Re: port 16001 and 111
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Noah L. Meyerhans [EMAIL PROTECTED] wrote: On Thu, Oct 17, 2002 at 07:15:08PM +0300, Jussi Ekholm wrote: The same answer as a luser and as a root. What should I deduct from this? It's just so weird as I'm not running NFS, NIS or any other thingie that should use this port... What do you get from: netstat -ntlp | grep 16001 Nothing -- grep doesn't find a string '16001'. And this issue got covered already, I think -- port 16001 had something to do with Enlightenment's sound daemon. But, the port 111... I've removed the symlinks of portmapper for rcX.d directories with update-rc.d and stopped portmapper itself manually. Still, I get to see 'sunrpc connection attempt from localhost...' every day in iplogger.log. Yesterday, three times. This is a bit puzzling and I'm out of ideas, but I hope this behaviour doesn't compromise my system... - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9uvXlAtEARxQQCB4RAj2SAJ96kZsuOJilED6Dk1deOgU2W5PqMQCfeuGw B1QgBTYXzfqda4600ym4UFA= =1XxG -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: port 16001 and 111
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jean Christophe ANDRÉ [EMAIL PROTECTED] wrote: Jussi Ekholm écrivait : The same answer as a luser and as a root. What should I deduct from this? It's just so weird as I'm not running NFS, NIS or any other thingie that should use this port... You said what would try to connect to my system's port [...] 111 from within my own system. I would answer something that is configured to do so? Yup, but what? You may not look what binds this port since you don't run portmap but instead what is configured to try NIS, NFS, ... access! Did you tune your /etc/nsswitch.conf to try NIS? Or something else... Nope, I haven't tuned anything concerning NIS or NFS, as I haven't had any need to do so. Although, the file nsswitch.conf exists in /etc. I think I *did* turn on the support what comes to kernel, but other than that I haven't done anything. Now I've removed portmapper from boot-up and stopped it from /etc/init.d/ manually (actually more than once :-). This is the best I can think, but still I had three entries of sunrpc connection attempts in my iplogger.log yesterday. It seems, that the file you mentioned comes along with base-files, so the removing of that package is out of the question *g*. Ah well, I'll keep my eye sharp for these connection attempts recorded by iplogger, and hope that my system's not compromised. Also, I'll try to look the one to blame by checking logs and matching the time the events happened and so on. Let's see if something turns up... - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9uvdoAtEARxQQCB4RAlERAKDVJTJhLQp552tm34H5d1z+A3BHHgCfQm7S xZV0w99yesSp4oWF3UqHWAI= =lV9E -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: port 16001 and 111
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Olaf Dietsche olaf.dietsche#[EMAIL PROTECTED] wrote: Jussi Ekholm [EMAIL PROTECTED] writes: rpcinfo: can't contact portmapper: RPC: Remote system error \ - Connection refused The same answer as a luser and as a root. What should I deduct from this? It's just so weird as I'm not running NFS, NIS or any other thingie that should use this port... This means portmap isn't running. Connection refused means nothing listens on port 111. So, whatever is trying to contact port 111, there's no reason to be concerned. That's good to hear, thanks. This could be valid requests from programs trying to contact NIS before DNS, however. Look at /etc/nsswitch.conf, wether NIS is mentioned. Yes, NIS is mentioned: $ grep -i nis /etc/nsswitch.conf netgroup: nis But I can't make anything out of this. I guess I'll have to read about portmapper to learn a bit about it -- at the moment, I'm completely ignorant as I haven't had the need for it or anything. Still, thanks for the help and your suggestions; the fact, that nothing listens on port 111 makes me feel a little bit better, and your sentence there's no reason to be concerned makes me feel even better. :-) Of course, a Paranoid Android should still think, that you belong to a secret group government has put up to extract information of my daily use of it... Thanks! - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9uvjLAtEARxQQCB4RAmdMAJ4g4EsCgsCzdKIHhnAQY/nDRVPj0ACgg7c9 LAE8Xe5ur/BrquR/PNF3T70= =9C1C -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: port 16001 and 111
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Noah L. Meyerhans [EMAIL PROTECTED] wrote: On Thu, Oct 17, 2002 at 07:15:08PM +0300, Jussi Ekholm wrote: The same answer as a luser and as a root. What should I deduct from this? It's just so weird as I'm not running NFS, NIS or any other thingie that should use this port... What do you get from: netstat -ntlp | grep 16001 Nothing -- grep doesn't find a string '16001'. And this issue got covered already, I think -- port 16001 had something to do with Enlightenment's sound daemon. But, the port 111... I've removed the symlinks of portmapper for rcX.d directories with update-rc.d and stopped portmapper itself manually. Still, I get to see 'sunrpc connection attempt from localhost...' every day in iplogger.log. Yesterday, three times. This is a bit puzzling and I'm out of ideas, but I hope this behaviour doesn't compromise my system... - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9uvXlAtEARxQQCB4RAj2SAJ96kZsuOJilED6Dk1deOgU2W5PqMQCfeuGw B1QgBTYXzfqda4600ym4UFA= =1XxG -END PGP SIGNATURE-
Re: port 16001 and 111
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jean Christophe ANDRÉ [EMAIL PROTECTED] wrote: Jussi Ekholm écrivait : The same answer as a luser and as a root. What should I deduct from this? It's just so weird as I'm not running NFS, NIS or any other thingie that should use this port... You said what would try to connect to my system's port [...] 111 from within my own system. I would answer something that is configured to do so? Yup, but what? You may not look what binds this port since you don't run portmap but instead what is configured to try NIS, NFS, ... access! Did you tune your /etc/nsswitch.conf to try NIS? Or something else... Nope, I haven't tuned anything concerning NIS or NFS, as I haven't had any need to do so. Although, the file nsswitch.conf exists in /etc. I think I *did* turn on the support what comes to kernel, but other than that I haven't done anything. Now I've removed portmapper from boot-up and stopped it from /etc/init.d/ manually (actually more than once :-). This is the best I can think, but still I had three entries of sunrpc connection attempts in my iplogger.log yesterday. It seems, that the file you mentioned comes along with base-files, so the removing of that package is out of the question *g*. Ah well, I'll keep my eye sharp for these connection attempts recorded by iplogger, and hope that my system's not compromised. Also, I'll try to look the one to blame by checking logs and matching the time the events happened and so on. Let's see if something turns up... - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9uvdoAtEARxQQCB4RAlERAKDVJTJhLQp552tm34H5d1z+A3BHHgCfQm7S xZV0w99yesSp4oWF3UqHWAI= =lV9E -END PGP SIGNATURE-
Re: port 16001 and 111
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Olaf Dietsche [EMAIL PROTECTED] wrote: Jussi Ekholm [EMAIL PROTECTED] writes: rpcinfo: can't contact portmapper: RPC: Remote system error \ - Connection refused The same answer as a luser and as a root. What should I deduct from this? It's just so weird as I'm not running NFS, NIS or any other thingie that should use this port... This means portmap isn't running. Connection refused means nothing listens on port 111. So, whatever is trying to contact port 111, there's no reason to be concerned. That's good to hear, thanks. This could be valid requests from programs trying to contact NIS before DNS, however. Look at /etc/nsswitch.conf, wether NIS is mentioned. Yes, NIS is mentioned: $ grep -i nis /etc/nsswitch.conf netgroup: nis But I can't make anything out of this. I guess I'll have to read about portmapper to learn a bit about it -- at the moment, I'm completely ignorant as I haven't had the need for it or anything. Still, thanks for the help and your suggestions; the fact, that nothing listens on port 111 makes me feel a little bit better, and your sentence there's no reason to be concerned makes me feel even better. :-) Of course, a Paranoid Android should still think, that you belong to a secret group government has put up to extract information of my daily use of it... Thanks! - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9uvjLAtEARxQQCB4RAmdMAJ4g4EsCgsCzdKIHhnAQY/nDRVPj0ACgg7c9 LAE8Xe5ur/BrquR/PNF3T70= =9C1C -END PGP SIGNATURE-
Re: port 16001 and 111
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin Grape [EMAIL PROTECTED] wrote: 15 Oct 2002, Jussi Ekholm wrote: Still, the connection attempt from localhost to port 111 puzzles me... Of the top of my head: Do you have any nfs services running on the machine? I seem to remember sunrpc beeing used by the nfs-server No NFS nor NIS in this system - that's why it is so puzzling... - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9ruE3AtEARxQQCB4RAgDAAKC3YrUdxQniS1FLx8ovhNROmUsA8wCbBN8V 196jnCWZOTdybM1ZKjpH1mA= =c12l -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: port 16001 and 111
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Olaf Dietsche olaf.dietsche#[EMAIL PROTECTED] wrote: Jussi Ekholm [EMAIL PROTECTED] writes: So, what would try to connect to my system's port 16001 and 111 from within my own system? Should I be concerned? Should I expect the worst? Any insight on this issue would calm me down... Port 111 is used by portmap. If you don't use RPC services, you can stop it. I don't use it on my desktop machine. Try rpcinfo -p to see, wether there's anything running on your computer. Well, at least knowingly I don't use any RPC services. :-) And this is what 'rpcinfo -p' gives me: rpcinfo: can't contact portmapper: RPC: Remote system error \ - Connection refused (I split it in two lines) The same answer as a luser and as a root. What should I deduct from this? It's just so weird as I'm not running NFS, NIS or any other thingie that should use this port... - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9ruIMAtEARxQQCB4RArdCAKDQLiPPgaHVk5SX/ifaLJqa5OU15ACfYQvC 302SijCp/6oPSyG05rId3/Y= =F6w7 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: port 16001 and 111
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin Grape [EMAIL PROTECTED] wrote: 15 Oct 2002, Jussi Ekholm wrote: Still, the connection attempt from localhost to port 111 puzzles me... Of the top of my head: Do you have any nfs services running on the machine? I seem to remember sunrpc beeing used by the nfs-server No NFS nor NIS in this system - that's why it is so puzzling... - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9ruE3AtEARxQQCB4RAgDAAKC3YrUdxQniS1FLx8ovhNROmUsA8wCbBN8V 196jnCWZOTdybM1ZKjpH1mA= =c12l -END PGP SIGNATURE-
Re: port 16001 and 111
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Olaf Dietsche [EMAIL PROTECTED] wrote: Jussi Ekholm [EMAIL PROTECTED] writes: So, what would try to connect to my system's port 16001 and 111 from within my own system? Should I be concerned? Should I expect the worst? Any insight on this issue would calm me down... Port 111 is used by portmap. If you don't use RPC services, you can stop it. I don't use it on my desktop machine. Try rpcinfo -p to see, wether there's anything running on your computer. Well, at least knowingly I don't use any RPC services. :-) And this is what 'rpcinfo -p' gives me: rpcinfo: can't contact portmapper: RPC: Remote system error \ - Connection refused (I split it in two lines) The same answer as a luser and as a root. What should I deduct from this? It's just so weird as I'm not running NFS, NIS or any other thingie that should use this port... - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9ruIMAtEARxQQCB4RArdCAKDQLiPPgaHVk5SX/ifaLJqa5OU15ACfYQvC 302SijCp/6oPSyG05rId3/Y= =F6w7 -END PGP SIGNATURE-
Re: port 16001 and 111
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom Cook [EMAIL PROTECTED] wrote: On 0, Jussi Ekholm [EMAIL PROTECTED] wrote: So, what would try to connect to my system's port 16001 and 111 Good afternoon (from Australia). It's a beautiful, sunny 26 degrees here... Hih, it's snowing here. :-) Anyway, a google search for port 16001 tells me that port 16001 is the default port for esd, the e(nlightenment?) sound daemon. So check if you have esd running, and if there are any apps that are trying to connect to it (is your wm trying to play sounds when you click on things, or something like that?) Ah, thanks a lot! I only tried browsing around Google Groups a bit, and bumped into my old posting about the same subject. *g* Anyway, I'm using GNOME with Enlightenment, but I'm 100% sure I've disabled the sound from this window manager. But now that I remember it, yesterday when I installed GNOME the Enable sound server startup box was checked from Sound-section of GNOME Control Center. I disabled the feature yesterday, as well, as I got around to configure my brand new desktop enviroment. :-) So, what comes to 16001, it was a false alarm. Still, the connection attempt from localhost to port 111 puzzles me... - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9q8KlAtEARxQQCB4RAjWTAJ4pQIvt2PvU+bgt5ecbnHwYnsQ/DQCgkAoo pLTwLJ1xtiDHd64hY3gcnvA= =87Ks -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
port 16001 and 111
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Good morning (from Finland). I can't remember if I've already asked this here, but this concerns me quite a bit, so I'll ask anyway. So, 'iplogger' shows me, that there has been connection attempts to port 16001 from inside my system (127.0.0.1) from 14:02:02 to 15:02:23. During that time, there's also three sunrpc (port 111) connection attempts, again from inside my own system. Could someone possibly shed some light on this issue, because I'd so much like to know, what's this port 16001 and what the heck in my system would try to use that to the outer world. And even more I'd like to know about the connection attempts about port 111 -- maybe because I saw FBI ranking RPC services the most dangerous ones. :-) So, what would try to connect to my system's port 16001 and 111 from within my own system? Should I be concerned? Should I expect the worst? Any insight on this issue would calm me down... - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9q6dCAtEARxQQCB4RAp3dAKCvH611MwXPY8YK6bxoQD4Vkyui7QCgvLLs Sov1oZXA35FP0BCUcVBkFNY= =QeS8 -END PGP SIGNATURE-
Re: port 16001 and 111
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jussi Ekholm [EMAIL PROTECTED] wrote: So, what would try to connect to my system's port 16001 and 111 from within my own system? Should I be concerned? Should I expect the worst? Any insight on this issue would calm me down... Oh, and I forgot to mention, that the connection attempts to port 16001 all took place within one hour, and _many_ attempts fit within one second. So, there was, for example 15 attempts to port 16001 within, say, 14:55:26. And when I checked syslog, I could see, that in the same hour, minute and second there were these entries: [...] Oct 14 14:55:26 erpland gnome-name-server[18084]: starting Oct 14 14:55:26 erpland gnome-name-server[18084]: name server starting Oct 14 14:55:27 erpland gnome-name-server[18166]: server_is_alive: \ cnx[IDL:GNOME /Panel2:1.0] = 0x80556f0 Oct 14 14:55:28 erpland gnome-name-server[18207]: server_is_alive: \ cnx[IDL:GNOME /Panel2:1.0] = 0x8055ab0 Oct 14 14:55:29 erpland gnome-name-server[18223]: server_is_alive: \ cnx[IDL:GNOME /Panel2:1.0] = 0x8055cc0 Oct 14 14:56:30 erpland gnome-name-server[18388]: server_is_alive: \ cnx[IDL:GNOME /control_center:1.0] = 0x8055d90 Oct 14 14:56:54 erpland gnome-name-server[18391]: server_is_alive: \ cnx[IDL:GNOME /control_center:1.0] = 0x8055d90 Oct 14 14:58:17 erpland gnome-name-server[18422]: server_is_alive: \ cnx[IDL:GNOME /Panel2:1.0] = 0x8056078 [...] Were these port 16001 connection attempts gnome-name-server's fault? Yeah, I installed GNOME yesterday and lots of new stuff got into my computer, but I've seen this port 16001 and sunrpc connection attempts before, too. But I take, that this is somehow related to GNOME? - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9q6l7AtEARxQQCB4RAv6QAKCVsSiPmJ9pED1cLv/UMQG4d6KYDgCgjcrB 63X3oG11MuZ9eL1yYitLaEs= =n1fj -END PGP SIGNATURE-
Re: port 16001 and 111
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom Cook [EMAIL PROTECTED] wrote: On 0, Jussi Ekholm [EMAIL PROTECTED] wrote: So, what would try to connect to my system's port 16001 and 111 Good afternoon (from Australia). It's a beautiful, sunny 26 degrees here... Hih, it's snowing here. :-) Anyway, a google search for port 16001 tells me that port 16001 is the default port for esd, the e(nlightenment?) sound daemon. So check if you have esd running, and if there are any apps that are trying to connect to it (is your wm trying to play sounds when you click on things, or something like that?) Ah, thanks a lot! I only tried browsing around Google Groups a bit, and bumped into my old posting about the same subject. *g* Anyway, I'm using GNOME with Enlightenment, but I'm 100% sure I've disabled the sound from this window manager. But now that I remember it, yesterday when I installed GNOME the Enable sound server startup box was checked from Sound-section of GNOME Control Center. I disabled the feature yesterday, as well, as I got around to configure my brand new desktop enviroment. :-) So, what comes to 16001, it was a false alarm. Still, the connection attempt from localhost to port 111 puzzles me... - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9q8KlAtEARxQQCB4RAjWTAJ4pQIvt2PvU+bgt5ecbnHwYnsQ/DQCgkAoo pLTwLJ1xtiDHd64hY3gcnvA= =87Ks -END PGP SIGNATURE-
Re: port 16001 and 111
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jussi Ekholm [EMAIL PROTECTED] wrote: So, what would try to connect to my system's port 16001 and 111 from within my own system? Should I be concerned? Should I expect the worst? Any insight on this issue would calm me down... Oh, and I forgot to mention, that the connection attempts to port 16001 all took place within one hour, and _many_ attempts fit within one second. So, there was, for example 15 attempts to port 16001 within, say, 14:55:26. And when I checked syslog, I could see, that in the same hour, minute and second there were these entries: [...] Oct 14 14:55:26 erpland gnome-name-server[18084]: starting Oct 14 14:55:26 erpland gnome-name-server[18084]: name server starting Oct 14 14:55:27 erpland gnome-name-server[18166]: server_is_alive: \ cnx[IDL:GNOME /Panel2:1.0] = 0x80556f0 Oct 14 14:55:28 erpland gnome-name-server[18207]: server_is_alive: \ cnx[IDL:GNOME /Panel2:1.0] = 0x8055ab0 Oct 14 14:55:29 erpland gnome-name-server[18223]: server_is_alive: \ cnx[IDL:GNOME /Panel2:1.0] = 0x8055cc0 Oct 14 14:56:30 erpland gnome-name-server[18388]: server_is_alive: \ cnx[IDL:GNOME /control_center:1.0] = 0x8055d90 Oct 14 14:56:54 erpland gnome-name-server[18391]: server_is_alive: \ cnx[IDL:GNOME /control_center:1.0] = 0x8055d90 Oct 14 14:58:17 erpland gnome-name-server[18422]: server_is_alive: \ cnx[IDL:GNOME /Panel2:1.0] = 0x8056078 [...] Were these port 16001 connection attempts gnome-name-server's fault? Yeah, I installed GNOME yesterday and lots of new stuff got into my computer, but I've seen this port 16001 and sunrpc connection attempts before, too. But I take, that this is somehow related to GNOME? - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9q6l7AtEARxQQCB4RAv6QAKCVsSiPmJ9pED1cLv/UMQG4d6KYDgCgjcrB 63X3oG11MuZ9eL1yYitLaEs= =n1fj -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: base-passwd bug?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Olaf Meeuwissen [EMAIL PROTECTED] wrote: Jussi Ekholm [EMAIL PROTECTED] writes: base-passwd which got upgraded yesterday, works just fine here. It added one new group, though, which I'm concerned of because I don't know what this group is. It's called 'sasl' -- what uses it? From /usr/share/doc/base-passwd/changelog.gz base-passwd (3.4.2) unstable; urgency=low * Add new sasl group used to regulate access to the sasl secrets [...] Install apt-listchanges and you can get to see these kind of things before you upgrade and/or mailed to an address of your choice. I do have apt-listchanges installed and it does mail me the changelogs, but I haven't figured out what 'sasl secrets' actually are. And with a quick glance through groups.google.com I see word 'Cyrus' used with it, and Cyrus is also used with IMAP. Still, I can't say that I'd know what 'sasl secrets' are; I admit, I'm not very good with search engines... and for what Google gave me, I didn't get very much more educated. Maybe I'm just tired. As I mentioned in my earlier mails, I just do not know what sasl actually is and what piece of something would use this group. Anyway, this is no biggie, as I know understand that it isn't world-shaking issue for me. :-) I just have to dig more information about this. - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9qgLOAtEARxQQCB4RAu3rAJwIJUPNLpMnPl5VVa2uwPmqPGJ65ACcCsOG A6T86+8AZqGlS8QCad9JWl0= =qcZb -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: base-passwd bug?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel O'Neill [EMAIL PROTECTED] wrote: I had the same problem. This kind of initiative by the package shouldn't be so passive. It should be corrected, or one might find themselves frustrated. I'm sorry, I didn't quite understand what you mean. What problem did you have? It may be the language barrier, but I just couldn't comprehend correctly of what you say above. I apologize, but could you rephrase? - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9qgM7AtEARxQQCB4RAjj+AJ9lY8sY9bBBCPMQq0ZBgc5+K31YDACeLzTi lSuydxY6IYlGG6F4g/SXCvk= =MbfS -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: base-passwd bug?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Olaf Meeuwissen [EMAIL PROTECTED] wrote: Jussi Ekholm [EMAIL PROTECTED] writes: base-passwd which got upgraded yesterday, works just fine here. It added one new group, though, which I'm concerned of because I don't know what this group is. It's called 'sasl' -- what uses it? From /usr/share/doc/base-passwd/changelog.gz base-passwd (3.4.2) unstable; urgency=low * Add new sasl group used to regulate access to the sasl secrets [...] Install apt-listchanges and you can get to see these kind of things before you upgrade and/or mailed to an address of your choice. I do have apt-listchanges installed and it does mail me the changelogs, but I haven't figured out what 'sasl secrets' actually are. And with a quick glance through groups.google.com I see word 'Cyrus' used with it, and Cyrus is also used with IMAP. Still, I can't say that I'd know what 'sasl secrets' are; I admit, I'm not very good with search engines... and for what Google gave me, I didn't get very much more educated. Maybe I'm just tired. As I mentioned in my earlier mails, I just do not know what sasl actually is and what piece of something would use this group. Anyway, this is no biggie, as I know understand that it isn't world-shaking issue for me. :-) I just have to dig more information about this. - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9qgLOAtEARxQQCB4RAu3rAJwIJUPNLpMnPl5VVa2uwPmqPGJ65ACcCsOG A6T86+8AZqGlS8QCad9JWl0= =qcZb -END PGP SIGNATURE-
Re: base-passwd bug?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel O'Neill [EMAIL PROTECTED] wrote: I had the same problem. This kind of initiative by the package shouldn't be so passive. It should be corrected, or one might find themselves frustrated. I'm sorry, I didn't quite understand what you mean. What problem did you have? It may be the language barrier, but I just couldn't comprehend correctly of what you say above. I apologize, but could you rephrase? - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9qgM7AtEARxQQCB4RAjj+AJ9lY8sY9bBBCPMQq0ZBgc5+K31YDACeLzTi lSuydxY6IYlGG6F4g/SXCvk= =MbfS -END PGP SIGNATURE-
Re: Netstat port list v/s PID
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hantzley [EMAIL PROTECTED] wrote: Is there a way to know to which process belong a particular port? e.g., port 32773 - 32779, are known to be for rpc services. But to which process do they pertain to, that's another issue? First, read through lsof(8). This is a fabulous tool, but it's still a bit obscure for me, so I'm not the expert here. But, this should do the job: # lsof -i # means root prompt, of course. This will give you listing of all processes, but if you want to be more accurate, try this: # lsof -i 4tcp@hostname:port At least it works nicely here. Let's say, that I don't know what's listening on port 783 and I want to find out; I'll do this: $ sudo lsof -i [EMAIL PROTECTED]:783 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME spamd 390 root3u IPv4579 TCP erpland:783 (LISTEN) So, I guess this is the tool you were looking for. Thank you, HTH! - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9pd2LAtEARxQQCB4RAqToAJ9f5kSVEHtuRciVGjufFooylsHitgCgklBC wkY3RfyPgPOjfiHT8xOG+Ds= =tyYM -END PGP SIGNATURE-
Re: base-passwd bug?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 J.H.M. Dassen (Ray) [EMAIL PROTECTED] wrote: On Thu, Oct 10, 2002 at 21:31:13 -, Kisteleki Róbert wrote: Yesterday I upgraded two severs with apt, which in turn upgraded the base-passwd package. The root password seems to be upgraded also, since one of the two machines doesn't allow su-ing to root any more; regular users can log in normally. Try logging in on a tty/console. A new PAM has been introduced in unstable recently as well; it may well still have a few rough edges which could affect 'su'. I'm running roughly 90% testing and 10% unstable system, and the base-passwd which got upgraded yesterday, works just fine here. It added one new group, though, which I'm concerned of because I don't know what this group is. It's called 'sasl' -- what uses it? - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9peIGAtEARxQQCB4RAjBQAKCziA1zk2HebzY5l3TCYVvG9Q35wwCgkF8G tZ9w9Q612ggwySyoAfnjYDM= =0hQc -END PGP SIGNATURE-
[OT] *nix/Linux books (was: Re: Report on last cmd)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rune Kristian Viken [EMAIL PROTECTED] wrote: Ben wrote: shove off, troll I'm not sure why you're calling me a troll, but I would appreciate it if you at least _attempted_ to be a tad more polite. i'd appreciate it if you could at least be consistent in what you send to the list and to my address. the fact that there is an inconsistency merely reinforces my prior response. Eh? You sent me a private email, and got a private answer. So, could you two work things out _solely_ in private email?:-) Is it suddenly a crime to ask people to read up on something? Running Linux which I recomended is a _great_ book to learn the basics of Linux, at least in my opinion. Also, UNIX Power Tools (ISBN 1-56592-260-3, by Peek, O'Reilly and Loukides) is worth mentioning. IMHO, it's a great book -- very nice and easy to read. It has taught me one thing or another; gets my recommendation, for what it's worth... - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9obt4AtEARxQQCB4RAj1EAJ4s1S2qAF/mB6wHk7wwu9IURzfuoQCfVZuC v45vD2M/yxkVGrBb9uRl1+E= =TgsP -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[OT] *nix/Linux books (was: Re: Report on last cmd)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rune Kristian Viken [EMAIL PROTECTED] wrote: Ben wrote: shove off, troll I'm not sure why you're calling me a troll, but I would appreciate it if you at least _attempted_ to be a tad more polite. i'd appreciate it if you could at least be consistent in what you send to the list and to my address. the fact that there is an inconsistency merely reinforces my prior response. Eh? You sent me a private email, and got a private answer. So, could you two work things out _solely_ in private email?:-) Is it suddenly a crime to ask people to read up on something? Running Linux which I recomended is a _great_ book to learn the basics of Linux, at least in my opinion. Also, UNIX Power Tools (ISBN 1-56592-260-3, by Peek, O'Reilly and Loukides) is worth mentioning. IMHO, it's a great book -- very nice and easy to read. It has taught me one thing or another; gets my recommendation, for what it's worth... - -- Jussi Ekholm [EMAIL PROTECTED] | http://erppimaa.ihku.org/ | 0x1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9obt4AtEARxQQCB4RAj1EAJ4s1S2qAF/mB6wHk7wwu9IURzfuoQCfVZuC v45vD2M/yxkVGrBb9uRl1+E= =TgsP -END PGP SIGNATURE-
Re: (fwd) OpenSSH trojan!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Florian Weimer [EMAIL PROTECTED] wrote: There isn't an easy way to determine whether a Debian package is authentic or not. I'm not even sure what authentic means in this context. You are most likely correct, but I'm just mapping my options here; are Debian packages md5summed regularily? If so, I have ``debsums'' package installed. Does this software check the MD5 checksum before the package is installed with apt - or is this just wishful thinking? I was just wondering about the policy, in general - too. Are the official Debian packages created with MD5 checksum file, as well? And does ``debsums'' work in conjunction with apt, so it would check the package and checksum file before apt installs it? As I said, just mapping my options here... - -- Jussi Ekholm -- [EMAIL PROTECTED] -- http://erppimaa.ihku.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9S5iXAtEARxQQCB4RAtO2AJ9jqY9IM3LuRiB6eCV6hhlczdrCYQCeO5k+ m6ad2IkzWvAwYNSpM9scC2Q= =hyFw -END PGP SIGNATURE-
Checking signatures of .debs (was: Re: (fwd) OpenSSH trojan!)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marcel Weber [EMAIL PROTECTED] wrote: Jussi Ekholm [EMAIL PROTECTED] wrote: I was just wondering about the policy, in general - too. Are the official Debian packages created with MD5 checksum file, as well? And does ``debsums'' work in conjunction with apt, so it would check the package and checksum file before apt installs it? As I said, just mapping my options here... We had this kind of discussion some weeks ago on this list. Here is my resumé that I wrote: [...] In this case we can say: When doing network installs via dselect or any other apt-get frontend, the signatures of the .debs are checked during installation time, IF debsig-verify is installed. This works at least from dpkg 1.9.21 on. Ok, thanks. Of course, GnuPG/PGP signature is a bit different than MD5 checksums, but thanks a lot for pointing this out for me. I just installed ``debsig-verify'' -- is it supposed to add some extra messages to usual apt's messages? Something like Good signature or such? Ah well, maybe I should read ``debsig-verify(1)'' and other documentation that comes along. :-) Oh, and I have dpkg 1.10, so it should work if what you say holds true. Thanks again for your help. - -- Jussi Ekholm -- [EMAIL PROTECTED] -- http://erppimaa.ihku.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9S7f+AtEARxQQCB4RAk7vAJ9QtUzabPMQYIBnzNu1St+L0xDHzQCfR/G6 vl6SdS68w79bCLAavSJdoRA= =1jzi -END PGP SIGNATURE-
Mail delivery errors...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello. I was just wondering if anyone else is getting this kind of mail delivery errors from debian-security, although the mails still go through. I've been getting at least three of these already: | Date: Sat, 3 Aug 2002 14:10:00 +0300 | From: [EMAIL PROTECTED] | Subject: Mail Delivery Error | To: Jussi Ekholm [EMAIL PROTECTED] | | No such user: [EMAIL PROTECTED] And I'm very much sure, that all of my mails I've sent to debian-security@lists.debian.org - so, something's broken in lists.debian.org end? Or am I alone with this problem? - -- Jussi Ekholm -- [EMAIL PROTECTED] -- http://erppimaa.ihku.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9S7uFAtEARxQQCB4RAkkvAKDA7PpMPsBDfqwRQFxkXXkI7lJCNQCfTffk zKvPB8rD5m88cnsyotDQRBg= =pueA -END PGP SIGNATURE-
current unstable OpenSSH packages.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Good evening. I've seen some of the discussion about OpenSSL and it's holes, remote exploits or whatever. I'm not sure if the thread about it already covers this but ah well, here goes. After I heard about this I instantly upgraded my testing-branch OpenSSL packages with unstable's ones. The versions of all (I think) are 0.9.6e-1 - changelog confirmed that some remote exploits was fixed, but is still version also known as vulnerable for some reason or is this The Fix to those holes the discussion has referred to? I have to admit, I'm sometimes a bit light-headed with the news or the feed of mailing lists and tend to just quickly glance threads. And I haven't been able to develope the habit of currently following news about important software and whatnot. So, bear with me if this question is obvious or it's already been answered. I'll try to be more independent in future, but I'm sometimes so lost... Oh, and I'm running Debian testing with some spice of unstable branch. I've also a tendency to forget to mention important and relevant information, so if I forgot something please spank me and I'll be glad to fill in the caps. :-) Argh, what a rant... - -- Jussi Ekholm -- [EMAIL PROTECTED] -- http://erppimaa.ihku.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9SZvfAtEARxQQCB4RAoQgAJ9W1zBn0sHH2QKJYB3JBTZKQ8oFoQCePF6M I0cAnX1/hJCcpYpcraWHXTA= =75c8 -END PGP SIGNATURE-
current unstable *OpenSSL* packages.
Jussi Ekholm [EMAIL PROTECTED] wrote: I've seen some of the discussion about OpenSSL and it's holes, remot Topic had a mindo, sorry about that. OpenSSL was what I wrote about. :-) -- Jussi Ekholm -- [EMAIL PROTECTED] -- http://erppimaa.ihku.org/ pgpAIVkysUEW8.pgp Description: PGP signature
we all hate spam (was: Re: Good Day -- RR and rbl)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Goerzen [EMAIL PROTECTED] wrote: On Tue, Jul 02, 2002 at 12:13:30PM -0700, Rafael wrote: Since I do not tolerate any level of spam If you do not tolerate any level of spam, you are not using e-mail. Sorry, but spam exists. I hate it, you hate it, we all hate it. But it's a fact of life with e-mail. If you go into a nervous breakdown everytime you get a spam because you just can't emotionally cope with another unsolicited e-mail today, then seek therapy. Really. Well said! I would get about five to ten nervous breakdowns a day, then. :-) And after all, there *are* tools to filter (and even fight) spam, so why on earth one wouldn't take advantage of those tools? In my experience, SpamAssassin has been irreplacable - I get so much spam during a week, that it would be utterly disastrous to cope with them by hand. Fortunately, SA weeds 99% of spam and haven't catched a single real email yet. Pointer to Rafael; it's pretty useless to whine about spam. You will get it, one way or another. If it happened to be a public mailing list, like debian-security - so what? Quit whining and do something about it. Tune up Procmail SpamAssassin and you don't have to tolerate spam anymore. Or is this some sort of question of principle? If so... *shrug* That's all I wanted to say. - -- Jussi Ekholm -- [EMAIL PROTECTED] -- http://erppimaa.ihku.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9JAczAtEARxQQCB4RAr42AKCkOUAfDlce4TaWCpWUqzAHSLc+VgCePToJ wDHWRVhQuxlJI5XgeiGftaE= =Cjwx -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Good Day
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bob Nielsen [EMAIL PROTECTED] wrote: On Tue, Jul 02, 2002 at 02:18:16PM +0900, Howland, Curtis wrote: The Debian lists are deliberately not subscriber only may post on the theory that it's better to press DEL than to prevent someone from posting. apt-get install spamassassin It trapped that one for me as well as 99% of the spam I receive. Yup, I received it three times; debian-testing, debian-security and one I don't recall anymore. All three times SpamAssassin trapped them, and in general it's a software I couldn't give up anymore. I get *so huge* amounts of spam (to my public address) these days, that harvesting them by hand would be extremely annoying. SpamAssassin is mandatory. One part of a large system, which just needs to be in place or otherwise things aren't ok - at least, if we're talking about spam. :-) - -- Jussi Ekholm -- [EMAIL PROTECTED] -- http://erppimaa.ihku.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9IWdJAtEARxQQCB4RAoNKAJ9BEMN7VIBqoVCiNkEsv9Yt742bcgCfYAcS 5CrMwCjqqzD1Lq8uag8I/vg= =zerq -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSH RSA Authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dietmar Goldbeck [EMAIL PROTECTED] wrote: On Sat, Jun 22, 2002 at 02:20:20AM -0500, Rob VanFleet wrote: On machine A, I run ssh-keygen, and generate an identity and identity.pub. I copy identity.pub to ~/.ssh/authorized_keys on Machine B, but it still prompts for the system password, not my keyphrase. It is very difficult to help you without error messages, since there shouldn't be a problem. openssh 3.0.2 and 3.2.3 play perfectly well with each other. I'm having similar problem, only difference being different SSH softwares between two systems. My end has OpenSSH 3.4: OpenSSH_3.4p1 Debian 1:3.4p1-0.0woody1, SSH protocols 1.5/2.0 And the other system has: ssh: SSH Secure Shell 3.0.1 (non-commercial version) I'm actually quite ignorant with SSH Communications Security Corp's SSH, so could someone guide me a bit? I tried generating RSA key with 'ssh-keygen -t rsa -N ' and copying it to this remote server to directory ~/.ssh/authorized_keys2. But then I noticed, that the remoted SSH uses ~/.ssh2 and I tried to look up the FILES section of SSH2(1), for no avail. Try generating new keys for protocol 2 with ssh-keygen -d, copy them with ssh-copy-id and try again. What does option '-d' for ssh-keygen do? My ssh-keygen doesn't even know it; or at least '--help' doesn't show it... - -- Jussi Ekholm -- [EMAIL PROTECTED] -- http://erppimaa.ihku.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9HTF2AtEARxQQCB4RAnoVAJ0TGFDzuAMxDuUhgaJ1ewMb+ZszkACgv583 sNKWyjqZOkxho+qUm7Lc4NY= =Mw0P -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSH RSA Authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jussi Ekholm [EMAIL PROTECTED] wrote: (Replying to myself, sorry - just trying to provide extra information) Dietmar Goldbeck [EMAIL PROTECTED] wrote: On Sat, Jun 22, 2002 at 02:20:20AM -0500, Rob VanFleet wrote: It is very difficult to help you without error messages, since there shouldn't be a problem. openssh 3.0.2 and 3.2.3 play perfectly well with each other. I'm having similar problem, only difference being different SSH softwares between two systems. My end has OpenSSH 3.4: [...] And the other system has: ssh: SSH Secure Shell 3.0.1 (non-commercial version) I'm actually quite ignorant with SSH Communications Security Corp's SSH, so could someone guide me a bit? I tried generating RSA key with 'ssh-keygen -t rsa -N ' and copying it to this remote server to directory ~/.ssh/authorized_keys2. But then I noticed, that the remoted SSH uses ~/.ssh2 and I tried to look up the FILES section of SSH2(1), for no avail. After I created a key with 'ssh-keygen -t dsa -N ' and copied it to the remote server with 'ssh-copy-id', I connected to the server. And again, for no surprise, I got password prompt. This is what I got with 'ssh -v': debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password debug1: next auth method to try is publickey debug1: try pubkey: /home/ekhowl/.ssh/id_dsa debug1: authentications that can continue: publickey,password debug1: try pubkey: /home/ekhowl/.ssh/id_rsa debug1: authentications that can continue: publickey,password debug1: try pubkey: /home/ekhowl/.ssh/id_dsa debug1: authentications that can continue: publickey,password debug1: try pubkey: /home/ekhowl/.ssh/id_rsa debug1: authentications that can continue: publickey,password debug1: next auth method to try is password I'm not an expert with SSH, so I don't even know if I pasted enough from the output. :-) If I missed something, please let me know... Try generating new keys for protocol 2 with ssh-keygen -d, copy them with ssh-copy-id and try again. What does option '-d' for ssh-keygen do? Apparently identical to 'ssh-keygen -t dsa'. - -- Jussi Ekholm -- [EMAIL PROTECTED] -- http://erppimaa.ihku.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9HTc3AtEARxQQCB4RAiw0AKCa/t0vtsSnpNnGFF3JZPuvG5B5/ACgpZ4f 1gDNjDe9pGxf+2uJXLRlDag= =3KXd -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSH RSA Authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dietmar Goldbeck [EMAIL PROTECTED] wrote: It looks like your public key wasn't use. ssh-copy-id puts it into ~/.ssh/authorized_keys Some older openSSH versions and maybe SSH.com software checks in ~/.ssh/authorized_keys for rsa keys and in ~/.ssh/authorized_keys2 for SSH protocol 2 keys I've tried putting the key as ~/.ssh/authorized_keys and suffixed with 2. Still, the sshd of the remote server prompts me for password. And this system is using SSH.com, 3.0.3 IIRC - it creates ~/.ssh2 by default. Tried putting key there, too, but still no success. I'm completely out of ideas... - -- Jussi Ekholm -- [EMAIL PROTECTED] -- http://erppimaa.ihku.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9HXtUAtEARxQQCB4RApNDAKCtJZKro5SEb3YcRpen3duBMixUSgCfQkZj YtxjWEC+O0BTsLjLWlaGlxc= =8jVv -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSH RSA Authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Anne Carasik [EMAIL PROTECTED] wrote: Hi there, Heya, Anne. SSH.com and OpenSSH use completely different public key formats. O, that explains the whole thing. Then I have no other option than to persuade the admin of the server with SSH.com to instantly move using OpenSSH. :-) Thanks for your reply; I haven't been studying SSH as a protocol, or different SSH's, so my knowledge ain't very huge... Take a look at http://www.ssh.com/faq/index.cfm?id=1243 for public key interop Thanks for the URL! - -- Jussi Ekholm -- [EMAIL PROTECTED] -- http://erppimaa.ihku.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9HXwDAtEARxQQCB4RAgWhAJ4wpinpCjsjpIYSAaZ277B0Iz3bCwCbBfS9 LZP8EbsIgv7tmi6Ga9W9qhw= =lh4D -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSH log weirdness
Vineet Kumar [EMAIL PROTECTED] wrote: * Jeff Bonner ([EMAIL PROTECTED]) [020604 16:47]: June 4 19:36:26 firegate sshd[24364]: PAM pam_putenv: delete non-existent entry; MAIL I'm not sure exactly why it's carping like that, but take a look at your /etc/pam.d/ssh . Removing the noenv option from the pam_mail line should make that complaint disappear from your logs. [...] This really removed the warning. Thank you very much, I'm much happier now, that I don't have to see those warnings/error messages every time I or someone else logs into my system. Let me know, if you find out *why* PAM is throwing that insult if 'noenv' option is enabled... -- Jussi Ekholm -- [EMAIL PROTECTED] -- http://erppimaa.cjb.net/ pgpr8WRXitsJM.pgp Description: PGP signature
Re: SSH log weirdness
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeff Bonner [EMAIL PROTECTED] wrote: Whenever I logout from an SSH2 session now, I get the following in my /var/log/messages: June 4 19:36:26 firegate sshd[24364]: PAM pam_putenv: delete non-existent entry; MAIL I get the exactly same message under same conditions -- I mean, logging off of a SSHv2 connection. What is this and how might I fix it? Perhaps it's because I no longer have Exim running, based on something I read earlier today (I have no need for any mail, except local delivery to postmaster for alerts, etc). Could this be the cause? Well, I have Exim running and I still get these, so I doubt that Exim's causing these. I actually think, that I've already asked about this in debian-security (or then I remember incorrectly), and didn't get an answer. But I guess it's nothing serious -- of course, fixing it would be still nice and appropriate. Any hints are highly appreciated. - -- Jussi Ekholm [EMAIL PROTECTED] | GNU/Linux user number 269376 http://erppimaa.cjb.net/~ekhowl/ | GnuPG Public Key ID: 1410081E -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9AMsiAtEARxQQCB4RAqlOAJwLfmBxWqkq3e5xnC0J5BrctAEvLgCeL1MP GCfI6qKpoAjhNU32Oc8UkMw= =YC12 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: off topic: quoting (was Re: html spam)
Christian G. Warden [EMAIL PROTECTED] wrote: (I should've taken this off of the list already, but ah well...) i tend to prefer top-posting except when responding point by point between paragraphs. admittedly, it's lazy and encourages excessive quoting, but this just feels awkward. i'll try it out for a few days. maybe it'll grow on me. Well, it's also ackward to reply to posts (or news articles), where the reply is on top of the quoted text. Makes it harder to read; you don't read books upside down either, do you? :-) Anyway, I guess it's not that big deal, but at least I consider it as a Bad Thing. As you say, top-posting usually leads to very excessive quoting and either way, IMHO it's much harder to read a mail upside down. thanks for the required_hits tip. next time i try SA, i'll read through the docs more thoroughly. No problem. -- Jussi Ekholm [EMAIL PROTECTED] | GNU/Linux user number 269376 http://erppimaa.cjb.net/~ekhowl/ | ICQ UIN: 156057281 ekh on IRCnet | GnuPG Public Key ID: 1410081E msg06689/pgp0.pgp Description: PGP signature
Re: off topic: quoting (was Re: html spam)
Christian G. Warden [EMAIL PROTECTED] wrote: (I should've taken this off of the list already, but ah well...) i tend to prefer top-posting except when responding point by point between paragraphs. admittedly, it's lazy and encourages excessive quoting, but this just feels awkward. i'll try it out for a few days. maybe it'll grow on me. Well, it's also ackward to reply to posts (or news articles), where the reply is on top of the quoted text. Makes it harder to read; you don't read books upside down either, do you? :-) Anyway, I guess it's not that big deal, but at least I consider it as a Bad Thing. As you say, top-posting usually leads to very excessive quoting and either way, IMHO it's much harder to read a mail upside down. thanks for the required_hits tip. next time i try SA, i'll read through the docs more thoroughly. No problem. -- Jussi Ekholm [EMAIL PROTECTED] | GNU/Linux user number 269376 http://erppimaa.cjb.net/~ekhowl/ | ICQ UIN: 156057281 ekh on IRCnet | GnuPG Public Key ID: 1410081E pgp0owDQsCiCI.pgp Description: PGP signature
Re: html spam
Christian G. Warden [EMAIL PROTECTED] wrote: (Could you please post your reply *below* the quoted text? Top-posting is quite irritating, IMHO) i just want to add a warning about spamassassin. i had it setup for about a week and it was very good at catching spam, but occassionally it would drive the cpu load into the 20s. Yes, I can say this, as well. My computer swapped twice (so much, that I had to hit MSysRq and boot) because of SA started to investigate pretty big binary mails. Although, fixing the problem is pretty easy; just add 'required_hits = x' in ~/.spamassassin/user_prefs, where 'x' is maybe 5 or something else. This makes SA to stop processing mails further than hits you just specified. -- Jussi Ekholm [EMAIL PROTECTED] | GNU/Linux user number 269376 http://erppimaa.cjb.net/~ekhowl/ | ICQ UIN: 156057281 ekh on IRCnet | GnuPG Public Key ID: 1410081E msg06663/pgp0.pgp Description: PGP signature
Re: html spam
Christian G. Warden [EMAIL PROTECTED] wrote: (Could you please post your reply *below* the quoted text? Top-posting is quite irritating, IMHO) i just want to add a warning about spamassassin. i had it setup for about a week and it was very good at catching spam, but occassionally it would drive the cpu load into the 20s. Yes, I can say this, as well. My computer swapped twice (so much, that I had to hit MSysRq and boot) because of SA started to investigate pretty big binary mails. Although, fixing the problem is pretty easy; just add 'required_hits = x' in ~/.spamassassin/user_prefs, where 'x' is maybe 5 or something else. This makes SA to stop processing mails further than hits you just specified. -- Jussi Ekholm [EMAIL PROTECTED] | GNU/Linux user number 269376 http://erppimaa.cjb.net/~ekhowl/ | ICQ UIN: 156057281 ekh on IRCnet | GnuPG Public Key ID: 1410081E pgpKyn9a63ZW9.pgp Description: PGP signature
Re: html spam
Thomas Buhk [EMAIL PROTECTED] wrote: If you don't want any spam, it's up to *you*. i don't think so. i think spam is a problem *all* have! That's true, fair enough. But in the end, if you don't wanna receive any spam, you should set up good Procmail recipes. Or, the easy way; install SpamAssassin. :-) It is *really* good, I have to emphasize it again and again. If I'd be whining to every mailing list I've subscribed to (believe me, there are *many*), I would still receive tons of spam, no matter how politely I would've been asking. As I said, after installing this marvellous software, the amount of spam that comes *through* has dropped to almost zero. You really should consider installing it. a first step would be if mailinglist (this include) drop any html mail. next step could be to remove those with 'unsubscibe' in the subject ; Well, again -- before I set up SA, I had Procmail recipe, which would kill all mails with Content-type: text/html and also all mails with subject 'unsubscribe'. This worked fine -- for me, at least. I recommend visiting URL: http://www.spamassassin.org and setting it up. My spam problems have ended after installing it. can't say anything about it. the url was refused by the host... Umm, something weird is going on in your end, because I can access the site with no trouble at all. Try adding a trailing slash to that URL, if it would help? Pretty weird indeed, because I just pasted that URL I wrote and am looking at the page right now... -- Jussi Ekholm [EMAIL PROTECTED] | GNU/Linux user number 269376 http://erppimaa.cjb.net/~ekhowl/ | ICQ UIN: 156057281 ekh on IRCnet | GnuPG Public Key ID: 1410081E pgpkf1EITRh9w.pgp Description: PGP signature
Re: html spam
Thomas Buhk [EMAIL PROTECTED] wrote: can someone plz remove the html spamer and also disable html for the mailinglist(s)? What about setting up some Procmail recipe, which would handle this? I used to use my own recipes, but once I tried SpamAssassin I'm not willing to give it up for any price. It has let only *one* spam through, and it haven't catched any legitimate mail. If you don't want any spam, it's up to *you*. I recommend visiting URL: http://www.spamassassin.org and setting it up. My spam problems have ended after installing it. -- Jussi Ekholm [EMAIL PROTECTED] | GNU/Linux user number 269376 http://erppimaa.cjb.net/~ekhowl/ | ICQ UIN: 156057281 ekh on IRCnet | GnuPG Public Key ID: 1410081E pgpExKFI8p31M.pgp Description: PGP signature
Re: Iptables config
Sami Dalouche [EMAIL PROTECTED] wrote: Here's a set of rules to replace ipmasq's ones.. Thank you, I'll take a look at them. But, I'd still need some help concerning the DROP chain -- I've read the Packet-filtering-HOWTO, and eyed all related HOWTOs from LDP (actually, the Debian package doc-linux-html), but *still* I'm unable to really grasp the whole iptables syntax. The rules file I included to my original mail was put together with a help of a bit more experienced friend, so even that wasn't fully accomplished by me. So -- I'd really need some help concerning the DROP. Some person already pointed out, that I don't have any rule, which would DROP unnecessary packages. The rule file I have, only opens three ports and REJECTs everything else. But, I got the picture, that I should also add DROPs there. Even after reading HOWTOs and iptables(8), I just can't grasp the idea. Any input and help would be greatly appreciated. Have fun, rip ideas, do whatever you want, I release these files under the GPL ;-) Hehe, I'll look into these and if I'm able to find the solution to use DROP from your scripts, I will rip 'em. ;-) Thanks a lot, I think these help a bit, at least. Still, most of the iptables syntax is total hebrew for me... I guess my IQ isn't very high. *sad grin*. -- Jussi Ekholm [EMAIL PROTECTED] | registered Linux user #269376 http://erppimaa.cjb.net/~ekhowl/ | UIN (ICQ):156057281 ekh @ IRCNet | GnuPG Public Key ID: 1410081E msg06435/pgp0.pgp Description: PGP signature
Re: one more iplogger question.
A.J. Rossini [EMAIL PROTECTED] wrote: jussi == Jussi Ekholm [EMAIL PROTECTED] writes: What software tries to connect to port 16001? GNOME. Yeah, it was gconfd which was doing that. It just made me wonder, because I've used Galeon a million times (and AFAIK it launches up gconfd), and this was the first time iplogger catched it. Weird? -- Jussi Ekholm [EMAIL PROTECTED] | registered Linux user #269376 http://erppimaa.cjb.net/~ekhowl/ | UIN (ICQ):156057281 ekh @ IRCNet | GnuPG Public Key ID: 1410081E msg06436/pgp0.pgp Description: PGP signature
Re: Iptables config
Sami Dalouche [EMAIL PROTECTED] wrote: Here's a set of rules to replace ipmasq's ones.. Thank you, I'll take a look at them. But, I'd still need some help concerning the DROP chain -- I've read the Packet-filtering-HOWTO, and eyed all related HOWTOs from LDP (actually, the Debian package doc-linux-html), but *still* I'm unable to really grasp the whole iptables syntax. The rules file I included to my original mail was put together with a help of a bit more experienced friend, so even that wasn't fully accomplished by me. So -- I'd really need some help concerning the DROP. Some person already pointed out, that I don't have any rule, which would DROP unnecessary packages. The rule file I have, only opens three ports and REJECTs everything else. But, I got the picture, that I should also add DROPs there. Even after reading HOWTOs and iptables(8), I just can't grasp the idea. Any input and help would be greatly appreciated. Have fun, rip ideas, do whatever you want, I release these files under the GPL ;-) Hehe, I'll look into these and if I'm able to find the solution to use DROP from your scripts, I will rip 'em. ;-) Thanks a lot, I think these help a bit, at least. Still, most of the iptables syntax is total hebrew for me... I guess my IQ isn't very high. *sad grin*. -- Jussi Ekholm [EMAIL PROTECTED] | registered Linux user #269376 http://erppimaa.cjb.net/~ekhowl/ | UIN (ICQ):156057281 ekh @ IRCNet | GnuPG Public Key ID: 1410081E pgpJhX8tuldre.pgp Description: PGP signature
one more iplogger question.
Hi again. I'm asking about iplogger (1.1-11) again, as I came across and entry which I haven't seen before. I tried a quick (very quick) Google search too, but I didn't find an answer to my question. Here it is: Wed Apr 17 14:26:25 port 16001 connection attempt from localhost [127.0.0.1] Wed Apr 17 14:26:58 www-data connection attempt from [???.???.???.???] Wed Apr 17 14:27:30 port 16001 connection attempt from localhost [127.0.0.1] Wed Apr 17 14:27:39 port 16001 connection attempt from localhost [127.0.0.1] Wed Apr 17 14:27:44 port 16001 connection attempt from localhost [127.0.0.1] What software tries to connect to port 16001? Or does anything? What should I think about this entry? I admit, I'm *overly* paranoid, when it comes to running services on my own computer. Any input is appreciated, and the faster, the better. :-) -- Jussi Ekholm [EMAIL PROTECTED] | registered Linux user #269376 http://erppimaa.cjb.net/~ekhowl/ | UIN (ICQ):156057281 ekh @ IRCNet | GnuPG Public Key ID: 1410081E pgpFsXSU3KHHm.pgp Description: PGP signature
one more iplogger question.
Hi again. I'm asking about iplogger (1.1-11) again, as I came across and entry which I haven't seen before. I tried a quick (very quick) Google search too, but I didn't find an answer to my question. Here it is: Wed Apr 17 14:26:25 port 16001 connection attempt from localhost [127.0.0.1] Wed Apr 17 14:26:58 www-data connection attempt from [???.???.???.???] Wed Apr 17 14:27:30 port 16001 connection attempt from localhost [127.0.0.1] Wed Apr 17 14:27:39 port 16001 connection attempt from localhost [127.0.0.1] Wed Apr 17 14:27:44 port 16001 connection attempt from localhost [127.0.0.1] What software tries to connect to port 16001? Or does anything? What should I think about this entry? I admit, I'm *overly* paranoid, when it comes to running services on my own computer. Any input is appreciated, and the faster, the better. :-) -- Jussi Ekholm [EMAIL PROTECTED] | registered Linux user #269376 http://erppimaa.cjb.net/~ekhowl/ | UIN (ICQ):156057281 ekh @ IRCNet | GnuPG Public Key ID: 1410081E msg06390/pgp0.pgp Description: PGP signature
Re: does virus ELF.OSF.8759 affect debian?
Anne Carasik [EMAIL PROTECTED] wrote: Compile from source is a good idea too. It's amazing what you can find in the source. I found a couple of stupid Trojans that way. system(mail /etc/passwd [EMAIL PROTECTED]); Oh shit, that's evil. Where did you manage a software including this kind of source code in first place? Don't say freshmeat.net! Or sourceforge.net... I'm glad you were able to detect this and not run the software. *sigh* Big sigh, indeed. I hate these script kiddies, crackers and people, who only does harm to other people online. Was it a take-over of an IRC channel, breaking to someone's system or whatever. I just hate these people. I've never seen computer, internet connection and everything related as a tools to cause harm and destruction. It's beyond me, what satisfaction does these persons get... -- Jussi Ekholm [EMAIL PROTECTED] | registered Linux user #269376 http://erppimaa.cjb.net/~ekhowl/ | UIN (ICQ):156057281 ekh @ IRCNet | GnuPG Public Key ID: 1410081E pgp3TuoOkuzuS.pgp Description: PGP signature
Re: Iptables config
Michal Melewski [EMAIL PROTECTED] wrote: Lars Roland Kristiansen wrote: I am no iptables guro, i just want to close all exept from ssh(port 22), pop3(port 110) and imap(port143). Is there and easy way to do this. Sure it is easy... I was just wondering, if some experienced iptables users could give me, at least some, opinions about my iptables rules. It is supposed to close all the other ports, but leave 1050, and 8080 open. Here's the file created by iptables-save. --snip-- # Generated by iptables-save v1.2.3 on Mon Dec 17 15:18:04 2001 *filter :INPUT ACCEPT [18453:2703999] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [255753:190461092] :external - [0:0] -A INPUT -i eth0 -j external -A external -p tcp -m tcp --dport 1050 -j ACCEPT -A external -p tcp -m tcp --dport -j ACCEPT -A external -p tcp -m tcp --dport 8080 -j ACCEPT -A external -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable -A external -j ACCEPT COMMIT # Completed on Mon Dec 17 15:18:04 2001 --snip-- I'd like some input on this; how to make it better, how to possibly make it log and just what should I modify in it to gain as great security as possible? I know, that there's HOWTO's for these, and I've read those, of course. But now I'd want to ask first-hand opinion about my iptables rule file. Is it secure, or what should I do in order to make it more secure? -- Jussi Ekholm [EMAIL PROTECTED] | registered Linux user #269376 http://erppimaa.cjb.net/~ekhowl/ | UIN (ICQ):156057281 ekh @ IRCNet | GnuPG Public Key ID: 1410081E pgpjac92nkGQX.pgp Description: PGP signature
I haven't seen this in iplogger.log yet.
Hello. This morning, I was looking through iplogger's log, and I found something I haven't seen before: Sat Apr 13 20:28:06 destination unreachable from alvinetcore2-pos3-0.swe.sonera.net [213.50.162.77] Sat Apr 13 20:28:07 destination unreachable from alvinetcore2-pos3-0.swe.sonera.net [213.50.162.77] Sat Apr 13 20:28:09 destination unreachable from alvinetcore2-pos3-0.swe.sonera.net [213.50.162.77] What the hell does this mean? I know, that iplogger logs that destination unreachable very often, but it's been *always* from localhost. Now some wierd hostmask I do not recognize and that message. What is going on? iplogger's version is 1.1-11. I'd be delighted, if someone could ease up my heart's bouncing because of this unknown event; what I know, it could be *anything*. But as I don't know, any insight is highly appreciated; I'd really like to get this rock off of my heart... I probably forgot to give you some information, but I'll gladly give when asked -- because I can't know, what softwares besides iplogger are related to this issue. So, hope to hear from someone soon! *Every little anomaly* makes me SO paranoid, that I'm almost taking the power off of my computer or at least shutting down all services... -- Jussi Ekholm [EMAIL PROTECTED] | registered Linux user #269376 http://erppimaa.cjb.net/~ekhowl/ | UIN (ICQ):156057281 ekh @ IRCNet | GnuPG Public Key ID: 1410081E msg06352/pgp0.pgp Description: PGP signature
I haven't seen this in iplogger.log yet.
Hello. This morning, I was looking through iplogger's log, and I found something I haven't seen before: Sat Apr 13 20:28:06 destination unreachable from alvinetcore2-pos3-0.swe.sonera.net [213.50.162.77] Sat Apr 13 20:28:07 destination unreachable from alvinetcore2-pos3-0.swe.sonera.net [213.50.162.77] Sat Apr 13 20:28:09 destination unreachable from alvinetcore2-pos3-0.swe.sonera.net [213.50.162.77] What the hell does this mean? I know, that iplogger logs that destination unreachable very often, but it's been *always* from localhost. Now some wierd hostmask I do not recognize and that message. What is going on? iplogger's version is 1.1-11. I'd be delighted, if someone could ease up my heart's bouncing because of this unknown event; what I know, it could be *anything*. But as I don't know, any insight is highly appreciated; I'd really like to get this rock off of my heart... I probably forgot to give you some information, but I'll gladly give when asked -- because I can't know, what softwares besides iplogger are related to this issue. So, hope to hear from someone soon! *Every little anomaly* makes me SO paranoid, that I'm almost taking the power off of my computer or at least shutting down all services... -- Jussi Ekholm [EMAIL PROTECTED] | registered Linux user #269376 http://erppimaa.cjb.net/~ekhowl/ | UIN (ICQ):156057281 ekh @ IRCNet | GnuPG Public Key ID: 1410081E pgplXJXeHJGTz.pgp Description: PGP signature
Re: SSH configuration problem
Will Aoki [EMAIL PROTECTED] wrote: Jan 12 20:54:43 badkey sshd[14848]: Connection from 127.0.0.1 port 4074 [snip...] I would've wanted to ask, why I'm getting this kind of messages in auth.log; Jan 13 19:00:16 erpland sshd[9941]: Connection from 127.0.0.1 port 4316 Jan 13 19:00:16 erpland sshd[9941]: Enabling compatibility mode for \ protocol 2.0 Jan 13 19:00:23 erpland sshd[9941]: Failed none for ekhowl from 127.0.0.1 \ port 4316 ssh2 Jan 13 19:00:23 erpland sshd[9941]: Failed keyboard-interactive for ekhowl \ from 127.0.0.1 port 4316 ssh2 What are those failures? What should I do in order to not see them in logs anymore? -- Jussi Ekholm, Everything is so fine it could be a spineless jelly. don't let your mind take you in misery [EMAIL PROTECTED] all the feelings you're not so much pleased http://ekhowl.goa-head.org they're just to take you to sweet harmony -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSH configuration problem
Will Aoki [EMAIL PROTECTED] wrote: Jan 12 20:54:43 badkey sshd[14848]: Connection from 127.0.0.1 port 4074 [snip...] I would've wanted to ask, why I'm getting this kind of messages in auth.log; Jan 13 19:00:16 erpland sshd[9941]: Connection from 127.0.0.1 port 4316 Jan 13 19:00:16 erpland sshd[9941]: Enabling compatibility mode for \ protocol 2.0 Jan 13 19:00:23 erpland sshd[9941]: Failed none for ekhowl from 127.0.0.1 \ port 4316 ssh2 Jan 13 19:00:23 erpland sshd[9941]: Failed keyboard-interactive for ekhowl \ from 127.0.0.1 port 4316 ssh2 What are those failures? What should I do in order to not see them in logs anymore? -- Jussi Ekholm, Everything is so fine it could be a spineless jelly. don't let your mind take you in misery [EMAIL PROTECTED]all the feelings you're not so much pleased http://ekhowl.goa-head.org they're just to take you to sweet harmony
Re: Why do people do this? [Was fishingboat in root]
On Fri, Aug 31, 2001 at 11:39:52PM -0400, Layne wrote: C'MON MAN, YOUR TOO MUCH. I GOT 80 MESSAGES YESTERDAY AND 80 TODAY THAT I NEVER SENT FOR OR ASKED FOR. WHAT'S UP WITH THAT VACUUM CLEANER? NO MORE OK. Are you stupid or what? You are on a _public mailing list_, and you can resign with _ONE_ friggin' email. Read below; -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] You see? To UNSUBSCRIBE... - read it and do as it says, and we would finally be saved from your trash. Do us a favour, will you? And for the second; you will keep getting 80 messages a day, as you say, if you don't resign for yourself. -- Jussi Ekholm,Everything is so fine it could be the ill flowerdon't let your mind take you in misery [EMAIL PROTECTED] all the feelings you're not so much pleased they're just to take you to sweet harmony -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
About mutt's scoring system (Was: Re: [Fwd: Re: HARASS ME MORE.........])
On Sat, Sep 01, 2001 at 04:37:11PM +0100, Jon Masters wrote: On 01 Sep 2001 16:32:50 +0100, Jon Masters wrote: Take out the middle rule if you think it's excessive :) I take it, that that was a filter built in procmail, right? I'm just about to study procmail and its possibilities, but in the meanwhile, I'd like to be able to kill messages with mutt's scoring system. I know, this goes a bit off-topic, but as I haven't subscribed to debian-user, and I wouldn't want to just because of one question, I thought I'd ask here. So here's the related things - my ~/.muttrc has the following line; score_threshold_delete=-5 (should it be score_threshold_delete=-5?) example.muttrc.gz has an entry like this: score '~f aol\.com$' - So, if score_threshold_delete would be modified to , I presume, that that line would delete all messages coming from @aol.com? Or am I totally on the wrong tracks? This is one of the scorings, what I have in my ~/.muttrc: score '~f ^@ptd\.net$' -10 That is wrong, isn't it? I should take the ^ and @ off of it, or should I? But as the score_threshold_delete is -5, the score -10 should kill the article (if that score line would be correct, that is), right? Could some helpful soul, please, lighten up this scoring system of Mutt's a little bit, because I've read the manual, the sample muttrc's, S-Lang's documentation about the regexps and such forth, but my scoring system has always been failing. So, let's say, that I would never like to see any postings from [EMAIL PROTECTED] - what should I do? And how can those be shortened, actually? If I'd like to kill everything from @foobar.fi, what then? I'll throw my own educated guesses here, as well (if they're terribly wrong, I'm not surprised...): score '~f foo\.bar@foobar\.fi$' -10 score '~f ^@foobar\.fi$' -10 And I apologize once more, for posting this somewhat off-topic message here - please try to bear me. I'm still thinking of subscribing to debian-user, but I already have so goddamn many mailing lists where I've been subscribed to, not to even mention newsgroups - I just don't have time to read my current subscribings, not to speak of a new one, and even very trafficed one, as well. But yes, sorry for the inconvenience. -- Jussi Ekholm,Everything is so fine it could be the ill flowerdon't let your mind take you in misery [EMAIL PROTECTED] all the feelings you're not so much pleased they're just to take you to sweet harmony -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why do people do this? [Was fishingboat in root]
On Fri, Aug 31, 2001 at 11:39:52PM -0400, Layne wrote: C'MON MAN, YOUR TOO MUCH. I GOT 80 MESSAGES YESTERDAY AND 80 TODAY THAT I NEVER SENT FOR OR ASKED FOR. WHAT'S UP WITH THAT VACUUM CLEANER? NO MORE OK. Are you stupid or what? You are on a _public mailing list_, and you can resign with _ONE_ friggin' email. Read below; -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] You see? To UNSUBSCRIBE... - read it and do as it says, and we would finally be saved from your trash. Do us a favour, will you? And for the second; you will keep getting 80 messages a day, as you say, if you don't resign for yourself. -- Jussi Ekholm,Everything is so fine it could be the ill flowerdon't let your mind take you in misery [EMAIL PROTECTED] all the feelings you're not so much pleased they're just to take you to sweet harmony
About mutt's scoring system (Was: Re: [Fwd: Re: HARASS ME MORE.........])
On Sat, Sep 01, 2001 at 04:37:11PM +0100, Jon Masters wrote: On 01 Sep 2001 16:32:50 +0100, Jon Masters wrote: Take out the middle rule if you think it's excessive :) I take it, that that was a filter built in procmail, right? I'm just about to study procmail and its possibilities, but in the meanwhile, I'd like to be able to kill messages with mutt's scoring system. I know, this goes a bit off-topic, but as I haven't subscribed to debian-user, and I wouldn't want to just because of one question, I thought I'd ask here. So here's the related things - my ~/.muttrc has the following line; score_threshold_delete=-5 (should it be score_threshold_delete=-5?) example.muttrc.gz has an entry like this: score '~f aol\.com$' - So, if score_threshold_delete would be modified to , I presume, that that line would delete all messages coming from @aol.com? Or am I totally on the wrong tracks? This is one of the scorings, what I have in my ~/.muttrc: score '~f [EMAIL PROTECTED]' -10 That is wrong, isn't it? I should take the ^ and @ off of it, or should I? But as the score_threshold_delete is -5, the score -10 should kill the article (if that score line would be correct, that is), right? Could some helpful soul, please, lighten up this scoring system of Mutt's a little bit, because I've read the manual, the sample muttrc's, S-Lang's documentation about the regexps and such forth, but my scoring system has always been failing. So, let's say, that I would never like to see any postings from [EMAIL PROTECTED] - what should I do? And how can those be shortened, actually? If I'd like to kill everything from @foobar.fi, what then? I'll throw my own educated guesses here, as well (if they're terribly wrong, I'm not surprised...): score '~f [EMAIL PROTECTED]' -10 score '~f [EMAIL PROTECTED]' -10 And I apologize once more, for posting this somewhat off-topic message here - please try to bear me. I'm still thinking of subscribing to debian-user, but I already have so goddamn many mailing lists where I've been subscribed to, not to even mention newsgroups - I just don't have time to read my current subscribings, not to speak of a new one, and even very trafficed one, as well. But yes, sorry for the inconvenience. -- Jussi Ekholm,Everything is so fine it could be the ill flowerdon't let your mind take you in misery [EMAIL PROTECTED] all the feelings you're not so much pleased they're just to take you to sweet harmony