Red Hat / Fedora :: Chroot And MySQL And FTP Access Is Tunnelled Through SSH Using OpenSSH
Jan 19, 2010
The server I am working with is running CentOS 5.x. MySQL and FTP access is tunnelled through SSH using OpenSSH. Users are chrooted to their home directory as follows:
User: tristan
Home: /web/tristan/
Now, up to this point everything works fine (FTP access) except for MySQL tunnelling. The application I use for MySQL administration is Navicat. It allows me to access the remote SQL server as though it's local using a SSH tunnel. The problem is that I am unable to create a connection to the SQL server through tunnelling unless chroot is removed for the user. Once chroot is removed, I am able to connect to the SQL server just fine via tunnelling. However, ow when using SFTP, the user's "home" directory is now the root of the drive (which is what we don't want).
I wish I could give you more information about the configuration. Another user set this server up and unfortunately I will not be able to access the machine until a few days from now so my information is limited.
View 3 Replies
ADVERTISEMENT
Jul 12, 2011
recently we decided to make our own panel (like Plesk or cPanel) but for Ubuntu and it will be licenced under GPL (like any other professional sofware).want to make a panel not only that fits our needs but also the needs of other system administrators and domain owners. We researched other panels and found out that non of them has security/look/ease of use in one package. Bad codig is another problem found in other panels.I made a short overwiev of what I think we have to have in the beginning.I Security :1. Completely chroot enviornoment where every single service is in chroot mode (bind,mysql, postfix, .... )2. Easily managed IPtables trough web-based interface. 3. Coding rules has to be strict.
II Software selection :
1. MTA - Postfix
2. POP - dovecot
[code]....
View 7 Replies
View Related
Nov 16, 2009
Had my chroot jail all set up and working nicely in OpenSUSE 11.1, upgraded to OpenSUSE 11.2 and had to set:
Subsystem sftp internal-sftp
(which was:
Subsystem sftp /usr/lib64/ssh/sftp-server)
and:
ForceCommand internal-sftp
[Code]...
Of which with-pam is mandatory. I used prefix to put the binaries in a place that would not conflict with the standard distribution, this meant I also needed to change /etc/init.d/sshd so that it referenced the newly compiled version of sshd, and copy /etc/ssh/sshd_config to /opt/etc/sshd_config.
View 9 Replies
View Related
Oct 18, 2010
I had configured MySQL Server (Distrib 5.1.41) on My Ubuntu 10.4 Lucid sever.I had installed mysql through apt-get install.Now every thing including replication is done and working fine.Now i had a requirement to run MySQL in chroot environment.Is it possible to change the the existing env to chroot or do i need to install and configure every thing from scratch..
View 1 Replies
View Related
Feb 10, 2011
Is there a way to enable a web interface to access openssh-server on my vps incase i'm on a network that does not permit outbound port tcp 22 or any other port of my choosing?
View 1 Replies
View Related
May 31, 2010
is there a way to enable a web interface to access openssh-server on my vps incase i'm on a network that does not permit outbound port tcp 22 or any other port of my choosing?
View 3 Replies
View Related
Aug 22, 2010
I have a chrooted account setup for my ssh server. However, I am trying to allow this user read only access to access on a mounted hard-drive and more specifically a specific folder from that mounted drive. I would also like to have this drive be mounted for me in my normal environment with write access.
View 2 Replies
View Related
Jan 14, 2011
i was trying to allow remote access to mysql by following mysql was running perfectly until i got here :
Code:
/sbin/iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --destination-port 3306 -j ACCEPT
i changed my.cnf bind-address line to : "bind-address = 127.0.0.1" and nothing
[code]....
View 4 Replies
View Related
May 13, 2011
I have install mysql on my fedora12. My different mysql server is located in us. I want to check health status and hits per seconds everything. Is it possible with mysql-administrator command.
now a these days i am connect through ssh and excuting below command
#mytop mysql -u root -p <passwd>
In my mysql db i have added the userip & passwd (allowed the privileages for that ip)
If i use mysql-administrator i am getting below error
MySQL Error Nr. 2003
Can't connect to MySQL server on '66.98.152.64' (111)
View 6 Replies
View Related
Aug 12, 2010
Basically they all cover running a 32bit app running on 64bit host and so on.I want to have an isolated system in total chroot (running lighttpd, mysql, ssh, etc from there).(For security reasons I have to isolate the dev from the live one.) So I installed the chroot environment, mounted all the neccessary things and chrooted in. Everything went fine. Edited /etc/ssh/sshd_config to use port 22222 instead of 22. Used service ssh start then. It says service running but if I try this: ssh -p 22222 localhost I get "Connection refused". The chrooted is system is very minimal so far so there is no firewall, hosts.allow/deny or anything.
ps.: The chroot environment will be a development area as I already mentioned. I thought chroot is the easiest way but if you say KVM is better or something I can go for it. The machine is easily capable of running even 10 VMs easily.
View 1 Replies
View Related
Apr 2, 2010
I have one requirement i.e I want to call the java file from the php function using shell_exec command , i am using the chroot jail concept , if i using this command i am getting the empty file because java environment is outside the chroot jail,so how to access the the files those are out side the chroot jail.
View 3 Replies
View Related
Aug 1, 2011
ccess to an iso file in chroot environment from my usual root (/) env..
Within the chroot environment I have an iso file placed... In my program I need to access this iso file and perform mount and other operations.. But I cant do this in the chroot environment as I have only basic commands here (ls,cp etc.. and no mount)
So how can I access this iso file from my program ? Is there something like a file-descriptor which I can associate with the file exit from the chroot env and access the file via this fd ?
View 6 Replies
View Related
Feb 16, 2011
My Linux server which is running my company website have been hacked. Today I saw a number of clients (customers) with some fun characters entries on my database. Access denial on really clients.
View 2 Replies
View Related
Sep 28, 2009
I was trying to install MySQLbd (a module for python to connect and access MySQL) I followed these steps for installation[URL].. but while I am getting some installation errors. When I try to run $ python set.py build I am getting the following errors (I removed few errors as I can post more than 10000 characters here)
[Code]...
View 3 Replies
View Related
Sep 14, 2010
My home computer has 11.3 and SuSEfirewall enabled. It connects to the net over the wireless and SuSEfirewall has this connection in the external zone.
I can successfully ssh into this computer from remote (the work computer) but none of the ssh port-forwarded connections work. I'm trying to tunnel VNC over ssh. I also tried setting http on the home computer to serve pages on a high-numbered port (8090) and tunnelling that but it also didn't work - proving that it's not a VNC problem.
Here are the relevant messages from the firewall logs on the home machine:
Code:
I don't understand why this isn't working now, I had the same setup on 11.2 and it worked fine.
The 95.91.92.92 is the public IP address of my home router, I don't understand why a connection would appear to be coming from there when I use ssh-tunnelling?
View 5 Replies
View Related
Feb 6, 2011
I've opened an SSH Tunnel/SOCKS proxy on my Ubuntu server, which I've tested is working exactly as I had intended. However I'd like to access it from my Windows PC which is on the same home network.
Edit : I should say that I got it working on the server only by
Code:
ssh -D 55555 user@host
However if I tried it with a port, e.g.
Code:
ssh -D 192.168.1.101:55555 user@host
then it doesn't work, not even on the server itself. 192.168.1.101 is the static assigned DNS of my server on the home network.
View 1 Replies
View Related
Nov 16, 2010
I am looking for openssh 5.1 and 4.3 source rpms. Where can i download them ?
View 3 Replies
View Related
Jan 19, 2010
what is chroot jail?
View 1 Replies
View Related
Nov 11, 2010
How to configure openssh, /etc/sshd_config on a new installation of Fedora Core 14? [since tt does not work right out of the box, I cannot ssh into it]
View 2 Replies
View Related
Apr 19, 2009
I am trying to install openssh server with public key authentication on CentOS.
But i am getting following error message: Disconnected: No supported authentication method available Server refused keys
My sshd_conf file is as follows:
View 1 Replies
View Related
Feb 19, 2010
Mysql starting problem after changing mysqladmin password.I tried all the solutions available on forums, but not solve the problem.At last I restored the mysql db backup, this make mysql service start, but till other databases not showing all tables.
View 1 Replies
View Related
Feb 22, 2011
I've been attempting to set up a LAMP for local web development, which meant installing mysql-server. But now have a problem when trying to run mysql, I get:-
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
When trying to downgrade mysql-server I saw that there are dependency problems between the various modules (but can't recall which). But whichever route I truied the results are always the same.
Thought about trying XAMPP but I note that even has it's problems, is there any way I can get a lamp set up on FC14, or must I give it up as a bad job.
Howver, just been trying to again to fix the problems with downgrading mysql and get:-
Error: Package: mysql-server-5.1.55-1.fc14.i686 (@updates)
Requires: mysql(x86-32) = 5.1.55-1.fc14
Removing: mysql-5.1.55-1.fc14.i686 (@updates)
mysql(x86-32) = 5.1.55-1.fc14
View 7 Replies
View Related
Apr 2, 2009
I have the latest LAMP running on F10 but need to do a database conversion from mysql 4.1.22 to mysql 5 for a client.
View 4 Replies
View Related
Jan 16, 2011
I have mysql downloaded and when I type mysql into the command line I get this:
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (111)
View 6 Replies
View Related
Jul 26, 2010
i have installing the server XAMPP on my PC but i can't access to Mysql
[root@localhost lampp]# mysql -u root -p
bash: mysql: command not found
View 5 Replies
View Related
May 21, 2010
I have an SFTP server using OpenSSH on a server running Fedora 12. I want to chroot my sftponly users into their home directory but I want to let them have write access to their upload/ folder. Right now users can log in and view & download items, but for some reason I can't get write access to work. Here's some info:
username: testuser
group: sftponly
from /etc/passwd:
testuser:x:501:501::/home/testuser/:/bin/false
[code]...
View 1 Replies
View Related
Apr 12, 2011
I see this questioned asked a lot and figured this tutorialThis tutorial explains how to create an SFTP server which confines (or chroot) users to their own home directory and deny them shell access.
View 1 Replies
View Related
Jun 5, 2010
I've just installed mysql-server (apt-get install mysql-server) in my debian vps, it ask for password of which i had provided. However after the install finishes, i run the command "mysql -u root -p", i entered my password but says "ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES".
View 3 Replies
View Related
Apr 21, 2010
Since I installed SUSE 11.2 I have been unable to access MySQL via any browser although I can via MySQL Administrator. Firefox keeps asking if I want to open index.php with KWrite, it also occasionally asks this when I am on other sites. Konqueror gives an immediate timeout error.
View 2 Replies
View Related
Feb 18, 2011
What's the best way in centos to block a user from accessing mysql. I don't want him to be able to run the mysql command, so just putting passwords up in mysql is not good enough. Mysql is running ad user=mysql, and i added the user in a different group by he is able to access mysql by typing in the command.
How can i block this command being availible for this user.
View 5 Replies
View Related
