I've recently been asked to setup our FTP server to accept connections from a remote host. They sent me a file "id_dsa.pub" with instructions to add this key to the xfer user.
Unfortunately I've no idea how to do this!
I'm running vsftpd 2.0.5 on Centos 5.3
This is on Centos 5.3 by the way..... I had a DVD and, well, just wanted to test some things.. I'm aware that this is not the latest release.
And, by the way (I just read an earlier post) I've added the username and password with which I'm trying to login (..hello?).
I'm at work and I don't have a copy of my Vsftpd configuration file (don't wanna edit this whole thing - actually there is a copy, below). I've used Slackware for years and never had any issues with Vsftpd - it just works. I am trying Centos because I need help with upgrading my mail server (qmail) and there's not much help for Slackware users. Also, I used to run RHEL3 and had vsftpd working fine (had to copy some file to /etc/pam.d) but it worked famously. I compiled all my web server stuff (just don't like these default things where I have no idea how things are integrated) and I'm hung up on - of all things - vsftpd.
Anyway....When I try to log into my ftp server I get "KERBEROS_V4 rejected as an authentication type" and only the anonymous account works. Any other logins produce an error (incorrect login - see ya' later). I have SE Linux and the firewall OFF. I don't recall the directive, precisely, but my vsftpd.conf file is set allow local users to connect. I installed with yum and it added some lines at the bottom (one was about a user list and the other was about PAM). I've got a chroot list and a user list although it's not clear to me precisely where the user list should be placed. I actually uninstalled the RPM and compiled, too. I've done everything but call an exorcist. And I've found tons of posts regarding this on the net and none of the fixes worked. Man - on slackware you type "make" and "make install" (I build it with tcp_wrappers) and you're off to the races.
Actually - I did upload the vsftpd.conf file to work (where I'm at, now). Minus lines that were commented out it looks like this:
Could it, possibly, be something about how I am adding the user, the shell type, etc? I know that in Redhat I used to type "/usr/sbin/useradd -d /home/someuser joe". I've done it that way and I've also done it like so: "useradd -d /home/schmoe -s /bin/bash schmoe".
I've setup vsftpd correctly and it's running fine with local users (in the same LAN). However, when remote users wanna login to the server, it takes more than 1 minute to get in. Users do can login from remote. It just took too long. (It prompted for the username and password very fast.) Since the server is behind a router, I did configure the port forwarding for TCP 20-21. The centos version is 5.3. The vsftpd is v2.0.5.
View 6 Replies View RelatedI need to setup a xdmcp server on ubuntu 10.10 to allow for remote connections. Obviously this cant be done from the login window as with previous versions of Ubuntu.
View 3 Replies View RelatedI have vsftpd running as FTP server on Ubuntu 9.04 jaunty. Login works correctly with password for local users (those with an login account on the server) and without password for anonymous.
I want to further tighten security by requiring local users to provide a client certificate. But even if I include "require_cert=YES" and "validate_cert=YES" in etc/vsftpd.conf, clients without certificate are allowed to login; require_cert seems to be simply ignored.
I'm having problems getting openssh server to accept connections in Ubuntu 10.04.Here's what I've done (twice): Installed Ubuntu 10.04 on USB drive with pendrive installer. This creates a default user "ubuntu" and you don't get the chance to choose a password for it. Started a keyring for network access and selected password. Works.Enabled VNC and selected password. Works fine with VNC client on local network. Logs in as "ubuntu" user and asks for the VNC password, then connects. Note: the client doesn't know the "ubuntu" user password, and neither do I! However, it works.Installed openssh client and server from Ubuntu s/w center.
$ ssh localhost OR $ ssh ubuntu@localhost try to connect, but asks for password, which I don't know (see step one, above) so, then I created a new user, with known password, logged in as new user in Ubuntu, works.however, $ ssh newuser@localhost still fails, even when correct password for <newuser> is supplied. Rejects the password three times, then gets the usual error about keys.I also tried connecting with an SSH terminal app from my iPad, again using <newuser>. It gets essentially the same error, "failure to authenticate".
All this is still on my own LAN, haven't gotten to going outside the router yet.What I want to do in the end is use VNC over SSH from a client on my iPad to talk securely to Ubuntu while I'm traveling.
I have a bunch of Ubuntu boxes on one subnet, 192.168.1.0. I have a Windows 7 box on another subnet, 192.168.2.0. I am able to ping and SSH to all servers on the .1 subnet except for one server, which I will call PITA. I will attempt to SSH to PITA, and it won't respond, nor does it respond to pings. I will the SSH to PITA from another of the test servers, successfully connect, and then when I SSH from my Windows 7 machine I can connect successfully. If I first connect via console to PITA and send some pings out (to anywhere, like 4.2.2.2), I can also connect from my Windows 7 machine. I've never seen anything like this.
One of the weird things is that I used PITA to create an image that I then used to create many of the other test servers, and they work fine, so I'm not sure what the problem is. I've checked /var/log/messages and syslog and there's nothing in them that indicates a problem. I've rebooted this server, restarted SSH, changed the IP in case it was conflicting with something else, forced an ARP update in case it was cached (since I had bonded the interfaces), cleared the ARP cache on my own machine, verified Network Manager is not installed...and I still have this issue.
Here are some network-related config:
/etc/network/interfaces
Quote:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
[code]....
Our DBA has an application running on Server2 which needs to connect to Server1 (Linux OEL5.5 server) thru port# 9171. I use telnet to test basic connectivity.What should I do on Server1 in order to open up port#9171 for connection.
View 4 Replies View RelatedHow do I setup a host computer to accept display from laptops in a group of laptops?
I have a group of people each set to manage a specific task. I have a projector in the middle of the room hooked up to a computer. How can each user push their screens to the host computer? All computers are on a lan
I run a web server on Fedora 12, principally using Apache, MySQL, and PHP. I host a variety of sites, one of which is a family website that contains semi-sensitive personal data for several hundred extended family members, who all have access to the database-driven site.
Until now, I have been using a self-signed SSL certificate to encrypt the data as it is read and written back and forth from my database. Family members have simply had to put up with clicking past certificate warnings as they enter the site, as most browsers flag self-signed certificates as bad. It hasn't really been that much of a bother, but I'd love to do it more professionally. I have looked into buying SSL certificates, but it's a site I host for free and would rather find a cheap or free alternative if possible.
So I'm just fishing for ideas to work with. What are some alternatives to using SSL certificates for moderately strong website encryption? So far, I run only one host on the domain, but may eventually need encryption that would support multiple hosts. Or does anybody know a way to make self-signed certificates work on most popular browsers without being flagged as suspicious?
I'm having trouble getting my pix firewall to log to syslog server. Here are the steps I took:
1) Added the following line to /etc/sysconfig/syslog:
SYSLOG_OPTIONS "-m 0 -r514"
**for some reason, without the 514, syslog doesn't listen
[code]....
I am able to telnet to the server via a remote connection, but for some reason, it will not accept mail. ere is the bounce back email I am getting.Quote:This is the mail system at host smtp.mydomain.net.I'm sorry to have to inform you that your message could notbe delivered to one or more recipients. It's attached below.For further assistance, please send mail to postmaster.If you do so, please include this problem report. You candelete your own text from the attached returned message.The mail system
<root@mydomain.net>: temporary failure. Command output: pipe: fatal: pipe_command:
execvp /usr/bin/perlbin/vendor/spamc: No such file or directory
Reporting-MTA: dns; smtp.mydomain.net
[code]....
I just installed Ubuntu server and wish to run an apache web server from it. I have that setup, with each user having their individual folder. (E.G) apache root /var/www/ LazerPhreaks folder is /var/www/LazerPhreak/ so their website would be www.mysite.com/LazerPhreak/) I wish to setup vsftp to let each user access their individual folder and upload website files via ftp. How should I go about this?
View 1 Replies View RelatedI've setup vsftpd for my FTP on my server, I edited the vsftpd.conf to allow me user to gain access to their home directory, It doesn't seem to let me in, I'm getting the error
Quote:
530 This FTP server is anonymous only.
this is set at yes
I've set it to NO and I get
Quote:
500 OOPS: vsftpd: both local and anonymous access disabled!
I don't quiet under whats going on, I followed this tutorial [URL]
In the end I want to be able to upload files to the www directory for my web site.
how to setup logs in Vsftpd? I have default configuration in CentOS but its not log`ing
View 1 Replies View RelatedI'm using fedora core-8. I need to setup dialup server to accept dial up connection.Dial up server shoudl also allocate ip address to client (trying to connect using modem)If some one knows how to do this, please let me know.I'm trying to achieve peer to peer communication between two computers connected using modem on both side over PSTN line.
View 2 Replies View RelatedI've been using VSFTPD for years but i can't seem to get over this particular issue. I'm unable to make VSFTPD 3.0.2 work with a legit STARTSSL TLS cert on Debian 8.1 kernel 3.16.0-4-amd64.
500 OOPS: SSL: cannot load RSA certificate.
Openssl 1.0.1k correctly verifies the .PEM file containing both my domain's cert and the intermediate CA one. I've tried adding the private key to the .PEM file and also using it as a separate .key file. Also tried mixing my cert with the intermediate CA one and the private key... to no avail.
Every file is inside /etc where all the conf files reside (also the user specific conf files). File permissions for the .pem and key files are 600.
I'm successfully using the same certificate for NGINX.
Configuration file:
Code: Select alllisten=YES
listen_port=40000
pasv_enable=YES
pasv_min_port=40222
pasv_max_port=40224
listen_address=192.168.1.150
[Code] ....
Trying to set up VSFTPD on the CentOS 5 box at work, which is an internal web development server. I'm leaving soon, and all knowledge of or desire to learn SSH is going with me so the other employees will need to be able to access the web root using FTP clients.
Essentially there is no need for special user accounts or privileges, it's an internal server in a tiny company. I've got the LocalRoot set to /var/www/ which I can log in to and read all files via FTP, however despite setting everything to 777 in /var/www/ and below, I still can't get any write privileges on the FTP server.
I have run a small webserver from my home computer and I can access it fine from computers on my local network, but cannot access it from other networks. I see in wireshark that the traffic is arriving at the computer and I have checked the firewall logs on my computer and nothing is being blocked(I use iptables as a firewall), and I can't see any reason why it shouldn't be working.
View 2 Replies View RelatedI'm testing a Debian Lenny virtual machine to simulate my ideal setup for FTP server (with vsftpd): I want all internal users (corporation users with Active Directory accounts) to ftp into the same directory (i.e. /var/FTP/AD-DOMAIN/) and external users (customers) to ftp into their home directories (created manually on request).
I added user_config_dir=/etc/vsftpd_user_conf option in /etc/vsftpd.conf file and I've created /etc/vsftpd_user_conf/domain-user1 with local_root=/var/FTP/AD-DOMAIN
I have setup vsftp so I can ftp with every external and internal user chrooted and is working properly. AD validation for internal users and "normal" validation (via /etc/passwd) for external users work perfect.
I can FTP this server into /var/FTP/AD-DOMAIN with any AD user with its home directory created (i.e. /home/AD-DOMAIN/domain-user1/) but if I try to ftp with any AD user without its home directory created I get the error "500 OOPS: cannot change directory:/home/AD-DOMAIN/domain-user2"
I have found some references (http://wiki.flexion.org/FtpServer.html and http://howto.gumph.org/content/setup...ies-in-vsftpd/) about vsftp PAM authentication so I would supposedly get rid of the error message and the user would log into /var/FTP/AD-DOMAIN without problems, but I can't figure out how to setup my FTP server.
does anybody knows how to setup the same upload/download folder for all users ? My vsftpd has been installed on CentOS. Its using system user.
What should I put in /etc/vsftpd/vsftpd.conf to configure folder
/fileserver
for all users ?
I updated yesterday. Main change was from kde 4.5 to 4.6. Since then when I start kmail I have always a message about the certificate not applying to the given host. I use kmail to connect to a dovecot imap server. Everything worked fine before. I know very little about certificates. I tried to generate again the certificates (running /usr/share/doc/packages/dovecot/mkcert.sh) but I don't know what else to do.
View 8 Replies View RelatedI tried to set up vnc following the steps of this webpage:
[URL]
which did not work. I changed everything back the way it was, but when I tried to ssh in to my remote server, the connection timed out? It showed nothing in secure logs. I tried to ssh in through webmin, in asked for auth but did not connect. The logs said this:
Jul 30 12:05:10 server sshd[2829]: Did not receive identification string from 209.139.209.100
I tried to telnet port 22 through the shell in webmin and got this:
> telnet 209.139.209.100 22
Trying 209.139.209.100...
Connected to 209.139.209.100.
Escape character is '^]'.
Connection closed by foreign host.
I tried reinstalling ssh, but got the same errors...It worked fine before the howto. I can't imagine how it changed something in ssh...
The internal network is behind nat done by the PC Router.The TP Link is recieving wireless signal from outdoors and it has switching and basic routing capabilities. I'm using the PC router for better routing options.PC Router (or R for short) is a triple-booting machine - Linux, FreeBSD and Windows. It has two lan cards - external (ext_if) - 100Mbps Realtek 8139 and internal (int_if) - 1Gbps integrated Realtek 8169.The problem is that all traffic from R to the network is slow - about 5-20K, while the traffic in the oppoiste direction is all right - about 10MB that is fine for 100Mbps cables, NICs and switches. The problem persist no matter the OS the pc R is running.I've tried some debugging on the situation as follows:
- put another PC at the place of R - everything is fine. That exclude the possibility of damaged cables, RJ-45s, switches and etc.
- connected both of the NICs to the Internet while the internal network is being disconnected and they both work fine (no delays)
- traffic shaping is not running
- there is nothing in firewalls except NATing the internal network (and it is working fine). Actually these firewall rules have been operational for more than months and everything was fine untill a week or two ago.
- changed the internal NIC with another
- connected the internal network directly to the TP and all of the PCs are getting good network performance. Then connected the R machine to the TP as well and there was good performance between the internal network PCs and R.
- R has good performance to the TP. In fact everything has good performance directly to the TP (when not connecting trough R).
- the problem persist only between R and machines from the internal network.
I am writing a server which uses edge-triggered epoll. When the server calls accept(), it just extracts the first connection in the pending queue. If there are more connections that are waiting, can we make the server accept all the pending connections? I wrote a loop like the following:
do {
client_fd = accept(...);
/* Work with the client fd */
} while (client_fd != -1); [/code]
Doesn't seem to work. A related question, more a clarification, is as follows. My understanding was that a connect() at the client returns only when accept() in the server returns. Clearly, I was incorrect. Even with no accept() call in the server, my client was able to connect and send data. Am I getting this right?
'm running on Ubuntu and I've succesfully setup apache alongside with a working php & mysql configuration - other computers connected to the LAN can access it by typing in my ip: 192.168.0.9however I would like my webserver to be accessible by all internet users...I've got my ports.conf file in the apache setup to listen on ports 80 and 8080 this is my ports.conf:PHP Code:
Listen 80
Listen 8080
Listen 2000
[code].....
I installed dovecot on my server and now the imap and pop3 ports are open.But when I want to telnet it, it's not possible.Code: Trying 127.0.0.1...telnet: Unable to connect to remote host: Connection timed out.Also I can't any ports else. But I can connect to it from other computers. I tried to connect to this from my PC and it was successful.
View 7 Replies View Relatedi have made a java web server which works on localhost.but now i want to capable it handling many clients at a time.so clients running on different computer need machine name or IP address of server computer.How can i do this in java?
View 1 Replies View RelatedI have a load balancer with 2 web servers behind it. The web servers rsync with cloud storage to update their apache directories 1 time every hour. Apache is just running php pages that pull/push data to a DB so they dont need to be updated that often. However I need to figure out how to implement a Master/Master MySQL setup to have my web servers point to for the PHP stuff. I need to implement it without having a single point of failure. The Load balancers are useless for failover as they only detect availability based on Ping request. So putting a master/master setup behind a Load Balancer is out. what is the best way to setup the master/master mysql in a HA setup without the use of a load balancer provided by the host?
View 2 Replies View RelatedWe recently had a vulnerability scan done on our network and one of the vulnerabilities was that the dns server discloses the remote host name when using hostname.bind.
Is there any way that we can stop this from happening? Our name server is a Fedora 11 machine.
