Formally formulate the question Alright, it all began with the question, how to rsync files that belong to root between two systems as a normal unprivileged user, without specifying password, under the condition that, The root account is locked on both of systems. I.e., there are no root passwords. The only way to become root is via sudo (recommended security practice, see http://help.ubuntu.com/community/RootSudo) I don't want a completely passwordless sudo but don’t want to be typing passwords all the time either. The normal unprivileged user has entered their ssh pass phrase into the ssh agent. Thanks

    Read the article

  • X11 from ssh on Mac OSX to Linux server doesn't work --- Gtk-WARNING **: cannot open display

    - by Cal
    Hello, I installed a program wireshark on my remote linux box and I'm trying to run it with X11 from my mac computer using SSH. Here's my terminal... macosx$ echo $DISPLAY /tmp/launch-f4w6k6/:0 macosx$ ssh -X [email protected] [email protected]'s password: remoteubuntu:~# echo $DISPLAY remoteubuntu:~# wireshark (wireshark:18927): Gtk-WARNING **: cannot open display: Here's a few lines from /etc/ssh/sshd_config X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no Thanks for the help!

    Read the article

  • Vagrant ssh fails with VirtualBox

    - by lukewm
    vagrant up fails when it gets to the ssh part: myterminal$ vagrant up [default] VM already created. Booting if its not already running... [default] Running any VM customizations... [default] Clearing any previously set forwarded ports... [default] Forwarding ports... [default] -- ssh: 22 => 2222 (adapter 1) [default] -- db2: 30003 => 30003 (adapter 1) [default] Cleaning previously set shared folders... [default] Creating shared folders metadata... [default] Booting VM... [default] Waiting for VM to boot. This can take a few minutes. [default] Failed to connect to VM! Failed to connect to VM via SSH. Please verify the VM successfully booted by looking at the VirtualBox GUI. Then when I subsequently try and connect using vagrant ssh or vagrant reload or similar, I get this: myterminal$ vagrant reload [default] Attempting graceful shutdown of linux... SSH connection was refused! This usually happens if the VM failed to boot properly. Some steps to try to fix this: First, try reloading your VM with `vagrant reload`, since a simple restart sometimes fixes things. If that doesn't work, destroy your VM and recreate it with a `vagrant destroy` followed by a `vagrant up`. If that doesn't work, contact a Vagrant maintainer (support channels listed on the website) for more assistance. Please help! I'm really stumped. Kind regards, Luke

    Read the article

  • Ericsson W35 ssh administration

    - by jblaster
    I picked up a Ericsson W35 at a pawn shop the other day and when I login to the administration section at 192.168.1.1 I get an error message about connecting to the database. It apparently supports ssh administration and I get a password prompt when attempting to ssh [email protected] but no passwords I try work and theres no documentation for it. Has anyone had success with ssh on the Ericsson W35 and is this issue fixable? Thanks.

    Read the article

  • SSH broken after hostname change on EC2-hosted Ubuntu

    - by dimadima
    I changed my instance's hostname using the hostname utility and then set it in /etc/hostname so that the new name survives reboot. My main motivation was for differentiating between instances at the prompt using the \h format in PS1. EDIT I also changed permissions on my home directory. I made my home directory group writeable. END EDIT Now I can no longer SSH into the machine. The short of it is the error Permission denied (publickey). Running ssh -v, the more verbose output is: debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/dmitry/.ssh/id_rsa debug1: Authentications that can continue: publickey debug1: Trying private key: /Users/dmitry/.ssh/ec2key.pem debug1: read PEM private key done: type RSA debug1: Authentications that can continue: publickey debug1: No more authentication methods to try. Permission denied (publickey). Should I have done something after changing the hostname? Now I can't get into the instance! :(

    Read the article

  • Telnet or SSH to Embedded Linux based NAS?

    - by ef2011
    Do you happen to know whether it is possible to telnet or SSH to LG N1A1DD1 NAS? It seems to have lots of features that I don't need (including FTP) but I couldn't find any mention of the ability to telnet or SSH to it. If telneting or SSH-ing to it isn't possible, do you know whether it is possible to configure via its web interface a script that can periodically back it up via its USB port? (while still functioning as NAS, of course)

    Read the article

  • how to escape the ' in ssh?

    - by Dean Hiller
    I need to escape the ' in this command for ssh exec grep IPADDR /etc/sysconfig/network-scripts/ifcfg-eth0 |awk -F= '{print $2}' How do I escape that? I currentl y have this which does not work ssh host 'grep IPADDR /etc/sysconfig/network-scripts/ifcfg-eth0 |awk -F= '{print $2}'' nor does this ssh host 'grep IPADDR /etc/sysconfig/network-scripts/ifcfg-eth0 |awk -F= \'{print $2}\'' thanks, Dean

    Read the article

  • How to setup heartbeat for IP fail over on SSH failure

    - by Tony
    I wonder if anyone can help me, I am trying to setup heartbeat on a redhat 5 to failover an IP address when ssh stops responding on a server. So basically you ssh to a VIP and then get put through which ever server has the floating ip. 192.168.0.100 | | /------------------------\ | /------------------------\ | Server 01 | | | Server 02 | | eth0 - 192.168.0.1 |-----/ | eth0 - 192.168.0.2 | | eth0:0 - 192.168.0.100 | | eth0:0 - down | \------------------------/ \------------------------/ if ssh stops responding i want eth0:0 to be brought up on the second machine to allow ssh connections to carry on being served. I have tried to follow some documents I have found online so here is my current configuration: ha.cf bcast eth0 keepalive 2 warntime 10 deadtime 30 initdead 120 udpport 694 auto_failback off node vm-bal01 node vm-bal02 debugfile /var/log/ha-debug logfile /var/log/ha-log authkeys auth 1 1 sha1 sshhhsecret1234 haresources server01 192.168.0.100/24/eth0:0/192.168.0.255 Hope someone can help as this is driving me nuts...

    Read the article

  • Problem opening XWindows programs with xming and SSH Secure Shell

    - by Brian
    I've installed SSH Secure Shell and xming on my laptop running Windows 7 (64-bit). I'm having trouble starting X Windows applications from the SSH console. I've been able to do it in the past. I've pretty much determined that it's not a server issue because I've tried it on two different servers (both servers are running RHEL 5). Running "echo $DISPLAY" on either server gave me "localhost:10.0". My XLaunch configuration settings are: Multiple Windows, 10 (display number), and Start no client. Once xming has launched, I'll try to execute something like "firefox" and I get this back: The application 'firefox' lost its connection to the display localhost:10.0; most likely the X server was shut down or you killed/destroyed the application. I've already checked to make sure that the X server is running and it is: root 12579 2689 0 Feb14 tty7 00:04:23 /usr/bin/Xorg :0 -br -audit 0 -auth /var/gdm/:0.Xauth -nolisten tcp vt7 Additionally, X11 Tunneling has been enabled in SSH as well as SSH 2 connections.

    Read the article

  • Securing a persistent reverse SSH connection for management

    - by bVector
    I am deploying demo Ubuntu 10.04 LTS servers in environments I do not control and would like to have an easy and secure way to administer these machines without having to have the destination firewall forward port 22 for SSH access. I've found a few guides to do this with reverse port (e.g. howtoforge reverse ssh tunneling guide) but I'm concerned with security of the stored ssh credentials required for the tunnel to be opened automatically. If the machine is compromised (primary concern is physical access to the machine is out of my control) how can I stop someone from using the stored credentials to poke around in the reverse ssh tunnel target machine? Is it possible to secure this setup, or would you suggest an alternate method?

    Read the article

< Previous Page | 51 52 53 54 55 56 57 58 59 60 61 62  | Next Page >