On Fri, 3 May 2013 17:22:04 +0200, Fleuriot Damien wrote:
> Allow me to add a bit of context here.
>
>
> We're wrapping things up to obtain the PCI DSS certification which
> is awarded for running through a long and annoying series of hoops.
> This certification is rather important to our busines
On 5/3/2013 10:05 AM, Fleuriot Damien wrote:
Thanks for your response Markham,
I'm afraid labor law is much too protective here for us to be able to "educate"
users in this way;)
Your idea to run a cron job every X minutes has merit though, I'll try and
check into that !
If labor law's st
Firing people for violating the 5 minute rule seems a tad extreme. If there is
indeed a company policy regarding the 5 minute idle window you and you intend
to roll forward with a connection kill script then also make screen or tmux
available. In my experience people tend to be more accepting of
On 05/03/13 15:28, Fleuriot Damien wrote:
Hello list,
I'm facing this unusual demand at work where we need to time out idle SSH
connections for security purposes.
I've checked the following options from sshd_config but none seems to fit my
needs :
TCPKeepAlive
ClientAliveCountMax
ClientAliv
On May 3, 2013, at 5:16 PM, Arthur Chance wrote:
> On 05/03/13 15:28, Fleuriot Damien wrote:
>> Hello list,
>>
>>
>>
>> I'm facing this unusual demand at work where we need to time out idle SSH
>> connections for security purposes.
>>
>> I've checked the following options from sshd_config b
Allow me to add a bit of context here.
We're wrapping things up to obtain the PCI DSS certification which is awarded
for running through a long and annoying series of hoops.
This certification is rather important to our business so like it or not, we
have to play along.
Allowing the use of sc
Thanks for your response Markham,
I'm afraid labor law is much too protective here for us to be able to "educate"
users in this way ;)
Your idea to run a cron job every X minutes has merit though, I'll try and
check into that !
On May 3, 2013, at 4:51 PM, markham breitbach
wrote:
> Depend
Depending on the shell you are using, you may be able to set that to
auto-logout, or you
could set a cron job to run every 5 minutes and terminate tty's with > 5min
idle time.
Honestly though, you will rarely find a good technical solution to a social
problem--there's always a work-around--and t
On 9 April 2011 13:22, Scott Ballantyne wrote:
>
>>On Fri, Apr 8, 2011 at 5:15 PM, ill...@gmail.com wrote:
>>>On 8 April 2011 15:22, Scott Ballantyne wrote:
>>> I've never seen this before, but when ssh'ing to my server today, I
>>> got:
>>>
>>> ssh_exchange_identification: Connection closed
>>
>On Fri, Apr 8, 2011 at 5:15 PM, ill...@gmail.com wrote:
>>On 8 April 2011 15:22, Scott Ballantyne wrote:
>> I've never seen this before, but when ssh'ing to my server today, I
>> got:
>>
>> ssh_exchange_identification: Connection closed
>Was this multiple log-in failures receiving the same
On 8 April 2011 15:22, Scott Ballantyne wrote:
> I've never seen this before, but when ssh'ing to my server today, I
> got:
>
> ssh_exchange_identification: Connection closed
Was this multiple log-in failures receiving the same
error message?
& is this log-in happening across the internet or is
El dia Friday, April 08, 2011 a las 12:53:05PM -0700, Robison, Dave escribio:
> is your host ip denied by /etc/hosts.allow?
Dave,
Don't top post!
>
> On 04/08/2011 12:22, Scott Ballantyne wrote:
> > I've never seen this before, but when ssh'ing to my server today, I
> > got:
> >
> > ssh_exchang
is your host ip denied by /etc/hosts.allow?
On 04/08/2011 12:22, Scott Ballantyne wrote:
I've never seen this before, but when ssh'ing to my server today, I
got:
ssh_exchange_identification: Connection closed
I was able to log in using my vendors KVM access, and didn't see
anything particularl
than flaky hardware.
Thanks for your help to those who took the time to reply.
Martin.
From: Martin Minkus
Sent: Monday, 28 June 2010 09:22
To: freebsd-questions@freebsd.org
Subject: RE: sshd / tcp packet corruption ? ZFS & Samba?
Hey all,
It was suggested I do a memtest, but
Hey all,
It was suggested I do a memtest, but that checked out fine. (I wish it
was as simple as just the ram!)
I’ve realised the issue manifests itself almost immediately when
accessing an underlying ZFS filesystem using Samba. But if it is UFS, it
is fine.
Does this mean anything to a
27;ll do a memtest.
Martin.
-Original Message-
From: Lowell Gilbert [mailto:freebsd-questions-lo...@be-well.ilk.org]
Sent: Thursday, 24 June 2010 09:41
To: Martin Minkus
Cc: freebsd-questions
Subject: Re: sshd / tcp packet corruption ?
Martin Minkus writes:
> It seems this issue I repor
Martin Minkus writes:
> It seems this issue I reported below may actually be related to some
> kind of TCP packet corruption ?
Possible. Or memory errors. Hard to say much at this point, when you
don't even know which side is actually causing the errors.
> Still same box. I’ve noticed my SSH
So definitely some kind of packet corruption;
Using netcat to send a single megabyte of binary data to a box with no
known issues (from kinetic -> steel):
kinetic:/tmp$ dd if=/dev/urandom of=random.testfile bs=1k count=1k
1024+0 records in
1024+0 records out
1048576 bytes transferred in
Glen Barber wrote:
my pc gets ip address from dhcp server,
but on my pc, there is running
sshd.
I want to make ssh to listen to only one
ip address, but if ip changes due to dhcp,
ssh server do not work properly.
I know, that dhcp is able to assign ip address
to client from some range e.g. 192
On Wednesday 05 August 2009 13:11:08 Stefan Miklosovic wrote:
> my pc gets ip address from dhcp server,
> but on my pc, there is running
> sshd.
>
> I want to make ssh to listen to only one
> ip address, but if ip changes due to dhcp,
> ssh server do not work properly.
>
> I know, that dhcp is abl
On Wed, Aug 5, 2009 at 5:11 PM, Stefan
Miklosovic wrote:
> hi,
>
> my pc gets ip address from dhcp server,
> but on my pc, there is running
> sshd.
>
> I want to make ssh to listen to only one
> ip address, but if ip changes due to dhcp,
> ssh server do not work properly.
>
> I know, that dhcp is a
Stefan Miklosovic wrote:
hi,
my pc gets ip address from dhcp server,
but on my pc, there is running
sshd.
I want to make ssh to listen to only one
ip address, but if ip changes due to dhcp,
ssh server do not work properly.
I know, that dhcp is able to assign ip address
to client from some rang
t;
Címzett: Sajó Zsolt Attila<sajozsatt...@citromail.hu>
Elküldve: 09:33
Téma: Re: sshd in jail
2009/6/3 Sajó Zsolt Attila luk1814.no-ip.org" command I get this error:
> OpenSSH_5.1p1 FreeBSD-20080901, OpenSSL 0.9.8e 23 Feb 2007
> debug1: Reading configuration data /etc/ssh/ssh_confi
2009/6/3 Sajó Zsolt Attila
> Hi!
>
> I would like use the sshd in jail, but the port forwarding doesn't work in
> the pf firewall. My jail ip: 10.0.0.40. If I use the ssh -l user 10.0.0.40
> command it's well, but when I use the "ssh -p 5859 -vv -l user
> luk1814.no-ip.org" command I get this err
Could somebody point me to a relevant sshd documentation where
the cause of these rejection messages is explained:
sshd: Did not receive identification string from xx.xx.xx.xx
it's not rejection. sshd waited waited and didn't got next think it should
It may be ssh windows client bug or just co
Dnia niedziela 31 maj 2009 o 16:18:09 Sajó Zsolt Attila napisał(a):
> How do I use the sshd with pam-pgsql?
I don't know how tu use but I see something strange with your setup.
In ssh-pam_pgsql.conf you have pw_type = md5 and in your database you have a
cleartext password. I think it is your probl
Ansar Mohammed wrote:
Is sshd compiled with Kerberos support on freebsd 7.0?
Yup:
ldd /usr/sbin/sshd:
...
libgssapi.so.9 => /usr/lib/libgssapi.so.9 (0x28124000)
libkrb5.so.9 => /usr/lib/libkrb5.so.9 (0x2812b000)
...
Otherwise, you should be able to use PAM, with /etc/pam.d/s
2008/6/25 Mark Price <[EMAIL PROTECTED]>:
> On Wed, Jun 25, 2008 at 12:04 AM, Agus <[EMAIL PROTECTED]> wrote:
> > Hi fellows,
> >
> > I am trying to configure sshd on my bsd and wanted to ask if the opitons
> > there, in case i enable them are "resource intensive";
> > Let me give u an example,
>
On Wed, Jun 25, 2008 at 12:04 AM, Agus <[EMAIL PROTECTED]> wrote:
> Hi fellows,
>
> I am trying to configure sshd on my bsd and wanted to ask if the opitons
> there, in case i enable them are "resource intensive";
> Let me give u an example,
>
> For instance, the Options
> #ClientAliveInterval 0
>
On Wed, 25 Jun 2008 01:04:40 -0300
Agus <[EMAIL PROTECTED]> wrote:
> In case i enable them, would my server, which is very small(Very
> little RAM,192MB i think)..its just for educational purposes; could
> my server cope with it if for instance tehre were quite a few clients
> connected? I dont k
Christian Laursen wrote:
It is also worth taking a look at the ProxyCommand option.
For the case above something like this should be put in ~/.ssh/config:
Host your.own.host-tunneled
HostKeyAlias your.own.host
ProxyCommand ssh [EMAIL PROTECTED] nc your.own.host 22
The you can just do "ssh
Peter Boosten <[EMAIL PROTECTED]> writes:
> No, I was more thinking of:
>
> ssh -L :your.own.host:22 [EMAIL PROTECTED]
>
> and then open a new shell:
>
> scp -P the-file-you-want-to-copy [EMAIL PROTECTED]:
>
> This works easiest with agent forwarding, but I guess any
> authentication will
Valeriu Mutu wrote:
On Thu, May 08, 2008 at 07:33:13AM +0200, Peter Boosten wrote:
Vince Sabio wrote:
Note if you choose to do this: scp'ing files becomes a four-step process
(i.e., scp file(s) to intermediate server, log in to intermediate server,
scp to destination server, delete file(s) f
On Thu, May 08, 2008 at 07:33:13AM +0200, Peter Boosten wrote:
> Vince Sabio wrote:
>>
>> Note if you choose to do this: scp'ing files becomes a four-step process
>> (i.e., scp file(s) to intermediate server, log in to intermediate server,
>> scp to destination server, delete file(s) from interm
On May 8, 2008, Norbert Papke wrote:
> On May 8, 2008, Mel wrote:
> > because:
> > for FILE in */*.[ch]; do scp ${FILE} host:/backup; done
> > is quicker to write then setup tunnels.
>
> How about "scp */*.[ch] host:/backup"?
To answer my own silly question, the above doesn't preserve paths. Anyw
On May 8, 2008, Mel wrote:
> because:
> for FILE in */*.[ch]; do scp ${FILE} host:/backup; done
> is quicker to write then setup tunnels.
How about "scp */*.[ch] host:/backup"?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mai
Vince Sabio wrote:
** At 07:33 +0200 on 05/08/2008, Peter Boosten wrote:
Vince Sabio wrote:
Note if you choose to do this: scp'ing files becomes a four-step
process (i.e., scp file(s) to intermediate server, log in to
intermediate server, scp to destination server, delete file(s) from
interm
** At 07:33 +0200 on 05/08/2008, Peter Boosten wrote:
Vince Sabio wrote:
Note if you choose to do this: scp'ing files becomes a four-step
process (i.e., scp file(s) to intermediate server, log in to
intermediate server, scp to destination server, delete file(s) from
intermediate server). Stil
Hi,
On May 7, 2008, at 01:11 , Gilles wrote:
Hello
I'm a bit tired of people trying to break into SSH:
May 6 16:59:23 freebsd sshd[24649]: Invalid user agatha from
195.43.9.246
May 6 16:59:26 freebsd sshd[24651]: Invalid user cristie from
195.43.9.246
May 6 16:59:29 freebsd sshd[24653]: In
On Thursday 08 May 2008 05:50:59 Steve Bertrand wrote:
> >>ssh stream tcp nowait/20/4/10 root /usr/sbin/sshd sshd -i
> >>
> >> into /etc/inetd.conf set a limit of
> >>
> >> * 20 overall ssh connections
> >> * 4 connection attempts per minute
> >> * at most 10 connections from a single IP
>
Vince Sabio wrote:
Note if you choose to do this: scp'ing files becomes a four-step process
(i.e., scp file(s) to intermediate server, log in to intermediate
server, scp to destination server, delete file(s) from intermediate
server). Still worth it, though.
Never thought of port forwarding
** At 09:59 -0800 on 05/06/2008, Beech Rintoul wrote:
On Tuesday 06 May 2008, David Kelly said:
> > On Tuesday 06 May 2008, Gilles said:
> > Is there a way to configure SSHd, so that the wait time between
> > > login attempts increases after X failed tries?
>
Depending on how you use ssh
ssh stream tcp nowait/20/4/10 root /usr/sbin/sshd sshd -i
into /etc/inetd.conf set a limit of
* 20 overall ssh connections
* 4 connection attempts per minute
* at most 10 connections from a single IP
This works very well on a personal server, not sure how it scales up.
So if I copy o
On May 7, 2008, Mel wrote:
> On Wednesday 07 May 2008 06:16:19 Norbert Papke wrote:
> > On May 6, 2008, Gilles wrote:
> > > Is there a way to configure SSHd, so that the wait time between login
> > > attempts increases after X failed tries?
> >
> > I run sshd via inetd rather than as a stand-alone
On Wednesday 07 May 2008 06:16:19 Norbert Papke wrote:
> On May 6, 2008, Gilles wrote:
> > Is there a way to configure SSHd, so that the wait time between login
> > attempts increases after X failed tries?
>
> I run sshd via inetd rather than as a stand-alone daemon. inetd provides
> optional rate
Andrew Pantyukhin wrote:
On Tue, May 06, 2008 at 02:26:43PM -0400, T. wrote:
I didn't realize this before, but it came to my attention when
debugging PAM problems. Actually, sshd default does not allow
it, but another default is in enabling PAM. It's passing power
over to PAM which is allow
On May 6, 2008, Gilles wrote:
> Is there a way to configure SSHd, so that the wait time between login
> attempts increases after X failed tries?
I run sshd via inetd rather than as a stand-alone daemon. inetd provides
optional rate limiting functionality. For instance. putting
ssh stream t
On May 6, 2008, at 14:24, Randy Ramsdell wrote:
Doug Hardie wrote:
On May 6, 2008, at 10:57, Randy Ramsdell wrote:
David Kelly wrote:
On Tue, May 06, 2008 at 09:31:15AM -0800, Beech Rintoul wrote:
Is there a way to configure SSHd, so that the wait time between
login attempts increases af
On Tue, 06 May 2008 19:11:45 +0200
Gilles <[EMAIL PROTECTED]> wrote:
> Is there a way to configure SSHd, so that the wait time between login
> attempts increases after X failed tries?
It shouldn't be too hard to patch
/usr/src/crypto/openssh/sshd.c:server_accept_loop()
by adding code for per-
Doug Hardie wrote:
On May 6, 2008, at 10:57, Randy Ramsdell wrote:
David Kelly wrote:
On Tue, May 06, 2008 at 09:31:15AM -0800, Beech Rintoul wrote:
Is there a way to configure SSHd, so that the wait time between
login attempts increases after X failed tries?
Not that I know of. You shoul
On Tue, May 06, 2008 at 02:26:43PM -0400, T. wrote:
> I didn't realize this before, but it came to my attention when
> debugging PAM problems. Actually, sshd default does not allow
> it, but another default is in enabling PAM. It's passing power
> over to PAM which is allowing it.
>
> I didn't s
On May 6, 2008, at 10:57, Randy Ramsdell wrote:
David Kelly wrote:
On Tue, May 06, 2008 at 09:31:15AM -0800, Beech Rintoul wrote:
Is there a way to configure SSHd, so that the wait time between
login attempts increases after X failed tries?
Not that I know of. You should look into denyhost
Beech Rintoul wrote:
On Tuesday 06 May 2008, David Kelly said:
On Tue, May 06, 2008 at 09:31:15AM -0800, Beech Rintoul wrote:
Is there a way to configure SSHd, so that the wait time between
login attempts increases after X failed tries?
Not that I know of. You should look into denyhosts (in
David Kelly wrote:
On Tue, May 06, 2008 at 09:31:15AM -0800, Beech Rintoul wrote:
Is there a way to configure SSHd, so that the wait time between
login attempts increases after X failed tries?
Not that I know of. You should look into denyhosts (in the ports) it
works well and even has
On Tuesday 06 May 2008, David Kelly said:
> On Tue, May 06, 2008 at 09:31:15AM -0800, Beech Rintoul wrote:
> > > Is there a way to configure SSHd, so that the wait time between
> > > login attempts increases after X failed tries?
> >
> > Not that I know of. You should look into denyhosts (in the po
On Tue, May 06, 2008 at 09:31:15AM -0800, Beech Rintoul wrote:
> >
> > Is there a way to configure SSHd, so that the wait time between
> > login attempts increases after X failed tries?
>
> Not that I know of. You should look into denyhosts (in the ports) it
> works well and even has a RBL feature
On Tuesday 06 May 2008, Gilles said:
> Hello
>
> I'm a bit tired of people trying to break into SSH:
>
> May 6 16:59:23 freebsd sshd[24649]: Invalid user agatha from
> 195.43.9.246
> May 6 16:59:26 freebsd sshd[24651]: Invalid user cristie from
> 195.43.9.246
> May 6 16:59:29 freebsd sshd[24653]
cpghost wrote:
On Fri, 18 Apr 2008 13:46:48 -0500
Paul Schmehl <[EMAIL PROTECTED]> wrote:
Let me clarify. When I use the term "host", I'm referring to what
many would call a "personal workstation" or "personal computer". If
you have more than one person who has shell access to a computer,
Wojciech Puchar wrote:
>
>>> this:
>>>
>>> AllowUsers [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL
>>> PROTECTED] [EMAIL PROTECTED]
>>
>> It looks like AllowHosts is not available with the version of SSH that
>> comes with FreeBSD.
>>
>> This works:
>>
>> AllowUsers [EMAIL PROTECT
this:
AllowUsers [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL
PROTECTED] [EMAIL PROTECTED]
It looks like AllowHosts is not available with the version of SSH that comes
with FreeBSD.
This works:
AllowUsers [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL
PROTECT
At 18:17 18/04/2008 -0500, Paul Schmehl wrote:
If you want to restrict sshd logins by host, you can use AllowUsers like this:
AllowUsers [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL
PROTECTED] [EMAIL PROTECTED]
It looks like AllowHosts is not available with the version of SSH
On Fri, 18 Apr 2008 13:46:48 -0500
Paul Schmehl <[EMAIL PROTECTED]> wrote:
> Let me clarify. When I use the term "host", I'm referring to what
> many would call a "personal workstation" or "personal computer". If
> you have more than one person who has shell access to a computer,
> then you no l
--On Saturday, April 19, 2008 00:12:41 +0200 Gilles <[EMAIL PROTECTED]>
wrote:
On Fri, 18 Apr 2008 10:04:37 +0100, FreeBSD - Wire Consulting
<[EMAIL PROTECTED]> wrote:
(snip)
Seems like I didn't do it right:
/etc/ssh/sshd_config:
[...]
AllowHosts 192.168.0 82.227.x.x
# /etc/rc.d/sshd restart
On Fri, 18 Apr 2008 10:04:37 +0100, FreeBSD - Wire Consulting
<[EMAIL PROTECTED]> wrote:
(snip)
Seems like I didn't do it right:
/etc/ssh/sshd_config:
[...]
AllowHosts 192.168.0 82.227.x.x
# /etc/rc.d/sshd restart
Stopping sshd.
Starting sshd.
/etc/ssh/sshd_config: line 119: Bad configuration op
--On Friday, April 18, 2008 21:37:45 +0200 Mel
<[EMAIL PROTECTED]> wrote:
>> [4] # grep sshd /etc/defaults/rc.conf
>> sshd_enable="NO"# Enable sshd
>
> No? Surely you're not using inetd?
I haven't used inetd in years. I'm not sure why you think I would be.
Well, since sshd_en
On Friday 18 April 2008 20:53:37 Paul Schmehl wrote:
> --On Friday, April 18, 2008 20:30:53 +0200 Mel
>
> <[EMAIL PROTECTED]> wrote:
> > On Friday 18 April 2008 16:53:49 Paul Schmehl wrote:
> >> Firewalls are for preventing access to running services. By definition,
> >> if you are running a servi
--On Friday, April 18, 2008 09:15:41 -0700 Kurt Buff <[EMAIL PROTECTED]>
wrote:
Not to detour this conversation too much, I hope, but I'm in a
different situation, and this is going to be an issue for me. I'm
putting together a box that's going to be a router for our company,
using BGP to give a
--On Friday, April 18, 2008 20:30:53 +0200 Mel
<[EMAIL PROTECTED]> wrote:
On Friday 18 April 2008 16:53:49 Paul Schmehl wrote:
Firewalls are for preventing access to running services. By definition, if
you are running a service, you want it to be accessed.
That's your assumption.
First of
--On Friday, April 18, 2008 13:18:44 -0400 Jon Radel <[EMAIL PROTECTED]> wrote:
Paul Schmehl wrote:
I see this statement all the time, and I wonder why. What does a
firewall on an individual host accomplish?
I have maintained publicly available servers for a small hobby domain
for almost ten
On Friday 18 April 2008 16:53:49 Paul Schmehl wrote:
> I see this statement all the time, and I wonder why. What does a firewall
> on an individual host accomplish?
...
> Firewalls are for preventing access to running services. By definition, if
> you are running a service, you want it to be a
Paul Schmehl wrote:
> I see this statement all the time, and I wonder why. What does a
> firewall on an individual host accomplish?
>
> I have maintained publicly available servers for a small hobby domain
> for almost ten years now. Initially, I bought in to this logic and ran
> a firewall. (A
Hi,
Gilles wrote:
I don't have a firewall on that host because there's already a NAT
router connecting the LAN to the Net.
I don't know your setup, but I'm pretty sure you can run the packet
filter on your host anyway.
You don't need to configure NAT to run your host firewall.
I'll just ad
On Fri, Apr 18, 2008 at 04:59:07PM +0100, Matthew Seaman wrote:
> Paul Schmehl wrote:
>
> >I have maintained publicly available servers for a small hobby
> >domain for almost ten years now. Initially, I bought in to this
> >logic and ran a firewall. (At that time we only had one server.)
> >What
On Fri, 18 Apr 2008 10:04:37 +0100, FreeBSD - Wire Consulting
<[EMAIL PROTECTED]> wrote:
>sshd(8) is part of the base system, which is a FreeBSD patched version of
>OpenSSH. Although, you can find some ports of bulk OpenSSH in
>/usr/ports/security.
I don't have a firewall on that host because ther
Kurt Buff wrote:
On Fri, Apr 18, 2008 at 8:59 AM, Matthew Seaman
<[EMAIL PROTECTED]> wrote:
At any rate, locking down ssh access is one of my concerns, for sure,
so this discussion is helpful.
Wouldn't turning off password based logins and using public and private
keys (with a strong passwor
On Fri, Apr 18, 2008 at 8:59 AM, Matthew Seaman
<[EMAIL PROTECTED]> wrote:
> Paul Schmehl wrote:
>
>
> > I have maintained publicly available servers for a small hobby domain for
> almost ten years now. Initially, I bought in to this logic and ran a
> firewall. (At that time we only had one server
Paul Schmehl wrote:
I have maintained publicly available servers for a small hobby domain
for almost ten years now. Initially, I bought in to this logic and ran
a firewall. (At that time we only had one server.) What it cost me was
CPU and memory. What it gained me was nothing. I turned it
--On Friday, April 18, 2008 19:14:49 +1000 Gary Newcombe
<[EMAIL PROTECTED]> wrote:
ssh is part of the base system, not an installed port (by default anyway) so
you won't see it with pkg_info which will only list installed packages. The
config file is /etc/ssh/sshd_config.
To limit connections,
Mel wrote:
> On Friday 18 April 2008 10:51:45 Gilles wrote:
>
>> 1. I'd like to limit connections from the Net only from specific IP's.
>> It seems like there are several ways to do it (/etc/hosts.allow,
>> AllowHosts/AllowUsers, TCP-wrapper, port-knocking, etc.). Which would
>> you recommend?
>
Hi,
Gilles wrote:
Hello
I have a couple of questions about running SSHd:
1. I'd like to limit connections from the Net only from specific IP's.
It seems like there are several ways to do it (/etc/hosts.allow,
AllowHosts/AllowUsers, TCP-wrapper, port-knocking, etc.). Which would
you recommend?
On Friday 18 April 2008 10:51:45 Gilles wrote:
> 1. I'd like to limit connections from the Net only from specific IP's.
> It seems like there are several ways to do it (/etc/hosts.allow,
> AllowHosts/AllowUsers, TCP-wrapper, port-knocking, etc.). Which would
> you recommend?
hosts.allow == TCP wr
Hi Gilles,
ssh is part of the base system, not an installed port (by default anyway) so
you won't see it with pkg_info which will only list installed packages. The
config file is /etc/ssh/sshd_config.
To limit connections, you should be using the firewall. I do use hosts.allow
too, but the fi
Gilles wrote:
> Hello
>
> I have a couple of questions about running SSHd:
>
> 1. I'd like to limit connections from the Net only from specific IP's.
> It seems like there are several ways to do it (/etc/hosts.allow,
> AllowHosts/AllowUsers, TCP-wrapper, port-knocking, etc.). Which would
> you re
> Any ideas? I tried doing an ldd on /usr/lib/pam* inside the
> /etc/rc.d/sshd script, but the output is identical when it starts up
> on boot as when I restart it. No missing libraries/etc.
Problem solved! In going from 32-bit to 64-bit, my login.conf really
needed to change. I had a default memo
Hello Huy:
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:owner-freebsd-
> [EMAIL PROTECTED] On Behalf Of Schiz0
> Sent: Tuesday, July 10, 2007 7:13 PM
> To: Huy Ton That
> Cc: [EMAIL PROTECTED]
> Subject: Re: sshd config config file question
>
> On 7/
On 7/10/07, Huy Ton That <[EMAIL PROTECTED]> wrote:
The daemon is up and has been up for a long time. In fact, when I made these
changes to sshd_config, for instance as a test maxauthtries to 3 I also
reloaded it during a ssh terminal session. After which I logged back in and
as a test, purposely
The daemon is up and has been up for a long time. In fact, when I made these
changes to sshd_config, for instance as a test maxauthtries to 3 I also
reloaded it during a ssh terminal session. After which I logged back in and
as a test, purposely errored the tries; it still defaulted to 6 despite t
On 7/10/07, Huy Ton That <[EMAIL PROTECTED]> wrote:
No, it was unhashed. Thanks for pointing it out though. But the strange
thing is when I run:
/etc/rc.d/sshd status
I get no message
No message for start, restart, reload etc. I am performing these commands as
root.
Any ideas?
(couple th
On Fri, May 11, 2007 at 10:59:19AM -0400, Lowell Gilbert wrote:
> Christopher Cowart <[EMAIL PROTECTED]> writes:
> > When I ssh into FreeBSD hosts without allocating a tty, sshd segfaults
> > after the process terminates. This problem occurs on both 6_1_REL and
> > 6_2_REL installations at all sort
Christopher Cowart <[EMAIL PROTECTED]> writes:
> When I ssh into FreeBSD hosts without allocating a tty, sshd segfaults
> after the process terminates. This problem occurs on both 6_1_REL and
> 6_2_REL installations at all sorts of patch levels.
>
> Examples:
>
> Client: `ssh -t server ls`
> Serve
On Mon, 26 Mar 2007, Don O'Neil wrote:
I just updated my openSSH to the latest and now when I login I get this:
login as: don
[EMAIL PROTECTED]'s password:
How do I ether set it to show the hostname instead of the IP or get rid of
the @ip altogether like the original openSSH ran?
I'm using th
On Sun, 04 Mar 2007 16:39:29 +
Tom Judge <[EMAIL PROTECTED]> wrote:
> Cédric Jonas wrote:
> > Hi all,
> >
> > I set up a some sshd servers which authenticates their users
> > through a LDAP DB. To realize this, I used PAM.
> > Everything ok until now.
> >
> > Then, via PAM (pam_filter) and
Cédric Jonas wrote:
Hi all,
I set up a some sshd servers which authenticates their users through a
LDAP DB. To realize this, I used PAM.
Everything ok until now.
Then, via PAM (pam_filter) and the host attribute in the LDAP DB, I only
allowed logon on specifical hosts for some users.
After t
Oliver Koch wrote:
Hi,
Noah schrieb:
its commented out
# grep ssh /etc/inetd.conf
#sshstream tcp nowait root/usr/sbin/sshd sshd -i -4
#sshstream tcp6nowait root/usr/sbin/sshd sshd -i -6
could you please post your sshd_config? Perhabs t
Hello,
Without knowing more, could sshd be listening to more than one interface
in your machine? If so, try setting 'ListenAddress
your.ip.adress.here' in /etc/ssh/sshd_config.
Greetings
/Roger
Noah skrev:
Hi there,
any clues why sshd is attempting to start twice?
sshd[836]: error: Bind
Yup, my bad typo.
-Derek
At 01:56 PM 2/26/2007, Giorgos Keramidas wrote:
On 2007-02-26 13:06, Derek Ragona <[EMAIL PROTECTED]> wrote:
> The errors you are getting is indicative that sshd is already running.
> Try doing:
>
> ps -ax|grep named
You mean "grep sshd" right? :)
A slightly
Hi,
Noah schrieb:
> its commented out
>
> # grep ssh /etc/inetd.conf
> #sshstream tcp nowait root/usr/sbin/sshd sshd -i -4
> #sshstream tcp6nowait root/usr/sbin/sshd sshd -i -6
could you please post your sshd_config? Perhabs there's something wrong.
Peter A. Giessel wrote:
On 2007/02/26 10:07, Giorgos Keramidas seems to have typed:
On 2007-02-26 10:30, Noah <[EMAIL PROTECTED]> wrote:
sshd_enable="YES"
sshd_program="/usr/local/sbin/sshd"
[snip]
inetd_enable="YES"
[snip]
I see you have switched the `rc.c
On 2007-02-26 13:06, Derek Ragona <[EMAIL PROTECTED]> wrote:
> The errors you are getting is indicative that sshd is already running.
> Try doing:
>
> ps -ax|grep named
You mean "grep sshd" right? :)
A slightly more complex command, which gives nicer output is:
$ ps xau -p $(echo $(pgrep 'ss
On 2007-02-26 10:28, "Peter A. Giessel" <[EMAIL PROTECTED]> wrote:
> On 2007/02/26 10:07, Giorgos Keramidas seems to have typed:
> > On 2007-02-26 10:30, Noah <[EMAIL PROTECTED]> wrote:
> >> sshd_enable="YES"
> >> sshd_program="/usr/local/sbin/sshd"
>
> [snip]
>
> >> inetd_enable="YES"
>
> [snip
1 - 100 of 293 matches
Mail list logo