Security :: Single Purpose Ssh Key For Sshfs?
Mar 6, 2010
I'm wondering if anyone can give me some guidance, or point me to a relevant reference for setting up a single purpose ssh key.I have setup a single purpose key for rsync, where I have command="/path/to/rsync-secure" associated with the public key in .ssh/authorized_keys, and the rsync-script checks to make sure incoming commands begin with 'rsync --secure', What I would like to do is do something similar to allow sshfs access, and have the server path that can be mounted locked down to a particular location. Does anyone have any suggestions as to how this could be done?As an aside, I might also want to restrict the above rsync script to only allow synchronization to a particular path.
View 1 Replies
ADVERTISEMENT
May 10, 2009
What good does getting into single user mode do?And what's the basic purpose of it , i.e is it maintaining purpose???
View 2 Replies
View Related
Oct 20, 2014
what is the purpose of the parameter within single quotation marks and what it does? I am assuming it is a call to pkg-config with those paramaters.
Code: Select allgcc -o gtkprog gtkprog.c `pkg-config --libs --cflags gtk+-2.0`
Using:
Code: Select allpkg-config --libs --cflags gtk+-2.0
-pthread -I/usr/include/gtk-2.0 -I/usr/lib/x86_64-linux-gnu/gtk-2.0/include -I/usr/include/gio-unix-2.0/ -I/usr/include/cairo -I/usr/include/pango-1.0 -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pixman-1 -I/usr/include/libpng12 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/libpng12 -I/usr/include/pango-1.0 -I/usr/include/harfbuzz -I/usr/include/pango-1.0 -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/freetype2 -lgtk-x11-2.0 -lgdk-x11-2.0 -lpangocairo-1.0 -latk-1.0 -lcairo -lgdk_pixbuf-2.0 -lgio-2.0 -lpangoft2-1.0 -lpango-1.0 -lgobject-2.0 -lglib-2.0 -lfontconfig -lfreetype
So, if my logic serves me right, this command parameter is a neat replacement for this litany of libraries to be used in the compilation process.
View 1 Replies
View Related
May 12, 2010
I have an environment with multiple projects that have a variety of government and commercial sponsors. We have been satisfied to this point with a netapp serving nfs/cifs and keeping a tight reign on nfs exports.Some of these projects have started asking us to provide access restricted sub-folders of the project space based on different groups that contain a user subset of the primary group.
We have a linux machine that serves as a version control front end to the netapp, mounting the project spaces via nfs. People are now mounting their project space via sshfs to this "front end" and sharing the root password of this sshfs client with everyone in their project, in turn creating a security hole to access the so called restricted sub-folders. I know all the obligatory responses referring to irresponsible user behavior but would like to see how others have addressed something like this where user behavior seems out of control.
View 12 Replies
View Related
Sep 2, 2010
I'd like to add a user to my server that will only have access to a mount point over sshfs. Is there any way I can provide them this access without actually giving them permission to open a terminal on my server? I tried /bin/false and /sbin/nologin already, but /bin/false didn't allow the mount point to be made and /sbin/nologin prevented a login completely (also stopped the mount point from working).
View 6 Replies
View Related
May 30, 2010
I don't care so much the practicality and needlessness of actually setting up a computer for proxy server for personal usage, but none-the-less, i want to do it, and i'm just wondering about hardware.The proxy, i don't intend on having a desktop environment, so it'll be a terminal interface.But for a system that will handle traffic for 3 pc's and a ps3, how much hardware would one suggest i need, as far as RAM, HDD space, so on and so forth.
I was thinking it would be fun to do with with my old amd k6-2 processor and it's 32mb of ram, but in order for that pc to work, i'll need to replace a few hardware pieces, and before i dumb money into it and pull it out of the closet, i want to find out if it would even be worth my time to do it.
View 2 Replies
View Related
Jul 20, 2011
My primary Ubuntu server has SSH exposed to the internet so I can remotely access it. I have configured OpenSSH to use only RSA key authentication. Each computer I use has a separate RSA key unique to it. I also have a unique RSA key on a USB thumb-drive I carry with me. The purpose of the USB key is for emergencies if I have to access the server from some remote system. The problem is that I may not trust the remote machine (university/public library computer for example).
What I would like to do is have a set of one-time use RSA keys that, after I log in to SSH with them, are removed from the authorized_keys file. This would hopefully keep my system safe even if the remote machine I was using was compromised and had copied my private key and key-logged the password I used to decrypt it. I would like to have these keys be separate from the keys I have for my trusted computers.
View 3 Replies
View Related
Jun 20, 2010
I am running Fedora 13 - 64-bit variety and using KDE as the gui. No real issues asides from machine not exactly flying, but then this is a mere core 2 duo 1.6 with 2 gigs of ram, so not unexpected...
When I run top I see 3 users indicated - which worries me somewhat... I am the only user on this machine.
I come from a Debian / Ubuntu /Gentoo knowledge-base and this laptop is a fresh install, encrypted partitions, temp has own partition (encrypted too) and obviously the firewall is on, with ssh service turned off and ssh access removed in the firewall....
is this 3 users in top normal, or have i managed to be hacked in the 3 - 4 days since I started the install ? In all this time I have been sitting behind a router when on the net.
Am I looking at a fresh install, or are there valid reasons for the extra users?
I just ran "users" in terminal and I show up 3 times - I have only logged in once, through the GUI and no extra access routes
View 6 Replies
View Related
Sep 1, 2011
I have ubuntu 11.04 installed along side windows. And I often share files with windows computers. If I am installing a new package from ubuntu software center, and consquently I have to log in as root to do so, which means I have given the system 'privileges' as the program is being installed, I decide to go open mozilla, and surf suspicious sites on the net. Is it possible in that case for me to get a virus?
When we enter the password for the root user in order to run one program such as ubuntu software center, does that mean that all programs have root privileges for the time being (as the software center is installing the program)?
View 3 Replies
View Related
Sep 5, 2010
How to number of connections for a single ip on port 80 to CentOS 5.5 with iptables? connlimit did not work on CentOS and nginx does not provide a module for that
View 4 Replies
View Related
Feb 26, 2010
Is it possible to restrict root logons to the SSH server to just a single ip address (or maybe a range?) I have other users connecting to the server daily so restricting ALL access to a single ip i cannot do. I need root enabled (for my own reasons) but want to lock it down a bit more.
View 9 Replies
View Related
Mar 25, 2010
I was wondering whether or not it is possible/advisable to install and run Snort on a single laptop with a wireless router (firewall enabled)? Does Snort require root privileges and are there any other issues one needs to be aware of when installing and running software like this?
View 6 Replies
View Related
Apr 3, 2010
Is there a program that allows me to password lock a single file or folder?
View 5 Replies
View Related
Jul 14, 2009
When I go to single user mode for resetting root password, It ask root pawssword for login.The message displayed on prompt is "Give root password for login.On the boot prompt, I select kernel and press 'e' and after one space type 1 for single User mode and then press 'b' for booting.It shows message entering in single user mode but ask root password. Even I tried into rescue mode, but I couldn't ser root password.In rescue mode on prompt, It shows rescue login: I typed root, But when typed 'passwd' foe resetting root pawssword,It shows message unknown user and not authetication.
View 1 Replies
View Related
Apr 17, 2009
Being able to reset the root password by booting into single usermode by editing grub. This is a MAJOR flaw. I know it makes no real difference against internet bourne attacks, but even so I must say I found it shocking. The only way I've found to stop this is to encrypt the entire HDD, so noone could get into single user mode without first knowing the encryption key/password.
View 14 Replies
View Related
Oct 13, 2010
I know that SSHFS is the way to mount the file and directory on remote server. It has many advantages such as security, convenience, fast and so on. I wonder if there is disadvantage of SSHFS and the alternative to it? I am looking forward to your reply.
View 2 Replies
View Related
Oct 13, 2010
I have question about the UNIX sockets. my goal is to connect multiple sockets from a single client to a single server and keep them open...I'm not sure if that is possible to create or not. Do you have any suggestion or an example of code?
View 1 Replies
View Related
May 5, 2010
Sshfs was working before - sheesh, I was using it! Today, all I get is an error that tells me it can't find the command. So I go to yast and reinstall it. No change - I'm still getting the error! What could be going on?? Fuse is installed.
View 2 Replies
View Related
Apr 29, 2010
Right, just a quick question about rsnapshot over sshfs and encfs. I've set up an encfs filesystem, and when mounted on the remote machine remotely:
Code:
touch foo.bar
Code:
cp -al foo.bar foo.car
Works as one would expect it to.
The same is true on the local machine (The EncFS has External IV chaining disabled). However, when the remote dir is sshfs mounted on my computer here, and then encfs'd to a decrypt mount on my computer, I can move files to it, and they go over the network and get encrypted, however:
Code:
cp -al <file> <file>
No longer works, I get 'not implemented' errors...
I thought since I don't have External IV chaining this shouldn't be an issue - I've tried without any of the file chaining options, again to no effect. All work remotely, or with both locally, but not over sshfs. Is this a quirk of sshfs?
View 1 Replies
View Related
May 6, 2010
I just updated to 10.04 from 9.10 and suddenly gedit is saying I don't have permission to save files in an sshfs-mounted directory. Nothing I've found through Google works.
* I'm mounting using `sshfs james@of1-dev-james:/home/james/projects $HOME/projects`
* `fuse` is listed in /etc/modules
* I'm a member of the `fuse` group
* Using `newgrp fuse` before mounting stops gedit from seeing the mounted directory at all.
* /dev/fuse belongs to `root:fuse` and has `crw-rw-rw-` permission.
* Other apps e.g. `nano` have no problem reading/writing to this directory.
View 6 Replies
View Related
May 25, 2011
install sshfs in centos 5.5 but i was not able to get the correct package to install.
View 5 Replies
View Related
May 4, 2010
sometimes i edit files in a remote server. i normally mount the remote drive via sshfs and edit a configuration file or two and some text files using gedit. after i upgraded to 10.04 i cannot save the files that i edit anymore. i can rename the file. but the weird thing is that i cannot save the file after i edit it. one of the files that i was editing is crontab.
View 4 Replies
View Related
Jun 17, 2010
I use this command to mount sshfs:sshfs -o idmap=user user@ip:/home/user/public_html ~/FolderThen I enter my password. I do this every time I start my computer
View 3 Replies
View Related
Nov 2, 2010
I've used wake on lan and SSH on the local network for some time now. I also used SSH to mount a filesystem (SSHFS / sftp, same thing, right?) and I could forward X11, loved it. I used both these options for my convenience. So I decided it was time to open up some ports on my router (Linksys WRT320n running dd-wrt) and try to set up a remote connection. This actually worked after some time, so I'm now able to turn on my home computer from the Internet (school in my case) and then log in to it through SSH. I set this up using other ports then the default ports. Something like this (these are not the actual ports I use, just examples):
port 2112 -> port 9 (for wol, wake on lan)
port 2113 -> port 22 (for SSH)
This information might be useful: I set this up using public and private keys. This is necessary for SSHFS to work properly I think and it also makes it more secure. And then I found (and had some presumptions that this was going to happen) that both SSHFS and X11 were not working. I'd rather not open up more ports on the router for security's sake though, so I'm asking for other solutions. And if there really aren't any other solutions then which ports to forward. And if forwarding is really necessarily then how to make the client use port 2114 for SSHFS and 2115 for X11 so I can forward those ports to the default ports.
View 3 Replies
View Related
Nov 18, 2010
I mounted a remote directory using sshfs and I can't save files using gedit, while saving same file using vi works. Changin permission to o-r (640) allows gedit to save files OK. Is there a way to change sshfs connection to make gedit work without chmodding every file? (I use -o uid=`id -u` -o gid=`id -g`, so that remote files seem to be owned by me)
Code:
$ touch test.txt
[!] test.txt appears
$ vi test.txt
[!] :wq -> saves just FINE
[Code]...
View 4 Replies
View Related
Dec 2, 2010
I am mounting a remote directory using sshfs, over VPN. If the VPN connection is lost, the directory obviously can't be read. But, when I try to "ls" in its parent directory, the command just stalls. No error messages, and ctrl-d, ctrl-c, ctrl-z don't do anything. The command I ran to mount the directory was:
Code:
sshfs -o workaround=rename bt@example.com:/dir1 /dir1
View 2 Replies
View Related
Jul 4, 2010
today when i tried to login into another host my network using ssh it gave me an error saying that the remote host RSA key has changed and i should remove the file .ssh/<idon't rememeber> from my home directory for loggin in and it also gave me the warning that somebody is doing something nasty, As far as i remember we only reinstalled the system that ip, but then after deleting the file .ssh when i put the root password to that system it says bad password, What is an RSA key and what is its purpose under what circumstances is the RSA key gets changed, does it get changed after reinstallation what can do nasty that can change the RSA key
View 1 Replies
View Related
Apr 2, 2011
I have two remote systems which I have fstab entries for on the local system. I have them set to noauto, because mount fails during boot for some reason, but that's not the problem. For years I've mounted them in rc.local.
The problem is after I recently reinstalled Debian, when I mount them manually it always asks for my user's password. I've copied my user's pub key from the local to the remote system and put it in the user authorized_keys file (not root), like I always have. But it still asks for a password, and so fails to mount in rc.local.
View 2 Replies
View Related
Jun 3, 2011
I added an sshfs entry fto /etc/fstab in a fresh FC15 build ona laptop and this seems to work
sshfs#user@server:/opt/apache-tomcat-7.0.2/webapps/ /mnt/server/opt/apache-tomcat-7.0.2/webapps/ fuse uid=500,gid=500,allow_other 0 0
I can mount and umount /mnt/server/opt/apache-tomcat-7.0.2/webapps/ without problems.
But after a reboot the systme it hangs when loading, I can't copy paste the messages but it said something about boot dependencies, and it was apparent the error was loading fstab. I had to Ctrl D or enter root password to get a recovery system, after commenting out the sshfs line (and some nfs lines too) from /etc/fstab after another reboot I was in.
sshfs used to be permitted in /etc/fstab it seems , I've not used it before, could this be a FC15 issue? I have seen other threads about FC15 and nfs boot issues presumably to do with the new booting mechanism.
View 2 Replies
View Related
Apr 8, 2011
I've got a non-vital sshfs filesystem in my fstab (by non-vital I mean just files that I access on-demand).However, the fstab file seems to get read and things try to mount before the network has been brought up. I recently switched to Kubuntu 10.10 from Arch, and Arch didn't display this behaviour.I'm wondering if it's possible to make it mount the sshfs filesystem AFTER the network has been brought up?
View 2 Replies
View Related
