Re: using one authorized_keys file to another account
Yes you were right thanks. 2010/10/25 Serge van Ginderachter : > Check the permissions and ownership of this file: > >> home/newaccount/.ssh/authorized_keys > > > -- > Met vriendelijke groet, > Serge van Ginderachter > > Stuiver 32, B-9950 Waarschoot > M +32.473.525.010 T +32.9.378.31.73 > -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: using one authorized_keys file to another account
Check the permissions and ownership of this file: home/newaccount/.ssh/authorized_keys > -- Met vriendelijke groet, Serge van Ginderachter Stuiver 32, B-9950 Waarschoot M +32.473.525.010 T +32.9.378.31.73 -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
using one authorized_keys file to another account
I have an access to a machine on lan via ssh and I am using key based authentication on it. I created one more account on the remote machine and copied cp home/oldaccount/.ssh/authorized_keys home/newaccount/.ssh/authorized_keys Now when I tried to login to the other account via ssh from my laptop it did not worked. Though the copy of keys from laptop .ssh/id_rsa.pub to remote machine new account .ssh/authorized keys did worked. I was wondering I had added same keys to old account so why did simple copying the authorized keys from one account to another did not worked. Because when I did cat id_rsa.pub > authorized_keys in new account I had created same file which was in old account. Why is this happening or my observation is wrong. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Sharing hosts.deny
On Mon, Oct 25, 2010 at 5:21 PM, James Gray wrote: > > OK - so theres a little gem :) DONT try to filer services on a guest at the > hypervisor layer! The hypervisor (VMware) >couldn't care less about the > traffic destined for a guest, its firewall is only concerned about traffic > destined for the >hypervisor. Filter the guests' traffic on the GUEST, and > only the guest. Ok > If you have a virtual switch you might want to do some fancy VLAN tagging > voodoo to do pseudo-hypervisor filtering, but >that's probably heading into > the "why bother" end of the discussion. Just filter the traffic for the > guest on the guest's >firewall and all will be well with the world :) Yes I logged on to guest machine and did same what you are saying in fact the reason I started this discussion was same thing you mentioned I saw all network activity on guest stopping no communication with any thing what so ever. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Sharing hosts.deny
On 25/10/2010, at 10:28 PM, Tapas Mishra wrote: > On Mon, Oct 25, 2010 at 4:42 PM, Ahmed Kamal > wrote: >> Don't know what the general consensus is, but I've almost never really >> used hosts.deny in real production. iptables just does everything I >> need. OP might want to consider this >> > Yes I do want to use IPTABLES but I noticed using IPTABLES to deny > services on Virtual Machines which run on Vmware causes the VMs to > disconnect from internet.Not sure what port Vmware needs to be open so > that the VM (Virtual Machine) can be accessed from outside. > I use IPTABLES on host and guest both. OK - so theres a little gem :) DONT try to filer services on a guest at the hypervisor layer! The hypervisor (VMware) couldn't care less about the traffic destined for a guest, its firewall is only concerned about traffic destined for the hypervisor. Filter the guests' traffic on the GUEST, and only the guest. If you have a virtual switch you might want to do some fancy VLAN tagging voodoo to do pseudo-hypervisor filtering, but that's probably heading into the "why bother" end of the discussion. Just filter the traffic for the guest on the guest's firewall and all will be well with the world :) Cheers, James -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Sharing hosts.deny
On Mon, Oct 25, 2010 at 4:42 PM, Ahmed Kamal wrote: > Don't know what the general consensus is, but I've almost never really > used hosts.deny in real production. iptables just does everything I > need. OP might want to consider this > Yes I do want to use IPTABLES but I noticed using IPTABLES to deny services on Virtual Machines which run on Vmware causes the VMs to disconnect from internet.Not sure what port Vmware needs to be open so that the VM (Virtual Machine) can be accessed from outside. I use IPTABLES on host and guest both. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Sharing hosts.deny
On 10/25/2010 01:05 PM, James Gray wrote:
> On 25/10/2010, at 12:41 PM, Michael wrote:
>
>> On 10/22/2010 01:16 AM, Tapas Mishra wrote:
>>> I wanted to know if there is any place where people have shared these
>>> IPs which needs to be blocked I feel most of the time the entries must
>>> be common though not always.So if hosts.deny file is shared some where
>>> then give a link.(I do use auth.log to note IPs to block)
>>>
>>>
>> I have a bunch of entries in my hosts file with the 127.0.0.1 line
>> added. I have always seen the hosts.deny and hosts.allow files but
>> never know how to use them. When I google hosts.deny it says something
>> about blocking a range of IP addresses. Is it safe to assume that using
>> hosts.deny is more effective/better than just adding entries to the
>> hosts file?
> The /etc/hosts.{allow,deny} are part of tcp wrappers (ie, inetd/xinetd) and
> have very little to do with host resolution (which is what /etc/hosts is
> for). Normally, when I need to block an IP address I throw it at iptables
> (the firewall) which is the correct place for it in a lot of (read "most")
> situations.
>
Don't know what the general consensus is, but I've almost never really
used hosts.deny in real production. iptables just does everything I
need. OP might want to consider this
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
Re: Sharing hosts.deny
On 25/10/2010, at 12:41 PM, Michael wrote:
> On 10/22/2010 01:16 AM, Tapas Mishra wrote:
>> I wanted to know if there is any place where people have shared these
>> IPs which needs to be blocked I feel most of the time the entries must
>> be common though not always.So if hosts.deny file is shared some where
>> then give a link.(I do use auth.log to note IPs to block)
>>
>>
>
> I have a bunch of entries in my hosts file with the 127.0.0.1 line
> added. I have always seen the hosts.deny and hosts.allow files but
> never know how to use them. When I google hosts.deny it says something
> about blocking a range of IP addresses. Is it safe to assume that using
> hosts.deny is more effective/better than just adding entries to the
> hosts file?
The /etc/hosts.{allow,deny} are part of tcp wrappers (ie, inetd/xinetd) and
have very little to do with host resolution (which is what /etc/hosts is for).
Normally, when I need to block an IP address I throw it at iptables (the
firewall) which is the correct place for it in a lot of (read "most")
situations.
However, if Tapas Mishra (the OP) is trying to use tcp wrappers to limit access
to certain services, then sharing /etc/hosts.{allow,deny} via NFS etc, then
symlink /etc/hosts{allow,deny} to /path/to/NFS/hosts.{allow,deny} should work.
Keep in mind the inetd/xinetd will probably need a SIGHUP (at least) to pick up
any changes in these files - I can't say for certain, I don't use inetd/xinetd
for anything these days, and can't remember its nuances. HUPing the
inetd/xinetd on each host is rather onerous and will probably lead to service
interuptions. YMMV
Cheers,
James
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
HP BL460 problem
Hi I am trying to install lucid on a HP BL460 G1, but it can't find the disks. I am 100% sure I have some of the same servers with hardy, and the controller is the good old cciss, so does anybody know why it doesn't work on lucid ? MVH/Best regards Allan Jacobsen IT-Teknik Danske Spil A/S -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
