Security :: Properly Set Up Ssh To Only Allow One IP Address To Login Remotely?
Apr 6, 2010properly set up ssh to only allow one IP address to login remotely
View 2 Replies
ADVERTISEMENT
Networking :: Remotely Login To Remotely Display Data?
Jun 29, 2011I'm not terribly new to Linux, but I am new to the forums, so hear me out! I am in the process of creating an electronic mapwall for our meteorology program, and have designed the computing system from scratch. I have two Linux Boxes, each with capabilities for 6 attached monitors...a total of 12 displays driven from two machines. My intention is to have one machine be the master...it has a touchpanel control. The inputs to the touchpanel will then trigger events for the both the master and the slave machine to display. Each of them has a specific IP address (DNS entry), and are not on a subnet.
Now...is there a way to remotely login to the slave machine and have it display on it's OWN monitors? The code is Java and which works on the master machine to animate directories of .gifs for each of the master's attached monitors. I will most likely have Java execute shell commands for the remote login (ssh), but I believe the answer lies somewhere in the X-configuration. Do I have the machines in an adverse configuration (creation of a subnet would be better)? Lots of questions...lots of desire...few answers!
Ubuntu :: How To Properly Shut Down System Remotely With SSH
Apr 21, 2010So I've got a backup server that has a daily cronjob to back up all my systems. My desktop PC is usually in sleep mode to save power. So my backup server has to wake up the desktop via wake-on-LAN to start the backup job. When the backup script is done, my backup server sends a shutdown command to the desktop to put it back in sleep mode.
The trouble is that SSH is timing out during the shutdown process and waits a ridiculous amount of time before giving up and allowing my backup server to move on to the next backup script. Here's the portion of my backup script for the desktop that does the shutdown stuff:
Code:
ssh user@host.lan '/usr/bin/shutdown -p +1'
Here's what cron sends me via e-mail:
Code:
Read from remote host host.lan: Connection timed out
real 164m46.280s
user 5m16.160s
sys 1m39.760s
Normally the entire backup job will only take about 5 minutes. But because of SSH timing out, it takes 164 minutes!
As a matter of detail, my backup server is running Ubuntu 9.10, and the desktop is Windows 7 x64 with Cygwin. The -p option for the shutdown command in Cygwin is for sleep mode.
Networking :: Set An Ip Address On A Computer Remotely?
Mar 20, 2011there is a way to set an ip address on a computer remotely. Here's my issue : Have a debian computer (plug computer) on which, after upgrade, i m not able to log in back anymore. At the moment it seems i have no chanche to connect something like a monitor but i m pretty sure the computer it boots up cause wireless is on and i can see ssid and mac address of the ap.
I ve tried to assign an ip to the mac address (from my laptop) by arp and in the table it shows the link between the mac and ip, but i m unable to ping the ip after that. I was trying to think of maybe set up a dhcp server from my laptop and see if the plugcomputer gets an ip automatically, but i m not sure if it is working and at the moment i have little experience on set up a dhcp server on linux (sabayon). Do you think is it possible to manage the network card of my plug computer by eth/wlan from my laptop?
Networking :: Changing The IP Address Remotely
Apr 12, 2011I'm running Ubuntu server. To change the IP while I'm sitting in front of the computer, I would:
1. edit /etc/network/interfaces
2. ifdown eth0
3. ifup eth0
Remotely, I can do the first two no problem, but the ifup command causes some problems since the ethernet interface is no longer functioning. Is there some kind of script that can be written for this purpose? Maybe something that will check eth0 every so often and make sure it is running and bring it up if it isn't. Or else a script run with nohup?
I do not intend that changing the IP address will be a frequent occurrence, but when it needs to be done, it must be done reliably and without the possibility that the computer will no longer be reachable for more than a couple minutes or so.
Security :: Address Space Randomization On 2.6.28-15-generic Ubuntu 9.04 - Finding Base Address?
Sep 14, 2009Im an academic (university networks and security lecturer) studying/teaching network and operating system security, and inspired by the work of Hovav Shacham set about testing ASLR on linux. Principley I did this by performing a brute force buffer overflow attack on Fedora 10 and Ubuntu 9. I did this by writting a little concurrent server daemon which accidently on purpose didnt do bounds checking.
I then wrote a client to send it a malicious string brute forcing guessed addresses which caused a return-to-libc to the function usleep with a parameter of 16m causing a delay of 16 seconds as laid out in [URL] Once I hit the delay I new I had found the function and could calculate delta_mmap allowing me to create a standard chained ret-to-libc attack. All of that works fine. However .... To complete my understanding I am trying establish where I can find the standard base address for ubuntu 9 (and other distros) for the following, taken from Shacham:-
Quote:
[code]....
/proc/uid/maps gives me some information but not the base address ldd also gives me the randomised starting address for sections in the user address space but neither gives me the base address. Intrestingly ... when a run ldd with aslr on for over (about) 100 times and checked the start point of libc I determined that the last 3 (least significant) hex digits were always 0's and the fist 4 (most significant) where between 0xB7D7 and 0xB7F9. To me this indicated that bits 22-31 were fixed and bits 12-21 were randomized with bits 11-0 fixed. Although even that doesnt define the boundaries observed correctly.
Note: I am replicating the attack to provide signatures to detect it using IDS, and for teaching purposes. I am NOT a hacker and if needed to could reply from my .ac.uk email address as verification.
Ubuntu :: How To Remotely Login Into Webmin
Feb 28, 2010How to login into webmin remotely from a different network?
View 1 Replies View RelatedSecurity :: Allow User To Logon Remotely Using SSH?
Feb 10, 2010Is there anyway to prevent a user from being able to logon at a machine (Terminal and XWindows) but allow that user to logon remotely using SSH? This user is for remote capture of logs only - on a private network (no internet access).
View 1 Replies View RelatedNetworking :: Remotely Login Using SSH And Vino-Server?
Nov 21, 2008I usually remotely connect to a client server to make adjustment via the CLI.Occasionally I have to login into the desktop to understand some issues that my customer are trying to explain via Vino-Server. I have notice that sometimes when I attempt to login via ssh, I sometimes can see that a user has not logged into the GUI desktop which means that I cannot login into the remote desktop session to resolve any issues via the GUI. My question is:How can I remotely login via ssh and start a gnome or kde session for the user account that I am trying to resolve his or her issue?
View 3 Replies View RelatedFedora Servers :: Can't Login Remotely To Client Machines?
Jun 14, 2009I am running NFS and NIS servers in my FC8. Clients are also running FC8. Everything was working fine. I could login remotely to server as well as clients. Suddenly (few days ago) a problem started. I can not login remotely to client machines. I did not do anything. I can login to server remotely, but not the client. When I try to login, it accept password and nothing happens. Also, when I try to login from server to client same thing happens. We share the home directory of the server with client. Another question: there two type of nfs server nfs-user-server and nfs-kernel-server. I just use gui to set up the NFS. I don't know which one I am running. Is there any way to find out which nfs I am running?
View 1 Replies View RelatedUbuntu Security :: Remotely Deleting A Router Log?
Nov 10, 2010I have recently been the victim of identify theft and have coincidentally noticed that my router has been under attack for the past few days. I've been monitoring the log on my router (a D-Link DI-624+A) and suddenly while I was on Skype, my wireless connection was lost. I reconnected and found that the router's log had been erased. It appears from the log that the hacker has so far been unsuccessful. I have already done a 'whois' on several of the IPs this hacker has been using and have notified the respective ISPs.
Is it possible to remotely delete a router log?
Here's an example of my log before and after the delete:
Code:
Wed Nov 10 18:00:24 2010 Unrecognized attempt blocked from 221.136.83.1:40245 to xxx.xxx.xxx.xxx TCP:8080
Wed Nov 10 18:08:24 2010 Unrecognized attempt blocked from 60.173.26.168:6000 to xxx.xxx.xxx.xxx TCP:9415
[Code]....
Ubuntu Security :: Is Posting The Hardware Address A Security Risk
Feb 28, 2011When posting results from ifconfig, it shows the hardware address of etho, etc. Would you consider that to be a security risk ?
View 9 Replies View RelatedFedora Security :: Remotely Decrypting Or Removing Encryption?
Jun 14, 2011I have a computer running Fedora 14 and when I installed it, I chose to encrypt the drive.
I've recently changed the way I have things set up and don't want the encryption any more. From what I've read there is no way to simply and easily remove the encryption, so what I would like to do is input the pass phrase remotely.
so, Is there anyway I can type in the pass phrase remotely, or remove the encryption?
Ubuntu Security :: View Browsing History Remotely?
Jan 9, 2010What are all the ways you could think of that someone could view your browsing history, upstream from your machine? They don't have physical access, there's nothing on the computer itself and the person trying to hack has skill so I'm thinking like monitoring a proxy somehow, using the ip address somehow, compromising the modem in some way, possibly having access to google account etc. I am new to ubuntu and have really dug it so far but I want to figure how this is/was being done
View 9 Replies View RelatedUbuntu Security :: Remotely Creating A Desktop Account On Another System?
Mar 25, 2010I am at my own desktop and I have root access on my own desktop.
I also have root access on a Desktop Ubuntu system (192.168.5.10) on the LAN. I need to create another desktop user account on that 192.168.5.10 system.
So I logged into that system with: ssh -Y myself@192.168.5.10
Then I did: sudo users-admin
This brings up the Users Settings but the Add User and Unlock buttons are disabled. How do I enable these buttons?
Networking :: SSH - Can't Login Using Hostname Can Login Using Ip Address
Jan 26, 2009I am having a problem logging into my remote gentoo (2.6.23) linux machine using my hostname from my Windows XP machine using cygwin. I can login using my ip address, but not the hostname.
This works:
$ ssh me@xxx.xxx.xx.xxx
This does NOT work:
$ ssh me@my_hostname
ssh: connect to host my_hostname port 22: Connection refused
I have verified that my hostname is indeed "my_hostname" on my linux machine by using the "hostname" command.
Ubuntu Networking :: DNS - Clients Unable To Properly Resolve The Server's Ip Address
Oct 4, 2010I'm having really weird and frustrating DNS issues with my clients unable to properly resolve the server's ip address. They can resolve each other's, and outside systems, but not the server - at least, not correctly, and not all the time.
I have one Ubuntu server set up that does both DHCP and DNS serving to the Windows systems. The server has DNS forwarding turned on to forward to OpenDNS's servers (I've tried using my ISP's dns servers but the problem remains).
The server is *not* set up as a firewall; I am actually using a DLink router for that, and the Dlink is *not* set up to serve up DHCP nor DNS.
What I am getting is that my clients - and there are nothing but Windows clients - will not resolve the name of the server. For example, if I do: ping linuxserver
I get back a false IP address of 192.168.0.64 (and I've seen once a 192.168.2.49).
If, however, I put a dot in there: ping linuxserver.
I get back the *correct* IP address of 192.168.0.2, and thereafter, ping'ng linuxserver without the dot will work. Until the dns cache expires, either naturally or with ipconfig /flushdns on the windows clients.
The client *are* getting valid dhcp leases and can resolve everything happy-happy, they just will not get the proper address of the server 100% of the time.
Security :: Remotely Decrypting A Server - Authenticate A Decryption Mechanism Of Some Sort?
Sep 11, 2010 i need to find a way to securely authenticate a decryption mechanism of some sort where the authentication is provided remotely without any user-interaction. Right now i have a number of boxes that all inform a central server when they are online. When they do this an OpenVPN connection is set up between them and the server.
However, i have been given the task to ensure that the scripts involved in this process are encrypted by default. This requires some form of self-decryption, which to my mind kind of goes against the whole idea of encryption/authentication in the first place. I need some way to leave decrypted the bare essentials required to boot a box and securely connect to the central server automatically. Then the server would automatically send a key/passphrase and the rest of the files on the box would then be decrypted on the fly.
Ubuntu Security :: Truecrypt - Remote Mount Volume - Or Send Bash Script Remotely?
Apr 1, 2011I have an Ubuntu 10.04 machine at home and apache setup on it (files are located in a Truecrypt volume). The reason for the web server being that I wanted to access my files wherever I'm at (i.e. hotel, work, hotspots, etc...). So far, it's worked out great for me seeing as a I can http download my files (or stream media files). However, I am often on a public hotspot and I know it's a matter of time before someone finds the webserver on my computer. I have the machine firewalled and password protected (via .htaccess), but either way I don't want people looking in on my computer.
The problem: I have used Truecrypt for a long time and completely trust using the program to encrypt/unencrypt a volume container to store my files. Usually, I would remote desktop into my computer and mount/unmount the volume when I needed it. However, after time it get's really annoying to do this. So I eventually figured out how to setup a bash script to automatically do this for me (which I put on the usb part of my phone). What I wanted to do was to be able send the bash script to my Ubuntu machine (via ftp from my phone) and have Ubuntu automatically run the script. Is this possible? What programs do I need on Ubuntu?
I was thinking about using something like cron, but that is for scheduled times. I don't really have a set time in which I need my files, it's pretty sporadic depending on how much I travel. Thus the need for being able to remotely mount the volume when I need it.
Summary: I need a way for Ubuntu to read a folder every minute or so to check for bash scripts to run. I want to be able to send the bash script via ftp from my phone, have Ubuntu run the script, then delete itself (so as to not store the password). I already know the script in which to mount the Truecrypt volume and how to send the file via ftp from my phone. It's really a matter of what program to use in Ubuntu to find and run the script.
Ubuntu Servers :: Setup Access Properly From A Public Address To A Monitoring Server That Works Fine Locally?
Apr 19, 2011I've spent days trying to setup access properly from a public address to a monitoring server that works fine locally. Everything works from public access until I try to link to a CVS repository. The rancid CVS repository is set up as a separate server (virtualhost). It appears the referring link causes a DNS error (105: Server Not Found) when the CVS repository server is accessed from the public address. Things work fine when accessing via localhost.
Localhost link:
[URL]
Public link: (this results in 105 error caused by redirection (bold portion of link))
[URL]
Code:
Virtualhost config:
LoadModule jk_module /usr/lib/apache2/modules/mod_jk.so
JkWorkersFile /etc/apache2/workers.properties
JkLogFile /var/log/apache2/mod_jk.log
[code]....
Ubuntu :: Remotely Wake On Lan - Remotely Turn On Computer
Jan 4, 2011Does anyone know or recommend some software or a script to remotely power on a PC from standby to on, or even better from completely off?
I guess the completely OFF to ON is much more complicated - would probably require an extra piece of hardware(?)
Ubuntu :: Vmware - Login Not Working Properly
Jan 18, 2010i have a question about vmware fusion (3.0.1) and ubuntu (9.1) i just created the ubuntu virtual disk yesterday, and have not done anything on it besides change some minor stuff (background, theme, etc). for some reason this morning, the login screen has been freaking out. the vm loads and shows the login screen, i click my name and enter my password, i get the cool music, but right before my desktop loads it goes straight back to the login screen and i have to start over. it does this over and over until i cry and give up. i have tried restarting the vm, restarting the host computer, everything. every once in a while it will randomly work, but then if i restart, back to the same issue
View 1 Replies View RelatedUbuntu Security :: Login Panel Is Worse From Security View Point
Jan 19, 2010ubuntu 9.10 login panel is worse with respect to ubuntu 8 since now all the users with names are shown without a way to hide them!Why don't keep the old way at least as an option?
View 5 Replies View RelatedUbuntu Security :: Updated Browsers Using Update Manager Have Lost Security Login Pages For Web Mail?
Mar 3, 2011i updated both browsers i have and lost my secure log-in pages (no padlocks showing ) concerning different Web mail accounts.Just before i did these updates i checked an unrelated thing on-line regarding my sound card of which i kept a copy of and got this message below :
!!ALSA/HDA dmesg
!!------------------
[ 12.762633] cfg80211: Calling CRDA for country: AM
[code]....
Ubuntu Security :: Bad Login Protocols - Graphical Login For Gnome Sizes Itself To Accommodate A User's Exact Password Length
Dec 14, 2010I'm seeing really bad user login format under a standard installation and am wondering why ubuntu does this as default. I have noticed that the graphical login for gnome sizes itself to accommodate a user's exact password length. This indicates to me that somewhere on the unencrypted part of a standard installation with user encryption contains at least some indication of the content of the password length which seems a security flaw even if not a complete hole, it majorly reduces the number of attempts a cracker would have to cycle through.
And that's assuming that *only* the length is contained. Furthermore it seems that it would be MUCH better to simply display the number of characters entered into the pw field and allowing the gui to expand itself from an fixed size as the field is filled out so the the user still receives visual feedback for entering characters. Either a simple character count display should be entered into the field or a 10 dot to new line so that one can visually quickly count the number enter by multiplying from a 10base graphical observation.
Fedora :: Gdm Login Not Coming Up, X Server Not Starting Properly?
Oct 3, 2010Hey all, I need help here! Whenever I boot up Fedora 13 my computer just decides to stop doing things right before the graphical login screen comes up. The system starts up properly, but after the "local" program starts, it goes to the fedora-colored blue screen right before the login screen usually comes up. I can still bring up consoles with ctrl alt f1/f2 and switch the tty screens. Whenever I try to start the X server using the X or Xorg command, it echoes the usual stuff and then the screen goes black. After that, nothing happens. I can get out of X by using the classic ctrl alt backspace method.
I haven't checked any X logs other than Xorg.0.log, but I'll post the others for any special failures soon.
Ubuntu Security :: Wireshark Not Capturing Properly?
Jan 23, 2011Was trying to use wireshark to pen test my network and I can't get it to work properly.When capturing on my main wireless card wlan0 atheros ath9k the program freezes after a short while and I can't even access the web anymore. Not to mention it stops capturing. I have to disconnect and reconnect to get back on the web. Not sure what is going on here. I get the following output in terminal:
(wireshark:2240): GLib-GObject-WARNING **: /build/buildd/glib2.0-2.26.0/gobject/gsignal.c:3081: signal name `depressed' is invalid for instance `0x2142cb68'
[code]....
CentOS 5 Networking :: LDAP User Can't Login Remotely By SSH On LDAP/Samba PDC?
Sep 8, 2009I installed CentOS 5.2 and then run yum update. I configured this server as LDAP/Samba primary domain controller. LDAP seems to be OK and for testing I am able to create users with:smbldap-tools useradd -am usernameI can ssh into the server as root and also as a Linux user which was locally created in the server. But ssh into the server as LDAP user fails (from a Fedora 11 machine) with "Permission denied, please try again", prompting again for password.Some data:
# rpm -qa | grep ldap
python-ldap-2.2.0-2.1
php-ldap-5.1.6-23.2.el5_3
[code]....
Ubuntu Security :: Startup Login Screen Security?
Aug 27, 2010just migrated to Lucid from Jaunty and noticed that the login startup screen looks more like windoze (shows all authorized users).One of the endearing security checks with Unix was that if you had access to a console you had guess both userid AND password - the system wouldn't tell you which was wrong.I feel that we have lowered security by making the list of authorized users visible on a console. Is there any way to turn it off and force users to enter both userid and password?
View 4 Replies View RelatedUbuntu Security :: Security E-mails At Root Login?
Sep 8, 2010Whenever I login as root, an e-mail with the subject "Security information" is sent outwhere the e-mail address for this message is configured? I need to change it (or perhaps disable it).
View 9 Replies View Related