I'm using ssh to connect to a Ubuntu machine from a Windows machine. I am only using key-based ssh logins and not using passwords. (I followed this tutorial: [URL] My question is in my sshd_config file, should I set UsePAM to Yes or No? Security-wise, does it make a difference one way or the other, or can I just leave it set to "yes" (the default setting)?
View 1 Replies
Install openssh so that I can access my desktop (192.168.1.100) from my laptop (192.168.1.200) using konqueror with "fish".Googled and read that the sshd_config should be updated to enhance security.Tried fiddling with sshd_config on the desktop and hit a brick wall.Before setting ListenAddress 192.168.1.200 in sshd_config, the laptop can access the desktop with problem.However, after setting it, the laptop is not able to access the desktop.
View 4 Replies View RelatedI know how to set up sshd_config for shared key only access. Is it possible however, to set up shared key only access for specific users. Example Users ABCD I want them to only be able to login with shared keys Users EFGH I want them to be able to use a shared key, or if that key gets lost, corrupted or whatever, EFGH can still use a password, keyboard-interactive. How would I go about doing that?
View 3 Replies View Relatedi am trying to make my SSH-server more secure on my unbuntu server. And i want to do a little modifiing to the /etc/ssh/sshd_config folder. When i try to accsess it is says permission denied if i do sudo /etc/ssh/sshd_config it says command not found.
View 3 Replies View RelatedUsing the Mandriva 2010.2 distro.While using RkHunter I have inadvertently deleted the following 2 files from #/etc/ssh/these are the #ssh_config and #sshd_config files.Have tried to re-install RkHunter to see if I can get
those files back, unfortunately to no avail.Could anyone tell me the correct procedure to re-install
What is going on here? I can't access /etc/sshd_config to read or edit it, even as root. (Using debian-live 6.01)
root@debian:/etc# ls -l /etc/ssh*
total 132
-rw-r--r-- 1 root root 125749 2010-02-28 01:37 moduli
-rw-r--r-- 1 root root 1616 2010-02-28 01:37 ssh_config
-rw-r--r-- 1 root root 2453 2010-03-13 17:32 sshd_config
[Code]...
I also checked the permissions for the parent file /etc, and root has rwx. Is this something peculiar to the overlay file system used in debian-live, or just another unix gotcha?
I wanted to add a user to have permission to login to our webserver. Foolishly I did not back this file up. The only thing I changed was the last part of the file which was:
# override default of no subsystems
AllowUsers chris acosentino
Subsystem sftp /usr/libexec/openssh/sftp-server
to
# override default of no subsystems
AllowUsers acosentino techmaster
Subsystem sftp /usr/libexec/openssh/sftp-server
Now I'm still connected with that terminal, but any other attempt to get into the webserver from either a new terminal or from winscp results in:ssh_exchange_identification:Connection closed by remote host.If I lose connection to this last terminal I guess I'll be screwed.
difference between ssh_config and sshd_config file?
View 6 Replies View RelatedI have a WRTG54S Linksys router and Fedora 11 on my Asus EeePC and I would like to be able to access my Fedora remotely via ssh however I'm not sure which info and were do I need to change it in my router, also I want to be able to change the ssh port access is it from /etc/sshd_config ? My internet connection at home is via cable modem and with a connection that is always on. (no dialer)
View 2 Replies View RelatedHow to configure openssh, /etc/sshd_config on a new installation of Fedora Core 14? [since tt does not work right out of the box, I cannot ssh into it]
View 2 Replies View Relatedubuntu 9.10 login panel is worse with respect to ubuntu 8 since now all the users with names are shown without a way to hide them!Why don't keep the old way at least as an option?
View 5 Replies View RelatedTo avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies View Related1. I understand you can protect your files or directories in your website by setting file/directory permissions. The meaning of r w x is clear to me, but I'm not sure how to proceed... Starting with the index.html file, if I wanted to make it so that anyone in the world can read it but can't modify it, do I set its permissions to rwxr-xr-x? If I set it to rwxr--r--, would that mean the file couldn't be served? I mean, what does the x setting do on a .html file, how can a .html file be executable?
2. If file permissions work on the lines of owner-group-others, in the context of a website, who is 'group'? As far as I can tell, there's only the owner, which is me, and others, which is the world accessing the site. Am I correct in thinking that by default, say when creating a website on a shared hosting server, there is no group unless I specifically set one up?
3. My ISP allows the DynDNS.org service, meaning that I could serve a website from my home. It's too early to go that route just yet, but for future reference, I would like to ask about the server software called Hiawatha. It is said to be secure, but having read some evaluations of it, it doesn't seem to offer anything that couldn't be accomplished with Apache or Cherokee, it's just that its security settings are simpler and easier to configure. Am I right about this? Or does Hiawatha truly offer something that the other major server packages don't?
i updated both browsers i have and lost my secure log-in pages (no padlocks showing ) concerning different Web mail accounts.Just before i did these updates i checked an unrelated thing on-line regarding my sound card of which i kept a copy of and got this message below :
!!ALSA/HDA dmesg
!!------------------
[ 12.762633] cfg80211: Calling CRDA for country: AM
[code]....
Conky can be used to display a variety of information on the users desktop. I wanted to use Conky instead to display the current status of security as reported by:
SANS Internet Storm Center
IBM Internet Security Systems
Symantec Threatcon
McAfee Threat Center
I therefore created 4 small scripts which download the current status from these sites, and set the colour of those status's depending on the current value.The conky configuration allows for a semi-transparent background - though this is optional.Attached is an example image showing the 4 different colours.Also attached is an archive with the 4.sh files, .conkyrc and draw_bg.lua (from here http:[url].....
I just installed Ubuntu on a desktop. Can anyone give me some guidance on installing basic security software? In particular, I'm looking for a firewall, antivirus, and anti-spyware/malware utilities.
View 2 Replies View RelatedI already posted a topic similar to this concerning the Desktop OS version, but this deals with the Netbook because unlike the Desktop, the Netbook is less cooperative. Allow me to elaborate: Today (or rather yesterday since it's not after midnight where I am), I changed my password because I was hopelessly confounded about how to get my Wireless Network card up and running after it had been installed and I was allowing my dad to use it. This issue has since been resolved, however...
When I chose my password during the original installation, there was no mention of it being "too simple." This is where the Desktop OS and the Netbook OS differ. The desktop will let me change it in the terminal without any errors. The Netbook will not. When I've attempted to revert it back to the original, it will not let me do so in the User Profile or in the Terminal. The Passwords and Encryption Keys application also does not appear to help.
So now even after I've changed it to a different "complicated" password I am still prompted to insert two different passwords since I changed my user password but I am unable to change the password I input during the installation. A bit screwy methinks. This is extremely important. I'd like to know how to change the original installation password.
If I can't change the main password on my laptop then this is a serious potential security breach just waiting to happen (especially since it's on a laptop and I will be hauling it around with me) and I will most likely install a different OS if this isn't resolved --- It would be very unfortunate since I spent the whole day fixing it and I really enjoy the interface. Luckily I can live with this on my Desktop since I'm not going to be hauling it around with me everywhere when the school year starts.
As it stands I have a small home network operating behind my modem/router. Some of the ports on this are forwarded to my PS3 for gaming but I was looking at forward some for my file server.
At the moment I've forwarded port xxx22 to port 22 on my server for SSH for instance. ANd similarly 21 for FTP (although it doesnt seem to want to connect for any more than a few seconds using that). What I was thinking of doing was placing a small website for a handful of ppl to use on the server too and port forward again - xxx80 to 80. It works just fine but I'm a little concerned on the security front.
As I've moved the port to something different from the outside world I'm presuming I will have already cut the potential for malicious folks to wander in but is there anything else I should be doing? At the moment there's no firewall operating on the server, usually as its hidden behind the modem/router. But if I open this thign up more permanently what should I be doing? I've read a few articles on it but I'm always left with the overwhelming thought of "Thats if theres no firewall in my router" as they just seem to do the same.
When posting results from ifconfig, it shows the hardware address of etho, etc. Would you consider that to be a security risk ?
View 9 Replies View RelatedI'm concerned about security of having a LAMP server on my laptop as having any server makes the system less secure. However, if I were to create a new partition and install a lamp server on that and only use it when offline, would the security of my main partition be affected at all?
View 3 Replies View RelatedThe default Firewall ufw is not enabled by default at the time of installation and it has to be enabled by the user.Isn't this a security risk or is the user whether ufw is enabled or not secured from external threats?I am not much knowledgeable about network security But I am trying to understand the Ubuntu mentality behind this default setting.
View 4 Replies View RelatedI've recently been running a game server from my desktop, as well as a web page to accompany it.I use the ports 80/8123(HTTP)/5900(VNC)/50500(GAME)/5839(ADMINISTRATION).What's the best solution to protect my server from security threats? On a side note, I plan on adding a MySQL server later, but I want to keep it local only.
View 9 Replies View RelatedHaving read on the forums about some of the dangers of running Wireshark as root, I would like to know if anyone can suggest some alternative packet sniffers/network analyzers which will offer similar results but without the security issues. I am using Karmic Koala on a Fujitsu Siemens laptop with wireless router (firewall enabled)
View 7 Replies View RelatedSo yesterday I receive a copy of the SANS @RISK security vulnerability newsletter, and, lo and behold, Mozilla's Firefox and Thunderbird are on it yet again. (Yeah, I know, shocking, isn't it?)So I quickly check what versions I have installed. Yup: Vulnerable.I check whether updates are available.These are pretty serious "remote code execution" vulnerabilities and the status is "vendor confirmed, updates available." So why isn't my 9.10 desktop's update manager telling me updates are available?
View 9 Replies View RelatedI have read that to improve security in Ubuntu a good fix is to make the /home folder tree non-executable by default. This would mean that malware could not run in the /home tree without changing the setup.Is this a viable change, or is it just icing on the cake, any one any thoughts on this.
View 9 Replies View RelatedI always use VNC to check my server for updates, and this morning I started the xvnc4viewer to vnc into my server and it keep asking for a password. I never setup a password because I do this local from my laptop, and I am the only one who uses my laptop. I had to go to my server and check the setting in System > Preferences > Remote Desktop and found them all changed. There was a password setup and there was a check mark in the you must confirm each access to this machine there some security update that changed all these setting? Sometimes when I do updates I don't know what is being changed on my server
View 9 Replies View Relatedis there a way to run flash and java securely? stupid question i guess. i'd like to use a couple of sites that require them but don't want to open my box up to the bad things that can happen with these. videos, pandora etc. i don't know linux security well and just wonder what the ramifications of this will be?
View 9 Replies View Relatedi have just recently purchased a SeaGate 1TB External Hardrive. i have very sensitive information on this storage unit that i only want certain people to have access to. is there any way of password protecting the hardrive? preferably using linux or what are my options?
View 9 Replies View RelatedI'm new to server admin, so my question is based on what may be a bad assumption. With a server, my assumption is "if it ain't broke, don't fix it". In other words, I'm not really interested in upgrading the software to the latest and greatest if I already have stuff working on the server.
However, the one place where I DO want to constantly have upgrades is for security patches. How do I apply security updates to Ubuntu Server... and ONLY security updates?
just migrated to Lucid from Jaunty and noticed that the login startup screen looks more like windoze (shows all authorized users).One of the endearing security checks with Unix was that if you had access to a console you had guess both userid AND password - the system wouldn't tell you which was wrong.I feel that we have lowered security by making the list of authorized users visible on a console. Is there any way to turn it off and force users to enter both userid and password?
View 4 Replies View Related
