swordfile isn't checked
for every other minute... a reboot doesn't go around unnoticed...
Mark Janssen Unix Consultant
Unix Support Nederland / PSInet Netherlands
E-mail: [EMAIL PROTECTED]GnuPG Key Id: 357D2178
http: markjanssen.homeip.net www.markjan
her advanced features most term-emulators
with ssh don't have) from your bash shell.
Mark Janssen Unix Consultant
Unix Support Nederland / PSInet Netherlands
E-mail: [EMAIL PROTECTED]GnuPG Key Id: 357D2178
http: markjanssen.homeip.net www.markjanssen.nl
be found here:
ftp://sunsite.org.uk/Mirrors/sourceware.cygnus.com/pub/cygwin/setup.exe
Or on other sites... just search with google...
Mark Janssen Unix Consultant
Unix Support Nederland / PSInet Netherlands
E-mail: [EMAIL PROTECTED]GnuPG Key Id: 357D2178
http: markjanssen.home
ve 200+ debian systems spread across the
internet in different cities, timezones and administrative domains :)
--
Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178
Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT
Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl
On Fri, 2002-10-18 at 14:58, [EMAIL PROTECTED] wrote:
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
>
> How can I disable the message ?
You can limit it somewhat (by editing source), but the protocol needs
the version string, so you can't change it without breaking
compatibility.
--
rts you do not
expect (like sshd's running on port 80, 443 or random port numbers)
Why do you want to disallow people to ssh out of your system, while
allowing them to ssh into it ???
You can never block anyone who _wants_ to do something
--
Mark Janssen <[EMAIL PROTECTED]>
Saiko Internet Technologies
I use it as one of my main debian mirrors, since it's only 5 hops away
from me :)
--
Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178
Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT
Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl
if (current->mm->dumpable)
+ if (is_dumpable(current))
error = 1;
break;
case PR_SET_DUMPABLE:
@@ -1294,7 +1294,8 @@ asmlinkage long sys_prctl(int option, un
error
ve 200+ debian systems spread across the
internet in different cities, timezones and administrative domains :)
--
Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178
Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT
Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|
On Fri, 2002-10-18 at 14:58, [EMAIL PROTECTED] wrote:
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
>
> How can I disable the message ?
You can limit it somewhat (by editing source), but the protocol needs
the version string, so you can't change it without breaking
compatibility.
--
rts you do not
expect (like sshd's running on port 80, 443 or random port numbers)
Why do you want to disallow people to ssh out of your system, while
allowing them to ssh into it ???
You can never block anyone who _wants_ to do something
--
Mark Janssen <[EMAIL PROTECTED]>
Saiko Inte
I use it as one of my main debian mirrors, since it's only 5 hops away
from me :)
--
Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178
Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT
Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl
--
To UNSUBSC
if (is_dumpable(current))
error = 1;
break;
case PR_SET_DUMPABLE:
@@ -1294,7 +1294,8 @@ asmlinkage long sys_prctl(int option, un
error = -EINVAL;
module in order to name ciphers by name. Try -E
> 16 instead.
You need to do something like this:
sudo cryptsetup -c aes -y create SomeUniqueName /dev/hda10
sudo mount /dev/mapper/SomeUniqueName /mountpoint
--
Mark Janssen -- maniac(at)maniac.nl -- pgp: 0x357D2178 | ,''`.
swordfile isn't checked
for every other minute... a reboot doesn't go around unnoticed...
Mark Janssen Unix Consultant
Unix Support Nederland / PSInet Netherlands
E-mail: [EMAIL PROTECTED]GnuPG Key Id: 357D2178
http: markjanssen.homeip.net www.markjan
her advanced features most term-emulators
with ssh don't have) from your bash shell.
Mark Janssen Unix Consultant
Unix Support Nederland / PSInet Netherlands
E-mail: [EMAIL PROTECTED]GnuPG Key Id: 357D2178
http: markjanssen.homeip.net www.markjanssen.nl
be found here:
ftp://sunsite.org.uk/Mirrors/sourceware.cygnus.com/pub/cygwin/setup.exe
Or on other sites... just search with google...
Mark Janssen Unix Consultant
Unix Support Nederland / PSInet Netherlands
E-mail: [EMAIL PROTECTED]GnuPG Key Id: 357D2178
http: markjanssen.home
d in the sshd_options file and the manual page for
sshd (not ssh) ;)
Have fun...
>
> As always, You guys are great, thanks in advance for the help,
>
>
> ~duane
>
--
Mark Janssen Unix Consultant @ SyConOS IT
E-mail: [EMAIL PROTECTED]GnuPG Key Id: 357D
d in the sshd_options file and the manual page for
sshd (not ssh) ;)
Have fun...
>
> As always, You guys are great, thanks in advance for the help,
>
>
> ~duane
>
--
Mark Janssen Unix Consultant @ SyConOS IT
E-mail: [EMAIL PROTECTED]GnuPG Key Id: 357D
the other 'root's on the machine, each his own keypair and
passphrase
(Put the public key in the .authorized_keys file for the root user)
TUrn on RSA/DSA authentication and 'allow root login'
Mark Janssen Unix Consultant @ SyConOS IT
E-mail: [EMAIL PRO
On Thu, Nov 08, 2001 at 04:57:22PM -0500, Adam Spickler wrote:
> Is there a decent Windows FTP application that supports sftp? Unfortunately, I have
>to use Windows at work. :/
cygwin includes openssh... and the sftp it has supports everything you
need.
--
Mark J
t'll use /etc/pam.d/opensshd. If you name it sshd it will use
/etc/pam.d/sshd etc :)
That's what I read last week in some docs on the OpenSSH site :)
Mark Janssen Unix Consultant @ SyConOS IT
E-mail: [EMAIL PROTECTED] GnuPG Key Id: 357D2178
http:
ry directories
> is enough for exim to function - unless there are issues with the
> permissions of /var/spool/mail/.
> Now another question: are there?
As long as /var/spool/mail/* is writable/owned by the 'mail' user I do
not see a problem here.
Also check /var/spool/mqu
y their
respective owners (your clients) and keep well away from other people's
boxes.
Mark Janssen Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT
E-mail: mark(at)markjanssen.nl / maniac(at)maniac.nl GnuPG Key Id: 357D2178
Web: Maniac.nl Unix-God.[Net|Org] MarkJanssen.[
H on the telnet port).
You can't get rid of this message (unless you also use a modified
client.) The message is part of the protocol, and it is required that
SSH servers specify their version.
You could modify the string... (removing or altering the OpenSSH part).
But the SSH-2.0- part is ma
On Thu, 2002-02-14 at 16:20, Cristian Ionescu-Idbohrn wrote:
Greetings,
Yes, I would like to do that.
Any good tools you folks would recommand?
Nmap from a dial-up connection... or login to some unix host and nmap from there...
Maniac
(Or... just throw your IP into the interne
sr/sbin/apache-sslctl start: httpsd started
>
--
Mark Janssen Unix / Linux, Open-Source and Internet Consultant @
SyConOS IT
E-mail: mark(at)markjanssen.nl / maniac(at)maniac.nl GnuPG Key Id:
357D2178
Web: Maniac.nl Unix-God.[Net|Org] MarkJanssen.[com|net|org|nl]
SyConOS.[com|nl]
99:Joe Random User:/home/joe/./:/bin/bash
Now joeuser will be chrooted to /home/joe
This works for SSH and SCP / SFTP etc of course.
Mark Janssen
>
> I did not see anything about this issue on the openssh web site.
> Anybody got any suggestions?
>
>
> --
> To UNS
em safely use ftp over the internet. That's only
> way they can use ftp since the firewall blocks ftp from the internet.
> But that stills leaves the scp "hole".
Fixed :)
The chroot-patch is at:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139047&repeatmerged=ye
e error in the channel code" security hole?
Yes, it was fixed in debian package Openssh_3.0.2p1-8 (maybe allready in
7, but that had other problems)
Debian usually patches the (security) bug, without going straight to the
new upstream release, but only upgrading the package number
--
Mark Janss
On Fri, 2002-04-26 at 09:58, Trancom wrote:
> how to unsubscribe.
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Look here
Or Here \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/
--
To UNSUBSCR
these words contain either only
lowercase letters, or upper and lower case mixed, or digits thrown
in. Uppercase letters and digits are placed in a way that eases
remembering their position when memorizing only the word.
--
Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178
Unix / Linux,
bes the working of this scam... Just ignore it, or
send it on to the relevant government agency...
--
Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178
Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT
Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
the other 'root's on the machine, each his own keypair and
passphrase
(Put the public key in the .authorized_keys file for the root user)
TUrn on RSA/DSA authentication and 'allow root login'
Mark Janssen Unix Consultant @ SyConOS IT
E-mail: [EMAIL PRO
On Thu, Nov 08, 2001 at 04:57:22PM -0500, Adam Spickler wrote:
> Is there a decent Windows FTP application that supports sftp? Unfortunately,
> I have to use Windows at work. :/
cygwin includes openssh... and the sftp it has supports everything you
need.
--
Mark J
t'll use /etc/pam.d/opensshd. If you name it sshd it will use
/etc/pam.d/sshd etc :)
That's what I read last week in some docs on the OpenSSH site :)
Mark Janssen Unix Consultant @ SyConOS IT
E-mail: [EMAIL PROTECTED] GnuPG Key Id: 357D2178
http:
ry directories
> is enough for exim to function - unless there are issues with the
> permissions of /var/spool/mail/.
> Now another question: are there?
As long as /var/spool/mail/* is writable/owned by the 'mail' user I do
not see a problem here.
Also check /var/spool/mqu
y their
respective owners (your clients) and keep well away from other people's
boxes.
Mark Janssen Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT
E-mail: mark(at)markjanssen.nl / maniac(at)maniac.nl GnuPG Key Id: 357D2178
Web: Maniac.nl Unix-God.[Net|Org] MarkJanssen.[
H on the telnet port).
You can't get rid of this message (unless you also use a modified
client.) The message is part of the protocol, and it is required that
SSH servers specify their version.
You could modify the string... (removing or altering the OpenSSH part).
But the SSH-2.0- part is ma
On Thu, 2002-02-14 at 16:20, Cristian Ionescu-Idbohrn wrote:
Greetings,
Yes, I would like to do that.
Any good tools you folks would recommand?
Nmap from a dial-up connection... or login to some unix host and nmap from there...
Maniac
(Or... just throw your IP into the interne
sr/sbin/apache-sslctl start: httpsd started
>
--
Mark Janssen Unix / Linux, Open-Source and Internet Consultant @
SyConOS IT
E-mail: mark(at)markjanssen.nl / maniac(at)maniac.nl GnuPG Key Id:
357D2178
Web: Maniac.nl Unix-God.[Net|Org] MarkJanssen.[com|net|org|nl]
SyConOS.[com|nl]
Random User:/home/joe/./:/bin/bash
Now joeuser will be chrooted to /home/joe
This works for SSH and SCP / SFTP etc of course.
Mark Janssen
>
> I did not see anything about this issue on the openssh web site.
> Anybody got any suggestions?
>
>
> --
> To UNS
em safely use ftp over the internet. That's only
> way they can use ftp since the firewall blocks ftp from the internet.
> But that stills leaves the scp "hole".
Fixed :)
The chroot-patch is at:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139047&repeatmerged=ye
-one error in the channel code" security
> hole?
Yes, it was fixed in debian package Openssh_3.0.2p1-8 (maybe allready in
7, but that had other problems)
Debian usually patches the (security) bug, without going straight to the
new upstream release, but only upgrading the package number
-
On Fri, 2002-04-26 at 09:58, Trancom wrote:
> how to unsubscribe.
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Look here
Or Here \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/
--
To UNSUBSCRI
these words contain either only
lowercase letters, or upper and lower case mixed, or digits thrown
in. Uppercase letters and digits are placed in a way that eases
remembering their position when memorizing only the word.
--
Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178
Unix / Linux,
On Mon, 2002-06-10 at 19:13, Jeff Bonner wrote:
> Questions:
>
> 1) Are all those ciphers actually available in my SSH package?
Run the ssh daemon with debugging on (2 levels or more) and check the
output:
sshd -d -d -d -p
ssh -v -p 127.0.0.1
Look at all the pretty output...
debug2: kex_par
rd will be
visible to roots on both ends of the tunnel, but not to anyone in
between.
So it's quite safe ;)
--
Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178
Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT
Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.co
unning as root) will be
chrooted in /var/run/sshd
This was/is all in woody, but I suspect potato to act the same :)
--
Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178
Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT
Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS
pick your
> choice
> of logout method...) then Getty immediately respawns
No... getty exec's a shell (or a login actually) and when this exits
the inetd restarts the getty. :)
--
Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178
Unix / Linux, Open-Source and Internet Con
n package chroots to the empty and root:root owned dir
/var/run/sshd
I myself changed this to root:sys, but that shouldn't really matter.
--
Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178
Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT
Maniac.nl Unix-God.Ne
>From what I understand, the advisory below is for the security issue
we've been buggering over for the last 2-3 days.
As I understand it, there is no need to upgrade to openssh 3.3 and use
priv-sep code, when we turn of the various challenge-response systems
discussed below (BSD-AUTH and SKEY).
Head over to OpenSSH.com
They have just released version 3.4, which should fix some overflow
problems and adds lot's of new checks against dubious input.
Advisories and updates on the various pages there.
Mark Janssen
Syconos IT Consultancy
--
To UNSUBSCRIBE, email to [EMAIL PROT
;
> >Reply-To: "Dr. Kola Adams" <[EMAIL PROTECTED]>
> >To:
> >Subject: Business Proposal (Urgent)
> >Date: Tue, 24 Sep 2002 05:55:21 -0700
I suggest you first read:
http://home.rica.net/alphae/419coal/
Which clearly describes the working of this scam... Just
54 matches
Mail list logo