We are on our first Linux platform and I am trying to coordinate a distributed application backup across multiple machines. I am trying to write a script in which I would have used RSH to execute scripts on the other servers. We are no longer allowed to use rsh, and someone suggested ssh. I am using that instead of telnet, but I am not sure of the syntax"rsh server [-n] path/executable" is what I would have used, just not sure of the syntax for ssh
i need to take the backup some folders encryption formate with password i used gpg encription in the script but it is not taking the password it throos errorthe syntax is#!/bin/bashtar -cvzf test.tar.gz target ; echo "test" | gpg -c test.tar.gz --stdin
and I want it to execute via ssh on a remote machine through a script. Therefor I need to escape it properly. Because of the massive use of regular expressions and commandline options, this is not an easy task. Is there any (online) utility that will escape that for bash use? I suppose pasting the code in vi and doing some search and replaces should do the trick. But for that I would need a list of characters to escape...
Up until now I've been using plink to remotely compile a project I'm working on. But recently the administrator from the remote server updated the distribution and messed up some configurations. My project has a lot of scripts written for tc shell (tcsh), and now the default shell is bash. There is no way to change this. Another problem is that now I need to run newgrp to change my default user group.
So... to work around this problem I've changed my .bashrc to run newgrp and then tcsh. If I do a normal connection using SSH, everything works as expected, but when using plink, or SSH to remotely execute commands, the shell gets stuck on the newgrp command. I think it's because both applications need a return value from newgrp to send the command I need to execute. Remotely running scripts that call a shell also get stuck like newgrp (newgrp also opens a new shell and that's why it gets stuck) my .bashrc is as follows:
Code:
user_grp=`id -g` if [ $user_grp != 4919 ]; then newgrp new_group_id else
I always use VNC to check my server for updates, and this morning I started the xvnc4viewer to vnc into my server and it keep asking for a password. I never setup a password because I do this local from my laptop, and I am the only one who uses my laptop. I had to go to my server and check the setting in System > Preferences > Remote Desktop and found them all changed. There was a password setup and there was a check mark in the you must confirm each access to this machine there some security update that changed all these setting? Sometimes when I do updates I don't know what is being changed on my server
So I've read a bit and it seems that this is okay and secure. But I wanted to double check here with everyone, because I trust here more than just about anywhere. I've read about the hipporemote (which is pretty cool) and I have it working. Basically I want to make sure my system is still secure.
1. I had to open a port on my firewall for the VNC connection.
2. I turned on the Remote Desktop 2a. Checked Allow other users to view.... 2b. Checked Allow other users to control.... 2c. Checked You must confirm..... 2d. Checked for password, and put in a password 2e. Checked Configure network automatically to accept connectios
So with doing all of that, am I ok? I think so, especially since it says its only accessible on my local network. But I just wanted to hear from people who know more than I do that I don't need to worry any more than normal about others accessing my machine. I'm mainly thinking 2e, I don't fully understand what's going on there.
My server is connected to the Internet for ssh on port 22 with root logon disabled, a single non-dictionary word user name allowed, and pki authentication only (about as secure as I can make it). I've previously run fc5 and 9 servers using the same sshd config since 2006 and had no security troubles, so I'm happy, but.. After the fc13 install and configuration, logins from a host on a remote network are taking about 1m 30s to complete! A (partial) console output for ssh -vv appears below. The lines marked with "**" were the lines after which significant pauses happen. This is fully repeatable.
Code:
debug1: Next authentication method: publickey debug1: Offering public key: debug2: we sent a publickey packet, wait for reply
how i can remote access my pc at home from work ? on different pc that has access to INTERNET. what software shall I install on my pc at home ? I want to be able to install software on my pc at home from my work place, my home pc has unbuntu Linux ubuntu 2.6.31-17-generic #54-Ubuntu SMP Thu Dec 10 17:01:44 UTC 2009 x86_64 GNU/Linux
Today I noticed my Desktop was being controlled remotely from over the Internet even though I had it set for 'local network only'. Foolishly I relied on this setting and hadn't specified a password or other security. The remote user had opened my Firefox passwords page and was perusing this when I pulled the plug.
All external checks confirmed that my router/firewall is actively blocking correctly. How could this happen? How can I prevent this in the future? I had recently install the Firefox extension for Weave Sync and wonder if that had anything to do with it?
I'm trying to SSH into my home computer from a remote location outside of my house's LAN and can't figure out remote port fowarding.
The guide here says to use the following:
Code:
I've tried connecting to my home computer through many combinations of the syntax listed above, read the man file, and looked online for help. But can't find out the proper syntax or a good guide that isn't written for Windows users using Putty.
Let's assume for the sake of simplicity that the public IP address of my home SSH server is 123.123.123.123, the private IP address of my home SSH server is 192.168.1.100, my home SSH port is 2222, and the SSH port at my current location is is 22. How would I write out the command?
Every time I try to connect I get a "connection times out" error.
I just had a window pop up on my desktop saying my pc was being remotely controlled. Ubuntu 10.10The pc shutdown by itself, and I disconnected it from the net.I rebooted and uninstalled the remote desktop app.
When I access a remote Natty client using VNC I cannot use the sudo command in a terminal. In fact, the terminal closes itself as soon as I type the sequence sud. Even su d. Or su d.
Sua, su a, su c, su e do not cause the terminal to close itself.
This appears to be some sort of new security "feature".
How do I "work around" it?
[edit] I'd better elaborate.
I have a remote Natty running 11.04 64-bit desktop version. I have installed tightvncserver on it. I log in on 5901 from a Ubuntu 10.04 64-bit desktop using vinagre. The desktop works fine except when I open a terminal in it and type sud. As soon as I type the d the terminal vanishes. This appears to be a deliberate feature. I also log in to other clients that run 10.04 and this does not happen. I have run Mint 11 in VirtualBox on my local machine and created the same remote desktop and viewed it from mint 11 itself. Same thing happens.
It seems to me that 11.04 has been modified to kill a terminal that is part of a VNC display when sud are typed.
I'm trying to secure the CentOS servers on our company network as the current situation is, shall we say, less-than-ideal: remote root logins with the same password across several servers (behind a firewall, on non-standard ports, but still) and several key processes running as root. My proposal to amend this consists of the following:
- setup a bare as possible SSH-gateway with only the normal user accounts to handle remote access - disable the root login from anywhere else but LOCAL and create special accounts with root permissions for our ~4 system administrators, like admin.foo admin.bar that can only login from inside the company network, using SSH-keys.
So far my biggest obstacle seems to be creating the administrative users, how do I go about and do that? When I simply create a user adminfoo with uid=0 it will show on my shell as root, which makes it useless as a way to make our admins accountable for their actions. BTW, my initial proposal to use sudo unfortunately met with strong resistance, because it compromises usability.
I've added my public key to the remote machine's authorized_keys file, and I can ssh over without password. But when I try to mount the remote share using sshfs it -always- asks for my user's password. I have set sshd_config|PasswordAuthentication no ... and when I mount the share as root it says, "read: Connection reset by peer". My mount is being done as user, so it shouldn't be a root authentication problem: sshfs#bill@droog://media/droogfuseuser,noauto,gid=6,umask=007,cache=no,ServerAliveInterval=15,reconnect,allow_other,comment=sshfs 0 0 I can't mount as user because /dev/fuse is not suid, and I'd rather not set it such.
I setup a remote web server yesterday evening, which had Centos 5.3 on it. This went well, and I did this mostly over vnc, to get a GUI. However, I hadn't realised that there was a pending cron job to 'yum upgrade'. So, come 2am, 5.3 turned into 5.6. I carried on the install today, but after some time (I'm not sure exactly how or when), I lost the ability to run any GUI system config tools that required root login. I also lost the ability to run anything graphical - emacs, for example, when I was already root in an xterm.
/var/log/secure isn't telling me anything. It claims that it's running the config tool on my behalf, but nothing happens. If I try to run emacs, I get a message saying that the X server isn't responding. Could this be related to the upgrade? It feels like a PolicyKit problem - I've seen something similar on 6.0 for remote access over vnc - but 5.6 isn't running PolicyKIt.
I have currently a file server that runs on Fedora 9, and all other PCs (mostly running Windows XP) access the file server via SAMBA. Everything works perfectly! However, lately a home invasion in my neighborhood got me thinking. If they take my file server, my data is not protected. So, I would like to implement the LUKS partition encryption (/home) which sits on a separate disk. However, I don't quite like the decryption process at boot time. In other words, I would like to wake up the file server (WOL) remotely, and when it's done booting, I would like to log-in using the other PCs and enter the passphrase remotely to decrypt /home. Is this possible using LUKS encryption (i.e., cryptsetup)? If not, what would be another alternative to what I am trying to do using a secure encryption (so that the data is safe from thieves)?
way to redirect the audit daemon message to a remote host I checked the auditd.conf and it's man page and find that the log location is specified by the line log_file = file_path and in the man page
Quote:
"log_file: This keyword specifies the full path name to the log file where audit records will be stored. It must be a regular file."
does this mean that the auditd does not have the function to redirect the logs to a remote hosts.
I have a F11 box serving xdmcp. I log into them machine remotely with xming. As far as I can tell, all x clients work fine, EXCEPT for sealert. I get occasional selinux alerts, but I cannot use the sealert browser on my remote machine. When I try to run the browser, I get this: sealert -V -b
2010-03-05 11:27:49,841 [dbus.proxies.ERROR] Introspect error on :1.61:/org/fedoraproject/Setroubleshootd: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Message did not receive a reply (timeout by message bus) 2010-03-05 11:27:49,842 [dbus.proxies.DEBUG] Executing introspect queue due to error 2010-03-05 11:27:49,842 [dbus.ERROR] could not start dbus: org.freedesktop.DBus.Error.ServiceUnknown: The name :1.61 was not provided by any .service files
I see the bug at [URL].. but it does not mention the browser, nor does it say what the fix/workaround is..Im going to stab in the dark and start relabeling things, but anyone know what's really wrong?
Let's say I have a Linux workstation at work, behind a firewall. So even though I may have a remote access server set up on it (such as the most excellent NoMachine NX Server), I can't access it from home.
My home network happens to have a Linux server. Is it possible to ssh from work to the home Linux machine and set up a tunnel so that once I'm at home, I can run the NX client, point it to my home Linux box on some port like 9000, and have that forward through the tunnel to port 22 on my work Linux box? How would I set this up?
I am trying to access files on a laptop (running Windows 7) from an Ubuntu desktop running 9.10. I can view the Windows 7 files just fine. Listing their permissions from an Ubuntu terminal shows them to be read/write by everyone. But, I am unable to update any of the files from Ubuntu.
I mount the files using the command: mount -t cifs //richard-pc/C -o username=***,password=***,dir_mode=0777,fi le_mod=0777 /mnt/windows7c
The permissions on the Windows 7 files on the laptop are set to Full Control by Everyone.
I am attempting to set up a VNC with ssh tunneling for remote desktop between my laptop (opensuse 11.2) and my desktop (kubuntu karmic) and using the instructions here: [URL] and here: [URL] but I am having trouble getting remote desktop to work once I establish the ssh tunnel
I start out with Code: ssh <user@remotepc> -p <non22port> -L 5900:localhost:5900 That seems to wok and connect properly
The problem comes when I try to use a remote desktop client on the laptop to initiate the VPN desktop sharing and point it to Code: localhost:5900
Thats when I get a notification on the host saying: Code: Refused uninvited connection attempt from 127.0.0.1
And on the laptop I get: Code: VNC server closed connection
I have tried messing with the few settings in Krfb, but none seem to have any impact. How do I open localhost:5900 and allow VPN tunneling to the host machine?
We have approximately 100 retail locations that will have split vpn tunneling. Intranet traffic will flow over the vpn to the corporate headquarters, voip traffic will tunnel to a regional hub and internet bound traffic will go over the local isp. The retail locations are small with 1-8 users and no enterprise grade equipment (servers, etc). This setup in effect will render our current content filtering solution useless.
The locations will be equipped with Cisco ASA 5505 Firewalls. The original plan was to use a Websense server and the url filtering feature to act as a content filter. I just found out that pricing for Websense was not included in the budget will be a show stopper.There may also be some performance issues with this method. Putting a proxy server at each location is not really an option. We do not have the resources to place a server at each location, plus the users could simply unplug an inline device or go around it. There is minimal supervision at most of these locations.
Ideally, I would like to find a way to use something like Dansguardian with an ldap interface and the url filtering feature of the ASA firewalls. I found a program called n2h2p, but I can find 0 documentation for it. It is also 2 years old with no updates. I also need to be able totrally manage this as trying to keep up with 100 different configurations for 400 users would be virtually impossible for the amount of time I will have available
Is it possible to remotely access, inject, manipulate files and/or folders in the Windows NTFS partition when logged into Ubuntu?
I'm either logged into Windows or Ubuntu but NOT both -- ever. Therefore, while logged into Ubuntu, would it be possible for someone to crack into Windows via Ubuntu using Wi-Fi or modem?
I had remote desk running on a machine and I went downstairs the other day, turned it on, and someone was controlling the machine. Of course that's partially my fault since there was -zero- rd password set. However, my question is how did this person figure out my IP and get past the router to the machine? I don't have any forwarding setup. My router admin password is (has always been) strong. I guess my question now is: Is there anyway to restrict rd access to the local network?
I was sitting watching a TV show on the internet (streaming from channel 4) and all of a sudden I get a request from an unknown IP address, outside of my local network attempting to access my ubuntu desktop, I obviously declined straight away and stupidly didn't take note of the IP I've checked my firewall settings and no ports are being forwarded, everything is as it should be. I am running Ubuntu 11.04, and a little bit concerned. As of now I have completely disabled remote desktop on my laptop.
I have been using Remote desktop on Windows 7 to view and control my Ubuntu machine in the office quite happily over the office network. No problems there. I wanted to access it from my home connection so I read that I could do this by opening a port on the ubuntu machine's firewall. So I installed a firewall. Didnt see any way to open a port easily so I uninstalled it and installed another one. Same issue so I uninstalled that and then left it. I then tried to Remote Desktop the Ubuntu machine from my Windows 7 laptop and ERROR I can no longer connect.
