I don't think it would be harmful to run ssh on the default port of 22. Especially since the machine will only accept key-based logins and only accept traffic on port 22 from external IP addresses that I specify.
View 8 RepliesAs far as I understand ssh runs on port 22 but in my /var/log/auth.log I see
Quote:
why is this logged 48504 different than ssh port 22?
I got some entries in my auth log that I am puzzled by. What could be the cause? I was not using my machine at the time of the logging.
Code:
Lately I have been receiving this in my auth.log file. It seems to be repeating over and over, and I didn't know if was anything normal or something I should be worried about...
Code:
I yesterday installed fail2ban on my server and I see I am not getting logs for the genuine people also who log in to my machine.In
Quote:
/var/log/auth.log
It is a Ubuntu server and I had installed fail2ban via
Quote:
apt-get install
I thought some thing might be in
Quote:
/var/log/fail2ban.log
but there I do not see any thing
Quote:
2011-02-10 20:26:35,002 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2011-02-10 20:26:35,003 fail2ban.jail : INFO Creating new jail 'ssh'
2011-02-10 20:26:35,003 fail2ban.jail : INFO Jail 'ssh' uses poller
2011-02-10 20:26:35,031 fail2ban.filter : INFO Added logfile = /var/log/auth.log
[Code].....
I am using auth_param basic program /usr/lib/squid/squid_ldap_auth to authenticate users using squid from ldap. The user and pass is in clear text over the network between the browser and the squid server. Any way to send it in an encrypted format??
View 2 Replies View RelatedI was considering adding the below to my RHEL5 system's /etc/pam.d/system-auth file.
password required pam_cracklib.so try_first_pass retry=3 minlen=8
dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0
auth required pam_unix.so nullok try_first_pass
[code]...
A few minutes ago I was using google chrome when suddenly the scroll-lock indicator on my keyboard turned on... I pressed the scroll-lock key, but nothing happened, the light remained. I opened a terminal and ran "top" to find what processes were running when I was automatically logged out. I logged back and checked the logs and found the following entries in my auth.log:
Code:
CRON[2971]: pam_unix(cron:session): session opened for user root by (uid=0)
CRON[2971]: pam_unix(cron:session): session closed for user root
[code]....
internal system mail revealed an error. Part of the mail is the below:
Feb 25 00:00:01 mbdba crond[1025]: PAM (system-auth) illegal module type: ccount
Feb 25 00:00:01 mbdba crond[1027]: PAM (system-auth) illegal module type: ccount
Feb 25 00:01:01 mbdba crond[1122]: PAM (system-auth) illegal module type: ccount
Feb 25 00:02:01 mbdba crond[1152]: PAM (system-auth) illegal module type: ccount
Feb 25 00:04:01 mbdba crond[1275]: PAM (system-auth) illegal module type: ccount
Feb 25 00:06:01 mbdba crond[1397]: PAM (system-auth) illegal module type: ccount
i have check /etc/pam.d/system-auth for the "ccount" entry, but it does not exist. "ccount" existed before in /etc/pam.d/system-auth but i managed to change it back to "account." i have grepd for the "ccount" string in all files under /etc/pam.d and i was not able to find it.
it seems that the system-auth is not able to take the now "account" string insted of "ccount" altough i have restarted crond
here is my system-auth file on the affected server:
auth required /lib/security/$ISA/pam_env.so
auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
code....
I login as normal user. I can 'su root' fine - password authenticates. However, If I try to run System->Administration->Users/Groups, when it asks for root password, it is rejected. When I run updater, it reports failure to authenticate, but doesn't even ask for root password beforehand. Is there a cached password someplace?
View 7 Replies View Relatedsudo ssh -L 750:192.168.123.103:873 username@192.168.123.103It does exactly what it's supposed to do, but how do i edit / remove this rule?Is there some config file where i can alter the forwarding? How does it get stored?Im using Ubuntu 10.10Server Edition (allthough i recon it would be pretty much the same across all versions
View 5 Replies View RelatedIs there any way to verify if packets being trafficked over a certain port are valid for the service you want to use this port for?
One obvious example that probably clarifies my question:
When I open port 443 (outgoing or incoming) for https/ssl traffic, I don't want this port to be used for say openvpn traffic.
Thus: when someone wants to surf to a website with https, it should be ok but if someone wants to connect to his home openvpn server over that same port, it should be blocked.
I'll explain this in one sentence: Is it possible to program a port-binding shellcode in which people across the Internet can connect to, without being thwarted by the router blocking their data because the port its bound to doesn't allow port-forwarding
View 2 Replies View Relatedviability of using LTO tape backup on my Slamd64 based server.So let me begin with the specifications I have currently for my motherboard. I have an old ASUS K8V SE, The PCI spec is 2.2 And the Southbridge chipset is a VIA VT8237 So I was wondering how easy is it setup an LTO 2/3 internal or external tape drive and corresponding PCI or PCI-X SCSI card ? I was looking at the specs of the VIA VT8237 but couldn't find any concrete information on how it would handle PCI-X, though for the VT8237R Plus chipset they list this feature, "Dual PCI-X bus support through VIA VPX2 I/O expansion bridge" Anyways I just want to see what you guys on here thought, Ideally some info on the low level software backend and the high level user input frontend software would be useful too It is my first step into Tape drives.
View 2 Replies View RelatedAs it stands I have a small home network operating behind my modem/router. Some of the ports on this are forwarded to my PS3 for gaming but I was looking at forward some for my file server.
At the moment I've forwarded port xxx22 to port 22 on my server for SSH for instance. ANd similarly 21 for FTP (although it doesnt seem to want to connect for any more than a few seconds using that). What I was thinking of doing was placing a small website for a handful of ppl to use on the server too and port forward again - xxx80 to 80. It works just fine but I'm a little concerned on the security front.
As I've moved the port to something different from the outside world I'm presuming I will have already cut the potential for malicious folks to wander in but is there anything else I should be doing? At the moment there's no firewall operating on the server, usually as its hidden behind the modem/router. But if I open this thign up more permanently what should I be doing? I've read a few articles on it but I'm always left with the overwhelming thought of "Thats if theres no firewall in my router" as they just seem to do the same.
The default Firewall ufw is not enabled by default at the time of installation and it has to be enabled by the user.Isn't this a security risk or is the user whether ufw is enabled or not secured from external threats?I am not much knowledgeable about network security But I am trying to understand the Ubuntu mentality behind this default setting.
View 4 Replies View RelatedI installed Apache2 on Redhat EL 5. I am trying to change the default port (80) to 85. I tried editing httpd.conf and changed
Listen 80
to
Listen 85
It ditn't change any thing. 'netstat -tuapn | grep :85' returns nothing.
is it a bad idea to change SSH's default port (22) to a different port number
View 5 Replies View RelatedHow can I change the default port of ssh that is 22? Because of security issue I just want to give some other port.
View 3 Replies View RelatedOn this moment i build an webenvironment with wordpress, apache2, debian 8. On this moment i try to impelement Varnish.
By default this application use the port 6081. I try to put apache on port 8080. This already works but i get varnish not running on port 80.
You can see below that varnish still listen to the default port 6081. How can i fix this?
Code: Select allroot@webI:/home/beheerder# netstat -lpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:ssh *:* LISTEN 2917/sshd
tcp 0 0 *:6081 *:* LISTEN 3717/varnishd
tcp 0 0 localhost:6082 *:* LISTEN 3699/varnishd
[Code] ....
To test another port i have also try to start Varnish on port 85.
Code: Select allvim /etc/default/varnish
DAEMON_OPTS="-a :85
-T localhost:6082
-f /etc/varnish/default.vcl
-S /etc/varnish/secret
-s malloc,256m"
I have restart the apache and varnish services. I have also rebooted the server but varnish will not listen on port 80 (or other non default ports). On port 6081 the application works fine. But how can i fix this ?
Source Varnish port 80
I can use the application with the following command
Code: Select allvarnishd -f /etc/varnish/default.vcl -a 0.0.0.0:80.
But why is this not working with the normal config file. Varnish are than listen to port 80. With every server reboot i need than to run this command. So i would like to use the config file.
I'm trying to change the default mysql port with no success. I looked at my.cnf file and there's no reference to port. I also looked at the iptables and mysql is running on 3306 (default).I've changed the iptable file but mysql fails to restart.If I add port = [my port number] to the my.cnf file, mysql fails to start.
View 4 Replies View RelatedThis is a really specific question, but maybe someone can help. I'm debugging someone else's code, and they call a UDPWriter and specify an IP address and port, and I'm trying to make sure this multicast traffic goes over a certain port. How can I determine which port the UDP defaults to and change it?
It's confusing to me because I'm not familiar with all the layers the OS sends traffic through before it goes through the interface. Is there maybe some simpler way to tell the OS to send multicast traffic over both interfaces?
I have the first part of this script working, but I need help on how to specify a different port other than the default 22 for one particular server in my hostlist. First, here's my working script:
[code]....
Now, the hostlist contains a few servers that all share the same password in this test so as not to complicate that portion of expect's password section. However, one of the servers within hostlist_test will need to have the ssh port defined as, for example, 5522 as I've defined the port forward in DD-WRT's NAT section and changed in the appropriate /etc/ssh/sshd_config for listening. Might anyone be able to help me include that part in my script?
I want to change my ssh port from the default 22 to something else. I did the following: vi /etc/ssh/sshd_config; uncommented Port 22 and changed it to the desired port number. After that I run service sshd restart for the change to take an effect. Now, when I want to login into the new port I receive this message - Network error:Unable to route to host. When I change the port back to 22, I will be able to login again.
View 6 Replies View RelatedI have two computers on a LAN. (This is history not a Bazaar question, although I have one of those too) One of them (Ubuntu 9.04) Im using as a Bazaar repository over sftp. Its been working fine for about a year. Then we had a thunderstorm that knocked out our Internet service for a couple of days. When it came back up everything is working fine accept I could no longer commit to the server. A little detective work showed that ssh was not running on the server. I started it and Bazaar then couldnt find the repository files. I still suspected an ssh problem, but port scans from both computers showed port 22 open on the server and I could do a ssh login from the client ok. Then I started fiddling with ssh on the server and now I have ssh problems on top of the Bazaar problems.
On the server I deleted then regenerated the ssh keys. Ive done
sudo /etc/init.d/ssh reload
sudo /etc/init.d/ssh start
I get a normal starting message and ps ef |grep ssh
shows /usr/sbin/sshd running. But the port scan does not show 22 open and I get connection refused at the client.
Now that I've set up an FTP server here at home I'm thinking that it might be a good idea to change from the default Port 21 to something else. Can I use any port I desire or are there only certain ports that support this protocol?
View 14 Replies View RelatedI used pptpd in cent os 5.4I want to change the default port 1723 of pptpd to 1813I chnage the pptpd port in service file to 1813 but ppp dont worknote : in ms vpn client i change the port to 1813
View 8 Replies View RelatedI am trying to create multiple FTP sites on one Linux server (using multiple vsftpd-sitename.conf files) with default port '21'.
Below is the sample vsftpd site configuration,
# cat vsftpd-site1.conf
listen=YES
write_enable=YES
[code]....
I am unable to create above vsftpd site with port '21'. Below is the problem,
# vsftpd vsftpd-site1.conf &
[1] 14448
500 OOPS: could not bind listening IPv4 socket
I wonder, i can able to create above FTP site with another port (example, listen_port=60001 ). In Linux(vsftpd), can i use default ftp port '21' for multiple FTP sites?
I have a CentOS server running at [a link which has been moderator deleted] (a text-based game I'm building) which is displaying the default welcome page. I'll quote some of the things that page says:
Quote: "Apache 2 Test Page powered by CentOS This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page it means that the Apache HTTP server installed at this site is working properly."
"If you are the website administrator: You may now add content to the directory /var/www/html/. Note that until you do so, people visiting your website will see this page and not your content. To prevent this page from ever being used, follow the instructions in the file /etc/httpd/conf.d/welcome.conf. You are free to use the images below on Apache and CentOS Linux powered HTTP servers.
The default output audio port Ubuntu doesn't work on my system. It should be "Analog Mono Output/Amplifier", instead of "Analog Output/Amplifier". I can easily change that in sound preferences, just by choosing the right port in the "Output" tab, or by issuing the following command:
Code: pacmd 'set-sink-port' 'alsa_output.pci-0000_00_1f.5.analog-stereo analog-output-mono;output-amplifier-on' The problem is both solutions apply only to a single account, while I would like to change it system-wide, so it applies to all accounts on the system (there are more then 100 accounts - it's a set up for a school).I'm using Ubuntu 10.04.