Just for complement, compare these ssh security tips:
Secure Secure Shell
https://stribika.github.io/2015/01/04/secure-secure-shell.html
Regards,
jvp.
Hi.
On Sun, 21 Feb 2016 02:29:01 +0100
arian wrote:
> > Because you can install ssh client without a server, but a
> > ssh server without a client on the same host is not of much use to
> > anyone.
>
> Is that so? I have a couple of hosts where I cannot remember
On 20.02.2016 20:23, Reco wrote:
> The way I see it, ssh-keygen merely generates *possible* prime numbers,
> as correct checking for primeness (sp?) would require very long and
> very CPU intensive checking - basically you'd have to divide generated
> number by each and any number less than
On Sat, Feb 20, 2016 at 10:23:26PM +0300, Reco wrote:
> Hi.
>
> On Sat, 20 Feb 2016 19:50:54 +0100
> Daniel wrote:
>
> > I have followed the instructions under "MODULI GENERATION" in the
> > "ssh-keygen" man page.
> > The resulting "moduli-2048" file is considerably
Hi.
On Sat, 20 Feb 2016 19:50:54 +0100
Daniel wrote:
> I have followed the instructions under "MODULI GENERATION" in the
> "ssh-keygen" man page.
> The resulting "moduli-2048" file is considerably smaller than the one
> provided with the
> "openssh-client" package. I
Hi,
You should enable kernel dump logs. auth log is worst place for searching
the cause of crashing.
2016-02-18 23:13 GMT+02:00 Chris :
> Dear All,
>
> after the following entry
>
> Feb 18 17:48:05 jupiter sshd[30204]: pam_unix(sshd:auth): authentication
> failure;
On Thu, Feb 18, 2016 at 10:13:48PM +0100, Chris wrote:
> Dear All,
>
> after the following entry
>
> Feb 18 17:48:05 jupiter sshd[30204]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.88.177.93
> user=root
>
On Thu, 18 Feb 2016, Chris wrote:
> after the following entry
>
> Feb 18 17:48:05 jupiter sshd[30204]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.88.177.93
> user=root
>
Daniel,
On Sat, 16 Jan 2016 14:50:20 -0300, you wrote:
>I'm sorry. I Had forgotten of the detail of the accessibility :(
No worries. Things are in a sorry state at the moment because of other
things I did without realizing I did them, but I've already told my
usership that Voyager will have to
Hi, Steve.
On 14/01/16 13:10, Steve Matzura wrote:
> Failing connection:
> (...)
> no matching cipher found: client
> aes192-cbc,3des-cbc,blowfish-cbc,aes128-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-...@lysator.liu.se,des-cbc,des-...@ssh.com
> server
>
It helps to explain things, Daniel, but truly, the client in question
is horrendously out of date and deprecated for all secure intents and
purposes, I'm quite happy to retire it from active support on my
server.
On Sat, 16 Jan 2016 15:19:33 -0300, you wrote:
>Hi, Steve.
>
>On 14/01/16 13:10,
Hi, Steve.
On 14/01/16 13:01, Steve Matzura wrote:
>> I do not know that client, but if your users are using Firefox, maybe
>> you could use FireFTP [1]. I never had problems with it, and we could
>> also say that while users use Firefox, you could run it on different
>> operating systems.
> It
I decided to put the two logs from `sshd -d' side-by-side to try to
figure out where the differences are. Both logs have the following
lines immediately after the connection request:
debug1: Client protocol version 2.0; client software version
FTP-Voyager-15.2.0.15
debug1: no match:
One more piece of the puzzle. The working system is Red Hat Fedora 20,
the non-working one is Debian 8.2.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Jan 13, 2016 at 07:13:57PM -0500, Steve Matzura wrote:
> I hope this isn't off-topic by too much. If it is, a word to me
> privately and I'll wait for responses to queries I've made elsewhere.
>
> I maintain two FTP servers and support four
Tomas,
On Wed, Jan 13, 2016 at 07:13:57PM -0500, Steve Matzura wrote:
>> I hope this isn't off-topic by too much. If it is, a word to me
>> privately and I'll wait for responses to queries I've made elsewhere.
>I'm not as much of an SSH guru to "get" what's going on by just reading
>configs, but
On 01/14/2016 12:32 PM, Steve Matzura wrote:
> debug1: sshd version OpenSSH_6.7, OpenSSL 1.0.1k 8 Jan 2015
>...
> debug1: Client protocol version 2.0; client software version
> FTP-Voyager-15.2.0.15
> debug1: no match: FTP-Voyager-15.2.0.15
> debug1: Enabling compatibility mode for protocol 2.0
>
Hi, Steve.
On 14/01/16 08:45, Steve Matzura wrote:
> This is clearly the problem area. I tried some ssh option settings in
> Voyager with no success. Should this client be retired? It's not
> *that* old.
I do not know that client, but if your users are using Firefox, maybe
you could use FireFTP
Tomas,
On Thu, 14 Jan 2016 05:32:04 -0500, I wrote:
>debug1: Enabling compatibility mode for protocol 2.0
>debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5
>debug1: permanently_set_uid: 107/65534 [preauth]
>debug1: list_hostkey_types:
>ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
Lars,
On Thu, 14 Jan 2016 12:45:09 +0200, you wrote:
>Can you update the client to one that uses the safer ciphers and avoids
>the deprecated ones?
You and I came to the same conclusion with the same lines of log as
evidence at about the same time. Amazing.
Many of my users use Voyager version
More info. I used getenforce' and found SELinux is installed but
disabled on the system where FTP Voyager can connect using SFTP over
ssh, and not installed at all on the system where FTP Voyager cannot
connect. In fact, using either the `getenforce' or `'sestatus' on the
no-connect system yields
Daniel,
On Thu, 14 Jan 2016 09:05:36 -0300, you wrote:
>Hi, Steve.
>
>On 14/01/16 08:45, Steve Matzura wrote:
>
>> This is clearly the problem area. I tried some ssh option settings in
>> Voyager with no success. Should this client be retired? It's not
>> *that* old.
>
>I do not know that
The problem is that the older client doesn't support ciphers newer than CBC
and arcfour (both depreciated on the newer server versions of OpenSSH).
Lookup how to re-enable these suites using the Cipher directive.
Is it possible that you are using a dsa key? ;-)
Use ssh with -v and take a look to the Output.
Yes, that was the problem. I switched to rsa, which doesn't seem to me like it
reduces paranoia, but I deal with systems that apparently don't understand
ed25519.
I had the same problem a few weeks ago.
"OpenSSH 7.0 disables ssh-dss keys by default" =)
Is it possible that you are using a dsa key? ;-)
Use ssh with -v and take a look to the Output.
Am 5. Januar 2016 17:49:54 MEZ, schrieb rvclay...@acm.org:
>I'm running
>
> $ lsb_release -a
> No LSB
On Tue, Jan 05, 2016 at 11:49:54AM -0500, rvclay...@acm.org wrote:
I'm running
$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:Debian GNU/Linux testing-updates (sid)
Release:testing-updates
Codename: sid
$ uname -a
Linux BanjaLuka
Kent West a écrit :
>
> One thing I did notice in the auth logs is that the connection port
> seems to change every connection attempt; is that normal?
Yes. The client source port used by a typical TCP connection is ephemeral.
On 12/16/2015 05:29 AM, Kent West wrote:
If I try to connect to my Debian box at work, using either my Mac's OS X
or my Mac's Debian VM, I can connect successfully, but then immediately
the connection is closed:
Kents-MacBook-Pro:~ westk$ ssh -Y we...@westek.acu.edu
we...@westek.acu.edu's
On 12/16/2015 06:54 PM, Kent West wrote:
westk@westek:~$ cat /etc/debian_version
stretch/sid
So, Debian Testing (Stretch).
You have a newer version of openssh-server (1:6.9p1-3) than I do
(1:6.7p1-5). Check your 'man sshd_config' carefully.
Kents-MacBook-Pro:~ westk$ ssh -vvv
On 12/16/15 8:19 PM, David Christensen wrote:
On 12/16/2015 05:29 AM, Kent West wrote:
If I try to connect to my Debian box at work, using either my Mac's OS X
or my Mac's Debian VM, I can connect successfully, but then immediately
the connection is closed:
Kents-MacBook-Pro:~ westk$ ssh -Y
On Sun, 25 Oct 2015 23:41:17 -0200
Manoel Pedro de Araújo wrote:
> Nao consigo fazer um acesso remoto via ssh
>
> quando eu digito ssh -l username ip
>
> resulta a saida
>
> The authenticity of host 'debian (127.0.1.1)' can't be established.
> ECDSA key fingerprint is
>
Manoel,
A política padrão do Debian 8 (Jessie) é não permitir acesso root por ssh,
como era permitido até o Debian 7. Terás que logar primeiro com um usuário
normal e depois tornar-se root.
Atte,
Em 26 de outubro de 2015 08:13, G.Paulo escreveu:
> On Sun, 25 Oct 2015
On 26 May 2015 18:24 +0200, from andr...@arrakis.se (Andreas Olsson):
2) ssh socks proxy
ssh -f -D 8080 -N DatorB
curl --proxy socks5h://localhost:8080 http://DatorC/
Fördelen med den senare är att de flesta webbläsare kan övertalas att
prata SOCKS 5 utan alltför stora krumbukter. I
tis 2015-05-26 klockan 18:08 +0200 skrev j...@lillahusetiskogen.se:
Alltså http från dator A till dator C via dator B och ssh mellan A och
B.
1) Vanlig ssh-tunnel
ssh -f -L 8080:DatorC:80 -N DatorB
curl --header Host: DatorC http://localhost:8080/
2) ssh socks proxy
ssh -f -D 8080 -N
Thanks to everybody who contributed to this thread. It is valuable.
Regards.
Johann
Normally for ssh tunnels I use -D
which creates a local socks tunnel listener (i.e -D1080) and means you can
do away with manual port forwards, you can then use a sockswrapper
(tsocks/dsocks) pointing at localhost to transparently proxify most
applications. Note that for UDP based things neither
On Sat, 9 May 2015 18:49:27 -0600
Bob Proulx b...@proulx.com wrote:
Petter Adsen wrote:
Now the question becomes; AFAIK, I could do this with ssh tunnels
and forward the ports on my router/firewall, or I could use
something like openvpn or IPsec (strongswan).
Yes. Exactly.
Also
Bob Proulx a écrit :
Both ssh and stunnel use TCP which means that in terms of ultimate
performance and ultimate efficiency you are ending up with TCP over
TCP and that isn't perfect.
SSH local or remote port forwarding (-L/-R) does stream forwarding ; it
is not a layer-3 tunnel (-w), so
Hello Peter
Petter Adsen wrote:
Now the question becomes; AFAIK, I could do this with ssh tunnels
and forward the ports on my router/firewall, or I could use
something like openvpn or IPsec (strongswan).
Yes. Exactly.
Also 'stunnel4' is useful too.
Thanks, I didn't know about
Also consider tincd
On 10 May 2015 at 04:51, Bonno Bloksma b.blok...@tio.nl wrote:
Hello Peter
Petter Adsen wrote:
Now the question becomes; AFAIK, I could do this with ssh tunnels
and forward the ports on my router/firewall, or I could use
something like openvpn or IPsec
Petter Adsen wrote:
Now the question becomes; AFAIK, I could do this with ssh tunnels and
forward the ports on my router/firewall, or I could use something like
openvpn or IPsec (strongswan).
Yes. Exactly.
Also 'stunnel4' is useful too.
I would avoid IPsec. Last I looked there were more
Vincent Lefevre vinc...@vinc17.net wrote:
When connecting by SSH to a particular machine, ssh hangs for
5 seconds. The client machine doesn't matter (except for the
machine itself).
5 seconds smells like some DNS problem.
Grüße,
Sven.
--
Sigmentation fault. Core dumped.
--
To
On 2015-04-08 19:21:12 +0200, Sven Hartge wrote:
Vincent Lefevre vinc...@vinc17.net wrote:
When connecting by SSH to a particular machine, ssh hangs for
5 seconds. The client machine doesn't matter (except for the
machine itself).
5 seconds smells like some DNS problem.
Yes, but the
On 8 April 2015 at 13:41, Vincent Lefevre vinc...@vinc17.net wrote:
# /usr/sbin/sshd -D -ddd -p 80 -f /etc/ssh/sshd_config 2(ts -s %.s)
[...]
3.315346 debug3: Trying to reverse map address 140.77.51.8.
So sshd is doing the reverse lookup and fails
ypig:~ nslookup 140.77.51.8
;; Got SERVFAIL
On 2015-04-08 13:46:06 -0400, Michael Graham wrote:
On 8 April 2015 at 13:41, Vincent Lefevre vinc...@vinc17.net wrote:
# /usr/sbin/sshd -D -ddd -p 80 -f /etc/ssh/sshd_config 2(ts -s %.s)
[...]
3.315346 debug3: Trying to reverse map address 140.77.51.8.
So sshd is doing the reverse
On 09/04/2015 3:11 AM, Vincent Lefevre vinc...@vinc17.net wrote:
When connecting by SSH to a particular machine, ssh hangs for
5 seconds. The client machine doesn't matter (except for the
machine itself). For instance:
xvii:~ ssh -vvv 2(ts -s %.s) ypig
[...]
0.278462 debug2: key:
On 2015-04-09 00:09:08 +0200, Vincent Lefevre wrote:
According to
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414569
avahi-daemon: delay on resolving IP addresses when mdns is
specified in /etc/nsswitch.conf
the 5-second delay shouldn't occur, as this bug was fixed with the
On 09/04/2015 9:38 AM, Igor Cicimov icici...@gmail.com wrote:
On 09/04/2015 3:11 AM, Vincent Lefevre vinc...@vinc17.net wrote:
When connecting by SSH to a particular machine, ssh hangs for
5 seconds. The client machine doesn't matter (except for the
machine itself). For instance:
On 2015-04-08 14:27:38 -0600, Bob Proulx wrote:
Vincent Lefevre wrote:
Yes, but with nslookup, the failure is *immediate*. So, this doesn't
explain the 5-second delay.
What is the configuration of /etc/resolv.conf? /etc/nsswitch.conf?
cat /etc/resolv.conf
domain lip.ens-lyon.fr.
On 2015-04-08 16:45:16 -0600, Bob Proulx wrote:
I see mdns there and immediately have an immune reaction due to many
problems with it before. As you have already determined it is the
source of your current 5 second timeout. I recommend purging
libnss-mdns from your system. That will solve
Vincent Lefevre wrote:
Vincent Lefevre wrote:
Bob Proulx wrote:
nameserver 140.77.1.32
nameserver 140.77.167.2
That is a second potential source of timeout.
man resolv.conf
nameserver Name server IP address
Internet address of a name server that the resolver
On 2015-04-08 23:57:53 +0200, Vincent Lefevre wrote:
On 2015-04-08 14:27:38 -0600, Bob Proulx wrote:
grep ^hosts /etc/nsswitch.conf
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
[...]
[...]
23:54:03 mprotect(0x7f5b92ff3000, 4096, PROT_READ) = 0
23:54:03
Vincent Lefevre wrote:
Michael Graham wrote:
Vincent Lefevre vinc...@vinc17.net wrote:
# /usr/sbin/sshd -D -ddd -p 80 -f /etc/ssh/sshd_config 2(ts -s %.s)
[...]
(I use port 80 since port 22 is already taken by the normal sshd and
the gateway to the machine seems to filter arbitrary
Could be your ssh client proposing ciphers the SSH server doesn't
understand. This was known issue with communication of ssh client 5+ to ssh
server 4.x and older.
Give it a try and let us know.
http://www.held.org.il/blog/2011/05/the-myterious-case-of-broken-ssh-client-connection-reset-by-peer/
On Thursday 12 March 2015 18:18:06 David BERCOT wrote:
Bon, apparemment, c'est un bug de stunnel :
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771241
J'ai compilé la dernière version sur mon client :
https://www.stunnel.org/downloads.html
Je teste demain pour valider...
Voilà, si ça
Bon, apparemment, c'est un bug de stunnel :
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771241
J'ai compilé la dernière version sur mon client :
https://www.stunnel.org/downloads.html
Je teste demain pour valider...
Voilà, si ça peut aider quelqu'un qui rencontre le même problème...
--
Lisez la FAQ de la liste avant de poser une question :
http://wiki.debian.org/fr/FrenchLists
Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe
vers debian-user-french-requ...@lists.debian.org
En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org
Archive:
El jue, 27-11-2014 a las 10:04 -0300, Ricardo Eureka! escribió:
Como te fue con esto?
Lo solucionaste? Como?
perdón por la demora, me colgué un poquito :D Entonces, siguiendo la
sugerencia de eduardo[1], agregué a los algoritmos permitidos en mi ssh
de debian uno que entienda solaris.
Como te fue con esto?
Lo solucionaste? Como?
2014-11-17 17:04 GMT-03:00 Gonzalo Rivero fishfromsa...@gmail.com:
El lun, 17-11-2014 a las 16:43 -0300, Ricardo Eureka! escribió:
Gonzalo
Limpio un poco e intercalo mis respuestas:
El 17 de noviembre de 2014, 13:37, Gonzalo Rivero
El 17/11/14 a las #4, Gonzalo Rivero escribió:
Buenas,
me pasa algo raro, tengo esta instalación de OpenIndiana (que deriva
de opensolaris) e intenté entrar a mi computadora (debian testing, y,
como todos los lunes (me da flojera actualizar mas seguido), recién
actualizada)
# ssh
Manda la salida de
# ssh -vv 172.16.250.250
El 17 de noviembre de 2014, 9:53, Gonzalo Rivero fishfromsa...@gmail.com
escribió:
Buenas,
me pasa algo raro, tengo esta instalación de OpenIndiana (que deriva de
opensolaris) e intenté entrar a mi computadora (debian testing, y, como
todos los
El Mon, 17 Nov 2014 09:53:06 -0300, Gonzalo Rivero escribió:
Buenas,
Ese html...
me pasa algo raro, tengo esta instalación de OpenIndiana (que deriva de
opensolaris) e intenté entrar a mi computadora (debian testing, y, como
todos los lunes (me da flojera actualizar mas seguido), recién
El lun, 17-11-2014 a las 09:55 -0300, Ricardo Eureka! escribió:
Manda la salida de
# ssh -vv 172.16.250.250
solaris a debian (el sentido en que no anda)
# ssh -vv grivero@172.16.250.250
Sun_SSH_1.5, SSH protocols 1.5/2.0, OpenSSL 0x0090818f
debug1: Reading configuration data /etc/ssh/ssh_config
Agrego:
Revisa los logs de ssh tanto en el Debian como en el Solaris, a ver que
pistas o errores te da.
2014-11-17 16:43 GMT-03:00 Ricardo Eureka! ricardoeur...@gmail.com:
Gonzalo
Limpio un poco e intercalo mis respuestas:
El 17 de noviembre de 2014, 13:37, Gonzalo Rivero
Gonzalo
Limpio un poco e intercalo mis respuestas:
El 17 de noviembre de 2014, 13:37, Gonzalo Rivero fishfromsa...@gmail.com
escribió:
El lun, 17-11-2014 a las 09:55 -0300, Ricardo Eureka! escribió:
Manda la salida de
# ssh -vv 172.16.250.250
solaris a debian (el sentido en que no anda)
El lun, 17-11-2014 a las 16:43 -0300, Ricardo Eureka! escribió:
Gonzalo
Limpio un poco e intercalo mis respuestas:
El 17 de noviembre de 2014, 13:37, Gonzalo Rivero
fishfromsa...@gmail.com escribió:
El lun, 17-11-2014 a las 09:55 -0300, Ricardo Eureka!
escribió:
On Thu, Jan 30, 2014 at 12:27:30PM -0200, André Nunes Batista wrote:
On Wed, 2014-01-29 at 13:47 -0600, Craig L. wrote:
On Thu, Jan 23, 2014 at 02:07:08PM -0600, Craig L. wrote:
This appears to be a problem with an ASA firewall appliance and is being
looked at by our network team and the
On Tue 11 Feb 2014 at 06:52:10 -0700, Paul E Condon wrote:
I'm puzzled about the apparent 'security theater' on this topic.
Known host checking is done, I think, to defend against 'man in the
middle', so when the known host key changes because of some event down
in the bowels of dynamic dns,
On Tue 11 Feb 2014 at 15:22:26 +0200, Lars Noodén wrote:
ssh-keygen -r checks the SSHFP record in DNS. Use grep or something to
check known_hosts. For me, ssh-keygen -R does not remove all the
dynamically generated host keys, however. I've not yet identified what
confounds ssh-keygen.
The
On 02/12/2014 02:59 PM, Brian wrote:
On Tue 11 Feb 2014 at 15:22:26 +0200, Lars Noodén wrote:
ssh-keygen -r checks the SSHFP record in DNS. Use grep or something to
check known_hosts. For me, ssh-keygen -R does not remove all the
dynamically generated host keys, however. I've not yet
On 20140212_152909, Lars Noodén wrote:
On 02/12/2014 02:59 PM, Brian wrote:
On Tue 11 Feb 2014 at 15:22:26 +0200, Lars Noodén wrote:
ssh-keygen -r checks the SSHFP record in DNS. Use grep or something to
check known_hosts. For me, ssh-keygen -R does not remove all the
dynamically
On 02/12/2014 07:34 PM, Paul E Condon wrote:
...
Question: Suppose I encounter this situation of the 'known host' having
moved to a different IP address (or a different URL?), is there a way
to discover whether the change is due to a proper functioning DynDNS,
or to a somewhat unstealthy
On Wed 12 Feb 2014 at 10:34:33 -0700, Paul E Condon wrote:
Question: Suppose I encounter this situation of the 'known host' having
moved to a different IP address (or a different URL?), is there a way
to discover whether the change is due to a proper functioning DynDNS,
or to a somewhat
On 20140212_200320, Lars Noodén wrote:
On 02/12/2014 07:34 PM, Paul E Condon wrote:
...
Question: Suppose I encounter this situation of the 'known host' having
moved to a different IP address (or a different URL?), is there a way
to discover whether the change is due to a proper
On 12/02/2014 13:30, Paul E Condon wrote:
On 20140212_200320, Lars Noodén wrote:
On 02/12/2014 07:34 PM, Paul E Condon wrote:
...
Question: Suppose I encounter this situation of the 'known host' having
moved to a different IP address (or a different URL?), is there a way
to discover whether
On 13/02/14 07:07, Dan Purgert wrote:
On 12/02/2014 13:30, Paul E Condon wrote:
On 20140212_200320, Lars Noodén wrote:
On 02/12/2014 07:34 PM, Paul E Condon wrote:
...
Question: Suppose I encounter this situation of the 'known host' having
moved to a different IP address (or a different
On Tue 11 Feb 2014 at 10:10:37 +1100, Zenaan Harkness wrote:
I'm wondering:
1) how to easily clean known_hosts
ssh-keygen with the -R option.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Hi
On Tue, Feb 11, 2014 at 09:53:32AM +1100, Zenaan Harkness wrote:
With a dyndns type server, each time a new ip address happens, ssh
login adds a new entry to .known_hosts
Is there a recommended way to handle this?
Turn off CheckHostIP ?
For the uninitiated, in your ~/.ssh/config file:
On 2/11/14, Brian a...@cityscape.co.uk wrote:
On Tue 11 Feb 2014 at 10:10:37 +1100, Zenaan Harkness wrote:
I'm wondering:
1) how to easily clean known_hosts
ssh-keygen with the -R option.
Sounds great! (also, the CheckHostIP = no option looks very useful in
this regard, thanks Karl)
However
On 02/11/2014 02:56 PM, Zenaan Harkness wrote:
On 2/11/14, Brian a...@cityscape.co.uk wrote:
On Tue 11 Feb 2014 at 10:10:37 +1100, Zenaan Harkness wrote:
I'm wondering:
1) how to easily clean known_hosts
ssh-keygen with the -R option.
Sounds great! (also, the CheckHostIP = no option looks
I'm puzzled about the apparent 'security theater' on this topic.
Known host checking is done, I think, to defend against 'man in the
middle', so when the known host key changes because of some event down
in the bowels of dynamic dns, does one have any possibility of
determining that it is truly
Paul E Condon:
I'm puzzled about the apparent 'security theater' on this topic.
Known host checking is done, I think, to defend against 'man in the
middle',
Exactly.
so when the known host key changes because of some event down
in the bowels of dynamic dns, does one have any possibility of
On 02/11/2014 03:52 PM, Paul E Condon wrote:
... Known host checking is done, I think, to defend against 'man in
the middle', so when the known host key changes because of some event
down in the bowels of dynamic dns, does one have any possibility of
determining that it is truly *not* a
On Tue, Feb 11, 2014 at 11:56:41PM +1100, Zenaan Harkness wrote:
On 2/11/14, Brian a...@cityscape.co.uk wrote:
On Tue 11 Feb 2014 at 10:10:37 +1100, Zenaan Harkness wrote:
I'm wondering:
1) how to easily clean known_hosts
ssh-keygen with the -R option.
$ HOST=raptor
$ ssh-keygen -r
On Feb 10, 2014 2:53 PM, Zenaan Harkness z...@freedbms.net wrote:
With a dyndns type server, each time a new ip address happens, ssh
login adds a new entry to .known_hosts
Is there a recommended way to handle this?
On 2/11/14, Schlacta, Christ aarc...@aarcane.org wrote:
Configure static
On 02/11/2014 01:10 AM, Zenaan Harkness wrote:
On Feb 10, 2014 2:53 PM, Zenaan Harkness z...@freedbms.net wrote:
With a dyndns type server, each time a new ip address happens, ssh
login adds a new entry to .known_hosts
Is there a recommended way to handle this?
On 2/11/14, Schlacta, Christ
resuelto screen es un estupenda opción!! gracias!
Edward Villarroel: @Agentedd
El día 8 de febrero de 2014, 12:33, Camaleón noela...@gmail.com escribió:
El Sat, 08 Feb 2014 12:26:21 -0430, Edward Villarroel (EDD) escribió:
El día 8 de febrero de 2014, 10:31, Camaleón noela...@gmail.com
El Sun, 09 Feb 2014 05:39:16 -0430, Edward Villarroel (EDD) escribió:
El día 8 de febrero de 2014, 12:33, Camaleón noela...@gmail.com
escribió:
(...)
Estaba pensando que además de la multiplexación y dependiendo de la
herramienta que uses para hacer la copia de seguridad (p. ej., tar)
si
Por nada Edward Villarroel
Que tengas un exclente dia.
La esperanza es lo que ilumina el camino hacia tus metas, porque lo difícil
se consigue y lo imposible se intenta.
El 9 de febrero de 2014, 8:09, Camaleón noela...@gmail.com escribió:
El Sun, 09 Feb 2014 05:39:16 -0430, Edward Villarroel
El Sun, 09 Feb 2014 09:13:50 -0600, Raúl Israel Mora Rojas escribió:
(...)
Por nada Edward Villarroel Que tengas un exclente dia.
La esperanza es lo que ilumina el camino hacia tus metas, porque lo
difícil se consigue y lo imposible se intenta.
Creo que te has equivocado de remitente ;-)
El Fri, 07 Feb 2014 19:26:54 -0430, Edward Villarroel (EDD) escribió:
buenas noche lista disculpen mi ignorancia saben si me conecto como
root aun servidor de linux ejecuto una tarea q tarda como 30 min puedo
revisar como va desde otro terminal y ver lo mismo q esta viendo mi
primera sesion
camaleon no c muy bien que aplicacion es pero ella va imprimiendo el
progreso en la pantalla! hay alguna forma de decirle al terminal q me
imprima la salida del progreso en un archivo de texto plano?
Edward Villarroel: @Agentedd
El día 8 de febrero de 2014, 10:31, Camaleón noela...@gmail.com
El Sat, 08 Feb 2014 12:26:21 -0430, Edward Villarroel (EDD) escribió:
El día 8 de febrero de 2014, 10:31, Camaleón noela...@gmail.com
escribió:
(...)
tengo un servidor A un terminal B Desde Un terminal C puedo ver
lo que esta haciendo B
O pasar la sesion de B a C porque B debe reiniciar y
2014-02-07 Edward Villarroel (EDD) edward.villarr...@gmail.com:
buenas noche lista disculpen mi ignorancia saben si me conecto como
root aun servidor de linux ejecuto una tarea q tarda como 30 min puedo
revisar como va desde otro terminal y ver lo mismo q esta viendo mi
primera sesion
El 2014-02-08 00:56, Edward Villarroel (EDD) escribió:
buenas noche lista disculpen mi ignorancia saben si me conecto como
root aun servidor de linux ejecuto una tarea q tarda como 30 min puedo
revisar como va desde otro terminal y ver lo mismo q esta viendo mi
primera sesion abierta??
tengo
Craig L. cr...@gtek.biz wrote:
When I tried to reconnect, it took almost 60 seconds for the password
prompt to show up.
It's probably trying to lookup rDNS for your IP address. Reverse lookups
are controlled by a parameter in the sshd_config file.
Chris
--
To UNSUBSCRIBE, email to
On Wed, 2014-01-29 at 13:47 -0600, Craig L. wrote:
On Thu, Jan 23, 2014 at 02:07:08PM -0600, Craig L. wrote:
I have a couple of VMs running on a remote server: one with an older
version of
Ubuntu, and one running wheezy. I have an ssh tunnel with X forwarding set
up
so that I can
On Thu, Jan 23, 2014 at 02:07:08PM -0600, Craig L. wrote:
I have a couple of VMs running on a remote server: one with an older version
of
Ubuntu, and one running wheezy. I have an ssh tunnel with X forwarding set up
so that I can access the machines from my system as localhost
(ssh -p 48828
On Thu, Jan 23, 2014 at 09:20:09PM -0200, André Nunes Batista wrote:
On Thu, 2014-01-23 at 14:07 -0600, Craig L. wrote:
When I tried to reconnect, it took almost 60 seconds for the password
prompt to
show up. Ever since then this problem occurs from my machine to either of
the
VMs.
On Thu, 2014-01-23 at 14:07 -0600, Craig L. wrote:
I have a couple of VMs running on a remote server: one with an older version
of
Ubuntu, and one running wheezy. I have an ssh tunnel with X forwarding set up
so that I can access the machines from my system as localhost
(ssh -p 48828
401 - 500 of 4262 matches
Mail list logo