I'm trying to ssh into my Ubuntu box, but the connection is getting denied.
When I look at /var/log/auth.log, I see the following:
Code:
I googled for this, and ran across the following: [url]
Here's the part that I think relates to the problem that I'm having:
Quote:
It's not clear from context which configuration file needs to be edited, and I'm not at all familiar with SELinux configuration.
I'm trying to setup ssh access on my Fedora 12 laptop. I get the following error message in /var/log/secure when I try to login from another machine using ssh and the login is denied:
Code:
sshd[3025]: error: Could not get shadow information for <user>
sshd[3025]: Failed password for <user> from <ip> port <port> ssh2
If I do a 'setenforce 0' I can login and no error is logged.
What is happening when I log in to my Ubuntu server machine via ssh and putty. trying to understand everything, primarily securing my server.
I have specified the ssh server to listen on port 5525, and can login without a problem.
When I look at the logs though it says I connected from xxx.xx.xx.xx on port 53602.
What is happening here and why is the logged connection a different port to the one specified in the config file?
Tried google and searching this forum to no avail. Under Fedora 14, there is an selinux policy which blocks sshd from making outbound connections on port 80 or 443. This can occur when a client box tries to tunnel through the ssh connection for encrypted access to the web.
While I did manage to allow this happen by creating a permissive domain for sshd with this command:
Code:
The preferred way would be to allow sshd to make connection on other ports with a similar command that does not seem to work:
Code:
Is this the correct way of allowing an outbound port connection for the sshd daemon?
I recently installed the pptpd server on my system and set it up according to these instructions:HTML Code[URL]t=132029However after setting everything up on attempting to connect to it from a windows machine (windows 7 home premium to be specific) it gives me two errors which are 720 and 800...It reaches "registering your computer on the network" fine and then gives 720 on the first attempt to connect and then 800 on the second attempt to connect...and then on the third 720 and 4th 800 and so on..My system running the server's I.P is 192.168.1.70My system running the windows OS trying to connects I.P is: 192.168.1.66
View 2 Replies View Relatedi have a problem with connecting to AP with static IP. i have set the IP, netmask, and gateway manually thru network manager but still no luck. the status is connected but i cant even open a webpage. ifconfig command output not showing the IP address i entered.
View 1 Replies View Relatedi ahve just installed fedora 11 kde edition and i used to use fedora 10 after finish installation i edit the connectons to connect to my network im in lan network but i connect my cable to an access point to free using my laptop anywhere after adding every thing (wep key ,static ip's,) as i used to do and i have the connected sign at the system tray.i open the browser but no internet connection pinging the gateway returns "Destination Host Unreachable".
View 1 Replies View RelatedMy wireless is 'almost' working, but frustratingly not quite there. Debian Testing (squeeze). I have two different wireless adapters. Both work flawlessly from an ubuntu live CD in the same machine, connecting to the same unencrypted access point so the problem is not faulty hardware, weak signal, overpowering signal, interference from other AP's, MAC filtering, or anything to do with WPA.
I have loaded the correct (I think) firmware packages for both adapters. dmesg is not complaining about missing or incompatible firmware. I have googled the various error messages reported in dmesg and found that the /etc/Wireless/RT2860STA/RT2860STA.dat missing config file is normal. I could not find anything that I understood concerning the BSS returned, data->length messages but since I see the same thing in Ubuntu (where the wireless is working flawlessly) I assume they are also normal and not related to the problem.
Both adapters can see all the available access points (using iwlist {iface} scan or using gui tools such as wicd, wifi-radar) NEITHER adapter will associate with any access point (and I've tried three different unencrypted AP's so far). I can connect to all/any of these AP's from an ubuntu live CD using the exact same hardware, so this is NOTHING to do with MAC filtering, etc... using 'iwconfig {iface} essid' as root to set the essid "appears" to work, but simple does not set the ESSID on either wireless adapter.
Using the GUI tools (which are only a front end for the command line tools so I have no idea why everyone thinks a GUI front end like wicd will magically work where the command line tools don't!!) I simply wait a long time for "getting network address" before it eventually fails. LOTS of information in pastebin, please make the effort to read it before asking me for things I have already supplied. And please keep any "RTFM noob" or "go back to ubuntu" replies to yourself. I HAVE read the f*cking documentation and I do not want to go back to ubuntu. I just want to get my wireless working in debian.
I have done a fresh install of the OS and I am having wifi trouble. I am failing in connecting to an access point that Windows works fine with on the same machine. As far as I can tell it is connecting but not getting an IP address via DHCP. when running ifup it says its backgrounding getting an ip address.
View 9 Replies View RelatedI cannot ssh into an RHEL 5.5 server (192.168.20.104) from another RHEL 5.5 server (192.168.20.101) unless server debug is turned on 192.168.20.104, and even then, I have to wait several minutes before the connection is established. scp to and from the 104 server is also not working.Here is the debug output on the 101 server when server debug is not enabled on the 104 server-:
Code:
[applmgr@tclg-clone-01 ~]$ ssh -vvv 192.168.20.104
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
[code]...
At first I thought that the following command will restart my sshd server:
/etc/init.d/sshd restart
but there is no "sshd" server in this directory.
How else do I (re)start the ssh server? How can I get the version/release number of the sshd server? Where (in which directory) should I put SSH keys?
I've got Fedora 14 running on an EBS volume on Amazon EC2. I've created a few users and enabled port 22. When I set a password for these users, they can successfully ssh into the instance; even if they logout and login again....until:
If I reboot the machine, they can no longer ssh into the machine (permission denied). If I issue the passwd <user> command and change their passwords, they can login again....until I reboot the machine at which time they cannot login again until I change their passwords. The problem exists even from the machine. That is, if root attempts to ssh into 127.0.0.1 using their username/password, the same problem/resolution exists.
You can find a list of all the booleans for SELinux (Fedora 10) using getsebool -a My question is, is there a reference online that describes each one. Most of obvious but it's one of those "I have to know because it's there situation).
View 5 Replies View RelatedI have a Redhat fedora core release 6 (2.6.22.9-61.Ns4) server and form time to time ssh fails although I am still able to ping the device and with a reboot the device will start working correctly so upon further investigation it appears the sshd daemon fails.Not knowing a great deal about Linux I thought I would ask some advice on the path I am thinking of taking. The first would be to put an entry in the cron to try and start the ssdh every hour or so. Would this cause issues in the long term run it multiple times when the sshd daemon was still running?
The Second though I had was having a bash script to check if the process was running and if not restarts it and if it was just exit the program which would seem like a neater way to do it but this is where my limited Linux knowledge hits a wall so was looking for suggestion on how to implement this?
I want to make sure sshd service will start after a server reboot. On redhat or centOS I can do "chkconfig sshd on". What's the equivalent command for ubuntu?
View 1 Replies View RelatedI'm running Ubuntu 10.10. I recently installed the open ssh server so that can sftp stuff. However, I do not want the server to always be on, only when I manually start So, I did an 'update-rc.d -f ssh remove'and now I don't see any startup scripts in the rcx.d directories any more.However, when I do a 'ps ax', there is always a '/usr/sbin/sshd' process running. I try to kill it but it keeps restarting under a different process ID.How do I disable sshd?
View 3 Replies View RelatedI have problem with sshd server, its authenticate user and then terminate the session. Here is debug log:
Jan 1 04:26:41 server sshd[29677]: debug1: userauth-request for user root service ssh-connection method none
Jan 1 04:26:41 server sshd[29677]: debug1: attempt 0 failures 0
Jan 1 04:26:43 server sshd[29677]: debug1: userauth-request for user root service ssh-connection method password
Jan 1 04:26:43 server sshd[29677]: debug1: attempt 1 failures 0
Jan 1 04:26:43 server sshd[29676]: Accepted password for root from xx.xx.xx.xxx port 50971 ssh2
Jan 1 04:26:43 server sshd[29676]: debug1: monitor_child_preauth: root has been authenticated by privileged process .....
I'm using CentOS 5.3, and I want to allow my samba server from selinux. I disabled my selinux and it works fine, but I want to keep my seline firewall on and want to allow other workstation to access my samba server.
View 8 Replies View Relatedam trying to Selinux in enforcing mode, but its giving below error.I have Ubuntu server 10.10root@ubuntu:/common# setenforce 1setenforce: SELinux is disabled
View 1 Replies View RelatedI am trying to setup a chroot with a sshd service running. when I start the sshd in the chroot and login I get this message. Can not find anything on google.
[damien@dev ~]$ ssh -l damien localhost -p 2233
damien@localhost's password:
Last login: Tue Jul 21 13:32:52 2009 from 127.0.0.1
debug3: PAM session not opened, exiting
Connection to localhost closed.
[Code]...
I would like to monitor a RedHat via snmp. I would like to make available data via snmp. The data that I would like to graph are only present in logs file. Is it possible to parse data from applicative logs and have them available for my cacti server via snmp? I already monitor CPU, mem, and others with cacti using the standard MIB.What would be the logical step I would need to achieve that?
View 1 Replies View RelatedI'm getting the error described in this bug. The fix is described in the bug:Code:The following additional SELinux permissions were found to resolve the situation:
samba_domtrans_winbind_helper(httpd_t)
allow httpd_t winbind_helper_t:process signal;
apache_append_log(winbind_helper_t)
[code].....
I always thought that whenever /usr/sbin/setsebool was used, it would write either a "0" or a "1" into the corresponding boolean file. All SELinux boolean files are in /selinux/booleans but If I check, for example, this boolean ...
[Code]....
In my production setup, i have 3 servers using the same mount point. However, i see that the IOPS is low. Does this kind of architecture have any impact on IOPS. In case it is neutral, how can i tune my setup for better IOPS.
View 1 Replies View RelatedI've got a red hat box joined to a win 2k3 domain and I'm using pam_mkhomedir.so to create user's home directories on first login to the box. extract from /etc/pam.d/sshd Code: session required pam_mkhomedir.so skel=/etc/skel umask=0022 The problem I have is that this only works if I switch SELINUX off (i.e. set enforcing to disabled ). Unfortunately, the error messages are not very helpful. Extract from /var/log/secure below:
[Code]...
I always thought that whenever /usr/sbin/setsebool was used, it would write either a "0" or a "1" into the corresponding boolean file. All SELinux boolean files are in /selinux/booleans but If I check, for example, this boolean ...
$ sudo /usr/sbin/getsebool ftp_home_dir
ftp_home_dir --> on
It returns a positive, but if I do
$ sudo less /selinux/booleans/ftp_home_dir
I get ... read error (Press Return)
Furthermore, if I list the boolean file itself, it shows it to be empty
$ sudo ls -l /selinux/booleans/ftp_home_dir
-rw-r--r-- 1 root root 0 Aug 9 11:09 /selinux/booleans/ftp_home_dir
Where is SELinux storing the booleans then?
This is on CentOS 5.4
I'm able to connect to ftp as a virtual user. It was also difficult as nowhere mentioned, that it should be done with SSL. Anyway I found the answer and got connection. But now I can't connect to ftp server as system user. It gives me "530 Permission denied", or if I delete the user from the file denied_users, - "530 Login incorrect".
1. Still I can't understand, how I can log in to FTP server with a system user.Also some other questions regarding this matter:
2. My httpd server Apache has a virtual hosts located in "/home" directory.The scripts create users in "/var/ftp virtual_users". Will it cause any problem if I will change them to "/home"? All I need to do with this is ability to have several virtual hosts in one server with separate access to each of them via FTP. And 1 account with access to all files in "/home".
3. In my ftp client I can see the owner of virtual host "ftp" instead of username.
Whenever i restart postgres in my server, Selinux is not letting it log anything. In /var/log/messages, it says.
Quote: Jan 28 14:15:43 dataserver kernel: audit(1264709743.263:38): avc: denied { append } for pid=5986 comm="postmaster" name="pgsql.log" dev=sda8 ino=3932166 scontext=root:system_r: postgresql_t tcontext=root: object_r:var_log_t tclass=file
Jan 28 14:15:43 dataserver kernel: audit(1264709743.263:39): avc: denied { append } for pid=5986 comm="postmaster" name="pgsql.log" dev=sda8 ino=3932166 scontext=root:system_r: postgresql_t tcontext=root: object_r:var_log_t tclass=file
I cannot disable SeLinux in this server.
It seem that I can set selinux to permissive but when i reboot it turns back on? Can I unistall it? I am running RED HAY 5 and Centos 4
View 2 Replies View RelatedI don't think it has anything to do with the config file.More to do with SElinux. I need to know how to configure SElinux so I can see my samba share when SELinuxis on. When I setenforce 0 I can seen all the files and folders set it to setenforce 1 cannot see anything.Here is the output when I ran [root@fileserver /]# getsebool -a | grep smballow_smbd_anon_write --> onsmbd_disable_trans --> onThese two options were off I tried turning them on.This is another one of the commands I tried running. I did change a few options but I am not sure which I do need to change. I am running a stand alone server so I don't need the DC option.
[root@fileserver /]# getsebool -a | grep samba
samba_domain_controller --> off
samba_enable_home_dirs --> off
[code]....
