Search Results

Search found 9446 results on 378 pages for 'ssh keys'.

Page 259/378 | < Previous Page | 255 256 257 258 259 260 261 262 263 264 265 266 | Next Page >

What is a good solution for an adaptive iptables daemon?

- by Matt

I am running a series of web servers and already have a pretty good set of firewall rules set up, however I'm looking for something to monitor the traffic and add rules as needed. I have denyhosts monitoring for bad SSH logins, and that's great - but I'd love something I could apply to the whole machine that would help prevent bute force attacks against my web applications as well, and add rules to block IPs that display evidence of common attacks. I've seen APF, but it looks as though it hasn't been updated in several years. Is it still in use and would it be good for this? Also, what other solutions are out there that would manipulate iptables to behave in some adaptive fashion? I'm running Ubuntu Linux, if that helps.

Read the article
apache httpd cannot browse through browser

- by nuttynibbles

i've setup apache and php on a virtual machine. everything works fine in the virtual machine. im able to execute php files and run up phpmyadmin connecting to mysql. on my host machine, im able ping and ssh into the remote machines. however, im unable to browse the php files on the host browser using the ip address. in my httpd.conf, im listening to port 80. i enabled the ServerName 192.168.75.102:80 am i missing some settings? port settings maybe?

Read the article
CentOS 6 - iptables preventing web access via port 80

- by bsod99

I'm setting up a new web server with CentOS 6.2 and am not able to connect via the web. Everything looks set up correctly in httpd.conf and Apache is running, so I'm assuming it's an iptables issue. Is there anything in the following which could be causing the issue? # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited ACCEPT tcp -- anywhere anywhere tcp dpt:http Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)

Read the article
Why is rsync.exe [cwRsync] trying to open a port when in client mode?

- by hemancuso

I'm trying to use a cygwin compiled version of rsync [the cwrsync package] on Windows and in seemingly whatever configuration I test in there is a request to the user presented by Windows Firewall to allow inbound traffic. If you deny this request, everything works fine - as expected. I'm doing a vanilla push rsync.exe localpath user@remotepath:/absolutepath and it works just fine. I've also attempted this command having deleted ssh from the path and using rsync on local paths - still a firewall prompt. Why is this listen() happening and is there a way I can force the client to not attempt to listen without recompiling and maintaing a patch?

Read the article
Looking for new hosting company

- by Charles Chadwick

I am currently looking for a new hosting company for my business. We are a design and development company and have been recommending WestHost to our clients for the last several years. However due to some changes they have implemented in the last year, we have decided to start referring people elsewhere. Most of our clients need affordable Linux hosting with the basics. SSH is also a definite must and 24/7 support (preferably phone, as well as email/ticket system) that won't cost extra. An easy to use and understand control panel would be nice as well. I have heard good things about HostGator, and am wondering if anyone has experience with them. The prices seem right and they have everything we need. We are also thinking of purchasing a dedicated server with them for a specific project that's going to require one. I don't know if I am asking this in the right place, if this is not welcome here please let me know.

Read the article
file copy error from system to cifs mount

- by dwpriest

When coping a file greater than 64kB from an Ubuntu server to a CIFS mounted windows share, most of the data is copied, but it seems the last chunk doesn't get copied. The size doesn't match, and the md5 check sums don't match. I have plenty of file space, but then I use cp, I get the following... cp: closing `cloudBackup/asdf.txt': No space left on device Using rsync, I get the following... rsync: close failed on "/home/fluffy/cloudBackup/.asdf.txt.qrBWe6": No space left on device (28) rsync error: error in file IO (code 11) at receiver.c(752) [receiver=3.0.8] rsync: connection unexpectedly closed (29 bytes received so far) [sender] rsync error: error in rsync protocol data stream (code 12) at io.c(601) [sender=3.0.8] I have full read/write permissions on the mounted share. I can copy via SSH just fine. Any ideas? Thank you

Read the article
Kindle for PC - page loading problems

- by Andrew Heath

When viewing books in Kindle for PC, often going to the next page will change the line count at the bottom of the screen but not refresh the page view. Then, if you hit next again, you end up on the next next page (+2 rather than +1). This happens to me going backwards as well. Using arrow keys, or mouse clicks, or page down/up all creates this error. There doesn't seem to be any pattern to the occurrence other than "frequently". It happens on my Win7 64 bit and Win XP machines. I've only one Kindle book at the moment, PHP Object-Oriented Solutions by David Powers, so I suppose it could be a problem specific to that book. Does anyone else have this issue? It is extremely irritating to be constantly flipping back and forth just to get the page view to show the proper page.

Read the article
Unable to access a registry key

- by gix

I wondered why some file associations were broken and stumnled upon a nasty problem: I cannot access the key HKEY_CURRENT_USER\Software\Classes. As you can see above, I cannot view its current permissions, nor its owner (which should by SYSTEM). And no matter what I tried I'm unable to fix it. Trying to change the owner gives me a permission denied (also when trying from the Administrator account). RegDacl, which seemed to help another user, also aborts with a permission denied error. Any suggestions how to repair this? If I cannot repair this I guess I have to dump that user account and create a new one. Are there any "diff-like" tools out there to help copy over registry keys?

Read the article
apache url / filename with special characters

- by Mario Delgado

I have this url: http://domain.com/wp-content/uploads/2012/10/Hvilke-vilkår-følger-med-når-du-bestiller-nyt-bredbånd.png If I ftp/ssh or just browse to that folder (apache index feature), I see the file Hvilke-vilkår-følger-med-når-du-bestiller-nyt-bredbånd.png If I click on the link from the apache index, I can see the file, however, if I copy the URL and try to browse to it directly, I get the error: The requested URL /wp-content/uploads/2012/10/Hvilke-vilkÃ¥r-fÃ¸lger-med-nÃ¥r-du-bestiller-nyt-bredbÃ¥nd.png was not found on this server. Also my error log says: File does not exist: /wp-content/uploads/2012/10/Hvilke-vilk\xc3\xa5r-f\xc3\xb8lger-med-n\xc3\xa5r-du-bestiller-nyt-bredb\xc3\xa5nd.png

Read the article
Using Credentials with network scanners

- by grossmae

I'm testing out both Tenable's Nessus scanner as well as eEye's Retina for scanning network devices. I am trying to supply credentials to get deeper, more accurate results, however there seems to be no difference in the results whether I supply the credentials or not. I've read the documentation and it seems like I've tried all the logical settings in the Credential options. I've submit along with usernames and passwords for many different accounts and types of accounts (both SSH Credentials and Web Application Credentials) on the devices as well as their respective domain names (when applicable). Is there possibly a good test for either (or both) scanners to tell where these credentials are being provided (if at all) and if any of them are successfully getting authentication?

Read the article
scp -q isn't quiet between different hosts

- by pythonic metaphor

So scp -q file host:file and scp -q host:file file are both quiet, i.e. don't give the progress meter. But when I run scp -q host1:file host2:file, I still get the progress meter as well as a Connection to host1 closed. message. The progress meter can be gotten rid of by redirected stdout to /dev/null (although I'd rather not have to), but the connection closed messages comes on stderr, which I definitely want to keep in case there's a real error. How can I make scp quiet? Do I have to run ssh host1 "scp -q file host2:file"?

Read the article
Understanding connection tracking in iptables

- by Matt

I'm after some clarification of the state/connection tracking in iptables. What is the difference between these rules? iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT Is connection tracking turned on when a packet is first matched containing -m state --state BLA , or is connection tracking always on? Can/Should connection state be used for fast matching like below? e.g. suppose this is some sort of router/firewall (no nat). # Default DROP policy iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP # Drop invalid iptables -A FORWARD -m state --state INVALID -j DROP # Accept established,related connections iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow ssh through, track connection iptables -A FORWARD -p tcp --syn --dport 22 -m state --state NEW -j ACCEPT

Read the article
Are you supposed to type '6' with the left hand or the right hand?

- by Joey Adams

A few weeks ago, I did a Google Images search for keyboard finger charts to see which fingers I'm supposed to be using to type which keys. According to the charts, '6' is supposed to be typed with the right hand: (as shown on en.wikipedia.org/wiki/Typing) However, today I spotted a split keyboard in a store with the '6' on the left side of the split. Indeed, an image search for split keyboards indicates that this is the norm: (as shown on en.wikipedia.org/wiki/Microsoft_Natural_keyboard) When doing touch typing "correctly", should I go with the finger charts (type 6 with my right hand), or should I go with the split keyboards (type 6 with my left hand)? <troll> Is this just another example of Microsoft not following the standards? </troll>

Read the article
Why are my log in times taking so long in Linux?

- by Jamie

In recent weeks, login times on my Ubuntu server have started timing out; both through SSH and the local command line console. Examination of the /var/auth.log yields nothing interesting. How can I diagnose long log in times on my Ubuntu server? I should mention, also, that no updates have been performed since the problem has started, and that the /, /boot/ and /usr/ file systems are mounted as readonly. [Edit] This is a stand alone machine, so it doesn't authenticate with Active Directory, LDAP etc. Also, the login prompt is responsive, as is the password prompt. Upon typing the password then CR, I'll timeout. After four a five tries, I will be able to login, although I'm worried this will start taking longer.

Read the article
Converting an ancient RH8 system to VMware ESXi

- by donatello

I am curious to know what options I have to convert a very old RedHat8 machine to a virtual one on ESXi. Looking at VMware Converter it seems there's an option to login to the RH8 using SSH, and from there it will convert to the ESXi-server. That makes me a bit nervous though, exactly what is happening there? The RH8 machine is slightly critical, and if anything messes up it'll likely result in many hours extra work. :( Another option I thought of was to boot a LiveCD on RH8-system and create a raw "dd dump" of the disk. The similar method is used to restore the image, I boot a LiveCD on the VM in ESXi and use "dd" to write it to disk. Is there any other option I could use? I'm using the cheap version of ESXi, hence I have no access to the Converter BootCD so these rather cumbersome methods is the only I can think of. :)

Read the article
vim: sending tab-completion key against a mapped keystroke

- by CDR

To switch between buffers without installing any plugins, a good way is to type :b <tab> Which shows all the current buffers names in status bar and you can pick one using cursor keys and enter. But :b <tab> is 5 keystrokes and I would like to map it to a <leader>. But setting the following is not working. :nnoremap <Leader>. :b <Tab> It shows ":b ^I" in status bar and doesn't actually open the buffer names on status bar. Anyone knows why?

Read the article
How to force rsync to use destination directory as root

- by thepurplepixel

I have a simple script to one-way-sync files/folders within a directory: #!/bin/bash HOST='<hostname>' USER='<username>' DIR='/downloads/' SOURCE='/srv/torrents' rsync -e "ssh -l $USER" --remove-source-files -h -4 -r --stats --progress -i $SOURCE $HOST:$DIR find $SOURCE -type d -empty -prune -exec rmdir -p \{\} \; However, when this rsync operation runs, it creates a folder, torrents in /downloads on the destination machine. How can I force rsync to put all folders & files from /srv/torrents (remote) into /downloads/ (local) instead of creating /downloads/torrents as a separate directory?

Read the article
What are the keyboard shortcuts to operate a Mac slider control

- by doekman

In the Safari RSS screen, there is a slider (or range) control to change an article's summary length. By pressing TAB a couple of times, it is possible to navigate to this control, without using the mouse. Is it also possible, to slide the slider with the keyboard? Thus sliding the knob to the right and left? The volume slider in iTunes can be operated by the arrow-keys, but in Safari's RSS window, these are used to scroll the text if there are any scrollbars... Note: in System Preferences, Keyboard (OS X 10.6), Keyboard Shortcuts, I have set Full Keyboard Access to All controls. Otherwise, the TAB key only navigates between text boxes and lists.

Read the article
Key modifiers affect remote VNC sessions in OS X

- by Michael

I have two concurrent users of my MacBook: one local (with local peripherals) and one remote (connecting via VNC to a user kept logged in with fast user switching). As described here http://macosx.com/forums/howto-faqs/52547-howto-simultaneous-user-environments-via-vnc.html That's working fine, except that when I hit modifier keys (e.g. shift, option, ...), I also affect the remote user. For example, if I hold down shift, the remote user's key strokes are capitalised, and if I hold down option, they get strange glyphs instead of the normal letters. Does anyone have any idea what could be causing this, or how to fix it?

Read the article
Lost sudo/su on Amazon EC2 instance

- by barrycarter

I have an Amazon EC2 instance. I can login just fine, but neither "su" nor "sudo" work now (they worked fine previously): "su" requests a password, but I login using ssh keys, and I don't think the root user even has a password. "sudo <anything>" does this: sudo: /etc/sudoers is owned by uid 222, should be 0 sudo: no valid sudoers sources found, quitting I probably did "chown ec2-user /etc/sudoers" (or, more likely "chown -R ec2-user /etc" because I was sick of rsync failing), so this is my fault. How do I recover? I stopped the instance and tried the "View/Change User Data" option on the AWS EC2 console, but this didn't help. EDIT: I realize I could kill this instance and create a new one, but was hoping to avoid something that extreme.

Read the article
Intermittent apt-get 'no installation candidate' error on fabric deploy

- by jberryman

I'm experiencing a strange issue with a fabric script I'm using to bootstrap a server on EC2. I launch a stock Ubuntu 12.04 AMI, wait for it to start, then proceed with: with settings(host_string="ubuntu@%s" % i.dns_name, connection_attempts=30): sudo('apt-get -qy update') sudo('apt-get -qy install --no-install-recommends mdadm') # don't install postfix #etc... The apt-get update appears to run fine and gives no errors, however (2/3 of the time or so) installing mdadm throws a "no installation candidate" error. When I ssh into the server and run apt-get install mdadm I get the same error. Running apt-get update by hand, then the package installs fine. Any ideas on what might be happening, or ideas for debugging?

Read the article
SQUID Transparent SSL proxy (no intercept)

- by user974896

I know how to have squid work as a transparent proxy. You put it into transparent mode then use your router or IPTABLES to forward port 80 to the squid port. I would like to do the same for SSL. Every guide I see mentions setting up keys on the squid server. I do not want squid to actually decrypt the SSL traffic then establish a connection with the server, rather I would like squid to simply forward the SSL traffic as is. The only thing I would like to do is be able to check the SSL request for any offending IPs and drop the packets if the destination is one of them.

Read the article
Remote X-windows between new RHEL5 and old Solaris 8

- by joshxdr

I have a very small lab network with three boxes: a modern x86-based RHEL3 box, an x86-based RHEL5 box, and a 1998-vintage SPARC Ultra5 with Solaris 8. I can use ssh -X to run a program on the RHEL5 box and view the windows on the RHEL3 box. I believe this uses xauth and magic cookies?? I have followed the X-Windows HOWTO to set up xauth on the Solaris box, but so far no dice. I would like to be able to use the X-windows server on the RHEL3 box with a client program on the Solaris box (program running on Solaris host, windows appearing at Linux host). Is there a trick to this, or have I made a mistake following the instructions for setting up xauth and magic cookie?

Read the article
How to elegantly selectively exclude FreeBSD network traffic from OpenVPN interface by port

- by Polygonica

inexperienced sysadmin here. I'm planning on running a net daemon inside a FreeBSD jail through OpenVPN, but want to be able to SSH directly into the jail and use the daemon's web interface daemon without going through the VPN. As I understand it, an OpenVPN tunnel is normally set up as a default virtual internet interface, and so incoming traffic will go out on the OpenVPN interface by default (which is problematic, as this incurs latency). I thought "well, obviously, since all of this traffic is leaving on a handful of ports, I'll just redirect those to the non-VPN gateway." I've tried to look for solutions, but almost all of them involve iptables instead of ipfw (which is default for FreeBSD) and solve slightly different problems. And alternate solutions like using multiple default routes to ensure that incoming traffic on any interface is always sent out on the same interface seem far-reaching and require deep knowledge of all tools involved. Is there an elegant way of ensuring that traffic leaving on specific ports exits on a specified non-default interface using ipfw?

Read the article
Which linux x86 hardware keystore?

- by byeo

I'm terminating SSL/TLS in my DMZ and I have to assume that machine will be hacked. At which point my certificates are compromised. Previously I've used nCipher hardware keystore/accelerator to solve this issue. These cards won't reveal the private key even to root. The card performs the encryption and decryption onboard and is hardened against physical attack. The only way to get at the keys is by attaching a smart card reader to the card itself. I'm having trouble finding information about something to recreate this approach. Is this the domain of specialist switches and firewalls these days? This old page references some of the old hardware: http://www.kegel.com/ssl/hw.html#cards

Read the article

< Previous Page | 255 256 257 258 259 260 261 262 263 264 265 266 | Next Page >