how to ssh to a linux box from an internet cafe
I'll soon be on vacations without my PC. I believe that internet access from an internet cafe will be my best option. If things go for the worse how can I ssh to my debian server? I suppose that a PC in most internet cafes will be willing to download and run putty.exe but am I right? If not is there any other option? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [solved]: web alternative to knockd for a "secure" sshd server?
On 4/23/07, Karl E. Jorgensen <[EMAIL PROTECTED]> wrote: [...] > > Nice idea. Is it easy to support sshd-httpd on the same port also? > > Yes - assuming that the httpd client doesn't use pooling or the like, > which stops the client from "talking" immediately upon connection: > [...] > I did do a write-up on using it with other protocols, but I can't > locate it at the moment :-| Fount it - in the FAQ (D'oh!) in the source. :-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [solved]: web alternative to knockd for a "secure" sshd server?
On 4/21/07, Karl E. Jorgensen <[EMAIL PROTECTED]> wrote: Despite being security-through-obscurity, it *is* possible to run https and ssh on the same port, via a proxy: http://sourceforge.net/projects/ssh-ssl-proxy/ Nice idea. Is it easy to support sshd-httpd on the same port also? [...] at least casual scanners could well see an https server instead of SSH... The scanners I'm afraid of are those that will attempt to talk ssh to ports 80,443 because the cracker operating them knows that many admins might very well have configured an ssh there just to be able to access it when behind a restrictive firewall. For those scanners your proxy is transparent (as it should be) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
[solved]: web alternative to knockd for a "secure" sshd server?
On 4/21/07, Jeff D <[EMAIL PROTECTED]> wrote: On Fri, 20 Apr 2007, Nick Demou wrote: [...] > > Any other idea of simple measures that will keep as many attackers > away from the one and only service that is listening to the Internet? > [...] I'm not sure if this fits what you are looking for or not: http://www.cipherdyne.org/fwknop/ This does single packed authentication, you send a specially crafted packet to the server, through a client app though, and it opens up the firewall for you for a specified amount of time and closes it back up after you are done. Thanks, it's what I was looking for. Allthough it does have the drawback of requiring a special client to knock the server as you noted. This, however, is the sideeffect of making the implementation much more robust and not relying on security by obscurity. To be honest I prefer the convenience of connecting without a special client but I allready thought of an easy way to make fwknop ... less secure (always easier than the oposite :) Thanks also, for all other advices from the list (rate limiting for example is too easy to be left out of the scheme) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: web alternative to knockd for a "secure" sshd server?
On 4/20/07, Johannes Wiedersich <[EMAIL PROTECTED]> wrote: Nick Demou wrote: > Any other idea of simple measures that will keep as many attackers > away from the one and only service that is listening to the Internet? Different approach, but the same goal: [...] fail2ban bans IPs that cause multiple authentication errors [...] Maybe not as perfect as your approach, but very simple: just install and forget. thanks Johannes, true It doesn't protect you from an sshd vulnerability but it does a lot with zero effort. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: web alternative to knockd for a "secure" sshd server?
On 4/20/07, Roberto C. Sánchez <[EMAIL PROTECTED]> wrote: On Fri, Apr 20, 2007 at 12:47:20PM +0300, Nick Demou wrote: > [...] > Any other idea of simple measures that will keep as many attackers > away from the one and only service that is listening to the Internet? > Well, if which outbound ports are available is a real concern, then consider the following: - rate-limit new ssh connections (I use this) [this] will keep your logs from getting cluttered (and will also slow attackers down greatly so that they take longer to get to other people's machines). do you mean to configure iptables in order to limit cons/min? what rules do you use? any pointer to the web? - force key-only authentication [this] makes it impossible for a dictionary attack to ever succeed. That one I can't do in some cases because I'll lose the ability to connect from some random PC. I rarely need this but when I do I need it badly :)
web alternative to knockd for a "secure" sshd server?
The only service that listens to the internet on my pcs is sshd (on port 80 or 443 [1]). Since neither me nor sshd is perfect I would like to get rid of as much attackers as possible. My idea was to use port knocking. So I tested knockd and it seems nice[2] except one minor thing[3] and a major problem: if I am visiting some firewalled network that only allows connections to port 80,443 (and if you are lucky 110) there are hardly any ports to knock :( Any other idea of simple measures that will keep as many attackers away from the one and only service that is listening to the Internet? I was thinking about some super-simple web server that as soon as it takes a request like GET /let_me_in at port 80 adds a rule to allow incoming connections to port 443 (where sshd will be listening). I could modify some simple python web server but this will have to wait for free time to visit me and will certainly be worse from a security point of view than some tested daemon in C. Nick __ [1] Some times I visit places with firewalls that only allow outgoing connections to port 80,443 so I prefer to set sshd to listen to those ports. However I suppose that crackers are not idiots, they must have noticed that a lot of admins set sshd on those ports, so they will be routinely scanning ports 22,80,443 (even likely 1022,10022 also) for ssh servers. [2] easy to setup and configure, easy to use even without specialized client [3] It doesn't automatically remove iptables rules after you close the connection. So over time "allow" rules accumulate. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: looking for email database
Miles Fidelman wrote: A while back I came across a pretty neat piece of open source software providing a database for large scale mail storage, searching, and retrieval - with interfaces to all the standard MTAs and both POP and IMAP interfaces to the database [ but I forgot the name ] I was wondering about it some time ago. Took a look around on the web and reading some posts in [1] and [2] made me feel I was looking for trouble if I was to abandon the standard maildir on a decent filesysstem setup (in those posts most people claim with good arguments that storing emails in a generic sql DB (like mysql, pg) would make a lot of simple tasks much slower) Anyway I have no personal experience to share - just thought you might be interested [1] http://www.dovecot.org/list/dovecot/2006-June/thread.html#13791 [2] http://groups.google.gr/group/comp.mail.misc/search?group=comp.mail.misc&q=+database&qt_g=1&searchnow=%CE%91%CE%BD%CE%B1%CE%B6%CE%B7%CF%84%CE%AE%CF%83%CF%84%CE%B5+%CF%83%CE%B5+%CE%B1%CF%85%CF%84%CE%AE%CE%BD+%CF%84%CE%B7%CE%BD+%CE%BF%CE%BC%CE%AC%CE%B4%CE%B1. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [OT] How much open is OpenSolaris?
2007/3/30, Michael Pobega <[EMAIL PROTECTED]>: ... the Wikipedia article "The [FSF] considers it a free license incompatible with the GNU General Public License (GPL)". I guess this means that although it is free, it isn't free under GPL standards No, GPL compatibility is defined by the FSF, as: "This means you can combine a module which was released under that [compatible] license with a GPL-covered module to make one larger program." (What other licenses are, anyway? under FSF's standards A LOT other licenses are free and many are GPL compatible also http://www.fsf.org/licensing/licenses/index_html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Απ: SMTP and ports 25 and 1025.
2007/3/16, Easthope <[EMAIL PROTECTED]>: Debian Users, I am trying to understand how SMTP uses ports. Ultimately I want it to work through a SSH tunnel. Normally SMTP uses port 25 but in some cases it uses 1025. 25 is the default (ie. the one that all computers in the Internet will attempt to use). You can manually set an SMTP to use whatever port you like (1025 10025 689...) but only if you control all the PCs that will talk to that SMTP (in order to set them so as to use 1025 also). So what is SMTP doing with it? nothing if you don't mess with the defaults which you better not -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Απ: accented chars. shown as question marks in black diamonds in mozilla
2007/3/8, Arlie Stephens <[EMAIL PROTECTED]>: On Mar 08 2007, Florian Kulzer wrote: > ... > > > in the HTML header. I see. Since I'm lazy - and unsure precisely what query to feed to a search engine - could you possibly point at a list of these tags. you did bury your question under too much text but you were lucky :) 1) http://en.wikipedia.org/wiki/Category:Character_encoding 2) http://en.wikipedia.org/wiki/Charset 3) my advice: learn - choose your html editor carefully - test -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Απ: accented chars. shown as question marks in black diamonds in mozilla
2007/3/8, H.S. <[EMAIL PROTECTED]>: Nick Demou wrote: > ... > in the case of this page the text is really encoded as iso8859-1 (as > you can find out if you manually select this encoding when everything > displays properly) but the html code reports that it's text is encoded > as UTF-8 (as you can see if you look at the first lines of the html > source: content="text/html; charset=utf-8" - you can see the source > with menu->view->page source). > > So its a problem that only time.com can solve properly For a moment pretend that I am the person responsible to do that (HTML programmer or HTML editor or whatever). What would I do to resolve this? My guess: use an HTML editor which supports UTF-8? Then the tag in the web page, content="text/html; charset=utf-8", would specify the encoding, the editor would input proper encoding of the character and my UTF-8 enabled browser should show the characters exactly as they were typed(?) yes this would do the trick however do note that you do not need to have UTF-8 everywhere: you could use an HTML editor that supports iso8859-1 and just make sure that the tag DOES PROPERLY indicate that this is iso-8859-1 text and you would be equally good. UTF-8 everywhere does makes these issues easier (it's just that it is rather recent development and a) a few programs can't handle it b) some programmers users don't know how to set things properly for UTF8 support) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Απ: accented chars. shown as question marks in black diamonds in mozilla
2007/3/8, H.S. <[EMAIL PROTECTED]>: Florian Kulzer wrote: > On Thu, Mar 08, 2007 at 09:59:07 -0500, H.S. wrote: >> ...For example, on this web page (CNN): >> http://www.time.com/time/nation/article/0,8599,1597226,00.html?cnn=yes >> I see this "or his prot�g�s". I assume the last word is protege with >> ... > > Try to change to "View > Character Encoding > Western (ISO-8859-1)". Yes, that worked. ROUGH EXPLANATIONS when one writes a text in a text-editor the text-editor must store it in the disk as a series of numbers (for example ABC will become 65,66,67) this is called encoding the text when your browser renders that text in the screen it must convert the series of numbers to glyphs of letters (for example 65,66,67 will be presented as ABC) this is called decoding in order for this to work the two programs (text editor and browser) should agree in order to use the same rules of conversion (for example A<->65, B<->66,...) this is where everything gets messed up because there are more than one possible encoding rules and web server, a database server, a lot of programmers and sysadmins and heaven knows what else in between the two programs. You the user then, must try a few possible encoding and see what works. Not too difficult just use the view->encoding menu. Still it is annoying in the case of this page the text is really encoded as iso8859-1 (as you can find out if you manually select this encoding when everything displays properly) but the html code reports that it's text is encoded as UTF-8 (as you can see if you look at the first lines of the html source: content="text/html; charset=utf-8" - you can see the source with menu->view->page source). So its a problem that only time.com can solve properly > Your en_CA.UTF-8 would be able to display this page correctly if > time.com would bother to tell your browser that is uses ISO-8859-1. I am not sure I understand this comment. I am not very familiar with encoding. I was assuming the web pages which have international characters are better off by using UTF-8 encoding. all these things I told you regarding character encodings don't aply only to the case of a text-editor producing text to be displayed in a web browser. In fact they aply when ever a computer stores and displays text. Text stored in memory/disk/wherever must be encoded. Text retrieved to be displayed must be decoded. And this is where your default locale comes to play its part: My default locale is en_CA.UTF-8 and many of the international languages are shown properly. this (UTF-8) is the encoding YOUR pc uses to store/display characters. When not told to use any other encoding it uses UTF-8. When told that a text is encoded differently it is silently converting it to UTF-8 to handle it internally. That is good because UTF-8 is a good encoding scheme by measure of how many different languages it can handle (almost all). If for example your default encoding was iso-8859-1 you would never be able to see how a Greek or Japanese text would look like[1] So you did your part right. Your computer IS ABLE to display most texts right if they are properly tagged regarding what encoding they use. [1] of course you need also have fonts with Greek / Japanese letters
Απ: IMAP Mail server question
2007/2/28, Kelly <[EMAIL PROTECTED]>: Just a request for opinions here guys. I have read several articles about Courier and Dovecot. What is your opinions about which to go with. Disclaimer: - I have no experience with dovecot - I have used only the basic functionality of courier-IMAP courier-IMAP was easy to install and setup works fine with many users accessing the same maildir about 20 maildirs in a low spec server. Hundreds of folders per maildir with some of them having up to 3 emails With outlook express I have some problems now and then that get fixed by doing a "clear local cache" on OE. Only once had a problem with thunderbird (started constantly complaining that it could not save the email it just sent to the INBOX folder while at the same time it HAD saved it). Worked around this annoyance and didn't try to fix it -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
re: Stupid Noob Question: Surfing the 'Testing' edge
2007/2/14, Andrew Sackville-West <[EMAIL PROTECTED]>: On Wed, Feb 14, 2007 at 12:17:56PM -0500, Michael S. Peek wrote: [...] I personally think that if you want the latest greatest stuff one should run sid instead of testing. If something breaks in sid, it tends to fix itself pretty quickly. sometimes within just a day or so. [...]Further down the release cycle, testing gets naturally more and more stable and easier and easier to administer and less likely to break as the new versions get massaged into their final release condition. I wonder if there is an easy way to undo an apt-get upgrade that will break my system. If there is then sid seems like an ideal solution for my desktop PC. I don't mind if I waste a little time or a little disk space. PS: I'm considering to migrate from ubuntu to debian and I am experimenting with it for some weeks now. After overcoming the basic problems (some obscure HW that wasn't supported out of the box) the only thing buzzing me is the stability -vs- new-features choice. In my servers I always go for stable but my desktop I want it more up-to-date without risking more than it is necessary. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: how to remove Gnome and X from etch
2007/1/29, Joey Hess <[EMAIL PROTECTED]>: Nick Demou wrote: > Someone else did the installation and included the GUI by mistake. >[I want to remove it] Tasksel is what installs software during the install, and it can also be used post-install to remove it. Just run tasksel, unselect the desktop task, and continue and it will remove it all. Thanks Joey -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
re: how to remove Gnome and X from etch
2007/1/29, Alan Ianson <[EMAIL PROTECTED]>: On Mon January 29 2007 07:17, Nick Demou wrote: > 2007/1/29, Alan Ianson <[EMAIL PROTECTED]>: > > On Mon January 29 2007 07:01, Nick Demou wrote: > > > In etch, what packages should I remove to get rid of X and gnome? > > > > You'll need to uninstall whatever you installed to begin with. [...] > > Someone else did the installation and included the GUI by mistake. ... I have always installed the desktop stuff after installing a base system so I'm not sure how the installer goes about installing gnome. Hopefully "apt-get remove gnome/xorg/alsa-base" (as needed) will do it for you. That may leave a few bits & pieces but I think that'll get most of it anyway. Seems that I'll better go for the clean solution of a reinstall (it won't take that long anyway) but I must thank everyone for their time -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Απ: how to remove Gnome and X from etch
2007/1/29, Alan Ianson <[EMAIL PROTECTED]>: On Mon January 29 2007 07:01, Nick Demou wrote: > In etch, what packages should I remove to get rid of X and gnome? You'll need to uninstall whatever you installed to begin with. [...] Someone else did the installation and included the GUI by mistake. I guess that an "apt-get remove x y z" will do the trick but I'm not sure what x y z to choose in order to remove MOST or all of them instead of just SOME parts -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
how to remove Gnome and X from etch
In etch, what packages should I remove to get rid of X and gnome? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Απ: shopping for an HTML editor
2007/1/25, David Goodenough <[EMAIL PROTECTED]>: On Wednesday 24 January 2007 19:04, Kamaraju Kusumanchi wrote: > Can anyone recommend a good WYSIWYG HTML editor? I require very basic HTML > stuff like lists, tables, formatting, inserting images etc., no complex [...] Try Amaya. It comes from w3c.org and is not only a reference browser but also a (more or less) WYSIWIG HTML editor. note that Amaya is far less friendly than nvu or kompozer though (at least IMHO) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
re: GNOME / any shortcut to arrange windows?
2007/1/18, Henrik Enberg <[EMAIL PROTECTED]>: Nick Demou <[EMAIL PROTECTED]> writes: > ... > I would love something like what F12 does under compiz/XGL (but I > it's an overkill to install it just for this feature). > ... you want skippy. It's available as a debian package. Thanks, apt-got it and allready happier :-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
re: local network with twisted rj45
17 Jan 2007 19:35:08 -0800, christop <[EMAIL PROTECTED]>: ... Yes, but nothing is going through the line for now, and I would like it to do something. Learning and understanding before only buying more (if possible). Would it be different if it was straight with a switch? I would first like to ping with the devices I do have now. But if it is actualy harder to do it with twisted paires, networking two pcs with a twisted (crosslink ) cable _couldn't_ get any easier! You just plug the cable to the PCs. That's it. Being so simple means it's more stable also (less parts less things to go wrong). There are only two drawback with them: they are useless with anything more than 2 pcs and they look exactly like normal ones (so you got to be extra cautious when picking). Why then do people that do networking complain about them? Well the only reason is that when you use a lot of cables the fact that crosslink ones look just like normal ones means that sooner or later you will use the wrong type and you will spend some time until you notice the silly mistake. It's at this point that most people will through away the crosslink ones to save theirselves the trouble next time (and do the association crosslink = no no). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
GNOME / any shortcut to arrange windows?
Is there a Gnome keyboard shortcut which will arrange all windows in a way that they are all visible? I would love something like what F12 does under compiz/XGL (but I it's an overkill to install it just for this feature). Alternativerly even something like what "tile windows" does under MS windows would be OK. Nick -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]