Hi,
sorry for replying to my own posting, but of course it should read
* /var/log/lastlog not world readable
instead of
* /var/log/wtmp not world readable
Cheers, Thomas
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Hi,
sorry for replying to my own posting, but of course it should read
* /var/log/lastlog not world readable
instead of
* /var/log/wtmp not world readable
Cheers, Thomas
Hi,
as far as I can see, one can get at least 2 out of the following 3 items:
* sshd Privilege Separation
* /var/log/wtmp not world readable
* users get a lastlog message at ssh login
Am I right here?
One could also enable the sshd UseLogin option to get the login
lastlog message, but I'm
Hi,
this might be a stupid question but I did not find a quick answer
by a google search or by reading the ssh faq:
At the first ssh login the user is presented a fingerprint, e.g.
DSA key fingerprint is df:c2:72:01:ee:0d:05:f9:a1:4f:de:56:a7:48:bd:90
I tried to figure out how to gather these
Hi,
$ ssh-keygen -l -f ssh_host_dsa_key.pub
$ 1024 97:46:de:e0:a1:71:76:6f:b6:e8:f1:40:2a:63:bc:18 ssh_host_dsa_key.pub
HTH,
yes :-)
So I had missed two points:
1. ssh-keygen does more than generate keys.
2. the fingerprints are generated from the secret keys, not from the
public keys.
Hi,
Debian doesn't use chfn friends from util-linux.
wouldn't it make sense (in a case like this) to release a DSA,
just stating we are not affected by this, since this fact is
not obvious?
Cheers, Thomas
Hi,
One solution which I use is this... I have both my cert.pem and
cert.key file in in a directory... I then run the following:
openssl x509 -in cert.pem -out /etc/apache/ssl.crt/server.crt
openssl rsa -in cert.key -out /etc/apache/ssl.key/server.key
chown root:root
Hi,
Here comes the trick... it does work...
# /usr/sbin/apache-sslctl start
Reading key for server my.server:443
Enter PEM pass phrase:
You are supposed to type in the passphrase at this point...
within the 5-10 seconds that are provided to you in the script
It's supposed to be
Hi,
One solution which I use is this... I have both my cert.pem and
cert.key file in in a directory... I then run the following:
openssl x509 -in cert.pem -out /etc/apache/ssl.crt/server.crt
openssl rsa -in cert.key -out /etc/apache/ssl.key/server.key
chown root:root
Hi,
just upgraded a host from potato to woody, I observed that
my apache-ssl failed to work.
Well, it actually starts but goes down immediately:
# /usr/sbin/apache-sslctl start
Reading key for server my.server:443
Enter PEM pass phrase:
Launching... /usr/lib/apache-ssl/gcache
pid=22730
Hi,
Here comes the trick... it does work...
# /usr/sbin/apache-sslctl start
Reading key for server my.server:443
Enter PEM pass phrase:
You are supposed to type in the passphrase at this point...
within the 5-10 seconds that are provided to you in the script
It's supposed to be
Hi,
I wonder whether there will be an advisory on the pine URL-handling code
exploit? (http://www.washington.edu/pine/pine-info/2002.01/msg00042.html).
This is a pretty serious security bug within pine.
Yes, I know about the special status of pine within Debian.
This makes it rather tricky to
Hi,
I wonder whether there will be an advisory on the pine URL-handling code
exploit? (http://www.washington.edu/pine/pine-info/2002.01/msg00042.html).
This is a pretty serious security bug within pine.
Yes, I know about the special status of pine within Debian.
This makes it rather tricky to
Hi,
I wonder whether a sendmail security patch (input validation
error, BUGTRAQ ID: 3163) will be available soon?
No:
1) The version in unstable(sid) Beta19 isn't vulnerable
2) The version in testing (held back by ia64) is vulnerable,
but *ONLY* if run suid root,
Hi,
I wonder whether a sendmail security patch (input validation
error, BUGTRAQ ID: 3163) will be available soon?
No:
1) The version in unstable(sid) Beta19 isn't vulnerable
2) The version in testing (held back by ia64) is vulnerable,
but *ONLY* if run suid root,
Hi,
I wonder whether a sendmail security patch (input validation
error, BUGTRAQ ID: 3163) will be available soon?
It is reported that a working exploit is available on the net.
So I consider to get an updated version from sendmail.org, if
a debian package will not be available in the near
Hi,
I wonder whether a sendmail security patch (input validation
error, BUGTRAQ ID: 3163) will be available soon?
It is reported that a working exploit is available on the net.
So I consider to get an updated version from sendmail.org, if
a debian package will not be available in the near
Hi,
I am looking for a convenient and secure way for file transfer
between the MS world and a GNU/Linux Server.
The Windows client from ssh.com provides a GUI for file transfer
over ssh. I wonder whether sftp from Brian Wellington
([EMAIL PROTECTED]) (debian package: sftp) implements the same
Hi,
I am looking for a convenient and secure way for file transfer
between the MS world and a GNU/Linux Server.
The Windows client from ssh.com provides a GUI for file transfer
over ssh. I wonder whether sftp from Brian Wellington
([EMAIL PROTECTED]) (debian package: sftp) implements the same
Package: cfingerd
Version: 1.4.1-1
Hi,
about five weeks ago, I sent this report to [EMAIL PROTECTED]
and the package maintainer but got no response yet. So I'll
submit it to the public BTS.
The get_localhost (util.c) function of cfingerd is broken:
code_snipplet
gethostname((char *)
Package: cfingerd
Version: 1.4.1-1
Hi,
about five weeks ago, I sent this report to [EMAIL PROTECTED]
and the package maintainer but got no response yet. So I'll
submit it to the public BTS.
The get_localhost (util.c) function of cfingerd is broken:
code_snipplet
gethostname((char *)
Hi,
I got this response from the IMP mailing list:
Chuck Hagenbuch [EMAIL PROTECTED] :
Unfortunately, 3.0.17 is broken - it's nothing to do with IMP, except that we
happen to hit the broken functionality. The PHP folks know about it, and
hopefully. 3.0.18 will be out soon.
Regards, Thomas
Hi,
I got this response from the IMP mailing list:
Chuck Hagenbuch [EMAIL PROTECTED] :
Unfortunately, 3.0.17 is broken - it's nothing to do with IMP, except that we
happen to hit the broken functionality. The PHP folks know about it, and
hopefully. 3.0.18 will be out soon.
Regards, Thomas
Hi,
just want to report that the update
php3 3.0.16-2potato - 3.0.17-0potato2 breaks my webmailer
(package imp 2.2.3)
Well, it does not break imp completely, only sending
attachments with the webmail interface fails
(apache-ssl error.log reports a segfault).
The flaw disappears when
Hi,
just want to report that the update
php3 3.0.16-2potato - 3.0.17-0potato2 breaks my webmailer
(package imp 2.2.3)
Well, it does not break imp completely, only sending
attachments with the webmail interface fails
(apache-ssl error.log reports a segfault).
The flaw disappears when
25 matches
Mail list logo