Re: [SLUG] Re: photo/graphics processing SIG anyone?
David wrote: Let's keep the conversation going please. There MUST be a need for this sort of thing. If SLUG don't want to do a mailing list I'm quite happy to do one. Whoa, hold your horses! We're quite happy to do one, we just hadn't gotten around to it yet. :-) The new list is at [EMAIL PROTECTED] Lindsay -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: photo/graphics processing SIG anyone?
On 04/06/07, Lindsay Holmwood [EMAIL PROTECTED] wrote: David wrote: Let's keep the conversation going please. There MUST be a need for this sort of thing. If SLUG don't want to do a mailing list I'm quite happy to do one. Whoa, hold your horses! We're quite happy to do one, we just hadn't gotten around to it yet. :-) The new list is at [EMAIL PROTECTED] And you can sign up at http://lists.slug.org.au/listinfo/digitalarts... Lindsay -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- There is nothing more worthy of contempt than a man who quotes himself - Zhasper, 2004 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] New digital arts mailing list
G'day all, Just announcing the new digital arts mailing list at [EMAIL PROTECTED] You can sign up at http://lists.slug.org.au/listinfo/digitalarts. If you're interested in using FOSS for photo processing, vector graphics, digital animation, or any other type of digital design, this is the list for you! Cheers, Lindsay -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] ADSL ISP hosts
Sluggers, Can anyone recommend a really good Linux hosted ISP for ADSL [2 is not available] at a reasonable cost. At the moment I am on dial up with up to 100 calls per month and a data xfer rate of 350mb down at max, that would change as speed becomes available [drivers, software, etc] TIA, Nick Tomlin -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ADSL ISP hosts
I use and resell Internode. Their prices just went up massively, but the lower end has not been affected. Internode have a very good reputation quality wise, but my new connection will be with iiNet, as they have 2+ in my area. Internode has an excellent Linux mirror and iiNet has quite a good one. Not sure what you mean by Linux hosted. Any ISP will work with Linux. On 6/4/07, Nicholas Tomlin [EMAIL PROTECTED] wrote: Sluggers, Can anyone recommend a really good Linux hosted ISP for ADSL [2 is not available] at a reasonable cost. At the moment I am on dial up with up to 100 calls per month and a data xfer rate of 350mb down at max, that would change as speed becomes available [drivers, software, etc] TIA, Nick Tomlin -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ADSL ISP hosts
On 6/4/07, Nicholas Tomlin [EMAIL PROTECTED] wrote: Sluggers, Can anyone recommend a really good Linux hosted ISP for ADSL [2 is not available] at a reasonable cost. I think the term Linux hosted ISP is somewhat of a misnomer these days. With almost nobody offering shell access of any kind, and the xDSL hardware mostly resold from Telstra (unless you happen to be on an exchange which has a third-party ADSL2+ DSLAM installed), what does it matter what the backend machines run on? FWIW, iiNet runs Apache on its webservers - I strongly suspect they're mostly Linux boxes, since making Apache behave well on a 'Doze machine is problematical at best - but does it really matter? At the moment I am on dial up with up to 100 calls per month and a data xfer rate of 350mb down at max, that would change as speed becomes available [drivers, software, etc] Depending how you define reasonable cost, you can get a decent DSL plan with a much bigger download allowance for not a whole lot of money - hell, even the dreaded Telstra offers a 400 meg plan for something like $20 - but I wouldn't even think about recommending that. Head to http://bc.whirlpool.net.au , plug in your phone number and search for plans that suit you. There are literally hundreds of them. It also pays to surf the forums a bit to see if there is a lot of bad blood for a given ISP - Internode, for example, has just had a run of bad press because it's put in place price increases - in some cases massive increases - contrary to its previously stated policies and actions. Most ISP's offer mirrors or peering to mirrors whereby you can get Linux ISO's or repositories for low or no cost (in download allowance terms). DO a little research, and you will find the backend doesn't really matter. Personally, I would recommend avoiding Telstra and Optus like the plague, but that's my opinion only, and you are by no means bound to listen to it! DaZZa -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] 2. Re: photo/graphics processing SIG anyone? (Matthew Hannigan)
On Sun, 2007-06-03 at 17:05 +1000, Sridhar Dhanapalan wrote: On Fri, 1 Jun 2007, Sharon Doig [EMAIL PROTECTED] wrote: I would be interested in a discussion list devoted to photographics processing. Currently, I am using Bibble lite, Gimp, Digikam to organise and process my images for university and cash projects. If someone is willing to be the Point Person, the SLUG Committee is willing to facilitate such a group, starting with a mailing list. We can see how it goes from there. The Point Person will be the primary contact for the group, and will be responsible for scheduling and locating any physical meetings that the group may have. They will also be the primary moderator of the mailing list. Being a SLUG-supported group, it should be based in Sydney. Sorry, Canberrans. *Sniff*. :) -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html signature.asc Description: This is a digitally signed message part -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ADSL ISP hosts
DaZZa wrote: Head to http://bc.whirlpool.net.au , plug in your phone number and search for plans that suit you. There are literally hundreds of them. It also pays to surf the forums a bit to see if there is a lot of bad blood for a given ISP - Internode, for example, has just had a run of bad press because it's put in place price increases - in some cases massive increases - contrary to its previously stated policies and actions. http://adsl2exchanges.com.au/ this site also might help to find out who has what in your area This page is designed to help you find out what broadband options are available to you. * The ADSL2+ providers in your exchange * Automatic updates of each providers status * A map of where your nearest exchange is located. dave -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ADSL ISP hosts
On 6/4/07, DaZZa [EMAIL PROTECTED] wrote: FWIW, iiNet runs Apache on its webservers - I strongly suspect they're mostly Linux boxes, since making Apache behave well on a 'Doze machine is problematical at best - but does it really matter? Last I heard (which is from a few years ago), iiNet use Debian for most of their servers. They also do have a community-run shell server, although it's use is rather restricted by resource limits. http://shell.iinet.net.au/ Internode has used/is using Gentoo and FreeBSD. Not sure. None of this really matters in choosing an ISP though. :) -Chris. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] australian map sheets mashup
Nice. Did you know that software updates (maps) on consumer gps navigators are typically $300? Like Directory Assistance, we're allowing public domain information to be locked up by for-profit service providers regardless of any value-adding. /rant Kevin Shackleton On Mon, 2007-06-04 at 11:58 +1000, Peter Miller wrote: Hi Sluggers, The results of my weekend's hacking are available. It is a mashup which displays Australian standard map sheet names over Google Maps, in an attempt to make finding the name of the sheet you want easier. It may be of interest to sluggers who like bushwalking and camping, or probably any other topographic map user. I am interested in feedback: bugs, suggestions, etc. You can find it here: http://miller.emu.id.au/cgi-bin/cgi-map-genr Regards Peter Miller [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] PHP include path Q
hi, On 6/4/07, Rick Welykochy [EMAIL PROTECTED] wrote: Simon Males wrote: One reason I have heard is to have DB passwords outside the web root, just in case permissions go all weird and are being openly displayed on the interweb. This works only if the web admin has securely sandboxed each web user from the others. On a shared service, if each user is not su-exec'd properly, it is child's play to open another user's scripts and include files and read passwords and other privileged information. very true, but in no way an argument against keeping such things out of the webroot. if you have control of the hosting setup is the key phrase here. cheers justin -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Re: how to edit slug calendar event?
On Sun, 2007-06-03 at 23:09 +1000, Peter Miller wrote: I wanted to edit the CodeCon page to add some details, and I mysteriously can't edit it any more. What happened? Strangely, the web site doesn't say who to email should you have problems with the web site. Anywhere. Could some kind person tell me who to talk to about re-obtaining edit permission for http://slug.org.au/node/65 please? Regards Peter Miller [EMAIL PROTECTED] /\/\*http://miller.emu.id.au/pmiller/ PGP public key ID: 1024D/D0EDB64D fingerprint = AD0A C5DF C426 4F03 5D53 2BDB 18D8 A4E2 D0ED B64D See http://www.keyserver.net or any PGP keyserver for public key. Dilbert Principle: The most ineffective workers are systematically moved to the place where they can do the least damage: management. --Scott Adams signature.asc Description: This is a digitally signed message part -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: photo/graphics processing SIG anyone?
On Mon, 2007-06-04 at 16:37 +1000, Lindsay Holmwood wrote: David wrote: Let's keep the conversation going please. There MUST be a need for this sort of thing. If SLUG don't want to do a mailing list I'm quite happy to do one. Whoa, hold your horses! consider all horses held... sorry, didn't mean to be rude ;-) We're quite happy to do one, we just hadn't gotten around to it yet. :-) The new list is at [EMAIL PROTECTED] Lindsay -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Re: australian map sheets mashup
Hi Don't know if this helps but you might want to have a look http://wiki.openstreetmap.org/index.php/Sydney http://wiki.openstreetmap.org/index.php/Main_Page We are part way through mapping our own city.. http://wiki.openstreetmap.org/index.php/Sheffield Cheers -- Richard www.sheflug.org.uk -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Open Flight Linux - Professor Patrick Stakem
Hi I'm aware that there are people out there who would like to know about this and so I thought I should circulate some information... Back in 2003 at Sheffield Hallam University with Professor Patrick Stakem. The purpose of this was to raise awareness of the Flight Linux project and to help people to understand that the world around us and also space exploration was moving towards a new era where different software was being used or contemplated http://www.sheflug.co.uk/stakem.html If you don't have an interest in space robots or astronomy then it's more than likely that you should try to show interest anyway. Flight Linux has now become Open Flight Linux. It is beginning to get beyond the usage that it was originally intended for. There are now download and documentation pages . http://www.openflightlinux.org If you want to join in with the project you can probably create an account for yourself on the site. Regards -- Richard www.sheflug.org.uk -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] australian map sheets mashup
On Mon, June 4, 2007 8:09 pm, Kevin Shackleton wrote: Did you know that software updates (maps) on consumer gps navigators are typically $300? Like Directory Assistance, we're allowing public domain information to be locked up by for-profit service providers regardless of any value-adding. /rant AFAIK, all the GPSs use map data from Telstra/Sensis/Whereis; in case of TomTom prices are like: Australia: 200 Euros 86MB Grt Britain/Irealand: 60 Euros 255MB All of Western Europe 100 Euros 944MB 21 countries across Western Europe The following countries are included: Andorra, Austria, Belgium, Denmark, Finland, France, Germany, Great Britain, Italy, Liechtenstein, Luxembourg, Monaco, Norway, Portugal, San Marino, Spain, Sweden, Switzerland, The Republic of Ireland, the Netherlands and Vatican City. Street network coverage: 99% OTOH, a (printed) street directory is about... $40 for Sydney alone(includes Blue Mountains) On Mon, 2007-06-04 at 11:58 +1000, Peter Miller wrote: -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] ssh questions
my logs are littered with the usual failed login crap; is moving ssh to a different port 'good idea' ? preferabley some port that will still allow me access from various places. what port ? port range ? I currently have in /etc/ssh/sshd.conf like: Protocol 2 AllowUsers myname PermitEmptyPasswords no LoginGraceTime 30s MaxAuthTries 2 -- input_userauth_request: invalid user virus reverse mapping checking getaddrinfo for ws252 Failed password for invalid user virus from :: Received disconnect from :::205.149.2.252: Invalid user cyrus from :::205.149.2.252 input_userauth_request: invalid user cyrus reverse mapping checking getaddrinfo for ws252 Failed password for invalid user cyrus from :: Received disconnect from :::205.149.2.252: Invalid user oracle from :::205.149.2.252 input_userauth_request: invalid user oracle -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh questions
if I'm on an ssh connection, how do I restart sshd...? shouldn't the ssh session I'm on drop me off ? # service sshd status sshd (pid 13182 10855 10853 7350 7348) is running... # service sshd restart Stopping sshd: [ OK ] Starting sshd: [ OK ] # service sshd status sshd (pid 13216 10855 10853 7350 7348) is running... -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh questions
On Tue, June 5, 2007 11:57 am, Phil Scarratt wrote: Voytek Eymont wrote: my logs are littered with the usual failed login crap; yes, if only to save the crap in the logs. Any port above say 4 should do I would think, but you may have other restrictions depending on the firewalls from behind which you need access - if they restrict outgoing port numbers then you are unlikely to be able to use that range. thanks, Fil yes, that's a better idea than buying latger HD (for the logs) what about a low port, I saw a suggestion like port 14 ? what command to see used ports ? -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh questions
quote who=Voytek Eymont if I'm on an ssh connection, how do I restart sshd...? Restart the service like you would any service (your paste demonstrates doing just that). shouldn't the ssh session I'm on drop me off ? No -- wouldn't that be inconvenient and annoying? The daemon is smart enough to keep active ssh sessions running across restarts, so you don't throw good glassware at the wall when things go wrong. - Jeff -- linux.conf.au 2008: Melbourne, Australiahttp://lca2008.linux.org.au/ Lego is the plural of Lego. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh questions
On 05/06/07, Voytek Eymont [EMAIL PROTECTED] wrote: my logs are littered with the usual failed login crap; is moving ssh to a different port 'good idea' ? It probably makes these types of automated scans, which are relying on you having common usernames with obvious passwords, less likely to do bad things to your machine. On the other hand, they're already 100% unlikely to access your machine, assuming you don't have common usernames with obvious passwords. You can't get better than that. It also makes it less convenient for you - you have to remember what the port is, and hope that firewalls don't block you, etc. It's not much of an inconvenience, but at least in terms of automated scans like this, it doesn't get you much benefit either. Iffing there was a remote exploit in openssh, there'd be a different kind of automated scan; in that scenario, having ssh on a non-standard port might buy you a bit of time before your vulnerable sshd gets cracked. More of a gain here - but it's not a common scenario (I'm pretty sure it's happened at least once, maybe twice, to openssh though). If you have a more determined attacker - someone who is specifically focussed on your machine, as opposed to someone scanning the internet for quick easy targets - they're going to find it no matter what port you put it on, so moving it gains you, at best, 60 seconds or so while they run nmap, and maybe a few more minutes while the look at the version string openssh sends when you connect to it to figure out that this odd port is in fact SSH - but does cause you a bit of inconvenience. Good is subjective, you need to decide what level of inconvenience you're willing to tolerate vs how many extra small barriers you want to put in front of an attacker. Personally, I run ssh on port 22. preferabley some port that will still allow me access from various places. what port ? port range ? I currently have in /etc/ssh/sshd.conf like: Protocol 2 AllowUsers myname PermitEmptyPasswords no LoginGraceTime 30s MaxAuthTries 2 You've already got this quite locked down. You could take it a step further by not allowing passwords at all, and relying on the SSH key you carry on your USB stick to authenticate you. Of course, that again makes things inconvenient for you - if you left the USB stick at home, you can't log in. If it gets stolen, not only can you not log in, but you can't even revoke your key until you get home and get your backup key on the spare usb stick - meanwhile, whoever stole the key has (potentially) free access to your machine.. Again, there are no right answers, it's about what level of inconvenience you're willing to put up with in return for increased barriers to entry. -- input_userauth_request: invalid user virus reverse mapping checking getaddrinfo for ws252 Failed password for invalid user virus from :: Received disconnect from :::205.149.2.252: Invalid user cyrus from :::205.149.2.252 input_userauth_request: invalid user cyrus reverse mapping checking getaddrinfo for ws252 Failed password for invalid user cyrus from :: Received disconnect from :::205.149.2.252: Invalid user oracle from :::205.149.2.252 input_userauth_request: invalid user oracle -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- There is nothing more worthy of contempt than a man who quotes himself - Zhasper, 2004 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh questions
Howdy, yes, that's a better idea than buying latger HD (for the logs) what about a low port, I saw a suggestion like port 14 ? what command to see used ports ? [EMAIL PROTECTED]:~$ netstat -anp --inet You could also nmap yourself :) DSL -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh questions
quote who=Voytek Eymont what about a low port, I saw a suggestion like port 14 ? Look at /etc/services to see a mapping of common services to ports. It would be unusual to assign ssh to a different sub-1024 port. You'd be better off using or similar. what command to see used ports ? I use 'netstat -pan'. - Jeff -- OSCON 2007: Portland OR, USAhttp://conferences.oreillynet.com/oscon/ It makes perfect sense. If you're a narcissistic arsehole spawned from a curdled gene pool. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh questions
No - it will kill the sshd that listens on port 22, but not the process servicing your connection. I've done this before, and you probably have too - eg, last time you did an apt-get upgrade and it upgraded ssh for you. If you're worried, queue up a couple of at jobs - one in 10 minutes to start openssh, and jus tin case that doesn't work, another 10 minutes after that to reboot the machine. On 05/06/07, Voytek Eymont [EMAIL PROTECTED] wrote: if I'm on an ssh connection, how do I restart sshd...? shouldn't the ssh session I'm on drop me off ? # service sshd status sshd (pid 13182 10855 10853 7350 7348) is running... # service sshd restart Stopping sshd: [ OK ] Starting sshd: [ OK ] # service sshd status sshd (pid 13216 10855 10853 7350 7348) is running... -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- There is nothing more worthy of contempt than a man who quotes himself - Zhasper, 2004 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh questions
On 05/06/07, Voytek Eymont [EMAIL PROTECTED] wrote: On Tue, June 5, 2007 11:57 am, Phil Scarratt wrote: Voytek Eymont wrote: my logs are littered with the usual failed login crap; yes, if only to save the crap in the logs. Any port above say 4 should do I would think, but you may have other restrictions depending on the firewalls from behind which you need access - if they restrict outgoing port numbers then you are unlikely to be able to use that range. thanks, Fil yes, that's a better idea than buying latger HD (for the logs) Or, change your log level so they don't get logged. Or, have logrotate gzip your archives (which it probably does anyway) so that logging repeated patterns like that takes insignificant amounts of space. what about a low port, I saw a suggestion like port 14 ? what command to see used ports ? netstat -ntlp check /etc/services to see if port 14 is a well-known port for something (14 isn't, as far as I can tell) -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- There is nothing more worthy of contempt than a man who quotes himself - Zhasper, 2004 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh questions
Voytek Eymont wrote: On Tue, June 5, 2007 11:57 am, Phil Scarratt wrote: Voytek Eymont wrote: my logs are littered with the usual failed login crap; yes, if only to save the crap in the logs. Any port above say 4 should do I would think, but you may have other restrictions depending on the firewalls from behind which you need access - if they restrict outgoing port numbers then you are unlikely to be able to use that range. thanks, Fil yes, that's a better idea than buying latger HD (for the logs) what about a low port, I saw a suggestion like port 14 ? what command to see used ports ? I believe netstat will list listening ports/sockets on a system. Of course, it goes without saying that changing the port is not replacement for good security measures such as password strength, keys, etc etc. Fil -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh questions
thanks, everyone, for all the detailed info, tips and suggestions ! On Tue, June 5, 2007 12:04 pm, Zhasper wrote: No - it will kill the sshd that listens on port 22, but not the process servicing your connection. I've done this before, and you probably have too - eg, last time you did an apt-get upgrade and it upgraded ssh for you. I was just confused by seeing this in the log: -- Jun 5 12:12:41 bilby sshd[13216]: Received signal 15; terminating. Jun 5 12:12:41 bilby sshd[13379]: Server listening on :: port 22. Jun 5 12:12:41 bilby sshd[13379]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use. If you're worried, queue up a couple of at jobs - one in 10 minutes to start openssh, and jus tin case that doesn't work, another 10 minutes after that to reboot the machine. is this like an 'at (time) service sshd start' thing ? thanks again -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh questions
Voytek Eymont wrote: On Tue, June 5, 2007 11:57 am, Phil Scarratt wrote: Voytek Eymont wrote: my logs are littered with the usual failed login crap; yes, if only to save the crap in the logs. Any port above say 4 should do I would think, but you may have other restrictions depending on the firewalls from behind which you need access - if they restrict outgoing port numbers then you are unlikely to be able to use that range. thanks, Fil yes, that's a better idea than buying latger HD (for the logs) what about a low port, I saw a suggestion like port 14 ? what command to see used ports ? The /etc/services file lists common ports that are assigned. You really need to checkout IANA (iana.org) for the official list though. Fil -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh questions
Voytek Eymont wrote: my logs are littered with the usual failed login crap; is moving ssh to a different port 'good idea' ? preferabley some port that will still allow me access from various places. what port ? port range ? yes, if only to save the crap in the logs. Any port above say 4 should do I would think, but you may have other restrictions depending on the firewalls from behind which you need access - if they restrict outgoing port numbers then you are unlikely to be able to use that range. Fil -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh questions
Voytek Eymont wrote: if I'm on an ssh connection, how do I restart sshd...? shouldn't the ssh session I'm on drop me off ? # service sshd status sshd (pid 13182 10855 10853 7350 7348) is running... # service sshd restart Stopping sshd: [ OK ] Starting sshd: [ OK ] # service sshd status sshd (pid 13216 10855 10853 7350 7348) is running... SSH starts another process for each connection, and restarting sshd like that does not kill existing connections (in redhat's case anyway). Hence you can do the restart and it won't drop out. Fil -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh questions
On 05/06/07, Phil Scarratt [EMAIL PROTECTED] wrote: Voytek Eymont wrote: my logs are littered with the usual failed login crap; is moving ssh to a different port 'good idea' ? preferabley some port that will still allow me access from various places. what port ? port range ? yes, if only to save the crap in the logs. Any port above say 4 I use non-standard ports under 1024 for both my ssh and apache service just for that reason - haven't seen evidence of a single port scan on their logs since I changed the ports few years ago, and I managed to connect to the non-standard ports from anywere I tried. Another option that you might want to consider to keep your mind at rest is to forbid password-enabled log ins - instead you can force private/public key for authentication. (The web site isn't published anywere on the public internet, only via private e-mails to people I more-or-less trust, otherwise it would make less sense to move it). --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] samba wierdness
Hi If anyone can see the light ... I have a samba share on two machines, suse 10.2 and feisty [video] comment = video inherit acls = Yes path = /home/store read only = No guest ok = Yes On both machines, from a linux desktop browser, the share is publicly accessable. (no login) From XP the suse share is accessable, the feisty share prompts for a password! If I use smbpasswd and create one, then the XP accepts the passwd and works normally !! The acls line makes no difference Neither the logs or the smb.conf files appear out of the ordinary. James -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh questions
On 05/06/07, Voytek Eymont [EMAIL PROTECTED] wrote: thanks, everyone, for all the detailed info, tips and suggestions ! On Tue, June 5, 2007 12:04 pm, Zhasper wrote: No - it will kill the sshd that listens on port 22, but not the process servicing your connection. I've done this before, and you probably have too - eg, last time you did an apt-get upgrade and it upgraded ssh for you. I was just confused by seeing this in the log: -- Jun 5 12:12:41 bilby sshd[13216]: Received signal 15; terminating. Jun 5 12:12:41 bilby sshd[13379]: Server listening on :: port 22. Jun 5 12:12:41 bilby sshd[13379]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use. Urr... I'm confused too. What does netstat -ntlp show as listening on port 22 right now? If you're worried, queue up a couple of at jobs - one in 10 minutes to start openssh, and jus tin case that doesn't work, another 10 minutes after that to reboot the machine. is this like an 'at (time) service sshd start' thing ? man 1 at sample session: [EMAIL PROTECTED]:~$ at now + 10 minutes warning: commands will be executed using /bin/sh at echo Hello Voytek /tmp/helloworld.out at EOT job 1 at Tue Jun 5 05:32:00 2007 [EMAIL PROTECTED]:~$ at is fairly intelligent in terms of timeperiods - it assumes you want to do something within 24 hours, so 6pm will be interpreted as 6pm tonight. it understands things like midday, tomorrow, and even teatime. One caveat: things executed in at won't be run in your usual shell environment (ie, it won't have run your .bash_profile or .bashrc); if in doubt, it's best to fully specify all paths (/sbin/shutdown, not just shutdown). If you run into other problems, they're usually caused by an assumption you've made based on something that's normally in your environment: having $EDITOR set, or having alias la=ls -la set, or something like that. thanks again -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- There is nothing more worthy of contempt than a man who quotes himself - Zhasper, 2004 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh questions
Zhasper wrote: Or, change your log level so they don't get logged. Or, have logrotate gzip your archives (which it probably does anyway) so that logging repeated patterns like that takes insignificant amounts of space. Or use the logwatch utility to read your logs which can summarize these authentication attempts in a way that is reasonably easy to scroll through, while still pointing out any other oddities. --Jeremy -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh questions
On Tue, 2007-06-05 at 12:02 +1000, Zhasper wrote: It probably makes these types of automated scans, which are relying on you having common usernames with obvious passwords, less likely to do bad things to your machine. On the other hand, they're already 100% unlikely to access your machine, assuming you don't have common usernames with obvious passwords. You can't get better than that. 10% of users will choose a poor password. Better to get ssh to insist on a public key, and then call login so it can ask for their password too. Just running public keys rather than passwords as the first authentication cuts out the username/password scanning traffic from succeeding; leaving just the exploit traffic with a chance. [ If I may rant about Fedora for just a moment. Insisting upon a root password during installation, not testing the strength of it, and then giving root sshd access is just asking for trouble. ] If you have a more determined attacker - someone who is specifically focussed on your machine, as opposed to someone scanning the internet for quick easy targets - they're going to find it no matter what port you put it on You can use door knocking software. sshd doesn't get attached to the network traffic unless a particular pattern of traffic is seen beforehand. This is commonly used to hide the sshd of rootkits from nmap scans, but there is no reason why they can't be used for good rather than evil. I used to do this, but in practice it is painful to do from any host I hadn't set up beforehand (and in that case, why not use a firewall access list). You've already got this quite locked down. You could take it a step further by not allowing passwords at all, and relying on the SSH key you carry on your USB stick to authenticate you. Of course, that again makes things inconvenient for you - if you left the USB stick at home, you can't log in. If it gets stolen, not only can you not log in, but you can't even revoke your key until you get home and get your backup key on the spare usb stick - meanwhile, whoever stole the key has (potentially) free access to your machine.. Also, the remote machine can secretly copy your USB key. There's some Windows malware which does that. On a more practical note, the file format for PuTTY is different for that from OpenSSH. Having the key in both formats on the USB disk saves a lot of stuffing about. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh questions
On Tue, 2007-06-05 at 12:22 +1000, Voytek Eymont wrote: Jun 5 12:12:41 bilby sshd[13216]: Received signal 15; terminating. Jun 5 12:12:41 bilby sshd[13379]: Server listening on :: port 22. Jun 5 12:12:41 bilby sshd[13379]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use. The message is clear. The cause is - another sshd or other daemon is running on that port. - the daemon has put the port into a TCP Wait state (unusual these days) - IPv4 and IPv6 are attempting to bind, but you have no IPv6 address, so you fall back to the already-bound IPv4 address. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh questions
quote who=Zhasper You could take it a step further by not allowing passwords at all, and relying on the SSH key you carry on your USB stick to authenticate you. Of course, that again makes things inconvenient for you - if you left the USB stick at home, you can't log in. If it gets stolen, not only can you not log in, but you can't even revoke your key until you get home and get your backup key on the spare usb stick - meanwhile, whoever stole the key has (potentially) free access to your machine.. For those watching at home: *ALWAYS* use passphrases on ssh keys for normal user accounts (as opposed to command locked accounts). Then use ssh-agent to dodge both server password and ssh key passphrase inconvenience... You will never go back to passwords again. - Jeff -- Ubuntu Live 2007: Portland, OR, USA http://www.ubuntulive.com/ In the beginning was the word, and the word was content-type: text/plain - Martin Schulze -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
