Ubuntu Security :: SSH - Can't Use Multiple Identities
Mar 4, 2010
Why I can't use multiple identities!
I have two sets of RSA key files:
I want two different SSH logins to the same server, so I create the following in ~/.ssh/config
Then in my server account on xxx in ~/.ssh/authorized_keys I have:
The idea is to use:
The latter as a transparent gateway to yyy through xxx.
Now this works just fine, but I have to remove either id_rsa or test! Why?
Can I user .ssh/config like this?
View 1 Replies
ADVERTISEMENT
Jan 20, 2010
This worked fine in 9.04, but doesn't in 9.10 (fresh install).
If I tell my ssh-agent about a private encrypted key via "ssh-add .ssh/mykey" then everything works fine.
But if I log out and then log back in it's not there and there is no Gnome prompt to ask for the password to decrypt. So I have to do an "ssh-add" everytime I log in.
View 4 Replies
View Related
Mar 15, 2010
I have added an identity to ssh-agent
Code:
ssh-agent /bin/bash
ssh-add ~/.ssh/id_dsa
After restarting the machine. I removed all the identities by
[Code].....
View 3 Replies
View Related
Feb 8, 2010
I have username1@domain.com and [URL] I want to send emails to two different groups of people and use a separate smtp server for each account so people that receive emails from username2 don't know about username1 account. At the moment I have to manually go into settings and change the default smtp server before I send the message. So I basically want to associate an smtp server with an identity. It doesn't seem that this is possible to do. I do know about the "Reply to Address" option but this is not what I want. For starters my smtp server won't allow this operation to take place.
View 1 Replies
View Related
Jan 30, 2011
Ubuntu 10.10 Server is loaded. Openssh has been loaded.
I have multiple users which need access to server via ssh.
My impression from reading about ssh is that a key needs generated for each person. Thus, each key will have a passphrase that is unique to them.
In /etc/ssh/sshd_config, the default sshd_config suggest using:
%h/.ssh/authorized_keys
My assumption is %h is a variable that will allow the current user to use the public key stored in his home directory under the .ssh folder in a file called authorized_keys. Is their a command string that automatically populates the authorized_keys file?
I am surprised that even though there are a number of hidden (e.g. .****) files located in the home folder, there is not one automatically generated as .ssh. It appears I have to create that directory myself. I am especially surprised by this since it appears the instructions for generating a key seems to load the key in the home directory instead of proceeding to create a .ssh folder to store the keys in.
It is not clear, but it appears that the public key needs to be copied or appended to the authorized_keys file, but, using the scheme above, the public key needs to be copied or appended to each users authorized_keys file instead of appending all public keys to a single authorized_keys location.
It then appears that each persons authorized_keys file needs permissions set to 600.
It also appears that if I decide to use RSA instead of DSA, I would do the same thing above but would use authorized_keys2 file instead.
Why doesn't the home folder which gets automatically set up for each user automatically get a .ssh folder generated? i.e Why does it have to be created by hand? Does it need the same permission on the .ssh folder? ie 600?
My aim is to allow many to log on via ssh simultaneously and then allow many to simultaneously vnc into their respective gnome desktops.
View 6 Replies
View Related
Mar 22, 2011
I am running a ubuntu server 10.10 with SSH, and OpenVPN. I use it mainly for the VPN, but I have seen log in attempts such as:
Mar 22 14:52:53 UbuntuSvr sshd[2397]: Invalid user support from 85.217.190.69
Mar 22 14:52:55 UbuntuSvr sshd[2399]: Invalid user student from 85.217.190.69
Mar 22 14:52:57 UbuntuSvr sshd[2401]: Invalid user transfer from 85.217.190.69
Mar 22 14:52:59 UbuntuSvr sshd[2403]: Invalid user user from 85.217.190.69
[Code]...
Is it possible to make it so when some one has tried logging in 5 times with an invalid user/pass that the ip is banned for 10 minutes? I have password auth set to no and am using keys.
View 7 Replies
View Related
Oct 12, 2010
is that possible to have multiple users for one linux session? and how can i do that ? it's possible to creat virtual users for a session ?
View 2 Replies
View Related
Mar 26, 2010
At the moment we have one SSH server with the private key being on a usb flash drive, and the public key being on the server in authorized_keys2. Now that three more servers are coming online, should we generate new keys, so we have muliple private and public keys (one pair for each server), or use the same two keys to access all the servers
View 5 Replies
View Related
Nov 9, 2010
It's been awhile since I've been on here. I suppose that can be considered a good thing, since I made the completely transfer to Ubuntu three months ago and everything's been running completely smoothly. Anyway, security is a pretty big thing to me. I usually change the root password, take sudo off (and default gksu, not gksudo), encrypt my hard drives, etc... One thing I also do is create a separate password for my login keyring. I don't mind having to enter one extra password at login, but it started prompting two times, and now three. It's the same password every time, so my question is..
View 4 Replies
View Related
Dec 16, 2010
I have a block of 5 static ip's and 2 servers that push HTTP and other services. What is the best method of configuring/routing traffic to individual boxes on the network?
More detail: One of my static IP's is assigned to a dedicated box for an Ubuntu mirror. Another static IP is assigned to a server with all of the HTTP traffic.
Several configurations function to route traffic appropriately (forwarding proxy or 1-to-1 NAT). However, with 1-to-1 NAT, the box is left open to the world with only the software firewall. Do I really need to place a hardware firewall inline to EVERY server?
Or, what other methods of routing and firewall would you recommend?
View 3 Replies
View Related
Mar 3, 2011
my computer is often very slow, to the point of stalling. I tty'd in and when I ran ps -ef I noticed about 10 /usr/sbin/apache2 -k start I dont even want 1 apache running. Any suggestions why these are running, or how to stop it? Well, I can stop it with a sudo killall, but how can I make sure it doesnt happen again?
View 5 Replies
View Related
Feb 9, 2010
OK I have multiple developers on a system and I have setup a area on the web server where they all should have access to and all that fun stuff. Now I do not want to setup these developers default group to be this single group cause they could be members of multiple groups...
IE:
/var/www/cust1 - Group Cust1
/var/www/cust2 - Group Cust2
etc...
Then say for the developers:
dev1 - member of Cust1 & Cust2 - Default group is dev1
dev2 - member of Cust2 - Default group is dev2
dev3 - member of Cust1 - Default group is dev3
So when they go into say /var/www/cust1 only dev1 & dev3 should have access to modify files and when they create/edit files the owner should be the user and the group I want it to be Cust1. Then when going to say the Cust2 area new files and stuff have Cust2 group access with RWX.
Is this possible for users to just use their normal accounts, or will I need to look are setting up "project" accounts where they can su into say dev1cust1 account which will have the default group of Cust1?
how you all handle this and what I might be able to do so that the permissions stick.
View 2 Replies
View Related
May 23, 2010
how to prevent same user from ssh to multiple linux server at a same time , anyone of you have the script or how to do that ?
View 16 Replies
View Related
Aug 17, 2010
I am having a web server (apache) and 3 sites are hosted in it, named as www.web1.com,www.web2.com and www.web3.com.
I need to restrict www.web2.com to Internet users and allow only to local network. At same time I need to allow www.web1.com and www.web3.com to both Internet and LAN users.
View 2 Replies
View Related
Nov 2, 2010
I have a remote directory shared over NFS called tech with perms set as 0750 and owner set to root:tech. I have 2 groups: tech, and techAdmin. tech can read and execute within tech/. techAdmin can read, write, execute. I have 4 users: user1, user2, user3, user4. user1 and user2 is a member of techAdmin, user3 and user4 are members of tech. simple so far...but wait here's the problem. If user1 creates a file inside tech, user2 cant read or modify it because user1 owns it. Here's a few sites that reference this problem:
[code]....
View 4 Replies
View Related
Feb 5, 2010
I am setting up a samba server to operate in a windows AD domain. I want to set permissions for multiple groups to have different levels of access to one group of files, and it looks to me like unix permissions will not do that? I always hear about how robust linux is, and it seems to me that their file permissions model is WEAK compared to microsoft's?
View 2 Replies
View Related
Nov 19, 2010
In my logs for Apache I have lots and lots of failed attempts for incorrect incarnations of [URL]. None of them are anywhere near my alias for the index.php but yet phpmyadmin is broken. Is there away I can mess up robots like this. Send IP's that create multiple wrong page requests on my server back to their own IP address maybe? I would then just set thresholds to decide how strict to be. I did try fail-to-ban before but it is cryptic. I don't have it on this particular server.
View 2 Replies
View Related
Apr 12, 2011
I have suspicious requests in my haproxy logs from multiple sources to the same target. I could deny them in /etc/hosts.deny, but there are too many to keep track of. Is there a way to deny all requests to a specific target either in haproxy or through iptables?
Here's an example of the request: Apr 12 15:11:37 127.0.0.1 haproxy[28672]: 41.105.42.150:27072 [12/Apr/2011:15:11:37.315] web_servers frontend_farm/######## 3/0/1/1/169 404 1073 - - --NI 3/3/2/1/0 0/0 "GET /images/comment_icon.gif HTTP/1.1"
I've commented out my amazon instance id for security purposes. The request is for comment_icon.gif which does not exist. All requests go to that. The source IPs are from different countries as well. Blocking a certain country won't work either. Basically, if there was a way to send all requests for comment_icon.gif to /dev/null or something it would work.
View 2 Replies
View Related
Jun 10, 2010
By fiat I must distribute my homedirs across multiple physical disks/partitions. Unfortunately this is not open to discussion so obvious solutions like a lvm home partition are not available to me. The issue: Users created with homedirs on the main home partition (the one created as home during the f13 install) behave as expected, but if I create them on a different partition (home9 for the sake of this example) the users are not able to login (dropped back to login screen), nor run x-apps if su -'d to in a konsole.
If I 'su - <user-on-home9>' in a konsole, I get delivered to the /home9/<user-on-home9> as expected, but x-apps fail with the error: 'cannot open display: :0'. This can be temporarily fixed with the command 'xhost +SI:localhost:<user-on-home9>', but I would rather fix it permanently at the source.
This appears to be an selinux problem from the following.The contexts of the the two rootdirs are the same
% ls -Zd /home /home9
drwxr-xr-x. root root system_u:object_r:home_root_t:s0 /home
drwxr-xr-x. root root system_u:object_r:home_root_t:s0 /home9
but when I create the users (using useradd or the gui) their respective contexts differ:
% ls -Zd /home/user5 /home9/user6
[Code]...
So, my questions for you selinux experts are 1) is it possible to have homedirs spread across multiple partitions with selinux, and if so, how, 2) Why, even when I manually set the dir/file contexts to match a properly functioning user5 from /home, do users from /home9 still not work (as far as login and x-apps).
View 8 Replies
View Related
Jul 15, 2010
I installed 4 encrypted partitions (/, /var, /tmp, and swap) that are mounted at boot using the Alternate Installation Disc, and they all have the same password, but I have to type that password in 4 times when booting up. How do I make it so I only need to type in my password once?
View 1 Replies
View Related
Jan 7, 2010
I wonder if it is possible to have two passwords for one user account in 9.10. I have a long login password (5 words about 45 characters with spaces caps). I would like to set a shorter password for Authentication, sudo, etc. While retaining the original for logging in.In short:Have long password to login to computer.Have short password for everything after login.
View 6 Replies
View Related
Aug 4, 2010
We are working on a project to create a display wall of 8 monitors arranged as 2 high by 4 wide. Each monitor is connected to a single machine and all machines are networked with a master machine with its own, seperate monitor.
Our goal is to get the 8 machines to share a single desktop, with the master machine acting as the server. We have looked at using Xinerama or NMM, but we are unsure about how to get started configuring the multi-machine, multi-head display.
View 2 Replies
View Related
Sep 24, 2010
My ubuntu 10.04 has two monitors connected both being treated as individual desktops.But only one desktop is showing the wifi network icon in the notification area.Is it possible to have more than one wifi icon going at one time?
View 1 Replies
View Related
Jan 12, 2011
I'm using Ubuntu 10. I want to apply different themes for desktops.. I want to apply windows 7 theme,ubuntu, mac os themes for my multiple desktops
View 1 Replies
View Related
Jun 14, 2011
have a large amount of 7z files in multiple folders which I need to extract.The directory structure is like this:
/main-folder/
multiple subfolders/
1 or more 7z files per subfolder
I would like to get the output of this action in one separate folder, all together in 1 folder.How can I do this?
View 7 Replies
View Related
Aug 20, 2011
I often use the rpl command to make changes to multiple html files at once. For example:
rpl -R '<br />' '<br /><br />' mydirectory However, I haven't been able to figure out how to change multiple lines. For example, let's say I want to change all occurrences of :
<br />
<br />
to:
<br />
I've tried
rpl -R '<br />
<br />' '<br />' mydirectory
but that didn't work. how to do this with rpl or some other way?
View 9 Replies
View Related
Oct 26, 2010
I'm trying to connect one computer to two others in an ad-hoc infrastructure.
[computer 1] ---- [computer 2] ---- [computer 3]
computer 2 is running Linux and has a single NIC wlan0. I want to it to connect to both computer 1 and computer 3 so each computer can talk to the other. No switch is available so it needs to be an ad-hoc setup.
[Code]...
View 1 Replies
View Related
Aug 23, 2010
I am to rename all the files within a directory (which contains multiple subdirectories) recursively without invalid characters.
I tried the coding posted above.
find . -type f -printf '%p
' | while read file; do
oldfile=$(basename "$file")
newfile=$(echo "$oldfile" | sed 's/[^A-Za-z0-9_.]/_/g')
if [ ! "$newfile" == "$oldfile" ]; then
echo mv "$file" "${file%$oldfile}$newfile"
code....
but I get an error on both of them stating "find: bad option -printf find: [-H | -L] path-list predicate-list"
View 9 Replies
View Related
Jul 12, 2010
So essentially, I have 3 monitors and i'm attempting to run 2 different window managers/sessions at once split up on the monitors. It is intended to be like this:
Code:
[GNOME/Compiz - Screen0]
- Left Monitor[code]......
View 2 Replies
View Related
Jun 4, 2010
I'm starting to have A LOT of opened windows in my machine. Sometimes within a project, I have e-mail/task management/personal e-mail/twitter, and a lot of different opened applications/terminals in my Linux workstation.Sometimes it would be interesting to have different workspaces to projects instead of this configuration I have nowadays that are classes of work (bad name, I know, but I think you got the idea).I'm starting to think about using two monitors: one with Corporate Management, Work and Personal. The second monitor is only the development state: each workspace here is about a project being worked on instead of groups of works like before. A workspace may be implementing different classes for example.
My question is: I just want to change to a second monitor using the mouse. I want to still be able to change workspaces in the same monitor using keyboard shortcuts. The keyboard shortcuts wouldn't change monitors, just worskpaces on the same monitor. All the tutorials I read (like this one) only tells how to use multiple monitors but doesn't answer my question about keyboard shortcuts.Does Linux (Ubuntu 10.04 Lucid Lynx or Debian 5.0.5 Lenny) support this envisioned setup (Different workspaces in a way that keyboard workspace switching only works in the current monitor) ? If so, how?I haven't tested this setup, that's why I'm asking. In this question the user says it works exactly how I want it to behave, can someone else confirm it?
View 3 Replies
View Related
