Quote:
Code:
I've used these commands to generate my new keys and immediately got my sshd server running.
However, I now have the problem where the password is not being recognized and is repeatedly asked for.
I have a problem with sshd daemon on a target linux system:The system has only one user (root) without password.The sshd_config looks like:
Code:
Port 22
Protocol 2
[code]...
I want to enable sshd from Internet, but I want to secure it as much as possible.Therefore, despite the fact that the service will run on a tcp port above 2000 to prevent most scans, I would like to :- First, force the use of a client certificate, to avoid brute force attack on my users/passwords- second force the use of a username/password to avoid someone having access to my system just by stealing my key..When I look at the configuration, it's possible to enable both, but one of them is sufficient to login, but I can't find how to make them both mandatory...
View 2 Replies View RelatedI've been using ssh for a LONG time to connect my laptop to my desktop with no problems. I use a non-standard port (nnnnn) and keys. After a power outage that caused a shutdown and reboot, I can no longer ssh into the desktop. The only changes I've made are updates (laptop and desktop both running ubuntu 10.04).
$ ssh -p nnnnn Desktop
ssh: connect to host Desktop port nnnnn: Connection refused
No messages are generated in any of the logs on Desktop!
$ /usr/sbin/sshd -T
port nnnnn
protocol 2
addressfamily any
listenaddress 0.0.0.0:12023
listenaddress [::]:12023 .....
BackupPC usually just works. It backs up the localhost and another PC, both running Debian Unstable. However it stopped backing up the remote machine after the 22nd March.This correlates with updating OpenSSH.All I get is "Unable to read 4 bytes from Server".As suggested on the backupPC website I ranCode:sudo -u backuppc /usr/share/backuppc/bin/BackupPC_dump -v -f backupclientI was asked for the sudo password and then for a password for each directory that was to be backed up.The backuppc password was not accepted. The root password was.Could somebody point me towards a solution? Do I have to recreate the SSH keys?
View 2 Replies View RelatedTrying to install a game and its asking for root password which i type in and it keeps coming back saying that its wrong but if i try and input the same password in when using package manager it works fine ?? and caps is off
View 4 Replies View RelatedI have recently helped a friend of mine install ubuntu on their macbook which they have had since 2007 and we have run into a problem connecting to her wireless network. The WPA2 password that she uses is "invalid" while logged in under her ubuntu partition. We are able to connect to unprotected wifi networks without a problem and her home network can be accessed via OSX and my linux install on an acer aspire one (I'm running Peppermint OS at the moment). This has been a problem since day one of her ubuntu installation.
View 2 Replies View RelatedI did a routine update on 11.04, and after it was complete my root password appears to have changed.I have NOT forgotten it, and I'm absolutely sure that I'm typing it in correctly. More frustratingly, I know that I had to use it in order to do the update, but right after it was completed, I tried to make a small change and it was telling me that it's incorrect
View 4 Replies View RelatedInstalled ubuntu with dual boot Vista and installed wireless driver in ubuntu , so far so good, all accesible wireless networks comes up in the wireless list but when i want to connect to my own network it wil not accept the password and doesn't connect...
View 6 Replies View RelatedI am new to CentOS, and am having a problem with authentication.The system accepts the login if the first 8 characters of the password are correct, regardless of the length of the password.My root password is 15 characters, but entering the first 8 my login is approved, which is a bit of a security concern.I think this may be something I am missing in the PAM configuration.I've experienced the behavior on SSH as well as Webmin.
View 1 Replies View RelatedI have installed suse 11.3 on a USB drive and can boot from it successfully. The install was done using my desktop computer. I then booted my netbook using the usb drive, linux loads and runs fine, however when i need to enter the password to make any changes it will not accept it. I can not even access the hard disk in the netbook. I rebooted using the desktop just to check that the password I was using was correct and it worked fine.
USB drive is a 250GB western digital with only linux on it
Desktop is running Windows XP service pack 3, 4GB RAM
Netbook is running Windows 7 Starter 2GB RAM.
Yes thats right. Last night I changed my logon password for better security. (have a feeling my flatmate knows it). When I tried to log in today, it wouldn't accept my password. No I know that I got it correct. I know this for a fact. So after a few tries, I decided stuff this, I am going to reset it using recovery console. But the recovery console just hangs with the following on the screen:
[4.1098198] Console: switching to colour frame buffer device 100x30
I can ctrl+alt f2, and I just get a flashing cursor. So that's it then. My ubuntu box is hosed and I am about twenty minutes away from formatting and starting again. 6 months of schoolwork, designs for architectural competitions etc all gone.
When I firsts installed Ubuntu 10.04, and tried to hook it up to my wireless network it noticed my connection and accepted my password, but did not connect. My wireless card doesn't have linux drivers installed. I found the correct drivers, but I am unsure of the correct way to install them in Windows so they work in Ubuntu. I am currently dual booting Windows 7 and Ubuntu.
View 9 Replies View RelatedI run openSUSE 11.2 (kernel 2.6.31.12) and I use Wine 1.1.38 to play World of Warcraft from the konsole terminal application. For the most part this works okay, but there is one small issue that continues to annoy me:
Look at your keyboard (assuming standard QWERTY no-name keyboard) - see the key just left of your Backspace key? That key is only partially working for me in WoW. I cannot bind it to any action bar button in-game, with or without addons enabled. For some reason the key works fine when entering text into the chat console though.
I have used xev to get a bit of data on the key itself - not that it is that informative to me though, but the absence of the issue when playing WoW through Windows would suggest that it is somehow endemic to my Linux configuration:
Code:
KeyPress event, serial 34, synthetic NO, window 0x4a00001,
root 0x1a7, subw 0x0, time 6474080, (159,-10), root:(1364,15),
state 0x10, keycode 21 (keysym 0xfe51, dead_acute), same_screen YES,
XLookupString gives 2 bytes: (c2 b4) ""
XmbLookupString gives 0 bytes:
XFilterEvent returns: True
[Code]...
I set up a debian lenny in vmware on my windows machine. The network interface is set to bridged, so the virtual machine is connected directly to the university network i am connected to. I want to be able to ssh into the vm.I installed sshd via "apt-get install ssh", generated a key pair with puttygen and copied the public part to "/home/user/.ssh/authorized_keys", set rights to 600 and then tried to disable password authentication completely, following the "securing debian" documentation.this is how my /etc/ssh/sshd_config looks now:
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
[code]...
I have just built my first ever Linux desktop, using VM Ware and it is running Ubuntu 10.10. I wish to try and use SSH to contact the machine but I don't believe the SSHD is running.
I have done a grep for SSHD shows nothing and have checked the Synaptic Package Manager and can see an openssh-client version 1:5.5.p1-4ubuntu is currently installed.
On Solaris, you can start SSH by typing /etc/init.d/ssh start but when checking /etc/init.d on Linux, there is nothing in there called SSH so am unable to restart it.
I just want to have the SSH running on the machine.
I'm trying to figure out why my industrial appliance (x86, running kernel 2.6.21.7 and OpenSSH_4.3p2 / OpenSSL 0.9.7m) accepts ssh connections without asking for a password (even for root)!When I log on to the local console as root I have to enter a password but strangely this prompt won't appear using a ssh connection (although I'm not using any client certificates).Of course that not acceptable but I just can't find the related configuration entry to disable this "password-less" authentification.Is this related to the sshd or has it something to do with the PAM module?
- Update ->
While looking at /var/log/secure, I've found the following lines:
Jul 18 16:55:07 localhost sshd[5712]: Accepted none for root from XXX port 6393 ssh2
[code]....
I setup my old laptop for my mom with F13 and have sshd running. My dad set up their DD-WRT router so that it's forwarding port 22 to the laptop's ip address. Yet, I get "No route to host" when I try and ssh in from my house. Is there anything that would be preventing F13 from accepting the SSH connection?
View 9 Replies View RelatedI have been trying for weeks to solve this one and have researched everywhere I know to look. Nothing has helped. I am trying to ssh to my other machine (machine1=galla, machine2=cachin). Both run Maverick Meerkat 10.10. I get the following error when trying to ssh to galla:ssh: connect to host galla port 22: Connection refused
uname -a outputs:Linux galla 2.6.35-27-generic #48-Ubuntu SMP Tue Feb 22 20:25:46 UTC 2011 x86_64 GNU/LinuxAlso, sshd does not stay running. I can start it, but a ps tells me it is never running. I imagine herein lies the problem. But why won't it stay running?I am not running any firewall on galla (iptables -L told me that).P.S. I can sucessfully ssh out of galla to cachin. And, even if I just try to ssh localhost on galla, same thing happens.
There is this one server running CentOS5.4 Final which has certain application like Bugzilla. I have setup ssh on it and setup is for password less authentication. Have also setup PasswordAuthentication to no. So with password authentication should succeed. But it is. Though password less authentication is working fine, but I am also able to login using password.
Code:
RSAAuthentication yes
PubkeyAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication no
My master password is not saving any passwords in Firefox. I use this also in Windows XP, and all my passwords get saved. Furthermore, is this even a good idea to begin with? Can the passwords be stolen easily?
View 9 Replies View RelatedSome how I seem to be locked out of my desktop computer. My password isn't working. For some reason all of a sudden it seems to have stopped working. I tried to reboot and now I'm locked out, I can't login. And I'm the only sudo user. How can I fix it or even reset my password
View 2 Replies View RelatedI have a RHEL server with users logging in via ssh. I want to start using public keys instead of passwords with ssh. But public key is as good as a rotten tomato if it is unpassphrased and I cannot guarantee that all users will use passphrases. Therefore I will generate both private and public key on the server and will distribute the private key to the user via user-friendly web interface and thats where I will force them to use passphrase. I know they can change later the passphrase or remove it totally but my users are not so advanced.
So now I am trying to setup a centralized authorized_keys file with to be able to make them only root writable so they cannot put their own public keys on the server , it will be handled by scripts. Now the actual problem. I created /etc/ssh/keys directory instead of ~/.ssh and changed AuthorizedKeysFile to /etc/ssh/keys/%u in sshd_config But when I try to connect with the key I get the following error in the logs (after enabling DEBUG3 in sshd_config)
<CUT>
Mar 8 15:22:28 stagesmpp sshd[12248]: debug3: mm_request_receive entering
Mar 8 15:22:29 stagesmpp sshd[22358]: debug2: channel 0: rcvd adjust 33544
Mar 8 15:22:30 stagesmpp sshd[12248]: debug3: monitor_read: checking request 20
[code]...
Quick explanation about what this thread is: by way of an article featured on linuxtoday, I learned about what appears to be an actively managed IP blacklist: [URL]
# This is a compiled list of dirty hosts associated with
# bruteforcing attempts, spam, botnets, RBN and the list
# continues to grow. The data is comprised of information
# compiled from Arbor Networks, Project Honeypot, FIRE
# (maliciousnetwork.org), Host Exploit, Shadowserver and
# a variety of other similarly based sites.
Quick explanation about what this thread is not: this is not intended to be a discussion about default deny vs. default allow (i.e. whitelists vs. blacklists), nor is this a call for enumerations of your own sshd hardening strategy. Please try to keep on point. That said, can anyone speak to the quality of the blacklist information noted above? And/or are there any suggestions for a readily available blacklist of "known better" quality? I plan to try including an actively maintained blacklist like this into a multi-layered approach for hardening an sshd bastion host.
I am running a fresh installation of RHEL 6 box and it shipped with Openssh 5.3.But, /etc/ssh/moduli file doesn't exist even in this new installation and the SSH log warns as below:PHP Code:WARNING: /etc/ssh/moduli does not exist, using fixed modulusDoes this imply that it is using the same random number for key exchange purpose ? Also, does it impose any security risks
View 2 Replies View RelatedI forgot my new password. I followed the guide on how to recover the password but in recovery mode my keyboard doesn't work, I have tried a usb and a ps2 keyboard. What is going on? Or is there another way to reset my password?
View 4 Replies View RelatedI have an sshd server up and running (F13 64bit) I'd like to connect to a pc that's behind a firewall using ssh tunnelling, so I have something like
ssh -R 1234:127.0.0.1:22 myuser@mypc
then from mypc I can succesfully login to the remote pc. I have just une question. How can I list the ssh active connections and the forwarded ports ?
I've only got to
netstat -tunva
but this returns only (filtered)
tcp 0 0 127.0.0.1:1234 0.0.0.0:* LISTEN
tcp 0 0 ::ffff:172.16.0.XXX:22 ::ffff:172.16.1.XXX:60744 ESTABLISHED
Now I know that the first is the tunnel end but how can I connect the two lines if I don't know the port number (ie: someone else estabilieshes another tunnel)
I'm having troubles trying to understand this problem:my homeserver until yesterday had a public IP, staying on network, with sshd running and all was fine;this evening I changed the IP, giving it a local lan address, and what happened if I tried to connect to it by ssh?I got an error about "Connection closed by remote host". Google helped me finding that was regarded to hosts.deny file, that was actually containing a lineALL:ALLthat I commented, and all was fine.My question is: why the hosts.deny (that has never changed) was observed only with the local IP?I tried to switch back to the public IP and leaving ALL:ALL, and it did connect without any problem
View 1 Replies View RelatedWhat is happening when I log in to my Ubuntu server machine via ssh and putty. trying to understand everything, primarily securing my server.
I have specified the ssh server to listen on port 5525, and can login without a problem.
When I look at the logs though it says I connected from xxx.xx.xx.xx on port 53602.
What is happening here and why is the logged connection a different port to the one specified in the config file?
I'm trying to setup ssh access on my Fedora 12 laptop. I get the following error message in /var/log/secure when I try to login from another machine using ssh and the login is denied:
Code:
sshd[3025]: error: Could not get shadow information for <user>
sshd[3025]: Failed password for <user> from <ip> port <port> ssh2
If I do a 'setenforce 0' I can login and no error is logged.