Stefan Srdic wrote:
> I've just installed PortSentry (from unstable for kernel 2.4support)
> and Logcheck (from testing) onto my Woody box.
>
> I have PortSentry configure to use the Netfilter logging and limit options
> to properly log port scan attemps from hostile host. Do any of you know
On Fri, Aug 03, 2001 at 12:46:10PM -0500, David Ehle wrote:
>
> Howdy all,
>
>Not debian specific, but this is the best batch of security minds I
> have access too so I figured I'd see if this interests anyone.
>
> I need to set up some Xterminal replacemnets - linux boxes that will
> mos
Stefan Srdic wrote:
> I've just installed PortSentry (from unstable for kernel 2.4support)
> and Logcheck (from testing) onto my Woody box.
>
> I have PortSentry configure to use the Netfilter logging and limit options
> to properly log port scan attemps from hostile host. Do any of you know
"=?x-user-defined?Q?--=3D=5B_..::_V=EDr=F9=A7_::.._=5D=3D--?=" <[EMAIL
PROTECTED]> writes:
Hmm, can't say I'm overly fond of your email address, but ...
> I saw many Debian users get their system up2date using
> apt-get. But their versions of the applications are _the_
> latest one, when I look
Hello people,
I have a little question,
I saw many Debian users get their system up2date using
apt-get. But their versions of the applications are _the_
latest one, when I look at my system I seem to have, up2date, but
older versions.
Could anyone tell me what I can change to get the latest veri
"=?x-user-defined?Q?--=3D=5B_..::_V=EDr=F9=A7_::.._=5D=3D--?="
<[EMAIL PROTECTED]> writes:
Hmm, can't say I'm overly fond of your email address, but ...
> I saw many Debian users get their system up2date using
> apt-get. But their versions of the applications are _the_
> latest one, when I loo
Hello people,
I have a little question,
I saw many Debian users get their system up2date using
apt-get. But their versions of the applications are _the_
latest one, when I look at my system I seem to have, up2date, but
older versions.
Could anyone tell me what I can change to get the latest ver
On Thu, Aug 23, 2001 at 08:18:58AM -1000, Joseph Dane wrote:
> > "Alexander" == Alexander List <[EMAIL PROTECTED]> writes:
>
> Alexander> You might also consider the tip posted before to use rsync
> Alexander> (rsync -e ssh) to transfer entire directory structures,
>
> or, since ssh will re
> "Alexander" == Alexander List <[EMAIL PROTECTED]> writes:
Alexander> You might also consider the tip posted before to use rsync
Alexander> (rsync -e ssh) to transfer entire directory structures,
or, since ssh will read from stdin, you can alter the old tar|tar
trick to copy a directory tr
Yeah.. try using "scp". It should come along with ssh.
At 02:13 PM 8/23/2001 +0900, Curt Howland wrote:
I've just made the change from a windows to Debian user machine, I've been
running a Debian server for years.
One of the features of the windows software that I liked was zmodem file
transf
Emmanuel Lacour ([EMAIL PROTECTED]) said:
> To be more explicit, it's on a mail relay in a dmz witch need to become if
> there's a very big problem on the internal mail server, THE smtp/pop server
> for this domain, for a few mails accounts.
> So the admin need to be able to create some accounts,
On Thu, Aug 23, 2001 at 08:18:58AM -1000, Joseph Dane wrote:
> > "Alexander" == Alexander List <[EMAIL PROTECTED]> writes:
>
> Alexander> You might also consider the tip posted before to use rsync
> Alexander> (rsync -e ssh) to transfer entire directory structures,
>
> or, since ssh will r
> "Alexander" == Alexander List <[EMAIL PROTECTED]> writes:
Alexander> You might also consider the tip posted before to use rsync
Alexander> (rsync -e ssh) to transfer entire directory structures,
or, since ssh will read from stdin, you can alter the old tar|tar
trick to copy a directory t
Yeah.. try using "scp". It should come along with ssh.
At 02:13 PM 8/23/2001 +0900, Curt Howland wrote:
>I've just made the change from a windows to Debian user machine, I've been
>running a Debian server for years.
>
>One of the features of the windows software that I liked was zmodem file
>tr
On Thu, Aug 23, 2001 at 03:21:23PM +0100, Karl E. Jorgensen wrote:
> Sounds like you're getting into doing "normal" remote admin of a box.
> But why over HTTP ? If you have network connectivity to it, ssh should
> do the job (ssh in as yourself and su/sudo to root?).
>
> If you can get to via HTT
On Thu, 23 Aug 2001 15:21:23 +0100
"Karl E. Jorgensen" <[EMAIL PROTECTED]> wrote:
> Sounds like you're getting into doing "normal" remote admin of a box.
> But why over HTTP ? If you have network connectivity to it, ssh should
> do the job (ssh in as yourself and su/sudo to root?).
>
> If you ca
On Thu, Aug 23, 2001 at 04:08:09PM +0200, Emmanuel Lacour wrote:
> Thanks, and what about sudo vs. super??
>
Super is different from sudo in that super's configuration file lists commands
then the users that can run them while sudo's lists users then the commands
that they can do
--
__
On Thu, Aug 23, 2001 at 02:58:23PM +0200, Emmanuel Lacour wrote:
>
> Hi,
>
> I wan't to get some opinions on doing this:
>
> Making someone to be able to create unix users by an http method (from an
> http browser).
> Making someone to be able to restart a daemon under the identity
On Thu, 23 Aug 2001 15:21:32 +0200
Jean Baptiste Lallement <[EMAIL PROTECTED]> wrote:
> Hi,
>
> U could use sudo ?
>
> Excerpt from http://www.courtesan.com/sudo/
> ---
> Sudo (superuser do) allows a system administrator to give certain
> users (or groups of users) the ability to run some (or a
On Thu, 23 Aug 2001 09:46:52 -0400 (EDT)
Eric LeBlanc <[EMAIL PROTECTED]> wrote:
> Do u know webmin?
>
> http://webadmin.sourceforge.net/webmin/
Of course, but I think it's not necessary to use an as big program for this
purpose.
--
Easter-eggsSpécialiste GN
Do u know webmin?
http://webadmin.sourceforge.net/webmin/
Eric
On Thu, 23 Aug 2001, Jean Baptiste Lallement wrote:
> Hi,
>
> U could use sudo ?
>
> Excerpt from http://www.courtesan.com/sudo/
> ---
> Sudo (superuser do) allows a system administrator to give certain
> users (or groups of user
Emmanuel Lacour ([EMAIL PROTECTED]) said:
> To be more explicit, it's on a mail relay in a dmz witch need to become if there's a
>very big problem on the internal mail server, THE smtp/pop server for this domain,
>for a few mails accounts.
> So the admin need to be able to create some accounts,
Hi,
U could use sudo ?
Excerpt from http://www.courtesan.com/sudo/
---
Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root or another user while logging the commands and arguments.
---
and run it with a c
On Thu, Aug 23, 2001 at 06:13:04PM +1000, Sam Couter wrote:
> Philipp Schulte <[EMAIL PROTECTED]> wrote:
> >
> > You should never be too lazy to log in as a user and su to root.
>
> su to root: 8 character password.
> ssh directly as root: 1024 bit RSA key.
>
> Which one is easiest to crack?
>
On Thu, Aug 23, 2001 at 03:21:23PM +0100, Karl E. Jorgensen wrote:
> Sounds like you're getting into doing "normal" remote admin of a box.
> But why over HTTP ? If you have network connectivity to it, ssh should
> do the job (ssh in as yourself and su/sudo to root?).
>
> If you can get to via HT
Hi,
I wan't to get some opinions on doing this:
Making someone to be able to create unix users by an http method (from an http
browser).
Making someone to be able to restart a daemon under the identity of root from
http.
I think about some methods:
Running a cgi or system()
On Thu, 23 Aug 2001 15:21:23 +0100
"Karl E. Jorgensen" <[EMAIL PROTECTED]> wrote:
> Sounds like you're getting into doing "normal" remote admin of a box.
> But why over HTTP ? If you have network connectivity to it, ssh should
> do the job (ssh in as yourself and su/sudo to root?).
>
> If you c
On Thu, Aug 23, 2001 at 04:08:09PM +0200, Emmanuel Lacour wrote:
> Thanks, and what about sudo vs. super??
>
Super is different from sudo in that super's configuration file lists commands then
the users that can run them while sudo's lists users then the commands that they can do
--
__
On Thu, Aug 23, 2001 at 02:58:23PM +0200, Emmanuel Lacour wrote:
>
> Hi,
>
> I wan't to get some opinions on doing this:
>
> Making someone to be able to create unix users by an http method (from an http
>browser).
> Making someone to be able to restart a daemon under the identity
On Thu, 23 Aug 2001 13:26:45 +0200
Michael Wood <[EMAIL PROTECTED]> wrote:
> I haven't been following the thread. Do you get the message as
> soon as you run sshd or just when someone tries to log in?
>
I get the message when I try to do an scp from local to the chrooted host(as it
must run s
On Thu, 23 Aug 2001 15:21:32 +0200
Jean Baptiste Lallement <[EMAIL PROTECTED]> wrote:
> Hi,
>
> U could use sudo ?
>
> Excerpt from http://www.courtesan.com/sudo/
> ---
> Sudo (superuser do) allows a system administrator to give certain
> users (or groups of users) the ability to run some (or
On Thu, 23 Aug 2001 09:46:52 -0400 (EDT)
Eric LeBlanc <[EMAIL PROTECTED]> wrote:
> Do u know webmin?
>
> http://webadmin.sourceforge.net/webmin/
Of course, but I think it's not necessary to use an as big program for this purpose.
--
Easter-eggsSpécialiste GN
Do u know webmin?
http://webadmin.sourceforge.net/webmin/
Eric
On Thu, 23 Aug 2001, Jean Baptiste Lallement wrote:
> Hi,
>
> U could use sudo ?
>
> Excerpt from http://www.courtesan.com/sudo/
> ---
> Sudo (superuser do) allows a system administrator to give certain
> users (or groups of use
I've got the opposite problem after jumping up to Testing this week. I
found ssh broke when I tried to connect to my masq server, which worked
flawlessly when both boxes were Potato.
Now, if I try to ssh to the Potato machine from the Woody machine using
the hostname, it justs sits there. If I u
Hi,
U could use sudo ?
Excerpt from http://www.courtesan.com/sudo/
---
Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root or another user while logging the commands and arguments.
---
and run it with a
On Thu, Aug 23, 2001 at 06:13:04PM +1000, Sam Couter wrote:
> Philipp Schulte <[EMAIL PROTECTED]> wrote:
> >
> > You should never be too lazy to log in as a user and su to root.
>
> su to root: 8 character password.
> ssh directly as root: 1024 bit RSA key.
>
> Which one is easiest to crack?
>
On Thu, 23 Aug 2001 11:19:58 +0100
Nick Phillips <[EMAIL PROTECTED]> wrote:
> > Anyone having an Idea?
>
> Can't see that you got a response to this... you probably need the PAM
> stuff in the chroot (most likely just /etc/pam.d/ssh, but maybe /etc/pam.conf
> or other stuff in pam.d).
>
> Cheers
Hi,
I wan't to get some opinions on doing this:
Making someone to be able to create unix users by an http method (from an http
browser).
Making someone to be able to restart a daemon under the identity of root from http.
I think about some methods:
Running a cgi or system()
> Anyone having an Idea?
Can't see that you got a response to this... you probably need the PAM
stuff in the chroot (most likely just /etc/pam.d/ssh, but maybe /etc/pam.conf
or other stuff in pam.d).
Cheers,
Nick
--
Nick Phillips -- [EMAIL PROTECTED]
You will wish you hadn't.
On Thu, 23 Aug 2001 13:26:45 +0200
Michael Wood <[EMAIL PROTECTED]> wrote:
> I haven't been following the thread. Do you get the message as
> soon as you run sshd or just when someone tries to log in?
>
I get the message when I try to do an scp from local to the chrooted host(as it must
run
hi ya
On 23 Aug 2001, Olaf Meeuwissen wrote:
> Sam Couter <[EMAIL PROTECTED]> writes:
>
> > Philipp Schulte <[EMAIL PROTECTED]> wrote:
> > Plus, su doesn't forward X connections.
>
> Real sysadmins don't need X to admin! (duck)
and certainly dont need webmin either...or any other gui.
I've got the opposite problem after jumping up to Testing this week. I
found ssh broke when I tried to connect to my masq server, which worked
flawlessly when both boxes were Potato.
Now, if I try to ssh to the Potato machine from the Woody machine using
the hostname, it justs sits there. If I
* Curt Howland ([EMAIL PROTECTED]) wrote:
>
> One point: All the Windows scp clients I've tried so far are password based,
> and my server allows only RSA key access, so they don't work.
>
One remark. the cygwin tools include ssh, and do support RSA key access.
Also the newer versions of putty i
On Thu, Aug 23, 2001 at 06:13:04PM +1000, Sam Couter wrote:
> Philipp Schulte <[EMAIL PROTECTED]> wrote:
> >
> > You should never be too lazy to log in as a user and su to root.
>
> su to root: 8 character password.
> ssh directly as root: 1024 bit RSA key.
>
> Which one is easiest to crack?
On Thu, Aug 23, 2001 at 05:14:19PM +0900, Olaf Meeuwissen wrote:
> Philipp Schulte <[EMAIL PROTECTED]> writes:
> > You should never be too lazy to log in as a user and su to root.
>
> Better yet, stick `PermitRootLogin no' in /etc/ssh/sshd_config.
Sure, I always setup sshd like this.
Phil
Sam Couter <[EMAIL PROTECTED]> writes:
> Philipp Schulte <[EMAIL PROTECTED]> wrote:
> >
> > You should never be too lazy to log in as a user and su to root.
>
> su to root: 8 character password.
> ssh directly as root: 1024 bit RSA key.
Eh, ssh in as user and su to root is what Phil is talking
One point: All the Windows scp clients I've tried so far are password based,
and my server allows only RSA key access, so they don't work.
As soon as I got ssh working reliably, I turned off passwords, and
de-un-selected telnet and ftp servers entirely. So ssh -l root is just as
safe as any other
Philipp Schulte <[EMAIL PROTECTED]> writes:
> On Thu, Aug 23, 2001 at 05:08:48PM +1000, Jason Thomas wrote:
>
> > On Thu, Aug 23, 2001 at 09:02:35AM +0200, Jaan Sarv wrote:
> > > root? root?!?!???
> > > ROOT!
> >
> > first of all, example!!
> > secondly, secure shell protocol, secur
On Thu, 23 Aug 2001 11:19:58 +0100
Nick Phillips <[EMAIL PROTECTED]> wrote:
> > Anyone having an Idea?
>
> Can't see that you got a response to this... you probably need the PAM
> stuff in the chroot (most likely just /etc/pam.d/ssh, but maybe /etc/pam.conf
> or other stuff in pam.d).
>
> Cheer
Philipp Schulte <[EMAIL PROTECTED]> wrote:
>
> You should never be too lazy to log in as a user and su to root.
su to root: 8 character password.
ssh directly as root: 1024 bit RSA key.
Which one is easiest to crack?
I don't allow telnet logins as root, but I'm quite happy to allow RSA
authenti
> Anyone having an Idea?
Can't see that you got a response to this... you probably need the PAM
stuff in the chroot (most likely just /etc/pam.d/ssh, but maybe /etc/pam.conf
or other stuff in pam.d).
Cheers,
Nick
--
Nick Phillips -- [EMAIL PROTECTED]
You will wish you hadn't.
--
To UNSUBS
On Thu, Aug 23, 2001 at 05:08:48PM +1000, Jason Thomas wrote:
> On Thu, Aug 23, 2001 at 09:02:35AM +0200, Jaan Sarv wrote:
> > root? root?!?!???
> > ROOT!
>
> first of all, example!!
> secondly, secure shell protocol, secure!
That's supposed to be a joke, right?
Just because som
hi ya
On 23 Aug 2001, Olaf Meeuwissen wrote:
> Sam Couter <[EMAIL PROTECTED]> writes:
>
> > Philipp Schulte <[EMAIL PROTECTED]> wrote:
> > Plus, su doesn't forward X connections.
>
> Real sysadmins don't need X to admin! (duck)
and certainly dont need webmin either...or any other gui
On Thu, Aug 23, 2001 at 09:02:35AM +0200, Jaan Sarv wrote:
> root? root?!?!???
> ROOT!
first of all, example!!
secondly, secure shell protocol, secure!
third, sometimes when your lazy you just have too!
>
> Humz.. bad idea, don't ya think?
>
>
> Jaan
>
>
> --
> To UNSUBSCRIB
- Original Message -
From: "Jason Thomas" <[EMAIL PROTECTED]>
To: "Curt Howland" <[EMAIL PROTECTED]>
Cc: "'FEJF'" <[EMAIL PROTECTED]>;
Sent: Thursday, August 23, 2001 7:54 AM
Subject: Re: File transfer using ssh
> # copy file to remote machine and connect as current user
> scp afile.txt
Simon Boulet <[EMAIL PROTECTED]> writes:
> Hi,
>
> I had some problems today with sshd. Here is what was reported in my log
> files:
>
> Aug 23 00:23:24 host01 kernel: VM: killing process sshd
> Aug 23 00:23:24 host01 kernel: swap_free: swap-space map bad (entry
> f000)
> Aug 23 00:24:23 h
scp will also work for entire directory structures with the -r flag.
But please read the manpage and try to understand it before bothering the
security list. The SYNOPSIS section should be enough for your most urgent
needs ;-)
You might also consider the tip posted before to use rsync (rsync -e s
* Curt Howland ([EMAIL PROTECTED]) wrote:
>
> One point: All the Windows scp clients I've tried so far are password based,
> and my server allows only RSA key access, so they don't work.
>
One remark. the cygwin tools include ssh, and do support RSA key access.
Also the newer versions of putty
On 22 Aug 2001, Hubert Chan wrote:
> Rob> SSH for some reason ( as some do ), FTP uses two TCP ports, not one
> Rob> : one for control ( commands ) and the other for data.
>
> Unless you use passive mode.
of course ftp uses two channels in passive mode as well
--
[-]
On Thu, Aug 23, 2001 at 06:13:04PM +1000, Sam Couter wrote:
> Philipp Schulte <[EMAIL PROTECTED]> wrote:
> >
> > You should never be too lazy to log in as a user and su to root.
>
> su to root: 8 character password.
> ssh directly as root: 1024 bit RSA key.
>
> Which one is easiest to crack?
On Thu, Aug 23, 2001 at 05:14:19PM +0900, Olaf Meeuwissen wrote:
> Philipp Schulte <[EMAIL PROTECTED]> writes:
> > You should never be too lazy to log in as a user and su to root.
>
> Better yet, stick `PermitRootLogin no' in /etc/ssh/sshd_config.
Sure, I always setup sshd like this.
Phil
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "Rob" == Rob Helmer <[EMAIL PROTECTED]> writes:
Rob> Hi Curt, It sounds like you want "sftp", which comes with SSHv2 and
Rob> is a passable FTP clone for SSH ( not quite as advanced as say
Rob> ncftp, but decent ).
Or in OpenSSH version 2.5 (or
# copy file to remote machine and connect as current user
scp afile.txt machine.domain:
# copy file to remote machine and connect as specified user
scp afile.txt [EMAIL PROTECTED]:
# copy file from remote machien and connect as current user
scp machine.domain:afile.txt .
#copy file from remote mac
And it works, too.
Arigato gozaimasu, mina-sama.
Dewa mata,
Curt-
-Original Message-
From: Craig Dickson [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 23, 2001 14:30
To: 'debian-security@lists.debian.org'
Subject: Re: File transfer using ssh
Curt Howland wrote:
> Is there a file
hi ya
and if you wanna try 'um all out... ( the windoze versions )
http://www.Linux-Consulting.com/Security/ssh.windows.txt
( teraterm and putty works nice and they're free )
c ya
alvin
On Thu, 23 Aug 2001, FEJF wrote:
> Jason Thomas, on Donnerstag, 23. August 2001 07:29 wrot
Sam Couter <[EMAIL PROTECTED]> writes:
> Philipp Schulte <[EMAIL PROTECTED]> wrote:
> >
> > You should never be too lazy to log in as a user and su to root.
>
> su to root: 8 character password.
> ssh directly as root: 1024 bit RSA key.
Eh, ssh in as user and su to root is what Phil is talking
One point: All the Windows scp clients I've tried so far are password based,
and my server allows only RSA key access, so they don't work.
As soon as I got ssh working reliably, I turned off passwords, and
de-un-selected telnet and ftp servers entirely. So ssh -l root is just as
safe as any othe
Philipp Schulte <[EMAIL PROTECTED]> writes:
> On Thu, Aug 23, 2001 at 05:08:48PM +1000, Jason Thomas wrote:
>
> > On Thu, Aug 23, 2001 at 09:02:35AM +0200, Jaan Sarv wrote:
> > > root? root?!?!???
> > > ROOT!
> >
> > first of all, example!!
> > secondly, secure shell protocol, secu
Philipp Schulte <[EMAIL PROTECTED]> wrote:
>
> You should never be too lazy to log in as a user and su to root.
su to root: 8 character password.
ssh directly as root: 1024 bit RSA key.
Which one is easiest to crack?
I don't allow telnet logins as root, but I'm quite happy to allow RSA
authent
Actually, the problem was from Debian to Debian, rather than windows
anything. :^)
The real "one thing I miss" would have been one or two real world command
line examples, so I could make sense of the man page.
Thank very much to everyone for replying, now all I have to do is get sound
working,
Jason Thomas, on Donnerstag, 23. August 2001 07:29 wrote:
> scp
short answer ;) - but as everbody sugests scp there is one thing i miss:
tell Curt Howland where to get a windoze version of scp... ;)
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
fejf
> On Thu, Aug 23, 2001 at 02
Curt Howland wrote:
> Is there a file transfer method for utilizing ssh?
It's called 'scp' -- secure cp. You don't even need an ssh session up to
use it:
scp file [EMAIL PROTECTED]:/path
will copy a file to /path on the machine site, using the specified user
account. You will be prompted for
scp
On Thu, Aug 23, 2001 at 02:13:47PM +0900, Curt Howland wrote:
> I've just made the change from a windows to Debian user machine, I've been
> running a Debian server for years.
>
> One of the features of the windows software that I liked was zmodem file
> transfer over the ssh link. Since chan
Hi Curt,
It sounds like you want "sftp", which comes with SSHv2 and is
a passable FTP clone for SSH ( not quite as advanced as say
ncftp, but decent ).
Also, you can send inividual files to an SSH server with the
"scp" command.
One last note : keep in mind that if you decide to tunnel FTP over
On Thu, Aug 23, 2001 at 02:13:47PM +0900, Curt Howland wrote:
> Is there a file transfer method for utilizing ssh? I'm sure ftp could be
> tunneled, but for security reasons ftp is turned off. Until now, with
> zmodem, I didn't need it.
Try scp or sftp. They transfer files over ssh using the in
On Thu, Aug 23, 2001 at 05:08:48PM +1000, Jason Thomas wrote:
> On Thu, Aug 23, 2001 at 09:02:35AM +0200, Jaan Sarv wrote:
> > root? root?!?!???
> > ROOT!
>
> first of all, example!!
> secondly, secure shell protocol, secure!
That's supposed to be a joke, right?
Just because so
I've just made the change from a windows to Debian user machine, I've been
running a Debian server for years.
One of the features of the windows software that I liked was zmodem file
transfer over the ssh link. Since changing over to ssh (1.2.3-9.3) from
stable for both server and now client, it d
Hi,
I had some problems today with sshd. Here is what was reported in my log
files:
Aug 23 00:23:24 host01 kernel: VM: killing process sshd
Aug 23 00:23:24 host01 kernel: swap_free: swap-space map bad (entry
f000)
Aug 23 00:24:23 host01 kernel: VM: killing process sshd
Aug 23 00:24:23 host0
78 matches
Mail list logo
