I'm looking for a most possible, secure solution to transfer data using rsync over Internet between 2 linux server.
I have 3 option: SSH, IPSEC and Kerberos.
Which one in your opinion should be most secure solution?
I have a server A that needs to connect to another server (B) to transfer data everyday.[A] ==SFTP==> [B]
I am using SFTP for the data transfert between A and B. I configured B to allow authentication only with a key, not with password. However, anybody who acccess the filesystem of A, could steal the password.
So I thought I could password protect the private key from A. But in such a case, I need to store the password somewhere on A, so the server A can access the private key to connect to B. Finally, it is endless: i always have to store somewhere a secret on A. Is there another solution that allow to have an authentication between A and B without storing plain text secret on the server A ?
I am running UFW, which is set to deny everything but SSH on port 22, OpenVPN on port 1194 and HTTPS on port 443. SSH is set to only allow private key logins, and the root account is disabled. I have AppArmor running for all of my daemons (OpenVPN, Apache2, OpenSSH) and I have Fail2Ban running.
Is there anything else I can do to secure my server from the Internet (it is directly connected, there is no NAT between the Internet and my server).
If I need to get a file to someone I could place it on the server and somehow automate an email telling them there is a file available. They could login to the server based on their email address and a randomly generated key combination and down load the file.I also need it to preform the same function going the other way. Login into my server and place files going to me.
View 2 Replies View Relatedif connecting to my server for file transfer using gFtp is secure. I told gFtp to connect to the server using SSH2 and it works. It says it uses this command "ssh -e none -l wordpress -p 1883 IPADDRESS -s sftp." Is this more or less secure then using ftpes or ftps? What I thought was weird was that I could shutdown vsftpd and still connect. Does SSH2 SFTP use its own ftp server?
View 4 Replies View RelatedI bought a laptop today (Compaq Presario cq62) and loaded Ubuntu 10.04 on it. Everything has been running great, but the Wifi has been acting up. It connects to my router for a few seconds to a minute, and then stops all data transfer (although it still shows that I am connected to the internet). My other computers running Mac work fine. I took my laptop to another place with wifi, and it did the same thing.
The data transfer seems to stop when there is a lot going on. Whenever I try downloading new software, it gets to exactly 5% then stops. If I disconnect the wifi, and reconnect it works again for another minute. I may need to be walked through any terminal codes.
On that note, where would be a great place to read up on using Ubuntu (online book?)
I've recently been running a game server from my desktop, as well as a web page to accompany it.I use the ports 80/8123(HTTP)/5900(VNC)/50500(GAME)/5839(ADMINISTRATION).What's the best solution to protect my server from security threats? On a side note, I plan on adding a MySQL server later, but I want to keep it local only.
View 9 Replies View RelatedThis is a recent problem, and I can't pinpoint any change/upgrade that would cause this. Rsync transfer from Client to Server:
sent 11756196 bytes received 1032741 bytes 138258.78 bytes/sec
total size is 144333466390 speedup is 11285.81
Pinging back and forth from each machine is fine. No Ifconfig errors Client, but Server has RX packet errors.
eth0
Link encap:Ethernet HWaddr 00:11:25:37:ee:44
inet addr:192.168.1.101 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::211:25ff:fe37:ee44/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:41786 errors:2157 dropped:0 overruns:0 frame:2157
TX packets:34138 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:55615449 (55.6 MB) TX bytes:4737538 (4.7 MB)
What's the next step?
I build a new test machine where i need to bring data from live machine. the data is kind of flat files and some propreitary application axigen mail server.
now what i am suffering from, which commands to do first practise. there is remote site with 1mps speed of wireless between live and test machine. on daily basis aprox 14gb .tar.gz files it need to move it.
i found scp,rcp,rsync,sftp etc. which is fastest way to replicate or copy to remote machines.
the data is on live machine /var/opt/application and on remote same directory too /var/opt/application
i try using scp it take aprox 8-10 hours to copy single 14gb file.
if possible where to see such commands logs results, if anything get down error discontinue while copying.
iam trying to sync file server data into backup server machine by command- rsync -avu path/of/data ipaddress-of-backup-server:/path/where/to/save after running it ask for root password and manually it is successful.but i want to make it automatic.for that i also tried cronjob and also generated authentication key but iam not successful in login automatically..anybody know how to authenticate root to login for storing data in backup server.
View 14 Replies View RelatedHow to find a data transfer speed of a system using squid?
View 4 Replies View RelatedMy rsync takes backup of everything from the differenct linux servers to my backup device which is 2 TB only .Since it takes almost full backup of source , it consumes space lot in the backupdevice. So i wanted to keep all my backup files of one month old latest files in backup device, it should remove all files more than one month data.
View 2 Replies View RelatedI have configured openssh 5.8p2 with centos 5.6. My sftp is working fine with chroot environment but i am having problem with SCP. I am dealing with muliti Redhat servers. When i try to transfer data from other linux server through scp it gives connection refused. For e.g ssh 5.8 is configured on new server and i want to transfer files from old server which is using openssh 4.3 version.i created same username and password on new server as on old server.My sftp users on new server has no shell access but only sftp access. When i try to scp from old server to new server it gives error connection refused. Is the below configuration only for sftp and can't scp? According to google the configurations i found are for scp and sftp. Do i need to generate ssh keys by giving users on new server shell access, once created then stop shell access again, as i dont want to give shell access permanent for security reasons? but i want to use ssh keys for more security as well.
Port 22
PermitRootLogin no
1.override default of no subsystems[code].....
shed some light on what I am doing. I am wondering if I just havehings back to front.Server (MESH):Fedora 13Firewall ports open tcp 22(ssh), tcp 873(rsync)sshd service started
View 5 Replies View Relatedi am trying to transfer a file from my live linux machine to remote linux machine it is a mail server and single .tar.gz file include all data. but during transfer it stop working. how can i work and trouble shooot the matter. is there any better way then this to transfer huge 14 gb file over network,vpn,wan transfer. the speed is 1mbps,rest of the file it copy it.
rsync -avz --stats bkup_1.tar.gz root@10.1.1.22:/var/opt/bkup
[root@sa1 logs_os_backup]# less remote.log
Wed Mar 10 09:12:01 AST 2010
building file list ... done
bkup_1.tar.gz
deflate on token returned 0 (87164 bytes left)
rsync error: error in rsync protocol data stream (code 12) at token.c(274)
building file list ... done
code....
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
I set up my ubuntu server with iptables that only allows ssh in the input chain (and of course established connections) with only the mac adress of my laptop allowed to connect, set up a key with a long passphrase and installed pam_abl plugin. ICMP echo is blocked by default.
The only problem is i log all other attempts to connect to the server and i see a lot of traffic going to ports 445 and 5900.
My question is: Is there a possibility that these attempts could succeed and is there any way to further ensure this server?
Ok im new, i know apparmor is running. i was looking for firestarter but their isnt one.....how do i secure this server? i want a good firewall and some virus protection!. also do i need this?
View 9 Replies View Relatedwhat is the best option to securing server via firewall and iptables?
View 9 Replies View RelatedI'm learning to secure my server in the best way I can think of: By learning to attack it. Here's what would like to accomplish. I have SSH set up on a linux box in a offline lab environment.
Username: root
Password: ajack2343d
Now, I know I can simply brute force this as I know the password, but there has to be other ways, and I wish to learn them.
I have a server that I wanted to transfer it to a newer one both of them have CentOS but the newer one kernel is more up to date I wanted to know is it possible just to copy some directory contents exactly to another for transferring the server data (for example /var /usr /bin /home /etc). I have one website on my server with its mysql database
View 4 Replies View RelatedI have a minecraft server running on a P4 box running Ubuntu server 11.04 64bit. Now would it be secure, if I allowed ufw to allow outgoing? Or would this be a huge flaw someone could exploit?
View 6 Replies View RelatedIs it possible to secure samba server with kerberos? I want to know whether we can use kerberos authentication to secure samba user name and password so that mo one can sniff that information. configuration or any URL link from I can get the exact configuration.
View 1 Replies View RelatedI have installed my linux server on the Internet witout a router/firewall between. To secure it I used iptables and it works fine. The problem is that I'am not feeling secure enough with only iptables. Is there anything else that I can install to make my server more secure and get rid of my paranoid feelings?
View 8 Replies View RelatedAs per our requirement, I need to implement a Secure FTP server for around 500 users which includes security level on both - Transfer and Rest data. Apart from this I also need the following features -
1. Size quota on Users & reminder mails for the same
2. Password expiry notifications and user interface to change their password within specified time interval
3. Aging of data - After specified time, data will be moved to some other location from their home directory
4. All type of log maintenace for each file and user and log exporting
5. Uploading & Downloading speed consistency as per server level.
6. Read-write interface for user and read-only interface for their client for the same account.
7. Backup and Recovery options.
As of now, I am using VSFTPD which does not give these much of features in combine.
I know that Linux has no viruses out in cyberland that affect it but would it be possible for a Micrcrap virus to wiggle through an Ubuntu partition and find its way into the Windows portion of the same hard drive on a dual boot system when the windows portion is not being used?
View 6 Replies View RelatedI've set up a server for the first time today and I'm reading up on how to secure it. But I was wondering if anyone here would give me some tips from personal experience on what to do before going online with my website for the whole world to see. I'm running Ubuntu Server edition and Apache. Am I good to go with default settings or is there anything recommended that I should first do?
View 9 Replies View RelatedDoes it really matter if you use bit-torrent to get the iso image? Or is that a bit risky? Would using IPv6 to download.
View 9 Replies View RelatedHow to secure a Terminal Server. so that it can't be hacked by bruteforce/divtionary tools ?
View 7 Replies View RelatedI'm trying to find a secure way to backup files on my Prod Server to Backup Server. It must be automated, so I will need to run a command with cron which will login to Prod Server from Backup Server and backup data. 1. Do you think it would be secure enough to do this by creating an passwordless RSA private key on Backup Server and adding it's public key to authorized_hosts file on Prod Server? I can't think of a way to Automate this without having to enter any passwords without passwordless RSA key. Is there another. more secure way? 2. Should I create a special user for backup, which will only have read access to all files in the directory that I am backing up? If so, How can I run a check that this new backup user indeed has read access to ALL files in the folder that I intent to back up? How can I ensure the backup process will not skip files due to some permission problem? 3. I'm thinking of using rsnapshot tool, which uses rsync.
View 10 Replies View Related