Search Results

Search found 4462 results on 179 pages for 'ssh'.

Page 96/179 | < Previous Page | 92 93 94 95 96 97 98 99 100 101 102 103  | Next Page >

  • Security measures for CentOS

    - by cappuccinodrinker
    I have been tightening up my web server security and wanted to know what else I can do. I am running CentOS 5 with these measures: - All passwords to FTP, MySQL etc are generated from grc.com/passwords.htm and microsoft.com/protect/fraud/passwords/create.aspx (for the ones which cannot be too long). - Running iptables with all ports shut off except for http mail and smtp, the important ports like FTP SSH are blocked to all except my static office IP. There is also no response to pings. - Rootkit Hunter running daily - The server is PCI compliant according to Comodo - Not running any crappy made php apps, we use Zend Framework for our stuff and do have kayako installed and keep them up to date. Can't really think of anything else I can do... I could implement a brute force measure, but I think I already have by simply changing my SSH port to a number above 10000 and blocking it off with iptables.

    Read the article

  • IIS Reverse Proxy support for multiple protocols

    - by Abraxas
    I have a server 2012 machine running IIS. It's in my DMZ and I would like to use it to do reverse proxy for several services. I can get it to route traffic on port 80 to 2 separate internal servers running web apps but there are some issues when I try to forward SSH (not port 80/443) and then when I try to forward OWA (Micrsoft exchange's 'webmail' services) to the internal mail server I run in to issues with guides (like this: http://blogs.technet.com/b/exchange/archive/2013/07/19/reverse-proxy-for-exchange-server-2013-using-iis-arr-part-1.aspx) when they say to have all traffic forwarded to the server farm created for OWA. My question for you all is this - given that there is no more Threat Management Gateway (only runs on server 2008) and ISA 2006 is also dead - is it possible to support multiple types of reverse proxies with different protocols (ftp, ssh, web, ssl-web) in IIS, or would it be better to install a different DMZ OS like a nginx server and use linux firewalls + nginx reverse proxy? Thanks for any help!

    Read the article

  • mounts aren't case-sensitive

    - by Asi
    I mounted a few drives from Linux boxes in my network, but those mounts aren't case-sensitive. The mount command I used ( from the man mount.cifs, case-sensitive should be the default ): mount //10.0.1.10/remote_folder /local_folder -t cifs -o username=xxxx,password=xxxx but those mounts aren't sensitive. for example doing: ls -l /local_folder/testfile.txt ls -l /local_folder/TESTFILE.TXT give's the same result... instead of 'file not found' Couple of important points: All drives are running on Linux machines. My local machine is running Fedora 18 and it is case-sensitive for ANY folder/file expect the mounted drives. All drive/mounts are case-sensitive when when doing SSH. So if I SSH from my local machine to a remote machine, doing ls -l /local_folder/TESTFILE.TXT will say file not found as it should. So I believe the issue is in my local machine and not in the way I did the mount. but I'm not sure where to look next (I'm new to Linux)

    Read the article

  • zeroconf (bonjour/avahi): macs do not see linuxes and vice versa

    - by codesnik
    In my home network I have several OS X boxes and several Ubuntu boxes. each Ubuntu box sees other boxes via zeroconf. I can "ssh ubuntu1.local" and "ping ubuntu1.local" from "ubuntu2.local", but both fail to lookup OSX boxes. and other way around, I can "ssh mini1.local" from "mbair.local". but it doesn't see "ubuntu1.local" why? do ubuntu and osx use different flavours of zeroconf? could be ubuntu, or osx tweaked to use common flavour?

    Read the article

  • Windows Media Center command line options?

    - by Pridkett
    Is there a command line interface to Windows Media Center in Windows 7. I have an SSH daemon installed on my media center box and would love to be able log in via SSH and get the list of upcoming recordings. As it is, I need to use Remote Desktop and then tell Media Center to run in GDI mode to display the upcoming recordings which is slow and cumbersome. Here are interesting commands that I'm wondering about: List upcoming recordings List most recent recordings Status of scheduler I'd rather not have to install Remote Potato to accomplish this.

    Read the article

  • Picking up a lot of failed authentications for various accounts

    - by Josh K
    My server is getting a lot of various failed authentication attempts for various accounts. The most common one (that I've seen ) or the root account. I have since enabled Fail2Ban and ran several rootkit / malware checks to ensure I wasn't compromised. Is there anything else I should do? I only have three accounts enabled, and SSH access for only two. I have a full 48hr ban on anyone making more then six failed SSH login attempts. I do not have FTP enabled.

    Read the article

  • Port forwarding using a BT Home Hub 2.0 (Supplied to new BT Infinity Customers in the UK)

    - by Jasarien
    I don't usually have trouble with port forwarding, I've been able to do it successfully on a number of different routers, including Linksys, Belkin, Netgear and Apple (Time Capsule / Airport Extreme). So I'm quite confused here. I had been using my Apple Time Capsule as my router for a few years now, with several port mappings all working fine. But it died recently, so I've had to resort to using the BT Home Hub 2.0 that was supplied with my BT Infinity broadband subscription. The forwarding interface for the Home Hub is simplified for the most part, allowing you to select an application or game and assign it to a particular computer on the network which you choose from a list that the Home Hub has 'discovered'. My Mac Pro has a manually assigned static IP 192.168.1.4 and my router is static at 192.168.1. I have chosen SSH from the list of applications and assigned it to my Mac Pro (the only computer in the list currently). The Home Hub also has a feature to keep a DNS service updated, and I have set it to keep my external IP address updated on my hostname. This is how I had it setup in the past with other routers and not had trouble before. I am able to ping my hostname (and external IP) from outside the network and get a response. But when I try to connect using SSH, the connection times out. The Home Hub also has "Firewall settings". The currently selected setting is: Default: Allow all outgoing connections and block all incoming traffic. Games and application sharing is allowed. But I've tried changing it to: Disabled: All traffic is allowed to pass through your BT Home Hub to your devices. Note: you’ll still need to use the games and application sharing feature to make sure that certain applications work properly. And the connection still times out... So frustrating. The OS X firewall on my Mac is disabled, so I don't think that's in the way. I have tried setting the port forwarding manually, instead of relying on the preset "SSH" option (incase it's not using the port I expect). So I set up my own "application" (as the Home Hub calls it) and forwarded external port 22 TCP to internal port 22 TCP to 192.168.1.4 - but that just gives the same result - unable to connect. Next, with the router's firewall disabled and OS X's firewall disabled, I ran the Shields Up test (https://www.grc.com/x/ne.dll?bh0bkyd2) and the result was that all my service ports (0 - 1055) are in 'Stealth' mode. I.e. nothing even exists at my IP as far as any outsider is concerned... Strange. The only thing that seems to work is setting my Mac Pro as the DMZ - which I don't want to do for obvious reasons. Any help with this would be extremely appreciated, thanks.

    Read the article

  • How to proxy and encrypt all my internet traffic with Win7 and Win2008R2?

    - by Malartre
    Hi, I have a Windows 7 laptop and a Windows 2008 R2 server. How can I encrypt and route all my internet request from the Win7 laptop to the Win2008R2 server? I guess the server would be called a proxy? Goal is to prevent unencrypted network snooping. I found this article about using SSH, but I would prefer an official windows integrated solution. What's the Microsoft "way" on this? http://lifehacker.com/237227/geek-to-live--encrypt-your-web-browsing-session-with-an-ssh-socks-proxy I would like this to work for all internet traffic, not just browser traffic and I would like to set this up on many Win7 clients. Carl

    Read the article

  • VirtualBox "Bridged Adapter" when host NIC is turned off

    - by chris_l
    Hi, I'm running Linux (Debian Etch) in a VirtualBox VM on my MacBook. I usually ssh from my Mac terminal to the guest machine. I also want to access the internet from my guest, so I set up my host's WLAN card (en1) as a bridged adapter for eth0 on the client. This works fine, but when I turn off the WLAN card (e.g. to reduce battery consumption), I'd still like to ssh from my host to the guest. This fails of course, because en1 loses its IP address. Is a bridged adapter the best option for what I want to do? How can I make it work? (A simple "ifconfig en1 add 10.0.0.4" didn't do the trick...) Thanks Chris

    Read the article

  • Backing up mail accounts without full access to mailserver

    - by Agos
    Hi everybody. I'm in the process of migrating some stuff from a (crappy) hosting. Files were easy with SSH access, but mail is giving me some thoughts. This is the situation: qmail server, no ssh access I own postmaster account accounts are accessible via web interface or POP3 I'm interested in transferring emails, but if whole accounts can be transferred it'd be better. Being POP3 I'm fairly confident every message has been downloaded, but of course I'd like to download the whole thing to be safer. Right now I have this in mind: Enter in web admin Change each account's password (it's only a dozen or so accounts so still feasible) Send new password to user telling him please not to change it getmail or something like that put on new IMAP server in some way (which I still haven't planned) But I feel there should be a better way to do this. Is there? Thanks in advance!

    Read the article

  • iptables : how to correctly allow incoming and outgoing traffic for certain ports?

    - by Rubytastic
    Im trying to get incoming and outgoing traffic to be enabled on specific ports, because I block everything at the end of the iptables rules. INPUT and FORWARD reject. What would be the appropiate way to open certain ports for all traffic incoming and outgoing? From docs I found below but one has to really define both lines? iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT I try to open ports for xmpp service and some other deamons running on server. Rules: *filter # Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0 -A INPUT -i lo -j ACCEPT -A INPUT -d 127.0.0.0/8 -j REJECT # Accept all established inbound connections -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow all outbound traffic - you can modify this to only allow certain traffic -A OUTPUT -j ACCEPT # Allow HTTP # Prevent DDOS attacks (http://blog.bodhizazen.net/linux/prevent-dos-with-iptables/) # Disallow HTTPS -A INPUT -p tcp --dport 80 -m state --state NEW -m limit --limit 50/minute --limit-burst 200 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -m limit --limit 50/second --limit-burst 50 -j ACCEPT -A INPUT -p tcp --dport 443 -j DROP # Allow SSH connections # The -dport number should be the same port number you set in sshd_config -A INPUT -p tcp -s <myip> --dport ssh -j ACCEPT -A INPUT -p tcp -s <myip> --dport 5984 -j ACCEPT -A INPUT -p tcp --dport ssh -j REJECT # Attempt to block portscans # Anyone who tried to portscan us is locked out for an entire day. -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP # Once the day has passed, remove them from the portscan list -A INPUT -m recent --name portscan --remove -A FORWARD -m recent --name portscan --remove # These rules add scanners to the portscan list, and log the attempt. -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "Portscan:" -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "Portscan:" -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP # Stop smurf attacks -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP -A INPUT -p icmp -m icmp -j DROP # Drop excessive RST packets to avoid smurf attacks -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT # Don't allow pings through -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP # Log iptables denied calls -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 # Reject all other inbound - default deny unless explicitly allowed policy -A INPUT -j REJECT -A FORWARD -j REJECT COMMIT

    Read the article

  • Set up a root server using Ubuntu and Virtualization

    - by Daniel Völkerts
    Hello, I'd like to setup a fresh root server and install a linux based virtualization on it. My thoughts are on: Intel VTs Hardware Ubuntu 9.10 KVM based virt. The access to the root server will only be SSH for Administration. Has anybody done this before, what was your glues discovered in the daily use? My requirements are: very secure, so the root server only has ssh to the dom-0 and minimalistic ports for the guest (e.g. http/s). good monitoring of host/guest (my idea is to using zabbix for it) easy and fast administration (how are the command line tools working for you? cryptiv? high learning curve?) I'm pleased to learn from your suggestions. Regards, Daniel Völkerts

    Read the article

  • Machine only responds to network requests from machines it is pinging

    - by ILikeFood
    I have two machines. WOPR: Ubuntu server edition 10.10 LTS 32 bit Adam Selene: Windows 7 home premium 64 bit / Ubuntu Desktop 10.10 LTS 64 bit I want to be able to SSH from Adam Selene to WOPR, so I connect them to the same network. Here's where things get weird. I cannot connect to WOPR in any way under normal circumstances. But, if WOPR is pinging Adam, then it starts responding to ping requests, HTTP gets, and SSH tunnels. I'm an amateur, and brand new to Ubuntu server, so I suspect there's a misconfiguration somewhere, but there's an off chance it's a bug in the OS. Does anyone know what might cause this behavior? Thanks a lot!

    Read the article

  • Fedora Core 11 won't boot without a monitor

    - by feihtthief
    I have a P4 system that I installed Fedora 11 on. It will not boot without a monitor attached. The monitor can be off (not even have power plugged in), but must be attached. Without a monitor the hard disk thrashes around a bit like it's starting up services, but does not get to the point where I can ssh into the box. I have set the default runlevel to 3 and removed the rhgb entry from grub. Any suggestions welcome. Edit: I have already set the run-level to 3. The machine boots up fine with the monitor plugged in to the point where I can SSH into it. as soon as i unplug the monitor and reboot, it will not boot to that point.

    Read the article

  • How to backup data on debian vps to dropbox?

    - by IBr
    I have really simple private VPS with some webpages and music server. I want to backup some configs and some scripts to dropbox or similar service. Server has no gui (except simple ssh X forwarding, which is neither convenient for constant usage and does not provide full desktop) everything is controlled through ssh. So my question would is it possible to setup dropbox client for command line use? How? Is there any alternatives for dropbox, which would have command line clients? Also is it possible to incorporate backup into script for cron job?

    Read the article

  • What's the situation that requires stateful firewall?

    - by Eonil
    I just know there is two kind of firewalls. Stateless and stateful. It's hard to determine what kind of firewall I have to use. Currently I have to run firewall within same machine runs services, Basically I want stateless because of its less resource consumption. However if it is not sufficient for security, it's meaningless. I'll run HTTP, SSH, NFS (only over SSH), and some custom made server on several TCP/UDP ports. Should I use stateful firewall? (edit) Maybe the question can be assumed as 'Should I use stateful rules?'.

    Read the article

  • [iptables] Why do 'iptables -A OUTPUT -j REJECT' at the end of the chain OUTPUT override the previous rules??

    - by Serge
    Those are my IPTABLES rules: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -p udp --dport 22 -j ACCEPT iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT iptables -A OUTPUT -p udp --dport 53 -j ACCEPT iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 180 --hitcount 4 --name DEFAULT --rsource -j DROP iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT iptables -A OUTPUT -j REJECT iptables -A INPUT -j REJECT iptables -A FORWARD -j REJECT Im using a remote ssh conetion to set them up, but after i set: iptables -A OUTPUT -j REJECT My connection get lost. I have read all the documentation for Iptables and i can figure out anything, the global Rejects for INPUT work well because i can access to the web page but i get a timeout for ssh. Any idea? Thanks

    Read the article

  • Address VMWare Fusion Linux guest by hostname?

    - by amrox
    I have a Ubuntu Server 9.04 image set up in VMWare Fusion 3.0.0, using the NAT option for the guest's network connection. From the Mac host, I can ssh to the linux guest just fine using it's IP address, but I would like to be able to refer to it by hostname for connivence. ie: mac-host:~ ssh [email protected] I had a similar setup using Parallels a couple years ago, but I don't remember how it was set up. It may have "just worked". Any suggestion on how to make this work?

    Read the article

  • Secure copying (file transfer) between two Linux servers in the same datacenter (Linode)

    - by MountainX
    I have two Linodes in the same data center. I want to copy files from one to the other each night or on demand (for about the next month, until this project is finished). So I'm thinking about using rsync. My question is how do I set up the two Linode servers to communicate via private IP addresses securely? Both servers are SSH hardened, they use denyhosts and have a fairly restrictive iptables setup. I know I need to first assign private IP addresses to each server, then configure static networking according to this guide. What is next? What SSH or iptables settings are needed to allow these two servers to communicate? What further info do I need to supply in this question? I'm looking for a basic step-by-step guide for how to do this.

    Read the article

  • Git and Amazon EC2 public key denied

    - by MrNart
    I had git working before on /var/html/projectfolder and realized it was a security risk so I made a new folder /projects from the root folder and tried to replicate what I did and now it doesnt work. Here is the backlog of what I did for my local machine and EC2 - server Server-EC2 1.I added my public key to the authorized_user file in ~/.ssh folder 2.Create a bare repository git init --bare 3.Change folder permissions to sudo chgrp -R ec2-user * sudo chmod -R g+ws * Local Machine create a local repository with git init touch, add, commit readme file pointed origin master to ec2 via git remote add origin ssh://ec2-user@remote-ip/path/to/folder This is my output: Permission Denied (publickey) fatal: The remote end hung up unexpectedly

    Read the article

  • Using Cygwin in Windows 8, chmod 600 does not work as expected?

    - by Castaa
    I'm trying to change the the permissions to my key file key.pem in Cygwin 1.7.11. It has the permissions flags: -rw-rw---- chmod -c 600 key.pem Reports: mode of 'key.pem' changed from 0660 (rw-rw----) to 0600 (rw-------) However: ls -l key.pem still reports key.pem's permission flags are still: -rw-rw---- This reason why I'm asking is that ssh is complaining: Permissions 0660 for 'key.pem' are too open. when I try to ssh into my Amazon EC2 instance. Is this an issue with Cygwin & Windows 8 NTFS or am I missing something?

    Read the article

  • Remote Control Home PC from Corporate Work PC

    - by muncherelli
    Here is my situation: I am currently on a Windows XP workstation at work. I have an android tablet that I use to splashtop into my home PC. I would like to be able to use my work keyboard and mouse to control my home PC while I am splashtop'd into it using my tablet. My work PC is on a corporate LAN, and not on the same network as my tablet. The company I work for provides wifi for personal devices, but they are not accessable to the internal network. I thought about going the Synergy route, however that would require my home PC to be able to connect to my work PC which isn't really possible. The opposite would work though, if I could reverse connect the server to the client, but the Synergy software doesn't really support that. I do have a couple linux boxes running at home, so I can ssh into my home network and tunnel ports via SSH if needed. With what I have, how can I accomplish seamless keyboard and mouse sharing between my work PC and either my home PC or my android tablet?

    Read the article

  • Server suddenly running out of entropy

    - by Creshal
    Since a reboot yesterday, one of our virtual servers (Debian Lenny, virtualized with Xen) is constantly running out of entropy, leading to timeouts etc. when trying to connect over SSH / TLS-enabled protocols. Is there any way to check which process(es) is(/are) eating up all the entropy? Edit: What I tried: Adding additional entropy sources: time_entropyd, rng-tools feeding urandom back into random, pseudorandom file accesses – netted about 1 MiB additional entropy per second, problems still persisted Checking for unusual activity via lsof, netstat and tcpdump – nothing. No noticeable load or anything Stopping daemons, restarting permanent sessions, rebooting the entire VM – no change in behaviour What in the end worked: Waiting. Since about yesterday noon, there are no connection problems anymore. Entropy is still somewhat low (128 Bytes peak), but TLS/SSH sessions have no noticeable delay anymore. I'm slowly switching our clients back to TLS (all five of them!), but I don't expect any change in behavior now.

    Read the article

  • What differences are there between an official Ubuntu AMI image and a base install from an ISO?

    - by David Winter
    When creating a new instance on AWS using an official Ubuntu 12.04 server AMI, what differences are there compared to if I was to do a standard server install on a computer of my own? For example, the default user is 'ubuntu'. An SSH public key is added to that users authorized_keys file. Sudo is passwordless for that user. PasswordAuthentication is disabled for SSH. etc etc. Configurations have been changed from their defaults, and I'd like to know if there is a list, or somewhere I could find out the modifications made.

    Read the article

< Previous Page | 92 93 94 95 96 97 98 99 100 101 102 103  | Next Page >