Re: [expert] SSH idiot guide

[Richard Bown]

Thanks I'll have a look.
On different note, are there any of the MDK kernels ie secure, smp etc 
that dont have the NAT module built as I'm seeing a very strange prob]
on that friends PC.

TNX
Richard
On Fri, 2003-09-26 at 21:05, Vincent Danen wrote:
> On Fri Sep 26, 2003 at 08:44:59PM +0100, Richard Bown wrote:
> 
> > Hi All , is the an idiot guide to setting up ssh anywhere.?
> 
> Not really an idiot guide, but might be of interest:
> 
> http://linsec.ca/bin/view/Main/OpenSSH
> 
> the same article is on MandrakeSecure someplace, but the above is the one
> that I'm maintaining.
-- 
Richard Bown <[EMAIL PROTECTED]>


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[expert] SSH idiot guide

[Richard Bown]

Hi All , is the an idiot guide to setting up ssh anywhere.?

TIA
-- 
Richard Bown <[EMAIL PROTECTED]>


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH idiot guide

[lorne]

On Friday 26 September 2003 12:44 pm, Richard Bown wrote:
> Hi All , is the an idiot guide to setting up ssh anywhere.?
>
Try: 

http://www.aerospacesoftware.com/ssh-howto.html

> TIA


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH idiot guide

[Vincent Danen]

On Fri Sep 26, 2003 at 08:44:59PM +0100, Richard Bown wrote:

> Hi All , is the an idiot guide to setting up ssh anywhere.?

Not really an idiot guide, but might be of interest:

http://linsec.ca/bin/view/Main/OpenSSH

the same article is on MandrakeSecure someplace, but the above is the one
that I'm maintaining.

-- 
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD}



pgp0.pgp
Description: PGP signature

[expert] SSH Server problem

[João Candido A . Milasch Filho]

Hi! I sent this message b4 to newbie list, but I got absolute no 
answer.I hope someone can help me here...Thus, I tried to run 
telnetd from xinetd, no success, tried to configure thelistening ports to 
the standard ports, and got no success.Shorewall is not installed, iptables 
is empty, netstat shows listeningentries corresponding to the service I 
tried to run, but i can connect onlyfrom my local machine. no friends could 
connect to my computer.Thanx 
all!!!Hello 
all, me again!As I sent before, I'm trying to use SSH server in home, to 
access on mywork. But as I said b4, my work firewall is blocking almost all 
outgoingports. So, i have to use SSH on the port 80. I successfully ran the 
daemonon the port 80. To see that, I just netstat -pln, and saw an entry 
likethis:LOCAL 
FOREIGN0.0.0.0:80   
0.0.0.0:0  
sshd blah blahWhel, with that, I knew it was listening correctly on the 
port 80. So to tryit out, I tried from the same machine I was running sshd 
to use ssh. So Idid:$ ssh -l my_user_name -p 80 127.0.0.1It 
worked fine. Then I asked a friend to connect on my ssh server, andtold'im 
to do:$ ssh -l usr_name -p 80 200.100.100.100 (where 200.100.100.100 was 
myinternet IP address on that time). But he couldn't connect.My 
firewall was disabled, I cleared out my lname (or something like that)but my 
friend was still unable to connect on my ssh server.Anyone knows what 
can I do to figure out whats happening?Regards!

Re: [expert] SSH Server problem

[PlugHead]

On Tuesday 12 August 2003 10:56 pm, Greg Meyer wrote:
> On Tuesday 12 August 2003 10:11 pm, João Candido A. Milasch Filho wrote:
> > Hi! I sent this message b4 to newbie list, but I got absolute no answer.
> > I hope someone can help me here...

> > Anyone knows what can I do to figure out whats happening?
>
> Is your isp blocking inbound traffic on port 80 to prevent web servers from
> running on the network?  That would be a cruel catch 22 if it is true. 
> Work only allows outbound on port 80, while home allows all inbound but
> port 80.

Actually, it could be worse than that.  You may not even have a "real" ip 
address.  Sometime an ISP will act as subnet on the internet, in order to 
conserve IP addresses (much like a local router would do, but on a larger 
scale.)  If you're on a dial-up connection, this is most likely the case, and 
may be even if you have a "broadband" connection.  If your IP address starts 
with 192. or 10., that's a dead giveaway, but there are other reserved ranges 
as well that I don't know off the top of my head.

Can your friends ping your ip address?  If so, this is not (probably, unless 
they're really ping'ing someone else) your problem.

-Jason

=
When treading water in a circle of sharks, a wizard will always consider other 
wizards to be the most immediate danger.
(The Last Continent)


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH Server problem *SOLVED* (sort of)

[PlugHead]

Wow.  Sounds like you're dealing with some mighty unreasonable people here...  
Frankly, the first thing that I'd do is look for a new ISP!  (And maybe a new 
employer, while I was at it.)

Assuming those aren't options:

0) Did you try port 443?  That's HTTPS, which many admins seem to forget 
about...

1)  Maybe you can negotiate with your ISP?  Do they offer different plans 
(that you can afford) or a static IP w/ fewer restrictions?

2)  Are they blocking *UDP* ports?  There's this thing I've read about lately 
called OpenVPN that uses UDP transport, which they might be a little more lax 
about...

3)  nmap is the (or at least *a*) tool to use (nessus may work as well.)  
You'd want to use it from a remote system (preferably the one at work.)  The 
only problem is, you'll have to figure out some way of opening every port on 
your home system--well, that and the fact that an alert admin might notice 
and give you grief.  Maybe xinetd, but I don't see an easy way of doing it.  

Maybe that's not necessary--it might be possible to have nmap report the ports 
that are "closed" (meaning that the target system is saying that they're 
closed, which would imply that it noticed the connection attempt and politely 
refused) as opposed to "filtered" (no response at all.)  You may need to 
tweak iptables, such that the default input response is REJECT, so that an 
error packet is returned.

HTH,
-Jason

On Wednesday 13 August 2003 10:09 pm, João Candido Araujo Milasch Filho wrote:
> Well. I got an answer to my problem. About a year ago, my adsl provider
> blocked about all reserved ports, and thats why I can't use'em. Although
> I told you before that they were unblocked by the ISP. Then, I fall on
> another problem: The work's firewall! So, I'll need to get a list of
> unblocked outbound ports. Is there any way to see what outbound ports
> are unblocked? We got some sites that scan my incoming ports. Thats not
> hard to make a program that scan for outgoing ports, but I kind of not
> have time to do so.
> If anyone knows how how to look for outgoing unblocked ports, tell me,
> because the network admins dont want to just give me a port that I can
> use. ;(
>
> Thanks all for the answers.
>
> PlugHead wrote:
> >On Tuesday 12 August 2003 10:56 pm, Greg Meyer wrote:
> >>On Tuesday 12 August 2003 10:11 pm, João Candido A. Milasch Filho wrote:
> >>>Hi! I sent this message b4 to newbie list, but I got absolute no answer.
> >>>I hope someone can help me here...
> >
> >
> >
> >>>Anyone knows what can I do to figure out whats happening?
> >>
> >>Is your isp blocking inbound traffic on port 80 to prevent web servers
> >> from running on the network?  That would be a cruel catch 22 if it is
> >> true. Work only allows outbound on port 80, while home allows all
> >> inbound but port 80.
> >
> >Actually, it could be worse than that.  You may not even have a "real" ip
> >address.  Sometime an ISP will act as subnet on the internet, in order to
> >conserve IP addresses (much like a local router would do, but on a larger
> >scale.)  If you're on a dial-up connection, this is most likely the case,
> > and may be even if you have a "broadband" connection.  If your IP address
> > starts with 192. or 10., that's a dead giveaway, but there are other
> > reserved ranges as well that I don't know off the top of my head.
> >
> >Can your friends ping your ip address?  If so, this is not (probably,
> > unless they're really ping'ing someone else) your problem.
> >
> >-Jason
> >
> >=
> >When treading water in a circle of sharks, a wizard will always consider
> > other wizards to be the most immediate danger.
> >(The Last Continent)
> >
> >
> >
> >
> >
> >
> >Want to buy your Pack or Services from MandrakeSoft?
> >Go to http://www.mandrakestore.com

-- 

=
I AM DEATH, NOT TAXES. *I* TURN UP ONLY ONCE.
(Feet of Clay)


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH Server problem

[Greg Meyer]

On Tuesday 12 August 2003 10:11 pm, João Candido A. Milasch Filho wrote:
> Hi! I sent this message b4 to newbie list, but I got absolute no answer.
> I hope someone can help me here...
>
> Thus, I tried to run telnetd from xinetd, no success, tried to configure
> the listening ports to the standard ports, and got no success.
> Shorewall is not installed, iptables is empty, netstat shows listening
> entries corresponding to the service I tried to run, but i can connect only
> from my local machine. no friends could connect to my computer.
>
> Thanx all!!!
>
> 
>
> Hello all, me again!
>
> As I sent before, I'm trying to use SSH server in home, to access on my
> work. But as I said b4, my work firewall is blocking almost all outgoing
> ports. So, i have to use SSH on the port 80. I successfully ran the daemon
> on the port 80. To see that, I just netstat -pln, and saw an entry like
> this:
> LOCAL FOREIGN
> 0.0.0.0:80   0.0.0.0:0  sshd blah blah
>
> Whel, with that, I knew it was listening correctly on the port 80. So to
> try it out, I tried from the same machine I was running sshd to use ssh. So
> I did:
>
> $ ssh -l my_user_name -p 80 127.0.0.1
>
> It worked fine. Then I asked a friend to connect on my ssh server, and
> told'im to do:
> $ ssh -l usr_name -p 80 200.100.100.100 (where 200.100.100.100 was my
> internet IP address on that time). But he couldn't connect.
>
> My firewall was disabled, I cleared out my lname (or something like that)
> but my friend was still unable to connect on my ssh server.
>
> Anyone knows what can I do to figure out whats happening?
>
Is your isp blocking inbound traffic on port 80 to prevent web servers from 
running on the network?  That would be a cruel catch 22 if it is true.  Work 
only allows outbound on port 80, while home allows all inbound but port 80.
-- 
/g

"Outside of a dog, a man's best friend is a book, inside
a dog it's too dark to read" -Groucho Marx

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH Server problem *SOLVED* (sort of)

[João Candido Araujo Milasch Filho]

Well. I got an answer to my problem. About a year ago, my adsl provider 
blocked about all reserved ports, and thats why I can't use'em. Although 
I told you before that they were unblocked by the ISP. Then, I fall on 
another problem: The work's firewall! So, I'll need to get a list of 
unblocked outbound ports. Is there any way to see what outbound ports 
are unblocked? We got some sites that scan my incoming ports. Thats not 
hard to make a program that scan for outgoing ports, but I kind of not 
have time to do so.
If anyone knows how how to look for outgoing unblocked ports, tell me, 
because the network admins dont want to just give me a port that I can 
use. ;(

Thanks all for the answers.

PlugHead wrote:

On Tuesday 12 August 2003 10:56 pm, Greg Meyer wrote:
 

On Tuesday 12 August 2003 10:11 pm, João Candido A. Milasch Filho wrote:
   

Hi! I sent this message b4 to newbie list, but I got absolute no answer.
I hope someone can help me here...
 


 

Anyone knows what can I do to figure out whats happening?
 

Is your isp blocking inbound traffic on port 80 to prevent web servers from
running on the network?  That would be a cruel catch 22 if it is true. 
Work only allows outbound on port 80, while home allows all inbound but
port 80.
   

Actually, it could be worse than that.  You may not even have a "real" ip 
address.  Sometime an ISP will act as subnet on the internet, in order to 
conserve IP addresses (much like a local router would do, but on a larger 
scale.)  If you're on a dial-up connection, this is most likely the case, and 
may be even if you have a "broadband" connection.  If your IP address starts 
with 192. or 10., that's a dead giveaway, but there are other reserved ranges 
as well that I don't know off the top of my head.

Can your friends ping your ip address?  If so, this is not (probably, unless 
they're really ping'ing someone else) your problem.

-Jason

=
When treading water in a circle of sharks, a wizard will always consider other 
wizards to be the most immediate danger.
(The Last Continent)

 



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
 




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH Server problem

[PlugHead]

You don't have an _external_ hardware firewall (like a cable/dsl router), do 
you?  Those will block all incomming traffic by default...  (Probably a dumb 
question.)

Failing that, are you using xinetd for sshd as well?  On my system, I simply 
disable it and run it as a daemon.  It should be possible to run it thru 
xinetd, but I'm not sure why you would.  If you do, you may need an 
/etc/hosts.allow entry like:

sshd: ALL

(Not sure if/how having it on port 80 will affect things...  But make sure 
that there are no conflicting services (like apache) bound to port 80.)

Also, have you tried looking for the relevant log files?  There should be an 
xinetd.log somewhere--according to the man page at least...  If nothing else, 
try "grep -r xinetd *" and "grep -r sshd *" from the /var/log directory.

HTH,
-Jason

On Tuesday 12 August 2003 10:11 pm, João Candido A. Milasch Filho wrote:
> Hi! I sent this message b4 to newbie list, but I got absolute no answer.
> I hope someone can help me here...
>
> Thus, I tried to run telnetd from xinetd, no success, tried to configure
> the listening ports to the standard ports, and got no success.
> Shorewall is not installed, iptables is empty, netstat shows listening
> entries corresponding to the service I tried to run, but i can connect only
> from my local machine. no friends could connect to my computer.
>
> Thanx all!!!
>
> 
>
> Hello all, me again!
>
> As I sent before, I'm trying to use SSH server in home, to access on my
> work. But as I said b4, my work firewall is blocking almost all outgoing
> ports. So, i have to use SSH on the port 80. I successfully ran the daemon
> on the port 80. To see that, I just netstat -pln, and saw an entry like
> this:
> LOCAL FOREIGN
> 0.0.0.0:80   0.0.0.0:0  sshd blah blah
>
> Whel, with that, I knew it was listening correctly on the port 80. So to
> try it out, I tried from the same machine I was running sshd to use ssh. So
> I did:
>
> $ ssh -l my_user_name -p 80 127.0.0.1
>
> It worked fine. Then I asked a friend to connect on my ssh server, and
> told'im to do:
> $ ssh -l usr_name -p 80 200.100.100.100 (where 200.100.100.100 was my
> internet IP address on that time). But he couldn't connect.
>
> My firewall was disabled, I cleared out my lname (or something like that)
> but my friend was still unable to connect on my ssh server.
>
> Anyone knows what can I do to figure out whats happening?
>
> Regards!

-- 

=
The vermine is a small black and white relative of the lemming, found in
the cold Hublandish regions. Its skin is rare and highly valued, especially
by the vermine itself; the selfish little bastard will do anything rather
than let go of it.
-- Discworld wildlife
   (Terry Pratchett, Sourcery)


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH Server problem

[Jack Coates]

look at /etc/hosts.allow and /etc/hosts.deny.

Jack

On Tue, 2003-08-12 at 19:11, João Candido A. Milasch Filho wrote:
> Hi! I sent this message b4 to newbie list, but I got absolute no
> answer.
> I hope someone can help me here...
> 
> Thus, I tried to run telnetd from xinetd, no success, tried to
> configure the
> listening ports to the standard ports, and got no success.
> Shorewall is not installed, iptables is empty, netstat shows listening
> entries corresponding to the service I tried to run, but i can connect
> only
> from my local machine. no friends could connect to my computer.
> 
> Thanx all!!!
> 
> 
> 
> Hello all, me again!
> 
> As I sent before, I'm trying to use SSH server in home, to access on
> my
> work. But as I said b4, my work firewall is blocking almost all
> outgoing
> ports. So, i have to use SSH on the port 80. I successfully ran the
> daemon
> on the port 80. To see that, I just netstat -pln, and saw an entry
> like
> this:
> LOCAL FOREIGN
> 0.0.0.0:80   0.0.0.0:0  sshd blah
> blah
> 
> Whel, with that, I knew it was listening correctly on the port 80. So
> to try
> it out, I tried from the same machine I was running sshd to use ssh.
> So I
> did:
> 
> $ ssh -l my_user_name -p 80 127.0.0.1
> 
> It worked fine. Then I asked a friend to connect on my ssh server, and
> told'im to do:
> $ ssh -l usr_name -p 80 200.100.100.100 (where 200.100.100.100 was my
> internet IP address on that time). But he couldn't connect.
> 
> My firewall was disabled, I cleared out my lname (or something like
> that)
> but my friend was still unable to connect on my ssh server.
> 
> Anyone knows what can I do to figure out whats happening?
> 
> Regards!
-- 
Jack Coates
Monkeynoodle: A Scientific Venture...


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[expert] ssh problems on mandrake 9.0

[Gustavo Alberto Homem]

Hello,

Does someone know of a working scp/sftp frontend on mandrake 9.0 ?

I found the konqueror support is working for "get" but broken for "put"
(that is reported under kde.bugs.org).

Also, gftp wich supports ssh2 does not work, since it relies on the
sftp-server binary on the remote machine which does not exist in all
ssh server distributions.

I tried to install kio_fish, but if using urpmi, it wants to install the
kde 3.1 contrib packages (experience tells me that kde upgrades allways
break something that was working before :-) ).

Manually compiling kio_fish requires lib-qt-devel whoses dependencies are
calculated in such a way the uprmi/drakconf wants to install postgresSql
an other (apparently) unrelated packages !!

If someone knows a solution for this, I'd be grateful.

Best regards
Gustavo Homem



"All my life I wanted to be someone; I guess I should have been more specific."-- Jane 
Wagner



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH daemon question

[Benjamin Pflugmann]

Hi.

On Fri 2003-01-31 at 23:57:16 -0700, [EMAIL PROTECTED] wrote:
> On Sat Feb 01, 2003 at 12:17:05AM -0500, Scott Crumpler wrote:
> 
> > I'm noticing some wierd behavior on the behalf of my OpenSSH daemon... When 
> > it starts listening, there is only one instance of the process in memory.  
> > But after I connect to it, there are 3 instances.  Now I can understand 2 
> > instances (one to handle the connection and another one that forked off to 
> > wait for the next connection).  However, I can't think of why there would be 
> > 3 instances.  When I make 2 simultaneous connections, the number of sshd 
> > processes becomes 5.
> > 
> > Any ideas?  Is something strange happening here?
> 
> One word: privsep.  No time to discuss the details, you can find out
> about it in the openssh docs.  But privsep is the "culprit" here and
> it's perfectly normal.

Just some more words. privsep is short for privilege seperation and is
a mean to reduce security risks, or in other words: an additional
layer for an attacker to overcome.

The idea is to run as much as possible with lowered privileges. This
is accomplished by running two processes. The privileged parent
process monitors the progress of the unprivileged child process. The
child is the only process that processes network data. The privileged
parent needs few code and therefore there is much less code being
executed with privileges.

A well defined interface between privileged parent and unprivileged
child allows the child to delegate operations that require privileges
to the parent. Successful authentication is determined by the parent
process.

That and more can be found on 

  http://www.citi.umich.edu/u/provos/ssh/privsep.html


HTH,

Benjamin.





msg65367/pgp0.pgp
Description: PGP signature

Re: [expert] SSH daemon question

[Vincent Danen]

On Sat Feb 01, 2003 at 12:17:05AM -0500, Scott Crumpler wrote:

>   I'm noticing some wierd behavior on the behalf of my OpenSSH daemon... When 
> it starts listening, there is only one instance of the process in memory.  
> But after I connect to it, there are 3 instances.  Now I can understand 2 
> instances (one to handle the connection and another one that forked off to 
> wait for the next connection).  However, I can't think of why there would be 
> 3 instances.  When I make 2 simultaneous connections, the number of sshd 
> processes becomes 5.
> 
> Any ideas?  Is something strange happening here?

One word: privsep.  No time to discuss the details, you can find out
about it in the openssh docs.  But privsep is the "culprit" here and
it's perfectly normal.

-- 
MandrakeSoft Security; http://www.mandrakesecure.net/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD}



msg65365/pgp0.pgp
Description: PGP signature

[expert] SSH daemon question

[Scott Crumpler]

I'm noticing some wierd behavior on the behalf of my OpenSSH daemon... When 
it starts listening, there is only one instance of the process in memory.  
But after I connect to it, there are 3 instances.  Now I can understand 2 
instances (one to handle the connection and another one that forked off to 
wait for the next connection).  However, I can't think of why there would be 
3 instances.  When I make 2 simultaneous connections, the number of sshd 
processes becomes 5.

Any ideas?  Is something strange happening here?

TIA
Scott Crumpler


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[expert] SSH + LDAP

[Jim C]

Does anyone know how to get ssh to authenticate from ldap?
I've tried editing /etc/pam.d/sshd but I haven't had any luck.




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Ron Stodden]

H.J.Bathoorn wrote:

Were still talking about the initial install aren't we?


I was talking about runtime boot up.


Afaik /etc/modules.conf's content hasn't been written yet i.e. is about to be 
written.

--
Ron. [Melbourne, Australia]
   20030106 updates now available for Fastest Mandrake downloader 
(English-only) from:
   http://members.optusnet.com.au/ronst/






Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[H.J.Bathoorn]

On Wednesday 15 January 2003 04:31, Ron Stodden wrote:
> H.J.Bathoorn wrote:
> > On Tuesday 14 January 2003 13:12, Ron Stodden wrote:
> >>It is kernel that assigns eth numbers at boot time, I suspect based on
> >>the (remembered) MAC at the other end of the link, using arp (see man
> >>arp), and the eth number assigned by kernel has nothing to do with the
> >>NIC type, NIC manufacturer, or PCI slot.   I suspect that the NIC is
> >>never aware of its eth number - communication is done MAC to MAC, which
> >>is why the MAC is assigned by the NIC manufacturer on a globally unique
> >>basis, although it can be programatically changed (and the low order
> >>byte is dynamically changed as part of the cable modem protocol).
> >
> > You are quite right, I didn't write that down as specifically as I
> > should've.
> >
> > It isn't as much as in which order the kernel sees the nics during the
> > install procedure but how the "available drivers list" is ordered.
>
> I cannot agree, since the NIC driver module is inserted based on the
> line in
> /etc.modules.conf, such as:
>
> alias eth1 tulip
>
> This indicates that the eth number has already been assigned when the
> driver
> module is inserted.

Were still talking about the initial install aren't we?
Afaik /etc/modules.conf's content hasn't been written yet i.e. is about to be 
written.

Good luck,
HarM



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Ron Stodden]

H.J.Bathoorn wrote:

On Tuesday 14 January 2003 13:12, Ron Stodden wrote:



It is kernel that assigns eth numbers at boot time, I suspect based on
the (remembered) MAC at the other end of the link, using arp (see man
arp), and the eth number assigned by kernel has nothing to do with the
NIC type, NIC manufacturer, or PCI slot.   I suspect that the NIC is
never aware of its eth number - communication is done MAC to MAC, which
is why the MAC is assigned by the NIC manufacturer on a globally unique
basis, although it can be programatically changed (and the low order
byte is dynamically changed as part of the cable modem protocol).



You are quite right, I didn't write that down as specifically as I should've.

It isn't as much as in which order the kernel sees the nics during the install 
procedure but how the "available drivers list" is ordered.

I cannot agree, since the NIC driver module is inserted based on the 
line in
/etc.modules.conf, such as:

alias eth1 tulip

This indicates that the eth number has already been assigned when the 
driver
module is inserted.

--
Ron. [Melbourne, Australia]
   20030106 updates now available for Fastest Mandrake downloader 
(English-only) from:
   http://members.optusnet.com.au/ronst/






Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[H.J.Bathoorn]

On Tuesday 14 January 2003 13:12, Ron Stodden wrote:
> H.J.Bathoorn wrote:
> > Take care to know which Nic is going to be eth0 or eth1 i.e. which Nic is
> > which.
> > Smoothwall recognizes them alphabetically on vendor.
>
> What makes you think that?
>
> It is kernel that assigns eth numbers at boot time, I suspect based on
> the (remembered) MAC at the other end of the link, using arp (see man
> arp), and the eth number assigned by kernel has nothing to do with the
> NIC type, NIC manufacturer, or PCI slot.   I suspect that the NIC is
> never aware of its eth number - communication is done MAC to MAC, which
> is why the MAC is assigned by the NIC manufacturer on a globally unique
> basis, although it can be programatically changed (and the low order
> byte is dynamically changed as part of the cable modem protocol).

You are quite right, I didn't write that down as specifically as I should've.

It isn't as much as in which order the kernel sees the nics during the install 
procedure but how the "available drivers list" is ordered.

Good Luck,
HarM



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Ron Stodden]

H.J.Bathoorn wrote:


Take care to know which Nic is going to be eth0 or eth1 i.e. which Nic is 
which.
Smoothwall recognizes them alphabetically on vendor.

What makes you think that?

It is kernel that assigns eth numbers at boot time, I suspect based on 
the (remembered) MAC at the other end of the link, using arp (see man 
arp), and the eth number assigned by kernel has nothing to do with the 
NIC type, NIC manufacturer, or PCI slot.   I suspect that the NIC is 
never aware of its eth number - communication is done MAC to MAC, which 
is why the MAC is assigned by the NIC manufacturer on a globally unique 
basis, although it can be programatically changed (and the low order 
byte is dynamically changed as part of the cable modem protocol).

--
Ron. [Melbourne, Australia]
   20030106 updates now available for Fastest Mandrake downloader 
(English-only) from:
   http://members.optusnet.com.au/ronst/






Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[H.J.Bathoorn]

On Monday 13 January 2003 19:56, James Sparenberg wrote:
> Harm,
>
>Thanks on one thing... I never noticed before but you are right a
> number of "firewalls" do recognize the cards alphabetically instead of
> asking... Wondered about this before myself... SNF does it by going
> numbers first... Which is why 3com comes before Linksys*sigh* Like
> it better when they do it by PCI slot.
>
> James

Well it doesn't have to be alphabetically, it's just how thre search is 
ordererd by the programmer i.e. his database.
I suppose you could try to find the file used when probing cards and change 
the order.
Only if you feel like playing in the sandbox though=:o)

Think I'll take a peek at the iso, you got me curious.=;o)

Good luck,
HarM





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[James Sparenberg]

Harm,

   Thanks on one thing... I never noticed before but you are right a
number of "firewalls" do recognize the cards alphabetically instead of
asking... Wondered about this before myself... SNF does it by going
numbers first... Which is why 3com comes before Linksys*sigh* Like
it better when they do it by PCI slot.

James


On Mon, 2003-01-13 at 09:19, H.J.Bathoorn wrote:
> On Monday 13 January 2003 17:36, Mark Weaver wrote:
> 
> > >>
> > >>I'm getting jazzed about this. As soon as the new Nic's I ordered get
> > >>here I'll be setting this up on a box here at the house. I tested the
> > >>boot disk last night after it was made and it works good. even managed
> > >>to remember how to make one and thats saying something since I don't use
> > >>that command very often at all. This old brain isn't as fried as I
> > >>thought it was. :)
> > >>
> > >>Mark
> > >
> > > Take care to know which Nic is going to be eth0 or eth1 i.e. which Nic is
> > > which.
> > > Smoothwall recognizes them alphabetically on vendor.
> > >
> > > I had an old 3com 10M isa card for the (red)internet/cable connection
> > > (don't need 100M there) and a realtek 10/100 for the (green)network.
> > > The 3com always got recognized first and appointed "green"=:o(
> > > Forcing me to take it out, configure the realtek as "green" and then
> > > insert the 3com ---and no, I didn't get burned. I remembered to shutdown
> > > the box first=:o)
> > >
> > > Good luck,
> > > HarM
> >
> > Harm,
> >
> > Then I should have tons of fun because the cards I ordered are identical.
> 
> Oh, you will!=:o)
> 
> That leaves only the mac addresses to work on.
> Easiest is that once you've identified which is green and which is red (and/or 
> orange)is to mark it as such, with a marker (or nail-polish=:o)).
> 
> That way you'll be able to recognize 'em on the outside, even if you do fry 
> your brains in the future=:o)
> 
> Or scavenge an old 10M somewhere, nobody wants to use 'm anymore. They're 
> dirtcheap (even free sometimes) nowadays. Download speeds surpassing 10M 
> isn't a hand for a long time to come so you'll never notice.
> 
> Good luck,
> HarM
> 
> 
> 
> 
> 
> __
> 
> Want to buy your Pack or Services from MandrakeSoft? 
> Go to http://www.mandrakestore.com



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[H.J.Bathoorn]

On Monday 13 January 2003 17:36, Mark Weaver wrote:

> >>
> >>I'm getting jazzed about this. As soon as the new Nic's I ordered get
> >>here I'll be setting this up on a box here at the house. I tested the
> >>boot disk last night after it was made and it works good. even managed
> >>to remember how to make one and thats saying something since I don't use
> >>that command very often at all. This old brain isn't as fried as I
> >>thought it was. :)
> >>
> >>Mark
> >
> > Take care to know which Nic is going to be eth0 or eth1 i.e. which Nic is
> > which.
> > Smoothwall recognizes them alphabetically on vendor.
> >
> > I had an old 3com 10M isa card for the (red)internet/cable connection
> > (don't need 100M there) and a realtek 10/100 for the (green)network.
> > The 3com always got recognized first and appointed "green"=:o(
> > Forcing me to take it out, configure the realtek as "green" and then
> > insert the 3com ---and no, I didn't get burned. I remembered to shutdown
> > the box first=:o)
> >
> > Good luck,
> > HarM
>
> Harm,
>
> Then I should have tons of fun because the cards I ordered are identical.

Oh, you will!=:o)

That leaves only the mac addresses to work on.
Easiest is that once you've identified which is green and which is red (and/or 
orange)is to mark it as such, with a marker (or nail-polish=:o)).

That way you'll be able to recognize 'em on the outside, even if you do fry 
your brains in the future=:o)

Or scavenge an old 10M somewhere, nobody wants to use 'm anymore. They're 
dirtcheap (even free sometimes) nowadays. Download speeds surpassing 10M 
isn't a hand for a long time to come so you'll never notice.

Good luck,
HarM





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Mark Weaver]

H.J.Bathoorn wrote:

On Monday 13 January 2003 13:51, Mark Weaver wrote:


H.J.Bathoorn wrote:


On Monday 13 January 2003 02:20, Ken Thompson wrote:


On Friday 10 January 2003 08:30 am, Mark Weaver wrote:


Ken Thompson wrote:


On Thursday 09 January 2003 08:14 pm, Mark Weaver wrote:


Pierre Fortin wrote:


Stop or remove "shorewall" -- sure wish Mdk would have made it more
obvious during install/upgrade that it was going to add a firewall
without asking...

:^Pierre


problem is...what does one use on a Mandrake 9.0 box if not shorewall
because I've had a terrible time in the past trying to get Bastille to
work on an MDK 9 box, which led me swiftly back to an 8.2 installation
for server use.

and I did take a look at gShield. The little bugger liked to drove me
nuts!

Mark


I grabbed an old P90 with 32MB - 540MB Drive and installed Smoothwall.
http://www.smoothwall.org
Now I run my entire network through it and just simply fergit it's
there except for frequent log checks.


I've heard about this one before but have never seen it. I'm downloading
the ISO now. Is this an actual installable OS/Firewall, or just firewall
software?


Total installable O/S.. I am using 2.0b2 Right now..


So am I..perfect!
I even removed the fans on the box so's the only you thing you can hear
is the occasional HD clicking.

Good luck,
HarM


I'm getting jazzed about this. As soon as the new Nic's I ordered get
here I'll be setting this up on a box here at the house. I tested the
boot disk last night after it was made and it works good. even managed
to remember how to make one and thats saying something since I don't use
that command very often at all. This old brain isn't as fried as I
thought it was. :)

Mark



Take care to know which Nic is going to be eth0 or eth1 i.e. which Nic is 
which.
Smoothwall recognizes them alphabetically on vendor.

I had an old 3com 10M isa card for the (red)internet/cable connection (don't 
need 100M there) and a realtek 10/100 for the (green)network.
The 3com always got recognized first and appointed "green"=:o(
Forcing me to take it out, configure the realtek as "green" and then insert 
the 3com ---and no, I didn't get burned. I remembered to shutdown the box 
first=:o)

Good luck,
HarM

Harm,

Then I should have tons of fun because the cards I ordered are identical.

--
Mark
---
Paid for by Penguins against modern appliances(R)
Linux User Since 1996
Powered by Mandrake Linux 8.2 & 9.0



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[H.J.Bathoorn]

On Monday 13 January 2003 13:51, Mark Weaver wrote:
> H.J.Bathoorn wrote:
> > On Monday 13 January 2003 02:20, Ken Thompson wrote:
> >>On Friday 10 January 2003 08:30 am, Mark Weaver wrote:
> >>>Ken Thompson wrote:
> On Thursday 09 January 2003 08:14 pm, Mark Weaver wrote:
> >Pierre Fortin wrote:
> >>Stop or remove "shorewall" -- sure wish Mdk would have made it more
> >>obvious during install/upgrade that it was going to add a firewall
> >>without asking...
> >>
> >>:^Pierre
> >
> >problem is...what does one use on a Mandrake 9.0 box if not shorewall
> >because I've had a terrible time in the past trying to get Bastille to
> >work on an MDK 9 box, which led me swiftly back to an 8.2 installation
> >for server use.
> >
> >and I did take a look at gShield. The little bugger liked to drove me
> >nuts!
> >
> >Mark
> 
> I grabbed an old P90 with 32MB - 540MB Drive and installed Smoothwall.
> http://www.smoothwall.org
> Now I run my entire network through it and just simply fergit it's
> there except for frequent log checks.
> >>>
> >>>I've heard about this one before but have never seen it. I'm downloading
> >>>the ISO now. Is this an actual installable OS/Firewall, or just firewall
> >>>software?
> >>
> >>Total installable O/S.. I am using 2.0b2 Right now..
> >
> > So am I..perfect!
> > I even removed the fans on the box so's the only you thing you can hear
> > is the occasional HD clicking.
> >
> > Good luck,
> > HarM
>
> I'm getting jazzed about this. As soon as the new Nic's I ordered get
> here I'll be setting this up on a box here at the house. I tested the
> boot disk last night after it was made and it works good. even managed
> to remember how to make one and thats saying something since I don't use
> that command very often at all. This old brain isn't as fried as I
> thought it was. :)
>
> Mark

Take care to know which Nic is going to be eth0 or eth1 i.e. which Nic is 
which.
Smoothwall recognizes them alphabetically on vendor.

I had an old 3com 10M isa card for the (red)internet/cable connection (don't 
need 100M there) and a realtek 10/100 for the (green)network.
The 3com always got recognized first and appointed "green"=:o(
Forcing me to take it out, configure the realtek as "green" and then insert 
the 3com ---and no, I didn't get burned. I remembered to shutdown the box 
first=:o)

Good luck,
HarM





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Mark Weaver]

H.J.Bathoorn wrote:

On Monday 13 January 2003 02:20, Ken Thompson wrote:


On Friday 10 January 2003 08:30 am, Mark Weaver wrote:


Ken Thompson wrote:


On Thursday 09 January 2003 08:14 pm, Mark Weaver wrote:


Pierre Fortin wrote:


Stop or remove "shorewall" -- sure wish Mdk would have made it more
obvious during install/upgrade that it was going to add a firewall
without asking...

:^Pierre


problem is...what does one use on a Mandrake 9.0 box if not shorewall
because I've had a terrible time in the past trying to get Bastille to
work on an MDK 9 box, which led me swiftly back to an 8.2 installation
for server use.

and I did take a look at gShield. The little bugger liked to drove me
nuts!

Mark


I grabbed an old P90 with 32MB - 540MB Drive and installed Smoothwall.
http://www.smoothwall.org
Now I run my entire network through it and just simply fergit it's
there except for frequent log checks.


I've heard about this one before but have never seen it. I'm downloading
the ISO now. Is this an actual installable OS/Firewall, or just firewall
software?


Total installable O/S.. I am using 2.0b2 Right now..



So am I..perfect!
I even removed the fans on the box so's the only you thing you can hear is the 
occasional HD clicking.

Good luck,
HarM

I'm getting jazzed about this. As soon as the new Nic's I ordered get 
here I'll be setting this up on a box here at the house. I tested the 
boot disk last night after it was made and it works good. even managed 
to remember how to make one and thats saying something since I don't use 
that command very often at all. This old brain isn't as fried as I 
thought it was. :)

Mark



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[H.J.Bathoorn]

On Monday 13 January 2003 02:20, Ken Thompson wrote:
> On Friday 10 January 2003 08:30 am, Mark Weaver wrote:
> > Ken Thompson wrote:
> > > On Thursday 09 January 2003 08:14 pm, Mark Weaver wrote:
> > >>Pierre Fortin wrote:
> > >>>Stop or remove "shorewall" -- sure wish Mdk would have made it more
> > >>>obvious during install/upgrade that it was going to add a firewall
> > >>>without asking...
> > >>>
> > >>>:^Pierre
> > >>
> > >>problem is...what does one use on a Mandrake 9.0 box if not shorewall
> > >>because I've had a terrible time in the past trying to get Bastille to
> > >>work on an MDK 9 box, which led me swiftly back to an 8.2 installation
> > >>for server use.
> > >>
> > >>and I did take a look at gShield. The little bugger liked to drove me
> > >> nuts!
> > >>
> > >>Mark
> > >
> > > I grabbed an old P90 with 32MB - 540MB Drive and installed Smoothwall.
> > > http://www.smoothwall.org
> > > Now I run my entire network through it and just simply fergit it's
> > > there except for frequent log checks.
> >
> > I've heard about this one before but have never seen it. I'm downloading
> > the ISO now. Is this an actual installable OS/Firewall, or just firewall
> > software?
>
> Total installable O/S.. I am using 2.0b2 Right now..

So am I..perfect!
I even removed the fans on the box so's the only you thing you can hear is the 
occasional HD clicking.

Good luck,
HarM




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Ken Thompson]

On Friday 10 January 2003 08:30 am, Mark Weaver wrote:
> Ken Thompson wrote:
> > On Thursday 09 January 2003 08:14 pm, Mark Weaver wrote:
> >>Pierre Fortin wrote:
> >>>Stop or remove "shorewall" -- sure wish Mdk would have made it more
> >>>obvious during install/upgrade that it was going to add a firewall
> >>>without asking...
> >>>
> >>>:^Pierre
> >>
> >>problem is...what does one use on a Mandrake 9.0 box if not shorewall
> >>because I've had a terrible time in the past trying to get Bastille to
> >>work on an MDK 9 box, which led me swiftly back to an 8.2 installation
> >>for server use.
> >>
> >>and I did take a look at gShield. The little bugger liked to drove me
> >> nuts!
> >>
> >>Mark
> >
> > I grabbed an old P90 with 32MB - 540MB Drive and installed Smoothwall.
> > http://www.smoothwall.org
> > Now I run my entire network through it and just simply fergit it's there
> > except for frequent log checks.
>
> I've heard about this one before but have never seen it. I'm downloading
> the ISO now. Is this an actual installable OS/Firewall, or just firewall
> software?

Total installable O/S.. I am using 2.0b2 Right now..
-- 
Ken Thompson
Payette, Idaho
Email: [EMAIL PROTECTED]

Linux- Coming Soon To A Desktop Near You
Registered Linux User #183936



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[expert] SSH setup & logs to watch?

[Robert Barry]

I've setup a ssh server on mandrake 9.0 at work.  Its
behind a D-Link DI-604 router/firewall on a DSL line. 
I have the DI-604 forward port 22 to my ssh server.

>From my house I use Putty to ssh in to the network at
work and run VNC through ssh to my Windows 2000
computer at my desk at work. It works great.

I'm using keys to login to the ssh server and I have
disabled password logins and restricted the ssh logins
to a single user.

What else should I be doing to keep others out of my
network at work?

And what logs should I be looking at to check for
intruders?

Also, what do I need to do to print from my Windows
2000 machine at work so the print job prints at my
printer at home (using VNC through SSH)?

Thanks for any help.

Robert Barry

__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[david . whiting]

On Fri, Jan 10, 2003 at 10:30:04AM -0500, Mark Weaver wrote:
 >
> >I grabbed an old P90 with 32MB - 540MB Drive and installed Smoothwall.
> >http://www.smoothwall.org
> >Now I run my entire network through it and just simply fergit it's there 
> >except for frequent log checks.
> 
> I've heard about this one before but have never seen it. I'm downloading 
> the ISO now. Is this an actual installable OS/Firewall, or just firewall 
> software?

It's a full installable OS/Firewall with DHCP, VPN, etc. We're running
0.99SE with the patches in on an old 486 with 8Mb of RAM (I had to move
the HD to another machine with more memory to install it, but after that
it runs fine on old hardware).  We have 17 clients and it is great.

There's a corporate and GPL version. The guys at
smoothwall.org/smoothwall.co.uk are very...  passionate about it and
have a very clear idea about what should and should not be in the GPL
version. The mailing list can be very exciting :). I read it, but don't
know enough about networking and firewalls to even frame a sensible
question. And, whatever you, don't ask if there is an online archive of
the mailing list.

The installation docs are very well written. So, from someone who is
mostly a desktop user and knows little sysadmin it is great.

Dave

-- 
Dave Whiting
Dar es Salaam, Tanzania


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Mark Weaver]

Robert Goshko wrote:

On Fri, 2003-01-10 at 07:50, Ken Thompson wrote:


On Thursday 09 January 2003 08:14 pm, Mark Weaver wrote:


Pierre Fortin wrote:


Stop or remove "shorewall" -- sure wish Mdk would have made it more
obvious during install/upgrade that it was going to add a firewall
without asking...

:^Pierre


problem is...what does one use on a Mandrake 9.0 box if not shorewall
because I've had a terrible time in the past trying to get Bastille to
work on an MDK 9 box, which led me swiftly back to an 8.2 installation
for server use.

and I did take a look at gShield. The little bugger liked to drove me nuts!

Mark


I grabbed an old P90 with 32MB - 540MB Drive and installed Smoothwall.
http://www.smoothwall.org
Now I run my entire network through it and just simply fergit it's there 
except for frequent log checks.


I used an old 486, 32MB, and a bootable floppy running Eigerstein LRP
(Linux Router Project - http://leaf.sourceforge.net/) for two years,
until the machine died.

That forced my upgrade, I have a machine that is too overpowerd now for
a firewall (PII 200) but I can now run the Bootable CD version of
Dachstein LRP, still no HD so the machine is quite.



aaah yes...I've got just the machine for this job. All I've got 
to do now is get the network cards for in it and I'm in bidness. I made 
the floppy this evening and test drove it on one of my machines here. 
That was AWESOME! it's got me all jazzed up! can't wait to really 
implement it for real.

--
Mark
---
Paid for by Penguins against modern appliances(R)
Linux User Since 1996
Powered by Mandrake Linux 8.2 & 9.0


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Lorne]

On Friday 10 January 2003 03:54 am, Mark Watts wrote:
> > Geeze, when is Mandrake going to get a decent per-ethernet card GUI
> > firewall configurator with an advanced option that covers GUI
> > configuration for all the protocols for say port 1000 and below, an
> > Internet Connection Shareing on/off button as well as a configure
> > button.  Heck, I could probably write it and I can't even get a
> > Samba-LDAP PDC to run. ;-)
>
> They do. It's called Multi-Network Firewall...

Or MNF yes? :) I am in the process of setting it up now with 3 nics. SO far it 
looks VERY good! The only thing that seems glaringly absent is tripwire. I'm 
trying to configure that now and should have it on line in the next week or 
so. 


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Ken Hawkins]

On Friday 10 January 2003 02:50 pm, Ken Thompson wrote:
> On Thursday 09 January 2003 08:14 pm, Mark Weaver wrote:
> >
> > and I did take a look at gShield. The little bugger liked to drove me
> > nuts!
> >
> > Mark
>
> I grabbed an old P90 with 32MB - 540MB Drive and installed Smoothwall.
> http://www.smoothwall.org
> Now I run my entire network through it and just simply fergit it's there
> except for frequent log checks.

I have been using EigerStein from the LRP on a 486-66 w16mb, and NO HDD for 
about 2 years with no problem. Since it boots from floppy, once running, you 
pop out the disk, and even if by chance someone hacks the F/W, you can just 
reboot.

I have run this against some online security test sites, and they have all 
never been able to get more from my computer behind the firewall than my 
browser version. It leaves a FEW things open by default, but those are easily 
corrected.

Ken Hawkins


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Robert Goshko]

On Fri, 2003-01-10 at 07:50, Ken Thompson wrote:
> On Thursday 09 January 2003 08:14 pm, Mark Weaver wrote:
> > Pierre Fortin wrote:
> > > Stop or remove "shorewall" -- sure wish Mdk would have made it more
> > > obvious during install/upgrade that it was going to add a firewall
> > > without asking...
> > >
> > > :^Pierre
> >
> > problem is...what does one use on a Mandrake 9.0 box if not shorewall
> > because I've had a terrible time in the past trying to get Bastille to
> > work on an MDK 9 box, which led me swiftly back to an 8.2 installation
> > for server use.
> >
> > and I did take a look at gShield. The little bugger liked to drove me nuts!
> >
> > Mark
> I grabbed an old P90 with 32MB - 540MB Drive and installed Smoothwall.
> http://www.smoothwall.org
> Now I run my entire network through it and just simply fergit it's there 
> except for frequent log checks.

I used an old 486, 32MB, and a bootable floppy running Eigerstein LRP
(Linux Router Project - http://leaf.sourceforge.net/) for two years,
until the machine died.

That forced my upgrade, I have a machine that is too overpowerd now for
a firewall (PII 200) but I can now run the Bootable CD version of
Dachstein LRP, still no HD so the machine is quite.

-- 
...Rob
 
-- A closed mouth gathers no foot.
 
=
Robert Goshko  Axis Computer Consulting Services, Inc
President  Sherwood Park, Alberta, Canada
http://www.axis-dev.ca/   Supporting the Revolution In Your World
=
Registered Linux User #260513GNU/Linux i686 2.4.20-2mdk-725ca
 
  8:37am  up  1:24,  4 users,  load average: 1.76, 1.81, 1.67



signature.asc
Description: This is a digitally signed message part

Re: [expert] SSH

[Mark Weaver]

Ken Thompson wrote:

On Thursday 09 January 2003 08:14 pm, Mark Weaver wrote:


Pierre Fortin wrote:


Stop or remove "shorewall" -- sure wish Mdk would have made it more
obvious during install/upgrade that it was going to add a firewall
without asking...

:^Pierre


problem is...what does one use on a Mandrake 9.0 box if not shorewall
because I've had a terrible time in the past trying to get Bastille to
work on an MDK 9 box, which led me swiftly back to an 8.2 installation
for server use.

and I did take a look at gShield. The little bugger liked to drove me nuts!

Mark


I grabbed an old P90 with 32MB - 540MB Drive and installed Smoothwall.
http://www.smoothwall.org
Now I run my entire network through it and just simply fergit it's there 
except for frequent log checks.

I've heard about this one before but have never seen it. I'm downloading 
the ISO now. Is this an actual installable OS/Firewall, or just firewall 
software?
--
Mark
---
Paid for by Penguins against modern appliances(R)
Linux User Since 1996
Powered by Mandrake Linux 8.2 & 9.0


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Ken Thompson]

On Thursday 09 January 2003 08:14 pm, Mark Weaver wrote:
> Pierre Fortin wrote:
> > Stop or remove "shorewall" -- sure wish Mdk would have made it more
> > obvious during install/upgrade that it was going to add a firewall
> > without asking...
> >
> > :^Pierre
>
> problem is...what does one use on a Mandrake 9.0 box if not shorewall
> because I've had a terrible time in the past trying to get Bastille to
> work on an MDK 9 box, which led me swiftly back to an 8.2 installation
> for server use.
>
> and I did take a look at gShield. The little bugger liked to drove me nuts!
>
> Mark
I grabbed an old P90 with 32MB - 540MB Drive and installed Smoothwall.
http://www.smoothwall.org
Now I run my entire network through it and just simply fergit it's there 
except for frequent log checks.

-- 
Ken Thompson
Payette, Idaho
Email: [EMAIL PROTECTED]

Linux- Coming Soon To A Desktop Near You
Registered Linux User #183936



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Mark Weaver]

Pierre Fortin wrote:

On Thu, 09 Jan 2003 22:14:27 -0500 Mark Weaver
<[EMAIL PROTECTED]> wrote:



Pierre Fortin wrote:


Stop or remove "shorewall" -- sure wish Mdk would have made it more
obvious during install/upgrade that it was going to add a firewall
without asking... 

:^Pierre

problem is...what does one use on a Mandrake 9.0 box if not shorewall 
because I've had a terrible time in the past trying to get Bastille to 
work on an MDK 9 box, which led me swiftly back to an 8.2 installation 
for server use.

and I did take a look at gShield. The little bugger liked to drove me
nuts!

Mark


If you're gonna protect a box(es), it should be done before the traffic
gets to it...  shorewall is like putting the deadbolt on the coat closet
door instead of the front door IMO.  I use an external box.  

Pierre

truer words were nere spoken, but at the moment I's a bit equipment po 
and lack the necessary hardware with which to implement such a scheme. 
However, it is in the planning stages for my network. ;)
--
Mark
---
Paid for by Penguins against modern appliances(R)
Linux User Since 1996
Powered by Mandrake Linux 8.2 & 9.0


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Mark Weaver]

Rolf Pedersen wrote:

Mark Weaver wrote:


Pierre Fortin wrote:


Stop or remove "shorewall" -- sure wish Mdk would have made it more
obvious during install/upgrade that it was going to add a firewall 
without
asking...
:^Pierre



problem is...what does one use on a Mandrake 9.0 box if not shorewall 
because I've had a terrible time in the past trying to get Bastille to 
work on an MDK 9 box, which led me swiftly back to an 8.2 installation 
for server use.

and I did take a look at gShield. The little bugger liked to drove me 
nuts!

Mark


My only relevant experience is not being able to get Shorewall to 
quickly work and having subsequent success with guarddog, in contrib. It 
has a simple gui and the help brings up an easy-to-follow kde tutorial 
for the basic configuration.  For protocols like rsync, ldap, cvs, 
rdate, I would look for the port used in the man, in /etc/services, or 
at google and add it through the 'Advanced' tab.  It took me as much as 
to strace gpg to find what port it was using to import a key from a 
keyserver but everything I needed, so far, has been doable.

Rolf

Nice! I'll have to give that one a look. Although I can't get away from 
wanting to get my hands REAL dirty and do an entire FW from scratch the 
old-fashioned way.
--
Mark
---
Paid for by Penguins against modern appliances(R)
Linux User Since 1996
Powered by Mandrake Linux 8.2 & 9.0


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Mark Watts]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1




> Geeze, when is Mandrake going to get a decent per-ethernet card GUI
> firewall configurator with an advanced option that covers GUI
> configuration for all the protocols for say port 1000 and below, an
> Internet Connection Shareing on/off button as well as a configure
> button.  Heck, I could probably write it and I can't even get a
> Samba-LDAP PDC to run. ;-)

They do. It's called Multi-Network Firewall...

- -- 
Mark Watts
Systems Engineer
QinetiQ TIM
St Andrews Road, Malvern
GPG Public Key available on request.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+HqZWBn4EFUVUIO0RAtrBAJ9ucNiV8xADAIRGCKCEIJOFXTP83ACfSXf8
mD8+zd6GKScczRwki5PNF4E=
=b9Ef
-END PGP SIGNATURE-



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Rolf Pedersen]

Mark Weaver wrote:

Pierre Fortin wrote:


Stop or remove "shorewall" -- sure wish Mdk would have made it more
obvious during install/upgrade that it was going to add a firewall 
without
asking...
:^Pierre


problem is...what does one use on a Mandrake 9.0 box if not shorewall 
because I've had a terrible time in the past trying to get Bastille to 
work on an MDK 9 box, which led me swiftly back to an 8.2 installation 
for server use.

and I did take a look at gShield. The little bugger liked to drove me nuts!

Mark


My only relevant experience is not being able to get Shorewall to 
quickly work and having subsequent success with guarddog, in contrib. 
It has a simple gui and the help brings up an easy-to-follow kde 
tutorial for the basic configuration.  For protocols like rsync, ldap, 
cvs, rdate, I would look for the port used in the man, in /etc/services, 
or at google and add it through the 'Advanced' tab.  It took me as much 
as to strace gpg to find what port it was using to import a key from a 
keyserver but everything I needed, so far, has been doable.

Rolf



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Pierre Fortin]

On Thu, 09 Jan 2003 22:14:27 -0500 Mark Weaver
<[EMAIL PROTECTED]> wrote:

> Pierre Fortin wrote:
> > Stop or remove "shorewall" -- sure wish Mdk would have made it more
> > obvious during install/upgrade that it was going to add a firewall
> > without asking... 
> > 
> > :^Pierre
> 
> problem is...what does one use on a Mandrake 9.0 box if not shorewall 
> because I've had a terrible time in the past trying to get Bastille to 
> work on an MDK 9 box, which led me swiftly back to an 8.2 installation 
> for server use.
> 
> and I did take a look at gShield. The little bugger liked to drove me
> nuts!
> 
> Mark

If you're gonna protect a box(es), it should be done before the traffic
gets to it...  shorewall is like putting the deadbolt on the coat closet
door instead of the front door IMO.  I use an external box.  

Pierre


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Brian Schroeder]

I use firestarter (http://firestarter.sourceforge.net/).  It's not
necessarily the best, but I haven't had too much trouble with it.  It
seems to work, although I haven't tried it with ssh.

It's on the Mandrake CDs if you want to try it.

Brian.



From: Mark Weaver <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [expert] SSH
Date: Thu, 09 Jan 2003 22:14:27 -0500

Pierre Fortin wrote:

Stop or remove "shorewall" -- sure wish Mdk would have made it more
obvious during install/upgrade that it was going to add a firewall without
asking...

:^Pierre


problem is...what does one use on a Mandrake 9.0 box if not shorewall 
because I've had a terrible time in the past trying to get Bastille to work 
on an MDK 9 box, which led me swiftly back to an 8.2 installation for 
server use.

and I did take a look at gShield. The little bugger liked to drove me nuts!

Mark


_
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Mark Weaver]

Jim C wrote:

Experience tells me that when I stop shorewall from the command line 
(i.e. "service shorewall stop" from the superuser bash prompt) my 
network gets locked down.  Ah dunno why.  What I do to turn it off is go 
into Control Center and select Security | Firewall and then unselect 
everything except the Everything button.  Then I do "service shorewall 
restart" just for good measure.  Alternatively, one can just check the 
ssh button to allow access on ssh's port.

Geeze, when is Mandrake going to get a decent per-ethernet card GUI 
firewall configurator with an advanced option that covers GUI 
configuration for all the protocols for say port 1000 and below, an 
Internet Connection Shareing on/off button as well as a configure 
button.  Heck, I could probably write it and I can't even get a 
Samba-LDAP PDC to run. ;-)


Jim C.

First, God Bless MandrakeSoft!!!

Second, they'll prolly get one of those things you've mentioned about 
the time we all get real good at setting up and configuring a firewall 
the old-fashioned way. by then it'll all be a mute point, ya know? :)

Mark



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Mark Weaver]

Pierre Fortin wrote:

Stop or remove "shorewall" -- sure wish Mdk would have made it more
obvious during install/upgrade that it was going to add a firewall without
asking... 

:^Pierre

problem is...what does one use on a Mandrake 9.0 box if not shorewall 
because I've had a terrible time in the past trying to get Bastille to 
work on an MDK 9 box, which led me swiftly back to an 8.2 installation 
for server use.

and I did take a look at gShield. The little bugger liked to drove me nuts!

Mark




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Salane]

FYI
service shorewall clear will clear the firewall 
service shorewall stop stops it.

On Thursday 09 January 2003 09:35 pm, Jim C wrote:
> Experience tells me that when I stop shorewall from the command line
> (i.e. "service shorewall stop" from the superuser bash prompt) my
> network gets locked down.  Ah dunno why.  What I do to turn it off is go
> into Control Center and select Security | Firewall and then unselect
> everything except the Everything button.  Then I do "service shorewall
> restart" just for good measure.  Alternatively, one can just check the
> ssh button to allow access on ssh's port.
>
> Geeze, when is Mandrake going to get a decent per-ethernet card GUI
> firewall configurator with an advanced option that covers GUI
> configuration for all the protocols for say port 1000 and below, an
> Internet Connection Shareing on/off button as well as a configure
> button.  Heck, I could probably write it and I can't even get a
> Samba-LDAP PDC to run. ;-)
>
>
> Jim C.
>
> Pierre Fortin wrote:
> > Stop or remove "shorewall" -- sure wish Mdk would have made it more
> > obvious during install/upgrade that it was going to add a firewall
> > without asking...
> >
> > :^Pierre
> >
> > On Thu, 9 Jan 2003 18:16:19 -0500  Brian York <[EMAIL PROTECTED]>
> >
> > wrote:
> >>I just installed mandrake 9 and I can't get ssh in to it. Its running
> >>but I get an error message connection closed by remote host. When I
> >>installed it I used 'higher' security.
> >>
> >>Thanks
> >>Brian
> >
> > 
> >
> > Want to buy your Pack or Services from MandrakeSoft?
> > Go to http://www.mandrakestore.com



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Jim C]

Experience tells me that when I stop shorewall from the command line 
(i.e. "service shorewall stop" from the superuser bash prompt) my 
network gets locked down.  Ah dunno why.  What I do to turn it off is go 
into Control Center and select Security | Firewall and then unselect 
everything except the Everything button.  Then I do "service shorewall 
restart" just for good measure.  Alternatively, one can just check the 
ssh button to allow access on ssh's port.

Geeze, when is Mandrake going to get a decent per-ethernet card GUI 
firewall configurator with an advanced option that covers GUI 
configuration for all the protocols for say port 1000 and below, an 
Internet Connection Shareing on/off button as well as a configure 
button.  Heck, I could probably write it and I can't even get a 
Samba-LDAP PDC to run. ;-)


Jim C.

Pierre Fortin wrote:
Stop or remove "shorewall" -- sure wish Mdk would have made it more
obvious during install/upgrade that it was going to add a firewall without
asking... 

:^Pierre


On Thu, 9 Jan 2003 18:16:19 -0500  Brian York <[EMAIL PROTECTED]>
wrote:


I just installed mandrake 9 and I can't get ssh in to it. Its running
but I get an error message connection closed by remote host. When I
installed it I used 'higher' security. 

Thanks
Brian







Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Pierre Fortin]

Stop or remove "shorewall" -- sure wish Mdk would have made it more
obvious during install/upgrade that it was going to add a firewall without
asking... 

:^Pierre


On Thu, 9 Jan 2003 18:16:19 -0500  Brian York <[EMAIL PROTECTED]>
wrote:

> I just installed mandrake 9 and I can't get ssh in to it. Its running
> but I get an error message connection closed by remote host. When I
> installed it I used 'higher' security. 
>  
> Thanks
> Brian
>  
> 


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[expert] SSH

[Brian York]

I just installed mandrake 9 and I can't get ssh in to it. Its running but I get
an error message connection closed by remote host. When I installed it I used 'higher'
security. 

 

Thanks

Brian

 

Re: [expert] ssh and forward X11 information

[Vincent Danen]

On Monday, September 23, 2002, at 04:49 PM, K Montgomery wrote:

> I have a handy piece of script that I put in the .bash_profile of my
> Solaris account so that whenever I log in using SSH, my DISPLAY 
> variable
> is automatically set to the IP I'm SSH-ing from:
>
> if [ "$SSH_CLIENT" != "" ]; then
>   export DISPLAY=`echo $SSH_CLIENT | cut -d " " -f1`:0
> fi
>
> This code is for bash, but I'm sure it can easily be adapted to any
> shell.  But that's a programming matter. :)  Of course, if you just set
> the DISPLAY variable manually every time, that will work, too.
>
> It's been my experience that the DISPLAY just doesn't get set
> automatically when logging into Solaris; whether it's really supposed
> to, I don't know.

Useful.  =)  I've added this to the user contributed notes section of 
the openssh article on MandrakeSecure.

--
MandrakeSoft Security; http://www.mandrakesecure.net/
"lynx - source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}




PGP.sig
Description: PGP signature

Re: [expert] ssh and forward X11 information

[K Montgomery]

I have a handy piece of script that I put in the .bash_profile of my
Solaris account so that whenever I log in using SSH, my DISPLAY variable
is automatically set to the IP I'm SSH-ing from:

if [ "$SSH_CLIENT" != "" ]; then
export DISPLAY=`echo $SSH_CLIENT | cut -d " " -f1`:0
fi

This code is for bash, but I'm sure it can easily be adapted to any
shell.  But that's a programming matter. :)  Of course, if you just set
the DISPLAY variable manually every time, that will work, too.

It's been my experience that the DISPLAY just doesn't get set
automatically when logging into Solaris; whether it's really supposed
to, I don't know.

- Kathy

On Tue, 2002-09-17 at 02:07, Paul Richardson wrote:
> Greetings, I am running under Mandrake 8.2 with the default installed 
> ssh. I am trying
> to ssh into a solaris box. It turns out that I can ssh into the solaris 
> machine ok, but when I
> log in I notice that there is no DISPLAY env variable set and therefore 
> any x clients
> will not work.
> 
> The sshd_config file on the machine I log into has the X11Forwarding 
> variable set
> to yes. When I invoke ssh from end I type "ssh -X -l myUsername etc
> 
> I suspect that it is the solaris machine with the problem because I have 
> used this
> box in the past to do x client stuff.I don't think this is a bug, more a 
> configuration
> problem
> 
> Any help would be appreciated





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[expert] ssh and forward X11 information

[Paul Richardson]

Greetings, I am running under Mandrake 8.2 with the default installed 
ssh. I am trying
to ssh into a solaris box. It turns out that I can ssh into the solaris 
machine ok, but when I
log in I notice that there is no DISPLAY env variable set and therefore 
any x clients
will not work.

The sshd_config file on the machine I log into has the X11Forwarding 
variable set
to yes. When I invoke ssh from end I type "ssh -X -l myUsername etc

I suspect that it is the solaris machine with the problem because I have 
used this
box in the past to do x client stuff.I don't think this is a bug, more a 
configuration
problem

Any help would be appreciated




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH or X problem?

[Todd Lyons]

Stefan Sten wrote on Sat, Aug 24, 2002 at 01:27:41AM +0200 :
> Hello,
> 
> I?m connecting from my home to the university to do som work via
> Openssh v3.1 in MDk 8.2. I get the connection established, and can access
> my files as usual. The problem I get is when I want the display at my own
> machine, especially emacs to do some coding.

ssh -X user@hostname

The -X forces X forwarding.  I have come across some systems that it
does it automatically and others that I had to add the -X.  I've not
taken the time to investigate why, I just use -X always now.

Blue skies...   Todd
-- 
  Todd Lyons -- MandrakeSoft, Inc.   http://www.mandrakesoft.com/
UNIX was not designed to stop you from doing stupid things, because 
  that would also stop you from doing clever things. -- Doug Gwyn
   Cooker Version mandrake-release-9.0-0.3mdk Kernel 2.4.19-5mdk



msg57251/pgp0.pgp
Description: PGP signature

Re: [expert] SSH and FTP logins taking much LONGER

[David Rankin]

Randy,

I think your on to something. My auth.log reveals the following for SSH and FTP
authentication:

Jun 24 13:26:12 Nemesis sshd[24448]: Accepted password for david from 66.76.72.50 port 
1026
Jun 24 13:26:12 Nemesis sshd[24448]: Could not reverse map address 66.76.72.50.
Jun 24 13:26:12 Nemesis PAM_unix[24448]: (system-auth) session opened for user david by
(uid=0)
Jun 24 13:29:14 Nemesis PAM_unix[24448]: (system-auth) session closed for user david
Jun 24 13:29:29 Nemesis xinetd[27314]: START: ftp pid=24469 from=66.76.72.50
Jun 24 13:31:24 Nemesis xinetd[27314]: EXIT: ftp pid=24469 duration=115(sec)

sshd can't reverse map the 66.76.72.50 IP that I have at home? That seems really 
strange,
because I CAN do reverse lookups of other addresses. Any thoughts on why nslookup
xxx.xxx.xxx.xxx would yield good results on some addresses and not on others?

Flood Randy Capt AFCA/TCAA wrote:

> Do you have reverse hostname entries in your dns server?  Because this will cause 
>this...
>
> -Original Message-
> From: David Rankin [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, June 23, 2002 10:47 AM
> To: mandrake
> Subject: [expert] SSH and FTP logins taking much LONGER
>
> Listmates:
>
> Over the past year, FTP and SSH logins are taking much longer. In the
> past FTP logins would take 2-3 seconds and SSH logins were almost
> instantaneous. Now both FTP and SSH logins take approximately 20 - 30
> seconds. Uptime is 363 days and I haven't restarted either xinetd, FTP
> or SSH. Is there some kind of login history, or authentication log that
> could be causing the slowdows? Any other thoughts?
>
> --
> David C. Rankin, J.D., P.E.
> RANKIN * BERTIN, PLLC
> 1329 N. University, Suite D4
> Nacogdoches, Texas 75961
> (936) 715-9333
> (936) 715-9339 fax
>
>   
> Want to buy your Pack or Services from MandrakeSoft?
> Go to http://www.mandrakestore.com

--
David C. Rankin, J.D., P.E.
RANKIN * BERTIN, PLLC
1329 N. University, Suite D4
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] SSH and FTP logins taking much LONGER

[Flood Randy Capt AFCA/TCAA]

Do you have reverse hostname entries in your dns server?  Because this will cause 
this...


-Original Message-
From: David Rankin [mailto:[EMAIL PROTECTED]]
Sent: Sunday, June 23, 2002 10:47 AM
To: mandrake
Subject: [expert] SSH and FTP logins taking much LONGER


Listmates:

Over the past year, FTP and SSH logins are taking much longer. In the
past FTP logins would take 2-3 seconds and SSH logins were almost
instantaneous. Now both FTP and SSH logins take approximately 20 - 30
seconds. Uptime is 363 days and I haven't restarted either xinetd, FTP
or SSH. Is there some kind of login history, or authentication log that
could be causing the slowdows? Any other thoughts?


-- 
David C. Rankin, J.D., P.E.
RANKIN * BERTIN, PLLC
1329 N. University, Suite D4
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH and FTP logins taking much LONGER

[Bill Kenworthy]

Check your dns ...

BillK

On Sun, 2002-06-23 at 23:46, David Rankin wrote:
> Listmates:
> 
>   Over the past year, FTP and SSH logins are taking much longer. In the
> past FTP logins would take 2-3 seconds and SSH logins were almost
> instantaneous. Now both FTP and SSH logins take approximately 20 - 30
> seconds. Uptime is 363 days and I haven't restarted either xinetd, FTP
> or SSH. Is there some kind of login history, or authentication log that
> could be causing the slowdows? Any other thoughts?
> 
> 
> -- 
> David C. Rankin, J.D., P.E.
> RANKIN * BERTIN, PLLC
> 1329 N. University, Suite D4
> Nacogdoches, Texas 75961
> (936) 715-9333
> (936) 715-9339 fax
-- 
Bill Kenworthy <[EMAIL PROTECTED]>




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH and FTP logins taking much LONGER

[Todd Lyons]

David Rankin wrote on Sun, Jun 23, 2002 at 10:46:43AM -0500 :
> 
>   Over the past year, FTP and SSH logins are taking much longer. In the
> past FTP logins would take 2-3 seconds and SSH logins were almost
> instantaneous. Now both FTP and SSH logins take approximately 20 - 30
> seconds. Uptime is 363 days and I haven't restarted either xinetd, FTP

FTP: is the system under heavy load?  Forking ftp instances is not
cheap, and if you're getting lots of hits, it will spend much time doing
the forks.

SSH: ssh is intelligent.  If someone (or lots of someone's) are hitting
your ssh server trying to guess passwords, or just exploit scripts
hitting your box randomly, ssh will take longer to let the negotiation
go through.  It makes it more difficult to brute force passwords.

Both:  a 30 second or 60 second timeout is usually indicative of DNS
issues.  Look through /var/log/messages and see if ssh is spitting out
warning messages like:
Jun 23 11:33:39 t3cc sshd[11501]: Could not reverse map address
xx.xxx.xxx.x.
Jun 23 11:33:42 t3cc sshd[11501]: Accepted password for toddl from
xx.xxx.xxx.x port 61297 ssh2

Even so, I only had about a 5 second timeout.  Depending on the answer
that comes back from a DNS server, it can be longer.

Blue skies...   Todd
-- 
  Todd Lyons -- MandrakeSoft, Inc.   http://www.mandrakesoft.com/
UNIX was not designed to stop you from doing stupid things, because 
  that would also stop you from doing clever things. -- Doug Gwyn
   Cooker Version mandrake-release-8.3-0.2mdk Kernel 2.4.18-19mdk



msg55579/pgp0.pgp
Description: PGP signature

Re: [expert] SSH and FTP logins taking much LONGER

[Jan Lentfer]

Am Son, 2002-06-23 um 17.46 schrieb David Rankin:
> Listmates:
> 
>   Over the past year, FTP and SSH logins are taking much longer. In the
> past FTP logins would take 2-3 seconds and SSH logins were almost
> instantaneous. Now both FTP and SSH logins take approximately 20 - 30
> seconds. Uptime is 363 days and I haven't restarted either xinetd, FTP
> or SSH. Is there some kind of login history, or authentication log that
> could be causing the slowdows? Any other thoughts?

Do the logs say anything unusual? What FTP-Server? Maybe it's issue with
your PAM-Configuration?

Jan




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[expert] SSH and FTP logins taking much LONGER

[David Rankin]

Listmates:

Over the past year, FTP and SSH logins are taking much longer. In the
past FTP logins would take 2-3 seconds and SSH logins were almost
instantaneous. Now both FTP and SSH logins take approximately 20 - 30
seconds. Uptime is 363 days and I haven't restarted either xinetd, FTP
or SSH. Is there some kind of login history, or authentication log that
could be causing the slowdows? Any other thoughts?


-- 
David C. Rankin, J.D., P.E.
RANKIN * BERTIN, PLLC
1329 N. University, Suite D4
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] ssh and X

[Brian Parish]

Not sure what you mean here David.  I have tried it both ways - ssh as
root and as a user.  One prompts for the root password then does
nothing. The other just does nothing.  If I type DrakConf into a console
locally it works fine.

I used to do this in 8.1   Something has changed.

Brian

On Tue, 2002-05-21 at 01:11, JOHAM,DAVID (HP-Boise,ex1) wrote:
> 
> I can't run DrakConf either in a remote SSH session. I don't seem to recall
> the reason why, but I ran DrakConf from the console once and it told me. You
> might try that and see if it works...
> 
> Also, are you ssh'ing as root or as another user? Just as an idea, you may
> have better luck ssh'ing in as root and then trying.
> 
> HTH
> 
> David
> 
> -Original Message-
> From: Brian Parish [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, May 19, 2002 7:13 AM
> To: expert
> Subject: Re: [expert] ssh and X
> 
> 
> On Sun, 2002-05-19 at 06:19, Joan Tur wrote:
> > Es Dissabte 18 Maig 2002 15:04, en [EMAIL PROTECTED] va escriure:
> > > On Sat, 18 May 2002, Joan Tur wrote:
> > > > Hallo!
> > > >
> > > > After having logged in my remote computer via ssh I can run text based
> > > > programs but I get "Remote host denied X11 forwarding" when trying to
> run
> > > > graphical apps...
> > >
> > > Look for the system sshd_config file, usually located in
> > > /etc/ssh/sshd_config. Make sure that you see:
> > >X11Forwarding yes
> > That file didn't exist in the directory, so now it's working.  Thanks!!
> ;)
> > 
> > -- 
> > Joan Tur. Ibiza - Spain
> 
> But Joan,
> 
> Can you run DrakConf?  If I login over ssh I can run other X apps, but
> the DrakConf command just returns a prompt with no error if I am already
> root, or prompts for the root password and then returns to a prompt if I
> am not.
> 
> Posted on this sometime back with no responses, so I'm interested to
> hear if others get the same behaviour.
> 
> cheers
> Brian
> 
> 
> 
> 
> 

> Want to buy your Pack or Services from MandrakeSoft? 
> Go to http://www.mandrakestore.com





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] ssh and X

[JOHAM,DAVID (HP-Boise,ex1)]

I can't run DrakConf either in a remote SSH session. I don't seem to recall
the reason why, but I ran DrakConf from the console once and it told me. You
might try that and see if it works...

Also, are you ssh'ing as root or as another user? Just as an idea, you may
have better luck ssh'ing in as root and then trying.

HTH

David

-Original Message-
From: Brian Parish [mailto:[EMAIL PROTECTED]]
Sent: Sunday, May 19, 2002 7:13 AM
To: expert
Subject: Re: [expert] ssh and X


On Sun, 2002-05-19 at 06:19, Joan Tur wrote:
> Es Dissabte 18 Maig 2002 15:04, en [EMAIL PROTECTED] va escriure:
> > On Sat, 18 May 2002, Joan Tur wrote:
> > > Hallo!
> > >
> > > After having logged in my remote computer via ssh I can run text based
> > > programs but I get "Remote host denied X11 forwarding" when trying to
run
> > > graphical apps...
> >
> > Look for the system sshd_config file, usually located in
> > /etc/ssh/sshd_config. Make sure that you see:
> >X11Forwarding yes
> That file didn't exist in the directory, so now it's working.  Thanks!!
;)
> 
> -- 
> Joan Tur. Ibiza - Spain

But Joan,

Can you run DrakConf?  If I login over ssh I can run other X apps, but
the DrakConf command just returns a prompt with no error if I am already
root, or prompts for the root password and then returns to a prompt if I
am not.

Posted on this sometime back with no responses, so I'm interested to
hear if others get the same behaviour.

cheers
Brian





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] ssh and X

[Brian Parish]

On Sun, 2002-05-19 at 06:19, Joan Tur wrote:
> Es Dissabte 18 Maig 2002 15:04, en [EMAIL PROTECTED] va escriure:
> > On Sat, 18 May 2002, Joan Tur wrote:
> > > Hallo!
> > >
> > > After having logged in my remote computer via ssh I can run text based
> > > programs but I get "Remote host denied X11 forwarding" when trying to run
> > > graphical apps...
> >
> > Look for the system sshd_config file, usually located in
> > /etc/ssh/sshd_config. Make sure that you see:
> >X11Forwarding yes
> That file didn't exist in the directory, so now it's working.  Thanks!!  ;)
> 
> -- 
> Joan Tur. Ibiza - Spain

But Joan,

Can you run DrakConf?  If I login over ssh I can run other X apps, but
the DrakConf command just returns a prompt with no error if I am already
root, or prompts for the root password and then returns to a prompt if I
am not.

Posted on this sometime back with no responses, so I'm interested to
hear if others get the same behaviour.

cheers
Brian




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] ssh and X

[Joan Tur]

Es Dissabte 18 Maig 2002 15:04, en [EMAIL PROTECTED] va escriure:
> On Sat, 18 May 2002, Joan Tur wrote:
> > Hallo!
> >
> > After having logged in my remote computer via ssh I can run text based
> > programs but I get "Remote host denied X11 forwarding" when trying to run
> > graphical apps...
>
> Look for the system sshd_config file, usually located in
> /etc/ssh/sshd_config. Make sure that you see:
>X11Forwarding yes
That file didn't exist in the directory, so now it's working.  Thanks!!  ;)

-- 
Joan Tur. Ibiza - Spain
   AOL quini2k  ICQ 11407395
   www.ClubIbosim.org
 Linux: usuari registrat 190.783



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] ssh and X

[kwan]

On Sat, 18 May 2002, Joan Tur wrote:

> Hallo!
> 
> After having logged in my remote computer via ssh I can run text based 
> programs but I get "Remote host denied X11 forwarding" when trying to run 
> graphical apps...

Look for the system sshd_config file, usually located in
/etc/ssh/sshd_config. Make sure that you see:
   X11Forwarding yes

On the local machine, look for the /etc/ssh/ssh_config file and verify
that you see:
  ForwardX11 yes

When you connect, use the following syntax:
  ssh -X name_of_remote_host

If you do the first two you shouldn't need to explicitly enable X
forwarding.






Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[expert] ssh and X

[Joan Tur]

Hallo!

After having logged in my remote computer via ssh I can run text based 
programs but I get "Remote host denied X11 forwarding" when trying to run 
graphical apps...

Any idea??  8-?

Thanks!
-- 
Joan Tur. Ibiza - Spain
   AOL quini2k  ICQ 11407395
   www.ClubIbosim.org
 Linux: usuari registrat 190.783



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[expert] ssh connection error message

[James]

All,

  Getting this error message when connected to a Mandrake 8.1 box
from a Mandrake 8.2 box via ssh.  Other versions of Linux (RH SuSe)
don't get the message.

Hm, dispatch protocol error: type 3 plen 4


A site I found on the net suggested that the problem could be solved
by adding the following line to sshd_config file.

RekeyIntervalSeconds 0


then stop and restart (not -HUP ) the sshd daemon and it's supposed
to cure that.. unfortunately it doesn't. the above line is
seen as a config error by sshd in 8.1 and 8.2 any ideas?

James



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH Tunelling

[Michal 'hramrach' Suchanek]

Tom Badran wrote:

>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>I have two ssh tunnels that are run in my .bashrc file so that i can have 
>secure pop/smtp.
>
>The system works great, but it does have one setback, each time i open a new 
>terminal (which obviously runs bash) i get more and more ssh processes 
>running.
>
>How can i set this up so that the tunnels are only setup if they need to be? 
>Is there a way to make the ssh command run only if the tunnels do not exist? 
>I read somewhere that you can add tunnels to the .ssh/config file but i have 
>found no documentation detailing this.
>
This is script what I use to start a ssh-agent (script placed in 
/etc/profile.d) to hold (even between different login sessions) any keys 
I load. I had to hack some X startup script to load /etc/profile.d 
because it's not done by default.
The script works fine for me as I am the only physical user of my 
computer with several accounts.  On a real multiuser machine both you 
and root user can acces keys loaded to your agent. There may be similar 
problem with SSH tunnels.

Hope this helps.


#!/bin/bash

agentinfo=$HOME/.ssh-agent-info
minuser=500

if [ $EUID -lt $minuser ] ; then return ; fi

if [ "$SSH_AUTH_SOCK" ] && ssh-add -l 2>/dev/null; then 
set +x
return ;
fi

if [ -s $agentinfo ] ; then 
. $agentinfo
if ps -A | grep "$SSH_AGENT_PID" >/dev/null \
&& [ -e "$SSH_AUTH_SOCK" ] ; then
if ssh-add -l 2>/dev/null; then 
set +x
return ;
else
rm -f $SSH_AUTH_SOCK ;
fi
fi
fi

ssh-agent > $agentinfo
. $agentinfo

unset agentinfo minuser


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[expert] SSH Tunelling

[Tom Badran]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I have two ssh tunnels that are run in my .bashrc file so that i can have 
secure pop/smtp.

The system works great, but it does have one setback, each time i open a new 
terminal (which obviously runs bash) i get more and more ssh processes 
running.

How can i set this up so that the tunnels are only setup if they need to be? 
Is there a way to make the ssh command run only if the tunnels do not exist? 
I read somewhere that you can add tunnels to the .ssh/config file but i have 
found no documentation detailing this.

Thanks

Tom
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8l5gaXCpWOla2mCcRAjCPAKCk+BqR9HE+BsWEfSH+ZWoAXFGYSwCgkuwf
VNvY0WiJe1jsis/9XokXt1w=
=kc9e
-END PGP SIGNATURE-



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Lee Roberts]

I'm trying to log in to my linux box FROM the internet. SSH works fine
within the LAN. It's looking like a config problem on my laptop because a
couple of friends were able to get a login screen.

At 10:41 PM 2/3/2002 -0800, James wrote:
>Just a question so I can understand.  Are you trying to connect from a box
>from outside your to a box inside your firewall?  Or are you trying to
>connect from inside to a box on the internet?  Sorry if I'm dense...
>god made me that way *grin*
>
>James
>
>
>On Sun, 03 Feb 2002 13:54:42 -0700
>Lee Roberts <[EMAIL PROTECTED]> wrote:
>
>> At 08:27 AM 1/30/2002 -0800, Deryk Barker wrote:
>> >Thus spake Thomas Sourmail ([EMAIL PROTECTED]):
>> >
>> >> > > sshd: ALL
>> >> > 
>> >> > Sure; that lets you access via SSH from anywhere in the world.
>> 
>> I did that and I still con't connect via ssh over the internet.  SSH
>works
>> fine on the intranet (LAN). TCP port 22 shows open on a port scan. I can
>> connect to webmin on my linux box over the internet. So, what could be
>> causing my problem? It's probably some kind of configuration problem. I
>was
>> wondering if one of the hops between the client and server could be
>causing
>> a problem? Doesn't seem likely.
>> 
>> 
>> 
>
>Want to buy your Pack or Services from MandrakeSoft? 
>Go to http://www.mandrakestore.com




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[James]

Just a question so I can understand.  Are you trying to connect from a box
from outside your to a box inside your firewall?  Or are you trying to
connect from inside to a box on the internet?  Sorry if I'm dense...
god made me that way *grin*

James


On Sun, 03 Feb 2002 13:54:42 -0700
Lee Roberts <[EMAIL PROTECTED]> wrote:

> At 08:27 AM 1/30/2002 -0800, Deryk Barker wrote:
> >Thus spake Thomas Sourmail ([EMAIL PROTECTED]):
> >
> >> > > sshd: ALL
> >> > 
> >> > Sure; that lets you access via SSH from anywhere in the world.
> 
> I did that and I still con't connect via ssh over the internet.  SSH
works
> fine on the intranet (LAN). TCP port 22 shows open on a port scan. I can
> connect to webmin on my linux box over the internet. So, what could be
> causing my problem? It's probably some kind of configuration problem. I
was
> wondering if one of the hops between the client and server could be
causing
> a problem? Doesn't seem likely.
> 
> 
> 



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Praedor Tempus]

On Sunday 03 February 2002 01:54 pm, Lee Roberts wrote:
> At 08:27 AM 1/30/2002 -0800, Deryk Barker wrote:
> >Thus spake Thomas Sourmail ([EMAIL PROTECTED]):
> >> > > sshd: ALL
> >> >
> >> > Sure; that lets you access via SSH from anywhere in the world.
>
> I did that and I still con't connect via ssh over the internet.  SSH works
> fine on the intranet (LAN). TCP port 22 shows open on a port scan. I can
> connect to webmin on my linux box over the internet. So, what could be
> causing my problem? It's probably some kind of configuration problem. I was
> wondering if one of the hops between the client and server could be causing
> a problem? Doesn't seem likely.


I may have missed it somewhere but are you behind a firewall? 



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Lee Roberts]

At 08:27 AM 1/30/2002 -0800, Deryk Barker wrote:
>Thus spake Thomas Sourmail ([EMAIL PROTECTED]):
>
>> > > sshd: ALL
>> > 
>> > Sure; that lets you access via SSH from anywhere in the world.

I did that and I still con't connect via ssh over the internet.  SSH works
fine on the intranet (LAN). TCP port 22 shows open on a port scan. I can
connect to webmin on my linux box over the internet. So, what could be
causing my problem? It's probably some kind of configuration problem. I was
wondering if one of the hops between the client and server could be causing
a problem? Doesn't seem likely.




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[expert] expert SSH

[falcaraz]

Dear friends, I have some question about security and SSH:

1) I test in a system runing Mandrake 8.0 a high security
level, but I had problem with the port 22: How can I get it
open?

2) I restart the low security level an ssh start to run
again, but now i can't use telnet neither ftp. In 8.1 there
are in DrakConf the possibility to activate both: telnet and
wu-ftp, but not in 8.0, at least in the computer I am
testing. What can I do to make both services run again
without DrakConf?


Thanks so much in advance for your help, yours sincerely

Francisco Alcaraz
Murcia (Spain)





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Lee Roberts]

Oscar wrote:

> El mié, 30-01-2002 a las 11:50, Lars Roland Kristiansen escribió:
> > On 30 Jan 2002, Oscar wrote:
> >
> > > El mié, 30-01-2002 a las 09:10, Lars Roland Kristiansen escribió:
> > > > I have just installed a mandrake server. It is configured with high
> > > > security level, and sshd is runing. My question is this: where du I put
> > > > the ipnames of the computers that are to be allowd to connect to the
> > > > server using ssh. I have put the names in /etc/hosts.allow but this doesnt
> > > > seam to be enough.
> > > >
> > > > Sorry for my bad english.
> > > >
> > > > ___
> > > > Mvh./Yours sincerely
> > > >
> > > > Lars
> > >
> > > /etc/hosts.allow is the correct place to put the names.
> > > On the other hand, if you have a firewall running you must leave the
> > > port 22 open.
> > > Saludos
> > > óscar.
> > >
> >
> > Is an IP name enough or do i have to specifie INED service
> > can somone pleace show me an hosts.allow file with ssh enabled that would
> > help
> >
> >
> > ___
> > Mvh./Yours sincerely
> >
> > Lars
>
> For example, if you need allow access to 123.123.123.123, you must put
> in /etc/hosts.allow this:
>
> sshd:123.132.123.123
>
> You can also put the ALL: prefix instead of sshd:, but you will grant
> access to all services using hosts.allow.
>
> And you can use netmasks:
>
> sshd:123.123.123.0/255.255.255.0
>

I was wondering if the following is acceptable:

sshd: ALL

I am having trouble with connecting with SSH from the internet even though port 22
is open and I'm not specifically denying any connection. I disabled the firewall to
see if there was a rule that it was blocking the connections but I still couldn't
connect from the internet. SSH does work when connecting within my intranet (LAN).





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Deryk Barker]

Thus spake Thomas Sourmail ([EMAIL PROTECTED]):

> > > sshd: ALL
> > 
> > Sure; that lets you access via SSH from anywhere in the world.
> 
> Just in case, some ssh servers (protocol 1) have serious security issues
> (probably not the recent openssh distr. which, I believe, is the default),
> anyway, it's not a bad idea to disable protocol 1. Most of the clients are
> now 'protocol 2 able' anyway.

If it's a linux client, be sure to get the latest openssh (3.0.2p1)
which fixes a security hole which (IIRC) ignored  hosts.allow and
hosts.deny. 

-- 
|Deryk Barker, Computer Science Dept. | Music does not have to be understood|
|Camosun College, Victoria, BC, Canada| It has to be listened to.   |
|email: [EMAIL PROTECTED] | |
|phone: +1 250 370 4452   | Hermann Scherchen.  |




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Thomas Sourmail]

> > sshd: ALL
> 
> Sure; that lets you access via SSH from anywhere in the world.

Just in case, some ssh servers (protocol 1) have serious security issues
(probably not the recent openssh distr. which, I believe, is the default),
anyway, it's not a bad idea to disable protocol 1. Most of the clients are
now 'protocol 2 able' anyway.

Thomas.





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Mike Leone]

> I was wondering if the following is acceptable:
> 
> sshd: ALL

Sure; that lets you access via SSH from anywhere in the world.





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Lars Roland Kristiansen]

Thanks for some reason i also had to put sshd1 sshd2 in there to but know
it works 



On 30 Jan 2002, Oscar wrote:

> El mié, 30-01-2002 a las 11:50, Lars Roland Kristiansen escribió:
> > On 30 Jan 2002, Oscar wrote:
> > 
> > > El mié, 30-01-2002 a las 09:10, Lars Roland Kristiansen escribió:
> > > > I have just installed a mandrake server. It is configured with high
> > > > security level, and sshd is runing. My question is this: where du I put
> > > > the ipnames of the computers that are to be allowd to connect to the
> > > > server using ssh. I have put the names in /etc/hosts.allow but this doesnt
> > > > seam to be enough.
> > > > 
> > > > Sorry for my bad english.
> > > > 
> > > > ___
> > > > Mvh./Yours sincerely
> > > > 
> > > > Lars 
> > > 
> > > /etc/hosts.allow is the correct place to put the names.
> > > On the other hand, if you have a firewall running you must leave the
> > > port 22 open.
> > > Saludos
> > > óscar.
> > >  
> > 
> > Is an IP name enough or do i have to specifie INED service 
> > can somone pleace show me an hosts.allow file with ssh enabled that would
> > help
> > 
> > 
> > ___
> > Mvh./Yours sincerely
> > 
> > Lars 
> 
> For example, if you need allow access to 123.123.123.123, you must put
> in /etc/hosts.allow this:
> 
> sshd:123.132.123.123
> 
> You can also put the ALL: prefix instead of sshd:, but you will grant
> access to all services using hosts.allow.
> 
> And you can use netmasks:
> 
> sshd:123.123.123.0/255.255.255.0
> 
> Hope this help you.
> Saludos
> óscar.
> 
> -- 
>   .-.
>   oo|
>  /`'\  Usuario de Linux Registrado #227443
> (\_;/) http://counter.li.org/
> 
> 
> 

___
Mvh./Yours sincerely

Lars 


Lars Roland Kristiansen | Email:[EMAIL PROTECTED] 
Stu. Sci. Math/Computer science | TLF(home):39670663 
Copenhagen University - | Home address: Emdrupvej 175 
Institute for Mathematical Sciences | C/O Rune Bruhn 2400 Copenhagen NV 
Url: www.math.ku.dk |


   "Politics is for the moment, equations are forever"
- Albert Einstein





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Oscar]

El mié, 30-01-2002 a las 11:50, Lars Roland Kristiansen escribió:
> On 30 Jan 2002, Oscar wrote:
> 
> > El mié, 30-01-2002 a las 09:10, Lars Roland Kristiansen escribió:
> > > I have just installed a mandrake server. It is configured with high
> > > security level, and sshd is runing. My question is this: where du I put
> > > the ipnames of the computers that are to be allowd to connect to the
> > > server using ssh. I have put the names in /etc/hosts.allow but this doesnt
> > > seam to be enough.
> > > 
> > > Sorry for my bad english.
> > > 
> > > ___
> > > Mvh./Yours sincerely
> > > 
> > > Lars 
> > 
> > /etc/hosts.allow is the correct place to put the names.
> > On the other hand, if you have a firewall running you must leave the
> > port 22 open.
> > Saludos
> > óscar.
> >  
> 
> Is an IP name enough or do i have to specifie INED service 
> can somone pleace show me an hosts.allow file with ssh enabled that would
> help
> 
> 
> ___
> Mvh./Yours sincerely
> 
> Lars 

For example, if you need allow access to 123.123.123.123, you must put
in /etc/hosts.allow this:

sshd:123.132.123.123

You can also put the ALL: prefix instead of sshd:, but you will grant
access to all services using hosts.allow.

And you can use netmasks:

sshd:123.123.123.0/255.255.255.0

Hope this help you.
Saludos
óscar.

-- 
  .-.
  oo|
 /`'\  Usuario de Linux Registrado #227443
(\_;/) http://counter.li.org/




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Lars Roland Kristiansen]

On 30 Jan 2002, Oscar wrote:

> El mié, 30-01-2002 a las 09:10, Lars Roland Kristiansen escribió:
> > I have just installed a mandrake server. It is configured with high
> > security level, and sshd is runing. My question is this: where du I put
> > the ipnames of the computers that are to be allowd to connect to the
> > server using ssh. I have put the names in /etc/hosts.allow but this doesnt
> > seam to be enough.
> > 
> > Sorry for my bad english.
> > 
> > ___
> > Mvh./Yours sincerely
> > 
> > Lars 
> 
> /etc/hosts.allow is the correct place to put the names.
> On the other hand, if you have a firewall running you must leave the
> port 22 open.
> Saludos
> óscar.
>  

Is an IP name enough or do i have to specifie INED service 
can somone pleace show me an hosts.allow file with ssh enabled that would
help


___
Mvh./Yours sincerely

Lars 


Lars Roland Kristiansen | Email:[EMAIL PROTECTED] 
Stu. Sci. Math/Computer science | TLF(home):39670663 
Copenhagen University - | Home address: Emdrupvej 175 
Institute for Mathematical Sciences | C/O Rune Bruhn 2400 Copenhagen NV 
Url: www.math.ku.dk |


   "Politics is for the moment, equations are forever"
- Albert Einstein





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Oscar]

El mié, 30-01-2002 a las 09:10, Lars Roland Kristiansen escribió:
> I have just installed a mandrake server. It is configured with high
> security level, and sshd is runing. My question is this: where du I put
> the ipnames of the computers that are to be allowd to connect to the
> server using ssh. I have put the names in /etc/hosts.allow but this doesnt
> seam to be enough.
> 
> Sorry for my bad english.
> 
> ___
> Mvh./Yours sincerely
> 
> Lars 

/etc/hosts.allow is the correct place to put the names.
On the other hand, if you have a firewall running you must leave the
port 22 open.
Saludos
óscar.
 


-- 
  .-.
  oo|
 /`'\  Usuario de Linux Registrado #227443
(\_;/) http://counter.li.org/




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[expert] SSH

[Lars Roland Kristiansen]

I have just installed a mandrake server. It is configured with high
security level, and sshd is runing. My question is this: where du I put
the ipnames of the computers that are to be allowd to connect to the
server using ssh. I have put the names in /etc/hosts.allow but this doesnt
seam to be enough.

Sorry for my bad english.

___
Mvh./Yours sincerely

Lars 


Lars Roland Kristiansen | Email:[EMAIL PROTECTED] 
Stu. Sci. Math/Computer science | TLF(home):39670663 
Copenhagen University - | Home address: Emdrupvej 175 
Institute for Mathematical Sciences | C/O Rune Bruhn 2400 Copenhagen NV 
Url: www.math.ku.dk |


   "Politics is for the moment, equations are forever"
- Albert Einstein





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Fedneg]

Where is the Mac client for TighVNC? I just can find the UNIX, Windows
and java ones.



On Mon, 2002-01-21 at 16:57, James Sparenberg wrote:
> Having used VNC almost daily for a year I can offer the following.  TightVNC is the 
>least bandwidth intensive.  Available at tightvnc.com  There are clients for Windows, 
>Linux, (linux builds on FreeBSD) and Mac.  Viewing Linux on windows is better than 
>the other way around.  Since Windows doesn't multitask everyone winds up with the 
>same desktop, and you tend to crash windows (what a suprise) fairly easy.  However if 
>you are on windows and viewing linux it rocks.  It's useable down to a 56k connection 
>but it feels a lot like a 486 at 56k.  Use a window manager like ice or fvvm for the 
>best results. KDE and Gnome are tooo graphicaly intesive for remote viewing. 
>However the apps from kde and gnome work well under ice or fvvm.  If you go regular 
>VNC they even have a client for CE.  It works as a viewer but its not the fastest 
>thing in the world.
> 
> James
> 
> On Mon, 21 Jan 2002 01:07:09 -0700
> "Vincent Danen" <[EMAIL PROTECTED]> wrote:
> 
> > On Fri Jan 18, 2002 at 09:20:28PM -0700, Lee Roberts wrote:
> > 
> > > I'm trying to figure out how to make that work with my Win2K machine. I'm
> > > using ttsh on the Win2K PC to establish an SSH connection with the Linux
> > > machine. There's an option in ttssh for running remote X apps on the local
> > > X server but there doesn't appear to be a listing for an X server in the
> > > Win2K services. I suppose that there is an X app for Win2K somewhere?
> > 
> > You need to be running an X server on your Windows machine and no,
> > Win2k does not come with one.
> > 
> > There are some commercial X servers for Windows, but I can't really
> > remember which are good and which aren't... it's been a while since I
> > looked (probably over a year).  When I last did, there were no free X
> > servers for Windows.
> > 
> > What you probably need is to setup VNC... I know that you can get
> > Windows showing up on your Linux box this way, but not sure about vice
> > versa (I think it will work... I remember turning on and off the
> > wife's xmms when I played with it before, but whether I was on the
> > Windows machine or my Linux machine I don't recall).
> > 
> > FYI (and this is more for others reading as I don't think this matters
> > much to you in particular), I just got an X server running on
> > MacOS/X... now all I need is to find an ssh client for MacOS/X and I
> > can run xchat on it by tunneling it from my Linux box (wOOp!).
> > 
> > -- 
> > MandrakeSoft Security, OpenPGP key available on www.keyserver.net
> > 1024D/FE6F2AFD   88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD
> > 
> > Current Linux kernel 2.4.8-34.1mdk uptime: 9 days 11 hours 43 minutes.
> > 
> 
> 
> 

> Want to buy your Pack or Services from MandrakeSoft? 
> Go to http://www.mandrakestore.com






Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Jean-Christophe Berthon]

> Having used VNC almost daily for a year I can offer the following.
TightVNC is the least bandwidth intensive.  Available at tightvnc.com  There
are clients for Windows, Linux, (linux builds on FreeBSD) and Mac.  Viewing
Linux on windows is better than the other way around.  Since Windows doesn't
multitask everyone winds up with the same desktop, and you tend to crash
windows (what a suprise) fairly easy.  However if you are on windows and
viewing linux it rocks.  It's useable down to a 56k connection but it feels
a lot like a 486 at 56k.  Use a window manager like ice or fvvm for the best
results. KDE and Gnome are tooo graphicaly intesive for remote viewing.
However the apps from kde and gnome work well under ice or fvvm.  If you go
regular VNC they even have a client for CE.  It works as a viewer but its
not the fastest thing in the world.
>

I'm not using VNC (I'm using a commercial software - Exceed - to access a
remote Linux-box) It's not the same philosophy, but we remarked one thing
(just for information) :
Under KDE we have a bandwith used of 10kbytes emiting from the server. While
under Gnome this rise up to 350kbytes!!! Using other window manager, it
droped a bit for about 7-8kbytes... Maybe you'll have the same experience
via VNC

J-C

PS: I'm speaking in bytes! not in bits

 
__
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[James Sparenberg]

Having used VNC almost daily for a year I can offer the following.  TightVNC is the 
least bandwidth intensive.  Available at tightvnc.com  There are clients for Windows, 
Linux, (linux builds on FreeBSD) and Mac.  Viewing Linux on windows is better than the 
other way around.  Since Windows doesn't multitask everyone winds up with the same 
desktop, and you tend to crash windows (what a suprise) fairly easy.  However if you 
are on windows and viewing linux it rocks.  It's useable down to a 56k connection but 
it feels a lot like a 486 at 56k.  Use a window manager like ice or fvvm for the best 
results. KDE and Gnome are tooo graphicaly intesive for remote viewing. However 
the apps from kde and gnome work well under ice or fvvm.  If you go regular VNC they 
even have a client for CE.  It works as a viewer but its not the fastest thing in the 
world.

James

On Mon, 21 Jan 2002 01:07:09 -0700
"Vincent Danen" <[EMAIL PROTECTED]> wrote:

> On Fri Jan 18, 2002 at 09:20:28PM -0700, Lee Roberts wrote:
> 
> > I'm trying to figure out how to make that work with my Win2K machine. I'm
> > using ttsh on the Win2K PC to establish an SSH connection with the Linux
> > machine. There's an option in ttssh for running remote X apps on the local
> > X server but there doesn't appear to be a listing for an X server in the
> > Win2K services. I suppose that there is an X app for Win2K somewhere?
> 
> You need to be running an X server on your Windows machine and no,
> Win2k does not come with one.
> 
> There are some commercial X servers for Windows, but I can't really
> remember which are good and which aren't... it's been a while since I
> looked (probably over a year).  When I last did, there were no free X
> servers for Windows.
> 
> What you probably need is to setup VNC... I know that you can get
> Windows showing up on your Linux box this way, but not sure about vice
> versa (I think it will work... I remember turning on and off the
> wife's xmms when I played with it before, but whether I was on the
> Windows machine or my Linux machine I don't recall).
> 
> FYI (and this is more for others reading as I don't think this matters
> much to you in particular), I just got an X server running on
> MacOS/X... now all I need is to find an ssh client for MacOS/X and I
> can run xchat on it by tunneling it from my Linux box (wOOp!).
> 
> -- 
> MandrakeSoft Security, OpenPGP key available on www.keyserver.net
> 1024D/FE6F2AFD   88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD
> 
> Current Linux kernel 2.4.8-34.1mdk uptime: 9 days 11 hours 43 minutes.
> 



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Vincent Danen]

On Fri Jan 18, 2002 at 09:20:28PM -0700, Lee Roberts wrote:

> I'm trying to figure out how to make that work with my Win2K machine. I'm
> using ttsh on the Win2K PC to establish an SSH connection with the Linux
> machine. There's an option in ttssh for running remote X apps on the local
> X server but there doesn't appear to be a listing for an X server in the
> Win2K services. I suppose that there is an X app for Win2K somewhere?

You need to be running an X server on your Windows machine and no,
Win2k does not come with one.

There are some commercial X servers for Windows, but I can't really
remember which are good and which aren't... it's been a while since I
looked (probably over a year).  When I last did, there were no free X
servers for Windows.

What you probably need is to setup VNC... I know that you can get
Windows showing up on your Linux box this way, but not sure about vice
versa (I think it will work... I remember turning on and off the
wife's xmms when I played with it before, but whether I was on the
Windows machine or my Linux machine I don't recall).

FYI (and this is more for others reading as I don't think this matters
much to you in particular), I just got an X server running on
MacOS/X... now all I need is to find an ssh client for MacOS/X and I
can run xchat on it by tunneling it from my Linux box (wOOp!).

-- 
MandrakeSoft Security, OpenPGP key available on www.keyserver.net
1024D/FE6F2AFD   88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD

Current Linux kernel 2.4.8-34.1mdk uptime: 9 days 11 hours 43 minutes.



msg48195/pgp0.pgp
Description: PGP signature

Re: [expert] SSH TCP connection problem

[G. T. Francisco, III]

On Sat, Jan 19, 2002 at 08:01:50PM -0700, Lee Roberts said:
> At 07:17 PM 1/19/2002 -0600, G. T. Francisco, III wrote:
> >On Sat, Jan 19, 2002 at 11:58:06AM -0700, Lee Roberts said:
> >> I can get an SSH session from the intranet but not from the internet.
> >> A port scan shows TCP port 22 open but the connection is refused when
> >> trying to connect to my Linux box from the internet. I probably have
> >> a config file problem. Can someone save me the time of studying man
> >> pages, etc? BTW, I'm using ttssh on a laptop running Win2K to try to
> >> establish the SSH connection to the Linux box (works OK on the
> >> intranet but not the internet).
> >> 
> >
> >
> >Check your firewall (ipchains/iptables) rules, check your hosts.allow
> >and hosts.deny also.
> 
> Why would I need to check iptables when a port scan shows the TCP port 22 open?
> 
> hosts.allow and hosts.deny are empty.
> 

The port could be open (you did the port scan from the internet,
right?) but an iptables rule could still deny access to a specific ip
address or interface.

HTH,




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH TCP connection problem

[Lee Roberts]

At 07:17 PM 1/19/2002 -0600, G. T. Francisco, III wrote:
>On Sat, Jan 19, 2002 at 11:58:06AM -0700, Lee Roberts said:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>> 
>> I can get an SSH session from the intranet but not from the internet.
>> A port scan shows TCP port 22 open but the connection is refused when
>> trying to connect to my Linux box from the internet. I probably have
>> a config file problem. Can someone save me the time of studying man
>> pages, etc? BTW, I'm using ttssh on a laptop running Win2K to try to
>> establish the SSH connection to the Linux box (works OK on the
>> intranet but not the internet).
>> 
>
>
>Check your firewall (ipchains/iptables) rules, check your hosts.allow
>and hosts.deny also.

Why would I need to check iptables when a port scan shows the TCP port 22 open?

hosts.allow and hosts.deny are empty.

>
>If using a linux box, you can do a "ssh -v" and you will get more debug
>messages.

I'm logging in from a Windows machine remotely from whatever ISP I'm using.




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH TCP connection problem

[G. T. Francisco, III]

On Sat, Jan 19, 2002 at 11:58:06AM -0700, Lee Roberts said:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> I can get an SSH session from the intranet but not from the internet.
> A port scan shows TCP port 22 open but the connection is refused when
> trying to connect to my Linux box from the internet. I probably have
> a config file problem. Can someone save me the time of studying man
> pages, etc? BTW, I'm using ttssh on a laptop running Win2K to try to
> establish the SSH connection to the Linux box (works OK on the
> intranet but not the internet).
> 


Check your firewall (ipchains/iptables) rules, check your hosts.allow
and hosts.deny also.

If using a linux box, you can do a "ssh -v" and you will get more debug
messages.

HTH,




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[expert] SSH TCP connection problem

[Lee Roberts]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I can get an SSH session from the intranet but not from the internet.
A port scan shows TCP port 22 open but the connection is refused when
trying to connect to my Linux box from the internet. I probably have
a config file problem. Can someone save me the time of studying man
pages, etc? BTW, I'm using ttssh on a laptop running Win2K to try to
establish the SSH connection to the Linux box (works OK on the
intranet but not the internet).

While I'm here, when creating an RSA key for establishing an SSH
connection, how do I create the key? Is it something as simple as
generating an RSA key with PGP and giving it an ID of SSH? I don't
believe that GPG does RSA keys so I guess I'll have to install PGP on
the Linux box. I have PGP 6.5 on my Windows clients (I use ttssh on
the Windows computers to get an SSH connection with the Linux box).

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.8 for non-commercial use 

iQA/AwUBPEnBtowoPKBUx8xQEQI/IQCgzV9wapKgWkzVpYMtS7Qkkq6SyAQAoISh
K//zuOJLeWwP9HZMxiDQDAtG
=8uZu
-END PGP SIGNATURE-




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Lee Roberts]

At 09:03 PM 1/18/2002 -0500, Michael Osten wrote: 
>
> f8c28c.jpg> Re [expert]
> SSH1.ems Content-Type: text/plain; charset=US-ASCII
> Content-Transfer-Encoding: 7bit
>
>
> *** PGP Signature Status: bad
> *** Signer: Michael Osten <[EMAIL PROTECTED]> (Invalid)
> *** Signed: 1/18/2002 7:03:19 PM
> *** Verified: 1/18/2002 9:23:50 PM
> *** BEGIN PGP VERIFIED MESSAGE ***
>
> Some where in the universe on 19 Jan 2002 02:47:50 +0100
> The Spam Disposal Plant <[EMAIL PROTECTED]> wrote:
>
> > ever tried "ssh -X user@host", that should set the display automagically
> > for you
> > 
> > udo
> > 
> > On Sat, 2002-01-19 at 01:32, Lee Roberts wrote:
> > > What do I need to do to run apps when logged in with SSH? When I try
> to run
> > > apps, I get a message that $DISPLAY isn't set. I don't seem to be able
> to
> > > find anything for setting up that environment variable.
> > 
>
> Do you get something like this when you ssh to the remote box "Warning:
> Remote host denied X11 forwarding"?  Edit /etc/ssh/sshd.conf and change
> "X11Forwarding no" to "X11Forwarding yes", restart sshd, logout completly
> and log back in to the remote machine.  When I switched mine to "no", I
> get the error you were seeing.


No. I don't get that error message. And I checked /etc/ssh/sshd_config and it
shows "X11 Forwarding yes".

When I changed ttsh (Windows) to allow X forwarding (I checked the box for
"allow remote X apps to run on local X server") I got the following messages
when trying to run Kmail (I like the line that says "committing suicide"):

DCOPClient::attachInternal. Attach failed Could not open network socket
DCOPClient::attachInternal. Attach failed Could not open network socket
DCOPServer up and running.
kded: Fatal IO error: client killed
DCOP aborting call from 'anonymous-5811' to 'kded'
ERROR: KUniqueApplication: DCOP communication error!
X connection to n0sq.net:10.0 broken (explicit kill or server shutdown).
kio (KLauncher): ERROR: KLauncher: KDEInit communication error! Commiting
suicide!
kmail: Fatal IO error: client killed
DCOP aborting call from 'anonymous-5801' to 'kmail'
ERROR: KUniqueApplication: DCOP communication error!


There is another ttssh window in the setup for X forwarding that appears to
allow ports to be redirected(?).

<>
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Lee Roberts]

I'm trying to figure out how to make that work with my Win2K machine. I'm
using ttsh on the Win2K PC to establish an SSH connection with the Linux
machine. There's an option in ttssh for running remote X apps on the local
X server but there doesn't appear to be a listing for an X server in the
Win2K services. I suppose that there is an X app for Win2K somewhere?

At 02:47 AM 1/19/2002 +0100, The Spam Disposal Plant wrote:
>ever tried "ssh -X user@host", that should set the display automagically
>for you
>
>udo
>
>On Sat, 2002-01-19 at 01:32, Lee Roberts wrote:
>> What do I need to do to run apps when logged in with SSH? When I try to run
>> apps, I get a message that $DISPLAY isn't set. I don't seem to be able to
>> find anything for setting up that environment variable.




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Michael Osten]

Some where in the universe on 19 Jan 2002 02:47:50 +0100
The Spam Disposal Plant <[EMAIL PROTECTED]> wrote:

> ever tried "ssh -X user@host", that should set the display automagically
> for you
> 
> udo
> 
> On Sat, 2002-01-19 at 01:32, Lee Roberts wrote:
> > What do I need to do to run apps when logged in with SSH? When I try
to run
> > apps, I get a message that $DISPLAY isn't set. I don't seem to be able
to
> > find anything for setting up that environment variable.
> > 
> > 
> > 
> > 
> 
> > Want to buy your Pack or Services from MandrakeSoft? 
> > Go to http://www.mandrakestore.com
> 
> 
> 
> 

Do you get something like this when you ssh to the remote box "Warning:
Remote host denied X11 forwarding"?  Edit /etc/ssh/sshd.conf and change
"X11Forwarding no" to "X11Forwarding yes", restart sshd, logout completly
and log back in to the remote machine.  When I switched mine to "no", I
get the error you were seeing.
-
-
Michael Osten
Reefedge Inc.








msg48083/pgp0.pgp
Description: PGP signature

Re: [expert] SSH

[The Spam Disposal Plant]

ever tried "ssh -X user@host", that should set the display automagically
for you

udo

On Sat, 2002-01-19 at 01:32, Lee Roberts wrote:
> What do I need to do to run apps when logged in with SSH? When I try to run
> apps, I get a message that $DISPLAY isn't set. I don't seem to be able to
> find anything for setting up that environment variable.
> 
> 
> 
> 

> Want to buy your Pack or Services from MandrakeSoft? 
> Go to http://www.mandrakestore.com





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Lee Roberts]

Yes, I'm logged in from a remote terminal when trying to execute the programs.

At 03:18 AM 1/18/2002 +0200, Tal Amir wrote:
>hmm...
>are you trying to run apps with gui interface remotly from terminal ? ;)
>
>
>On Fri, 18 Jan 2002, Lee Roberts wrote:
>
>> Date: Fri, 18 Jan 2002 17:32:48 -0700
>> From: Lee Roberts <[EMAIL PROTECTED]>
>> Reply-To: [EMAIL PROTECTED]
>> To: [EMAIL PROTECTED]
>> Subject: [expert] SSH
>> 
>> What do I need to do to run apps when logged in with SSH? When I try to run
>> apps, I get a message that $DISPLAY isn't set. I don't seem to be able to
>> find anything for setting up that environment variable.
>> 
>> 
>> 
>
>-- 
>---
>_|_|_ Best Regard's ,
>  ( )   *  Amir Tal,  
>  /v\  /   System Administrator
>/(   )X
> (m_m)  
>| |ICQ : 15748705
>| (_)_ __  
>| | | '_ \| | | \ \/ /   
>| | | | | | |_| |>  <
>|_)_|_|_| |_|__,_/_/\
> http://whatsup.homelinux.com 
>---
>
>
>Want to buy your Pack or Services from MandrakeSoft? 
>Go to http://www.mandrakestore.com




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Lee Roberts]

I didn't do su. I logged in as a normal user (but I do have root privaledges).
The apps that I was executing are user executable programs.

At 08:09 PM 1/18/2002 -0500, Michael Osten wrote: 
>
> 60f795.jpg> Re [expert]
> SSH.ems Content-Type: text/plain; charset=US-ASCII
> Content-Transfer-Encoding: 7bit
>
>
> *** PGP Signature Status: bad
> *** Signer: Michael Osten <[EMAIL PROTECTED]> (Invalid)
> *** Signed: 1/18/2002 6:10:00 PM
> *** Verified: 1/18/2002 6:38:04 PM
> *** BEGIN PGP VERIFIED MESSAGE ***
>
> Some where in the universe on Fri, 18 Jan 2002 17:32:48 -0700
> Lee Roberts <[EMAIL PROTECTED]> wrote:
>
> > What do I need to do to run apps when logged in with SSH? When I try to
> run
> > apps, I get a message that $DISPLAY isn't set. I don't seem to be able
> to
> > find anything for setting up that environment variable.
>
>
> ssh should export your display automagicly.  However, if you are su'd as a
> diffrent user than you originally ssh'd as, you may have to execute a
> 'xhost +' to get control of the display.  --Warning-- 'xhost +' is not
> very secure.
>
>
> -
> -
> Michael Osten
> Reefedge Inc.
>
>
>
>
>
>
>
> *** END PGP VERIFIED MESSAGE ***



<>
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Tal Amir]

hmm...
are you trying to run apps with gui interface remotly from terminal ? ;)


On Fri, 18 Jan 2002, Lee Roberts wrote:

> Date: Fri, 18 Jan 2002 17:32:48 -0700
> From: Lee Roberts <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: [expert] SSH
> 
> What do I need to do to run apps when logged in with SSH? When I try to run
> apps, I get a message that $DISPLAY isn't set. I don't seem to be able to
> find anything for setting up that environment variable.
> 
> 
> 

-- 
---
_|_|_ Best Regard's ,
  ( )   *  Amir Tal,  
  /v\  /   System Administrator
/(   )X
 (m_m)  
| |ICQ : 15748705
| (_)_ __  
| | | '_ \| | | \ \/ /   
| | | | | | |_| |>  <
|_)_|_|_| |_|__,_/_/\
 http://whatsup.homelinux.com 
---




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] SSH

[Michael Osten]

Some where in the universe on Fri, 18 Jan 2002 17:32:48 -0700
Lee Roberts <[EMAIL PROTECTED]> wrote:

> What do I need to do to run apps when logged in with SSH? When I try to
run
> apps, I get a message that $DISPLAY isn't set. I don't seem to be able
to
> find anything for setting up that environment variable.


ssh should export your display automagicly.  However, if you are su'd as a
diffrent user than you originally ssh'd as, you may have to execute a
'xhost +' to get control of the display.  --Warning-- 'xhost +' is not
very secure.


-
-
Michael Osten
Reefedge Inc.








msg48077/pgp0.pgp
Description: PGP signature

[expert] SSH

[Lee Roberts]

What do I need to do to run apps when logged in with SSH? When I try to run
apps, I get a message that $DISPLAY isn't set. I don't seem to be able to
find anything for setting up that environment variable.




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] SSH message not to panic

[Franki]

Actually, I don't mean to be arguementative,,,  but your wrong :-)

take a look at lines 203 and 205 of /etc/portsentry/portsentry.conf

its a kill route for ipchains or iptables, you just choose the one you want,
(uncomment it) and it will add a rule for each blocked host... I have used
it and it works well...
portsentry has done this since ver 1 or before. (it worked on Mandrake7.2)


rgds

Frank

-Original Message-
From: Michael Viron [mailto:[EMAIL PROTECTED]]
Sent: Friday, 18 January 2002 12:04 AM
To: [EMAIL PROTECTED]
Subject: RE: [expert] SSH message not to panic


>Then anyone scanning your ssh port would be blocked by ipchains/iptables,
>except you, so you can connect to your hearts content without worrying
about
>getting rooted.
actually, no.  Portsentry will add the IP to hosts.deny, but will not
create an ipchains / iptables rule.  To do that, you'd either have to grep
for the warn info in the log file, and then add the ipchains / iptables
rules based on that (via a cronned script) or hack portsentry.
>
>
>incidently, does anyone know how to creat a iptables rule based on allowing
>access to a domain name? (ie not an IP address)

should be the same as the ones for ip, except replace the IP with the name.
 I believe:
A) when the machine in question attempts to connect, it will translate the
IP to whatever the name is and then check the rule based on that.
B) or, the name in the rule will be translated to the IP in question, and
then the rule will be checked.

'Address can be either a hostname, a network name, or a plain IP address.'
stated in both the ipchains and iptables man pages.

Michael

--
Michael Viron
Registered Linux User #81978
Senior Systems & Administration Consultant
Web Spinners, University of West Florida




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com