Ubuntu Security :: Setting Up A Public Ally Accessible Computer?
Jan 13, 2011
Our local community wants to provide broadband access for people who don't own a computer. I have been given the task of setting this up and I am going to use Ubuntu. Internet access will be via a usb dongle to a T-Mobile 3.5g network. Initially we are intending to limit access to just Internet browsing. Most users will probably be older people, rather than teenage hackers. configuring/securing a default Ubuntu install for this sort of use.
View 3 Replies
ADVERTISEMENT
Sep 8, 2010
I can't get this to work on my machines.
So far I have:
1. created a key with ssh-keygen on the server to be logged in to
2. copied the .pub key to my local machine
3. chmod 700 ~/.ssh on both machines
4. chomd 600 ~/.ssh/ic_rsa on the server, and on known_hosts on my local machine
5. added the .pub key to ~/known_hosts on my local machine
my local machine doesn't have an "authorized_keys" file which is what everything is telling me I should append my .pub key to. The only thing that was in my .ssh folder was known_hosts, so I tried that. I also tried making an authorized_hosts file to no avail, changing permissions appropriatly on all files.
Should I/Can I reset ssh in some way? Is there are reason I don't have an authorized_keys file or is my known_hosts file my authorized_keys file?
Would it be better just to uninstall/reinstall ssh?
View 2 Replies
View Related
Mar 4, 2010
my son is 15, autistic and mentally retarded. he is moderate-low functioning and loves to watch barney the dinosaur, thomas the tank engine and other young children's programming on videos on his computer. he can talk in a limited way and can read out loud at about the first-grade level, though he seems to have little or no comprehension of what he's read (hyperlexia).i'm having problems with viruses and spyware because he lacks the judgment that keeps the rest of us from clicking on every window that pops up. we've had a particularly nasty crop of ad-ware viruses lately that pops up graphic porn ads even when the browser is closed. i've had enough of this.
the computer is an ancient dell dimension 4600 desktop (circa ~2002) running windows xp. i've run ubuntu from a live cd and installed flash as a test. videos videos play fine, so that's not a problem. i don't really want to replace the computer becasue it still works and is only used by him to run firefox. i am willing to buy a new computer if that turns out to be the only option.i've been using ubuntu exclusively on my laptop for several years and i would like to remove windows from his computer and replace it with ubuntu. i'm wondering how i can make his computer as accessible as possible to him while not sacrificing too much security.my son has very poor fine motor control over his hands. he can use a mouse with some difficulty, but using a keyboard is out of the question. he can use the mouse to click on the shortcuts to his favorite videos, but i can't think of how he would be able to enter a password for his account. not only does he have the fine motor problem, but he is not able to remember any usefully secure password.
does anyone have any ideas about how to make his computer accessible to him without opening a gaping security hole? two ideas that i've kicked around are creating a user with absolutely the minimum privileges required to use firefox and no password or finding some way to enter a password that doesn't require a keyboard. i haven't come up with how to implement either of those ideas successfully.
View 6 Replies
View Related
Jul 8, 2011
I am running CentOS release 5.6 (Final) and have successfully installed PPTPD and this works great internally.
I want to access my Linux box remotely on the internet via my VPN tunnel. However I am not sure what I need to do on the Linux box to make this happen. My linux box is multihomed as follows
PSTN WWW <===========> ADSL Router Firewall <----------------> [eth1 192.168.x.x] Linux Box [eth0 172.16.x.x] <-----> to LAN
The desired topology is as shown.
VPN Client <------> Home ADSL Router <======= PSTN WWW =======> ADSL Router <------> eth1 Linux Box
1. The VPN is setup and bound to eth1 and eth0 and works well internally
2. IPSec, GRE and PPTP rules have been declared on the router which port map to eth1
However I am still unable to setup a VPN connection to Linux Box I suspect something hasn't been done or I have setup my NATing or IPTables correctly on the linux box.
View 4 Replies
View Related
Aug 6, 2010
I will try to explain a bit first about my network typology: I have one cent os 5.5 machine with 2 nics - external one 86.x.x.122 and internal one with 2 IPs: 192.168.1.1 and 89.x.x.121. The ideea is that I have a public subnet (86.x.x.120/29) of IPs which are routable only through 86.x.x.122 so I have a webserver hosted on a different machine with the IP of 89.x.x.122 and GW 89.x.x.121 - everything works perfectly fine, except that I cannot access from the internal network 192.168.1.0 / 24 the so called DMZ (roughly) - the 89.x.x.122.
What really makes me crazy is that I setup the IPtables rules correctly because I can access the webserver from the outside world but I cannot accessit from the internal network...
what I'm missing - why the 192.168.1.0/24 cannot see the 89.x.x.122 machine... What IPtables rules should I add?
View 2 Replies
View Related
Jan 10, 2010
I would like to know if there is a fairly easy "How To" for setting up my home network. I have 2 XP SP3 computers and 2 Linux with ver. 9.10. The XP boxes can see each other and share files and folders. I can see from an XP box one of the Ubuntu machines, but can't access any of the files or folders.
I get the following when I try: \Lstoragemusic is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. The network path was not found.
View 9 Replies
View Related
Jul 8, 2010
I recently got a nice, lightly used IBM Thinkpad laptop. It has wireless capability for the Internet. Linux is the only OS in the laptop. At home, I don't have wireless-- I have a wired DSL connection for my laptop and for my IBM desktop (which also only has Linux as OS).
When I took the laptop to the public library, wireless is provided there for free and I had no trouble connecting to the system there. But since I'm new to wireless, what do I need to have installed to have a secure laptop when in the public library (or when I'm anywhere else that offers free wifi) using the wireless connection? [I use Firestarter as my firewall in the laptop and in the desktop.] Do I have to install some software to make sure my laptop is secured from spying and invasions when in the library or is the Firestarter enough? If Firestarter is not enough, what is that wifi security software by name?
[My OS is MEPIS 8.5, a Debian-based distro.]
View 2 Replies
View Related
Dec 13, 2010
When i first install ubuntu 10.10 the other day my entire windows shared network was visible and accessible through places/network ect.i only had an issue creating a link.Now , for some reason i can no longer see the other windows comp or any of its folders but i can see my sons laptop ( running vista) . obviously i still have access to the network and i have checked the sharing settings on the windows machine.
View 3 Replies
View Related
May 15, 2010
Is there a direct link to Lucid updates?How can I download the linux-headers* updates from a public computer? This terminal runs only ms s/w.
View 5 Replies
View Related
Mar 5, 2009
I want to have my Fedora 10 computer act as file storage and access it from my Windows computers.
Details:
Fedora 10 box is fully functional and connects to the internet using a wireless card to my Linksys 54G router. I've configured the smb.conf file to workgroup MSHOME, and assigned it an IP of 192.168.1.150. I've also set it to turn on smb at boot. Windows XP Home is hard wired to the same router with the standard Workgroup of MSHOME. Windows is set to obtain IP and DNS automatically. There's another Windows XP Home system that's also wireless on MSHOME that I can interact with fine from the main Windows comp. Ping results to 192.168.1.150 results in Request timed out.
View 2 Replies
View Related
Aug 18, 2010
I set up a dhcp server in the lan and assigned static ips to two computers, computer A and B, according to their mac address. Everything was running fine. But when I turned off computer A, connected computer C to the network, and assigned computer A's static ip to computer C without changing dhcp setting. Computer C was able to access the internet. When I turned on computer A, dhcp couldn't assign an ip address to it, and computer C showed an error message of ip conflict and failed to use internet. I wonder if dhcp server is able to prevent other computer from using the same static ip that is already assigned to a computer according to its mac address.
View 5 Replies
View Related
Apr 29, 2011
I have to manage a publicly accessible computer, and people know the password and are willing to click just anything, that pops up and has a "yes"/"ok"/"i agree" button on it, just to make the message disappear. (yes, I hate their ignorance ...) As long as they can use the net, that is all they care about...
My question is, can I still get updates for Maverick without being prompted for upgrade to Natty? Also I would like to remove the button from Update Manager. Is there a simple way to do that?
View 7 Replies
View Related
Jan 5, 2011
I have a script that crond runs each night. The script pulls some sensitive files from an SFTP server and stores them in a folder on the local machine.I need to encrypt those files on the filesystem. Ideally, I could encrypt the folder they're stored in to require a password whenever the files are accessed. The problem is that then crond wouldn't be able to access the files. Using something like ecryptfs would allow the cron script to mount the encrypted storage by supplying the password, but now the keys to the kingdom are just sitting in a cron shell script.
Is there a good way to approach this? One thought I had was finding a tool that lets cron encrypt the files using a public key, then require a password to decrypt them (silently using the password to access the related private key)I don't want too much complexity on the decryption side, because I will have relatively non-tech people needing to access those files occasionally.
View 6 Replies
View Related
Dec 16, 2010
I have an SSH tunnel setup between a local server and a remote postfix relay VPS. This is so we can route all our outgoing mail through this SSH tunnel to a private relay VPS, this seems to give us much more consistent mail delivery than using our ISP's relay. So the SSH tunnel is set to route port 1025 on machine A to port 25 on the VPS This part of it is working perfectly and has been for months. However today I wanted to set our e-mail newsletter software (on the same network as the SSH tunnel start-point) to send through the SSH tunnel. So I punched in the IP/port... 192.168.1.5:1025 but it doesn't work. Is there something I need to do to allow connections from other machines on the LAN to access the start-point of the SSH tunnel? Or are SSH tunnels restricted to localhost connections only?
View 6 Replies
View Related
Oct 13, 2010
How I can benefit from a public external IP? Do I need a public IP to access my computer from a remote site?run a tftp server ?
View 1 Replies
View Related
Jul 15, 2009
My network comprises three PC's .... Windows XP, Windows 98SE and Ubuntu 9.04 running SAMBA. All PC's are configured WORKGROUP=WORKGROUP. The network connection To/From XP/UBUNTU via SAMBA Shares works perfectly OK. However, despite scouring all forum information regarding changes to Win98 ENCRYPTION, (Registry change re: DWORD "EnablePlainTextPasswords"), the Win98 PC refuses to connect to UBUNTU. The UBUNTU PC can conect to all the Win98 shared folders OK. I have disabled my Linux Firewall (Firestarter), I have run SMBCLIENT to check the user password for Win98 and it is validated OK. The Win98 error message is ....
"\Inspiron 510m is not accessible. The computer or sharename could not be found. Make Sure you typed it correctly and try again."
My samba.conf file is as follows ..... Any help or assistance PLEASE !
#======================= Global Settings =======================
[global]
## Browsing/Identification ###
# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = workgroup
# server string is the equivalent of the NT Description field
code....
View 20 Replies
View Related
Mar 7, 2010
I am trying to figure out the best way to set up 1-1 NAT for three public ips to three private ips through a ubuntu gateway machine.
I am running ubuntu server 9.10 and the set up is:
Internet/ISP modem -> NIC 1 Ubuntu Gateway Machine NIC 2 -> Three PCs with Private IPs
I had a few questions on how to do this correctly and securely.
1) What packages do I need to install (aside from the basic ubuntu server installation and possibly DHCP3-Server)
2) How do I assign all three public IPs to the NIC connected to the ISP modem? All addresses will be static, will I need the DHCP3-Server package?
3) Once I have the three public IPs assigned how do I map each specific public IP to the private IP address associated with it and provide the correct loopback? I want to make sure each response from the internal machines are sent out as their specific public IP.
4) Aside from allowing all connections, how should IP tables be configured to allow web services to one internal machine, mail to another internal machine and DNS to the other internal machine?
View 14 Replies
View Related
Jan 20, 2011
I recently installed Ubuntu 10.10 on my sister's HPtx2000 since she isn't going to use it anymore and it worked better than I expect. The touchscreen works without any additional driver tweaking and installation <3, the wireless works fine, the sound works. I listed those because when i was installing, I was looking around at other people that did this and those were the problems they had (but those was of an old OS).
Well anyways, what I want to ask is about the stuff that doesn't work and the stuff I want to do: The buttons that flip the screen and etc doesn't work. Is there a way to map them and flip the orientation of the screen? And the other buttons too, like the media button. Is there a way to map them to open VLC or something? Does anyone know any tablet programs for Ubuntu? E.g a simple text program that can convert stuff written to neat, typed font? A way to write text into a google search bar using the stylus? And while we're on this, is there a way to map a left click on the touch screen?
In Windows, the left click could be mapped to: a). a side button of the pen, b) the top button of the pen, and c) holding the pen down onto the touchscreen. how to use Samba to access a public folder of a Windows computer? And to access the printer connect to the Windows computer? Some of the tutorials I found were only for folders and printers on the Ubuntu computer.
View 4 Replies
View Related
Jan 30, 2010
I'm trying to give some windows users a permanent connection to a samba share behind a firewall over the public Internet. I know I can give them access with something like winscp (which they have done) but really I'd like to do it with a VPN so it seems seamless to the user. However I have no idea how to set up the server to support this and am finding the documentation a bit confusing. The samba share is on a Debian box and the firwewall is a Linksys WRT54GL.
View 1 Replies
View Related
Jun 6, 2011
I've got a p12 certificate (I own the secret key), and I would like to export the public key to gpg keyservers. How to achieve this?It works flawlessly inside gpgsm and kleopatra, but I cannot send keys:
Code:
$ gpgsm --send-keys 0xDA4E5DD0
gpgsm: this command has not yet been implemented
View 1 Replies
View Related
Oct 18, 2010
I have an encrypted document (with my key) which I should decrypt. After the generation of my key, my computer is formated and new reinstalled. Now GnuPG find my key public and I can't use it for decryption!
View 9 Replies
View Related
Jul 17, 2011
how safe is it to run Ubuntu updates when I'm connecting via a public network (wireless or wired) from a hotel (or other public settings). I'm not familiar with the internals but is there an additional validation mechanism for the package servers other than the URL ?
View 4 Replies
View Related
Dec 2, 2010
looking at my router logs i've noticed for the past while a range of source ports from 60000 to about 65000 from my source external ip to destination external ip always on port 80. I have 3 boxes on this network and this only seems to happen when i connect the one laptop. I even reinstalled the distro downloaded from trusted source but the router is still logging this.. netstat -ntulp shows nothing operating in this range. chkrootkit shows nothing.. Was thinking maybe someone was spoofing the external address but it's been happening on network startup for a month now
View 4 Replies
View Related
Mar 26, 2010
At the moment we have one SSH server with the private key being on a usb flash drive, and the public key being on the server in authorized_keys2. Now that three more servers are coming online, should we generate new keys, so we have muliple private and public keys (one pair for each server), or use the same two keys to access all the servers
View 5 Replies
View Related
Mar 31, 2010
I am using Nautilus to connect to an external server. Currently, I use password authentication, and all works fine. I just type sftp://SERVER and the connection is established after providing the login credentials. However, I changed the server to only accept Public Key Authentication and disabled password authentication, and as a consequence I could not login using Nautilus anymore. Is there some way to make this work?
View 9 Replies
View Related
Aug 26, 2010
I have a problem with my ubuntu account. I am running 4 virtual machines, based on jeos-8.04 and I am using a public key authentication to login to my account (via ssh). This is not the problem, I have the key and the passphrase. But when I am logged in, I can't sudo, because I forgot the password for the accout.
View 6 Replies
View Related
Nov 4, 2010
I'd like to know if this is common security flaw or normal to open up FTP to the public which is of course protected with password for 3rd party access to maintain our public facing / production website ?
If yes, what sort of FTP application to install in Ubuntu ?
View 1 Replies
View Related
Jul 22, 2010
I have to make sym link of phpmyadmin in /var/www in order to run phpmyadmin. I read that links can't be chmod-ed. The link ot folder phpmyadmin has 777 permissions. When browse in it every file has only read and for the root read/write access.
Is that a problem (777 access rights on sym link phpmyadmin on /var/www folder)?
View 1 Replies
View Related
Mar 24, 2010
I have trouble with rsa authentication:
I did create an rsa certificate with ssh-keygen using my root account on a client: ssh-keygen -t rsa -b 2048 no passphrase I did copy the rsa pub_key from my client to the server scp id_rsa sampleuser@sampleserver:/home/sampleuser/.ssh/authorized_keys
I did change the ownership to the "sampleuser" of the pub key file on the server: I trayd to connect:
ssh sampleuser@sapleserver
I get that: permission denied (public key)... I know I do smth wrong but I don't know what.
View 2 Replies
View Related
Feb 18, 2010
In my ~/.ssh I have a number of public keys and one private key (id_rsa). How can I verify which one makes a pair with the private one.Or, can one generate the public one from the private key (in reasonable time)?
View 4 Replies
View Related
