Re: [CentOS] SSH login from user with empty password
Am 11.10.2013 14:51, schrieb Markus Falb: > > On 11.Okt.2013, at 10:58, Rainer Traut wrote: > >> Am 11.10.2013 09:27, schrieb Michael Schultz: >>> Thanks everyone, >>> >>> secure log tells me exactly what the problem is: >>> "User username not allowed because account is locked" >>> >>> Setting a password for that account unlocks it and ssh works as >>> expected. I guess I have to work on my account creation routine. >>> >>> >> >> I haven't tried but >> maybe you could just try the obvious and unlock the account? >> I think it is >> passwd -u [user] > > from the usermod and passwd manual page > > ... This puts a ´!´ in front of the encrypted password ... > ... by prefixing the encrypted string with an ! ... > > What I have as an example > > /etc/passwd:login:x:1:1::/home/login:/bin/bash > /etc/shadow:login:!!:15546:0:9:7::: > > and ssh with keys works fine > What is in Michaels passwd and shadow? > Maybe he does not use shadow passwords and the behaviour is different ? > > Another thougt, are there any AVCs in /var/log/audit/audit.log, maybe it is a > selinux issue? > > Michael? > My passwd and shadow look like the ones in your example, SELinux is disabled. I think I'm just going to set account passwords, SSH pubkey auth works that way and it's a lot more secure. Thank you again for your help everyone, Michael ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] How's 5.10 coming along?
Hello team, Just wondering how the build of 5.10 is coming along. Is there a resource that informs us on these matters? Thanks! Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VNC
On Fri, Oct 11, 2013 at 5:36 PM, Terre Porter wrote: > Humm, > > Could windows machine be blocking the port going out? > No - I can connect with VNC to many other hosts from the windows box. > If your using putty as a ssh client you could try to port forward (5901, > 5901) through the ssh session and then try to connect using localhost:5901 > or localhost:5902 on the windows machine and see if you can connect. > > It can be done with other ssh clients but I've only used putty, so I know > it > can be done with it. > > You might also compare some of the settings to this page > http://wiki.centos.org/HowTos/VNC-Server Yes, I had seen that site and checked and everything looks copasetic. > > > You could try stopping the servers and running the vncserver in the console > to see if there are connections or errors - but I'm not sure with the > configuration your using if that is possible. > No, I don't have access to the console. I'm in New Mexico and the machine is in New York. > > I'm not sure what else to offer. > NP, I appreciate the help. I have an admin looking at now - he said 'I don't know why it doesn't work. It should. It's weird' Which makes me feel better ;-) He's suggesting I try and use virtual manager instead of VNC. I'm not familiar with that, so I'll have to give that a google. Thanks! -larry > > -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On > Behalf > Of Larry Martell > Sent: Friday, October 11, 2013 7:13 PM > To: CentOS mailing list > Subject: Re: [CentOS] VNC > > On Fri, Oct 11, 2013 at 4:45 PM, Terre Porter > wrote: > > > You can specify the port with the IP by using the colon with the ip. > > > > x.x.x.x:5901 or x.x.x.x:5902 > > > > Those both give me connection refused (as opposed to without the port, > where > I get connection timed out) > > > > > > > > -Original Message- > > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On > > Behalf Of Larry Martell > > Sent: Friday, October 11, 2013 6:35 PM > > To: CentOS mailing list > > Subject: Re: [CentOS] VNC > > > > On Fri, Oct 11, 2013 at 4:26 PM, Terre Porter > > wrote: > > > > > The instructions out linked to has a type-o at the end says to > > > connect to > > > ip:5801 should be 5901. > > > > > > If your using a vnc client uvnc, tightvnc.. try using just the ip > > > without the :port part or :1 for the 5901. > > > > > > > I am unfortunately connecting from a windows box that I do not have > > admin rights on. I have to use the client provided, which is RealVNC > > Viewer. All I can do is give the ip. > > > > > > > Try lsof -i -P | grep -i "listen" > > > > > > To see what ports are listening... > > > > > > > > > [root@10 sysconfig]# lsof -i -P | grep -i "listen" | grep vnc > > Xvnc 22052 motor4u IPv4 527366 0t0 TCP > > localhost.localdomain:5901 (LISTEN) > > Xvnc 22286 motor4u IPv4 530145 0t0 TCP > > localhost.localdomain:5902 (LISTEN) > > > > > > > > > > -Original Message- > > > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] > > > On Behalf Of Larry Martell > > > Sent: Friday, October 11, 2013 6:05 PM > > > To: CentOS mailing list > > > Subject: Re: [CentOS] VNC > > > > > > On Fri, Oct 11, 2013 at 3:42 PM, Terre Porter > > > wrote: > > > > > > > Try this, iptables dump from my fresh install, with ssh allow and > > > > the vnc you referenced. > > > > > > > > Terre > > > > > > > > # Generated by iptables-save v1.4.7 on Fri Oct 11 17:39:52 2013 > > > > *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT > > > > [45:7091] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > > > > -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p > > > > tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -m > > > > state --state NEW -m tcp -p tcp -m multiport --dports > > > > 5901:5903,6001:6003 -j ACCEPT > > > > -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD > > > > -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on > > > > Fri Oct 11 17:39:52 2013 > > > > > > > > > > > OK, with this file I'm getting connection timed out - before I was > > > getting connection refused so I guess that's some progress. > > > > > > > > > > > > > > > -Original Message- > > > > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] > > > > On Behalf Of Larry Martell > > > > Sent: Friday, October 11, 2013 5:36 PM > > > > To: CentOS mailing list > > > > Subject: Re: [CentOS] VNC > > > > > > > > On Fri, Oct 11, 2013 at 3:30 PM, Earl Ramirez > > > > > > > >wrote: > > > > > > > > > > > > > > On Fri, 2013-10-11 at 15:18 -0600, Larry Martell wrote: > > > > > > I'm trying to set up a VNC server using the instructions at > > > > > > > > > > > http://www.techrepublic.com/blog/linux-and-open-source/linux-101 > > > > > -e > > > > > as > > > > > y- > > > > > vnc-server-setup/ > > > > > > . > > > > > > > > > > > > I am up to step 6: >
Re: [CentOS] Form Feed on RAW printer
Where did you put that code? 2013/10/12 ken > On 10/12/2013 12:24 PM Juan De Mola wrote: > > Hi all. > > > > On CentOS 4 I was able to set a text only printer and send raw data and > > form feed on the end. Now on CentOS 5/6 I only have the option to set it > > RAW or text only but not the previous mix. > > > > How I can get it to work the same way? In most cases we use 5.x. > > > > Thanks > > What's worked for me: > > echo -e \f |lpr > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Juan Pablo De Mola Rodríguez ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How's 5.10 coming along?
CentOS Announcements list, I think 2013/10/14 Leonard den Ottolander > Hello team, > > Just wondering how the build of 5.10 is coming along. Is there a > resource that informs us on these matters? Thanks! > > Regards, > Leonard. > > -- > mount -t life -o ro /dev/dna /genetic/research > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Juan Pablo De Mola Rodríguez ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] 3.11.5 kernel compile
Hey all, I have just compiled the 3.11.5 kernel from kernel.org to fix the ACPI wont shutdown issue, but I have a couple errors in dmesg I am trying to figure out. Can anyone point me in the right direction? The errors are: 1: dm_mod: module verification failed: signature and/or required key missing - tainting kernel 2: [drm] VGACON disable radeon kernel modesetting. [drm:radeon_init] *ERROR* No UMS support in radeon module! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3.11.5 kernel compile
I believe that you need to use the ATI Radeon beta drivers for the 3.11 kernel branch, I had to anyways. *__* *Patrick Stueck* *Systems Engineer *(636) 448-5886 RedHat Certified System Administrator | Microsoft Certified Professional Amateur Radio: KDØIGO | LinkedIn: http://www.linkedin.com/in/pstueck *Confidentiality Notice: *This E-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. §§ 2510-2521, is confidential and may contain confidential and privledged materials, legally privileged and protected from disclosure. This e-mail is intended only for the addressee named above. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it and any and all copies of it. On Mon, Oct 14, 2013 at 12:53 PM, Terre Porter wrote: > Hey all, > > > > I have just compiled the 3.11.5 kernel from kernel.org to fix the ACPI > wont > shutdown issue, but I have a couple errors in dmesg I am trying to figure > out. > > > > Can anyone point me in the right direction? > > > > The errors are: > > > > 1: > > dm_mod: module verification failed: signature and/or required key missing - > tainting kernel > > > > 2: > > [drm] VGACON disable radeon kernel modesetting. > > [drm:radeon_init] *ERROR* No UMS support in radeon module! > > > > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3.11.5 kernel compile
On Mon, Oct 14, 2013 at 10:53 AM, Terre Porter wrote: > I have just compiled the 3.11.5 kernel from kernel.org to fix the ACPI wont > shutdown issue, but I have a couple errors in dmesg I am trying to figure > out. > Can anyone point me in the right direction? Can you give ELRepo's kernel-ml [1] a try to see if you get the same error? It is currently at 3.11.4 but I'm sure 3.11.5 will be released real soon now. Akemi [1] http://elrepo.org/tiki/kernel-ml ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3.11.5 kernel compile
Humm, since I'm not using a desktop I'm not really wanting to install the full graphics driver. -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Patrick Stueck Sent: Monday, October 14, 2013 2:24 PM To: CentOS mailing list Subject: Re: [CentOS] 3.11.5 kernel compile I believe that you need to use the ATI Radeon beta drivers for the 3.11 kernel branch, I had to anyways. *__* *Patrick Stueck* *Systems Engineer *(636) 448-5886 RedHat Certified System Administrator | Microsoft Certified Professional Amateur Radio: KDØIGO | LinkedIn: http://www.linkedin.com/in/pstueck *Confidentiality Notice: *This E-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. §§ 2510-2521, is confidential and may contain confidential and privledged materials, legally privileged and protected from disclosure. This e-mail is intended only for the addressee named above. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it and any and all copies of it. On Mon, Oct 14, 2013 at 12:53 PM, Terre Porter wrote: > Hey all, > > > > I have just compiled the 3.11.5 kernel from kernel.org to fix the ACPI > wont shutdown issue, but I have a couple errors in dmesg I am trying > to figure out. > > > > Can anyone point me in the right direction? > > > > The errors are: > > > > 1: > > dm_mod: module verification failed: signature and/or required key > missing - tainting kernel > > > > 2: > > [drm] VGACON disable radeon kernel modesetting. > > [drm:radeon_init] *ERROR* No UMS support in radeon module! > > > > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3.11.5 kernel compile
Akemi, I installed the ELRepo's kernel-ml and I don't get the dm_mod error, so that leans toward it likely being something in my kernel build config... I started with that kernel, but was unsure about running it in production, but then again I'm unsure about running the one I built in production - lol. I do get the Radeon error though. And I noticed something else I get on both kernels, "FATAL: Module scsi_wait_scan not found." Ugh, getting closer to just buying a new MB. -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Akemi Yagi Sent: Monday, October 14, 2013 2:58 PM To: CentOS mailing list Subject: Re: [CentOS] 3.11.5 kernel compile On Mon, Oct 14, 2013 at 10:53 AM, Terre Porter wrote: > I have just compiled the 3.11.5 kernel from kernel.org to fix the ACPI > wont shutdown issue, but I have a couple errors in dmesg I am trying > to figure out. > Can anyone point me in the right direction? Can you give ELRepo's kernel-ml [1] a try to see if you get the same error? It is currently at 3.11.4 but I'm sure 3.11.5 will be released real soon now. Akemi [1] http://elrepo.org/tiki/kernel-ml ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How's 5.10 coming along?
On 10/14/2013 09:46 AM, Leonard den Ottolander wrote: > Hello team, > > Just wondering how the build of 5.10 is coming along. Is there a > resource that informs us on these matters? Thanks! The rpms are built and available in the CR repository. The isos are under construction. The -announce list is where we'll post when it's officially out the door. -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3.11.5 kernel compile
On 10/14/2013 12:53 PM, Terre Porter wrote: > I have just compiled the 3.11.5 kernel from kernel.org to fix the ACPI wont > shutdown issue, but I have a couple errors in dmesg I am trying to figure > out. Out of curiosity, what shutdown issue? There are several options for shutdown/reboot that can be passed to the standard kernel which fix issues like this. (reboot=pci in grub.conf for example) -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3.11.5 kernel compile
I tried the reboot=pci, same result ... The system doesn't power off, it just sits there. I have to hold the power button in for it to shut down. It works in Fedora, Ubuntu, and the new kernel. However, I hate the changes in Fedora (all the init.d stuff changes) and Ubuntu I haven't used enough to be comfortable to use in a firewall machine. I'd be willing to try anything if you have some ideas. Here is the shutdown text I receive; this was when I had the acpi debug flags enabled. Sending all processes the TERM signal... Sendng all processes the KILL signal... Saving random seed: Syncing hardware clock to system time Turning off quotas: umount2: Device or resource busy umount: /dev/.initramfs/live: device is busy. (In some cases useful info about processes that use the device is found by lsof(8) or fuser(11)) init: Re-executing /sbin/init Halting System... r8169 :02:00.0: PME# enabled ACPI: Preparing to enter system sleep state S5 ACPI Error (psargs-0359): [PPTS] Namespace lookup failure, AE_NOT_FOUND ACPI Error (psparse-0537): Method parse/execution failed [\_SB_.PCI0.SBRG.EPTS] (Node fff88019dbc8c68), AE_NOT_FOUND ACPI Error (psparse-0537): Method parse/execution failed [\PTS_] (Node 88019d043560), AE_NOT_FOUND ACPI Error (psparse-0537): Method parse/execution failed [\_PTS] (Node 88019dbcf9e8), AE_NOT_FOUND Disabling non-boot CPUS... SMP alternatives: switching to UP code Power Down. acpi_power_off called -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Jim Perrin Sent: Monday, October 14, 2013 4:08 PM To: CentOS mailing list Subject: Re: [CentOS] 3.11.5 kernel compile On 10/14/2013 12:53 PM, Terre Porter wrote: > I have just compiled the 3.11.5 kernel from kernel.org to fix the ACPI > wont shutdown issue, but I have a couple errors in dmesg I am trying > to figure out. Out of curiosity, what shutdown issue? There are several options for shutdown/reboot that can be passed to the standard kernel which fix issues like this. (reboot=pci in grub.conf for example) -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3.11.5 kernel compile
On 10/14/2013 03:22 PM, Terre Porter wrote: > > I tried the reboot=pci, same result ... > > The system doesn't power off, it just sits there. I have to hold the power > button in for it to shut down. > > It works in Fedora, Ubuntu, and the new kernel. However, I hate the changes > in Fedora (all the init.d stuff changes) and Ubuntu I haven't used enough to > be comfortable to use in a firewall machine. > > I'd be willing to try anything if you have some ideas. > There are several reboot options you could try. They're defined in /usr/share/doc/kernel-doc-2.6.32/Documentation/x86/x86_64/boot-options.txt so you could have reboot=bios, reboot=triple, reboot=kbd, reboot=acpi, etc. Supposedly you can stack them as well, but I prefer cycling through them to find the one that works, and using it. -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3.11.5 kernel compile
That is good info; I'll give them a try. Thanks -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Jim Perrin Sent: Monday, October 14, 2013 4:38 PM To: CentOS mailing list Subject: Re: [CentOS] 3.11.5 kernel compile On 10/14/2013 03:22 PM, Terre Porter wrote: > > I tried the reboot=pci, same result ... > > The system doesn't power off, it just sits there. I have to hold the > power button in for it to shut down. > > It works in Fedora, Ubuntu, and the new kernel. However, I hate the > changes in Fedora (all the init.d stuff changes) and Ubuntu I haven't > used enough to be comfortable to use in a firewall machine. > > I'd be willing to try anything if you have some ideas. > There are several reboot options you could try. They're defined in /usr/share/doc/kernel-doc-2.6.32/Documentation/x86/x86_64/boot-options.txt so you could have reboot=bios, reboot=triple, reboot=kbd, reboot=acpi, etc. Supposedly you can stack them as well, but I prefer cycling through them to find the one that works, and using it. -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] setuid or other ideas
Everyone, I am working on a Centos 5.9 system. I have an need to be able to activate a piece of software from /etc/smrsh that is activated when sendmail delivers the e-mail to this piece of software. I would like this piece of software to take on the user and group identities that are different than 'mail' which is what happens now. I want to use a user and group that is not root), so that the piece of software will be able to write (concatenate) to a file. I have never used setuid, but it appears that this will only allow a piece of software to be set to root. I really do not want to give that kind of privilege to this piece of software. Any ideas? -- Greg Ennis PoMec Corporation www.PoMec.Net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] setuid or other ideas
On 10/14/2013 02:31 PM, Gregory P. Ennis wrote: > Everyone, > > I am working on a Centos 5.9 system. I have an need to be able to > activate a piece of software from /etc/smrsh that is activated when > sendmail delivers the e-mail to this piece of software. I would like > this piece of software to take on the user and group identities that are > different than 'mail' which is what happens now. I want to use a user > and group that is not root), so that the piece of software will be able > to write (concatenate) to a file. > > I have never used setuid, but it appears that this will only allow a > piece of software to be set to root. I really do not want to give that > kind of privilege to this piece of software. > > Any ideas? I've done lots of operations from /etc/smrsh under sendmail. I can't say I've ever used setuid for this type of work; it may well suffice. Now in my case with sendmail, the scripts run as the user receiving the email locally, so I don't need to do any of the below. I simply define the account that I want to run the script as the recipient of the message and it's all done. I'd suggest to run sudo and make an entry in /etc/sudoers. You want to be paranoid around any publicly visible service like email but an entry like this might work in /etc/sudoers: mailALL=(user2) NOPASSWD: /usr/local/script.to.run.sh Defaults:mail !requiretty Again, I'm not sure why you are seeing this run as the "mail" user unless that is the name of the local account, sendmail runs these kinds of scripts as the user receiving the messages. In which case, if my user was "taxinfo" it would look like taxinfoALL=(user2) NOPASSWD: /usr/local/script.to.run.sh Defaults:taxinfo !requiretty Note that the last line (Defaults...) is probably needed because there's not an actual terminal involved when processing a background script. Try without and see if it works. Then, in /etc/smrsh/received.sh you have #! /bin/sh /usr/bin/sudo -u taxinfo /usr/local/script.to.run.sh; And in your .forward file: (don't forget to chmod 600 this file) | /etc/smrsh/received.sh Good luck! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Form Feed on RAW printer
The bash prompt. On 10/14/2013 01:02 PM Juan De Mola wrote: > Where did you put that code? > > > 2013/10/12 ken > >> On 10/12/2013 12:24 PM Juan De Mola wrote: >>> Hi all. >>> >>> On CentOS 4 I was able to set a text only printer and send raw data and >>> form feed on the end. Now on CentOS 5/6 I only have the option to set it >>> RAW or text only but not the previous mix. >>> >>> How I can get it to work the same way? In most cases we use 5.x. >>> >>> Thanks >> >> What's worked for me: >> >> echo -e \f |lpr >> >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > > > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
