Search Results

Search found 4462 results on 179 pages for 'ssh'.

Page 98/179 | < Previous Page | 94 95 96 97 98 99 100 101 102 103 104 105  | Next Page >

  • What else can I do to secure my Linux server?

    - by eric01
    I want to put a web application on my Linux server: I will first explain to you what the web app will do and then I will tell you what I did so far to secure my brand new Linux system. The app will be a classified ads website (like gumtree.co.uk) where users can sell their items, upload images, send to and receive emails from the admin. It will use SSL for some pages. I will need SSH. So far, what I did to secure my stock Ubuntu (latest version) is the following: NOTE: I probably did some things that will prevent the application from doing all its tasks, so please let me know of that. My machine's sole purpose will be hosting the website. (I put numbers as bullet points so you can refer to them more easily) 1) Firewall I installed Uncomplicated Firewall. Deny IN & OUT by default Rules: Allow IN & OUT: HTTP, IMAP, POP3, SMTP, SSH, UDP port 53 (DNS), UDP port 123 (SNTP), SSL, port 443 (the ones I didn't allow were FTP, NFS, Samba, VNC, CUPS) When I install MySQL & Apache, I will open up Port 3306 IN & OUT. 2) Secure the partition in /etc/fstab, I added the following line at the end: tmpfs /dev/shm tmpfs defaults,rw 0 0 Then in console: mount -o remount /dev/shm 3) Secure the kernel In the file /etc/sysctl.conf, there are a few different filters to uncomment. I didn't know which one was relevant to web app hosting. Which one should I activate? They are the following: A) Turn on Source Address Verification in all interfaces to prevent spoofing attacks B) Uncomment the next line to enable packet forwarding for IPv4 C) Uncomment the next line to enable packet forwarding for IPv6 D) Do no accept ICMP redirects (we are not a router) E) Accept ICMP redirects only for gateways listed in our default gateway list F) Do not send ICMP redirects G) Do not accept IP source route packets (we are not a router) H) Log Martian Packets 4) Configure the passwd file Replace "sh" by "false" for all accounts except user account and root. I also did it for the account called sshd. I am not sure whether it will prevent SSH connection (which I want to use) or if it's something else. 5) Configure the shadow file In the console: passwd -l to lock all accounts except user account. 6) Install rkhunter and chkrootkit 7) Install Bum Disabled those services: "High performance mail server", "unreadable (kerneloops)","unreadable (speech-dispatcher)","Restores DNS" (should this one stay on?) 8) Install Apparmor_profiles 9) Install clamav & freshclam (antivirus and update) What did I do wrong and what should I do more to secure this Linux machine? Thanks a lot in advance

    Read the article

  • Fix X11 forwarding on OSX

    - by Such
    I am looking for a way to fix/debug a X11 forwarding session on OSX. Here is my situation: From my mac I connect to a Ubuntu workstation with ssh -X (tried ssh -Y as well). X11 forwarding works perfectly with firefox for instance, X11/Quartz is started automatically on OSX and firefox is displayed. X11 forwarding does not work with bat (Bacula graphical console): X11 is started but no window is displayed. There are no errors (/private/var/log/system.log). When I try doing the same from another Ubuntu workstation, it works perfectly for both firefox and bat. I guess the problem is on OSX side then. I tried switching some options in X11 but nothing works. Would you have any idea on how to move forward? Thanks!

    Read the article

  • PHPMyAdmin running very slow over internet but fine locally

    - by columbo
    I connect to PHPMyAdmin remotely on a Centos server using my local PC via Firefox. Usually it's fine but today it's really slow (2 minutes to load a page), sometimes timing out. Other connections to the server are fine. The SSH command line is as fast as ever as is the GNOME dekstop over SSH. In fact on the GNOME desktop I can run PHPMyAdmin locally from its browser and it's as quick as ever (which is a solution to the problem of course). I've checked the various log files and seen nothing unusual, I've logged into the MySQL command line and the database is running fine without any slowing what so ever. So it just seems to be slow when I access PHPMyAdmin on the server from the browser on my remote PC (I've tried IE and Firefox, both are slow). Has anyone experienced this or have any ideas what the issue could be. Connecting via CLI through tunnel works OK - problem is in phpMyAdmin for sure. Cheers

    Read the article

  • How to access vm inside a vm via VNC?

    - by can.
    For some reasons I installed virtual machines inside a virtual machine, like this: A( B( C )) where A is the physical machine, B is a vm and the network type is NAT. And C is also a virtual machine and the network type is bridged. The OSes are Ubuntu 12.04 and the hypervisors are kvm. I can access B via VNC and via ssh from A, but for C I can't use ssh because C has no IP address at the start. And I assume I can only access C via VNC. I tried something like(on A): iptables -t nat -A PREROUTING -d $ip-of-A -p tcp --dport 6500 -j DNAT --to-destination $ip-of-B:5900 (I referred to this) But it doesn't work. And I'm reading the man pages of iptables and hope someone could help :)

    Read the article

  • BASH_ENV ignored on solaris?

    - by Peeter Joot
    In my .bash_profile, executed for both my interactive and non-interactive logins are BASH_ENV=$HOME/.myinteractivestuff export BASH_ENV doing this for bash on Linux works fine, but on Solaris is not sourced: bash --version GNU bash, version 3.00.16(1)-release (sparc-sun-solaris2.10) Curiously, if I invoke screen within my login shell, BASH_ENV is then read. Are any restrictions on when $BASH_ENV is respected on Solaris? In my case I'm logging in with ssh using putty, but also tried unix to unix ssh, and telnet and see the same. Note that I know that my BASH_ENV variable assignment is being executed since I can echo this variable after login without any trouble (ie: ruling out the obvious possibility that my .bash_profile is also not being read).

    Read the article

  • ESX Firewall Command Troubles

    - by John
    Hi, I am working on creating some firewall rules to stop some of the SSH brute-force attacks that we have seen recently on our ESX server hosts. I have tried the following rules from the CLI to first block all SSH traffic and then allow the two ranges that I am interested in: esxcfg-firewall --ipruleAdd 0.0.0.0/0,22,tcp,REJECT,"Block_SSH" esxcfg-firewall --ipruleAdd 11.130.0.0/16,22,tcp,ACCEPT,"Allow_PUBLIC_SSH" esxcfg-firewall --ipruleAdd 10.130.0.0/16,22,tcp,ACCEPT,"Allow_PRIVATE_SSH" However, these rules are not working as intended. I know that if you do not enter the block rule first, then the allow rule will not be processed. We are now having the issue where the first entered allow rule is being ignored such that the block rule works and the last entered allow rule works. I was curious if anyone had any ideas on how I could allow a few different ranges of IP's with the esxcfg-firewall --ipruleAdd command? I am at a loss and am having a hard time locating examples or further documentation about this. Thanks in advance for your help with this.

    Read the article

  • I overwrote a large file with a blank one on a linux server. Can I recover the existing file?

    - by user39234
    I came back to my machine, tried saving a file over ssh onto my linux server (CentOS). It failed. I wasn't interested in keeping any changes I had made so I closed my editor and reopened the file (over ssh). The save attempt wiped the file. I have made loads of changes to it since I last uploaded to revision control. Seeing as it has just wiped the file I assume the data is still there. It's just a text file (php), is there any way of recovering it?

    Read the article

  • Make services not start automatically after reboot (as they require access to an encrypted partition)

    - by Binary255
    Hi, I use Ubuntu Server 10.04. I more or less only want the server to be accessible over SSH after a reboot. I will then login and mount the encrypted partition myself, after which I start the services which uses it. How would I go about setting something like that up? (My first idea was to have everything except /boot in an encrypted LVM, but I never got logging in through SSH and mounting the LVM to work. Initramfs was a bit too complicated for me. Otherwise I think this would have been the best solution.)

    Read the article

  • Workaround broken sudo?

    - by perreal
    I managed to break sudo by deleting the libc.so.6 sym-link in /lib. I copied the actual file and created a symbolic link with the same name under my home directory by using LD_PRELOAD=/lib/libc-2.11.3.so. At this point, all binaries linking libc are working through preload except sudo. For sudo, I need to write (and don't know why): $ /lib/ld-linux-x86-64.so.2 --library-path . /usr/bin/sudo but this gives me: $ sudo: must be setuid root Checking the permissions: $ ls -l /usr/bin/sudo $ -rwsr-xr-x 2 root root 166120 So the setuid bit is actually set. Question: I need to create a symbolic link named /lib/libc.so.6 through my active ssh connection without using sudo, or, make sudo work somehow. I don't have the root password and I can't connect through ssh anymore. Is there any other way I can get authorization?

    Read the article

  • Amazon EC2 IPSEC

    - by John Qualis
    I have configured a ubuntu 12.04 64-bit server machine on Amazon AWS to act as a strongswan IPSEC server. I want to connect to it from my MAC OSX Lion's inbuilt IPSEC client. The OSX machine is in my home network. I log into the AWS machine using a ssh to ubuntu@public-ip and I provide the private RSA key in form of .pem file which I downloaded when the machine instance was created. The ssh connection works file but the IPSEC connection fails. What credentials/configurations should I provide for an IPSEC connection from my OSX client to AWS ubuntu server? My OSX machine is behind an ISP provided modem/router. Appreciate any help and thanks in advance

    Read the article

  • is there a linux equivalent of iTerm(mac) sending command to multiple tabs functionality?

    - by jabbertalker
    in iTerm, you can send a command to execute simultaneously on a set of already opened tabs. Is there a way to do this in linux (with gnome-terminal preferably)? for instance, supposed that I had 10 tabs already ssh'd into [email protected] and sudoed to root and wanted to send a command to run on all 10 tabs. The goal of this is to be able to stay within a set of tabs and command them, rather than having to use expect scripts to ssh and elevate and run commands. Basically, like how you could do in iTerm.

    Read the article

  • Automatic Server Management

    - by Radoslav
    I try to find any kind of automatic management services. What I mean: I purchase dedicated server. Login SSH and install any kind of Daemon. Control security, tune LAMP stack, monitoring etc. from dashboard. Never touch SSH and login in to the server. Pay every month for this service. I already find few providers, but they support only EC2 cloud servers. If you can suggest me anything for dedicated machines? If not- I need to hire anyone for 5h Administrator and 715h "Box-Watcher" every month :|

    Read the article

  • How do you know which domain owns the hosting?

    - by BubbleStalker
    For example if I have 1) host adress 2) login 3) password, I am entering by SSH on ruby on rails hosting, then how can i be sured that this hosting belongs to a specific domain? for example how can I know if www.site.com - belongs to some specific hosting to which I have access. I am asking this because I have access to hosting of ruby on rails, and when i modify files, there is no changes, i've tried to use the files "script", "serv", "restart.txt" - by ssh: touch tmp/restart.txt ./serv restart script restart nothing of the above helped...and I don't know what to do, any ideas?

    Read the article

  • Editing remotely the PHP files on a Centos server

    - by Alex2012
    I have a intranet web server (Centos 6, Apache, PHP) to which I would like to give access to a developer. He will connect by remote desktop from Windows 7 to Ubuntu 12.4 and from here by SSH to /var/www/html folder where it has to create and edit the files. This solution was chosen because: - I could not make a remote desktop connection from Windows to Centos - The web developer need some editor for PHP files and is not allowed to install software on Windows 7 machine - it is more a test solution ( we are all learning to use Linux). When the developer is connected from Ubuntu to Centos by SSH (SFTP) he could save the changes only if on Centos the account used to connect has ownership to that folder. Can you please tell how can I give all required rights. I tried different solutions found on Internet but without to much success. Are there other way to connect to Centos server?

    Read the article

  • Unable to connect to vrde virtualbox VM remotely

    - by b1ackjosh
    So I've remotely created my first headless using ssh. Now I'm attempting to connect to this VM using RDP so I can install Ubuntu Server, but I cannot get connected at all. When starting the VM everything appears fine: $ vboxheadless -s WebTesting Oracle VM VirtualBox Headless Interface 4.0.16 (C) 2008-2012 Oracle Corporation All rights reserved. VRDE server is listening on port 4455. And showvminfo shows: VRDE: enabled (Address 0.0.0.0, Ports 4455, MultiConn: off, ReuseSingleConn: off, Authentication type: null) However I'm still prompted with the "enter your credentials" screen every time I attempt to connect. From reading the documentation null shouldn't prompt me with this screen at all... Any help with this is greatly appreciated. P.S. I am using ssh tunneling in putty to tunnel in to my network.

    Read the article

  • pscp: how to copy a file from a windows machine to a non-home location on another windows machine?

    - by help
    I want to copy a file from C:\temp on MachineA to C:\final on MachineB. I tried to use the following command, but it gave me an error (permission denied): C:\PROGRA~1\putty\pscp.exe -i C:\PROGRA~1\cwRsync\home\rcadmin\.ssh\id_rsa_private.ppk [email protected]:C:\final\test.txt C:\temp\test.txt It turned out I can only access C:\users\direcpc in my source computer. So if I put the file in C:\users\direcpc\text.txt, then it would work: C:\PROGRA~1\putty\pscp.exe -i C:\PROGRA~1\cwRsync\home\rcadmin\.ssh\id_rsa_private.ppk [email protected]:/test.txt C:\temp\test.txt But I want to access any location on my source computer instead of just my user home directory, is there a way to do this?

    Read the article

  • Azure Linux out of band managment

    - by faker
    I have a Linux (Ubuntu) virtual machine running on Azure. It seems like the only way to connect to it is via SSH. This is OK for normal operation, but what to do when something goes wrong (fsck waiting for user-input, new kernel doesn't boot, mis-configured network, etc.)? There is a grayed out "Connect" button in the management interface, and the help for it says: To access a virtual machine running Windows Server, click Connect and follow the instructions. Enter the password that was set when the virtual machine was created. The Connect button is not available for a virtual machine running Linux, but you can use your favorite SSH program to access it. I've read the documentation on the command line tools, but there is also no way to connect to it. Is there any way for me to get such a console?

    Read the article

  • Wrapping a point-to-point link

    - by user3712955
    I'm using a pair of IP radios (non-WiFi) to bridge my office engineering LAN (172.0.0.0/8) to a lab in another building. The radios work fine, but they expose a web management interface I'd like to hide, and they also generate traffic (ARP, STP, and more) that I need to keep off my (very, very clean) LAN segments. I have some ARM-Linux boards (similar to Beagle/Panda/RasPi) running Ubuntu, and I've put one at each end of the link, between the radio and the LAN. Each of the boards has 2 wired Ethernet interfaces, eth0 and eth1. The LAN segments are connected to eth0, and the radios are connected to eth1. I'd like to accomplish the following: Keep radio-originated traffic off my LAN segments! Hide all services provided by the radio (web, ssh, etc.) Transparently pass all traffic between the LAN segments (including things like ARP). The above also applies to the ARM-Linux boards: No stray traffic my LAN from them either! I'd like the system to look like a switch: LAN packets arriving at one eth0 appear at the other. And neither eth0 should have an IP address: The working system should behave like a CAT6 cable with some latency (instead of ARM boards and radios). Unfortunately, I'm confused about how to properly configure the ARM Ubuntu systems. What I'm guessing I need is a bridge on each board (br0?) and a VLAN (vlan0 or eth0.0?) to isolate the LAN traffic from everything else as it passes through the ARM boards and the radios. Then I need some kind of a firewall to block sending anything out eth0 that isn't from the other eth0 (via the VLAN). I've looked at the ip and ebtables commands (especially -t broute). While the concepts sorta-kinda make sense, I'm completely lost in the details. Edit: In the perverse case that a system on one of my LAN segments has the same IP address as one of the radios, or as eth1 on the ARM-Ubuntu boards, a VLAN won't work. Which I believe means I need to tunnel all traffic between the two eth0 interfaces to get that "like a wire" behavior. Help? Finally, I'd like to have a way to temporarily expose services on the ARM boards (ssh) and the radios (web) for maintenance purposes. Ideally, it would expose an IP address with ssh available on port 22. Once connected, I figure I'd start an X11 session and run a browser on the ARM board to access the radios. Or something. I could login via the console to enable/disable this, or perhaps could use a GPIO to trigger a script. I feel I've identified most of the pieces needed to make all this happen, but I have no idea how to combine them to make a working system. Thanks!

    Read the article

  • How can I access my desktop computer from my Android phone?

    - by Qurben
    Is it possible to access a computer connected to the internet through an Android phone? (the internet goes through the phone by tethering) I want to use ssh to connect to the computer (from a different computer in the same network), but I am not able to access the computer. Is it possible to portforward, use some kind of transparent proxy or to use DMZ? My phone is rooted and I have Cyanogenmod installed and I can use iptables. EDIT: The changed title completely changed the question! My setup is the following: I have an android phone connected to a computer through the usb cable tethering internet from the phone, I wanted to ssh into the computer behind the android phone from another computer in the same network as the android phone. This was not possible, because the android phone creates a separate network for the connected computer, effectively shielding it from any incoming signals. It turned out to be quite simple to fix by just using iptables.

    Read the article

  • Realtime website slowness (PHP/MYSQL)

    - by 3s2ng
    We got a website with realtime transactions. The past few days we experienced some slowness during a period of time. Usually the slowness last for 5 minutes. And also during the slowness we noticed that sometimes we can not connect to SSH and FTP or sometimes very slow to connect to those services. Currently we are trying to identify the issue. We already setup database monitoring tool. Now are about to signup with pingdom.com My question is. If the website is too slow due to the database (table or row lock) will it affect the other services like SSH and FTP? Does the ping correlates the page load and the connection between my PC and server? Thanks, Mark

    Read the article

  • My server hostname doesn't work? [on hold]

    - by xSpartanCx
    I've got a raspberry pi running raspbian server edition. It's a modified debian that runs well on the rPi. My problem is that the only way I can ssh into it with putty is through the static ip. My router doesn't recognize the hostname; it shows the mac address as the name. This causes the pi not to show my website online (I think). The only way I've gotten it to work is using my other linux server to forward using virtual hosts, and that has to use the ip address, too. However, now that I have my other server off, the website doesn't work and I can't ssh (or find it anywhere on the network) using the hostname.

    Read the article

  • Samba Server Make Multiple User Permissions Profiles

    - by Scriptonaut
    I have a Samba file server running, and I was wondering how I could make multiple user accounts that have different permissions. For example, at the moment I have a user, smbusr, but when I ssh to the share, I can read, write, execute, and even navigate out of the samba directory and do stuff on the actual computer. This is bad because I want to be able to give out my IP so friends/family can use the server, but I don't want them to be able to do just anything. I want to lock the user in the samba share directory(and all the sub directories). Eventually I would like several profiles such as (smbusr_R, smbusr_RW, smbguest_R, smbguest_RW). I also have a second question related to this, is SSH the best method to connect from other unix machines? What about VPN? Or simply mounting like this: mount -t ext3 -o user=username //ipaddr/share /mnt/mountpoint Is that mounting command above the same thing as a vpn? This is really confusing me. Thanks for the help guys, let me know if you need to see any files, or need anymore information.

    Read the article

  • Trying to configure DNS on a Godaddy Virtual Dedicated host, Mediatemple Domain Registration

    - by dclowd9901
    A client of mine purchased VD hosting with Godaddy and a domain name with Mediatemple. I've never configured DNS from scratch, and I'm finding it very difficult to find any sort of explanation on how to go about it. As of right now, Mediatemple is pointing to the Godaddy's ns1.domaincontrol.com and ns2.domaincontrol.com nameservers. The VD hosting on Godaddy (via their Simple Control Panel) has options to "Add a new domain", which brings you through a wizard of sorts that asks you if the domain has already been registered (yes), what it is (dclowd9901.com for this example), create a system username and password for it (with checkboxes for SSH and FTP access), which level of user can administer it, and whether a mail account should be setup. When complete, it also creates a zone file. In this zone file, the Primary nameserver is ns1.dclowd9901.com; the records are as follow (where 12.23.12.34 is the presumed host): @ A 12.23.12.34 @ NS ns1 @ NS ns2 ns1 A 12.23.12.34 ns2 A 12.23.12.34 @ MX mail www A 12.23.12.34 ftp A 12.23.12.34 ssh A 12.23.12.34 mail A 12.23.12.34 If anyone can shed any light on this for me, explain to me the interactions between the registrar and the host and so on, I'd be very grateful. Thanks in advance for the help.

    Read the article

< Previous Page | 94 95 96 97 98 99 100 101 102 103 104 105  | Next Page >