Ubuntu Networking :: Restricting Ssh Access To LAN
Jun 29, 2010
I have a desktop (picard), and I want to be able to connect to it from my sisters laptop (zuma) to quickly scp files from my machine to hers. At the same time I don't want the whole world to be able to connect to my machine via SSH. We're connected through a router. I've tried adding the line
"ListenAddress 192.168.0.0"
to /etc/ssh/sshd_config, but this prevents me from being able to connect to my machine from another on the network. From my understanding of the ListenAddress directive, I would assume "ListenAddress 192.168.0.0" would allow my sister's address through (192.168.0.192).
Am I missing something?
View 1 Replies
ADVERTISEMENT
Jan 14, 2010
I have a small home network with a router to the outside world and an ubuntu server through which traffic passes first.My ISP limits my download usage during the day, which traditionally has not been an issue, but now the children come in from school, boot up the internet and up goes my usage!Ideally I would like to be able to restrict them to IM and maybe certain specified URLs (I think the latter probably needs to use Squid though?). Once the download limits are lifted, I would like my iptables to allow HTTP, etc, but pretty much block most other things.
I have two sets of iptables currently to approach this issue, with a cron job that runs to swap between one and the other.Chains run in order, so if rule A says allow x, and rule B says drop all, then X should still be allowed. However, try as I may, this is not what happens in practice. I have even tried changing the overall order from ALLOW to DROP in FORWARD and then approach from the other angle. That didn't work either. *IS* it actually possible to block all but http / https and IM? These are myrules:
Code:
# Generated by iptables-save v1.4.4 on Sat Jan 9 19:15:49 2010
*nat
:PREROUTING ACCEPT [583:45175]
:POSTROUTING ACCEPT [694:60887]
:OUTPUT ACCEPT [143:18642]
[code]....
View 14 Replies
View Related
Feb 4, 2011
In my office i want to setup a Linux machine for public usage , in this machine i want to restrict/deny access to certain applications (ex:- k3b, xterm , pdf reader etc) for certain users/group of users as per the office policies.
1)By what method/procedure i can achieve this objective ?
View 3 Replies
View Related
Apr 22, 2010
I have an internet and mail server installed CentOS, and I want to restrict client machines to access a certain website, e.g. if i want restrict users from accessing the website: www.mydomain.com, How do I do it?
View 6 Replies
View Related
Apr 13, 2010
Is there a way to restrict users that are logged into the shell via SSH/Telnet/SFTP from using the 'cd' command to move into certain directories, yet not use the chmod command to do it? For instance, restrict users logged in from accessing the /var/www/ folder but have it still accessible using a web browser. Also, would this defeat the purpose since they could just wget from it if its still web accessible through a browser?
View 8 Replies
View Related
Nov 26, 2010
Every developer in our organization has access to a single development server and all development ( other than basic experimentation ) is done on this server. This is primarily because there are several interdependent systems and having copies of these systems on each developers machine slows that machine down to the extent of making it completely unusable. All developers access this development server using ssh. Of course this implies that scp will also work as the sshd daemon is running making data vulnerable.
We are currently attempting to secure the code and data on this server from unauthorized copying and transfer.
Currently I am attempting to set up virtual machines on each developer machine that can then be used to connect to the development server. I have created a shell that does nothing but allow for the typing of one command that simply transfers ( ssh login ) the user onto the development server.
I am using virtualBox and ubuntu mini to achieve this.
Problems: The first question is if this is a reasonable way to achieve what I am attempting to. Is there a better way?
The others is more in terms of the set-up: I am attempting to resize the virtualBox console. I tried this by editing grub. Although I am able to resize the screen at start-up the entire screen goes back to ( what I believe is 800x600 ) after the Ubuntu splash screen.
The virualBox seems to have completely messed up the keyboard detection how can I rectify this?
The other is regarding the restricting of shell access I have currently done this by removing access to /bin/ for normal users. Is this secure enough or is there a better way?
View 1 Replies
View Related
May 26, 2011
i installed tomecat6 in Linux server i deployed xyz.war file and jkmonunt in Apache this is for out side usage recently i deployed one more war abc.war i din't mount in apache this is internel application usage purpuse in my application i tried to call this abc.war (http://X.X.X.X:8080/abc/abc.war) but i am unable to access this folder i checked the iptable rules i gave access permission in 8080 port.
View 2 Replies
View Related
May 1, 2009
I have set up a small Mesh Wireless Hotspot at a local Flea Market. My plan is to add in one of those HotSpot services for billing and such..ut until I have enough users to justify that expenditure, I am just going to manually set up accounts.The system is all up and running as an OPEN SYSTEM. Users are able to access the net just fine thru my existing setup.My question is, how can I create user accounts so that users of my wireless network will have a username and password that they can log in with
View 11 Replies
View Related
May 17, 2011
I have a SSD that is a SATA-IF YOU NEED MORE INFORMATION PLEASE DO NOT HESITATE TO CONTACT ME. and can run at 3.0 Gb/s - in the error log it is being restricted to 1.5.... I have no propritary drivers, (apparently) that need updating - is there anything else I can do to get the full speed?
View 3 Replies
View Related
Apr 11, 2010
I have searched somewhat this forum but haven't yet found a similar post using the keywords I entered but perhaps there is already a similar post then please refer me to it.I am trying to add a user account "Guest" to allow people on my laptop without giving them access to vital parts of the computer. Basically, I want them to only be able to view their own home directory and access internet. Nothing more.I have set the group to "guest" and changed the other home directories of other users to owner access only.
Guest still has access to root and is still allowed to perform actions in various critical areas (deleting files from for example my Windows 7 partition). This I also want to prevent. I was thinking to set each directory's permissions to Owner and Group only and remove Others access.My questions:
1. Will this have any undesirable impact (programs of main user accounts not able to access certain directories)? For guest user I don't care as long as internet works.
2. When I start User Manager and disable for Guest all options except "access internet" (so I also disable access to CDROM), the guest can still access the CDROM. Does this mean the User Settings menu has no effect or is overruled by something?
View 9 Replies
View Related
Nov 7, 2010
We set up a server with my friend (still newbies ) a couple of months ago using Ubuntu 10.04 LTS server edition and agreed to let some folks at school to use it to install drupal on it for teaching and learning purposes. So the idea is that there are multiple users that all install drupal in their home folders separately using SSH and continue from there on etc.
Everything is set up for that to work (domain, settings etc), but there's one thing nagging me, and that's how everyone can look at everything on the server. They dont have rights to modify anything but can look at file listings and view inside files etc.
So how do I restrict the viewing rights of users to inside their home folder, BUT so that they can use the cd command to go to folders inside their home folder, but not outside of it. As far as I know rbash purely keeps you inside home and allows nothing else, so that doesn't work, because you need the cd command.
View 6 Replies
View Related
May 30, 2010
I have setup firefox for certain users, with specific extensions. I would like to know which directories to restrict so that no new extensions can be installed, but the currently installed extensions will be able to update without a problem.ba
View 1 Replies
View Related
Dec 29, 2010
I wanted to restrict users within a particular folder say /var/lib/tomcat/webapps. I want the users to see all subfolders inside webapps and work with it (edit+read but no delete). I understood that chroot is the way, and i read this [URL] community discussion, but what i understand out of it is, they are trying to give a complete working installation of ubuntu to the user within a directory which i dont want to.
View 3 Replies
View Related
Feb 15, 2011
I'm trying to write a script that uses the 'du' command to make essentially a text-based filelight type program. It should scan the current directory for the file's sizes and display them in order largest to smallest (or vice versa). The user should be able to go throughout the file tree and see child directories scanned for the sizes as they're accessed. I just need to know one more thing- how can I restrict the displayed results to the current working directory? would a grep for the output of pwd suffice? just getting some thoughts before i try and possibly dig myself a hole.
View 1 Replies
View Related
Jul 16, 2009
I hope I am in the right forum. I have a question about restricting users from being able to change their own passwords in Fedora 10. In Fedora 6, I was able to do this by using passwd with -n and -x flags. If I would set the -n value greater than the -x value, then the user would not be able to change his/her own password. If I do this in Fedora 10, this no longer works
View 4 Replies
View Related
Feb 16, 2010
I need some kind of step by step process to restrict my users to only have access to directories that I specify ? For example user joe can only access his home directory, read access to /tmp and read access to /var/log/httpd
View 1 Replies
View Related
Aug 9, 2010
I have a few small lists created in mailman, and I want users to be able to receive, but not post. Where do you find this setting?
View 2 Replies
View Related
Apr 3, 2011
I want to limit the amount of connections a user can make outside of the box per user group, should I be doing this via iptables or what? aka:
group1 can only have 2 simultaneous outbound connections
group2 can only have 8
View 1 Replies
View Related
Jul 12, 2009
I've got a question about chattr command. is it possible to restrict a root access for this command. what i want is something similar to freebsd behaviour aka the kernel secure level. setting a particular security level results in limiting some operations (i.e changing immutable flags on files) by root. well, if someone gained an access to a machine in some way, nothing would stop him changing the file's flags. so the question is if it can be achieved with selinux?
View 2 Replies
View Related
Dec 15, 2010
I'm trying to restrict a particular ssh user to his home directory, I'm just giving him access so that he can ssh to another server that is only accessible from the former but restrict his movement so that he can't poke around the former.I already made some changes to sshd_config file and added the following line at the end:
Did some test, user joe can ssh to the server but unable to do anything aside from logging in, even a simple ls command will immediately close the putty session. I know I'm still missing something but don't really know what it is.I also tried this how to that uses rssh --> http://www.adamhawkins.net/2009/05/r...ured/#more-431 however when I login the session immediately closes.
View 5 Replies
View Related
Jan 21, 2011
i want to Restrict a particular user from creating a file beyond a prticular size.ie he should not be able to create a prticular size [say 10mb] but he can use upto 10 gb.[ not the quota space i mean]
View 6 Replies
View Related
Mar 17, 2011
I run a system that users may log into either remotely or physically. Multiple users may be logged in simultaneously because of the remote access, but only one user can be physically logged in at a time.With the current setup, however, if the physical user inserts a flash drive (which the OS mounts automatically) then the remote users gain access to the removable media.
View 6 Replies
View Related
Oct 21, 2009
How to restrict some uses to send mail to outside domains except local in sendmail.I am using ( CentOS5 + Sendmail )
View 2 Replies
View Related
Dec 31, 2010
I managed to configure my W890i phone to get access to internet through an ubuntu-based computer. It's very easy to use the phone to give internet access to the computer, but the opposite is quite more tricky. For that I've done the following
----On the phone---
-Set the USB network option to "through computer", so that the phone uses the computer's internet connection and not the opposite.
-Decide and set "Shared Network" parameters: user, pasword and workgroup.
-In "conectivity-> internet connection" set "allow local network" to "yes"
----On Ubuntu 10.04---
-Install samba, samba-client, smbfs, smbclient, firestarter and dhcp3-server
-Configure Samba (System-> Administration-> Shared folders): same workgroup as in the phone, add new user (the phone), passwd this new user. In my case the user was called "w890i" and the password given was the same.
-Once the phone is connected to the computer through USB (then select "phone mode"), a new connection appears in NetworkManager: usb0.The aim is to create a shared network that gives internet access to this device. Edit the IPv4 parameters of this new connection, set them to Manual and give an IP adress (192.168.0.1) and a subnet mask (255.255.255.0); the rest of the fields are left empty.Connect this network.
-Set firestarter to use dhcp3: sudo ln -sf /etc/init.d/dhcp3-server /etc/init.d/dhcpd
-Launch firestarter and follow the wizard. Set "allow internet shared connection", choose the device for the primary internet access, and then the device for the shared network (usb0). Then change the settings for firestarter: activate DHCP for local network, set IP to the one we gave before (192.168.0.1).
-Open dhcp3-server config file sudo gedit /etc/default/dhcp3-server And set INTERFACES="usb0"
-Set the policies of firestarter: in incoming connections, allow connections from the IP adress given to the phone (192.168.0.1). Then add rules for the ports that need to be open for this connection. I opened HTTP, HTTPS, SMB, SMTP, POP3, IMAP, IMAPS, DHCP for all the connections in the local network.
-Apply policies and start the firewall.
------------
After all this, the phone can access the internet through the computer. Two problems appeared:
1. I couldn't get access to https sites, like webmails. The phone gave a "communication error". But then I tried with Opera instead of the browser built in the phone's firmware, and I could finally get to https sites.
2. I couldn't retrieve mail, neither POP nor IMAP nor IMAPS. I thought it was a firmware problem again, and I tried out several mobile phone email clients written in java, but none of them worked.
So this is at the moment the problem. If I connect from the phone to the internet directly through 3G, the email clients work for all my accounts. I don't think it's a firewall problem, because the ports are opened for this connection
View 3 Replies
View Related
Jul 6, 2011
I connected my laptop running with Ubuntu 11 in the LAN but I couldn't access internet.But I could ping to the other computers connected in the LAN. I tried the same thing with windows 7 in the same laptop and I could access internet.
View 1 Replies
View Related
Jun 12, 2009
I've been running a Samba server under RedHat 8 for five years without a hiccup. I want to cut over to a F10 box but cannot get shares accessible. smbclient attempts fail over NT password error. SELinux is disabled. Server is visible on the network. Users require no password access to shared data.
smb.conf follows:
# Samba config file created using SWAT
# from UNKNOWN (>)
# Date: 2009/06/12 14:15:15
[code]....
View 1 Replies
View Related
Aug 4, 2009
I have a linux domain (FEDORA CORE 1) and two laptop's which are part of my domain with windows xp pro service pack 2.I have given two ip's to both the laptop's being primary as global and secondary as local.I have configured printer in one laptop and shared.Till last week i was accessing that shared printer from my other laptop and every thing was working fine.Last week i formatted one laptop,(which dose not have shared printer) from then onwards i am not able to access my other laptop. I get the following message when i try to accessmy other Laptop,"you might not have permission to use this network resource. contact the administrator of this server to find out if you have access permission there are currently no logon servers available to service the logon request"P.S : If i have only local IP i am able to see both the systems and i am able to access my printer, this problem comes only when i add global IP to both the machines.And also i have stopped the firewall and other things.
View 1 Replies
View Related
Dec 12, 2009
I want to restrict the Visitors to my Webserver whom i want to give access But the persons whom i want to give access. have Dynamic IP. I want to use DynDNS and update IP address of person. Based on the Hostname Pointing to Dynamic address of person.
View 5 Replies
View Related
Mar 9, 2011
Ive managed to install samba, I've shared a folder. I can access from a Windows 7 machine via \ubuntupublic. I can put files in the folder form the ubuntu machine and edit them on the windows box. I can put files in the folder/share from the Windows box but then I cannot edit them on the Ubuntu machine (they are read only and have a "Lock" over them). I can fix this by going to the properties of the file/folder in Windows and manually assigning "Everybody" full control (then the lock disappears and all is well.) I want read/write access to all the folders contents from both machines all the time (security is NOT a concern I WANT the permissions wide open) what am I doing wrong?
View 7 Replies
View Related
May 27, 2009
We have a sipmle office network set up that we also use use to connect to the internet, however of late the number of users has increased thus slowing internet access. Bandwidth upgrade is not an option thus i have to do bandwidth shaping on our linux router. The question is how do set the squid configs to allow certain IP's range a certain percentage bandwidtheg 60% and furthe divide the rest. Alternatively how can allow certain IPs to have higher bandwidth access.
View 1 Replies
View Related
