hifalutin,inactive
75%off for all New Softwares.
WindowXP,Photoshop,Window2003...etcMore
http://www.knowingly.ds.barely.EDJIHJEM.info/?uJw3wfu1eyBTMuuhesitantly
Opt-out:
http://www.overwhelmingly.xr.overwhelmingly.EDJIHJEM.info/frozen?i1knQ3iR2SpHAOirevered|[EMAIL
PROTECTED]
someone quahog mena
Hola Francisco
Francisco Castillo wrote:
Enrique,
IÂm novice on debian, i have decided recently to change from redhat or
mandrake (fatal experiencie in two years), so excuse my ignorance.
First i dont know how to do this step "The first thinng you must do is to
install a kernel with IPTABLES suppor
Hola Francisco
Francisco Castillo wrote:
Enrique,
IÂm novice on debian, i have decided recently to change from redhat or
mandrake (fatal experiencie in two years), so excuse my ignorance.
First i dont know how to do this step "The first thinng you must do is to
install a kernel with IPTABLES suppor
Robert,
There has been extensive discussion on this topic on the ssh mailing lists.
Before going on the list I would highly recommend reading up as this is a
fairly common topic and the developers have basically said they won't
provide this functionality, it is something that belongs in the OS or
Christoph,
You are right. Looks like he should also modprobe or insmod iptables
and many other modules. I insmod a whole list of routing modules:
ipt_REDIRECT
ipt_MASQUERADE
iptable_mangle
iptable_nat
ipt_REJECT
iptable_filter
Enrique,
IÂm novice on debian, i have decided recently to change from redhat or
mandrake (fatal experiencie in two years), so excuse my ignorance.
First i dont know how to do this step "The first thinng you must do is to
install a kernel with IPTABLES support"
How can I do it ? How can i test if
On Mon, 28 Jun 2004 21:35:40 +0200
Christoph Löffler <[EMAIL PROTECTED]> wrote:
Hello Fraancisco:
The first thinng you must do is to install a kernel with IPTABLES support, the
ipchains is not recomendable for kernels up to 2.4. The kernel packages of
woody distro have this support
Next you MUST
how about using rbash? Only does the shell part, and it is not very hard
to break out of the jail, but then again, allowing shell when you think
users are going to purposely try to break it isn't a good idea...
Hi Mark,
I have test your script but my woody give me this response:
morpheo:~# cat compartir2
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 1 > /proc/sys/net/ipv4/conf/eth1/rp_filter
iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -i eth1 -o eth0 -
Hello Francisco,
Francisco Castillo wrote:
I have read doc to do it but when i apply this doc i have a "your
kernel seems to not support ipchains" messages when i try to do
this.
For what reason do you want to use ipchains? If you just set up
debian successfully i think you have also an actual ker
Hello Francisco,
Francisco Castillo wrote:
I have read doc to do it but when i apply this doc i have a "your
kernel seems to not support ipchains" messages when i try to do
this.
For what reason do you want to use ipchains? If you just set up
debian successfully i think you have also an actual ke
Have you tried iptables instead? If your kernel supports iptables,
then:
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/$both_eth_devs/rp_filter
iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -i eth1 -o eth0 -j
MASQUERADE
iptables also does the firewalling in other ch
Hi,
I noticed the following just now in my apache logs:
208.200.158.49 - - [28/Jun/2004:20:11:46 +0200] "GET / HTTP/1.0" 200 6137
"-" "-"
208.200.158.49 - - [28/Jun/2004:20:12:00 +0200] "GET /index.php HTTP/1.0"
404 269 "-" "-"
208.200.158.49 - - [28/Jun/2004:20:12:00 +0200] "GET /main.php HTTP/
Robert,
There has been extensive discussion on this topic on the ssh mailing lists.
Before going on the list I would highly recommend reading up as this is a
fairly common topic and the developers have basically said they won't
provide this functionality, it is something that belongs in the OS or
Hello Gurus,
I have installed a debian woody with to interfaces
eth0 and eth1. I has configured the internet conexion on eth0 which
has got a static ip on internet. And on eth1 i want to put a interface to do a
proxy nat gateway on my internal lan (i want to put a 192.168.0.1 on it).
Christoph,
You are right. Looks like he should also modprobe or insmod iptables
and many other modules. I insmod a whole list of routing modules:
ipt_REDIRECT
ipt_MASQUERADE
iptable_mangle
iptable_nat
ipt_REJECT
iptable_filter
Enrique,
IÂm novice on debian, i have decided recently to change from redhat or
mandrake (fatal experiencie in two years), so excuse my ignorance.
First i dont know how to do this step "The first thinng you must do is to
install a kernel with IPTABLES support"
How can I do it ? How can i test if
On Mon, 28 Jun 2004 21:35:40 +0200
Christoph Löffler <[EMAIL PROTECTED]> wrote:
Hello Fraancisco:
The first thinng you must do is to install a kernel with IPTABLES support, the
ipchains is not recomendable for kernels up to 2.4. The kernel packages of woody
distro have this support
Next you MUST
I agree that a jail is the cleanest way. My setup is as follows:
chroot jail:
/home/jailedUsers
dirs and files within the jail:
./lib
./lib/libnsl.so.1
./lib/libnsl-2.3.2.so
./lib/libc.so.6
./lib/libc-2.3.2.so
./lib/ld-linux.so.2
./lib/ld-2.3.2.so
./lib/libnss_compat.so.2
./lib/libnss_compat-2.
Hi,
I don't exactly like the idea of having to setup a "mini-system" in
everybodies home dir, so maybe the Jailkit will be the answer.(?) Somehow
I'm a little surprised that the OpenSSH project hasn't provided this feature
in SSH and sftp that I'm looking for. Maybe somebody knows the reason why
how about using rbash? Only does the shell part, and it is not very hard
to break out of the jail, but then again, allowing shell when you think
users are going to purposely try to break it isn't a good idea...
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Troubl
The cleanest way I have found was using rssh. All you do is change the
shell to /usr/bin/rssh. The only issue I have with it is that to jail them
to their home directory you need a separate chroot for each folder of the
following. I jailed the /home folder and thus only need one jail, if you
wan
Hi, and thanks for the quick replies!
Just to be a bit clearer in what I'm asking: I would like to be able to
allow my customers to access their accounts (update their web sites) with
sftp which as I understand it is an extention to (Open)SSH, and not FTP. I
know for example that the Windows appli
Hi Mark,
I have test your script but my woody give me this response:
morpheo:~# cat compartir2
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 1 > /proc/sys/net/ipv4/conf/eth1/rp_filter
iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -i eth1 -o eth0 -
Hello Francisco,
Francisco Castillo wrote:
I have read doc to do it but when i apply this doc i have a "your
kernel seems to not support ipchains" messages when i try to do
this.
For what reason do you want to use ipchains? If you just set up
debian successfully i think you have also an actual ker
Hello Francisco,
Francisco Castillo wrote:
I have read doc to do it but when i apply this doc i have a "your
kernel seems to not support ipchains" messages when i try to do
this.
For what reason do you want to use ipchains? If you just set up
debian successfully i think you have also an actual ke
Have you tried iptables instead? If your kernel supports iptables,
then:
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/$both_eth_devs/rp_filter
iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -i eth1 -o eth0 -j
MASQUERADE
iptables also does the firewalling in other ch
Hi,
I noticed the following just now in my apache logs:
208.200.158.49 - - [28/Jun/2004:20:11:46 +0200] "GET / HTTP/1.0" 200 6137
"-" "-"
208.200.158.49 - - [28/Jun/2004:20:12:00 +0200] "GET /index.php HTTP/1.0"
404 269 "-" "-"
208.200.158.49 - - [28/Jun/2004:20:12:00 +0200] "GET /main.php HTTP/
Hello Gurus,
I have installed a debian woody with to interfaces
eth0 and eth1. I has configured the internet conexion on eth0 which
has got a static ip on internet. And on eth1 i want to put a interface to do a
proxy nat gateway on my internal lan (i want to put a 192.168.0.1 on it).
John,
Looks like there is a debian package created for jailkit now:
http://olivier.sessink.nl/jailkit/jailkit_0.9-1_i386.deb
md5 sums for these packages:
de67f1dbf6cec002290fe4faadf53821 jailkit_0.9-1_i386.deb
Mark
--- MB <[EMAIL PROTECTED]> wrote:
> John,
>
> First off, I make a small mista
John,
First off, I make a small mistake, the package I used was "jailkit",
from either:
http://www.gnu.org/directory/All_Packages_in_Directory/jailkit.html
or
http://freshmeat.net/projects/jailkit/
It has tons of documentation to help you create a jailed environment,
including loading your jail
I agree that a jail is the cleanest way. My setup is as follows:
chroot jail:
/home/jailedUsers
dirs and files within the jail:
./lib
./lib/libnsl.so.1
./lib/libnsl-2.3.2.so
./lib/libc.so.6
./lib/libc-2.3.2.so
./lib/ld-linux.so.2
./lib/ld-2.3.2.so
./lib/libnss_compat.so.2
./lib/libnss_compat-2.
Hi,
I don't exactly like the idea of having to setup a "mini-system" in
everybodies home dir, so maybe the Jailkit will be the answer.(?) Somehow
I'm a little surprised that the OpenSSH project hasn't provided this feature
in SSH and sftp that I'm looking for. Maybe somebody knows the reason why
The cleanest way I have found was using rssh. All you do is change the
shell to /usr/bin/rssh. The only issue I have with it is that to jail them
to their home directory you need a separate chroot for each folder of the
following. I jailed the /home folder and thus only need one jail, if you
wan
Am 2004-06-28 16:12:19, schrieb Andrew Miehs:
>Hi all,
>
>What SCSI controller is recommended nowardays for connecting an external
>U160 SCSI storage system? NCR? Adaptec? Speed is good, STABILITY is most
>important however - one will be for a postgres database the other for a
>mail server.
"Adapt
You can get a IBM server RAID card for about $200.
http://froogle.google.com/froogle?hl=en&lr=&ie=UTF-8&tab=wf&q=%22ibm+serveraid+4l%22&scoring=p
I like the IBM server RAID card on our mailserver:
01:02.0 RAID bus controller: IBM Netfinity ServeRAID controller
Subsystem: IBM: Unknown devi
Hi, and thanks for the quick replies!
Just to be a bit clearer in what I'm asking: I would like to be able to
allow my customers to access their accounts (update their web sites) with
sftp which as I understand it is an extention to (Open)SSH, and not FTP. I
know for example that the Windows appli
Yves Junqueira wrote:
> On Fri, 25 Jun 2004 18:21:20 -0400, Kris Deugau <[EMAIL PROTECTED]>
> wrote:
> > I've been lucky enough to only work with *nix mail servers except
> > for that one Novell system- and it had some advantages I've yet to
> > see in any *nix system.
> Interesting. Was that No
John,
Looks like there is a debian package created for jailkit now:
http://olivier.sessink.nl/jailkit/jailkit_0.9-1_i386.deb
md5 sums for these packages:
de67f1dbf6cec002290fe4faadf53821 jailkit_0.9-1_i386.deb
Mark
--- MB <[EMAIL PROTECTED]> wrote:
> John,
>
> First off, I make a small mista
John,
First off, I make a small mistake, the package I used was "jailkit",
from either:
http://www.gnu.org/directory/All_Packages_in_Directory/jailkit.html
or
http://freshmeat.net/projects/jailkit/
It has tons of documentation to help you create a jailed environment,
including loading your jail
Hi,
It sounds to me like you are looking for a chroot jail for some users.
apt-get install jailer
( jailer - Builds and maintains chrooted environments )
You will need to run a special daemon (jk_socketd) to log users into the
jail, but that is about the hardest part. I'll post my startup scrip
Hi all,
What SCSI controller is recommended nowardays for connecting an external
U160 SCSI storage system? NCR? Adaptec? Speed is good, STABILITY is most
important however - one will be for a postgres database the other for a
mail server.
Thanks for your help,
Andrew
Am 2004-06-28 16:12:19, schrieb Andrew Miehs:
>Hi all,
>
>What SCSI controller is recommended nowardays for connecting an external
>U160 SCSI storage system? NCR? Adaptec? Speed is good, STABILITY is most
>important however - one will be for a postgres database the other for a
>mail server.
"Adapt
You can get a IBM server RAID card for about $200.
http://froogle.google.com/froogle?hl=en&lr=&ie=UTF-8&tab=wf&q=%22ibm+serveraid+4l%22&scoring=p
I like the IBM server RAID card on our mailserver:
01:02.0 RAID bus controller: IBM Netfinity ServeRAID controller
Subsystem: IBM: Unknown devi
Yves Junqueira wrote:
> On Fri, 25 Jun 2004 18:21:20 -0400, Kris Deugau <[EMAIL PROTECTED]>
> wrote:
> > I've been lucky enough to only work with *nix mail servers except
> > for that one Novell system- and it had some advantages I've yet to
> > see in any *nix system.
> Interesting. Was that No
Hi!
1.) Set users shell to /bin/false and add it to /etc/shells.
This will prevent ssh access for users, but allows ftp etc.
But what you are asking for is that (I think)
2.) http://chrootssh.sourceforge.net/index.php
Chroot your ssh for non-admin users by
- patching ssh
- replacing Users homedir
Hi,
It sounds to me like you are looking for a chroot jail for some users.
apt-get install jailer
( jailer - Builds and maintains chrooted environments )
You will need to run a special daemon (jk_socketd) to log users into the
jail, but that is about the hardest part. I'll post my startup scrip
On Monday 28 June 2004 12.17, Robert Cates wrote:
> I would like to know if there is a way to restrict user logins to
> their home directories (or any other designated directory for that
> matter) using sftp/ssh. I've got my ftp server configured so that
rssh is what you are looking for. Be sure
Hi all,
What SCSI controller is recommended nowardays for connecting an external
U160 SCSI storage system? NCR? Adaptec? Speed is good, STABILITY is most
important however - one will be for a postgres database the other for a
mail server.
Thanks for your help,
Andrew
--
To UNSUBSCRIBE, email
Hi!
1.) Set users shell to /bin/false and add it to /etc/shells.
This will prevent ssh access for users, but allows ftp etc.
But what you are asking for is that (I think)
2.) http://chrootssh.sourceforge.net/index.php
Chroot your ssh for non-admin users by
- patching ssh
- replacing Users homedir
On Monday 28 June 2004 12.17, Robert Cates wrote:
> I would like to know if there is a way to restrict user logins to
> their home directories (or any other designated directory for that
> matter) using sftp/ssh. I've got my ftp server configured so that
rssh is what you are looking for. Be sure
Hi,
I would like to know if there is a way to restrict user logins to their home
directories (or any other designated directory for that matter) using
sftp/ssh. I've got my ftp server configured so that normal ftp access is
restricted to their home directories, but since sftp uses (Open)SSH, it u
Hi,
I would like to know if there is a way to restrict user logins to their home
directories (or any other designated directory for that matter) using
sftp/ssh. I've got my ftp server configured so that normal ftp access is
restricted to their home directories, but since sftp uses (Open)SSH, it u
53 matches
Mail list logo
