Fedora Security :: Ssh Authentication Slow From Remote?

Aug 17, 2010

My server is connected to the Internet for ssh on port 22 with root logon disabled, a single non-dictionary word user name allowed, and pki authentication only (about as secure as I can make it). I've previously run fc5 and 9 servers using the same sshd config since 2006 and had no security troubles, so I'm happy, but.. After the fc13 install and configuration, logins from a host on a remote network are taking about 1m 30s to complete! A (partial) console output for ssh -vv appears below. The lines marked with "**" were the lines after which significant pauses happen. This is fully repeatable.

Code:

debug1: Next authentication method: publickey
debug1: Offering public key:
debug2: we sent a publickey packet, wait for reply

[code]....

View 3 Replies


ADVERTISEMENT

Ubuntu Security :: Configure SSH Key-based Authentication And SSH Password Authentication In Same Machine For Different User?

Jan 10, 2010

I want to configure SSH key-based authentication and SSH password Authentication in same machine for different user .

View 1 Replies View Related

Security :: Make A Choice On What Authentication Protocol To Use For Authentication And Authorization?

Jan 17, 2011

I need to make a choice on what authentication protocol I want to use for Authentication and Authorization. I was looking at Radius and then literature suggested that Diameter was a better protocol. Keep in mind I need this on a hetrogeneous setup ( linux & windows together). Diameter seemed like a good fit until I discovered that the open source code no longer seems to be maintained ( C/C++).

I was also looking at Kerberos as an option though there is alot overhead with the server. SSL/TLS or EAP? I am looking for simple but secure and am new at the security protocols.

View 2 Replies View Related

Fedora :: Remote Access Very Slow After New VGA?

Oct 11, 2010

I got an old PC I am using as a game server (Counter Strike and Left 4 Dead), it's a dual core Athlon 5000+ with 2GB Ram, the motherboard is kinda old and has a SiS Chipset with terrible graphics causing the video to flicker at somewhat high resolutions (anything above 1280x1024 will cause problems).I decided to add a Geforce 8400GS just so I don't have to deal with that terrible onboard VGA, upon installing the card I noticed the VNC is unusable, awfully slow over a 1gbps lan. I have installed the kmod drivers and it hasn't changed anything

View 4 Replies View Related

Fedora Security :: Authentication For Editing A Wireless Connection?

Aug 19, 2009

while tampering with the settings for my wireless connection by right-clicking on the icon on the top menu i was originally asked for my password for authentication. i selected the option to remember the password for future sessions unintentionally.

how do i get it back to the original setting so that it asks for a password before allowing me into the editing screen? i tried preferences > system > authorisations > network-manager-settings, but it didnt work.

View 2 Replies View Related

Fedora Security :: Root Login Via Ssh 12 Password Authentication?

Jan 27, 2010

Can't seem to do it, wondering if anyone knows how? Normally there's something in sshd_config that can be switched to true or yes to allow root login but I can't see it in fedora 12.I can login via root at a terminal no problem, just not via ssh, I get access denied every time. Also, I need to login using password authentication.I've done: 227169 but that's just for GUI which I don't really need since I rarely ever log into the GUI.I have also searched through here and mostly only found info such as above, how to enable root login for GUI, or billions of posts about how logingin as root is bad but I cannotswer to my question.DISCLAIMER: Please do not reply to this thread if all you can contribute is the question of why I need root or to put some message telling me I can do everything using su, etc, etc. Please only contribute if you can answer my question. A: My machine and a valid quesiton. B: Spirit of Linux is open, not restrictive

View 3 Replies View Related

Fedora Security :: Authentication Method For Home And Office Networks?

Mar 9, 2010

The first is regarding my home network that I've setup. It mainly consists of two laptops, both running fedora. I find myself using rsync, ssh, scp, and the like quite often, but it is very annoying constantly needing to provide a password. This sounds like a job for RSA keys, but is it safe to do so on my laptop I take whenever I travel? If my laptop were to be stolen, my personal and private keys would be available to the thief. Is it instead better to use something like kerberos (which I'm not very familiar with, ie. I've used it at work but never took the time to learn how it works).

This isn't much of an issue with my home network since it is protected behind my router. However, I have the same issue with rsync, and ssh to my work PC. These are the RSA keys I'm worried about if my laptop were to be stolen.

View 3 Replies View Related

Fedora Security :: Dovecot User Authentication Failed With Selinux

Jun 24, 2010

I'm using FC8 and have installed a mailserver(postfix+dovecot),when I trying to enable the selinux mode to enforcing and i'm have some issue, the user authentication failed.if turn the selinux mode to permissive, then it work right.How can i to fix this problem?

View 14 Replies View Related

Fedora Security :: Connecting Machine To A Microsoft VPN Server Using RSA Authentication?

Jul 28, 2011

Has anyone got experience connecting a linux machine to a Microsoft VPN server using RSA authentication? What puzzles me perhaps most about this topic is the absolute dirth of information. If it is not possible, can anyone tell me why?

View 9 Replies View Related

Fedora Security :: Slow - No System Updates ?

Oct 4, 2010

My system went for three days w/o a software update... Is this normal(anyone experiencing this?)...?

It seems like to me.. Fedora 13 has a longer update interval than Fedora 12.. I remember back in Fedora 12 I get security updates like every other 12 hrs.. (I know as with security patches the less the "better"(in some way))..

But I am still concerned.. security updates has been slow for me.

View 3 Replies View Related

Fedora Security :: Disable Remote Root Login?

Apr 4, 2009

Remote root login is enabled. How do I disable this

View 14 Replies View Related

Fedora Security :: Disk Encryption With Remote Passphrase?

Jul 28, 2009

I have currently a file server that runs on Fedora 9, and all other PCs (mostly running Windows XP) access the file server via SAMBA. Everything works perfectly! However, lately a home invasion in my neighborhood got me thinking. If they take my file server, my data is not protected. So, I would like to implement the LUKS partition encryption (/home) which sits on a separate disk. However, I don't quite like the decryption process at boot time. In other words, I would like to wake up the file server (WOL) remotely, and when it's done booting, I would like to log-in using the other PCs and enter the passphrase remotely to decrypt /home. Is this possible using LUKS encryption (i.e., cryptsetup)? If not, what would be another alternative to what I am trying to do using a secure encryption (so that the data is safe from thieves)?

View 4 Replies View Related

Fedora Security :: Redirect Auditd Log To Remote Host?

Sep 17, 2009

way to redirect the audit daemon message to a remote host I checked the auditd.conf and it's man page and find that the log location is specified by the line log_file = file_path and in the man page

Quote:

"log_file: This keyword specifies the full path name to the log file where audit records will be stored. It must be a regular file."

does this mean that the auditd does not have the function to redirect the logs to a remote hosts.

View 4 Replies View Related

Fedora Security :: Cannot Use The Sealert Browser On Remote Machine?

Mar 5, 2010

I have a F11 box serving xdmcp. I log into them machine remotely with xming. As far as I can tell, all x clients work fine, EXCEPT for sealert. I get occasional selinux alerts, but I cannot use the sealert browser on my remote machine. When I try to run the browser, I get this: sealert -V -b

2010-03-05 11:27:49,841 [dbus.proxies.ERROR] Introspect error on :1.61:/org/fedoraproject/Setroubleshootd: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Message did not receive a reply (timeout by message bus) 2010-03-05 11:27:49,842 [dbus.proxies.DEBUG] Executing introspect queue due to error 2010-03-05 11:27:49,842 [dbus.ERROR] could not start dbus: org.freedesktop.DBus.Error.ServiceUnknown: The name :1.61 was not provided by any .service files

I see the bug at [URL].. but it does not mention the browser, nor does it say what the fix/workaround is..Im going to stab in the dark and start relabeling things, but anyone know what's really wrong?

View 2 Replies View Related

Security :: User Authentication Security Mechanisms

Feb 2, 2011

What security mechanisms are used by recent versions of the Linux operating system during user authentication?

View 3 Replies View Related

Fedora Security :: The DNS Server Discloses The Remote Host Name - Can This Be Turned Off

Jun 15, 2010

We recently had a vulnerability scan done on our network and one of the vulnerabilities was that the dns server discloses the remote host name when using hostname.bind.

Is there any way that we can stop this from happening? Our name server is a Fedora 11 machine.

View 2 Replies View Related

Ubuntu :: Corporate Network With Remote Authentication

May 20, 2010

Migrating whole Corporate Windows stations to Ubuntu which is a huge thing so I'd like to do it right and as painless as possible to users.

Here's how it's done now: Main server are already running Linux for years with DHCP, DNS, IMAP, Postgres and SAMBA.

Windows machines are part of Samba PDC and when user logs in, Windows connects to the user profile on Samba server. When user logs out and logs to another computer, he/she has the same files and settings. Basically, nothing is held on local stations.

All printers on the network are printers with network cards, so they are not attached to any computer. The right printer is set with cmd script when user logs in, which makes it possible to make other printer as default if one is faulty.

View 2 Replies View Related

SUSE :: Remote Authentication Suse10SP2 - Not Doing Locally

Nov 3, 2010

In my job we have 48 machines with Suse10 SP2 and they want all the machines to be able to authenticate to a unique server (something like a Radius Server or TACACS server), not doing the authentication locally. Do you have any idea on what to use and what needs to be change in the Suse Linux password auth for a remote server to be the auth server?

View 1 Replies View Related

CentOS 5 :: SSH & Vsftp Authentication From Remote LDAP?

Mar 10, 2011

I try to get authentication working from remote LDAP server (Novell eDirectory)So far I can get correct info from id user or using ldapsearch (so the connectivity is there)But what do I need to configure to get authentication working for SSH login & vsftp login?

View 4 Replies View Related

Server :: Slow Authentication In Ftp Login / Make It Fast?

Apr 13, 2010

When I'm trying to login to the ftp server with appropriate username and password its taking almost 10-15 seconds to authenticate making the login process slow, even when I'm uploading files its again hanging for 10-15 seconds before completing the job successfully.
Its not like its happening every time, but 7 times out of 10.
Any idea how can make the authentication fast?

View 5 Replies View Related

Programming :: Openvpn AUTH_FAILED And Remote Authentication Script?

May 22, 2011

Ive been trying to fix my openvpn remote authentication script. I managed to write a script for remote authentication using wordpress db as my base access details storage. However I cannot seem to get past AUTH-FAILED issue. Possible source of conflict might be my database query inside the script which returns nothing. Hope someone with enough knowledge of scripting and database querying can help me here.

here is my vpn_auth.sh:
Code: Code: #!/bin/bash
### Database Informations
DBUSER='dbuser'
DBPASS='dbpass'

[Code]...

View 1 Replies View Related

Software :: Apache 2.2 LDAP Authentication Makes Pages Load Slow

Apr 16, 2010

I've enabled LDAP authentication on my 2.2.15 Apache server, but now pages load very slowly. As in, 1.515s with it enabled, and 187.4ms without (just the base page, numbers collected via Firebug). Here's my LDAP config (other directives snipped) -

Code:
LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LDAPSharedCacheSize 500000
LDAPCacheEntries 2048
LDAPCacheTTL 3600
LDAPOpCacheEntries 2048
LDAPOpCacheTTL 3600 LDAPTrustedGlobalCert CA_DER ssl/ldapserver.der

<Directory "/example">
AuthType Basic
AuthBasicProvider ldap
AuthName "intranet credentials"
AuthLDAPURL "ldaps://ldap.example.com/ou=ldap,o=example.com?mail"
Require ldap-group cn=example,grp,ou=memberlist,ou=groups,o=example.com

How can I speed this up, or at least determine why it's so slow?

View 2 Replies View Related

Ubuntu Security :: Security Changed In Remote Desktop?

Jul 6, 2010

I always use VNC to check my server for updates, and this morning I started the xvnc4viewer to vnc into my server and it keep asking for a password. I never setup a password because I do this local from my laptop, and I am the only one who uses my laptop. I had to go to my server and check the setting in System > Preferences > Remote Desktop and found them all changed. There was a password setup and there was a check mark in the you must confirm each access to this machine there some security update that changed all these setting? Sometimes when I do updates I don't know what is being changed on my server

View 9 Replies View Related

Ubuntu Security :: Remote Desktop (VNC) And Security?

Mar 24, 2010

So I've read a bit and it seems that this is okay and secure. But I wanted to double check here with everyone, because I trust here more than just about anywhere. I've read about the hipporemote (which is pretty cool) and I have it working. Basically I want to make sure my system is still secure.

1. I had to open a port on my firewall for the VNC connection.

2. I turned on the Remote Desktop
2a. Checked Allow other users to view....
2b. Checked Allow other users to control....
2c. Checked You must confirm.....
2d. Checked for password, and put in a password
2e. Checked Configure network automatically to accept connectios

So with doing all of that, am I ok? I think so, especially since it says its only accessible on my local network. But I just wanted to hear from people who know more than I do that I don't need to worry any more than normal about others accessing my machine. I'm mainly thinking 2e, I don't fully understand what's going on there.

View 9 Replies View Related

Ubuntu :: Remote Desktop VNC Very Slow?

May 7, 2011

I have my desktop at home installed with Ubuntu 11.04. I set up remote desktop through the native remote desktop server program. I can connect to the server from my remote Ubuntu 10.10 laptop, and it works*. The problem is, it is painfully slow -> lags at least 5 seconds for every input.

View 9 Replies View Related

Ubuntu :: Remote Desktop Is Slow On System / Why Is So?

Jan 6, 2010

I have this network
desktop ultimate edition 2.4 (ubuntu 9.4)
laptop ubuntu 9.10
ethernet network
on ubuntu remote desktop is slow in general
on windows much faster !

is there anything special that I should do ?

View 5 Replies View Related

Security :: SSH User Authentication Using Certificate

Mar 19, 2010

I was trying to configure user authentication in SSH using certificate method.As u all know the usual way of authentication is using the ssh-keygen method. But i want the another method where we create a certificate key and send it to the CA, which signs it and send back etc etc.I cannot find any unique procedure in the net to configure this method.

View 3 Replies View Related

Security :: Too Many Squid Authentication Windows?

Oct 25, 2010

I have squid proxy authenticating Internet users with LDAP. It's working well. But I have problem when I authenticate to squid proxy to login to Yahoo Messenger. Each time, I login to YM application, the squid proxy popups many authentication windows. These confuse users when they you YM. I checked in squid access log and see that: when users use YM application, the application requests the following links:

[code]...

With each link, squid requires one authentication window. Do you have any ways to squid require only one authentication window when users use YM?

View 2 Replies View Related

Security :: Web Client Authentication Through PKI And CACs?

Jul 9, 2010

I'm working on a work project related to Web (Client) authentication and DOD Common Access Cards. But I'm having difficult getting the details about what happens on the CAC side of things.

I familiar with the PKI system as it applies to e-mail. (Correct me if I err, of course.) If you want to sign an e-mail (i.e., so it can be authenticated by the receiver) you use your private key to add a digital signature to the message. Then, the receiver uses your published public key to determine if the digital signature is valid, i.e., was created using your private key (even though the receiver never actually has access to your private key).

So... my questions:

1) When a person with a DOD CAC visits a CAC-enabled web site, and the server grants access after the CAC is inserted, is the authentication process fundamentally the same as what happened with the e-mail authentication?

2) If the private key is used in this process (it would have to be, correct?) is the signature created on the CA Card electronics (i.e., the private key remains on the CAC)? Or is the private key copied onto the computer, which uses it to create the signature?

View 1 Replies View Related

General :: XDMCP Slow - Looking For Alternative Remote Desktops

Mar 16, 2010

I've been used to using RDP on Windows to remote to machines, and I've got an asus eee 701 which I want to use to do some *nix programming on. While the eee is a lovely little machine the screen and keyboard are a little small to use for lots of programming. I've tried using Xming (the free version) to remote login into the eee from my desktop using XDMCP (or even using a ssh session as a straight X11 server and no desktop on the eee) the whole thing seems seriously slow over wifi the initial desktop takes at least 5 seconds to paint (might even be 10 seconds I haven't actually timed it). So my real question is what do other folks use for remote control with a GUI for their *nix boxes? I am finding it hard to believe the performance is so bad over a wifi network (It makes the Mac IIs I used to use a college in 1988 seem fast) or is this just a problem with Xming and using say the Cygwin X11 server would be better.

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved