Re: ssh regenerated moduli file much smaller than the one provided by Debian

Just for complement, compare these ssh security tips: Secure Secure Shell https://stribika.github.io/2015/01/04/secure-secure-shell.html Regards, jvp.

Re: ssh regenerated moduli file much smaller than the one provided by Debian

Hi. On Sun, 21 Feb 2016 02:29:01 +0100 arian wrote: > > Because you can install ssh client without a server, but a > > ssh server without a client on the same host is not of much use to > > anyone. > > Is that so? I have a couple of hosts where I cannot remember

Re: ssh regenerated moduli file much smaller than the one provided by Debian

On 20.02.2016 20:23, Reco wrote: > The way I see it, ssh-keygen merely generates *possible* prime numbers, > as correct checking for primeness (sp?) would require very long and > very CPU intensive checking - basically you'd have to divide generated > number by each and any number less than

Re: ssh regenerated moduli file much smaller than the one provided by Debian

On Sat, Feb 20, 2016 at 10:23:26PM +0300, Reco wrote: > Hi. > > On Sat, 20 Feb 2016 19:50:54 +0100 > Daniel wrote: > > > I have followed the instructions under "MODULI GENERATION" in the > > "ssh-keygen" man page. > > The resulting "moduli-2048" file is considerably

Re: ssh regenerated moduli file much smaller than the one provided by Debian

Hi. On Sat, 20 Feb 2016 19:50:54 +0100 Daniel wrote: > I have followed the instructions under "MODULI GENERATION" in the > "ssh-keygen" man page. > The resulting "moduli-2048" file is considerably smaller than the one > provided with the > "openssh-client" package. I

Re: SSH issue?

Hi, You should enable kernel dump logs. auth log is worst place for searching the cause of crashing. 2016-02-18 23:13 GMT+02:00 Chris : > Dear All, > > after the following entry > > Feb 18 17:48:05 jupiter sshd[30204]: pam_unix(sshd:auth): authentication > failure;

Re: SSH issue?

On Thu, Feb 18, 2016 at 10:13:48PM +0100, Chris wrote: > Dear All, > > after the following entry > > Feb 18 17:48:05 jupiter sshd[30204]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.88.177.93 > user=root >

Re: SSH issue?

On Thu, 18 Feb 2016, Chris wrote: > after the following entry > > Feb 18 17:48:05 jupiter sshd[30204]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.88.177.93 > user=root >

Re: ssh Problem using it for SFTP

Daniel, On Sat, 16 Jan 2016 14:50:20 -0300, you wrote: >I'm sorry. I Had forgotten of the detail of the accessibility :( No worries. Things are in a sorry state at the moment because of other things I did without realizing I did them, but I've already told my usership that Voyager will have to

Re: ssh Problem using it for SFTP

Hi, Steve. On 14/01/16 13:10, Steve Matzura wrote: > Failing connection: > (...) > no matching cipher found: client > aes192-cbc,3des-cbc,blowfish-cbc,aes128-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-...@lysator.liu.se,des-cbc,des-...@ssh.com > server >

Re: ssh Problem using it for SFTP

It helps to explain things, Daniel, but truly, the client in question is horrendously out of date and deprecated for all secure intents and purposes, I'm quite happy to retire it from active support on my server. On Sat, 16 Jan 2016 15:19:33 -0300, you wrote: >Hi, Steve. > >On 14/01/16 13:10,

Re: ssh Problem using it for SFTP

Hi, Steve. On 14/01/16 13:01, Steve Matzura wrote: >> I do not know that client, but if your users are using Firefox, maybe >> you could use FireFTP [1]. I never had problems with it, and we could >> also say that while users use Firefox, you could run it on different >> operating systems. > It

Re: ssh Problem using it for SFTP

I decided to put the two logs from `sshd -d' side-by-side to try to figure out where the differences are. Both logs have the following lines immediately after the connection request: debug1: Client protocol version 2.0; client software version FTP-Voyager-15.2.0.15 debug1: no match:

Re: ssh Problem using it for SFTP

One more piece of the puzzle. The working system is Red Hat Fedora 20, the non-working one is Debian 8.2.

Re: ssh Problem using it for SFTP

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Jan 13, 2016 at 07:13:57PM -0500, Steve Matzura wrote: > I hope this isn't off-topic by too much. If it is, a word to me > privately and I'll wait for responses to queries I've made elsewhere. > > I maintain two FTP servers and support four

Re: ssh Problem using it for SFTP

Tomas, On Wed, Jan 13, 2016 at 07:13:57PM -0500, Steve Matzura wrote: >> I hope this isn't off-topic by too much. If it is, a word to me >> privately and I'll wait for responses to queries I've made elsewhere. >I'm not as much of an SSH guru to "get" what's going on by just reading >configs, but

Re: ssh Problem using it for SFTP

On 01/14/2016 12:32 PM, Steve Matzura wrote: > debug1: sshd version OpenSSH_6.7, OpenSSL 1.0.1k 8 Jan 2015 >... > debug1: Client protocol version 2.0; client software version > FTP-Voyager-15.2.0.15 > debug1: no match: FTP-Voyager-15.2.0.15 > debug1: Enabling compatibility mode for protocol 2.0 >

Re: ssh Problem using it for SFTP

Hi, Steve. On 14/01/16 08:45, Steve Matzura wrote: > This is clearly the problem area. I tried some ssh option settings in > Voyager with no success. Should this client be retired? It's not > *that* old. I do not know that client, but if your users are using Firefox, maybe you could use FireFTP

Re: ssh Problem using it for SFTP

Tomas, On Thu, 14 Jan 2016 05:32:04 -0500, I wrote: >debug1: Enabling compatibility mode for protocol 2.0 >debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5 >debug1: permanently_set_uid: 107/65534 [preauth] >debug1: list_hostkey_types: >ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519

Re: ssh Problem using it for SFTP

Lars, On Thu, 14 Jan 2016 12:45:09 +0200, you wrote: >Can you update the client to one that uses the safer ciphers and avoids >the deprecated ones? You and I came to the same conclusion with the same lines of log as evidence at about the same time. Amazing. Many of my users use Voyager version

Re: ssh Problem using it for SFTP

More info. I used getenforce' and found SELinux is installed but disabled on the system where FTP Voyager can connect using SFTP over ssh, and not installed at all on the system where FTP Voyager cannot connect. In fact, using either the `getenforce' or `'sestatus' on the no-connect system yields

Re: ssh Problem using it for SFTP

Daniel, On Thu, 14 Jan 2016 09:05:36 -0300, you wrote: >Hi, Steve. > >On 14/01/16 08:45, Steve Matzura wrote: > >> This is clearly the problem area. I tried some ssh option settings in >> Voyager with no success. Should this client be retired? It's not >> *that* old. > >I do not know that

Re: ssh Problem using it for SFTP

The problem is that the older client doesn't support ciphers newer than CBC and arcfour (both depreciated on the newer server versions of OpenSSH). Lookup how to re-enable these suites using the Cipher directive.

Re: ssh maimed on testing update

Is it possible that you are using a dsa key? ;-) Use ssh with -v and take a look to the Output. Yes, that was the problem. I switched to rsa, which doesn't seem to me like it reduces paranoia, but I deal with systems that apparently don't understand ed25519.

Re: ssh maimed on testing update

I had the same problem a few weeks ago. "OpenSSH 7.0 disables ssh-dss keys by default" =) Is it possible that you are using a dsa key? ;-) Use ssh with -v and take a look to the Output. Am 5. Januar 2016 17:49:54 MEZ, schrieb rvclay...@acm.org: >I'm running > > $ lsb_release -a > No LSB

Re: ssh maimed on testing update

On Tue, Jan 05, 2016 at 11:49:54AM -0500, rvclay...@acm.org wrote: I'm running $ lsb_release -a No LSB modules are available. Distributor ID: Debian Description:Debian GNU/Linux testing-updates (sid) Release:testing-updates Codename: sid $ uname -a Linux BanjaLuka

Re: ssh disconnects immediately after successful login

Kent West a écrit : > > One thing I did notice in the auth logs is that the connection port > seems to change every connection attempt; is that normal? Yes. The client source port used by a typical TCP connection is ephemeral.

Re: ssh disconnects immediately after successful login

On 12/16/2015 05:29 AM, Kent West wrote: If I try to connect to my Debian box at work, using either my Mac's OS X or my Mac's Debian VM, I can connect successfully, but then immediately the connection is closed: Kents-MacBook-Pro:~ westk$ ssh -Y we...@westek.acu.edu we...@westek.acu.edu's

Re: ssh disconnects immediately after successful login

On 12/16/2015 06:54 PM, Kent West wrote: westk@westek:~$ cat /etc/debian_version stretch/sid So, Debian Testing (Stretch). You have a newer version of openssh-server (1:6.9p1-3) than I do (1:6.7p1-5). Check your 'man sshd_config' carefully. Kents-MacBook-Pro:~ westk$ ssh -vvv

Re: ssh disconnects immediately after successful login

On 12/16/15 8:19 PM, David Christensen wrote: On 12/16/2015 05:29 AM, Kent West wrote: If I try to connect to my Debian box at work, using either my Mac's OS X or my Mac's Debian VM, I can connect successfully, but then immediately the connection is closed: Kents-MacBook-Pro:~ westk$ ssh -Y

Re: ssh

On Sun, 25 Oct 2015 23:41:17 -0200 Manoel Pedro de Araújo wrote: > Nao consigo fazer um acesso remoto via ssh > > quando eu digito ssh -l username ip > > resulta a saida > > The authenticity of host 'debian (127.0.1.1)' can't be established. > ECDSA key fingerprint is >

Re: ssh

Manoel, A política padrão do Debian 8 (Jessie) é não permitir acesso root por ssh, como era permitido até o Debian 7. Terás que logar primeiro com um usuário normal e depois tornar-se root. Atte, Em 26 de outubro de 2015 08:13, G.Paulo escreveu: > On Sun, 25 Oct 2015

Re: ssh från dator A till dator C via dator B

On 26 May 2015 18:24 +0200, from andr...@arrakis.se (Andreas Olsson): 2) ssh socks proxy ssh -f -D 8080 -N DatorB curl --proxy socks5h://localhost:8080 http://DatorC/ Fördelen med den senare är att de flesta webbläsare kan övertalas att prata SOCKS 5 utan alltför stora krumbukter. I

Re: ssh från dator A till dator C via dator B

tis 2015-05-26 klockan 18:08 +0200 skrev j...@lillahusetiskogen.se: Alltså http från dator A till dator C via dator B och ssh mellan A och B. 1) Vanlig ssh-tunnel ssh -f -L 8080:DatorC:80 -N DatorB curl --header Host: DatorC http://localhost:8080/ 2) ssh socks proxy ssh -f -D 8080 -N

Re: ssh tunnels or openvpn/IPsec?

Thanks to everybody who contributed to this thread. It is valuable. Regards. Johann

Re: ssh tunnels or openvpn/IPsec?

Normally for ssh tunnels I use -D which creates a local socks tunnel listener (i.e -D1080) and means you can do away with manual port forwards, you can then use a sockswrapper (tsocks/dsocks) pointing at localhost to transparently proxify most applications. Note that for UDP based things neither

Re: ssh tunnels or openvpn/IPsec?

On Sat, 9 May 2015 18:49:27 -0600 Bob Proulx b...@proulx.com wrote: Petter Adsen wrote: Now the question becomes; AFAIK, I could do this with ssh tunnels and forward the ports on my router/firewall, or I could use something like openvpn or IPsec (strongswan). Yes. Exactly. Also

Re: ssh tunnels or openvpn/IPsec?

Bob Proulx a écrit : Both ssh and stunnel use TCP which means that in terms of ultimate performance and ultimate efficiency you are ending up with TCP over TCP and that isn't perfect. SSH local or remote port forwarding (-L/-R) does stream forwarding ; it is not a layer-3 tunnel (-w), so

RE: ssh tunnels or openvpn/IPsec?

Hello Peter Petter Adsen wrote: Now the question becomes; AFAIK, I could do this with ssh tunnels and forward the ports on my router/firewall, or I could use something like openvpn or IPsec (strongswan). Yes. Exactly. Also 'stunnel4' is useful too. Thanks, I didn't know about

Re: ssh tunnels or openvpn/IPsec?

Also consider tincd On 10 May 2015 at 04:51, Bonno Bloksma b.blok...@tio.nl wrote: Hello Peter Petter Adsen wrote: Now the question becomes; AFAIK, I could do this with ssh tunnels and forward the ports on my router/firewall, or I could use something like openvpn or IPsec

Re: ssh tunnels or openvpn/IPsec?

Petter Adsen wrote: Now the question becomes; AFAIK, I could do this with ssh tunnels and forward the ports on my router/firewall, or I could use something like openvpn or IPsec (strongswan). Yes. Exactly. Also 'stunnel4' is useful too. I would avoid IPsec. Last I looked there were more

Re: ssh hangs for 5 seconds for a particular machine

Vincent Lefevre vinc...@vinc17.net wrote: When connecting by SSH to a particular machine, ssh hangs for 5 seconds. The client machine doesn't matter (except for the machine itself). 5 seconds smells like some DNS problem. Grüße, Sven. -- Sigmentation fault. Core dumped. -- To

Re: ssh hangs for 5 seconds for a particular machine

On 2015-04-08 19:21:12 +0200, Sven Hartge wrote: Vincent Lefevre vinc...@vinc17.net wrote: When connecting by SSH to a particular machine, ssh hangs for 5 seconds. The client machine doesn't matter (except for the machine itself). 5 seconds smells like some DNS problem. Yes, but the

Re: ssh hangs for 5 seconds for a particular machine

On 8 April 2015 at 13:41, Vincent Lefevre vinc...@vinc17.net wrote: # /usr/sbin/sshd -D -ddd -p 80 -f /etc/ssh/sshd_config 2(ts -s %.s) [...] 3.315346 debug3: Trying to reverse map address 140.77.51.8. So sshd is doing the reverse lookup and fails ypig:~ nslookup 140.77.51.8 ;; Got SERVFAIL

Re: ssh hangs for 5 seconds for a particular machine

On 2015-04-08 13:46:06 -0400, Michael Graham wrote: On 8 April 2015 at 13:41, Vincent Lefevre vinc...@vinc17.net wrote: # /usr/sbin/sshd -D -ddd -p 80 -f /etc/ssh/sshd_config 2(ts -s %.s) [...] 3.315346 debug3: Trying to reverse map address 140.77.51.8. So sshd is doing the reverse

Re: ssh hangs for 5 seconds for a particular machine

On 09/04/2015 3:11 AM, Vincent Lefevre vinc...@vinc17.net wrote: When connecting by SSH to a particular machine, ssh hangs for 5 seconds. The client machine doesn't matter (except for the machine itself). For instance: xvii:~ ssh -vvv 2(ts -s %.s) ypig [...] 0.278462 debug2: key:

Re: ssh hangs for 5 seconds for a particular machine

On 2015-04-09 00:09:08 +0200, Vincent Lefevre wrote: According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414569 avahi-daemon: delay on resolving IP addresses when mdns is specified in /etc/nsswitch.conf the 5-second delay shouldn't occur, as this bug was fixed with the

Re: ssh hangs for 5 seconds for a particular machine

On 09/04/2015 9:38 AM, Igor Cicimov icici...@gmail.com wrote: On 09/04/2015 3:11 AM, Vincent Lefevre vinc...@vinc17.net wrote: When connecting by SSH to a particular machine, ssh hangs for 5 seconds. The client machine doesn't matter (except for the machine itself). For instance:

Re: ssh hangs for 5 seconds for a particular machine

On 2015-04-08 14:27:38 -0600, Bob Proulx wrote: Vincent Lefevre wrote: Yes, but with nslookup, the failure is *immediate*. So, this doesn't explain the 5-second delay. What is the configuration of /etc/resolv.conf? /etc/nsswitch.conf? cat /etc/resolv.conf domain lip.ens-lyon.fr.

Re: ssh hangs for 5 seconds for a particular machine

On 2015-04-08 16:45:16 -0600, Bob Proulx wrote: I see mdns there and immediately have an immune reaction due to many problems with it before. As you have already determined it is the source of your current 5 second timeout. I recommend purging libnss-mdns from your system. That will solve

Re: ssh hangs for 5 seconds for a particular machine

Vincent Lefevre wrote: Vincent Lefevre wrote: Bob Proulx wrote: nameserver 140.77.1.32 nameserver 140.77.167.2 That is a second potential source of timeout. man resolv.conf nameserver Name server IP address Internet address of a name server that the resolver

Re: ssh hangs for 5 seconds for a particular machine

On 2015-04-08 23:57:53 +0200, Vincent Lefevre wrote: On 2015-04-08 14:27:38 -0600, Bob Proulx wrote: grep ^hosts /etc/nsswitch.conf hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 [...] [...] 23:54:03 mprotect(0x7f5b92ff3000, 4096, PROT_READ) = 0 23:54:03

Re: ssh hangs for 5 seconds for a particular machine

Vincent Lefevre wrote: Michael Graham wrote: Vincent Lefevre vinc...@vinc17.net wrote: # /usr/sbin/sshd -D -ddd -p 80 -f /etc/ssh/sshd_config 2(ts -s %.s) [...] (I use port 80 since port 22 is already taken by the normal sshd and the gateway to the machine seems to filter arbitrary

Re: (ssh) Connection closed by

Could be your ssh client proposing ciphers the SSH server doesn't understand. This was known issue with communication of ssh client 5+ to ssh server 4.x and older. Give it a try and let us know. http://www.held.org.il/blog/2011/05/the-myterious-case-of-broken-ssh-client-connection-reset-by-peer/

Re: SSH et stunnel

On Thursday 12 March 2015 18:18:06 David BERCOT wrote: Bon, apparemment, c'est un bug de stunnel : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771241 J'ai compilé la dernière version sur mon client : https://www.stunnel.org/downloads.html Je teste demain pour valider... Voilà, si ça

Re: SSH et stunnel

Bon, apparemment, c'est un bug de stunnel : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771241 J'ai compilé la dernière version sur mon client : https://www.stunnel.org/downloads.html Je teste demain pour valider... Voilà, si ça peut aider quelqu'un qui rencontre le même problème...

Re: ssh sur port 22

-- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive:

Re: ssh de solaris a debian (solucionado)

El jue, 27-11-2014 a las 10:04 -0300, Ricardo Eureka! escribió: Como te fue con esto? Lo solucionaste? Como? perdón por la demora, me colgué un poquito :D Entonces, siguiendo la sugerencia de eduardo[1], agregué a los algoritmos permitidos en mi ssh de debian uno que entienda solaris.

Re: ssh de solaris a debian

Como te fue con esto? Lo solucionaste? Como? 2014-11-17 17:04 GMT-03:00 Gonzalo Rivero fishfromsa...@gmail.com: El lun, 17-11-2014 a las 16:43 -0300, Ricardo Eureka! escribió: Gonzalo Limpio un poco e intercalo mis respuestas: El 17 de noviembre de 2014, 13:37, Gonzalo Rivero

Re: ssh de solaris a debian

El 17/11/14 a las #4, Gonzalo Rivero escribió: Buenas, me pasa algo raro, tengo esta instalación de OpenIndiana (que deriva de opensolaris) e intenté entrar a mi computadora (debian testing, y, como todos los lunes (me da flojera actualizar mas seguido), recién actualizada) # ssh

Re: ssh de solaris a debian

Manda la salida de # ssh -vv 172.16.250.250 El 17 de noviembre de 2014, 9:53, Gonzalo Rivero fishfromsa...@gmail.com escribió: Buenas, me pasa algo raro, tengo esta instalación de OpenIndiana (que deriva de opensolaris) e intenté entrar a mi computadora (debian testing, y, como todos los

Re: ssh de solaris a debian

El Mon, 17 Nov 2014 09:53:06 -0300, Gonzalo Rivero escribió: Buenas, Ese html... me pasa algo raro, tengo esta instalación de OpenIndiana (que deriva de opensolaris) e intenté entrar a mi computadora (debian testing, y, como todos los lunes (me da flojera actualizar mas seguido), recién

Re: ssh de solaris a debian

El lun, 17-11-2014 a las 09:55 -0300, Ricardo Eureka! escribió: Manda la salida de # ssh -vv 172.16.250.250 solaris a debian (el sentido en que no anda) # ssh -vv grivero@172.16.250.250 Sun_SSH_1.5, SSH protocols 1.5/2.0, OpenSSL 0x0090818f debug1: Reading configuration data /etc/ssh/ssh_config

Re: ssh de solaris a debian

Agrego: Revisa los logs de ssh tanto en el Debian como en el Solaris, a ver que pistas o errores te da. 2014-11-17 16:43 GMT-03:00 Ricardo Eureka! ricardoeur...@gmail.com: Gonzalo Limpio un poco e intercalo mis respuestas: El 17 de noviembre de 2014, 13:37, Gonzalo Rivero

Re: ssh de solaris a debian

Gonzalo Limpio un poco e intercalo mis respuestas: El 17 de noviembre de 2014, 13:37, Gonzalo Rivero fishfromsa...@gmail.com escribió: El lun, 17-11-2014 a las 09:55 -0300, Ricardo Eureka! escribió: Manda la salida de # ssh -vv 172.16.250.250 solaris a debian (el sentido en que no anda)

Re: ssh de solaris a debian

El lun, 17-11-2014 a las 16:43 -0300, Ricardo Eureka! escribió: Gonzalo Limpio un poco e intercalo mis respuestas: El 17 de noviembre de 2014, 13:37, Gonzalo Rivero fishfromsa...@gmail.com escribió: El lun, 17-11-2014 a las 09:55 -0300, Ricardo Eureka! escribió:

Re: ssh login problem from one particular client

On Thu, Jan 30, 2014 at 12:27:30PM -0200, André Nunes Batista wrote: On Wed, 2014-01-29 at 13:47 -0600, Craig L. wrote: On Thu, Jan 23, 2014 at 02:07:08PM -0600, Craig L. wrote: This appears to be a problem with an ASA firewall appliance and is being looked at by our network team and the

Re: ssh host ip/id management for dynamic dns servers [OT?]

On Tue 11 Feb 2014 at 06:52:10 -0700, Paul E Condon wrote: I'm puzzled about the apparent 'security theater' on this topic. Known host checking is done, I think, to defend against 'man in the middle', so when the known host key changes because of some event down in the bowels of dynamic dns,

Re: ssh host ip/id management for dynamic dns servers

On Tue 11 Feb 2014 at 15:22:26 +0200, Lars Noodén wrote: ssh-keygen -r checks the SSHFP record in DNS. Use grep or something to check known_hosts. For me, ssh-keygen -R does not remove all the dynamically generated host keys, however. I've not yet identified what confounds ssh-keygen. The

Re: ssh host ip/id management for dynamic dns servers

On 02/12/2014 02:59 PM, Brian wrote: On Tue 11 Feb 2014 at 15:22:26 +0200, Lars Noodén wrote: ssh-keygen -r checks the SSHFP record in DNS. Use grep or something to check known_hosts. For me, ssh-keygen -R does not remove all the dynamically generated host keys, however. I've not yet

Re: ssh host ip/id management for dynamic dns servers

On 20140212_152909, Lars Noodén wrote: On 02/12/2014 02:59 PM, Brian wrote: On Tue 11 Feb 2014 at 15:22:26 +0200, Lars Noodén wrote: ssh-keygen -r checks the SSHFP record in DNS. Use grep or something to check known_hosts. For me, ssh-keygen -R does not remove all the dynamically

Re: ssh host ip/id management for dynamic dns servers

On 02/12/2014 07:34 PM, Paul E Condon wrote: ... Question: Suppose I encounter this situation of the 'known host' having moved to a different IP address (or a different URL?), is there a way to discover whether the change is due to a proper functioning DynDNS, or to a somewhat unstealthy

Re: ssh host ip/id management for dynamic dns servers

On Wed 12 Feb 2014 at 10:34:33 -0700, Paul E Condon wrote: Question: Suppose I encounter this situation of the 'known host' having moved to a different IP address (or a different URL?), is there a way to discover whether the change is due to a proper functioning DynDNS, or to a somewhat

Re: ssh host ip/id management for dynamic dns servers

On 20140212_200320, Lars Noodén wrote: On 02/12/2014 07:34 PM, Paul E Condon wrote: ... Question: Suppose I encounter this situation of the 'known host' having moved to a different IP address (or a different URL?), is there a way to discover whether the change is due to a proper

Re: ssh host ip/id management for dynamic dns servers

On 12/02/2014 13:30, Paul E Condon wrote: On 20140212_200320, Lars Noodén wrote: On 02/12/2014 07:34 PM, Paul E Condon wrote: ... Question: Suppose I encounter this situation of the 'known host' having moved to a different IP address (or a different URL?), is there a way to discover whether

Re: ssh host ip/id management for dynamic dns servers

On 13/02/14 07:07, Dan Purgert wrote: On 12/02/2014 13:30, Paul E Condon wrote: On 20140212_200320, Lars Noodén wrote: On 02/12/2014 07:34 PM, Paul E Condon wrote: ... Question: Suppose I encounter this situation of the 'known host' having moved to a different IP address (or a different

Re: ssh host ip/id management for dynamic dns servers

On Tue 11 Feb 2014 at 10:10:37 +1100, Zenaan Harkness wrote: I'm wondering: 1) how to easily clean known_hosts ssh-keygen with the -R option. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: ssh host ip/id management for dynamic dns servers

Hi On Tue, Feb 11, 2014 at 09:53:32AM +1100, Zenaan Harkness wrote: With a dyndns type server, each time a new ip address happens, ssh login adds a new entry to .known_hosts Is there a recommended way to handle this? Turn off CheckHostIP ? For the uninitiated, in your ~/.ssh/config file:

Re: ssh host ip/id management for dynamic dns servers

On 2/11/14, Brian a...@cityscape.co.uk wrote: On Tue 11 Feb 2014 at 10:10:37 +1100, Zenaan Harkness wrote: I'm wondering: 1) how to easily clean known_hosts ssh-keygen with the -R option. Sounds great! (also, the CheckHostIP = no option looks very useful in this regard, thanks Karl) However

Re: ssh host ip/id management for dynamic dns servers

On 02/11/2014 02:56 PM, Zenaan Harkness wrote: On 2/11/14, Brian a...@cityscape.co.uk wrote: On Tue 11 Feb 2014 at 10:10:37 +1100, Zenaan Harkness wrote: I'm wondering: 1) how to easily clean known_hosts ssh-keygen with the -R option. Sounds great! (also, the CheckHostIP = no option looks

Re: ssh host ip/id management for dynamic dns servers [OT?]

I'm puzzled about the apparent 'security theater' on this topic. Known host checking is done, I think, to defend against 'man in the middle', so when the known host key changes because of some event down in the bowels of dynamic dns, does one have any possibility of determining that it is truly

Re: ssh host ip/id management for dynamic dns servers [OT?]

Paul E Condon: I'm puzzled about the apparent 'security theater' on this topic. Known host checking is done, I think, to defend against 'man in the middle', Exactly. so when the known host key changes because of some event down in the bowels of dynamic dns, does one have any possibility of

Re: ssh host ip/id management for dynamic dns servers [OT?]

On 02/11/2014 03:52 PM, Paul E Condon wrote: ... Known host checking is done, I think, to defend against 'man in the middle', so when the known host key changes because of some event down in the bowels of dynamic dns, does one have any possibility of determining that it is truly *not* a

Re: ssh host ip/id management for dynamic dns servers

On Tue, Feb 11, 2014 at 11:56:41PM +1100, Zenaan Harkness wrote: On 2/11/14, Brian a...@cityscape.co.uk wrote: On Tue 11 Feb 2014 at 10:10:37 +1100, Zenaan Harkness wrote: I'm wondering: 1) how to easily clean known_hosts ssh-keygen with the -R option. $ HOST=raptor $ ssh-keygen -r

Re: ssh host ip/id management for dynamic dns servers

On Feb 10, 2014 2:53 PM, Zenaan Harkness z...@freedbms.net wrote: With a dyndns type server, each time a new ip address happens, ssh login adds a new entry to .known_hosts Is there a recommended way to handle this? On 2/11/14, Schlacta, Christ aarc...@aarcane.org wrote: Configure static

Re: ssh host ip/id management for dynamic dns servers

On 02/11/2014 01:10 AM, Zenaan Harkness wrote: On Feb 10, 2014 2:53 PM, Zenaan Harkness z...@freedbms.net wrote: With a dyndns type server, each time a new ip address happens, ssh login adds a new entry to .known_hosts Is there a recommended way to handle this? On 2/11/14, Schlacta, Christ

Re: ssh dudas

resuelto screen es un estupenda opción!! gracias! Edward Villarroel: @Agentedd El día 8 de febrero de 2014, 12:33, Camaleón noela...@gmail.com escribió: El Sat, 08 Feb 2014 12:26:21 -0430, Edward Villarroel (EDD) escribió: El día 8 de febrero de 2014, 10:31, Camaleón noela...@gmail.com

Re: ssh dudas

El Sun, 09 Feb 2014 05:39:16 -0430, Edward Villarroel (EDD) escribió: El día 8 de febrero de 2014, 12:33, Camaleón noela...@gmail.com escribió: (...) Estaba pensando que además de la multiplexación y dependiendo de la herramienta que uses para hacer la copia de seguridad (p. ej., tar) si

Re: ssh dudas

Por nada Edward Villarroel Que tengas un exclente dia. La esperanza es lo que ilumina el camino hacia tus metas, porque lo difícil se consigue y lo imposible se intenta. El 9 de febrero de 2014, 8:09, Camaleón noela...@gmail.com escribió: El Sun, 09 Feb 2014 05:39:16 -0430, Edward Villarroel

Re: ssh dudas

El Sun, 09 Feb 2014 09:13:50 -0600, Raúl Israel Mora Rojas escribió: (...) Por nada Edward Villarroel Que tengas un exclente dia. La esperanza es lo que ilumina el camino hacia tus metas, porque lo difícil se consigue y lo imposible se intenta. Creo que te has equivocado de remitente ;-)

Re: ssh dudas

El Fri, 07 Feb 2014 19:26:54 -0430, Edward Villarroel (EDD) escribió: buenas noche lista disculpen mi ignorancia saben si me conecto como root aun servidor de linux ejecuto una tarea q tarda como 30 min puedo revisar como va desde otro terminal y ver lo mismo q esta viendo mi primera sesion

Re: ssh dudas

camaleon no c muy bien que aplicacion es pero ella va imprimiendo el progreso en la pantalla! hay alguna forma de decirle al terminal q me imprima la salida del progreso en un archivo de texto plano? Edward Villarroel: @Agentedd El día 8 de febrero de 2014, 10:31, Camaleón noela...@gmail.com

Re: ssh dudas

El Sat, 08 Feb 2014 12:26:21 -0430, Edward Villarroel (EDD) escribió: El día 8 de febrero de 2014, 10:31, Camaleón noela...@gmail.com escribió: (...) tengo un servidor A un terminal B Desde Un terminal C puedo ver lo que esta haciendo B O pasar la sesion de B a C porque B debe reiniciar y

Re: ssh dudas

2014-02-07 Edward Villarroel (EDD) edward.villarr...@gmail.com: buenas noche lista disculpen mi ignorancia saben si me conecto como root aun servidor de linux ejecuto una tarea q tarda como 30 min puedo revisar como va desde otro terminal y ver lo mismo q esta viendo mi primera sesion

Re: ssh dudas

El 2014-02-08 00:56, Edward Villarroel (EDD) escribió: buenas noche lista disculpen mi ignorancia saben si me conecto como root aun servidor de linux ejecuto una tarea q tarda como 30 min puedo revisar como va desde otro terminal y ver lo mismo q esta viendo mi primera sesion abierta?? tengo

Re: ssh login problem from one particular client

Craig L. cr...@gtek.biz wrote: When I tried to reconnect, it took almost 60 seconds for the password prompt to show up. It's probably trying to lookup rDNS for your IP address. Reverse lookups are controlled by a parameter in the sshd_config file. Chris -- To UNSUBSCRIBE, email to

Re: ssh login problem from one particular client

On Wed, 2014-01-29 at 13:47 -0600, Craig L. wrote: On Thu, Jan 23, 2014 at 02:07:08PM -0600, Craig L. wrote: I have a couple of VMs running on a remote server: one with an older version of Ubuntu, and one running wheezy. I have an ssh tunnel with X forwarding set up so that I can

Re: ssh login problem from one particular client

On Thu, Jan 23, 2014 at 02:07:08PM -0600, Craig L. wrote: I have a couple of VMs running on a remote server: one with an older version of Ubuntu, and one running wheezy. I have an ssh tunnel with X forwarding set up so that I can access the machines from my system as localhost (ssh -p 48828

Re: ssh login problem from one particular client

On Thu, Jan 23, 2014 at 09:20:09PM -0200, André Nunes Batista wrote: On Thu, 2014-01-23 at 14:07 -0600, Craig L. wrote: When I tried to reconnect, it took almost 60 seconds for the password prompt to show up. Ever since then this problem occurs from my machine to either of the VMs.

Re: ssh login problem from one particular client

On Thu, 2014-01-23 at 14:07 -0600, Craig L. wrote: I have a couple of VMs running on a remote server: one with an older version of Ubuntu, and one running wheezy. I have an ssh tunnel with X forwarding set up so that I can access the machines from my system as localhost (ssh -p 48828

<    1   2   3   4   5   6   7   8   9   10   >