Search Results

Search found 4485 results on 180 pages for 'ssh keygen'.

Page 97/180 | < Previous Page | 93 94 95 96 97 98 99 100 101 102 103 104  | Next Page >

• Picking up a lot of failed authentications for various accounts

  - by Josh K

  My server is getting a lot of various failed authentication attempts for various accounts. The most common one (that I've seen ) or the root account. I have since enabled Fail2Ban and ran several rootkit / malware checks to ensure I wasn't compromised. Is there anything else I should do? I only have three accounts enabled, and SSH access for only two. I have a full 48hr ban on anyone making more then six failed SSH login attempts. I do not have FTP enabled.

  Read the article

• Backing up mail accounts without full access to mailserver

  - by Agos

  Hi everybody. I'm in the process of migrating some stuff from a (crappy) hosting. Files were easy with SSH access, but mail is giving me some thoughts. This is the situation: qmail server, no ssh access I own postmaster account accounts are accessible via web interface or POP3 I'm interested in transferring emails, but if whole accounts can be transferred it'd be better. Being POP3 I'm fairly confident every message has been downloaded, but of course I'd like to download the whole thing to be safer. Right now I have this in mind: Enter in web admin Change each account's password (it's only a dozen or so accounts so still feasible) Send new password to user telling him please not to change it getmail or something like that put on new IMAP server in some way (which I still haven't planned) But I feel there should be a better way to do this. Is there? Thanks in advance!

  Read the article

• iptables : how to correctly allow incoming and outgoing traffic for certain ports?

  - by Rubytastic

  Im trying to get incoming and outgoing traffic to be enabled on specific ports, because I block everything at the end of the iptables rules. INPUT and FORWARD reject. What would be the appropiate way to open certain ports for all traffic incoming and outgoing? From docs I found below but one has to really define both lines? iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT I try to open ports for xmpp service and some other deamons running on server. Rules: *filter # Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0 -A INPUT -i lo -j ACCEPT -A INPUT -d 127.0.0.0/8 -j REJECT # Accept all established inbound connections -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow all outbound traffic - you can modify this to only allow certain traffic -A OUTPUT -j ACCEPT # Allow HTTP # Prevent DDOS attacks (http://blog.bodhizazen.net/linux/prevent-dos-with-iptables/) # Disallow HTTPS -A INPUT -p tcp --dport 80 -m state --state NEW -m limit --limit 50/minute --limit-burst 200 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -m limit --limit 50/second --limit-burst 50 -j ACCEPT -A INPUT -p tcp --dport 443 -j DROP # Allow SSH connections # The -dport number should be the same port number you set in sshd_config -A INPUT -p tcp -s <myip> --dport ssh -j ACCEPT -A INPUT -p tcp -s <myip> --dport 5984 -j ACCEPT -A INPUT -p tcp --dport ssh -j REJECT # Attempt to block portscans # Anyone who tried to portscan us is locked out for an entire day. -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP # Once the day has passed, remove them from the portscan list -A INPUT -m recent --name portscan --remove -A FORWARD -m recent --name portscan --remove # These rules add scanners to the portscan list, and log the attempt. -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "Portscan:" -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "Portscan:" -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP # Stop smurf attacks -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP -A INPUT -p icmp -m icmp -j DROP # Drop excessive RST packets to avoid smurf attacks -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT # Don't allow pings through -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP # Log iptables denied calls -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 # Reject all other inbound - default deny unless explicitly allowed policy -A INPUT -j REJECT -A FORWARD -j REJECT COMMIT

  Read the article

• Fedora Core 11 won't boot without a monitor

  - by feihtthief

  I have a P4 system that I installed Fedora 11 on. It will not boot without a monitor attached. The monitor can be off (not even have power plugged in), but must be attached. Without a monitor the hard disk thrashes around a bit like it's starting up services, but does not get to the point where I can ssh into the box. I have set the default runlevel to 3 and removed the rhgb entry from grub. Any suggestions welcome. Edit: I have already set the run-level to 3. The machine boots up fine with the monitor plugged in to the point where I can SSH into it. as soon as i unplug the monitor and reboot, it will not boot to that point.

  Read the article

• Set up a root server using Ubuntu and Virtualization

  - by Daniel Völkerts

  Hello, I'd like to setup a fresh root server and install a linux based virtualization on it. My thoughts are on: Intel VTs Hardware Ubuntu 9.10 KVM based virt. The access to the root server will only be SSH for Administration. Has anybody done this before, what was your glues discovered in the daily use? My requirements are: very secure, so the root server only has ssh to the dom-0 and minimalistic ports for the guest (e.g. http/s). good monitoring of host/guest (my idea is to using zabbix for it) easy and fast administration (how are the command line tools working for you? cryptiv? high learning curve?) I'm pleased to learn from your suggestions. Regards, Daniel Völkerts

  Read the article

• How to backup data on debian vps to dropbox?

  - by IBr

  I have really simple private VPS with some webpages and music server. I want to backup some configs and some scripts to dropbox or similar service. Server has no gui (except simple ssh X forwarding, which is neither convenient for constant usage and does not provide full desktop) everything is controlled through ssh. So my question would is it possible to setup dropbox client for command line use? How? Is there any alternatives for dropbox, which would have command line clients? Also is it possible to incorporate backup into script for cron job?

  Read the article

• Machine only responds to network requests from machines it is pinging

  - by ILikeFood

  I have two machines. WOPR: Ubuntu server edition 10.10 LTS 32 bit Adam Selene: Windows 7 home premium 64 bit / Ubuntu Desktop 10.10 LTS 64 bit I want to be able to SSH from Adam Selene to WOPR, so I connect them to the same network. Here's where things get weird. I cannot connect to WOPR in any way under normal circumstances. But, if WOPR is pinging Adam, then it starts responding to ping requests, HTTP gets, and SSH tunnels. I'm an amateur, and brand new to Ubuntu server, so I suspect there's a misconfiguration somewhere, but there's an off chance it's a bug in the OS. Does anyone know what might cause this behavior? Thanks a lot!

  Read the article

• Secure copying (file transfer) between two Linux servers in the same datacenter (Linode)

  - by MountainX

  I have two Linodes in the same data center. I want to copy files from one to the other each night or on demand (for about the next month, until this project is finished). So I'm thinking about using rsync. My question is how do I set up the two Linode servers to communicate via private IP addresses securely? Both servers are SSH hardened, they use denyhosts and have a fairly restrictive iptables setup. I know I need to first assign private IP addresses to each server, then configure static networking according to this guide. What is next? What SSH or iptables settings are needed to allow these two servers to communicate? What further info do I need to supply in this question? I'm looking for a basic step-by-step guide for how to do this.

  Read the article

• [iptables] Why do 'iptables -A OUTPUT -j REJECT' at the end of the chain OUTPUT override the previous rules??

  - by Serge

  Those are my IPTABLES rules: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -p udp --dport 22 -j ACCEPT iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT iptables -A OUTPUT -p udp --dport 53 -j ACCEPT iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 180 --hitcount 4 --name DEFAULT --rsource -j DROP iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT iptables -A OUTPUT -j REJECT iptables -A INPUT -j REJECT iptables -A FORWARD -j REJECT Im using a remote ssh conetion to set them up, but after i set: iptables -A OUTPUT -j REJECT My connection get lost. I have read all the documentation for Iptables and i can figure out anything, the global Rejects for INPUT work well because i can access to the web page but i get a timeout for ssh. Any idea? Thanks

  Read the article

• Address VMWare Fusion Linux guest by hostname?

  - by amrox

  I have a Ubuntu Server 9.04 image set up in VMWare Fusion 3.0.0, using the NAT option for the guest's network connection. From the Mac host, I can ssh to the linux guest just fine using it's IP address, but I would like to be able to refer to it by hostname for connivence. ie: mac-host:~ ssh [email protected] I had a similar setup using Parallels a couple years ago, but I don't remember how it was set up. It may have "just worked". Any suggestion on how to make this work?

  Read the article

• What's the situation that requires stateful firewall?

  - by Eonil

  I just know there is two kind of firewalls. Stateless and stateful. It's hard to determine what kind of firewall I have to use. Currently I have to run firewall within same machine runs services, Basically I want stateless because of its less resource consumption. However if it is not sufficient for security, it's meaningless. I'll run HTTP, SSH, NFS (only over SSH), and some custom made server on several TCP/UDP ports. Should I use stateful firewall? (edit) Maybe the question can be assumed as 'Should I use stateful rules?'.

  Read the article

• Using Cygwin in Windows 8, chmod 600 does not work as expected?

  - by Castaa

  I'm trying to change the the permissions to my key file key.pem in Cygwin 1.7.11. It has the permissions flags: -rw-rw---- chmod -c 600 key.pem Reports: mode of 'key.pem' changed from 0660 (rw-rw----) to 0600 (rw-------) However: ls -l key.pem still reports key.pem's permission flags are still: -rw-rw---- This reason why I'm asking is that ssh is complaining: Permissions 0660 for 'key.pem' are too open. when I try to ssh into my Amazon EC2 instance. Is this an issue with Cygwin & Windows 8 NTFS or am I missing something?

  Read the article

• Git and Amazon EC2 public key denied

  - by MrNart

  I had git working before on /var/html/projectfolder and realized it was a security risk so I made a new folder /projects from the root folder and tried to replicate what I did and now it doesnt work. Here is the backlog of what I did for my local machine and EC2 - server Server-EC2 1.I added my public key to the authorized_user file in ~/.ssh folder 2.Create a bare repository git init --bare 3.Change folder permissions to sudo chgrp -R ec2-user * sudo chmod -R g+ws * Local Machine create a local repository with git init touch, add, commit readme file pointed origin master to ec2 via git remote add origin ssh://ec2-user@remote-ip/path/to/folder This is my output: Permission Denied (publickey) fatal: The remote end hung up unexpectedly

  Read the article

• Remote Control Home PC from Corporate Work PC

  - by muncherelli

  Here is my situation: I am currently on a Windows XP workstation at work. I have an android tablet that I use to splashtop into my home PC. I would like to be able to use my work keyboard and mouse to control my home PC while I am splashtop'd into it using my tablet. My work PC is on a corporate LAN, and not on the same network as my tablet. The company I work for provides wifi for personal devices, but they are not accessable to the internal network. I thought about going the Synergy route, however that would require my home PC to be able to connect to my work PC which isn't really possible. The opposite would work though, if I could reverse connect the server to the client, but the Synergy software doesn't really support that. I do have a couple linux boxes running at home, so I can ssh into my home network and tunnel ports via SSH if needed. With what I have, how can I accomplish seamless keyboard and mouse sharing between my work PC and either my home PC or my android tablet?

  Read the article

• Server suddenly running out of entropy

  - by Creshal

  Since a reboot yesterday, one of our virtual servers (Debian Lenny, virtualized with Xen) is constantly running out of entropy, leading to timeouts etc. when trying to connect over SSH / TLS-enabled protocols. Is there any way to check which process(es) is(/are) eating up all the entropy? Edit: What I tried: Adding additional entropy sources: time_entropyd, rng-tools feeding urandom back into random, pseudorandom file accesses – netted about 1 MiB additional entropy per second, problems still persisted Checking for unusual activity via lsof, netstat and tcpdump – nothing. No noticeable load or anything Stopping daemons, restarting permanent sessions, rebooting the entire VM – no change in behaviour What in the end worked: Waiting. Since about yesterday noon, there are no connection problems anymore. Entropy is still somewhat low (128 Bytes peak), but TLS/SSH sessions have no noticeable delay anymore. I'm slowly switching our clients back to TLS (all five of them!), but I don't expect any change in behavior now.

  Read the article

• Hp Procurve Switch : port filtered

  - by user117140

  My HP Procurve switch is blocking port 22 and I dont know how to unblock it.Please let me know From the server, see port 22 is blocked [root@server ~]#nmap -p22,80,443 10.247.172.70 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-04-16 14:12 IST mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns_servers Interesting ports on 10.247.172.70: PORT STATE SERVICE 22/tcp filtered ssh ------------------> see 80/tcp filtered http 443/tcp filtered https This is blocked on cisco switch but I dont have any clue how this is done. I know that vlan is configured on switch. vlan 54 ip ospf 10.247.172.65 area 0.0.0.10 vrrp vrid 54 owner virtual-ip-address 10.247.172.65 255.255.255.192 priority 255 enable exit exit Please let me know how to unblock ssh port 22 access on this switch?

  Read the article

• How to proxy and encrypt all my internet traffic with Win7 and Win2008R2?

  - by Malartre

  I have a Windows 7 laptop and a Windows 2008 R2 server. How can I encrypt and route all my internet request from the Win7 laptop to the Win2008R2 server? I guess the server would be called a proxy? Goal is to prevent unencrypted network snooping. I found this article about using SSH, but I would prefer an official windows integrated solution. What's the Microsoft "way" on this? http://lifehacker.com/237227/geek-to-live--encrypt-your-web-browsing-session-with-an-ssh-socks-proxy I would like this to work for all internet traffic, not just browser traffic and I would like to set this up on many Win7 clients. Carl

  Read the article

• What differences are there between an official Ubuntu AMI image and a base install from an ISO?

  - by David Winter

  When creating a new instance on AWS using an official Ubuntu 12.04 server AMI, what differences are there compared to if I was to do a standard server install on a computer of my own? For example, the default user is 'ubuntu'. An SSH public key is added to that users authorized_keys file. Sudo is passwordless for that user. PasswordAuthentication is disabled for SSH. etc etc. Configurations have been changed from their defaults, and I'd like to know if there is a list, or somewhere I could find out the modifications made.

  Read the article

• How do I run vino-server without a monitor attached in Ubuntu 10.04

  - by Ole

  I just upgraded to Ubuntu 10.04 yesterday on a headless home server. I use the server for a variety of purposes, and what I don't know how to do via SSH I've alway been able to do through VNC. However, since the upgrade vino-server will no longer run if there isn't a monitor attached. Before it used to start up without a problem. Even by attempting to run the server via SSH gives me a "could not load display" error. Summary: I need to get vino-server running at boot time on a server with Ubuntu 10.04, without a monitor attached.

  Read the article

• Azure VM : Connection refused by host

  - by Simon Kérouack

  I recently stopped a subscription with 14 VMs in it and restarted it a few days later. Now all my VMs are working just fine at the exception of 6 used for MongoDB. They respond to ping and so they show as online in the azure dashboard but they do not answer to anything else. I tried (from different locations, in and out of the azure cloud) ssh : connect to host * port *: Connection refused telnet : Unable to connect to remote host: Connection refused mongo : exception: connect failed The ports for ssh and mongo are opened in azure. I tried restarting the VMs a few times trough the azure dashboard, they seem to restart successfully but still refuse all connections. I already looked for similar issues and the best solutions I found was to wait... the issue has been happening for 7 days and waiting is no more an option.

  Read the article

• Allowing outbound traffic with APF/iptables for OpenVZ container

  - by David

  I have apf installed on a OpenVZ container (proxmox 2.1). The config is pretty much vanilla and things are working. My external services like ssh and http are working. My problem is that all outbound traffic on http/https is blocked. How do I allow all outbound traffic for http/https. If I change EGF to 1 like this, all inbound and outbound traffic gets blocked EGF="1" EG_TCP_CPORTS="21,25,80,443,43,53" EG_UDP_CPORTS="20,21,53" EG_ICMP_TYPES="all" I opened a single outbound rule with the following # /usr/local/sbin/apf -a downloads.wordpress.org How do I allow all outbound traffic on http/https without blocking all traffic? Why would I allow all inbound ssh/http traffic and block all outbound traffic?

  Read the article

• unable to start apache after changes to rc.conf and resov.conf

  - by shupru

  I had a working configuration this morning with the following simple /etc/rc.conf ifconfig_rl0="DHCP" ifconfig_xl="inet 192.168.1.11 netmask 255.255.255." defaultrouter="192.168.1.1" I added the following lines: firewall_enable="YES" firewall_type="SIMPLE" firewall_logging="YES" sshd_enable="YES" apache_enable="YES" mysql_enable="YES" my httpd.conf includes: NameVirtualHost 192.168.1.11 <VirtualHost 192.168.1.11> ... </VirtualHost> now apache and ssh server are down. changed rc.conf back to last working configuration and still no ssh or apache apachectl start #--> /usr/local/sbin/apachectl start: httpd could not be started apachectl status #--> Looking up localhost Making http connection to localhost Alert!: Unable to connect to remote host.

  Read the article

• Interested in scp recipe for sftp [closed]

  - by GJZ

  You wrote in a reply this Blockquote The problem is that sftp runs as the user's id -- first, the sftp client ssh's into the target host as the given user, then runs sftp-server. Since sftp-server is running as a regular user, it has no way to "give away" a file (change owner of a file). However, if you are able to use scp, and assign a key pair to each user, you can get around this. This involves adding a user's key to root's ~/.ssh/authorized_keys file, with a "command=" parameter to force it to run a script that sanitizes and alters the arguments of the server-side scp program. I've used this technique before to set up an anonymous scp dropbox that allowed anyone to submit a file, and ensure that no one could retrieve submitted files and also prevent overwrites. If you are open to this technique, let me know and I'll update this post with a quick recipe. We are interested in this scp quick recipe for our community services file sharing. Best Regards, Gert Jan Zeilstra

  Read the article

• How can I find the original un-changed configuration file to compare with the *.rpmnew file?

  - by User

  While upgrading from CentOS 5.7 to 5.8 I've received the following warnings: warning: /etc/sysconfig/iptables-config created as /etc/sysconfig/iptables-config.rpmnew warning: /etc/ssh/sshd_config created as /etc/ssh/sshd_config.rpmnew warning: /etc/odbcinst.ini created as /etc/odbcinst.ini.rpmnew (To know the reason for such files, and what one can do with them read - Why do I have .rpmnew file after an update? ) I want to know what exactly has been change in the default config file by comparing the old default file (the original un-changed configuration file) with the new default file (*.rpmnew). Then, I can apply the changes to my modified file (aka diff merge). The problem is I don't know where can I find the original un-changed configuration file...

  Read the article

• Linux and Windows machines sharing a network

  - by Saif Bechan

  I have different Windows and Linux machines that share an internal private network. From within this network I can SSH to every machine etc. This internal network works great. I have my main windows machine from where I control these machines either trough SSH or virtual desktop. Is there a way for me on my main machine to see all the machines that are connected to the network. I want to be able to see all the machines and maybe browse them, share files etc. I am very new to networking of this kind so any recommendations are welcome. Should I set up this network by workgroup? I do not think Linux supports that. Or should I set up the network with domain, I never did that before.

  Read the article

< Previous Page | 93 94 95 96 97 98 99 100 101 102 103 104  | Next Page >