restricting shell accounts
What is the best way to restict a shell account just to its own home directory. I am using rbash but this seems to do very little. I would like to give users the fredom of ssh access, so they can for example edit there webiste with vi for a quick change, but not let them view every file on the system that is world readable. -- Jody -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
restricting shell accounts
What is the best way to restict a shell account just to its own home directory. I am using rbash but this seems to do very little. I would like to give users the fredom of ssh access, so they can for example edit there webiste with vi for a quick change, but not let them view every file on the system that is world readable. -- Jody
SSH More Than Port Forwarding
I've done some neat things in the past using SSH port forwarding, offering services from my local server on the internet via my public servers. Is there anyway I can forward all the traffic from a single IP on my Public server to my local server? Making a new kind of VPS (Virtual Public server). I have seen some people offer a this service but I can't find any documentation on how to do it. Has anyone done this befor with ssh ? Cheers Jody -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSH More Than Port Forwarding
Andrew Miehs wrote: You could try with PPP over SSH... But this will probably have pretty high latency times. Depends on the service you are trying to route... Is this for fun? or is this for commercial purposes... The idea of 'outside' traffic inside my development lan, doesn't sound like such a good idea to me... Its sounds like you should set up additional customer servers. I would like to be able to offer customers a choice even if it has hi latency, I have a few customers that could only be able to get a static ip over Satellite. I took a look at the VPN PPP-SSH Mini-HOWTO at http://www.tldp.org/HOWTO/ppp-ssh/index.html after reading your email, section 2.2 Drawbacks is very discouraging. But this still about, what I'm looking for so I'll give it a shot and see how it works. Andrew On 17.04.2004, at 15:58, Jody Grafals wrote: I've done some neat things in the past using SSH port forwarding, offering services from my local server on the internet via my public servers. Is there anyway I can forward all the traffic from a single IP on my Public server to my local server? Making a new kind of VPS (Virtual Public server). I have seen some people offer a this service but I can't find any documentation on how to do it. Has anyone done this befor with ssh ? Cheers Jody . -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
SSH More Than Port Forwarding
I've done some neat things in the past using SSH port forwarding, offering services from my local server on the internet via my public servers. Is there anyway I can forward all the traffic from a single IP on my Public server to my local server? Making a new kind of VPS (Virtual Public server). I have seen some people offer a this service but I can't find any documentation on how to do it. Has anyone done this befor with ssh ? Cheers Jody
Re: SSH More Than Port Forwarding
Andrew Miehs wrote: You could try with PPP over SSH... But this will probably have pretty high latency times. Depends on the service you are trying to route... Is this for fun? or is this for commercial purposes... The idea of 'outside' traffic inside my development lan, doesn't sound like such a good idea to me... Its sounds like you should set up additional customer servers. I would like to be able to offer customers a choice even if it has hi latency, I have a few customers that could only be able to get a static ip over Satellite. I took a look at the VPN PPP-SSH Mini-HOWTO at http://www.tldp.org/HOWTO/ppp-ssh/index.html after reading your email, section 2.2 Drawbacks is very discouraging. But this still about, what I'm looking for so I'll give it a shot and see how it works. Andrew On 17.04.2004, at 15:58, Jody Grafals wrote: I've done some neat things in the past using SSH port forwarding, offering services from my local server on the internet via my public servers. Is there anyway I can forward all the traffic from a single IP on my Public server to my local server? Making a new kind of VPS (Virtual Public server). I have seen some people offer a this service but I can't find any documentation on how to do it. Has anyone done this befor with ssh ? Cheers Jody .
Re: Spoon feeding Exchange with Sendmail
Jon Wood wrote: Quoting R.M. Evers [EMAIL PROTECTED]: doesn't exchange come with some pop-connector tool to download mail from a pop-server? i know it's not the coolest solution, though i believe it works ;-) There are many commercially available exchange pop down-loaders but Exchange dose not come with any in the standard addition. In my case the Win2k server is sitting in a LAN with no route to the internet but can get data from our DMZ and the linux server is sitting in the DMZ and is online all the time. I don't trust the Win2k Exchange server on the internet ;-)I'm working on getting a suitable solution working with fetchmail to pass remote mail to the local mail server (Exchange), in the future I would like to be able to filter all the mail for spam and viruses on the Linux server, but I figured this is a good first step. Cheers jody regards, -rodi On Fri, 2003-10-10 at 20:52, Jody Grafals wrote: Spoon feeding Exchange with Sendmail Is it possible to somehow use my Debian Linux server as a tool to download pop mail from a remote server then forward it to my local mail server (Exchange), I was thinking Sendmail might be able to do something like this but I could not find any documentation. Thanks jody -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Spoon feeding Exchange with Sendmail
Spoon feeding Exchange with Sendmail Is it possible to somehow use my Debian Linux server as a tool to download pop mail from a remote server then forward it to my local mail server (Exchange), I was thinking Sendmail might be able to do something like this but I could not find any documentation. Thanks jody -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spoon feeding Exchange with Sendmail
Yreka - So I could use fetchmail to get the mail form the pop account then use sendmail to the exchange server - Can this be automated out of the box or will it invlove scripting and is it a piratical solution for auto relaying 50 mailboxes Or am I making this to complicated. Is there some sort of mail relaying tool for just moving lot of mail around? thank Jody Teun Vink wrote: - Original Message - From: Jody Grafals [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 10, 2003 8:52 PM Subject: Spoon feeding Exchange with Sendmail Spoon feeding Exchange with Sendmail Is it possible to somehow use my Debian Linux server as a tool to download pop mail from a remote server then forward it to my local mail server (Exchange), I was thinking Sendmail might be able to do something like this but I could not find any documentation. Never used it, but fetchmail should be able to do this, I think. Regards, Teun -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Woody, FreeSwan and a SonicWall Pro 100
I have been trying to get this working for a long time now, can anyone give me some help? I have even tried the old dpkg -P freeswan and started from scratch a few times. You can see exactly what I type below and the error I get, I attached the log dumb separately to try and keep things neat. The sonic wall is a 30min drive away with no remote access, so I don't have any logs handy from that, but I don't think I'm getting that far ? I've included all the info think may be useful. ###ipsec.secure %any xxx.xxx.25.191 : PSK notmyrealkey ###ipsec.conf config setup interfaces=ipsec0=ppp0 klipsdebug=all plutodebug=all plutoload=%search plutostart=%search uniqueids=yes conn iazex type=tunnel auto=add auth=esp authby=secret pfs=yes keyingtries=1 left=%any leftnexthop=10.18.1.1 leftsubnet=192.168.0.0/24 right=xxx.xxx.25.191 rightnexthop=24.52.25.129 rightsubnet=10.0.0.0/24 rightid=xxx.xxx.25.191 esp=3des-hmac-md5 keyexchange=ike # cyberflunky:~# ipsec setup --start ipsec_setup: Starting FreeS/WAN IPsec 1.96... cyberflunky:~# ipsec auto --add iazex cyberflunky:~# ipsec auto --up iazex whack: is Pluto running? connect() for /var/run/pluto.ctl failed (111 Connection refused) ### Somehting that has to do with pluto/ipsec is running cyberflunky:~#ps aux root 23741 0.0 0.1 2044 944 pts/4S02:59 0:00 /bin/bash /usr/lib/ipsec/_plutorun --re --debug all --uniqueids yes --dump --load %search --st root 23742 0.0 0.0 1244 392 pts/4S02:59 0:00 logger -p daemon.error -t ipsec__plutorun root 23743 0.0 0.1 2044 944 pts/4S02:59 0:00 /bin/bash /usr/lib/ipsec/_plutorun --re --debug all --uniqueids yes --dump --load %search --st root 23744 0.0 0.1 2040 948 pts/4S02:59 0:00 /bin/sh /usr/lib/ipsec/_plutoload --load %search --start %search --wait --post root 23746 0.0 0.1 1872 768 pts/4S02:59 0:00 /usr/lib/ipsec/pluto --nofork --debug-all --uniqueids cyberflunky:~# cat /proc/version Linux version 2.4.17 ([EMAIL PROTECTED]) (gcc version 2.95.4 20011002 (Debian prerelease)) #1 Sun Jun 8 19:15:24 EDT 2003 # cyberflunky:~# ifconfig eth0 Link encap:Ethernet HWaddr 00:E0:7D:F1:4C:40 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:12389 errors:0 dropped:0 overruns:0 frame:0 TX packets:8685 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:12710901 (12.1 MiB) TX bytes:813361 (794.2 KiB) Interrupt:10 Base address:0x1000 eth1 Link encap:Ethernet HWaddr 00:30:1B:09:E9:E1 inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:37970 errors:0 dropped:0 overruns:0 frame:0 TX packets:41791 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:7159732 (6.8 MiB) TX bytes:23853795 (22.7 MiB) Interrupt:11 Base address:0x3000 ipsec0Link encap:Point-to-Point Protocol inet addr:xxx.xxx.12.74 Mask:255.255.255.255 UP RUNNING NOARP MTU:16260 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:5034 errors:0 dropped:0 overruns:0 frame:0 TX packets:5034 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:387345 (378.2 KiB) TX bytes:387345 (378.2 KiB) ppp0 Link encap:Point-to-Point Protocol inet addr:xxx.xxx.12.74 P-t-P:10.18.1.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:5319 errors:0 dropped:0 overruns:0 frame:0 TX packets:3043 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:6971717 (6.6 MiB) TX bytes:174508 (170.4 KiB) ## cyberflunky:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.18.1.1 * 255.255.255.255 UH0 0 0 ppp0 10.18.1.1 * 255.255.255.255 UH0 0 0 ipsec0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth1 default 10.18.1.1 0.0.0.0 UG0 0 0 ppp0 0 Jun 10 02:59:11 cyberflunky kernel: klips_debug:pfkey_x_debug_process: set Jun 10 02:59:11 cyberflunky kernel: klips_debug:pfkey_msg_interp: parsing message type 16 with msg_parser c0271810. Jun 10 02:59:11 cyberflunky kernel: klips_debug:pfkey_x_msg_debug_parse: . Jun 10
Woody, FreeSwan and a SonicWall Pro 100
I have been trying to get this working for a long time now, can anyone give me some help? I have even tried the old dpkg -P freeswan and started from scratch a few times. You can see exactly what I type below and the error I get, I attached the log dumb separately to try and keep things neat. The sonic wall is a 30min drive away with no remote access, so I don't have any logs handy from that, but I don't think I'm getting that far ? I've included all the info think may be useful. ###ipsec.secure %any xxx.xxx.25.191 : PSK notmyrealkey ###ipsec.conf config setup interfaces=ipsec0=ppp0 klipsdebug=all plutodebug=all plutoload=%search plutostart=%search uniqueids=yes conn iazex type=tunnel auto=add auth=esp authby=secret pfs=yes keyingtries=1 left=%any leftnexthop=10.18.1.1 leftsubnet=192.168.0.0/24 right=xxx.xxx.25.191 rightnexthop=24.52.25.129 rightsubnet=10.0.0.0/24 rightid=xxx.xxx.25.191 esp=3des-hmac-md5 keyexchange=ike # cyberflunky:~# ipsec setup --start ipsec_setup: Starting FreeS/WAN IPsec 1.96... cyberflunky:~# ipsec auto --add iazex cyberflunky:~# ipsec auto --up iazex whack: is Pluto running? connect() for /var/run/pluto.ctl failed (111 Connection refused) ### Somehting that has to do with pluto/ipsec is running cyberflunky:~#ps aux root 23741 0.0 0.1 2044 944 pts/4S02:59 0:00 /bin/bash /usr/lib/ipsec/_plutorun --re --debug all --uniqueids yes --dump --load %search --st root 23742 0.0 0.0 1244 392 pts/4S02:59 0:00 logger -p daemon.error -t ipsec__plutorun root 23743 0.0 0.1 2044 944 pts/4S02:59 0:00 /bin/bash /usr/lib/ipsec/_plutorun --re --debug all --uniqueids yes --dump --load %search --st root 23744 0.0 0.1 2040 948 pts/4S02:59 0:00 /bin/sh /usr/lib/ipsec/_plutoload --load %search --start %search --wait --post root 23746 0.0 0.1 1872 768 pts/4S02:59 0:00 /usr/lib/ipsec/pluto --nofork --debug-all --uniqueids cyberflunky:~# cat /proc/version Linux version 2.4.17 ([EMAIL PROTECTED]) (gcc version 2.95.4 20011002 (Debian prerelease)) #1 Sun Jun 8 19:15:24 EDT 2003 # cyberflunky:~# ifconfig eth0 Link encap:Ethernet HWaddr 00:E0:7D:F1:4C:40 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:12389 errors:0 dropped:0 overruns:0 frame:0 TX packets:8685 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:12710901 (12.1 MiB) TX bytes:813361 (794.2 KiB) Interrupt:10 Base address:0x1000 eth1 Link encap:Ethernet HWaddr 00:30:1B:09:E9:E1 inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:37970 errors:0 dropped:0 overruns:0 frame:0 TX packets:41791 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:7159732 (6.8 MiB) TX bytes:23853795 (22.7 MiB) Interrupt:11 Base address:0x3000 ipsec0Link encap:Point-to-Point Protocol inet addr:xxx.xxx.12.74 Mask:255.255.255.255 UP RUNNING NOARP MTU:16260 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:5034 errors:0 dropped:0 overruns:0 frame:0 TX packets:5034 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:387345 (378.2 KiB) TX bytes:387345 (378.2 KiB) ppp0 Link encap:Point-to-Point Protocol inet addr:xxx.xxx.12.74 P-t-P:10.18.1.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:5319 errors:0 dropped:0 overruns:0 frame:0 TX packets:3043 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:6971717 (6.6 MiB) TX bytes:174508 (170.4 KiB) ## cyberflunky:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.18.1.1 * 255.255.255.255 UH0 0 0 ppp0 10.18.1.1 * 255.255.255.255 UH0 0 0 ipsec0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth1 default 10.18.1.1 0.0.0.0 UG0 0 0 ppp0 0 Jun 10 02:59:11 cyberflunky kernel: klips_debug:pfkey_x_debug_process: set Jun 10 02:59:11 cyberflunky kernel: klips_debug:pfkey_msg_interp: parsing message type 16 with msg_parser c0271810. Jun 10 02:59:11 cyberflunky kernel: klips_debug:pfkey_x_msg_debug_parse: . Jun 10 02:59:11
Dial Up Server Problems
:22 yS0CND: OK[0a]AT[0d] 01/09 01:15:22 yS0CND: AT[0d][0a]OK ** found ** 01/09 01:15:23 yS0 waiting for line to clear (VTIME), read: [0d][0a] 01/09 01:15:23 yS0 removing lock file 01/09 01:15:23 yS0 waiting... -- Jody Grafals TechQuest IT Services [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]