I recently upgraded to FreeBSD 9.1-STABLE, and there was a strange
added side effect.
Users that telnet into the machine seem to have their logins forever
ghosted in who/w.
If a user connects via telnet, then logs out, their login still
remains in the w/who. If another user logins in with the pty
On Wed, Dec 30, 2009 at 02:11:13PM +0100, Erik Trulsson wrote:
On Wed, Dec 30, 2009 at 12:33:41PM +, Anton Shterenlikht wrote:
I was checking for passwordless accounts with 'logins -p'.
None was found. However, I understand toor doesn't have
passwd by default, and I never touched it, so
I was checking for passwordless accounts with 'logins -p'.
None was found. However, I understand toor doesn't have
passwd by default, and I never touched it, so I expected
logins -p to show toor, but it didn't.
Just to check I also tried to su toor with root passwd - no access.
Please can
On Wed, Dec 30, 2009 at 12:33:41PM +, Anton Shterenlikht typed:
I was checking for passwordless accounts with 'logins -p'.
None was found. However, I understand toor doesn't have
passwd by default, and I never touched it, so I expected
logins -p to show toor, but it didn't.
Just
On Wed, Dec 30, 2009 at 12:33:41PM +, Anton Shterenlikht wrote:
I was checking for passwordless accounts with 'logins -p'.
None was found. However, I understand toor doesn't have
passwd by default, and I never touched it, so I expected
logins -p to show toor, but it didn't.
Just
Anton Shterenlikht wrote:
I was checking for passwordless accounts with 'logins -p'.
None was found. However, I understand toor doesn't have
passwd by default, and I never touched it, so I expected
logins -p to show toor, but it didn't.
Just to check I also tried to su toor with root passwd
On Wed, 30 Dec 2009, Matthew Seaman wrote:
Anton Shterenlikht wrote:
I was checking for passwordless accounts with 'logins -p'.
None was found. However, I understand toor doesn't have
passwd by default, and I never touched it, so I expected
logins -p to show toor, but it didn't.
Just to check
Lars Eighner wrote:
On Wed, 30 Dec 2009, Matthew Seaman wrote:
If there's nothing in the second field, then you have a problem, as that
means the account has a NULL password (ie. just hit return when prompted
for a password --
I've been wrong before, but I think you do not get a password
The handbook has documentation on this:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/security.html#TOOR-ACCOUNT
-jgh
On Wed, Dec 30, 2009 at 05:05:35PM +, Matthew Seaman thus spake:
Lars Eighner wrote:
On Wed, 30 Dec 2009, Matthew Seaman wrote:
If there's nothing in the second
enough time and resources, any password can be cracked. I really do not
when enough time is somehow like lifetime of a star ;) (unless you choose
bad passwords).
understand why so many users insist on using passwords anyway.
2 reasons:
- It's the default
- Less hassle getting access from
On Thursday 11 December 2008 12:40:10 Jerry wrote:
On Thu, 11 Dec 2008 09:11:26 +0100
Mel fbsd.questi...@rachie.is-a-geek.net wrote:
6) Disable password based logins and use keys only.
Personally, I have always used 'keys' instead of passwords. Given
enough time and resources, any
/AllowUsers and/or their Deny equivalent in sshd_config.
6) Disable password based logins and use keys only.
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
___
freebsd-questions@freebsd.org
to an existing module instead of one in ports.
5) Use AllowGroups/AllowUsers and/or their Deny equivalent in
sshd_config.
6) Disable password based logins and use keys only.
Personally, I have always used 'keys' instead of passwords. Given
enough time and resources, any password can be cracked. I
Hello all,
I'm noticing that when following the directions given here:
http://www.freebsd.org/doc/en/books/handbook/network-nis.html
For how to disable logins, the recommended action is to set the shell to
/sbin/nologin.
However, this is sloppy as it allows the user to log in, get the motd
On Wed, 10 Dec 2008, Dan Nelson wrote:
In the last episode (Dec 10), Dan Mahoney, System Admin said:
I'm noticing that when following the directions given here:
http://www.freebsd.org/doc/en/books/handbook/network-nis.html
For how to disable logins, the recommended action is to set the shell
For how to disable logins, the recommended action is to set the shell to
/sbin/nologin.
However, this is sloppy as it allows the user to log in, get the
motd, do everything short of getting a shell.
I've tried starring out the password in the +: entry, (and
putting in a bad
/books/handbook/network-nis.html
For how to disable logins, the recommended action is to set the shell to
/sbin/nologin.
However, this is sloppy as it allows the user to log in, get the
motd, do everything short of getting a shell.
I've tried starring out the password in the +: entry
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Joe Marcus
Clarke
Sent: Sunday, September 30, 2007 10:42 PM
To: [EMAIL PROTECTED]
Cc: FreeBSD Mailing List
Subject: Re: Upgrade to imap-uw 2006j Breaks Logins
On Sun, 2007-09-30 at 23:50 -0500
As part of a portupgrade, one of my servers just picked up the latest
version of imap-uw (2006j). Now users can no longer login as imapd
claims they are providing incorrect passwords. I manually copied the
version I was using (2004g) to /usr/local/libexec/imapd, and all is
well, so it is
On Sun, 2007-09-30 at 23:50 -0500, Tim Daneliuk wrote:
As part of a portupgrade, one of my servers just picked up the latest
version of imap-uw (2006j). Now users can no longer login as imapd
claims they are providing incorrect passwords. I manually copied the
version I was using (2004g)
I'm moving my INN server from an old BSD/OS box (yes, there are still
a few of them) to FreeBSD.
A few people connect to the nntp server from random places on the net
and log in with a user and password. In the old version on BSD/OS the
logins and passwords are in a text file, but in the current
pam.d/README says:
Note that having a sufficient module as the last entry for a
particular service and module type may result in surprising behaviour.
To get the intended semantics, add a required entry listing the
pam_deny module at the end of the chain.
But in fact
auth sufficient pam_unix.so
On Sun, 2006-02-12 at 04:39, Playnet wrote:
Hello FreeBSD,
I see many records as
Feb 10 21:08:55 sstand sshd[84600]: Failed password for root from
61.218.130.20 port 46356 ssh2
How can i block these IP, who try root as login?
Have any soft in ports?
In the default setup of SSH, root
setup of SSH, root login is disabled. Check the manual
for ssh.
As for blocking Ips check hosts_deny and hosts_allow.
I would recommend that you block the ssh port at you firewall for stop
remote logons via ssh etc.
Rob
Either you
1 configure SSH to only allow logins from certain hostnames or IP
lars wrote:
Either you
1configure SSH to only allow logins from certain hostnames or
IP addresses or for certain users, and/or
2install a program to watch your logfiles and modify
your firewall rules dynamically according to specified
triggers,
like /usr
This last week the subject of failed ssh logins was covered in 2
different threads and was answered in full. Please check the
archives for your answers before asking the same question over
again.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Playnet
Sent
Hello FreeBSD,
I see many records as
Feb 10 21:08:55 sstand sshd[84600]: Failed password for root from 61.218.130.20
port 46356 ssh2
How can i block these IP, who try root as login?
Have any soft in ports?
--
Best regards,
Playnet mailto:[EMAIL PROTECTED]
I see many records as
Feb 10 21:08:55 sstand sshd[84600]: Failed password for root from 61.218.130.20
port 46356 ssh2
How can i block these IP, who try root as login?
Have any soft in ports?
There are some ports that do it. One thing I didn't like about the ports
(at least the ones I
I have created a public/private key set with putty and managed to add the
public key to my .ssh directory. I have also verified that it works as desired.
I'm not too confident in configuring the SSHD so some help is much appreciated.
I would like to not allow a ssh connection to the server for
Edit the file
/etc/ssh/sshd_config
and change the following two parameters to NO
PasswordAuthentication no
ChallengeResponseAuthentication no
Make sure that
RSAAuthentication yes
remains set.
Then sighup the ssh-daemon by invoking the following command
kill -HUP `cat /avr/run/sshd.pid`
Frank Mueller - emendis GmbH wrote:
Edit the file
/etc/ssh/sshd_config
and change the following two parameters to NO
PasswordAuthentication no
ChallengeResponseAuthentication no
Make sure that
RSAAuthentication yes
remains set.
Then sighup the ssh-daemon by invoking the following command
On 2005-09-13 23:27, Joachim Dagerot [EMAIL PROTECTED] wrote:
I have created a public/private key set with putty and managed to add
the public key to my .ssh directory. I have also verified that it
works as desired.
I'm not too confident in configuring the SSHD so some help is much
ref:
http://lists.freebsd.org/pipermail/freebsd-questions/2005-August/095052.html
With a default sshd_config but PermitRootLogin set to
'without-password' I find that root is still allowed to login with a
user/pass
what about turning PasswordAuthentication off?
greetz
wmiuser/u at
I've always preferred setting
PermitRootLogin without-password
in my sshd_config in order to allow root logins using a public key only.
I'm sure the above directive was all I needed to change in the past in
order to achieve this, however it now seems something has changed
either in the default
mail to
[EMAIL PROTECTED]
I had this on my FreeBSD 4.10 box as well. sshd can be configured to
only allow logins for specific users.
Edit /etc/sshd_config to add the following
AllowUsers USER_NAME
You can have multiple AllowUsers entries if you want more than one user
to be able to ssh
Jun 30 10:36:05 phantom sshd[70478]: Failed password for news from
212.88.182.121 port 51218 ssh2
Jun 30 10:36:16 phantom sshd[70500]: Failed password for sshd from
212.88.182.121 port 51608 ssh2
Jun 30 10:36:39 phantom sshd[70569]: Failed password for root from
212.88.182.121 port 52297 ssh2
; exit;}
if ($track{$host} = $attempts) {
push (@abuse,$host);
ckcache($host);
print WRITECACHE $host\n if !$block == 0;
if ($action =~ /print/) { print Host $host, past $attempts
attempted logins\n; }
if ($action =~ /run/ $useip) { (@runoutput=`$command $host
01, 2005 8:43 AM
To: freebsd-questions@freebsd.org
Subject: autoblocking many ssh failed logins from the same IP
Jun 30 10:36:05 phantom sshd[70478]: Failed password for news
from 212.88.182.121 port 51218 ssh2
Jun 30 10:36:16 phantom sshd[70500]: Failed password for sshd
from
] Behalf Of Hornet
Sent: Friday, July 01, 2005 9:10 AM
To: John Cholewa
Cc: freebsd-questions@freebsd.org
Subject: Re: autoblocking many ssh failed logins from the same IP
Below (and atached) is a script I wrote do exactly what you are
talking about.
It's commented, so edit to your taste
and send your own
email to them about their client sending you attack packets.
Stopping Login Attacks
Using the customary port numbers or alternate port numbers for SSH,
FTP, or Telnet all failed logins are logged to /var/log/auth.log
file. In most cases the sending IP address is the real IP
For SSH, telnet and FTP where are the failed login attempts logged at?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
On Fri, Jun 03, 2005 at 05:42:54PM -0400, fbsd_user wrote:
For SSH, telnet and FTP where are the failed login attempts logged at?
Probably at /var/log/auth.log. Take a look at /etc/syslog.conf, you can
configure things to your tastes from there.
Nathan
pgpzFntat5dUR.pgp
Description: PGP
On Sun, Feb 13, 2005 at 11:54:15PM -0600, Gene wrote:
snip - problem: sshd apparently allowing passwordless logins
Also, check to make sure your ssh client is not sending an RSA key for
authentication. I think that one is enabled by default. If you want to
force passwords, make sure you
I'm running version 5.3 of freebsd.
I'm not sure what I did - I was experimenting in sshd_config. sshd began
to permit logins without benefit of password.
When logging in (I'm using putty from a local windows machine) I enter
the user name. I'm presented with the challenge and the password
On February 13, 2005 04:10 pm, Gene wrote:
I'm running version 5.3 of freebsd.
I'm not sure what I did - I was experimenting in sshd_config. sshd began
to permit logins without benefit of password.
When logging in (I'm using putty from a local windows machine) I enter
the user name. I'm
Ean Kingston wrote:
On February 13, 2005 04:10 pm, Gene wrote:
I'm running version 5.3 of freebsd.
I'm not sure what I did - I was experimenting in sshd_config. sshd began
to permit logins without benefit of password.
When logging in (I'm using putty from a local windows machine) I enter
dave wrote:
Hello,
I'm wondering if it's possible to use pam or perhaps tcp_wrappers to
limit how many ssh logins can be atempted? I'd like to kick off a user who
tries to log in repeatedly with the wrong password or tries x times within a
minute, my purpose is to slow down hacking atempts
Hello,
I'm wondering if it's possible to use pam or perhaps tcp_wrappers to
limit how many ssh logins can be atempted? I'd like to kick off a user who
tries to log in repeatedly with the wrong password or tries x times within a
minute, my purpose is to slow down hacking atempts in situations
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of dave
Sent: Saturday, November 13, 2004 9:22
To: [EMAIL PROTECTED]
Cc: Drew Tomlinson
Subject: limiting ssh logins
Hello,
I'm wondering if it's possible to use pam or perhaps tcp_wrappers to
limit how
See the MaxStartups parameter in the sshd_confg.
Ted
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of dave
Sent: Friday, November 12, 2004 7:52 PM
To: [EMAIL PROTECTED]
Cc: Drew Tomlinson
Subject: limiting ssh logins
Hello,
I'm wondering
I am trying to allow _all users_ on CLIENT to login to
SERVER without a password.
IMPORTANT: I am not interested in user keys _at all_
- at no point in this process should I ever be dealing
with any keys in /home/user/.ssh - I am only
interested in doing this with HOST keys - where I copy
one
ssh [EMAIL PROTECTED]
and I get a password prompt!!!
You have to press enter ;) FreeBSD still asks for a password even if it's
empty, unlike Linux.
Cheers,
Jorn.
___
[EMAIL PROTECTED] mailing list
In version 4.7, there was a conf file where individual users could be
granted or denied the ability to log in remotely. Since 5.2, I can no longer
find the file (I don't recall its name).
Anyone know which file it was? Does the ability still exist?
Thanks
On Mon, Aug 27, 2001 at 02:15:22AM -0500, default wrote:
Is this normal?
It's the expected behaviour for legacy DES passwords (only useful if
you need to share the same password file with other UNIX systems,
which isn't likely)
How does one disable this?
There's a login capability for
Date: Wed, 15 Sep 2004 12:21:29 +0930
From: Tim Aslat [EMAIL PROTECTED]
Subject: Re: increasing failed sshd logins/clearing breadcrumb trails
To: [EMAIL PROTECTED]
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=US-ASCII
Tim Aslat [EMAIL PROTECTED] once said
John DeStefano said the following on 9/16/2004 10:40 AM:
The easiest way to protect this is to check your sshd_config and
set:
PermitRootLogin no
Interestingly, this option did not exist in my config file (I added
it), but all other options were commented out. Is this the
I've noticed a few posts over the past week or so regarding users'
servers being probed by remote ssh attempts. Coincidentally (or
perhaps not so), around that time, I began getting quite a few records
of such attempts to my server, at the rate of about 3 tries per IP, and
about three IPs per
no
Which, if you're exposed to the 'Net would be a sane practice--force
people to log in as themselves and su (or sudo or sudoscript) to root.
Admittedly, I am not sure about the rest of your posting. When I run
last, (on 4.10-STABLE) it shows logins back to the 1st of September.
Best,
Glenn
practice--force
people to log in as themselves and su (or sudo or sudoscript) to root.
Very sane practice
Admittedly, I am not sure about the rest of your posting. When I run
last, (on 4.10-STABLE) it shows logins back to the 1st of September.
It is possible that the box was compromised
Tim Aslat said the following on 9/14/2004 10:51 PM:
In the immortal words of Glenn Sieb [EMAIL PROTECTED]...
I've been getting this for weeks. They're all under APNIC, and emails
to [EMAIL PROTECTED] involved networks has gone unanswered.
I've been getting these as well, but from a
I'm currently running FreeBSD 4.10 on a machine at home. Since it is exposed to the
internet (and since I am the only one who should be logging into it), I would like to
have a summary log of all logins (both failed and successful).
periodic shows the the failed logins in the daily summary
On Thu, Sep 02, 2004 at 03:34:25PM +, [EMAIL PROTECTED] wrote:
I'm currently running FreeBSD 4.10 on a machine at home. Since it is exposed to the
internet (and since I am the only one who should be logging into it), I would like
to have a summary log of all logins (both failed
On 2004-09-02 17:41, Matthew Seaman [EMAIL PROTECTED] wrote:
On Thu, Sep 02, 2004 at 03:34:25PM +, [EMAIL PROTECTED] wrote:
Can periodic be used to get a summary of successful logins? Is there
a different utility that exists?
The command to use is last(1) -- note by default that reads
I've beend getting the sshd login attempts, like everyone else so I've been
watching the logs close, this is the first time to see this item in /var/log/messages.
Aug 14 04:15:00 chillico su: _secure_path: /nonexistent/.login_conf is not owned by
uid 65534
I've looked in the passwd file and
Mark [EMAIL PROTECTED] writes:
I've beend getting the sshd login attempts, like everyone else so I've been
watching the logs close, this is the first time to see this item in
/var/log/messages.
Aug 14 04:15:00 chillico su: _secure_path: /nonexistent/.login_conf is not owned by
uid 65534
On Tue, Aug 17, 2004 at 11:17:46AM -0400, Lowell Gilbert wrote:
Mark [EMAIL PROTECTED] writes:
I've beend getting the sshd login attempts, like everyone else so I've been
watching the logs close, this is the first time to see this item in
/var/log/messages.
Aug 14 04:15:00 chillico
).
The full path of the user's home directory is accessible to them.
I have not done anything with groups. Does a user have to be in a magic
ftpusers group in order to authenticate from the outside?
My question for the group is: What else do I need to do to enable FTP
logins for normal users (i.e
On Mon, 8 Mar 2004 15:31:50 - , in local.freebsd.questions you
wrote:
Is there some way to tell if ftp logins are successfully using S/KEY or
falling back to cleartext? Is there some way to require S/KEY only?
I believe the password prompt includes required if a static
password would
Is there some way to tell if ftp logins are successfully using S/KEY or
falling back to cleartext? Is there some way to require S/KEY only?
Cliff
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
John Mills [EMAIL PROTECTED] writes:
I just finished a fairly lightweight ftp installation of 5.1-Release and
want to offer an X11 login screen. Basic XF86 seems to work fine. I
followed the 'Configuring xdm' instructions in Greg Lehey's
_Complete_FreeBSD_, ch.17, but didn't get quite all the
Freebies -
I just finished a fairly lightweight ftp installation of 5.1-Release and
want to offer an X11 login screen. Basic XF86 seems to work fine. I
followed the 'Configuring xdm' instructions in Greg Lehey's
_Complete_FreeBSD_, ch.17, but didn't get quite all the way home.
I get the X11
Martin McCormick [EMAIL PROTECTED] writes:
Where is the default execution path set for ssh logins who get
a bash shell?
Originally from login capabilities; it can be modified in a number of
other places as described in the bash(1) manual.
I thought I knew the answer until I tried
I would like to restrict user login based on the terminal where the login
request originates. Ideally, I want Root, and ONLY Root, to be able to log
in at the console. The system is already running SSHD, so I want to be able
to check logins via SSH. Root should not be allowed to log in from
more than possible. Take a look at /etc/login.access and
/etc/login.conf. In login.access a simple:
-:ALL EXCEPT root # taken from the examples near the end (which actual
use groups)
should do the trick.
to check logins via SSH. Root should not be allowed to log in from a remote
That's all
Hey *, this morning I tried to log into my freebsd 4.6 release
box and was refused (SSH 2.9 sent back the passwd prompt and
denied me). I called someone else and they tried, and were
refused too. I got in via the console and reset my user and the
root passwd and could ssh in successfully. I'm
On Mon, 7 Jul 2003, twig les wrote:
Also, I found some strange output in /var/log/messages.0.gz on
the machine that locked up. There is an identical machine (same
hardware and config) that did *not* have any of this stuff. The
last line in the message below (the Device not configured) is
I did a mount -a, then a fsck -y, then manually changed the
passwords back to what they were and the machine seems ok. df
-h shows both disks working fine and I can access the root and
all partitions. I hope this was just some stupid disk problem
that is *not* the harbinger of another disk
On Sat, Jan 04, 2003 at 07:57:03PM -0500, Bill Moran wrote:
If you set the laptop up as a NIS backup server, you'll be able to log
in just fine, even when not connected to the network. It should
circumvent the delays, as you'll have everything the login system is
looking for.
Yeah, I'd
598 to line 601. It reads:
if (setusercontext(lc, pwd, pwd-pw_uid, LOGIN_SETGROUP) != 0) {
syslog(LOG_ERR, setusercontext() failed - exiting);
exit(1);
}
This means nothing to me but I have found that it causes local logins
(which have _nothing_ to do with NIS/YP whatsoever
/03)) and the code is from line 598 to line 601. It reads:
if (setusercontext(lc, pwd, pwd-pw_uid, LOGIN_SETGROUP) != 0) {
syslog(LOG_ERR, setusercontext() failed - exiting);
exit(1);
}
This means nothing to me but I have found that it causes local logins
(which have _nothing_ to do with NIS/YP
For console:
edit /etc/ttys
change secure to insecure for each tty that you wish to keep root out
of.
On Fri, 2002-11-15 at 01:54, Ian Barnes wrote:
Hi,
I would like to disable root logins, both at console and through ssh ...
where should I start ?
thanks for the help
Ian
Hi,
I would like to disable root logins, both at console and through ssh ...
where should I start ?
thanks for the help
Ian
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
On Fri, 15 Nov 2002, Ian Barnes wrote:
Hi,
I would like to disable root logins, both at console and through ssh ...
where should I start ?
thanks for the help
Ian
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
http
* for the password, auth works. This led me to try using
template_user=nobody, without success.
Does anybody have RADIUS auth working for direct logins? (The NAS are fine,
it's just telnet/login/ssh on the BSD boxen themselves that are borked...
Please copy me directly, as I am not currently subscribed
84 matches
Mail list logo