Hi List!
Since a few days i experienced strange behaviour of the apache running
on my home-PC (with debian-linux stable/testing, apache 1.3.27).
The connection to the internet is performed via a LAN-ADSL-Modem (768/128).
What i first realized was, that line-performance goes down extremly when
Hi List again!
I just had a quick look into my apache's access-files and they show
_very_ high access to my MP3-Collection which also can be accessed
via the web-server.
The first tcpdump (from the last mail) shows in line 10:
10 fa1-0-0.nylevel3-1.sonyonline.net (63.211.32.70)
could this
hi,
i checked almost all DSA since woody release (DSA 133)
the resume is: on a clean exposed sarge install the vast
majority of DSA is resolved, but you better not run
kde, sendmail, mysql, perl (cgi), php, tomcat or imagemagick.
you'll find below the report listing security alerts affecting
On Tue, Oct 14, 2003 at 10:40:49AM +0200, [EMAIL PROTECTED] wrote:
Hi List again!
I just had a quick look into my apache's access-files and they show
_very_ high access to my MP3-Collection which also can be accessed
via the web-server.
The first tcpdump (from the last mail) shows in line
Hi
I want to allow a lot of users to be able to upload/download fies, with the
following restrictions:
1. encrypted (ssh/ssl)
2. key based authentication, no password!!!
3. preferebly without the option for login (if used with scp, sftp)
4. chroot
The obvious way was using sftp, but woody
I've used scponly and liked it ...
http://www.sublimation.org/scponly/
- Original Message -
From: Haim Ashkenazi [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, October 14, 2003 10:08 AM
Subject: Need advise aobut allowing only sftp on woody
Hi
I want to allow a lot of users
Hi,
1. encrypted (ssh/ssl)
proftpd can do that.
2. key based authentication, no password!!!
that's trickier, there are FTP/TLS servers with that capability,
but I doubt you'll find anything in woody that can do that besides ssh.
3. preferebly without the option for login (if used with
Hi,
I am not if I got your question correct but here how my setup is:
FTP access disabled
Running sshd which only supports certificate based auth
I copied my public certificate in my home dir
Now I can do sftp using certificates. So I don't have to type password
(if my certificate was created
On Fri, Oct 10, 2003 at 01:22:48PM +1300, Steve Wray wrote:
Getting rid of root kits?
[snip]
The answer we came up with was to update boxes by rsync
with --delete
That's fairly useless as a security measure; I would *not* recommend
this. It is not difficult for a script kiddie these days to use
Yogesh Sharma wrote:
Hi,
I am not if I got your question correct but here how my setup is:
FTP access disabled
Running sshd which only supports certificate based auth
I copied my public certificate in my home dir
Now I can do sftp using certificates. So I don't have to type password
thanx, everyone.
I've downloaded and compiled scponly from unstable and it looks very nice.
Bye
--
Haim
Haim Ashkenazi wrote:
Hi
I want to allow a lot of users to be able to upload/download fies, with
the following restrictions:
1. encrypted (ssh/ssl)
2. key based authentication, no
Can't SSH run in chroot ?
Haim Ashkenazi wrote:
this is a good setup, but I want chroot enviroment.
thanx
--
Haim
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Hello,
I have sshd running on a woody box in a chroot environment.
It's not my running for remote access, but for data collection so.
Just got to make sure to keep up with openssh security holes.
I downloaded the sources and compiled it myself.
I have privilege seperation disabled.
On Tue,
Yogesh Sharma wrote:
Can't SSH run in chroot ?
sorry, I made a mistake... I've meant that it allows shell login while I
wanted to disable it.
Bye
--
Haim
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Mark Devin wrote:
Mark Devin wrote:
Mark Devin wrote:
I have been running a custom compiled 2.4.21 kernel using the kernel
source package from Adrian Bunk's site on Woody. I had an ipsec link
setup and it was working well using the Kame implementation which
debian has backported into the
Hi Mark and others,
Mark Devin crivait :
Just replying to myself again for the benefit of any list readers having
similar problems.
And I did follow it with interest... ;-)
Also make sure that ipsec-tools package is compiled against the 2.4.22
kernel headers. This can be done by
Hi List!
Since a few days i experienced strange behaviour of the apache running
on my home-PC (with debian-linux stable/testing, apache 1.3.27).
The connection to the internet is performed via a LAN-ADSL-Modem (768/128).
What i first realized was, that line-performance goes down extremly when
Hi List again!
I just had a quick look into my apache's access-files and they show
_very_ high access to my MP3-Collection which also can be accessed
via the web-server.
The first tcpdump (from the last mail) shows in line 10:
10 fa1-0-0.nylevel3-1.sonyonline.net (63.211.32.70)
could this
hi,
i checked almost all DSA since woody release (DSA 133)
the resume is: on a clean exposed sarge install the vast
majority of DSA is resolved, but you better not run
kde, sendmail, mysql, perl (cgi), php, tomcat or imagemagick.
you'll find below the report listing security alerts affecting
On Tue, Oct 14, 2003 at 10:40:49AM +0200, [EMAIL PROTECTED] wrote:
Hi List again!
I just had a quick look into my apache's access-files and they show
_very_ high access to my MP3-Collection which also can be accessed
via the web-server.
The first tcpdump (from the last mail) shows in line
Hi
I want to allow a lot of users to be able to upload/download fies, with the
following restrictions:
1. encrypted (ssh/ssl)
2. key based authentication, no password!!!
3. preferebly without the option for login (if used with scp, sftp)
4. chroot
The obvious way was using sftp, but woody
I've used scponly and liked it ...
http://www.sublimation.org/scponly/
- Original Message -
From: Haim Ashkenazi [EMAIL PROTECTED]
To: debian-security@lists.debian.org
Sent: Tuesday, October 14, 2003 10:08 AM
Subject: Need advise aobut allowing only sftp on woody
Hi
I want to allow
Hi,
1. encrypted (ssh/ssl)
proftpd can do that.
2. key based authentication, no password!!!
that's trickier, there are FTP/TLS servers with that capability,
but I doubt you'll find anything in woody that can do that besides ssh.
3. preferebly without the option for login (if used with
Hi,
I am not if I got your question correct but here how my setup is:
FTP access disabled
Running sshd which only supports certificate based auth
I copied my public certificate in my home dir
Now I can do sftp using certificates. So I don't have to type password
(if my certificate was created
On Fri, Oct 10, 2003 at 01:22:48PM +1300, Steve Wray wrote:
Getting rid of root kits?
[snip]
The answer we came up with was to update boxes by rsync
with --delete
That's fairly useless as a security measure; I would *not* recommend
this. It is not difficult for a script kiddie these days to
Yogesh Sharma wrote:
Hi,
I am not if I got your question correct but here how my setup is:
FTP access disabled
Running sshd which only supports certificate based auth
I copied my public certificate in my home dir
Now I can do sftp using certificates. So I don't have to type password
thanx, everyone.
I've downloaded and compiled scponly from unstable and it looks very nice.
Bye
--
Haim
Haim Ashkenazi wrote:
Hi
I want to allow a lot of users to be able to upload/download fies, with
the following restrictions:
1. encrypted (ssh/ssl)
2. key based authentication, no
Can't SSH run in chroot ?
Haim Ashkenazi wrote:
this is a good setup, but I want chroot enviroment.
thanx
--
Haim
On Tue, Oct 14, 2003 at 11:31:10AM -0700, Yogesh Sharma wrote:
Can't SSH run in chroot ?
not easily with priviliege separation turned on?
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
Hello,
I have sshd running on a woody box in a chroot environment.
It's not my running for remote access, but for data collection so.
Just got to make sure to keep up with openssh security holes.
I downloaded the sources and compiled it myself.
I have privilege seperation disabled.
On Tue,
Yogesh Sharma wrote:
Can't SSH run in chroot ?
sorry, I made a mistake... I've meant that it allows shell login while I
wanted to disable it.
Bye
--
Haim
Mark Devin wrote:
Mark Devin wrote:
Mark Devin wrote:
I have been running a custom compiled 2.4.21 kernel using the kernel
source package from Adrian Bunk's site on Woody. I had an ipsec link
setup and it was working well using the Kame implementation which
debian has backported into the
Hi Mark and others,
Mark Devin écrivait :
Just replying to myself again for the benefit of any list readers having
similar problems.
And I did follow it with interest... ;-)
Also make sure that ipsec-tools package is compiled against the 2.4.22
kernel headers. This can be done by
33 matches
Mail list logo
