Re: Find what options a precompiled package uses
On Fri, Aug 01, 2008 at 10:33:27AM -0400, David Gurvich wrote: I don't want to know what options are set for building a port. I want to know what options were used in a previously built port that is either available as a tar file or installed on a system, preferably checking the tar file for the options. You might find some hints by downloading/unpacking the package and using 'ldd' on the binary to see what shared libraries it is linked to. Valeriu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Valeriu Mutu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Controlling read access
On Thu, Jul 31, 2008 at 05:16:48PM -0400, John Almberg wrote: I operate a server on which I am typically the only ssh user, but I do provide a small number of users ftp access. Each user has their own home directory. Currently all home directories have read permission set for 'other'. This means if I log in as one user, I can read and even download the contents of other users home directories. I want to block this read access. What is the best way to do this? Turn off the read bit for 'other'? Or is there some better way? Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Hi John, If the user logs into their own directory via FTP, there should be a way to chroot him/her, so that the home directory appears as the root directory. Consult your FTP server manuals for this. You might also turn off the r,w,x bits for other. Valeriu -- Valeriu Mutu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Problem building openssh-portable with KERBEROS, GSSAPI, KERB_GSSAPI.
Hi all, I am trying to build 'openssh-portable' from ports (security/openssh-portable/) with the following configuration options: PAM=on Enable pam(3) support TCP_WRAPPERS=on Enable tcp_wrappers support LIBEDIT=on Enable readline support to sftp(1) KERBEROS=on Enable kerberos (autodetection) SUID_SSH=off Enable suid SSH (Recommended off) GSSAPI=on Enable GSSAPI support (req: KERBEROS) KERB_GSSAPI=on Enable Kerberos/GSSAPI patch (req: GSSAPI) OPENSSH_CHROOT=off Enable CHROOT support OPENSC=off Enable OpenSC smartcard support OPENSCPINPATCH=off Enable OpenSC PIN patch HPN=off Enable HPN-SSH patch LPK=off Enable LDAP Public Key (LPK) patch OVERWRITE_BASE=off OpenSSH overwrite base and get the following error on 'make': --- ... if test ! -z ; then /usr/bin/perl5 ./fixprogs ssh_prng_cmds ; fi (cd openbsd-compat make) cc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o sshconnect2.o -L. -Lopenbsd-compat/ -L/usr/local/lib -rpath=/usr/local/lib -L/lib -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt -lgssapi -lkrb5 -lk5crypto -lcom_err ./libssh.a(gss-genr.o)(.text+0xa8c): In function `ssh_gssapi_import_name': /usr/ports/security/openssh-portable/work/openssh-5.0p1/gss-genr.c:369: undefined reference to `gss_nt_service_name' *** Error code 1 Stop in /usr/ports/security/openssh-portable/work/openssh-5.0p1. *** Error code 1 Stop in /usr/ports/security/openssh-portable. *** Error code 1 Stop in /usr/ports/security/openssh-portable. --- I am running a GENERIC kernel on FreeBSD 7.0-RELEASE (i386). ps: Searched the internet and found some hints that the problem might be caused by the definition of GSS_C_NT_HOSTBASED_SERVICE . Any ideas as to what is causing this problem and how could this be fixed? Thanks, Valeriu -- Valeriu Mutu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [SSHd] Increasing wait time?
On Thu, May 08, 2008 at 07:33:13AM +0200, Peter Boosten wrote: Vince Sabio wrote: Note if you choose to do this: scp'ing files becomes a four-step process (i.e., scp file(s) to intermediate server, log in to intermediate server, scp to destination server, delete file(s) from intermediate server). Still worth it, though. Never thought of port forwarding? Peter Exactly. Following Peter's idea and assuming that public key authentication is setup, the tunnel could be setup as easy as: ssh -f -L localhost::localhost: [EMAIL PROTECTED] ssh -f -L localhost::localhost:22 [EMAIL PROTECTED] sleep 120 In this case, we setup a tunnel through machineA to machineB. -- http://www.boosten.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Valeriu Mutu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: KDE3 Error
On Fri, May 02, 2008 at 05:09:42PM +0800, Ruel Luchavez wrote: Hi, Why is it when i install KDE3 in my server I always got an error, this is the command when i install it -cd /usr/ports/x11/kde3 -make install *and this is the reply of the server:* -Attempting to fetch from ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/KDE/. -fetch:// ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/KDE/qt-x11-free-3.3.6.tar.bz2:Fileunavailable (e.g., file not found, no access) -Couldn't fetch ot-please try to retreive this -port manually into /usr/ports/distfiles/KDE and try again. ***Error code 1 Stop in usr/ports/x11-toolkits/qt33/ *** Error code 1 Stop in /usr/ports/x11-toolkits/qt33 Stop in usr/ports/x11-toolkits/qt33/ *** Error code 1 Did i miss something??? Please HELP here... Thanks in advance...:( ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Hi Ruel, Can you please verify that: 1. Internet is accessible. Try: ftp ftp.iasi.roedu.net 2. Your ports tree is up to date. After this is done, remove the directory /usr/ports/distfiles/KDE/ . Then do: cd /usr/ports/x11-toolkits/qt33/ make fetch If this still results in an error, try this instead of make fetch: make MASTER_SITE_OVERRIDE=ftp://ftp.iasi.roedu.net/mirrors/ftp.trolltech.com/qt/source/ fetch or make MASTER_SITE_OVERRIDE=ftp://ftp.fu-berlin.de/unix/X11/gui/Qt/source/ fetch These are mirrors taken from /usr/ports/Mk/bsd.siteis.mk . Search for MASTER_SITE_QT in that file. -- Valeriu Mutu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: restrict ssh access
On Fri, Apr 25, 2008 at 07:50:47PM +, D Hill wrote: On Fri, 25 Apr 2008 at 14:30 -0500, [EMAIL PROTECTED] confabulated: --On Friday, April 25, 2008 16:41:07 + D Hill [EMAIL PROTECTED] wrote: On Fri, 25 Apr 2008 at 09:30 -0700, [EMAIL PROTECTED] confabulated: On Apr 25, 2008, at 6:46 AM, Geert Geurts wrote: I've got a server running a ssh server, I want to enable ssh for the use of sftp by a group of users, and limit their ssh access to just allow running passwd so they can change their default password. What whould be the best/easiest way to acomplish this, or something similiar? I wonder what would happen if you gave them a shell of /usr/bin/passwd...? :-) That should work. I just tested. When an ssh connection is made, it executes passwd. As soon as the password is changed, the ssh connection was closed: %ssh -l asdf 192.168.1.50 Password: ... Changing local password for asdf Old Password: New Password: Retype New Password: Connection to 192.168.1.50 closed. Should make for some fascinating experiences with sftp. :-) I believe the connecton would just close. Somehow I missed that sftp part :-( One more thing: you'll have to set r-x permissions for /usr/libexec/sftp-server as well. To summarize, you'll have to set r-x permissions for the user's shell, passwd utility and sftp-server. All other executables can be denied access... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Valeriu Mutu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: restrict ssh access
On Fri, Apr 25, 2008 at 07:50:47PM +, D Hill wrote: On Fri, 25 Apr 2008 at 14:30 -0500, [EMAIL PROTECTED] confabulated: --On Friday, April 25, 2008 16:41:07 + D Hill [EMAIL PROTECTED] wrote: On Fri, 25 Apr 2008 at 09:30 -0700, [EMAIL PROTECTED] confabulated: On Apr 25, 2008, at 6:46 AM, Geert Geurts wrote: I've got a server running a ssh server, I want to enable ssh for the use of sftp by a group of users, and limit their ssh access to just allow running passwd so they can change their default password. What whould be the best/easiest way to acomplish this, or something similiar? I wonder what would happen if you gave them a shell of /usr/bin/passwd...? :-) That should work. I just tested. When an ssh connection is made, it executes passwd. As soon as the password is changed, the ssh connection was closed: %ssh -l asdf 192.168.1.50 Password: ... Changing local password for asdf Old Password: New Password: Retype New Password: Connection to 192.168.1.50 closed. Should make for some fascinating experiences with sftp. :-) I believe the connecton would just close. Somehow I missed that sftp part :-( Indeed, the connection closes. It looks like the SSH server relies on a valid login shell program to run the SFTP server. Anyway, may I suggest using ACL? You'll have to add the 'acls' option in fstab and do a reboot. After that, put those users in a group and deny that group all the permissions (r,w,x) on all executables on the system. Set r-x permissions on their _login shell_ (i.e /bin/csh, /bin/sh etc.) and /usr/bin/passwd executable. It worked for me. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Valeriu Mutu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
