If you have ever seen a system where terminal in the GUI closes instantly and/or you cannot SSH to the server/machine.
mount -t devtmpfs none /dev
mount -t devpts none /dev/pts........
Step 1.) Upgrade to Debian 11 first
The process to go to Debian 12 is not as smooth as 11, when trying to upgrade from Debian 10. In fact, it doesn't work directly, so you'll first need to follow this guide to update to Debian 11, reboot and come back here if successful.
Step 2.) Update sources.list
Update your /etc/apt/sources.list like this:
deb http://........
This should work for most console ports of other manufacturers too. It is a quick and simple method for emegencies or deploying a few appliances/devices in a non-standard environment or small environment.
However, if this is a route thing, or the equipment is not physically close to you, it would be best to use some sort of "Terminal" server which is an IP connected switch with several serial ports built-in for this purpose. Normally they accessible by web/........
So you started a process or other important task that is remote but it is in the foreground and on a pts. This means if you background with Ctrl + Z or otherwise logout or get disconnected that the process will be stopped.
Here is how you can solve the problem:
1.) Hit Ctrl + Z to suspend the process.
2.) Type bg to restore the process into the background. If you do a ps aux on the process you will see it was restored with the & at the end, which puts........
By default if you create a private key for SSH, it will create something like .ssh/id_rsa
Linux will always search for and offer this key when connecting to servers.
If you put extra keys in your .ssh directory like id_rsa_realtechtalk.com, they will be ignored by default and NOT used or offered (you can verify this with ssh -v) and see it is not being offered.
Here is how you add the extra SSH keys so they are all offered:
#this gives........
If you get this error when trying to SSHto a device or machine and you never even got a password prompt:
Too many authentication failures
This means that either the remote side is configured for key auth only, OR your client side may be attempting to auth using mulitple keys, and that exceeds the amount of attempted authorizations on the remote ssh server.
If the issue is trying to auth too many times which ssh defaults to sending the keys to, you ca........
Just click on the Start Menu and go to "Startup Applications"
Then click on the "Add"Button
Now enter the command we need to open the folder/directory automatically using the filemanager
For remote SSH host (you need pub key auth for it to open without a pa........
The key is that you need to know the passphrase to do it, if you don't know the password for the key then you can't remove the key since it cannot be decrypted.
ssh-keygen is the easiest method and openssl can be used to manually remove the key and output it to a new file, which you can then copy back over top of the encrypted file.
After that your public key authentication will work without any password prompt because it is no longer encrypted. Make sure you understand........
A lot of newer installs will automatically prohibit the root user from logging in directly, for security reasons or they will only allow key based access.
If you know what you are doing/don't care about security or have an incredibly secure password for testing, then you can enable it.
Edit this file: /etc/ssh/sshd_config
Find the following line: PermitRootLogin
Set it like this:
PermitRootLogin yes
Now rest........
1. Let's work from an environment where we can install Ansible on.
If you are using an older version of Linux based on Mint 18 or Ubuntu 16, you may want to get the PPA and get the latest version of Ansible that way:
sudo apt install gpg
sudo add-apt-repository ppa:ansible/ansible
sudo apt update........
A lot of older devices either support telnet or very old SSH keyx algorithms which are insecure and disabled by all newer/modern SSH clients for security reasons. However, sometimes you may be on a LAN via VPNor some other secured network or for whatever reason, absolutely, need to connect to this device and sometimes old/embedded devices may not be possible to update to a newer SSH server.
If you run into this you may be using a modern/newer SSH client and get thi........
If you want to start fresh a lot of people falsely assume that an apt remove and then reinstall or apt --reinstall install package will start you off fresh. To be sure and remove all associated config files do the below with the example of ssh server (don't remove it though if you actually use it!)
The key below is using the --purge flag or apt-get purge proftpd (eg sudo apt --purge remove packagename)
apt purge proftpd; apt install proftpd........
A very common use case is that you don't want to waste time using a video editor that requires you to open it up and manually import the video clip and audio clip, then manually delete the old audio track and import the video and new audio. That's too much work and time since we don't want to go through the hassle.
ffmpeg is our solution, all we have to do is specify 3 variables and we're done!
-i Windows2019-Server-Noaudio.mp4 is our in........
The scenario here is that you have some sort of remote headless Linux server but would like to run some programs on them and get graphical access to them. The problem is that the remote server may be an image or VMwithout any virtual GPU and even if so, it is likely without KDE or Gnome, so there's no real way to do this, unless you follow our guide.
Install xvfb
apt install xvfb
Reading package lists... D........
If you are getting this error it is usually caused by having more than 5 keys in your ".ssh" directory. It is a bit of a bug and this is how it manifests itself.
You will find at this point that you are not given any chance to enter a password, or if you are using key based auth that the same thing happens. You'll also find that this is happening with ALLservers you try connecting to.
The solution is to move away key pairs from .ssh so that there ar........
A big problem over ssh and especially sshfs is that your connection will often timeout and disconnect after inactivity.
To fix this you can modify the server but it may not be practical or you may not have access. Why not send keep alives fom your end (client side)?
Just edit /etc/ssh/ssh_config (not to be confused with sshd_config as that is the server side):
Find the line that says "Host *" and change it like this:........
The problem is that by default ssh-keygen loves to generate an easy to crack 2048 bit key (RSA). Supposedly having a larger keysize helps such as 4096 or 8096 but it is thought to be useless still against Quantum computing.
How can I check my existing keysize and type?
ssh-keygen -lf /path/to/your/id_rsa.pub
The output will be something like below followed by the hash. The first number is the key size and the second part will b........
This is not about using ssh as a proxy, but rather, using a proxy when you are SSHing to another host and using ProxyCommand (where we normally use nc as our proxy tool).
In newer versions of nc the syntax has changed to the following:
ssh -o ProxyCommand="nc -x 127.0.0.1:1234" %h %p user@host
The format must be like above in newer nc versions.
Just be sure to change the 1234 to the port of your SOC........
There are many ways but a favorite way is to boot any Linux LiveCD and to use the syslinux package like so:
Just change the "sdx" to your sd for example /dev/sda or whatever the drive is that is supposed to boot Windows.
sudo dd if=/usr/lib/syslinux/mbr/mbr.bin of=/dev/sdx
0+1 records in
0+1 records out
440 bytes copied, 0.0197808 s, 22.2 kB/s........
service sshd status
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: failed (Result: start-limit-hit) since Wed 2019-10-02 11:07:54 EDT; 36s ago
Process: 476 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=255)
Oct 02 11:07:54 box systemd[1]: Failed to start OpenBSD Secure Shell server.
Oct 02 11:07:54 box sys........
SSH helps keep us secure in many ways, one of those is the host-key fingerprint which is unique. If you have been connecting to an SSH server that you've made no changes to and suddenly ssh warns that the key doesn't match then you have a problem.
But how about connecting to an existing server for the first time on a new machine or client?
A lot of new clients calculate it using an SHA256 hash but it is not as easy on your host machine to produce the sam........
ssh-keygen -p -f /path/to/your/id_rsa
Enter new passphrase (empty for no passphrase):
After that your rsa private key will be encrypted which is a layer of protection and security in the event that somehow someone acquires your key and tries to access servers that the key is authorized on.........
If you get error messages like this it is usually because /var/run/sshd does not exist.
root@userbox:/# service sshd status
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enab
Active: failed (Result: start-limit-hit) since Wed 2019-04-10 02:24:44 EDT; 1
Process: 511 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=255)........
Are you tired of coming back to your computer only to find your SSH connections have been broken? Even worse are the ones that hang where it appears to be connected but it is really not.
The one option you have is an SSHclient side modification to send KeepAlive packets, sometimes this can also keep up your WiFi connection and stop it from disconnecting you as well.
To make the keep alive changes for your just yourself (not system wide)........
Install Issues:
How to Make CUCM iso /modify to work on non-VMWare machines like QEMU/Xen/OpenStack
If you get kernel panic errors in VBOX usually disabling Nested Paging will fix the issue (thanks to Mark).
ks_pre.sh error is caused by having the wrong VDX pattern (change it do sd per guide link above) and/or the wrong VMSpecs (Cisco req........
#!/bin/bash
sshcommand="ssh -N -R 20000:localhost:22 user@8.8.8.8"
result=`ps aux|grep $sshcommand"|grep -v grep`
if [ -z "$result" ]; then
echo "we are going to connect"
$sshcommand
else
echo "we are already connected"
fi
This is a handy script you can use and then add it to cron.
Save........
If you have an SSHproxy that you need to run automatically from cron you will need it in the background to work.
ssh -N -D 22000 user@domain.com
Basically the -N let's it continue running in the background.........
So say you are behind a typical NAT/LAN setup whether at home, work or while travelling. What if you have a computer or server that you need to connect to from the outside?
Yes you could use a VPN but a quick and dirty, temporary and secure way is to use SSH's Reverse Tunneling Proxy feature.
Requirements
On the remote ssh server host you need the GatewayPorts option enabled in sshd_config (be........
In most of the Cisco router IOS I find the ports like ge0/0 ge0/1 and ge0/2 or whatever your ports are down. They will not even give you a link light. So one of the first tasks should be getting the port you are working with up.
In my case the first goal is often connectivity with the LAN and WAN.
LAN = your local area network (eg. in the office/home )
WAN= your ISP/public internet (eg. fiber/cable/dsl/ethernet).........
What you need to do if you have taken a dd or real raw image dump of a hard disk:
VBoxManage convertdd windows2019-eval-template.img windows2019.vdi --format VDI
The .img is the raw dd dump and the .vdi is the output file.
--format VDIspecifies to output to .vdi format
If you are in a pinch you can always use qemu-kvm binary and manually specify the .img as your disk and i........
debug1: Local connections to LOCALHOST:18006 forwarded to remote address 192.168.1.93:8006
debug1: Local forwarding listening on 127.0.0.1 port 18006.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on ::1 port 18006.
bind: Cannot assign requested address
What we are seeing is that we can't listen on an IPV6 address of ::1. We need to tell SSH to stop using IPV6 so we'll edit ssh_config to take care of this issue........
Jan 30 17:16:10 localhost sshd[25385]: error: Failed to allocate internet-domain X11 display socket.
The solution for me on the server side was the following in sshd_config:
AddressFamily inet
*Remember to restart sshd and also reconnect from the client side.
Ihad all the normal X11 settings on the server but it just stopped........
Whether you are at work, at the coffee shop or on the public internet here are some basic but effective rules for iptables that lock things down (eg. no one can SMB or SSH to you or really anything):
# Generated by iptables-save v1.4.21 on Fri Dec 14 14:00:08 2018
*nat
:PREROUTING ACCEPT [160:19844]
:INPUT ACCEPT [4:357]
:OUTPUT ACCEPT [2955:182236]
:POSTROUTING ACCEPT [2955:182236]
COMMIT
# Completed on Fri Dec 14........
In Debian a lot of times SSH disables the root user to login by password by default. This means you will get an authentication failure as if you typed in the wrong password.
The logs also indicate the password is wrong but what is often the case is in the config file
Check /etc/ssh/sshd_config
cat /etc/ssh/sshd_config|grep -i permitrootlogin
Make sure it says:
PermitRootLogin yes
If not change it and restart SSH........
systemd is like the service manager for your Centos and other modern Linux distributions (including Debian/Mint/Ubuntu) allows you to enable services, stop them, restart them, check their status and even reboot your system.
The key commands or arguments you will use with systemctl are the following:
Unit Commands:
list-units [PATTERN...] List loaded units
&nbs........
A quick check in /dev/pts shows a lot of entries but what are they for?:
ls /dev/pts
0 10 12 14 16 18 2 21 23 25 27 29 30 32 4 6 8 ptmx
1 11 13 15 17 19 20 22 24 26 28 3 31 33 5 7 9
Basically they are pseudo-termi........
zenity is a nice utility as part of the gnome window manager that allows you to script from bash and retrieve the input from the user. It could also be helpful in just notifying a user when they login with a popup window.
I'll give an overview of what's available with zenity:
Application Options:
--calendar Display calendar dialog
--entry Display tex........
[root@localhost:~]
BootModuleConfig.sh echo host-ind nfcd........
You can search for this bug and it seems like it may be related to ecryptfs and is many years old.
The symptoms are that you return to the computer and the screensaver was active or the screen was asleep/black and it doesn't seem to come back. But you check by SSH the computer is running fine and are frustrated you'll lose your running programs and have to reboot.
There is a simple solution:
Ctrl + Alt + F1
Ctrl +Alt + F8
Ba........
I had this error in an unsupported CPUon VMWare 6.7 and apparently this sometimes works especially on older VMWare versions like 6.5 5.5 etc (but in my case it did not).
To make sure it proceed when you see "Loading VMWare"
Hit "Shift+O"
Then add "ignoreHeadless=TRUE"
See an example below:........
#mount the VCSA DVD
mount /dev/sr0 /mnt/cd
#alternatively you could mount the iso directly
mount -o loop vcsa.iso /your/mount/path
#for this purpose we are using the CLI installer on Linux
cd /mnt/cd/vcsa-cli-installer/lin64
#no it's not going to be that easy you can't just run vcsa-deploy like that you need to use a template or configured .json file
./vcsa-deploy
Usage: vcsa-deploy [-h] [--version] [--supported-deploymen........
This is most likely to happen on a normal GUI system like Ubuntu or Linux Mint. If you or the user is meant to have sudo / root privileges it is as simple as editing the following files:
Now assume your username is "iamtheuser"
vi /etc/group
adm:x:4:syslog,iamtheuser
sudo:x:27:anotheruser,iamtheuser
Find the above lines and add a comma and "ia........
sign_and_send_pubkey: signing failed: agent refused operation
This happens when you don't manually add your ssh key with ssh-add it is some weird new feature in SSH or Ubuntu/Debian that causes this weird problem.
Solution:
ssh-add
Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)........
One simple way to keep your server public but almost impossible to hack via SSHis to disable password authentication over SSH. This means the only way in is via your own private key that only you should have.
Edit your /etc/ssh/sshd.conf file
Set this option
PasswordAuthentication no
Restart your SSH server.
service sshd restart
........
The easiest way is to use SSHand DD or a combination of netcat. SSHwill be a little slower due to encryption but is the most secure way (on two older systems the average clone speed is about 40-50MB/s). This is also OS independent as it doesn't matter what the source OS is because you are literallly cloning the drive so you retain the partition table and settings.
Clone HDD using SSH and DD........
ssh rtt@192.168.1.199
Unable to negotiate with 192.168.1.99 port 22: no matching host key type found. Their offer: ssh-dss
It looks like the DSS option is not considered secure so when connecting from newer Linux systems to an older one you will get the above error.
It can be fixed (but you should consider upgrading your SSH daemon):
ssh -oHostKeyAlgorithms=+ssh-dss rtt@192.168.1.199........
First of all I got this error after accidentally messing up my usergroup by using usermod -G user group
When I would login using SSHkeys it would fail:
sshd[2020]: Authentication refused: bad ownership or modes for directory /home/one
No worries, the fix is simple!
chmod g-w /home/use........
This happens if you are running a kdenlive script from the shell of a remote machine without using SSH "-X" forwarding and it will also cause any areas where you write text to be a white screen for that duration.
melt FusionFestival.kdenlive
No LADSPA plugins were found!
Check your LADSPA_PATH environment variable.
[producer_xml] failed to load transition "qtblend"
[producer_xml] failed to load transition &q........
Just a note before you do this you should have a sure, guaranteed way into the system such as local, KVMor preferably publickey making bruteforce SSH absolutely impossible since there is no password to bruteforce and even if someone knew the password they wouldn't be able to login except from the local console (presumably you should make sure no one unauthorized has physical access).
1. Edit /etc/ssh/sshd_config
Find the section like this:........
It is not obvious but the rsync --help
rsync --help|grep port
--port=PORT specify double-colon alternate port number
--port does not do anything at all actually for some strange reason it still uses 22
You have to specify a manual ssh command to make it work:
-e 'ssh -........
[1035724.274610] [drm:intel_pipe_update_end [i915_bpo]] *ERROR* Atomic update failure on pipe A (start=62076478 end=62076479) time 102 us, min 894, max 899, scanline start 893, end 900
W: Possible missing firmware /lib/firmware/i915/kbl_dmc_ver1.bin for module i915_bpo
I've been getting those errors on a J3455 NUC box with the latest kernel on Linux Mint 18.2. When updating the initramfs I also got the error about the firmware........
This is a common issue, what if a issue shouldn't have root but you want to use that user to make a full backup of a system? They of course need root access.
You can actually just give them passwordless sudo access to rsync in /etc/sudoers:
sudo vi /etc/sudoers
yourusername ALL = NOPASSWD: /usr/bin/rsync
Here is how you would execute rsync:
The key thing for the remote host is to........
You can actually just pass multiple "-L" statements to achieve this.
An example is as below:
ssl -L 80:192.168.10.5:80 -L443:192.168.10.5:443 -L2068:192.168.10.5:2068 -L 8192:192.168.10.5:8192 user@remotehost.com
The above essentially is saying forward ports 80,443,2068,8192 to the remote IPof 192.168.10.5 (even though it is behind NAT). Essentially SSH will do the NAT part even if the........
This error is commonly due to Java security or TLS settings but there is a second issue with forwarded ports that also causes it.
1. Java Security/TLS Settings issue:
This article has the solution to change them all in Linux automatically
2. Port Forwarding Issue if your Avocent DSR is behind NAT/private IP........
This can be a case of bad permissions or modes as the error says. Normally one would assume permissions but often a script may change ownership of /root to something else.
This was the case half the time I've encountered this.
So in short make sure ownership is correct
chown -R root.root /root........
It all comes down to a bug essentially where you are running an older kernel that doesn't support the newer Debian templates. The solution is to update your OpenVZ kernel.
Here are some symptoms of the problem/lack of kernel support:
Ubuntu Template 12.04 requires a manual network start:
service networking start
sshd will not start:
/usr/sbin/sshd
PRNG is not seeded
mknod /dev/random c 1 8........
cp -a /your/source/. /your/dest/
-a preserves all file atributes and symlinks
the "." at the end of /source/ includes all hidden files such as .htacess, .bash_history, .ssh etc..
The / in /dest/ makes sure the contents go into it instead of replacing /dest itself (eg. if you did not have the / at the end).........
Debian/Ubuntu vi keyboard problem, up and down arrows do not work and instead make an A (Up), B (Down), C (Right) or D(Left).
The working solution
(you could also add the set nocompatible to /etc/vim/vimrc to make it system wide-will not be applied until reboot I believe):
echo "set nocompatible" > ~/.vimr........
This is useful in the case you are not properly logged in via an OpenVZ session or even a normal SSH session that you fear may go down(if the connection is broken the history is not saved).
Save your bash_history like this:
history -w ~/.bash_history
You can always change the above to another file eg /tm........
In my case I could login with the initial install but I rsync'd everything over while preserving ownership and permissions to another RAID partition and booted from that.was fine before. The problem is that you are kicked out the second you login and the problem was SELINUX for some reason (perhaps it noticed something strange when it was moved to the new partition)
login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
login: ROOT LOG........
sudo apt-get install zoneminder
[sudo] password for one:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libuser-perl python-evince kdebase-apps kwrite unixodbc
libgnomeprint2.2-data python-soappy vgabios python-metacity hddtemp
python-mediaprof........
Use netstat with the -anpe option. The e option shows the inodes and I do not know if it will always work or if it was by fluke but I was dealing with dozens of SSHsessions and needed to know which session was related to which forward (the PIDs of the SSHand SSHD did not match etc...)
Notice the "59560675" and "59560762" those are almost identical, if you find two sets that are nearly identical except for the last 3 digits they may match (in my ca........
You need the "openssh-clients" package which contains sftp and scp.
yum -y install openssh-clients........
CPanel says you can access 98% of the functions through CLI which experienced Unix/Linux admins prefer for simplicity and for scripting. I've never found CPanel easy to use from the admin panel, it seems everything is hard to find and a simple task becomes a series of hunts.
So for people like me here's the list: http://cpanel.net/system-administrators/command-line-scrip........
I've only ever seen this in Ubuntu for some reason and it is because of the /etc/nsswitch.conf settings.
So the issue is that if the hostname's reverse DNS cannot be found that you need to go back to DNS which was not the default in this nsswitch.conf file for some strange reason.
Edit /etc/nsswitch.conf and replace your "hosts" line with this:
#hosts: files dns mdns4_minimal [NOTFOUND=return] mdns........
Error: Package: php-Monolog-dynamo-1.7.0-1.el6.noarch (epel)
Requires: php-aws-sdk
Error: php-pecl-zendopcache conflicts with 1:php-eaccelerator-0.9.6.1-1.el6.x86_64
Error: php-xcache conflicts with php-pecl-apc-3.1.9-2.el6.x86_64
Error: php-pecl-zendopcache conflicts with php-pecl-apc-3.1.9-2.el6.x86_64
Error: Package: php-horde-Horde-Vfs-2.1.2-2.el6.noarch (epel)
&n........
I was worried the server was hacked, I was logged in already as root but couldn't login to CPanel or a new SSHsession. I even reset the password from the shell and it did not work still.
The reason is CPanel Hulk, it detected a brute-force attack so it locked down the root account entirely even from the correct password. According to cPanel the best way around this is to whitelist your IP.........
ssh -L 5905:localhost:5900 root@yourserver.com
The "-L" means to create a port forward to a port on your server.
The 5905 means the port on your computer that will be used to access the port 5900 on the remote server.
localhost is the IP that you use to access the port forward (you can change it to 0.0.0.0 which will be all IPs on your system/computer but localhost is good for security and privacy unless a whole network of people need access).........
Idon't know why but some installations don't have this in the database by default.
To fix it to an:
sudo apt-get update;sudo apt-get install openssh-server
and then it will work........
Install rsync4randroid and in the shell/ssh do this:
ln -s /data/data/eu.kowalczuk.rsync4android/files/rsync /system/xbin/rsync........
pxe-32 tftp open timeout
The solution was to enable tftp in xinetd with "chkconfig tftp on".
See the troubleshooting below:
chkconfig --list
NetworkManager 0:off 1:off 2:off 3:off 4:off 5:off 6:off
acpid 0:off&n........
for ip in `cat fixlist.txt`; do
sudo -u apache ssh root@$ip "`cat iptablesrules.sh`"
done
In the above example we are going to execute the commands within the local file "iptablesrules.sh" on all the machines in "fixlist.txt". This is a great way of performing server maintenance in a clustered or cloud environment.........
This is important if you need public access to internal IPs such as at your office and don't want to use a VPN just to SSHinto different servers:
Below forwards the port "10001" to the IP192.200.5.53 on port 22 (of course adjust it to your needs).
iptables -t nat -A PREROUTING -p tcp --dport 10001 -j DNAT --to-destination 192.200.5.53:22
Remember to enable MASQUERADE on your NAT IPs or they won't be able to talk to the outside world (........
I installed Ubuntu 11.04 for testing purposes but I couldn't even download SSH server:
sudo sed -i -e 's/us.archive.ubuntu.com/old-releases.ubuntu.com/g' /etc/apt/sources.list
After running the above make sure you do a "apt-get update"
Note with the above that Ihave the search string of "us.archive.ubuntu.com" change it to whatever is in your sources.list
The above does not fix all repositories either, I haven't had a chance t........
Client Log
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.1.253 [192.168.1.253] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_d........
Here is a quick script that works on most Centos versions to disable the virus/SELinux from blocking basic functionality.
The first echo 0 statement disables SELinux instantly but it will still be enabled on reboot.
The second line disables it permanently.
#!/bin/bash
#disable SELinux Immediately
echo 0 > /selinux/enforce
#disable SELinux Permanently
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config........
A lot of people become nervous (and understandably so) when checking their auth or security logs, in Centos /var/log/secure and see dozens, hundreds of even thousands of attempted logins to various services, especially SSH.
Of course you could manually block these people/IPs but no one has time to read the logs like that, what if some program or script could do it for you?
This is what denyhosts does for you, it checks the logs and based on a certain number of failed SSH attem........
I searched for days after getting my Galaxy Note and couldn't find a way to do this (at least not without buying programs for either Android/Windows). All I read was ways to sync and import the contacts to GMail but I don't want to use GMail for privacy reasons. GMail/Google steal all of your personal information and use it for whatever purposes they want to and may sell or release it to who knows where (I don't care what their policy says but this stuff happens), just like the default........
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-9etch3
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: An invalid name was supplied
A parameter was malformed
Validation error
Solution, disable auth from the ssh client (this is a client side error)........
I used the suggested script to bridge from OpenVPN and it took my client's server off-line! Don't ever use their "sample" scripts if you don't have another way of accessing the server than SSH.
I actually found it easier to use iptables to tell it to route IPs based on a certain subnet to route through eth0:
iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o eth0 -j MASQUERADE
Replace "192.168.200.0/24" with your subnet of cour........
*Make sure that the ownership is 501.501 or mobile.mobile when copying back (especially if using ssh or sftp as root on the iPhone) otherwise things will break. Eg. the contacts will be blank even after trying to update due to incorrect ownership/permissions.
iPhone Notes Location/Restore:
/private/var/mobile/Library/AddressBook
AddressBookImages.sqlitedb AddressBook.sqlitedb
Once you restore the contacts and restar........
Some minimal installs of Centos may be missing the scp command, which is actually part of the "openssh-clients" package.
scp not found
yum install openssh-clients........
I had a system running a 128MB live CD image with 2.8 gigs of available RAM and the OOM kernel killer went crazy when using dd for more than 8 minutes and kept killing everything. I've read that this is due to a low-memory issue and paging in the kernel and 32-bit systems with lots of RAM.
I even enabled swapspace on my LiveCD and the issue happened 25 minutes into dd rather than 8 minutes, so what gives?
Also no swap space was ever used!
cat /proc/s........
I found this technique listed in many places which shows you how to use a common Linux tool "dd" to dump the raw partition of your iPhone.
I give credit to this site for showing me the correct way to dd from the iPhone, I never thought to try it in the other direction:http://log.ijulien.com/post/182804914/iphone-3gs-data-recovery
Requirements
1.) Jailbreak your........
ls
ls: error while loading shared libraries: libtermcap.so.2: cannot open shared object file: No such file or directory
This is not an ldd problem or case of anything missing, this only happened after I upradedUbuntu.
declare -x PATH="/home/user/bin:/usr/local/bin:/usr/bin:/bin:/usr/games"
"/home/user/bin" is the problem! It's weird because I have no idea how it happened.........
I keep getting messages like this shortly after using the proxy (it works for a few seconds/page loads and then stops):
channel 12: open failed: administratively prohibited: open failed
I'm not sure what the issue is unless there's some kind of hardware firewall on the other end. I've used this exact configuration on multiple servers with no issue and even disabled iptables etc..........
umount: /home/diret/mount: device is busy.
(In some cases useful info about processes that use
the device is found by lsof(8) or fuser(1))
I tried everything (fusermount -u) to unmount it but the only thing that worked was actually doing this:
ps aux|grep sshfs
Then I identified the sshfs connection and did:
kill -kill pid........
sshd[9217]: Authentication refused: bad ownership or modes for file /root/.ssh/authorized_keys
I made sure the entire .ssh subdir is owned by the user root (this is root's account);
chown -R root.root .ssh
chmod 600 .ssh/authorized_keys
but it still doesn't work and gives me the same message
sshd[7339]: Authentication refused: bad ownership or modes for directory /root
chmod 700 /root........
The normal solution doesn't help or apply here:
ssh -v user@192.168.5.41
OpenSSH_4.3p2 Debian-9etch3, OpenSSL 0.9.8c 05 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.5.41 [192.168.5.41] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: i........
Install the "Editors" and "Net" groups that will give you rsync, ssh, ssh-keygen and cron.
The trickiest thing that I keep forgetting about each time is you have to run "cron-config" which adds the cron service to Windows, and without doing that obviously no cron jobs will be run thus making automatic backups impossible.
Warning about rsync/cygwin and using the -a archive switch.
It's a good thing I caught this because it doesn't work ri........
yum exits in the middle
The problem is this VPS seems to be an OpenVZ template from HyperVM. The only way to make it work was to disable i386 packages since this was an x64 kernel. That shouldn't be necessary but it was the only way to make yum stop quitting after the first package or two. I couldn't find any issue by checking the logs either.
echo y|yum install vim-minimal telnet expect jwhois net-tools slocate iptables elinks gawk
L........
I keep getting this in my SSH/Bash console:
NotifyByPopup::slotDBusNotificationClosed: 465 -> 0
 ........
I am a huge fan of Linux and the idea of OpenSource but I've said it many times, there are still hurdles in today in 2010 for Linux as a Desktop. Linux is still intended for servers at its very core. This can be changed succesfully though, as Apple has shown us with Mac OS X based on FreeBSD.
Half of the issue is lack of driver support and the other half is the Linux Kernel and Window Manages, KDE and GNome still both don't cut it (but they're getting closer).
I'll........
This was done on Centos butI think it's easier on Debian machines, the paths that it is set to use are tailored towards Debian, so there is some fiddling that needs to be done on Centos.
This is for chrooting ssh, but jailkit has other uses than just SSH jails but I won't cover them in this writeup.
1. Install jailkit
yum install jailkit
2. Setup Jail Home
mkdir /home/jail
chown root:root /home/ja........
The easiest way is if you have a secure way to connect and verify the hostkey of the remote host by using this guide.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOME........
Ihave no idea how to get the loopback device working in OpenVZ, but what's more frustrating is that I purchased a CPanel license for my VPS and clearly it is not "VPS Optimized". Although everything does seem to work at this point despite that error.
The suggestions here: http://forum.openvz.org/index.php?t=msg&goto=1339 don't seem to work at all. This is an OpenVZ issue, but also a CPanel isue, why on earth would loopback support be expected in a VPS a........
This is a very simple solution, but most guides out there make you login twice (once to scp the key) and once to put the key in authorized_keys. There's no need for that.
If you don't already have a ~/.ssh/id_rsa.pub just type "ssh-keygen -t rsa" and keep hitting enter until it's done :)
Just use this code to easily enable passwordless login with SSHD
key=`cat ~/.ssh/id_rsa.pub`;ssh user@192.168.5.25 "echo $key >> ~/.ssh/auth........
I decided on using yum to help me decide even though I normaly use proftpd I decided to see what else I could find.
yum search ftp
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* rpmforge: ftp-stud.fht-esslingen.de
* base: mirrors.netdna.com
* updates: updates.interworx.info
* addons: yum.singlehop.com
* extras: mirrors.netdna.com
rpmforge........
PHP cannot access /usr/bin/opensslI have verified the username that runs the process is able to access /usr/bin/openssl and it does exist but the PHP script is saying it doesn't exist:
[code:1:1fd0f3abbe]
if (!file_exists($OPENSSL)) {
//echo "ERROR: OPENSSL $OPENSSL not foundn";
}[/code:1:1fd0f3abbe]
I don't get itI can clearly see the contents of /usr/bin by using the PHP system fu........
SSH automatic login without passwordlocal> ssh-keygen -t rsa -f .ssh/id_rsa
-t is the encryption type
-f tells where to store the public/private key pairs. In this case, the .ssh directory on home is being used
A password will be asked; leave this part blank, just pressing
Now, go the .ssh directory, and you will find two new files: id_dsa and id_dsa.pub. The last one is the public part. Now, copy the public key to the serv........
Updated to Version 3.8 and can't loginSSHD accepts my password but then hangs at "Last login: Wed Sep 13 21:30:02 2006 from"
This occurred during a yum update after upgrading my release, installing the new kernel and rebooting.
I got kicked out of sshd after seeing the following during yum update:
telnet 100 % done 85/476
tux 100 % done 86/476
ntsysv 100 % done 87/476
rpmdb-redhat 94 % done 88/476........
Telus + 2Wire 2700 Router HorribleWell first of all let me say this is the only router/switch that sometimes seems to crash/disconnect computers on the local network.
This device also thought it would be smart to block VOIP packets coming from my Sipura ATA VOIP adapters so I disabled the [quote:cb89ba7bff]"Invalid TCP Flag Attacks (NULL/XMAS/Other)"[/quote:cb89ba7bff] option
Then all of a sudden I couldn't get onto any web pages, the wireless........
SSH Public Key Authentication (Login Without Passwords)I've gone over this before but just a quick note!
the "authorized_keys" file in ~/.ssh
must be chmodded to "600" or public key authentication won't work.
I guess it's kind of a security/failsafe feature that I've
seen on all Linux and Unix OS's........
Basic Port ListingHopefully someone finds this useful or at least interesting.
http://www.sans.org/top20/#u9
Name Port Protocol Description
Small services ........
Everyone says there is a "manual" way of doing it and then they tell you to use iTunes, but if you're like me, you're travelling on business in a foreign country and your laptop does not have iTunes and you don't have a way of getting it and/or don't want it.
For this example I'm using the provider "du" in Dubai, UAE (United Arab Emirates) but this method works for virtually all providers.
The requirements in this case to truly "manually update........
This is very disappointing since GlusterFS markets itself as a solution to deploy VPS servers on. On the HNitself I get a Unixbench of about 360.
I'm also using an SSH tunnel to secure the communications, but even before that, things seemed very slow.
# # # # # # # #####&n........
In those 4 simple commands you can setup mutual key exchange between two sshservers by using a single login shell session and single window.
*Just change the IP address examples of (10.10.0.2) to the target of your mutual key exchange. It doesn't matter if the server is on a LANor WAN(well unless the server is behind a firewall and you cannot SSHinto it).........
First of all, the iPhone is crippled in many ways, but most of my complaints about functionality have been addressed through the jailbreak, Ican run apps in the background of my choosing, I can install a terminal, acccess my phone through SSH and SCP and so much more.
It even addresses the 15 minute e-mail problem, I installed a program called "PushMod" and now set the checking time to just 1 minute.
Apple should really thank the developers for this gift, it ma........
Apple crippled the iPhone by not allowing multi-tasking of the non-primary apps. I use SSH a lot and I don't want to close my session just to check my e-mail, etc, now an app found in Cydia called "Backgrounder" allows just that.
Although it's not perfect, we installed the correct one for "3.x" iPhones and hit "Reload SpringBoard" and the hour/circle glass has just been going for minutes.
It seems like it installed fine even with the crash t........
Truly, the only way to unleash the capabilities and customization abilities of iPhone are to jailbreak, it's not just for hackers anymore.
A few days ago someone by the named of "geohot" released a single click application called "purplera1n", which does the entire operation smoothly and seamlessly.
In our case, the first time it went as far as "done, wait for reboot" on our Windows machine and for minutes we waited and saw the pic on the iPhone w........
Yes, Iadmit I finally got bitten by the hype as much as I can usually see through it all. Keep in mind this review is of the "stock" phone, no jailbreaking yet which is what really unleashes the customizability and whyI bought iPhone.
I had better things to say about this phone before buying it, and it is a great phone, perhaps the best on the market by far, if not because of the Mac OS port onto the iPhone and all the apps, etc, etc.
With that said........
Icouldn't understand why on one system it took a few minutes to get the SSHlogin prompt when connecting to other systems. The other systems all had the UseDNS parameter set to no, which almost always resolves the login prompt delay.
The reason is Ubuntu and perhaps Debian and other distributions /etc/nsswitch.conf file
Edit yours to have the "hosts" line like so (notice that files and dns are the primary resolution choice........
This is really something the SSHServer developers should consider. The cause of this annoyance is because of failed DNS lookups on your IPaddress, which is especially common for many dedicated/col-located servers and also computers on internal NAT/private networks.
The chances are this is the cause of your SSHSlow/Delayed Login problems.
The easy solution to SSH Login Problems
Edit /etc/ssh/sshd_config
Add this line to disable r........
User username from 127.0.0.1 not allowed because not listed in AllowUsers
What's going on? The user was created properly, it has been defined as having a shell entry and the entry for /etc/passwd and /etc/shadow is set just fine.
This is a new and very smart/secure feature of SSHD. It is simple and yet effective, but also very annoying if you didn't know about it being implemented and that hand editing of /etc/ssh/sshd_config is required to allow a newly add........