Re: [Dorset] dorset Digest, Vol 404, Issue 2
Regret can't get to the group. Should I be able to get Optical Character Recognition with Linux (Ubuntu)? > From: dorset-requ...@mailman.lug.org.uk > Subject: dorset Digest, Vol 404, Issue 2 > To: dorset@mailman.lug.org.uk > Date: Tue, 4 Oct 2011 12:00:02 + > > Send dorset mailing list submissions to > dorset@mailman.lug.org.uk > > To subscribe or unsubscribe via the World Wide Web, visit > https://mailman.lug.org.uk/mailman/listinfo/dorset > or, via email, send a message with subject or body 'help' to > dorset-requ...@mailman.lug.org.uk > > You can reach the person managing the list at > dorset-ow...@mailman.lug.org.uk > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of dorset digest..." > > > Today's Topics: > >1. Re: Locking down physical console access (David Wilkinson) >2. Re: Locking down physical console access (Ralph Corderoy) >3. Re: Locking down physical console access (Dan Dart) >4. Re: Locking down physical console access (John Carlyle-Clarke) >5. Re: Locking down physical console access (Ralph Corderoy) > > > -- > > Message: 1 > Date: Tue, 04 Oct 2011 09:50:46 +0100 > From: David Wilkinson > Subject: Re: [Dorset] Locking down physical console access > To: Dorset Linux User Group > Message-ID: <4e8ac8e6.6090...@noroutetohost.net> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > On 04/10/11 09:31, Chris Dennis wrote: > > > > The modern Ubuntu way of doing that may be to change the contents of > > /etc/init/tty[1-6].conf. > > > > I've changed tty1.conf on my MythTV front-end so that a user > > automatically logs in, but you could also prevent logins completely. > > > > On the other hand, I'm not an expert on this stuff, so you should > > confirm these ideas elsewhere. > > > > cheers > > > > Chris > > Hi > > I did try to disable the tty's but I was then unable to connect to the > server the server, it didn't respond to pings either so I am not sure if > fully booted up or not, so I had to boot up from a live CD and change > the files to allow tty's again. > > Just as thought is there away to prevent users from logging in locally > while allowing remote access via ssh as that might be easier. > > Thanks > > David > > > > > > -- > > Message: 2 > Date: Tue, 04 Oct 2011 10:16:24 +0100 > From: Ralph Corderoy > Subject: Re: [Dorset] Locking down physical console access > To: Dorset Linux User Group > Message-ID: <20111004091625.5183f32...@orac.inputplus.co.uk> > Content-Type: text/plain; charset=utf-8 > > Hi David, > > > > The modern Ubuntu way of doing that may be to change the contents of > > > /etc/init/tty[1-6].conf. > > > > I did try to disable the tty's but I was then unable to connect to the > > server the server, it didn't respond to pings either so I am not sure > > if fully booted up or not, so I had to boot up from a live CD and > > change the files to allow tty's again. > > How about disabling just tty3 through /etc/init/tty3.conf and seeing if > that works. If so, add the others and see when it stops working. > > Cheers, Ralph. > > > > -- > > Message: 3 > Date: Tue, 4 Oct 2011 10:23:37 +0100 > From: Dan Dart > Subject: Re: [Dorset] Locking down physical console access > To: Dorset Linux User Group > Message-ID: > > Content-Type: text/plain; charset=UTF-8 > > I believe some programs will stop working with a "no more ttys" error > - can you just not start the gettys but leave the ttys? Not sure I > have the correct terminology there - even don't start the login > processes? > > > > -- > > Message: 4 > Date: Tue, 04 Oct 2011 10:36:22 +0100 > From: John Carlyle-Clarke > Subject: Re: [Dorset] Locking down physical console access > To: Dorset Linux User Group > Message-ID: <4e8ad396.1040...@wormdrive.net> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > On 04/10/11 10:23, Dan Dart wrote: > > I believe some programs will stop working with a "no more ttys" error > > - can you just not start the gettys but leave the ttys? Not sure I > > have the correct terminology there - even don't start the login > > processes? > > > > Can you still make one of them a console? That might help. It would > also you you know what was going on. > > > > > -- > > Message: 5 > Date: Tue, 04 Oct 2011 10:55:47 +0100 > From: Ralph Corderoy > Subject: Re: [Dorset] Locking down physical console access > To: Dorset Linux User Group > Message-ID: <20111004095548.187ce32...@orac.inputplus.co.uk> > Content-Type: text/plain; charset=utf-8 > > Hi David, > > John Carlyle-Clarke wrote: > > On 04/10/11 10:23, Dan Dart wrote: > > > I believe some programs will stop working with a "no more ttys" > > > error - can you just not start the gettys but leave the t
Re: [Dorset] Locking down physical console access
Hi David, John Carlyle-Clarke wrote: > On 04/10/11 10:23, Dan Dart wrote: > > I believe some programs will stop working with a "no more ttys" > > error - can you just not start the gettys but leave the ttys? Not > > sure I have the correct terminology there - even don't start the > > login processes? > > Can you still make one of them a console? That might help. It would > also you you know what was going on. Well, you could leave the getty(8)s running but use their -n option to stop printing a login prompt and their -l option to alter the login program they run (as root) to something that does nothing, e.g. displays a message and sleeps endlessly. If it's OK for root to log in on a tty but no one else then nologin(5) may be what you need. Cheers, Ralph. -- Next meeting: Bournemouth, Tuesday 2011-10-04 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ How to Report Bugs Effectively: http://goo.gl/4Xue
Re: [Dorset] Locking down physical console access
On 04/10/11 10:23, Dan Dart wrote: I believe some programs will stop working with a "no more ttys" error - can you just not start the gettys but leave the ttys? Not sure I have the correct terminology there - even don't start the login processes? Can you still make one of them a console? That might help. It would also you you know what was going on. -- Next meeting: Bournemouth, Tuesday 2011-10-04 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ How to Report Bugs Effectively: http://goo.gl/4Xue
Re: [Dorset] Locking down physical console access
I believe some programs will stop working with a "no more ttys" error - can you just not start the gettys but leave the ttys? Not sure I have the correct terminology there - even don't start the login processes? -- Next meeting: Bournemouth, Tuesday 2011-10-04 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ How to Report Bugs Effectively: http://goo.gl/4Xue
Re: [Dorset] Locking down physical console access
Hi David, > > The modern Ubuntu way of doing that may be to change the contents of > > /etc/init/tty[1-6].conf. > > I did try to disable the tty's but I was then unable to connect to the > server the server, it didn't respond to pings either so I am not sure > if fully booted up or not, so I had to boot up from a live CD and > change the files to allow tty's again. How about disabling just tty3 through /etc/init/tty3.conf and seeing if that works. If so, add the others and see when it stops working. Cheers, Ralph. -- Next meeting: Bournemouth, Tuesday 2011-10-04 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ How to Report Bugs Effectively: http://goo.gl/4Xue
Re: [Dorset] Locking down physical console access
On 04/10/11 09:31, Chris Dennis wrote: The modern Ubuntu way of doing that may be to change the contents of /etc/init/tty[1-6].conf. I've changed tty1.conf on my MythTV front-end so that a user automatically logs in, but you could also prevent logins completely. On the other hand, I'm not an expert on this stuff, so you should confirm these ideas elsewhere. cheers Chris Hi I did try to disable the tty's but I was then unable to connect to the server the server, it didn't respond to pings either so I am not sure if fully booted up or not, so I had to boot up from a live CD and change the files to allow tty's again. Just as thought is there away to prevent users from logging in locally while allowing remote access via ssh as that might be easier. Thanks David -- Next meeting: Bournemouth, Tuesday 2011-10-04 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ How to Report Bugs Effectively: http://goo.gl/4Xue
Re: [Dorset] Locking down physical console access
On 10/03/2011 05:01 PM, David Wilkinson wrote: Hi Does anyone know if there is a way to stop logins from the physical console so that a server can only be logged in via ssh? I did some searching but only seem to find ones for Red hat like systems or really old Ubuntu versions and the files they suggest changing don't exist any more. I am using Ubuntu server 11.04 x64. The modern Ubuntu way of doing that may be to change the contents of /etc/init/tty[1-6].conf. I've changed tty1.conf on my MythTV front-end so that a user automatically logs in, but you could also prevent logins completely. On the other hand, I'm not an expert on this stuff, so you should confirm these ideas elsewhere. cheers Chris -- Chris Dennis cgden...@btinternet.com Fordingbridge, Hampshire, UK -- Next meeting: Bournemouth, Tuesday 2011-10-04 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ How to Report Bugs Effectively: http://goo.gl/4Xue
