I have an ssh tunnel with my ubuntu (vps) server. On my local computer I have proxifier, to redirect everything with socks5.
Everything works fine, I can browse websites and that. Email also works.
But when I want to visit a website that uses https it doesn't work. I do not get to see the website, or receive an internal server error.
I'm using kubuntu-9.10-desktop-amd64.iso live (booted via grub2 loopback directly from iso on hd, in case that makes a difference). Processor is a E2180 which according to the Intel website supports the NX bit. I've enabled the option "Execute Bit Support" in the BIOS. /proc/cpuinfo shows both nx and pae in both flags lines. But dmesg says "Using x86 segment limits to approximate NX protection".
View 2 Replies View RelatedI can't seem to get htaccess to work.I've created a .htpasswd file like so:
Code:
htpasswd -c -m .htpasswd user
Then it prompts me for a password for that user. I put the password file one dir above my
[code]....
I found several instructions on how to use a live CD to reset the local admin password to blank.I download 10.10, installed chntpw, mounted the drive, and used the utility on the SAM dbase.Seems to work everytime and I write the changes and get a return code of 0.Then I reboot and the blank password doesn't work. Tried 3 times.
So I noticed that there was an "x" in the box that showed a policy that says you can't have a blank password when you 1st run chntpw. So I tried changing it to something else instead of blank.Still no go.
So I installed pam-script
made this script:
Code:
#!/bin/bash
RFID_AUTH_SUCCESS=0
#Read the card
tag=`'/etc/rfid/RFID-login'`
code....
Code:
sudo test
It doesn't ask for my password and instantly authenticates as root!
if I run the above posted script manually, (cd into the dir and execute it), it works fine and produces the result 1 if positive and 0 if negative.
I'm using Ubuntu 10.04 and for some reason, privoxy just won't start properly on startup. I see privoxy is there when I run 'ps -A', but Firefox says that it is refusing connections. When I run 'sudo /etc/init.d/privoxy restart', it restarts and everything is peachy. But for some reason, it just won't start properly on boot
View 1 Replies View RelatedI have set up a Ubuntu 10.10 server. I have been using ssh tunnels to encrypt my web traffic at public wifi. I am trying to make this server as secure as posible so I enabled ufw. I allowed SSH and HTTP traffic in and denied everything else. But when I do that I can not use SSH -D because when I try to visit a webpage it does not load and I get the following.
Code:
uname@mybox:~$ channel 3: open failed: connect failed: Connection timed out
^C
uname@mybox:~$ fclchannel 4: open failed: connect failed: Connection timed out
^C
uname@mybox:~$ exit
logout
What do I have to do to allow ufw to allow ssh tunnels through?
What is the current status of HTTPS Everywhere add-on for FF? I understand it was previously compatible, but it is not now (I am running 3.6.11 on LL). This article on firesheep has me a bit freaked.
View 1 Replies View RelatedI have my Linux laptop running Katatonic Koala at the moment. It is connected via CAT5 to a switch. The switch then connects to my router. All five of my computers are connected to the switch, actually. The only one that won't talk to any sites other than https secure sites is the Linux box. I am not well-versed in the inner workings of Linux and need some help in what I need to do so that regular http sites work. You guys always have the right anwers so I will wait humbly for your replies.
View 8 Replies View RelatedI want block https sites if suppose block the http it will opening in https.
View 9 Replies View RelatedI have tried to configure my iptables to allow only HTTPS connections to the internet. Unfortunately, I didn't get that to work. I configured it like this:
Quote:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -t filter -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -t filter -p udp --dport 53 -j ACCEPT
[Code]....
Of course I am only trying to access websites via HTTPS Still, I was wondering if HTTPS somehow under the hood requires the HTTP port to be open or if my rules are in some other way wrong.
ps: I got the rules from that website: [URL]
I like to encrypt my swap and tmp partition with /dev/urandom but it doesn't work. I tried it 100 times and now I have no idea.
Code:
cat /etc/crypttab
swap /dev/sda3 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
cat /etc/fstab
/dev/mapper/swapswapswapdefaults0 0
If I reboot I get the message "/dev/mapper/swap" doesn't exist. It seems, that crypsetup doesn't setting up the encrypted block device. SElinux is in permissive mode.
I want to setup firewall protection with iptables to support IPSec tunnels. That is, the firewall will drop anything from any host if it is not from an established IPSec tunnel. And it will accept anything (any protocols) if it's from an IPSec tunnel.
That is, I need also to open up ping to make ping work. But if I open up icmp, I cannot prevent pings from hosts that's outside my IPSec tunnels. This defeats my purpose.So if my purpose is to allow "anything" within the tunnel and disallow/drop anything outside the IPSec tunnels, how should I setup the iptables rules?
Is there a plugin or some other way to check to see if a website has https available, and use that instead? I know some sites, like Wikipedia have a different hostname for SSL support while others have the same hostname, just What I would really like to seesome kind of header in the http reply or the html that saysSecureAvailable= is there any system like this in place? There's too many issues with with unencrypted http to continue having that as the default.
View 3 Replies View RelatedI have just installed SSL certificate for my private domain (it runs on a private ip in a local network). I got the trial SSL from thawte. I have successfully installed the certificate.
View 1 Replies View RelatedI recently was able to network 2 computers at home and I wanted to make my password more secure. When I try to edit my password via System>Administration>Users and Groups, it doesn't workI am able to edit my user settings. When I change my password I enter my old one and it accepts my new one. Problem is when I try to install programs, login and do other things it only accepts my old password. How can I change my password?
View 3 Replies View RelatedI have an SSH tunnel setup between a local server and a remote postfix relay VPS. This is so we can route all our outgoing mail through this SSH tunnel to a private relay VPS, this seems to give us much more consistent mail delivery than using our ISP's relay. So the SSH tunnel is set to route port 1025 on machine A to port 25 on the VPS This part of it is working perfectly and has been for months. However today I wanted to set our e-mail newsletter software (on the same network as the SSH tunnel start-point) to send through the SSH tunnel. So I punched in the IP/port... 192.168.1.5:1025 but it doesn't work. Is there something I need to do to allow connections from other machines on the LAN to access the start-point of the SSH tunnel? Or are SSH tunnels restricted to localhost connections only?
View 6 Replies View RelatedMy Problem is: I want to stop gmail access without blocking https. Yes in my squid proxy normal http://gmail.com is not accessible. But gmail recently started https service by which user can still get access to gmail. I DONT WANT TO STOP https CAUSE ITS BEING USING BY MY COMPANY GOOGLE MAIL PROGRAM.
View 2 Replies View RelatedWhen connecting to an unknown unsecured wireless network, is it possible for someone to capture a header and resend it even if it's over https? For example I login on an ipod or on a computer and connect to a server through https and password auth. Although anyone monitoring the transmission could not get hold of my password since it's encrypted, could they just capture the header and resend it 5mins later to logon again without even knowing the password?
View 13 Replies View Relatedone of the coolest features of Fedora imho is sandbox -X, which I used extensively in F12. However, in F13 I yum install /usr/sbin/seunshare prints:
Code:
[...]--> Processing Dependency: policycoreutils-python = 2.0.82-13.fc13 for package: policycoreutils-sandbox-2.0.82-13.fc13.x86_64
--> Finished Dependency Resolution
Error: Package: policycoreutils-sandbox-2.0.82-13.fc13.x86_64 (fedora)
Requires: policycoreutils-python = 2.0.82-13.fc13
[Code]....
I use iptables firewall (v1.4.1) installed on FC8. I'm trying to limit the inflow traffic for the port 1723 to certain MAC addresses. To experiment with the mac option, I've written the following iptables rule:
Quote:
iptables -A INPUT -m -mac --mac-source 10:08:08:08:08:10 -j ACCEPT
It didn't work. It gave me this error message:
Quote:
iptables v1.4.1: Couldn't load match `-mac':/usr/local/libexec/xtables/libipt_-mac.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information. Does that mean the mac module wasn't installed/enabled?
I have an sshd server up and running (F13 64bit) I'd like to connect to a pc that's behind a firewall using ssh tunnelling, so I have something like
ssh -R 1234:127.0.0.1:22 myuser@mypc
then from mypc I can succesfully login to the remote pc. I have just une question. How can I list the ssh active connections and the forwarded ports ?
I've only got to
netstat -tunva
but this returns only (filtered)
tcp 0 0 127.0.0.1:1234 0.0.0.0:* LISTEN
tcp 0 0 ::ffff:172.16.0.XXX:22 ::ffff:172.16.1.XXX:60744 ESTABLISHED
Now I know that the first is the tunnel end but how can I connect the two lines if I don't know the port number (ie: someone else estabilieshes another tunnel)
I am working on a project to create a video conferencing environment. For this I use a default installation of BigBlueButton on ubuntu 10.04. One of the main problems here is that it's not safe enough to share classified documents trough this software. It's a simple webserver that uses nginx. What I want to do is make this connection secure.
One of the problems is that I don't only have a connection trough port 80 but it uses the following ports:
Port 80 (HTTP), 1935 (RTMP), 9123 (Desktop sharing).
I would like to use a proxy instead of some tunneling or vpn to do this. Would anyone happen to know anything about squid or another equivalent to do this?
I'm trying to figure out how to use ADrive.com's 50 GB's or SkyDrive's 25 GB's of free storage to backup my computer automaticaly.
Problem's:
1. With ADrive I can select all my files at once through their website's uploader vs SkyDrive where you have to select them one by one. There are some third party programs, like Gladinet, which will mount sky drive to your computer like an extra drive, though I haven't found one for linux yet. This guy came up with a cool way to backup automagically with Windows: [URL] I am trying to figure out how to do the same thing with Linux.
2. ADrive's uploader is not on https, whereas SkyDrive is. Either way I wanted to encypt my files on my computer first so when I back them up, they are safe in case they should fall into the wrong hands, not that I don't trust Microsoft or whoever ADrive is with all my most precious documents, but I'd rather error on the side of safety.
Basically, whenever I am on an unencrypted wireless hotspot, I open up an SSH tunnel to my home server to do all my browsing for the privacy and security it provides.But I got to thinking, and now I am curious, if I am visiting a site like gmail for instance that always uses SSL/TLS for it's connections, is there any added benefit to also using an encrypted tunnel? or is it perhaps superfluous to use both
View 3 Replies View RelatedI have set up certain portions of my web site to be forced https:// How do I force, non https:// protocols. I know this sounds confusing, so let me give you an example.
[Code]...
I am having some trouble setting up a cron job that creates a tunnel to my remote machine to work correctly on Ubuntu 9.10. The setup looks like the following:
(1) myscript.sh (executable)
Code:
#!/bin/bash
ssh -2 -x -i /home/user/.ssh/id_rsa.prv -L 3128:myremotemachine:3128 myaccount@myremotemachine
(2) crontab -e, added the following lines:
[Code]...
I'm about to create a CSR and was reading this page in the Ubuntu docs: [URL] A couple of things:
* There's no date on the article. The documentation needs DATES because this information gets out of date! Check MySQL docs, for instance -- they are organized by version.
* The instructions for generating a cert only specify 2048 bits. I believe that's kind of out of date? The verisign site has big red warnings saying you need 2048 if you want your cert to last past 2013 -- and that article is 4 years old!
* The instructions are confusing when discussing the passphrase. We enter a passphrase only to remove it immediately. We need some clarity here. Why do this?
How to understand the current best practices for generating an HTTPS cert for apache and/or mail access?
I'm using Postgresql 8.4.2-2. I'm trying to remote into my server securely. I figure I could do so with ssh. Apparently I figured correctly, as per, [URL] and [URL] I setup the ssh tunnel. ssh -L 5432:serverip:5432 Then I setup pgadmin3 to connect as follows:
host: localhost
port: 5432
user: postgres
maintenance db: postgres
And I receive the following error:
An error has occurred: Quote: An error has occurred: Error connecting to the server: server closed the connection unexpectedly This probably means the server terminated abnormally before or while processing the request.
I'm not sure what the problem is. I can connect with Code: psql from the cli after connecting to the terminal via ssh. So I know that I'm using the correct password.
I need to have a group of computers that connect to a remote site and run lynx to view some php pages that interface with mysql (that's a mouthful)For version control, I would like to keep only one central copy of the web files.
Personal data is sent, so rather than setup https server or SSL mysql encryption, I decided to create a "tunnel" to a Terminal Server using SSH.
I flirted with the idea of setting up VPN tunnels between the clients and a DMZ network but I don't want to add a bunch of complexity.
I just wanted to make sure that I wasn't creating a gaping security hole.