Search Results

Search found 4462 results on 179 pages for 'ssh'.

Page 75/179 | < Previous Page | 71 72 73 74 75 76 77 78 79 80 81 82 | Next Page >

SFTP, ChrootDirectory and multiple users

- by mdo

I need a setup where I can put the contents of several user folders to a DMZ server from where external clients can download it, protocol SFTP, Linux, OpenSSH. To ease administration we want to use one single user for the upload. What does work is to define ChrootDirectory /home/sftp/ in sshd_config, set the according ownership and modes and define a home dir in passwd so that the working directory of the user fits. This is my structure: /home/sftp/uploader/user1/file1.txt /user2/file2.txt The uploader user can write file1.txt and file2.txt to the corresponding folders and by having the user folders (user1, user2) set to the users' primary group + setting SETGUID on the folders the users are able to even delete the files (which is necessary). Only problem: because /home/sftp/ is the chroot base dir the users can change updir and see other users' folders, though not being able to change into because of access rights. Requirement: We want to prevent users to change to /home/sftp/uploader/ and see other users' folders. My requirements are to use SFTP, have one upload user and every user must have write access to his home dir. Obviously it's not an option to use something like ChrootDirectory %h because every path component of the chroot path needs to have limited access rights, so as far as I understand this does not work.

Read the article
Is it worth the effort to block failed login attempts

- by dunxd

Is it worthwhile running fail2ban, sshdfilter or similar tools, which blacklist IP addresses which attempt and fail to login? I've seen it argued that this is security theatre on a "properly secured" server. However, I feel that it probably makes script kiddies move on to the next server in their list. Let's say that my server is "properly secured" and I am not worried that a brute force attack will actually succeed - are these tools simply keeping my logfiles clean, or am I getting any worthwhile benefit in blocking brute force attack attempts?

Read the article
LdapErr: DSID-0C0903AA, data 52e: authenticating against AD '08 with pam_ldap

- by Stefan M

I have full admin access to the AD '08 server I'm trying to authenticate towards. The error code means invalid credentials, but I wish this was as simple as me typing in the wrong password. First of all, I have a working Apache mod_ldap configuration against the same domain. AuthType basic AuthName "MYDOMAIN" AuthBasicProvider ldap AuthLDAPUrl "ldap://10.220.100.10/OU=Companies,MYCOMPANY,DC=southit,DC=inet?sAMAccountName?sub?(objectClass=user)" AuthLDAPBindDN svc_webaccess_auth AuthLDAPBindPassword mySvcWebAccessPassword Require ldap-group CN=Service_WebAccess,OU=Groups,OU=MYCOMPANY,DC=southit,DC=inet I'm showing this because it works without the use of any Kerberos, as so many other guides out there recommend for system authentication to AD. Now I want to translate this into pam_ldap.conf for use with OpenSSH. The /etc/pam.d/common-auth part is simple. auth sufficient pam_ldap.so debug This line is processed before any other. I believe the real issue is configuring pam_ldap.conf. host 10.220.100.10 base OU=Companies,MYCOMPANY,DC=southit,DC=inet ldap_version 3 binddn svc_webaccess_auth bindpw mySvcWebAccessPassword scope sub timelimit 30 pam_filter objectclass=User nss_map_attribute uid sAMAccountName pam_login_attribute sAMAccountName pam_password ad Now I've been monitoring ldap traffic on the AD host using wireshark. I've captured a successful session from Apache's mod_ldap and compared it to a failed session from pam_ldap. The first bindrequest is a success using the svc_webaccess_auth account, the searchrequest is a success and returns a result of 1. The last bindrequest using my user is a failure and returns the above error code. Everything looks identical except for this one line in the filter for the searchrequest, here showing mod_ldap. Filter: (&(objectClass=user)(sAMAccountName=ivasta)) The second one is pam_ldap. Filter: (&(&(objectclass=User)(objectclass=User))(sAMAccountName=ivasta)) My user is named ivasta. However, the searchrequest does not return failure, it does return 1 result. I've also tried this with ldapsearch on the cli. It's the bindrequest that follows the searchrequest that fails with the above error code 52e. Here is the failure message of the final bindrequest. resultcode: invalidcredentials (49) 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772 This should mean invalid password but I've tried with other users and with very simple passwords. Does anyone recognize this from their own struggles with pam_ldap and AD? Edit: Worth noting is that I've also tried pam_password crypt, and pam_filter sAMAccountName=User because this worked when using ldapsearch. ldapsearch -LLL -h 10.220.100.10 -x -b "ou=Users,ou=mycompany,dc=southit,dc=inet" -v -s sub -D svc_webaccess_auth -W '(sAMAccountName=ivasta)' This works using the svc_webaccess_auth account password. This account has scan access to that OU for use with apache's mod_ldap.

Read the article
How can I copy the output from a remote command into the local clipboard?

- by cwd

I use iTerm2 as my terminal client in Mac OS X. On the local system I can use pbcopy and pbpaste to transfer data between the system clipboard and the terminal, but of course this doesn't work when you're ssh'ed to another machine. Is there some way which I can take the result of a command and copy it to the clipboard automatically? Perhaps an applescript to grab the text on the iTerm windows, then get the next to last line? For instance, if I wanted to copy the current working directory: I run pwd, then use the mouse to select the text, and then press command + c. Is there any better / faster / automatic way of doing this? I'm not looking for a bulletproof solution that would work for every command (eg: might not work when there is a huge scrollback) - I'm just looking for something to make this task that I do quite often a little less tedious. Update I'm looking into using screen to do this, but I'm still not sure if it is possible.

Read the article
scp to remote servers stalls, unable to isolate cause

- by Rolf

When I copy a large file (100+mb) to a remote server using scp it slows down from 2.7 mb/s to 100 kb/s and downward and then stalls. The problem is that I can't seem to isolate the problem. I've tried 2 different remote servers, using 2 local machines (1 osx, 1 windows/cygwin), using 2 different networks/isps and 2 different scp clients. All combinations give the problem except when I copy between the two remote servers (scp). Using wireshark I could not detect any traffic volume that would congest the network (although about 7 packets/sec with NBNS requests from the osx machine). What in the world could be going on? Given the combinations I've used there doesn't seem to be any overlap in the thing that could be causing the trouble.

Read the article
Leave bash script running on remote terminal while not logged in?

- by mechko

I have a bash script that takes several hours to run. While it's running, I would like to do other things, which may involve logging out or disconnecting from the internet (my script runs network tests on various computers). I understand that there is a command that would allow me to run my tests from a remote terminal and logout of the terminal while it runs. Does anyone know what this command is? Thanks

Read the article
Testing performance from around the world - how do I get a linux shell easily in multiple countries?

- by Matthew O'Riordan

We are building a socket based service where latency is paramount, and as such we have servers distributed into 7 data centres around the world. However, whilst we know we're bringing the servers closer to the clients, it's very difficult to know how effective this is, and importantly, what difference this makes compared to our competitors. As such, we want to run simple scripts that test latency and throughput for both our service and our competitors, which is easy enough using Amazon, however Amazon only have 7 data centres. We would like to know for example how we perform in locations all over the world such as South Africa, Australia, China, Peru etc. Does anyone know of any service where we could piggy back off their global infrastructure and run some scripts to test this performance? The obvious contenders are people like Monitis, but I don't think they would allow us to run custom scripts, only standard protocol monitors. Thanks for your help. Matt

Read the article
How can I get an SFTP server running on Windows 2008?

- by Saul

I have a remote Windows 2008 machine and the task at hand is to share out parts of its filesystem via SFTP for a single user. Were commercial software an option things would be easy but I want freeware. After trying out several different candidates such as Core FTP Mini SFTP Server, SilverShield and freeFTPd none them really qualified - either connection issues, zero configurability or bugs. Is there a free and stable SFTP server for Windows 2008 which works out of the box?

Read the article
Flush mod_pagespeed cache in Debian

- by Ivar

I need a way to flush the mod_pagespeed cache while developing. According to mod_pagespeed documents, I should run the following command: sudo touch /var/mod_pagespeed/cache/cache.flush In Debian it's "su" instead of "sudo". However, it doesn't work for me; there's no "touch" command, nor is there any "cache.flush" file in the defined directory. Have I missed something? You kick-ass Linux users, please be humble - I'm pretty new to these stuff. Thank you in advance!

Read the article
duplicity can't find remote backup directory?

- by leeand00

Using my private key to do so, this command allows me to connect to /home/backupUser/backup just fine: $ sudo sftp -oPort=7843 [email protected]:backup However when I run duplicity, I get the following error: duplicity full --exclude ... / scp://backupUser:[email protected]:7843:/backup bash: [email protected]:7843./backup: No such file or directory I'm under the assumption that duplicity would interpret the /backup path as relative to the user's home directory. But since the above command didn't work, I also tried leaving off the / in the backup directory at the end of the command, i.e. duplicity full --exclude ... / scp://backupUser:[email protected]:7843:backup bash: [email protected]:7843:backup: command not found Is there something I'm missing here, like adding the passcode for the private key to make this command work?

Read the article
Getting permission denied error

- by JM4

On my Media Temple DV 4.0 server I am getting permission denied errors: -bash: cd: httpdocs: Permission denied If I switch from my login user to sudo (sudo su) or switch to root using su-, I can access the directory with any issue. This is just my site's files directory though so not sure why I'm being denied. Additionally, I added my user to the visudo commands file with: user ALL=(ALL) ALL Any suggestions to what else could be the issue?

Read the article
Gitosis installation of public key not working...

- by user29600

I've been following this tutorial to install and setup git on Ubuntu Server 10.04 using Windows 7 as a client. However, after finally figuring out how it works (executed gitosis-init a bunch of times on the wrong key), I copied the id_rsa.pub file over to the server in /tmp folder and ran it again. Unfortunately it still doesn't work and when I execute git clone [email protected]:gitosis-admin.git it asks for gitosis's password rather than the RSA Passphrase. I'm assuming is the same problem this guy is having here... however, after following his instructions: Purge git-core and gitosis and manually remove the /srv/gitosis folder and following the instructions again (with the proper id_rsa.pub file this time), I'm still having the same issue. Anyone know what I'm doing wrong? Is there any way to probe for more information that might help in solving this?

Read the article
PuTTY inserts random characters during a session

- by Zachary Polikarpus

I recently started renting space on a remote server so that I could work on a project. I found that a relatively painless way to access it on a windows machine is through PuTTY. However, there is one thing that has always irked me when using it: for seemingly no reason random characters are sometimes inserted at the cursor. Most of the time it is just a single tilde, but rarely it spits out what looks like some escape sequence ([[^8 or the like). It will only occur when I am focused on the window, whether I am typing or 20 feet away from the keyboard. If left for long enough, it will spit tildes at random intervals (average is about 1 minute). Finally, this behavior seems to be inconsistant when running programs such as nano or the mysql interface: in nano, instead of inserting tildes, it will set marks (ctrl-^); in mysql, lines will become un-editable. My question is this: Has anyone else experienced this sort of behavior in PuTTY? And if so, what can be done to prevent/correct this behavior?

Read the article
Installing libssh2

- by Geoffrey

Does anyone know how to install libssh2 into php on a windows environment?

Read the article
How to update OpenSSL using Putty and yum command

- by JM4

I am so new to updating server technologies it is unbelievable but we are trying to become PCI Compliant and have to update some of our server technologies. One in particular is OpenSSL. We are currently running arch i686 0.9.8e but we have to upgrade to ATLEAST 0.9.8g. When I run a yum update command, there are no updates available. If I run "yum info openssl" it says available packages are: arch i386 0.9.8e but the only difference is smaller file size. I am running the following repositories: Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: mirrors.netdna.com * atomic: www6.atomicorp.com * base: mirrors.igsobe.com * extras: mirror.vcu.edu * updates: mirror.vcu.edu any help out there?

Read the article
I keep getting OpenSSL Header Version not found error when compiling OpenSSH Debian Squeeze

- by Romoku

I built Openssl1.0.0d ./config shared no-threads zlib It installed fine to the default /usr/local/ssl I went and downloaded OpenSSH 5.8p2 and ran ./configure but now it keeps giving me a Openssl version header not found error even when I set --with-ssl-dir= I've tried it with arguments /usr/local/ssl/include /usr/local/ssl/include/openssl /usr/include /usr/local/ssl/lib I looked in config.log and found error: openssl/opensslv.h: no such file or directory which makes little sense since I pointed openssh to where it is store. /etc/ld.so.conf include /usr/local/ssl/lib I'm at a loss at this point. Answer (maybe): Because I am an idiot. include /usr/local/ssl/lib is incorrect. /usr/local/ssl/lib is correct. It needs to be before the first include.

Read the article
OpenVPN access to a private network

- by Gior312

There are many similar topics about my issue, however I cannot figure out a solution for myself. There are three hosts. A without a routable address but with an Internet access. Server S with a routable Internet address and host B behind NAT in a private network. What I've managed to do is a OpenVPN connection between A and B via S. Everything works fine so far according to this manual VPN Setup What I want to do is to connect A to Bs private network 10.A.B.x I tried this manual but had no luck. So A has a vpn address 10.9.0.10, B's vpn address is 10.9.0.6 and B's private network is 10.20.20.0/24. When at the Server I try to make a route to Bs private network like this sudo route add 10.20.20.0 netmask 255.255.255.0 gw 10.9.0.6 dev tun0 it says "route: netmask 000000ff doesn't make sense with host route" but I don't know how to tell Server to look for a private network in a different way. Do you know how can I make it right ?

Read the article
Configuration to point an X tty to a separate system?

- by buu700

Specifically, I have an Ubuntu 10.04 system with a headless Ubuntu 12.04 virtual machine, and I'm looking for a way to have it set up so pressing ctrl+alt+F8 will take me into another X client which is connected to an X server on the vm (with gdm appropriately displayed at startup, etc.). As in, my startup script should spin up the headless machine and then immediately perform a "startx" pointed at the vm.

Read the article
Persistent PuTTY sessions for multiple windows

- by Tgr

I'm working in various Linux environments through PuTTY connections which break from time to time. I'm looking for a solution to make the PuTTY windows persist (e.g. if I was editing a file, then after reconnecting I should be in the same editor with the same file open at the same place), with the following requirements: it shouldn't require any manual setup at the beginning of the session or after reconnection (I don't want to type in screen or anything like that) I have several windows open to the same machine with the same user, which tend to disconnect at the same time the number/role of windows is not constant (it's not like I have an mc window, a mysql window and a "script runner" window; sometimes I use one window for search or for SVN commands, other times I need several at the same time) sometimes I need to change the properties of the windows for a task (large window for grepping/editing, small windows because I need to see two of them at the same time, red background because I am modifying the live database in MySQL etc), so I need to get the same console back in the same window after a reconnect Is there a way to achieve this? I suppose I should use screen or something equivalent, but how does it know which window I am reconnecting from? Is there some way to pass a unique window identifier to the shell from PuTTY?

Read the article
How to disabled password authentication for specific users in SSHD

- by Nick

I have read several posts regarding restricting ALL users to Key authentication ONLY, however I want to force only a single user (svn) onto Key auth only, the rest can be key or password. I read How to disable password authentication for every users except several, however it seems the "match user" part of sshd_config is part of openssh-5.1. I am running CentOS 5.6 and only have OpenSSH 4.3. I have the following repos available at the moment. $ yum repolist Loaded plugins: fastestmirror repo id repo name status base CentOS-5 - Base enabled: 3,535 epel Extra Packages for Enterprise Linux 5 - x86_64 enabled: 6,510 extras CentOS-5 - Extras enabled: 299 ius IUS Community Packages for Enterprise Linux 5 - x86_64 enabled: 218 rpmforge RHEL 5 - RPMforge.net - dag enabled: 10,636 updates CentOS-5 - Updates enabled: 720 repolist: 21,918 I mainly use epel, rpmforge is used to the latest version (1.6) of subversion. Is there any way to achieve this with my current setup? I don't want to restrict the server to keys only because if I lose my key I lose my server ;-)

Read the article
mount samba share on a vmware instance

- by Riduidel

I've a windows machine in which a linux server is run by a "VMWare player". From the windows machine, I want some folders to be mounted on the Linux virtual server. All this is done in a maven build (which is quite irrevelant here, in fact). From what I understand, to make these windows folders available as mountable ones, I have to do the following operations Share the folders as Samba ones using net share, this I have done. Access my virtual server and check which folders are already mounted (which seems to be doable using a less /etc/fstab), this I'll do soon Mount my samba shares using smbmount All that seems to my by far too hackish code. Could the same be done using ... say ... JMX/SNMP or any other high-level technology ?

Read the article
PuTTY - Server Unexpectedly Closed Network Connection

- by Austin

I have two servers that I have been able to connect fine as s1.website.com and s2.website.com I connected to s1.website.com earlier today without any issues, however, when I connected to s2.website.com it gave me the "Server Unexpectedly Closed Network Connection" I have researched this elsewhere and someone concluded it to a "brute force attempt" However, I know this is not the case. If anyone else has had this issue please let me know. Thanks

Read the article
$DISPLAY dependent gtk themes

- by Vlad Seghete

I have a computer at home that I log into remotely. The "monitor" for it is a TV, so I want gtk applications to use a large font and icon theme, which I managed to do by editing the ~/.gtkrc-2.0 file and some other similar stuff. What I want to be able to do is have a separate theme for when I'm logging in remotely. The best way to explain is that I would like my gtk theme choice to be dependent on the X display that the application is started on. For example, if I start something on :0.0 then that is the TV and I want large fonts, but if I start it on localhost:10.0 I want to use a regular size font, because it will get rendered on my laptop screen. The elegant solution would be to have some sort of IF statement in the .gtkrc-2.0 file that checks the $DISPLAY variable and behaves accordingly. The problem is I can't find any documentation on control structures in .gktrc files, or if it's even possible to do that.

Read the article
Node.js installation on Debian 6

- by pvorb

I used to use this method for node.js installation on Debian, since it was easy and everything worked fine. Even with multiple users. Since version 0.6.18~dfsg1-1 of the sid package, installation removes openssh-server. But I need OpenSSH to connect to my server. Is there any possibility to install Node.js via APT or do I have to compile it manually? This is my APT preferences file: Package: * Pin: release a=stable Pin-Priority: 800 Package: * Pin: release a=testing Pin-Priority: 650 Package: * Pin: release a=unstable Pin-Priority: 600

Read the article
Script to run chown on all folders and setting the owner as the folder name minus the trailing /

- by Shikoki

Some numpty ran chown -R username. in the /home folder on our webserver thinking he was in the desired folder. Needless to say the server is throwing a lot of wobbelys. We have over 200 websites and I don't want to chown them all individually so I'm trying to make a script that will change the owner of all the folders to the folder name, without the trailing /. This is all I have so far, once I can remove the / it will be fine, but I'd also like to check if the file contains a . in it, and if it doesn't then run the command, otherwise go to the next one. #!/bin/bash for f in * do test=$f; #manipluate the test variable chown -R $test $f done Any help would be great! Thanks in advance!

Read the article

< Previous Page | 71 72 73 74 75 76 77 78 79 80 81 82 | Next Page >