I have recently moved back to Linux as my primary desktop platform and have begun to use ssh keys for a lot of things. Logging into remote machines but also things like github, bitbucket, and a mercurial-server instance. The managing of my keys has become a little cumbersome. For example, I have the following OSs that I may use on any given day:
- Primary Linux Desktop
- Laptop w/ Windows 7
- Laptop w/ Linux
- Local Linux Server
- Production Linux Server
On each of those OSs, I have a user and from any of them I might need to pull code from a mercurial-server instance. That means I have to setup five "users" on the mercurial-server instance to give just one person (me) access from all locations. So, I was wondering what the best practice for this setup is. Can I use just one key pair for "me" and install the .pub key on all my systems? If I do that, then on most of those systems, the .pub key will be installed and also be in the authorized_keys file (i.e. I want to be able to login to the production server from my local linux box but also be able to login to mercurial-server from the production server), is that a problem?
Finally, I have been wondering about the wisdom in using the same public key for all services. For example, I currently use the same key to login to my production linux server as I use to login to bitbucket. If there was a malicious admin at bitbucket, or any third party I am using a key with, then they can get access to my user on my production system b/c they know my .pub key.
how I can have a TXT dns record having more than one key-value pair for the same domain (website.com, for example). The problem is that if I have two separate TXT records, only the first one gets returned when doing a dns query on it. I am using BIND 9. so, how can I place these two key-value pairs on one TXT record:
created a user but i forgot to change the home directory permission.so after user created when i go to the user and group mangement i cant see that permission filed related to the home permission directory.my purpose is to stop accessing other user to my home directory,how it can be possible??
I've been looking for this feature for months and couldn't find a solution for this. Does anyone know how to create users and limit the user to a specified directory?
I'd like to limit ps aux command outputs to current user only(the one, who invoked "ps". I've recently saw this feature on FreeBSD systems and on at least one Linux system running on shell.sf.net. I run Linux 2.6.33, I wanted to know how to make that. Any advice? Googling around wasn't too successful, perhaps I don't know how to query that, recently tried with "limit ps outputs" "ps aux current user", etc... had no luck.
perform below activities please guide how to do perform below activities.Make sure the Guest account is disabled or deleted.-Disabled or deleted anonymous accessSet stronger UserID policiesSet Key Sensitive UserID Default enable in linuxCombination of numbers, letters and special characters (*,!,#,$,etc.)
set a Linux user (RHEL 3.x and RHEL 5.x) to no direct login via ssh but still allow an su to it from other accounts. setting the shell for the user to /sbin/nologin, which, according to the Google hit, should not affect an su to the account. I tried that and when I attempt an su to the account, the message received is "This account is not currently available".
I was apparently invaded this morning via my private FTP server. The invader logged in with my user name and apparently knew the password for the account,The system is Hardy LTS 8.04.4, fully updated. I have backups that pre-date the intrusion, stored on another system, so am not totally averse to reformatting and reloading everything -- although I'd like to avoid it if possible.The "passwords.txt" file contains only a few passwords for online forums, including this one; it does not include anything critical such as banking information. I'm most concerned about the implications of the ssh config data...
This is probably trivial, but i can't seem to find the solution myself. I have donated my old laptop to a "public" one for everyone that hangs around my house. I've made a extra user account on it, so now it has two, one for me (fafler) and one for everyone else (bruger). Fafler can sudo to do stuff as root, bruger cannot, as i wrote the password on the laptop and i don't want anyone to mess it up beyond making another clean account.
Now, to get root access from the bruger account, i need to
Code: bruger@carbon:~$ su -c "sudo whoami" fafler Password: [sudo] password for fafler: root bruger@carbon:~$ and i need to sype my password twice.
So, how do i setup sudo to ask for fafler's password instead? Or are there any other neat tricks to get around this?
I have (my) main account, which I have root access. I also have other users which can login, I setup wvdial shortcut on their desktop, but it won't allow them to use it because they aren't in sudoers list. I do not and don't want them to have access to other hard drives or root. How do I accomplish this? I did a chown on the wvdial file in ppp to myself, and added read access for other users, but still won't let them use wvdial due to sudoeers.
This is in ubuntu hardy with a multiboot vista/xp/hardy laptop. BTW, wvdial works great in my account/desktop.
Having trouble adding a regular user with ssh access on Hardy 8.04. I can ssh into root, but not into the newly created regular user with the same ~/.ssh/authorized_keys
Code:
sshd_config has: AllowGroups sshlogin AllowUsers user root
[code]....
what could be preventing ssh login to ~user? And yes I would like to disable root ssh access, but it would be nice to be able to ssh into user first
I want full permissions for all computers in my house, without having to get up and go to the other room and change permissions for the file, folder, drive, directory, computer, etc., then go back to the other room again.
I just created a partition, as THIS user, THIS machine, rebooted, and cannot create a folder on the partition I just created. UGH. No more of this stuff... I guess at the very least, I'll still have to log onto each machine for this?
I have a windows 2003 active directory and dansguardian transparent web filter. I want that dansguardian filters according by whom is logged on the workstation. Can this be possible?
This question is regarding squid based security. We would like to enforce browser security onto our users and would like to know if anyone has performed this. Our goal is to check a users browser version/plugin level before allowing them to access the internet in our organization. If their browser does not meet a standard compliance level such as patches or if they are using i.e. 5.0 we would redirect them to a page telling them that they need to update their browser before access will be permitted. Has anyone performed any types of checks like these?
I would like to detect every login on my server. Not only ssh logins (virtual terminals) but also physical logins.There is a way to use nagios or a script to watch log files.But I would like to know is there a way to catch that information one step before.I thought about watching /dev/pts for changes but that is not different than log watching and everything does not appear in /dev/pts like a ssh tunnel (ssh -N user@server). These are only visible in logs because ssh tunnels do not open terminals.But I would like to be able to catch these on login.
I would like to allow a user to login through SSH but with different permission coming from different ipaddress.
For example, a user "tester" login to SSH through 192.168.1.1 and another user login with the same login id "tester" but from different ip 192.168.1.2.
How do I restrict 192.168.1.2 to only allow for viewing the content in the home directory while giving 192.168.1.1 full access?
Here's the beginning of the issue: I'm running Fedora 12 with httpd and sshd. I want to create a user with a scponly shell for sftp access, but this user should ONLY be able to view /the/http/base/dir and its subdirectories. The user should not be able to see or get into directories above the httpd base. Someone mentioned creating a chroot jail for sshd and binding the httpd base to that dir, but this seems like more work than is necessary for the application I wish. Also mentioned was creating a user, say user1 with a selinux user setting of staff_r. I have read the articles and creating a user of staff_r isn't overly difficult, but how would I make it where staff_r would be restricted to where I want them to be? If I'm not mistaken, that would require changing the context of /the/httpd/base/dir?
I was trying to configure user authentication in SSH using certificate method.As u all know the usual way of authentication is using the ssh-keygen method. But i want the another method where we create a certificate key and send it to the CA, which signs it and send back etc etc.I cannot find any unique procedure in the net to configure this method.
we are trying to make a policy decision whether to go with SSH user/passwd or PPK secure key ? our servers are hosted remotely by a hosting service. we were wondering which of these two models are more secure.e.g. i would tend to think that user/passwd with account lockouts upon failed attempts would be more secure because the other option exposes your server in case someone sneaks the PPK file or steals your whole computer.however, what makes me doubt myself is that Amazon Web Services EC2 cloud hosting uses PPK by default (although an instance's SSH config can be change to accommodate logging in but they don't endorse it).
I am trying to run su as a non privileged user to log in as root. However, this only works when I make /etc/shadow world readable. I have /lib/security/unix_chkpwd as a setuid root executable
I want to do setting in RHEL5 such that user should able to change his password only once in a day.I have changed the fourth field (i.e. minimum number of days to change) in in "/etc/shadow" file for "root" to "1". But its not working. I am able to change the password of "root" using "passwd" command.Any one can help me out on this issue
Is there anyway to prevent a user from being able to logon at a machine (Terminal and XWindows) but allow that user to logon remotely using SSH? This user is for remote capture of logs only - on a private network (no internet access).
so, sometimes happen that while I'm on my pc comes my mom and say "can I look a things 10 minutes?", this means that I have to leave my computer in her hands for ten minutes... enough to make something wrong! In ubuntu there is a usefull button "start guest session"..but here in fedora I can't find it...So, I create a new user and I called it "Guest" and I eliminated the password, so they can access also without me... but I have some problem:a) I set the home directory of this guest in /tmp/guest thinking that in this way everytime the home directory will be clean... but this doesn't work...b) is there a way to prevent in all cases this account to autenticate as root? So, if they try to install something it hasn't to show the box "autenticate as root", it has to say only "you can't"
