On 2023-12-14 14:04:08 -0500, Greg Wooledge wrote:
> On Thu, Dec 14, 2023 at 05:14:28PM +0100, Vincent Lefevre wrote:
> > I have the latest version!!! I recall that this is a Debian/unstable
> > machine, which I upgrade regularly. So, everytime I get such an error,
> > I have the latest client.
>
On Thu, Dec 14, 2023 at 05:14:28PM +0100, Vincent Lefevre wrote:
> I have the latest version!!! I recall that this is a Debian/unstable
> machine, which I upgrade regularly. So, everytime I get such an error,
> I have the latest client.
Just for the record, saying you have the "latest" version of
Vincent Lefevre wrote:
> I have the latest version!!! I recall that this is a Debian/unstable
> machine, which I upgrade regularly. So, everytime I get such an error,
> I have the latest client.
>
> Note also that this is an error that occurs randomly.
Then I'm sorry, that I can't help you more o
On 2023-12-14 17:03:10 +0100, Klaus Singvogel wrote:
> Vincent Lefevre wrote:
> > Since 2 years (from early 2022 to 2023-11-26), I've got recurrent
> > errors like
> >
> > kex_exchange_identification: read: Connection reset by peer
> > Connection reset by x.x.x.x port 22
>
> This sounds most like
Vincent Lefevre wrote:
> Since 2 years (from early 2022 to 2023-11-26), I've got recurrent
> errors like
>
> kex_exchange_identification: read: Connection reset by peer
> Connection reset by x.x.x.x port 22
This sounds most likely that your SSH client (program at your local machine)
has an outda
On 2022-08-22 at 08:42 -0400, Roberto C. Sánchez wrote:
> On Mon, Aug 22, 2022 at 12:33:42PM +0200, Radwan Daoud wrote:
> >I want to install an old version of openssh server on my Debian 11.
> >I want to install Debian 9 ssh version on Debian 11 , is that possible:
> >[1]https://packag
On Mon, Aug 22, 2022 at 12:33:42PM +0200, Radwan Daoud wrote:
>I want to install an old version of openssh server on my Debian 11.
>I want to install Debian 9 ssh version on Debian 11 , is that possible:
>[1]https://packages.debian.org/stretch/openssh-server
>Please don't ask me ,
On 2022-06-15 15:10:17 +0200, Vincent Lefevre wrote:
> They set LogLevel to DEBUG, which explains that the debug3() message
> doesn't appear. They can see debug lines when my connection succeeds,
> but nothing in case of immediate failure. So this would mean that it
> is the pipe() from server_acce
On 2022-06-15 03:48:38 +0200, Vincent Lefevre wrote:
> The source from misc.c is
>
> int
> unset_nonblock(int fd)
> {
> int val;
>
> val = fcntl(fd, F_GETFL);
> if (val < 0) {
> error("fcntl(%d, F_GETFL): %s", fd, strerror(errno));
> return
On 2022-06-14 19:17:01 +0100, Tim Woodall wrote:
[MaxStartups limit]
> In the case where I hit it it was a cron job starting an ssh connection
> from multiple machines - 'out of hours' where 'convenience' was more
> valuable than 'performance'.
Note that I get the errors at random times of the day
On Tue, 14 Jun 2022, Vincent Lefevre wrote:
On 2022-06-07 17:19:12 +0100, Tim Woodall wrote:
On Tue, 7 Jun 2022, Vincent Lefevre wrote:
I eventually did a packet capture on the client side as I was able to
reproduce the problem. When it occurs, I get the following sequence:
Client ? Server: [
On 2022-06-07 17:19:12 +0100, Tim Woodall wrote:
> On Tue, 7 Jun 2022, Vincent Lefevre wrote:
> > I eventually did a packet capture on the client side as I was able to
> > reproduce the problem. When it occurs, I get the following sequence:
> >
> > Client ? Server: [SYN] Seq=0
> > Server ? Client:
On Tue, 7 Jun 2022, Vincent Lefevre wrote:
On 2022-02-05 18:39:27 -0300, Henrique de Moraes Holschuh wrote:
If it is sshd, ensure it is actually logging all you need, and carefully
study the logs.
Nothing interesting in the logs, according to the admins of the server.
If nothing helps, pack
On 2022-02-05 18:39:27 -0300, Henrique de Moraes Holschuh wrote:
> If it is sshd, ensure it is actually logging all you need, and carefully
> study the logs.
Nothing interesting in the logs, according to the admins of the server.
> If nothing helps, packet-dump both sides (client and server) and
On 2022-02-05 18:39:27 -0300, Henrique de Moraes Holschuh wrote:
> On Wed, 02 Feb 2022, Vincent Lefevre wrote:
> > When I want to connect with SSH (ssh/scp) to some machine, I sometimes
> > get errors, either
> >
> > kex_exchange_identification: Connection closed by remote host
> >
> > or
> >
>
On Wed, 02 Feb 2022, Vincent Lefevre wrote:
> When I want to connect with SSH (ssh/scp) to some machine, I sometimes
> get errors, either
>
> kex_exchange_identification: Connection closed by remote host
>
> or
>
> kex_exchange_identification: read: Connection reset by peer
That's a very early
On 2022-02-02 14:21:08 -0500, gene heskett wrote:
> When I change something, like rebooting the rpi4 running my big Sheldon
> lathe, from debian buster to debian bullseye, the keyfile changes, and I
> get an explicit error telling me to run ssh-keygen to remove the
> offending key, which I do, a
On Wed 02 Feb 2022 at 14:28:40 (-0500), Greg Wooledge wrote:
> On Wed, Feb 02, 2022 at 02:21:08PM -0500, gene heskett wrote:
> > When I change something, like rebooting the rpi4 running my big Sheldon
> > lathe, from debian buster to debian bullseye, the keyfile changes, and I
> > get an explicit
On Wed, Feb 02, 2022 at 02:21:08PM -0500, gene heskett wrote:
> When I change something, like rebooting the rpi4 running my big Sheldon
> lathe, from debian buster to debian bullseye, the keyfile changes, and I
> get an explicit error telling me to run ssh-keygen to remove the
> offending key, w
On Wednesday, February 2, 2022 9:44:32 AM EST Vincent Lefevre wrote:
> When I want to connect with SSH (ssh/scp) to some machine, I sometimes
> get errors, either
>
> kex_exchange_identification: Connection closed by remote host
>
> or
>
> kex_exchange_identification: read: Connection reset by p
On Wed 02 Feb 2022 at 15:44:32 (+0100), Vincent Lefevre wrote:
> When I want to connect with SSH (ssh/scp) to some machine, I sometimes
> get errors, either
>
> kex_exchange_identification: Connection closed by remote host
>
> or
>
> kex_exchange_identification: read: Connection reset by peer
>
On 2022-02-02 09:44, Vincent Lefevre wrote:
In the source, this corresponds to function kex_exchange_identification
in kex.c:
len = atomicio(read, ssh_packet_get_connection_in(ssh),
&c, 1);
if (len != 1 && errno == EPIPE) {
error_f("Connection closed by remote hos
On 2022-02-02 16:12:32 +0100, Hans wrote:
> Am Mittwoch, 2. Februar 2022, 15:44:32 CET schrieb Vincent Lefevre:
> Sounds weired. I wonder, if there is a typo. Your message beginning with
>
> kex_exchange_identif
>
> looks for me like a typo. I would have "key_exchange_" expected.
No, th
Am Mittwoch, 2. Februar 2022, 15:44:32 CET schrieb Vincent Lefevre:
Sounds weired. I wonder, if there is a typo. Your message beginning with
kex_exchange_identif
looks for me like a typo. I would have "key_exchange_" expected.
However, I did not check this, and mybe this is correct.
On
On 2022-02-02 14:44, Vincent Lefevre wrote:
When I want to connect with SSH (ssh/scp) to some machine, I sometimes
get errors, either
kex_exchange_identification: Connection closed by remote host
or
kex_exchange_identification: read: Connection reset by peer
immediately after the connection a
On Thu, 21 Oct 2021 15:26:21 -0700
dmacdoug wrote:
>
> Assuming your sshd server is on a computer attached
> to a router which is your gateway to the internet, and
> the router is set to forward port 22 to that computer
> some ISP's don't route port 22 traffic. I know that
> AT&T blocks por
On Sb, 23 oct 21, 09:33:44, Joe wrote:
>
> The ssh protocol by default works on TCP port 22, but the sshd (server)
> configuration file allows different ports to be specified. If you have
> port 22 open to the Internet, you will get many firewall logs for
> people trying brute-force password attac
On Sat, 23 Oct 2021 08:42:09 +0300
Semih Ozlem wrote:
> Are there specific tutorials websites that you can recommend, how
> about port forwarding. From where which sites in particular can I
> learn about these topics?
Here's a good practical guide:
https://www.digitalocean.com/community/tutoria
Are there specific tutorials websites that you can recommend, how about
port forwarding. From where which sites in particular can I learn about
these topics?
Joe , 22 Eki 2021 Cum, 00:08 tarihinde şunu yazdı:
> On Thu, 21 Oct 2021 23:48:38 +0300
> Semih Ozlem wrote:
>
> > I think it was somethin
On Friday, 22 Oct 2021 at 09:46, David Wright wrote:
> I'm guessing it was a BT Home Hub.
EE *before* bought by BT but maybe same supplier even then.
> One might suspect that 100 lies at the lower boundary of its DHCP
> range, leaving 99 static addresses free. But no guess at a product.
I canno
On Fri 22 Oct 2021 at 11:59:40 (+0100), Eric S Fraga wrote:
> On Friday, 22 Oct 2021 at 13:40, Andrei POPESCU wrote:
> > Typically modems and home routers use the .1 address for themselves.
>
> Interesting. My last 2 routers have had *.254 (!)
I'm guessing it was a BT Home Hub. It's idiosyncrati
On Friday, 22 Oct 2021 at 13:40, Andrei POPESCU wrote:
> Typically modems and home routers use the .1 address for themselves.
Interesting. My last 2 routers have had *.254 (!) and *.100 as their
address.
--
Eric S Fraga via Emacs 28.0.60 & org 9.5 on Debian 11.1
On Jo, 21 oct 21, 22:52:37, Semih Ozlem wrote:
> I am unable to access my modem settings page when writing 192.168.1.100 to
> check if there is a firewall.
Are you sure this is the correct address? How did you establish that?
Typically modems and home routers use the .1 address for themselves.
E
That's 'systemctl status ssh' without the 1) of course.I meant to put more
steps but decided not to
--
James B
portoteache...@fastmail.com
Em Sex, 22 Out ʼ21, às 00:18, James B escreveu:
> Hi Semih,
>
> In my opinion, I would go back to basics first.You may have installed
> openssh but it
Hi Semih,
In my opinion, I would go back to basics first.You may have installed openssh
but it doesn't necessarily run by default (for reasons that will make sense
when you look at it further).Do you know how to start systemd services? It
looks to me like your ssh server isnt' running.So, run (
On Fri, 22 Oct 2021 at 09:53, Semih Ozlem wrote:
> From:Semih Ozlem
> To:Debian Users , ubuntu-us...@lists.ubuntu.com
Please, do not send individual messages to more than one
mailing list.
It is rather unfriendly to everyone else that reads each list, because
we do not see any conversation tha
I am unable to access my modem settings page when writing 192.168.1.100 to
check if there is a firewall.
Below is the web page that I get
Unable to connect
Firefox can’t establish a connection to the server at 192.168.1.100.
The site could be temporarily unavailable or too busy. Try again
On Thu, Oct 21, 2021 at 11:41:43PM +0300, Semih Ozlem wrote:
> Hi everyone,
>
> I set up an openssh server and I am trying to access that machine remotely
> (not from the local network. but from another ip address). I get an error
> (something about port 22). What setting needs to be checked and w
On Thu, Oct 21, 2021 at 09:07:02PM +, Semih Ozlem wrote:
> Yes the error message is
>
> ssh: connect to host (ip address of remote host) port 22: Connection refused
This message means one of these things:
1) The sshd process is not running, or is not listening on the default port.
2) A fire
On Thu, 21 Oct 2021 23:48:38 +0300
Semih Ozlem wrote:
> I think it was something like "ssh: connect to host port 22:
> Connection refused" It will take me a little while to get the same
> error message again.
>
>
Ideally you need to do more than open the ssh port, particularly if you
inten
Yes the error message is
ssh: connect to host (ip address of remote host) port 22: Connection refused
Semih Ozlem , 21 Eki 2021 Per, 20:48
tarihinde şunu yazdı:
> I think it was something like "ssh: connect to host port 22:
> Connection refused" It will take me a little while to get the s
I think it was something like "ssh: connect to host port 22:
Connection refused" It will take me a little while to get the same error
message again.
James B , 21 Eki 2021 Per, 23:45 tarihinde
şunu yazdı:
> Hi Semih,
>
> Could you post the exact wording of the error message please?
>
> Best
>
Hi Semih,
Could you post the exact wording of the error message please?
Best
JB
--
James B
portoteache...@fastmail.com
Em Qui, 21 Out ʼ21, às 21:41, Semih Ozlem escreveu:
> Hi everyone,
>
> I set up an openssh server and I am trying to access that machine remotely
> (not from the loca
On Mon, Aug 17, 2020 at 09:31:20PM +0300, Semih Ozlem wrote:
> Hi Greg,
> Sorry for lack of details in my response, it was just a tiring day because
> almost the whole day passed and finally the issue is at least temporarily
> resolved, and one gets somewhat forgetful. the firewall was enabled on t
Hi Greg,
Sorry for lack of details in my response, it was just a tiring day because
almost the whole day passed and finally the issue is at least temporarily
resolved, and one gets somewhat forgetful. the firewall was enabled on the
debian machine, and I am trying to connect to the debian machine f
On 8/17/2020 8:15 PM, Semih Ozlem wrote:
Sorry for the maybe too simple question, but how does one open and close
ports, and how can ufw firewall be configured so as to allow ssh
connections
Have a look at (1).
In the linux world, it is wise to answer at the bottom of an e-mail as
opposed to
On Mon, Aug 17, 2020 at 08:12:32PM +0200, john doe wrote:
> On 8/17/2020 8:04 PM, Semih Ozlem wrote:
> > And thanks to Greg for the quick response.
> >
> > Semih Ozlem , 17 Ağu 2020 Pzt, 21:03
> > tarihinde şunu yazdı:
> >
> > > Sorry for the trailing list of emails, I just realized the firewall
On 8/17/2020 8:04 PM, Semih Ozlem wrote:
And thanks to Greg for the quick response.
Semih Ozlem , 17 Ağu 2020 Pzt, 21:03
tarihinde şunu yazdı:
Sorry for the trailing list of emails, I just realized the firewall was
preventing the connection. After disabling ssh connection works. However I
woul
And thanks to Greg for the quick response.
Semih Ozlem , 17 Ağu 2020 Pzt, 21:03
tarihinde şunu yazdı:
> Sorry for the trailing list of emails, I just realized the firewall was
> preventing the connection. After disabling ssh connection works. However I
> would like to ask how I can configure fire
Sorry for the trailing list of emails, I just realized the firewall was
preventing the connection. After disabling ssh connection works. However I
would like to ask how I can configure firewall so that I can have ssh
working, instead of simply disabling it.
Semih Ozlem , 17 Ağu 2020 Pzt, 21:00
tar
also pinging works
Semih Ozlem , 17 Ağu 2020 Pzt, 20:59
tarihinde şunu yazdı:
> Regarding previous question on ssh server
> Both machines are in the same home network, connected to the internet
> through modem.
> One machine is running on windows the other on debian. (I tried running
> the window
Regarding previous question on ssh server
Both machines are in the same home network, connected to the internet
through modem.
One machine is running on windows the other on debian. (I tried running the
windows machine from debian as well and that did not work either.)
When I run localhost on the d
On Mon, Aug 17, 2020 at 08:49:11PM +0300, Semih Ozlem wrote:
> I am trying to connect to a debian machine with openssh-server installed.
> When I try to connect, I get the message "connection timed out". I am not
> sure if this group is the right place to address this issue, but is there a
> config
Greg Wooledge wrote:
>
> I suggest reading what ClientAliveCountMax and ClientAliveInterval
> actually do in sshd_config(5). Take particular note of the word
> "unresponsive". It is not the same as "idle".
Yes, you are right, this setting won't disconnect idle sessions. So I
guess it's mostly us
On 2019-04-08 18:25, timothylegg wrote:
Ideas?
I've not really used screen but isn't it that you want to start where
you left off ?
mick
--
Key ID4BFEBB31
On Tue, Apr 09, 2019 at 04:01:20PM +0100, Thomas Pircher wrote:
> > > ClientAliveInterval 5
>
> This is the setting that the STIG ID RHEL-07-040320 in [2] suggests to
> edit.
>
> Thomas
>
> [1] https://iase.disa.mil/stigs
> [2]
> https://rhel7stig.readthedocs.io/en/latest/medium.html#v-72237-al
Greg Wooledge wrote:
> Most people want the exact opposite of that.
I don't really know the OP's rationale, but terminating an idle ssh
session is a step in the requirements/guidelines (STIG [1]) for
hardening systems for the US Department of Defense.
> Basically, what you're asking for is direct
On Mon 08 Apr 2019 at 13:39:36 (-0400), Greg Wooledge wrote:
> On Mon, Apr 08, 2019 at 12:25:28PM -0500, timothylegg wrote:
> > I need to have the session expire and the ssh client terminate after
> > an idle time.
>
> Most people want the exact opposite of that.
>
> Basically, what you're asking
Richard Hector wrote:
> On 9/04/19 12:14 PM, timothylegg wrote:
> > I have two residences and one
> > has a port forwarding issue. I want to make an SSH tunnel to the
> > other site. If I am at one place for multiple weeks, it's asking too
> > much for the SSH tunnel to stay live that long (I've
On 9/04/19 12:14 PM, timothylegg wrote:
> I have two residences and one
> has a port forwarding issue. I want to make an SSH tunnel to the
> other site. If I am at one place for multiple weeks, it's asking too
> much for the SSH tunnel to stay live that long (I've seen many
> complaints of SSH co
timothylegg writes:
> I'm the only user that will be angry at being disconnected. There is
> no easy way to explain the reasoning; I've rewritten this paragraph
> three times because it was too long. I have two residences and one
> has a port forwarding issue. I want to make an SSH tunnel to t
I'm the only user that will be angry at being disconnected. There is
no easy way to explain the reasoning; I've rewritten this paragraph
three times because it was too long. I have two residences and one
has a port forwarding issue. I want to make an SSH tunnel to the
other site. If I am at one
On Mon, Apr 08, 2019 at 12:25:28PM -0500, timothylegg wrote:
> I need to have the session expire and the ssh client terminate after
> an idle time.
Most people want the exact opposite of that.
Basically, what you're asking for is directly hostile to any kind of
sane operation of a computer.
> Cl
On Tue 12 Jul 2016 at 17:32:22 +0200, Nicolas George wrote:
> Le quintidi 25 messidor, an CCXXIV, Brian a écrit :
> > Not really. How to change Policy is adequately described on the Debian
> > web site. How to submit a bug against openssh-server is also described.
>
> So you were talking about ch
> You could potentially just use the policyrcd-script-zg2 package, and
> then your boolean setting would be:
>
> echo -e "#!/bin/sh\nexit101;" > /etc/policy-rc.d.
>
> Or something similar. [Or if you really just want a boolean, you could
> potentially write your own package which plugged into pol
On Tue, 12 Jul 2016, Stefan Monnier wrote:
> >> I often need something like this when running inside a chroot and
> >> always have trouble finding the clean&easy way to do it
> > Here's one example that mk-sbuild uses:
> > (jessie-amd64)$ cat /usr/sbin/policy-rc.d
> > #!/bin/sh
> > while true; do
>
On Wednesday 13 July 2016 07:32:10 Henrique de Moraes Holschuh wrote:
> On Wed, 13 Jul 2016, Joe wrote:
> > On Tue, 12 Jul 2016 20:09:31 +0100
> >
> > Brian wrote:
> > > The cat from next door always looks very intently at me when I am
> > > at the keyboard. Is that normal feline behaviour?
> >
>
Le 13/07/2016 à 13:32, Henrique de Moraes Holschuh a écrit :
> On Wed, 13 Jul 2016, Joe wrote:
>> On Tue, 12 Jul 2016 20:09:31 +0100
>> Brian wrote:
>>> The cat from next door always looks very intently at me when I am at
>>> the keyboard. Is that normal feline behaviour?
>>>
>> Yes. The weight o
On Wed, 13 Jul 2016, Joe wrote:
> On Tue, 12 Jul 2016 20:09:31 +0100
> Brian wrote:
> > The cat from next door always looks very intently at me when I am at
> > the keyboard. Is that normal feline behaviour?
> >
> Yes. The weight of a cat is more than sufficient to operate most
> keyboards.
Not
On Tue, 12 Jul 2016 21:51:41 +0100
Lisi Reisz wrote:
> On Tuesday 12 July 2016 20:24:18 Brian wrote:
> > (For those who think this is about password logins in general - it
> > is not. It is about logging in as root).
>
> Thank you, Brian. You come up trumps again. I said that I hadn't
> under
On Tue, 12 Jul 2016 20:09:31 +0100
Brian wrote:
> The cat from next door always looks very intently at me when I am at
> the keyboard. Is that normal feline behaviour?
>
Yes. The weight of a cat is more than sufficient to operate most
keyboards.
--
Joe
>> I often need something like this when running inside a chroot and
>> always have trouble finding the clean&easy way to do it
> Here's one example that mk-sbuild uses:
> (jessie-amd64)$ cat /usr/sbin/policy-rc.d
> #!/bin/sh
> while true; do
> case "$1" in
> -*) shift ;;
> makedev)
On Tue, 12 Jul 2016, Stefan Monnier wrote:
> I often need something like this when running inside a chroot and
> always have trouble finding the clean&easy way to do it
Here's one example that mk-sbuild uses:
(jessie-amd64)$ cat /usr/sbin/policy-rc.d
#!/bin/sh
while true; do
case "$1" in
On Tuesday 12 July 2016 21:48:32 Stefan Monnier wrote:
> > My solution to that is physical access to the computer, actually sitting
> > in front of it - login without a password.
>
> While I don't need a strong password in such a situation, I do want some
> password because I don't like it when oth
On Tuesday 12 July 2016 20:04:32 Don Armstrong wrote:
> Considering that I maintain multiple things
> which install daemons in Debian
And most of us are very grateful.
Lisi
> No, it does not. What you show is not an option, an option would be
> something in /etc. This is editing a script in /usr/sbin, in complete
> violation of any good practice with packages managers.
FWIW, I also find it disappointing that I can't do it in an etc file of
some sort. E.g. I often n
On Tuesday 12 July 2016 20:24:18 Brian wrote:
> (For those who think this is about password logins in general - it is
> not. It is about logging in as root).
Thank you, Brian. You come up trumps again. I said that I hadn't understood
the question. I did think it was about password logging in in
> My solution to that is physical access to the computer, actually sitting in
> front of it - login without a password.
While I don't need a strong password in such a situation, I do want some
password because I don't like it when other people use my account
(usually they don't like it either bec
On Tue, 12 Jul 2016, Nicolas George wrote:
> Le quintidi 25 messidor, an CCXXIV, Don Armstrong a écrit :
> > That option already exists. See policy-rc.d. For example:
> >
> > https://jpetazzo.github.io/2013/10/06/policy-rc-d-do-not-start-services-automatically/
>
> What you show is not an option,
On Tue 12 Jul 2016 at 19:54:41 +0100, Lisi Reisz wrote:
> On Tuesday 12 July 2016 19:16:37 Brian wrote:
> >
> > The question you say was presented (and hazily recollect) was presented
> > because you were upgrading from Wheezy to Jessie.
>
> No, that is neither what I said nor what I meant. I do
Le quintidi 25 messidor, an CCXXIV, Don Armstrong a écrit :
> This is incredibly rude.
I stand by it.
> This is the endless security vs utility debate.
Indeed.
The most secure system
> That option already exists. See policy-rc.d. For example:
>
> https://jpetazzo.github.io/2013/10/06/policy-r
On Tue 12 Jul 2016 at 18:53:29 +0200, mwnx wrote:
> > So, you're blaming a perfectly good (and reasonably secure) way of
> > remote access, but somehow assume that weak passwords are ok.
> > By that logic you should not stop there. Why not blame any remote access
> > mechanism that uses PAM for pa
On Tue, 12 Jul 2016, Nicolas George wrote:
> Le quintidi 25 messidor, an CCXXIV, Don Armstrong a écrit :
> > If a services default configuration is insecure, it should be fixed.
> > File a bug.
>
> If you think about it slightly more than two seconds,
This is incredibly rude. Considering that I m
On Tuesday 12 July 2016 19:16:37 Brian wrote:
> On Tue 12 Jul 2016 at 18:09:22 +0100, Lisi Reisz wrote:
> > This was sent to me separately privately as well. I might have answered
> > differently on the list, but I am not writing a second reply to the same
> > post, so here is a copy-and-paste of
Le quintidi 25 messidor, an CCXXIV, Don Armstrong a écrit :
> If a services default configuration is insecure, it should be fixed.
> File a bug.
If you think about it slightly more than two seconds, you will realize that
if the default configuration does ANYTHING, even something that is
completely
On Tue 12 Jul 2016 at 18:09:22 +0100, Lisi Reisz wrote:
> This was sent to me separately privately as well. I might have answered
> differently on the list, but I am not writing a second reply to the same
> post, so here is a copy-and-paste of my reply.
>
> On Tuesday 12 July 2016 17:45:58 mw
On Tuesday 12 July 2016 18:39:29 Erwan David wrote:
> Le 12/07/2016 à 19:34, Lisi Reisz a écrit :
> > My solution to that is physical access to the computer, actually sitting
> > in front of it - login without a password. ALL external access, even
> > from the neighbouring computer, use a strong p
Le 12/07/2016 à 19:34, Lisi Reisz a écrit :
>
> My solution to that is physical access to the computer, actually sitting in
> front of it - login without a password. ALL external access, even from the
> neighbouring computer, use a strong password in case someone breaks into your
> network from
On Tuesday 12 July 2016 18:14:04 Stefan Monnier wrote:
> > This is different from what you originally said. By all means discuss
> > this general problem with the developers - but please don't single ssh
> > out and mess it up for a good many of the rest of us.
>
> I think we're miscommunicating:
> This is different from what you originally said. By all means discuss this
> general problem with the developers - but please don't single ssh out and
> mess it up for a good many of the rest of us.
I think we're miscommunicating: I specifically don't want to single-out
SSH but instead I want t
On Tuesday 12 July 2016 17:53:29 mwnx wrote:
> > So, you're blaming a perfectly good (and reasonably secure) way of
> > remote access, but somehow assume that weak passwords are ok.
> > By that logic you should not stop there. Why not blame any remote access
> > mechanism that uses PAM for password
This was sent to me separately privately as well. I might have answered
differently on the list, but I am not writing a second reply to the same
post, so here is a copy-and-paste of my reply.
On Tuesday 12 July 2016 17:45:58 mwnx wrote:
> On Tue, Jul 12, 2016 at 02:18:58PM +0100, Lisi Reisz wr
On Tuesday 12 July 2016 17:26:08 Stefan Monnier wrote:
> I mean, yes, I can (and have) cobbled up some hackish way to plug the
> holes I was aware of, but I think it would be better to be able to
> specifically only allow weak password authentication for some specific
> services and then stop worry
> So, you're blaming a perfectly good (and reasonably secure) way of
> remote access, but somehow assume that weak passwords are ok.
> By that logic you should not stop there. Why not blame any remote access
> mechanism that uses PAM for password checking as well?
There are many kinds of systems o
On Tue, Jul 12, 2016 at 02:18:58PM +0100, Lisi Reisz wrote:
> I was asked last time I installed open-ssh*, at installation time, but did
> not understand the question so went with the default. If you do not allow
> password log-in, what DO you allow? For ssh to be useful, one has to use it.
> Not
>> The original use case was to provide an account to my daughter who
>> was not (yet) able to remember a strong password. She wasn't going
>> to use a console login either.
> So a corner - and hopefully transitory ;-) - case.
Originally, yes, but I learned in the mean time to appreciate the
poss
On Tue, Jul 12, 2016 at 03:40:05PM +0200, to...@tuxteam.de wrote:
> On Tue, Jul 12, 2016 at 04:24:41PM +0300, Reco wrote:
> > On Tue, Jul 12, 2016 at 02:55:29PM +0200, to...@tuxteam.de wrote:
>
> [...]
>
> > > While it makes sense to keep a more general solution in sight, sshd
> > > is in many re
Le quintidi 25 messidor, an CCXXIV, Brian a écrit :
> Not really. How to change Policy is adequately described on the Debian
> web site. How to submit a bug against openssh-server is also described.
So you were talking about changing the whole policy of the project, not an
option to apt? What an u
On Tuesday 12 July 2016 14:53:41 Stefan Monnier wrote:
> The original use case
> was to provide an account to my daughter who was not (yet) able to
> remember a strong password. She wasn't going to use a console
> login either.
So a corner - and hopefully transitory ;-) - case. Set your system t
On Tue, 12 Jul 2016, Nicolas George wrote:
> That means the service ran for some time with the wrong config. Pwned.
If a services default configuration is insecure, it should be fixed.
File a bug.
--
Don Armstrong https://www.donarmstrong.com
I learned really early the dif
1 - 100 of 240 matches
Mail list logo
