Security :: Disable StrictHostKeyChecking For A DHCP And DNS-using Subnet
Dec 28, 2010
I have a VMware farm where:
- DHCP is in use to give machines IPs
- Machines go up and down all the time
- All IPs are on a certain subnet
- VMs update DNS (we don't go by IP)
- SSH is in use
I would like to disable StrictHostKeyChecking only for this subnet, because IPs change all the time and editing known_hosts usually only works for a few days before the IP changes again, and once I get enough entries, there are tons of conflicts.
I tried the following in ~/.ssh/config:
Code:
Host 10.0.217.*
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
[Code]....
View 10 Replies
ADVERTISEMENT
Jun 21, 2010
I have a network with multiple subnets from 10.12.056.0 to 10.12.060.0 using net-mask 255.255.248.0 and one gateway 10.12.056.1. I want to setup a dhcp server and wonder how should I config it? All the hosts in the network using the same net-mask and gateway.
View 4 Replies
View Related
Jul 16, 2010
I am trying to configure dhcpd to provide two different pools of IPs- one for dynamically named hosts specific to MAC addresses, and another for everyone else.So, a machine with X MAC address connects, gets an IP from e pool, and the server updates DNS with the address under a specific hostname.For the other pool, it just assigns the IP, no DNS updates.The "class" function doesn't appear to allow anything but pattern matching, and I can't find anything that specifies what "allow" and "deny" options therere for the pool command.Here's my config so far - will this do what I want?
Code:
key dhcpd {
algorithm hmac-md5;
[code]...
View 2 Replies
View Related
Oct 24, 2010
I've got a bit of a question. My network is laid out like this:
The role assignments are thus:
Firewall - sorts out the passing through to the 3 different networks, and acts as the traffic proxy.
Windows 2003 server - Does Active Directory and DNS
CentOS server - FTP and DHCP
Now, my problem is I need the CentOS server to be able to assign IP address to both networks, however, the CentOS server can *ONLY* be connected via the one interface to the firewall. It needs to assign the Windows 2003 server and the eth0 of the firewall an IP address via static DHCP, but it also needs to able to assign the clients dynamically via any address in the 10.23.1.0/24 range. I was thinking that I would be able to create static only assignments for the servers via their MAC addresses, and only have 1 dynamically assignable entry for the clients, and then get the firewall to allow ports 67 and 68 to flow freely between eth0 and eth1, but I wasn't entirely sure of the best way to do all this.
View 1 Replies
View Related
Apr 1, 2011
I had a server that I use for Radius DNS and Trying to put DHCP on it I have My pool in it seems right. I have 2 adresses aliased one being a helper IP that the router will send the request to. When I try to start the dhcp server I get the following.
Mar 31 14:33:11 rad2 dhcpd: No subnet declaration for eth0 (76.164.173.2).
Mar 31 14:33:11 rad2 dhcpd: ** Ignoring requests on eth0. If this is not what
Mar 31 14:33:11 rad2 dhcpd: you want, please write a subnet declaration
Mar 31 14:33:11 rad2 dhcpd: in your dhcpd.conf file for the network segment
Mar 31 14:33:11 rad2 dhcpd: to which interface eth0 is attached. **
[Code]...
View 1 Replies
View Related
Apr 4, 2010
I'm establishing a server that runs DHCP server, NAT gateway and VPN server. It have two physical interfaces, one for intranet and one for internet. The NAT gateway will give internet access for intranet. Another site will connect to this server by VPN. I need the server to assign a different subnet for that site other than the local site. Do anyone know how to config the DHCP server? Should I config the client classing, and how to do it?
View 3 Replies
View Related
Aug 4, 2010
Let's say I have a few hosts on the same subnet, and they are all connected to a central Linux box running a filtering bridge. If I tightly control the communications between the hosts using the filtering bridge, is this just as good as seperating hosts into different subnets (e.g. DMZ and Internal) ?
View 6 Replies
View Related
Feb 23, 2010
If I allow, my server's IP is:
11.11.11.11
If I allow 11.11.11.11, and block 22.22.22.22
22.22.22.22 can't access the server
But if I allow 11.11.11.0/24, and block 22.22.22.22
22.22.22.22 can still access the server!!
Does anyone know why that is?
View 4 Replies
View Related
Jul 22, 2011
I have TWO L3 + router switch (say switch1 and switch2). I created VLAN100 with VLAN ID 100 in both the switches. I created router 192.168.1.1/24 in Switch1. I created router 192.168.2.1/24 in Switch2. Switch1 is connected with 1.x/24 PCs. PCs are configured with 1.1 gateway. Switch2 is connected with 2.x/24 PCs. PCs are configured with 2.1 gateway. Both Switch1 and switch2 are connected by a trunk to carry VLAN100 data.
1)I have few PCs of 1.x connected to say Switch1 Is it possible for PC with IP 192.168.1.100(x) to ping PC with IP 192.168.2.100(y)?What are the configuration required in both switches to make them communicate ? All the device in both the subnets should ping/communicate with each other.
2)Move PC (192.168.1.100) to switch2. Move PC (192.168.2.100)to switch1.What will happen when PC(1.100) ping (2.100) and vice versa?What will happen when PC(say 1.80 in switch1) pings PC (say 1.100 in switch2) and vice versa? What will happen when PC(say 1.80 in switch1) pings PC (say 2.100 in switch1) and vice versa?
View 2 Replies
View Related
Aug 27, 2009
I was having a discussion with someone who said that telnet, FTP, HTTP plain-text authentication in the local subnet is ok because it's a switched network. Also, that these protocols are not good over the net but in a local subnet they are just fine.
I know that someone can plug a hub in the network port and connect 2 (or more) PCs and see the packets. Also, heard about ettercap but haven't really delved into it. I know dsniff was written to prove the point that unencrypted protocols are bad. Would like to get opinion about unencrypted protocols over a switched networks.
View 1 Replies
View Related
Jul 4, 2011
I installed Redhat Enterprise linux server5. it has two LAN card and two subnet connected to these two LAN card. i can browse network from these two network easily. But i created VLAN on one network card.Now i cant browse network from these VLAN subnet.
View 3 Replies
View Related
Jul 2, 2010
From the GUI, there is an option in the network settings "Automatically obtain DNS information from provider", just wondering how do we set or disable the same option through the command line, which files do we have to modify?
View 2 Replies
View Related
Jan 28, 2010
i want to disable all DHCP request, can i turn off the client that if a MAC address changes a dhcp request is not automatically made?reason for this: I have HP blade running with an Intel NC260M mezzanine card running with virtual connect. I have experienced problems with firmware levels with this card where the virtual connect mac address is ignored and the real MAC displayed. As we are using bonds on the servers and have 6 NICs installed we have to tie down the MAC address to a bond. A blade was replaced today without the firmware update and the real MAC appeared, a dhcp request was made and my-eth[2-3] and resolv.conf files were over-written by the dhcp supplied
View 3 Replies
View Related
Apr 20, 2010
During installation I set eth0 to use dhcp to get an IP address. I then installed gnome and networkmanger which handles my interfaces and works fine. But during bootup the system pauses for 5 seconds or so while it polls for dhcp. It then times out and gives me a 169.254.xx which is then replaced when networkmanager starts up at the end of bootup.
How do I stop the polling to cut out the 5 seconds?
View 14 Replies
View Related
Jul 13, 2010
I am learning SELinux from LinuxCBT and I'm stuck at one place. Now video is on RHEL 4 (so tell me if things has changed since, cause I can't find anything related) shows how to disable SELinux security on httpd.first I don't know diff between initrc_t and uncofined_t; and second I don't know if something is wrong is everything is all right.
View 1 Replies
View Related
Apr 11, 2011
I am looking for an answer about how to allow just one trusted DHCP server and block others ?I am using Centos 5.5, iptables and dhclient.I have read that it is impossible to block DHCP Replay using iptables: URL...So how can I do that ? Maybe another dhcp client?
View 4 Replies
View Related
Feb 15, 2011
I want to have a firewall that is connected to my modem and router and have it function as just a firewall no dhcp no routing is that possible?
View 3 Replies
View Related
Jan 15, 2010
I've a DHCP server in RHEL 5 and 100+ users in my network. I mapped 30 users MAC address with ip. Rest are getting ip address automatically. In my network, users tend to move from one department to another frequently. I've created scopes according to departments. (i.e. Dept A - 172.19.54.10-172.19.54.30 and so on for other departments).
1) I want to configure DHCP server in this way, that a client have to autheticated by DHCP server before receive and IP address.
2) Second, Whether DHCP server have free IPs in scope, but only clients can obtain IPs those MACs are mapped, rest should not without authentication or authorization.
View 2 Replies
View Related
Feb 28, 2011
I'm trying to tighten up my network a bit. I've given my dhcp server a list of static mac addresses and ip's for computers i know, and a very short range of dhcp addresses that are redirected to kittenwar.My dilemma is that if someone has my wireless network password, or an ethernet cable, they could set the ip address manually and gain access.how can i deny them this pleasure?im running dhcpd3, and iptables on a debian/lenny intel 2.4 box. dd-wrt is running in a linksys wrt54g and is handling the wireless security
View 7 Replies
View Related
Jan 21, 2010
A DHCP server in RHEL 5 and 100+ users in my network. I mapped 30 users MAC address with ip. Rest are getting ip address automatically. In my network, users tend to move from one department to another frequently. I've created scopes according to departments. (i.e. Dept A - 172.19.54.10-172.19.54.30 and so on for other departments).1) I want to configure DHCP server in this way, that a client have to autheticated by DHCP server before receive and IP address.2) Second, Whether DHCP server have free IPs in scope, but only clients can obtain IPs those MACs are mapped, rest should not without authentication or authorization
View 2 Replies
View Related
Feb 11, 2011
Is there a way to modify the ssh_config and sshd_config files so that a user can scp but will not be allowed to ssh. I have done a search and found a tool name scponly but I really do not want to install anything. Most of the books I have only discuss how to use ssh.
View 3 Replies
View Related
Mar 9, 2010
I need disable usb port access in ubuntu9.10. how to disable usb port in ubuntu9.10
View 9 Replies
View Related
Jun 15, 2010
I currently have a user on my Ubuntu server that I want to block completely from login. I know right now they login with SSH keys so they don't need to enter their SSH password. Can anyone tell me how to remove the SSH key login for their username and root user which I believe they use too and block SSH access alltogether.I will then just change the root SSH password.I'm terrified they will do some harm so I need them blocked out ASAP.
View 7 Replies
View Related
Aug 9, 2010
Anyone know how to disable IPv6 but still use IPv4?
View 6 Replies
View Related
Sep 3, 2010
I've made an SSH server using OpenSSH on my desktop Ubuntu (10.4) for tunneling. However, I'm noticing that the public account I made for my SSH (one to give to friends to use proxy) has SFTP access to crucial system files. I'm okay with SFTP being enabled on my account, but not on this public account. Does anyone know of anyway to either disable SFTP to that user, or restrict access to important files?
View 4 Replies
View Related
Jun 19, 2011
Set up a few machines yesterday to test out some parallel code. Just for fun, I selected the "encrypt users files" option when setting up Ubuntu (10.10). I had never used the option in years past. Now I'm finding it a pain. EG., ssh requires me to already have a login to the machine before it will let me log in w/o a password (eg., using id_rsa.pub and authorized_keys).
Similarly, I have no reason to encrypt files on these machines. They're just crunching numbers. Is there an easy way to disable this? Or do I need to delete my original user and make another one (with all the su privelages, etc...) w/o an encrypted file system / home directory.
View 1 Replies
View Related
Dec 15, 2010
I use Ubuntu on my netbook, which I uses for browsing and email. It's way faster than the Windows which came on the machine. That's a nice feature, as is the price.
I like it except for the constant, perpetual, ever-present, super-annoying need to be entering passwords and "becoming root user" and so on. I am the only one using this appliance. I don't even care if someone steals it, really. There must be some way (I hope) of disabling this idea that I am a CIA agent with TopSecret materials.
I just want a simple, easy to use appliance. If not Ubuntu, is there any distro that is aimed at normal people?
View 14 Replies
View Related
Apr 7, 2010
I just want to disable rm command for an user..Root only need to use that
View 14 Replies
View Related
May 4, 2010
I'm concerning about my web server, I use nikto to see where should I improve my configurations, then I just know my web server is enable directory indexing. I have searched and found that I should just put
Code:
Options -Indexes to disable directory indexing. I have already restart apache but directory indexing still enable here is my httpd.conf Where did I wrong ?
Code:
ServerTokens OS
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
[code]....
View 6 Replies
View Related
Mar 5, 2011
I am using Fedora. I want to disable Linux iptables permanently. Normally when I reboot my pc the iptable service is on. how can I disable even I turn reboot the pc.
View 6 Replies
View Related
