Re: [ubuntu-uk] jeOS!! umm does it work?
On Fri, Jan 11, 2008 at 09:53:13PM +, Chris Rowson wrote: Are you entirely sure chaps? No :) I thought JeOS was a bare-bones operating system designed for people to base virtual appliances on. Tht makes more sense, yes :) I was wrong, sorry. Cheers Al. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] jeOS!! umm does it work?
On 1/12/08, Alan Pope [EMAIL PROTECTED] wrote: On Fri, Jan 11, 2008 at 09:53:13PM +, Chris Rowson wrote: Are you entirely sure chaps? I thought JeOS was a bare-bones operating system designed for people to base virtual appliances on. Tht makes more sense, yes :) I don't actually understand this at all... I, like you, thought that JeOS would be the base operating system and then you'd install VMWare on that and then the Operating System on top of that, hence cutting out the overhead of a large bloated core operating system. I think I'm missing something, but if anybody could explain the rationale behind running JeOS in a virtual machine I'd be grateful... Sean -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
[ubuntu-uk] SSH question
On a box at home, I have ssh running on a non-specific high numbered port. Is it possible to also have it (ssh) listen on port 22, but limit it to computers on the local network? The reason for asking is that I'd like to do things like synchronise my tomboy notes over ssh, but there is nowhere in tomboy (that I can find) to configure the port for the add-in. TIA -- Steve Garton http://www.sheepeatingtaz.co.uk -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] SSH question
Couldn't you use port forwarding on your router? So have the sshd running on port 22 but expose it to the world at large on port, say, 2000 ? Sean -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] SSH question
On 12/01/2008, Sean Miller [EMAIL PROTECTED] wrote: Couldn't you use port forwarding on your router? So have the sshd running on port 22 but expose it to the world at large on port, say, 2000 ? Sean That will do nicely, cheers! -- Steve Garton http://www.sheepeatingtaz.co.uk -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] SSH question
On Sat, Jan 12, 2008 at 09:13:56AM +, Stephen Garton wrote: On a box at home, I have ssh running on a non-specific high numbered port. Is it possible to also have it (ssh) listen on port 22, but limit it to computers on the local network? Why also have it on 22? Why not just edit ~/.ssh/config and add a line like this:- Host box Port (or whatever the hostname and port number is) The reason for asking is that I'd like to do things like synchronise my tomboy notes over ssh, but there is nowhere in tomboy (that I can find) to configure the port for the add-in. I do the above for exactly this reason. Cheers, Al. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] SSH question
Hi Al, On 12/01/2008, Alan Pope [EMAIL PROTECTED] wrote: On Sat, Jan 12, 2008 at 09:13:56AM +, Stephen Garton wrote: On a box at home, I have ssh running on a non-specific high numbered port. Is it possible to also have it (ssh) listen on port 22, but limit it to computers on the local network? Why also have it on 22? Why not just edit ~/.ssh/config and add a line like this:- Host box Port (or whatever the hostname and port number is) I do/did. When I had (continuing your example) Port on it's own in /etc/ssh/sshd_config (please let me know if this is not the one I should be using, as it is the one I have stored in my notes that are a year or two old on how to use ssh!) Tomboy reported it couldn't contact the host. The reason for asking is that I'd like to do things like synchronise my tomboy notes over ssh, but there is nowhere in tomboy (that I can find) to configure the port for the add-in. I do the above for exactly this reason. Sorry, I think I'm lost. Will tomboy sync over ssh when a non-standard port is used? -- Steve Garton http://www.sheepeatingtaz.co.uk -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] SSH question
Stephen Garton wrote: SNIP Sorry, I think I'm lost. Will tomboy sync over ssh when a non-standard port is used? From the seems of it - tomboy won't allow non standard ssh ports. You could work around it by mounting via fuse/sshfs and sync'ing with the local mount point. However, i'd keep it at 22 if it doesn't cause too many problems. Just a point of note, i've had 550 different IP's try and hack a ssh server on port 22 in the last 4 months. So if it's publicly accessible server i would employ some further security such as 'fail2ban'. Kind Regards, Dave Walker -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] jeOS!! umm does it work?
Sean Miller wrote: On 1/12/08, *Alan Pope* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: On Fri, Jan 11, 2008 at 09:53:13PM +, Chris Rowson wrote: Are you entirely sure chaps? I thought JeOS was a bare-bones operating system designed for people to base virtual appliances on. Tht makes more sense, yes :) I don't actually understand this at all... I, like you, thought that JeOS would be the base operating system and then you'd install VMWare on that and then the Operating System on top of that, hence cutting out the overhead of a large bloated core operating system. I think I'm missing something, but if anybody could explain the rationale behind running JeOS in a virtual machine I'd be grateful... Sean When you're building a distributable virtual appliance you want your OS to be start as small as possible. If you use Ubuntu Server you've got a lot more unnecessary bloat to cut down on. Virtual machines tend to run specific tasks, rather than be multi-function servers. Resources in a VM are also more precious than on a host OS because they are rationed by the host software. Regards, Tom -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] SSH question
On Sat, Jan 12, 2008 at 01:23:15PM +, Sean Miller wrote: I wouldn't waste time on this... as I said, just make the router expose your port 22 on your local server on another port to the internet through port forwarding. You'll need to also route whatever other ports you want (eg. port 80) but this would seem a decent solution. Then everything works and life suddenly seems so much less complicated. It's inelegant. Having a process running on one port but via another route is accessible on a different port looks messy. All you need to do is get all the machines to know what port is in use. No redirection needed. Cheers, Al. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] jeOS!! umm does it work?
Michael Holloway wrote: Has anybody else tried jeOS yet? I have tried it on 3 different VMWare servers, 2 AMD based, and one Intel. No matter how hard i try, i cant get it to work. It installs fine, and then freezes on boot, failing to load the Kernel. It would appear that it cant mount the drive. Even when i edit the grub parameters to use /dev/sda1 instead of the UUID. Even after booting from the CD and reinstalling grub etc etc. I've tried to use SCSI and IDE hard drives (i mean virtual hard drives) to no avail. Any one got any ideas, or come across the problem? Googling has not resulted in anything useful. btw , these 3 vmware servers are all running various other versions of Ubuntu, from 6.06 to 7.10. I've just installed JeOS 7.10 on VMware Workstation 6.0.2 on an Ubuntu 7.10 i386 host. It installed perfectly using an IDE emulated hard disk and now it's updated. One cool thing I noticed is that the VMware guest kernel modules are included already in JeOS, that is vmhgfs, vmblock, vmxnet and vmmemctl. I used to have a problem installing Dapper Server 6.06 on older versions of VMware. The solution I found was to use the desktop kernel rather than the server kernel as I couldn't get the server kernel to boot on virtual hardware. It's been ages since I had this problem though, I doubt it's even the same issue. What version of VMware software are you running? Regards, Tom -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] SSH question
On Sat, Jan 12, 2008 at 12:56:30PM +, Stephen Garton wrote: Hi Al, On 12/01/2008, Alan Pope [EMAIL PROTECTED] wrote: On Sat, Jan 12, 2008 at 09:13:56AM +, Stephen Garton wrote: On a box at home, I have ssh running on a non-specific high numbered port. Is it possible to also have it (ssh) listen on port 22, but limit it to computers on the local network? Why also have it on 22? Why not just edit ~/.ssh/config and add a line like this:- Host box Port (or whatever the hostname and port number is) I do/did. When I had (continuing your example) Port on it's own in /etc/ssh/sshd_config (please let me know if this is not the one I should be using, as it is the one I have stored in my notes that are a year or two old on how to use ssh!) Tomboy reported it couldn't contact the host. I am talking about the client not the server. Put that line in ~/.ssh/config on the _client_ and that tells it what port the server uses. The reason for asking is that I'd like to do things like synchronise my tomboy notes over ssh, but there is nowhere in tomboy (that I can find) to configure the port for the add-in. I do the above for exactly this reason. Sorry, I think I'm lost. Will tomboy sync over ssh when a non-standard port is used? Yes. On my server I have /etc/ssh/sshd_config set to , on my client I have ~/.ssh/config set to tell my client what port the server is on. Job done. It works. Cheers, Al. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] SSH question
Alan Pope wrote: On Sat, Jan 12, 2008 at 12:56:30PM +, Stephen Garton wrote: Hi Al, On 12/01/2008, Alan Pope [EMAIL PROTECTED] wrote: On Sat, Jan 12, 2008 at 09:13:56AM +, Stephen Garton wrote: On a box at home, I have ssh running on a non-specific high numbered port. Is it possible to also have it (ssh) listen on port 22, but limit it to computers on the local network? Why also have it on 22? Why not just edit ~/.ssh/config and add a line like this:- Host box Port (or whatever the hostname and port number is) I do/did. When I had (continuing your example) Port on it's own in /etc/ssh/sshd_config (please let me know if this is not the one I should be using, as it is the one I have stored in my notes that are a year or two old on how to use ssh!) Tomboy reported it couldn't contact the host. I am talking about the client not the server. Put that line in ~/.ssh/config on the _client_ and that tells it what port the server uses. The reason for asking is that I'd like to do things like synchronise my tomboy notes over ssh, but there is nowhere in tomboy (that I can find) to configure the port for the add-in. I do the above for exactly this reason. Sorry, I think I'm lost. Will tomboy sync over ssh when a non-standard port is used? Yes. On my server I have /etc/ssh/sshd_config set to , on my client I have ~/.ssh/config set to tell my client what port the server is on. Job done. It works. Cheers, Al. I don't bother changing the server port for sshd, it's security through obscurity. The crackers who only look for your server on port 22 are more of a nuisance than anything else, there's no way they'll get in unless you have a seriously crap password. If someone puts more effort into it they'll find your server no matter what port it's on, and it's them you'll have to worry about. You could also just disable password authentication and set yourself up key-based access to your boxes. I also use FreeNX for remote access to Gnome desktops which doesn't yet work properly when you use a different port and block password authentication. So I just use Denyhosts to block clients that fail authentication, 1 try for the root account and 3 tries for any other account. They get blocked almost instantly using /etc/hosts.deny and I get emailed with their IP and hostname. Regards, Tom -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] SSH question
Tom Bamford wrote: [...] I also use FreeNX for remote access to Gnome desktops which doesn't yet work properly when you use a different port and block password authentication. So I just use Denyhosts to block clients that fail authentication, 1 try for the root account and 3 tries for any other account. They get blocked almost instantly using /etc/hosts.deny and I get emailed with their IP and hostname. Hello, Tom. I had serious problems running FreeNX on Ubuntu 6.06.1 LTS and I've stopped using it. The problem might have been related to my running an openMosix 2.4 kernel (linux-2.4.26-om1) but I thoght that freeNX was more trouble than it is worth in the end. I also feel uncomfortable about having to use the proprietary NX clients, which are incompatible with FreeNX according to which version of the server you're running. I've gone back to using TightVNC :-) Do you not want the BeWAN PCI ADSL modem that I offered you BTW? Tony. -- Dr. A.J.Travis, | mailto:[EMAIL PROTECTED] Rowett Research Institute, |http://www.rri.sari.ac.uk/~ajt Greenburn Road, Bucksburn, | phone:+44 (0)1224 712751 Aberdeen AB21 9SB, Scotland, UK.| fax:+44 (0)1224 716687 -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] SSH question
Tom Bamford wrote: I don't bother changing the server port for sshd, it's security through obscurity. There's nothing wrong with using obscurity to achieve enhanced defence in depth; running ssh on a non-standard port raises the bar enough to thwart most automated, background noise brute-force attacks. Sure, if somebody is determined to attack you specifically, they'll find the non-standard SSH port eventually, but if you're worried about targeted exploitation attempts on your machines then you'll make sure you're also running firewalls, tcp wrappers and AllowUsers/AllowGroups. there's no way they'll get in unless you have a seriously crap password. That's a great strategy until the next time we see something like these: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0693 and the masses start writing scripts to find boxes running vulnerable SSH daemons. Guess which port they'll try to connect to? Cheers, Steve -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] SSH question
I run all my sshd servers (on the www) on 23432. Easy to remember but not the first place the hackers look. So I think it's definitely worth doing... but if you're on a home network and have a router and need port 22 for your local access why not use the router to transform? Sean -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] SSH question
Sean Miller wrote: I run all my sshd servers (on the www) on 23432. Easy to remember but not the first place the hackers look. So I think it's definitely worth doing... but if you're on a home network and have a router and need port 22 for your local access why not use the router to transform? I run my own SSH servers on the same ports internally and externally means I only need one ~/.ssh/config which keeps everything much more sane. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] SSH question
On 1/12/08, Chris Smith [EMAIL PROTECTED] wrote: I run my own SSH servers on the same ports internally and externally means I only need one ~/.ssh/config which keeps everything much more sane. Yes, but that wasn't the question. He wanted a sshd listening on port 22 for his tomboy or whatever, yet didn't want it exposed to the internet. Sean -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] SSH question
Sean Miller wrote: I run all my sshd servers (on the www) on 23432. Easy to remember but not the first place the hackers look. Hello, Sean. They will now ;-) So I think it's definitely worth doing... but if you're on a home network and have a router and need port 22 for your local access why not use the router to transform? He could run firestarter and configure the kernel's IPTABLES to do the job. No need to do it on an external router. Only allow port 22 in from the network the 'Tomboy' is on (or only the IP of the Tomboy itself). Dave Walker suggested using fail2ban on port 22 when exposed to the internet, and that's good advice. However, fail2ban is intended to protect against 'brute-force' attacks by botnets. It will allow five login attempts (a configurable threshold) before setting the kernel IPTABLES to drop packets from the attacker. By default, the IP will be reinstated after 10mins (configurable). I think he needs to block port 22 permanently, except to permit access from the Tomboy. Trying to protect ports by obfustication is doomed to failure. Some botnets scan all available ports looking for signatures of anything! Tony. -- Dr. A.J.Travis, | mailto:[EMAIL PROTECTED] Rowett Research Institute, |http://www.rri.sari.ac.uk/~ajt Greenburn Road, Bucksburn, | phone:+44 (0)1224 712751 Aberdeen AB21 9SB, Scotland, UK.| fax:+44 (0)1224 716687 -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
[ubuntu-uk] new mail notification in system tray?
Apologies if this request about Thunderbird is a bit off-topic, but it should be brief if anyone has a ready answer. I've been googling around for days and can't find one. I'm running Thunderbird 2.0.0.9 (installed via Ubuntuzilla) on Feisty. Is there add on or applet to provide a persistent indicator in the system tray when there's new mail waiting to be read? This used to be a feature in T/bird 1.5.0.1x and was visible in the system tray even if T/bird was minimised or obscured by another window; but ver 2.x seems only to have a transient pop-up when new mail arrives. So if you're been away from the computer, and want to check if there's any waiting mail, you can't at a glance. Any ideas? TIA Mac -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
[ubuntu-uk] Gutsy gets thumbs up in Micromart
I just read an article in Micro Mart mag by a self-proclaimed linux noob called Jason d'Allison. He set out to install Gutsy after hearing good things about it, and although it took him 3 weeks to secure a machine to install it on, after two weeks he was enjoying the difference and after another two weeks seems to have completely switched from Windows. In his words I can't live without the Gibbon now. More good press for Ubuntu :-) -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] new mail notification in system tray?
Mac wrote: Apologies if this request about Thunderbird is a bit off-topic, but it should be brief if anyone has a ready answer. I've been googling around for days and can't find one. I'm running Thunderbird 2.0.0.9 (installed via Ubuntuzilla) on Feisty. Is there add on or applet to provide a persistent indicator in the system tray when there's new mail waiting to be read? This used to be a feature in T/bird 1.5.0.1x and was visible in the system tray even if T/bird was minimised or obscured by another window; but ver 2.x seems only to have a transient pop-up when new mail arrives. So if you're been away from the computer, and want to check if there's any waiting mail, you can't at a glance. Any ideas? TIA Mac I think mail-notification might be what you're after. It's in the repositories. The only thing to watch out for is the repository version doesn't have ssl support if you need it. Adam. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] Gutsy gets thumbs up in Micromart
The main article on the cover in MM was about Ubuntu when feisty came out... But it never hurts for them to repeat how great it is. (I think most of the writers for it are freelance, so theyre bound to repeat themselves XD) On Jan 12, 2008 11:23 PM, Tom Bamford [EMAIL PROTECTED] wrote: I just read an article in Micro Mart mag by a self-proclaimed linux noob called Jason d'Allison. He set out to install Gutsy after hearing good things about it, and although it took him 3 weeks to secure a machine to install it on, after two weeks he was enjoying the difference and after another two weeks seems to have completely switched from Windows. In his words I can't live without the Gibbon now. More good press for Ubuntu :-) -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/ -- Mr JE Grabham -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] new mail notification in system tray?
Adam Bagnall wrote: Mac wrote: snip Is there add on or applet to provide a persistent indicator in the system tray when there's new mail waiting to be read? I think mail-notification might be what you're after. It's in the repositories. The only thing to watch out for is the repository version doesn't have ssl support if you need it. Adam Yes, m-n looks just the ticket -- I'll give it a go. Thanks very much for quick reply! :-) Mac -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/