Ubuntu Security :: "tunnel" To A Terminal Server Using SSH?
Mar 7, 2011
I need to have a group of computers that connect to a remote site and run lynx to view some php pages that interface with mysql (that's a mouthful)For version control, I would like to keep only one central copy of the web files.
Personal data is sent, so rather than setup https server or SSL mysql encryption, I decided to create a "tunnel" to a Terminal Server using SSH.
I flirted with the idea of setting up VPN tunnels between the clients and a DMZ network but I don't want to add a bunch of complexity.
I just wanted to make sure that I wasn't creating a gaping security hole.
I'm using Postgresql 8.4.2-2. I'm trying to remote into my server securely. I figure I could do so with ssh. Apparently I figured correctly, as per, [URL] and [URL] I setup the ssh tunnel. ssh -L 5432:serverip:5432 Then I setup pgadmin3 to connect as follows:
An error has occurred: Quote: An error has occurred: Error connecting to the server: server closed the connection unexpectedly This probably means the server terminated abnormally before or while processing the request.
I'm not sure what the problem is. I can connect with Code: psql from the cli after connecting to the terminal via ssh. So I know that I'm using the correct password.
I have set up a Ubuntu 10.10 server. I have been using ssh tunnels to encrypt my web traffic at public wifi. I am trying to make this server as secure as posible so I enabled ufw. I allowed SSH and HTTP traffic in and denied everything else. But when I do that I can not use SSH -D because when I try to visit a webpage it does not load and I get the following.
Code: uname@mybox:~$ channel 3: open failed: connect failed: Connection timed out ^C uname@mybox:~$ fclchannel 4: open failed: connect failed: Connection timed out ^C uname@mybox:~$ exit logout
What do I have to do to allow ufw to allow ssh tunnels through?
I want to setup firewall protection with iptables to support IPSec tunnels. That is, the firewall will drop anything from any host if it is not from an established IPSec tunnel. And it will accept anything (any protocols) if it's from an IPSec tunnel.
That is, I need also to open up ping to make ping work. But if I open up icmp, I cannot prevent pings from hosts that's outside my IPSec tunnels. This defeats my purpose.So if my purpose is to allow "anything" within the tunnel and disallow/drop anything outside the IPSec tunnels, how should I setup the iptables rules?
I have an SSH tunnel setup between a local server and a remote postfix relay VPS. This is so we can route all our outgoing mail through this SSH tunnel to a private relay VPS, this seems to give us much more consistent mail delivery than using our ISP's relay. So the SSH tunnel is set to route port 1025 on machine A to port 25 on the VPS This part of it is working perfectly and has been for months. However today I wanted to set our e-mail newsletter software (on the same network as the SSH tunnel start-point) to send through the SSH tunnel. So I punched in the IP/port... 192.168.1.5:1025 but it doesn't work. Is there something I need to do to allow connections from other machines on the LAN to access the start-point of the SSH tunnel? Or are SSH tunnels restricted to localhost connections only?
Now I know that the first is the tunnel end but how can I connect the two lines if I don't know the port number (ie: someone else estabilieshes another tunnel)
Does anyone know the best and simplest way to do this? I'd like the share to be mounted over the tunnel on boot with as little scripting as possible and be as secure as possible without exposing more than one port to the outside. I will be trying this method: [URL]... once the tunnel is established and 'always on' NFS would take care of the file system mount obviously. Lots of the information I have been reading is not up to date it seems. Does anyone have any experience with this?
I use two Ubuntu machines, one at home and one at work. In order to connect to the machine at work from home I need to connect through a "tunnel server" that controls all the traffic to the machines at work.I am able to connect with ssh to the tunnel server and from the tunnel server ssh my own machine at work. My question is how do I retrieve files form my work machine to the home machine. How do I sync folders between the machines using rsync when the "tunnel server" is in between?
I'm working remotely at the minute, but have several 'incoming' automatic reverse shells connecting to a dedicated server. This dedicated server does not have X, but several of the 'incoming' shell servers do. Basically, take three machines, laptop, server, client. Laptop and client have X, server does not. All three machines have password-less logins to each other (laptop > server, server > client) and can password-lessly establish a shell.
I've tried ssh -X user@server "ssh -X user@client gui-application" and, no suprise, I'm getting 'Cannot open Display" messages. Does anyone know I nice one-liner for this kind of tunnelling?
I'm trying to tunnel and SSH connection through another server.for the tunnel is ran:ssh -L 8112:yy.yy.yy.yy:22 -N user@xx.xx.xx.xxBut when I try to ssh to localhost -p8112 I get an immediate error saying "exited: remote closed the connection
I am building up a site-to-site OpenVPN tunnel between two locations. I am setting this up in two CentOS 5.4 boxes each containing two NIC's. I can get the tunnel up and running, and I can ping across the tunnel, however, from the client end of the tunnel I can not ping anything behind the server end of the tunnel. In other words, I can't ping anything on the server's LAN. On both servers, eth0 is the WAN side and eth1 is the LAN side.
OpenVPN server: eth1 - 10.10.202.2/24 OpenVPN client-server: eth1 - 192.168.204.1/24 I have IP forwarding enabled in the kernel on both machines. Code: [root@vpn01 openvpn]# cat /proc/sys/net/ipv4/ip_forward
[Code]...
I'm sure that the answer is right in front of me, but I can't seem to get it cleared up. I can't hit anything on the 192.168.1.0/24, 192.168.2.0/24, 10.10.4.0 or 10.10.202.0 networks from the client server.
I need a to allow a user to tunnel an ssh session but disallow them a bash shell. # chsh -s /sbin/nologin {username} won't cut it...? would permissions be the way to go with it? But how? Setup a group and add the user to that group? Or add all other users to that group... I'm confused
I am trying to have the SSH tunnel Remote forwarding command in a shell script. I should be able to do 2 tasks, but unable to get that going.1) I have 3 servers Server 1, Server 2, Server 3.I have my Database running on Server 1 and my script running on Server 2 which should be able to do port forwarding from Server 1 to Server 3.so for example on Server 2ssh -i $ssh_key -R 9000:Server1:3333 root@Server2.
I need to be able to stick this in a shell script something like getTunnel() {
I currently have a gui running on port 8000 on some of my remote servers, unfortunately i do not control the firewall so can not open that outbound port to access it from hereIs there a way with an ssh tunnel to redirect that to another port so i can access it from here?
I'm currently tunnelling to my Ubuntu pc at home from my laptop in order to bypass my schools false-positive prone filter. Is there a way to record traffic that both comes to and is delivered by my pc?
1. Webserver (Centos 5.5) 2. Mail server (Centos 5.5)
We have configured autossh successfully to create/manage the ssh tunnel into mail server in order to dump all emails to localhost port.
To auto start autossh in boot time we have included following into /etc/rc.d/rc.local,
Quote:
So whenever our web application wants to send out emails it dump all emails to localhost:33465 port, easy piecy, all are working great
Now we have a requirement that logwatch reports should get delivered via the same ssh tunnel rather than installing postfix and configuring as a relay.
When i try to open a connection to start querying i get this message:
Cannot Connect to Database Server Cannot start SSH tunnel manager
1 Check that mysql is running on server 127.0.0.1
2 Check that mysql is running on port 3306 (note: 3306 is the default, but this can be changed)
3 Check the root has rights to connect to 127.0.0.1 from your address (mysql rights define what clients can connect to the server and from which machines)
4 Make sure you are both providing a password if needed and using the correct password for 127.0.0.1 connecting from the host address you're connecting from
We are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?
Working with Amahi server and the VPN app. WHenever I want to activate a VPN tunnel thru ssl, the VPN server starts up "Adito" agent. Normally in Windows, the agent pops up with a browser and basically lets you surf inside the VPN.But when I use my Ubuntu, it says it's starting teh agent and then it just sits there and stalls out with failed to sync.I checked the logs and this is all I got:
I am upgrading my server and I have a lot of sites. Since I cannot take my server down for a few days, maybe a week until I manage to migrate all the sites to the new machine, I figured I could migrate them one by one. After migrating one, I would somehow tunnel the requests of that name virtual host to my internal machine. When everything is migrated, I would then switch the machines, update ip's and stuff and everything will work just fine.
However I cannot seem to find a way to do this tunneling. is this at all possible? If not, what alternatives do I have?
I'm trying to generate MD5 hashtext within gnome-terminal that will match that generated by PHP running on a live web server. However, when I hash the same text I get completely different results!
Could this be a character set problem? My terminal is running UTF-8, but even if I change it to ISO-8859-1, the hashtext that's generated is the same. Also tried using md5sum with a text file, saved in various character encodings, but still got the same [wrong] hashtext. I'm running Ubuntu 9.10, tried running the local hash in both gnome-terminal 2.28.1 and the CTRL+ALT+F1 console.
I just really want to know if there is a way to install clam av through the terminal. I have tried manually installing it, but it doesn't really work. I just want Clam av to just keep my pc working at its best. I have been using windows for so long that I feel like just having an antivirus on my computer.
The terminal does not let me enter PASSWORD (or anything else) for SUDO prompt. My password still works to boot up and for syntactic. Surely changing terminal background color from purple to green did not cause this.
While trying to find an Open Office document I stupidly lost, I meandered around to LOST & FOUND "You (me) are not the owner, so you can not change these permissions. Does this relate to password problem?
I was trying to install ubuntu restricted extras, and for some reason this popped up in the terminal. Edit: Quote Removed That exact message come up in the terminal. What to do?
I just downloaded with a terminal the program ClamAV. But where it is located? I don't see it in Application - accessories -etc ? neither in "Places", etc where it is? ps: the place where I found about this was here:[URL]...
I recently set up a family computer for a friend, and now his son is "experimenting" with the terminal (randomly entering commands). since he could accidentally do something bad, I am supposed to prevent him from using terminals, but only as hi user. I tried vlock and away, but with vlock it says 'this terminal is not a virtual console', and away can't seem to lock all consoles.
I've done some searching on googlubuntu for and answer to this but haven't found anything.
As a Linux newbie I was wondering if there are certain types of output from the terminal I should beware of posting for everyone to see? Also are there any codes; that, if I were to be asked to run and report the output on, should raise a red flag?
