Search Results

Search found 4906 results on 197 pages for 'ssh tunnel'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 91/197 | < Previous Page | 87 88 89 90 91 92 93 94 95 96 97 98  | Next Page >

  • READING stderr from within Awk

    - by Dave
    I want to keep SSH debug info separate (and logged) from other input. However, if I simply redirect stderr to a log file, I risk combining output from SSH and output from the remote process on the host machine (that might send something to stderr): $ ssh -v somemachine 2 file.log So, I want to filter out only those lines that match "debug1": $ ssh -v somemachine | awk '/debug1/ {print "file.log"; next} {print}' Good so far, BUT ssh's debug output goes to stderr. So... $ ssh -v somemachine 2& | awk '/debug1/ {print "file.log"; next} {print}' Foiled again! I don't want to mix stdout and stderr. BAD! What does a kid like me do? I was about to go the route of named pipes or some such wildeness, but really, all I need to know is how to get awk to match patterns from stderr ONLY.

    Read the article

  • How can I create an “su” only user (no SSH or SFTP) and limit who can “su” into that account in RHEL5? [closed]

    - by Beaming Mel-Bin
    Possible Duplicate: How can I allow one user to su to another without allowing root access? We have a user account that our DBAs use (oracle). I do not want to set a password on this account and want to only allow users in the dba group to su - oracle. How can I accomplish this? I was thinking of just giving them sudo access to the su - oracle command. However, I wouldn't be surprised if there was a more polished/elegant/secure way.

    Read the article

  • Custom fail2ban Filter

    - by Michael Robinson
    In my quest to block excessive failed phpMyAdmin login attempts with fail2ban, I've created a script that logs said failed attempts to a file: /var/log/phpmyadmin_auth.log Custom log The format of the /var/log/phpmyadmin_auth.log file is: phpMyadmin login failed with username: root; ip: 192.168.1.50; url: http://somedomain.com/phpmyadmin/index.php phpMyadmin login failed with username: ; ip: 192.168.1.50; url: http://192.168.1.48/phpmyadmin/index.php Custom filter [Definition] # Count all bans in the logfile failregex = phpMyadmin login failed with username: .*; ip: <HOST>; phpMyAdmin jail [phpmyadmin] enabled = true port = http,https filter = phpmyadmin action = sendmail-whois[name=HTTP] logpath = /var/log/phpmyadmin_auth.log maxretry = 6 The fail2ban log contains: 2012-10-04 10:52:22,756 fail2ban.server : INFO Stopping all jails 2012-10-04 10:52:23,091 fail2ban.jail : INFO Jail 'ssh-iptables' stopped 2012-10-04 10:52:23,866 fail2ban.jail : INFO Jail 'fail2ban' stopped 2012-10-04 10:52:23,994 fail2ban.jail : INFO Jail 'ssh' stopped 2012-10-04 10:52:23,994 fail2ban.server : INFO Exiting Fail2ban 2012-10-04 10:52:24,253 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6 2012-10-04 10:52:24,253 fail2ban.jail : INFO Creating new jail 'ssh' 2012-10-04 10:52:24,253 fail2ban.jail : INFO Jail 'ssh' uses poller 2012-10-04 10:52:24,260 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2012-10-04 10:52:24,260 fail2ban.filter : INFO Set maxRetry = 6 2012-10-04 10:52:24,261 fail2ban.filter : INFO Set findtime = 600 2012-10-04 10:52:24,261 fail2ban.actions: INFO Set banTime = 600 2012-10-04 10:52:24,279 fail2ban.jail : INFO Creating new jail 'ssh-iptables' 2012-10-04 10:52:24,279 fail2ban.jail : INFO Jail 'ssh-iptables' uses poller 2012-10-04 10:52:24,279 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2012-10-04 10:52:24,280 fail2ban.filter : INFO Set maxRetry = 5 2012-10-04 10:52:24,280 fail2ban.filter : INFO Set findtime = 600 2012-10-04 10:52:24,280 fail2ban.actions: INFO Set banTime = 600 2012-10-04 10:52:24,287 fail2ban.jail : INFO Creating new jail 'fail2ban' 2012-10-04 10:52:24,287 fail2ban.jail : INFO Jail 'fail2ban' uses poller 2012-10-04 10:52:24,287 fail2ban.filter : INFO Added logfile = /var/log/fail2ban.log 2012-10-04 10:52:24,287 fail2ban.filter : INFO Set maxRetry = 3 2012-10-04 10:52:24,288 fail2ban.filter : INFO Set findtime = 604800 2012-10-04 10:52:24,288 fail2ban.actions: INFO Set banTime = 604800 2012-10-04 10:52:24,292 fail2ban.jail : INFO Jail 'ssh' started 2012-10-04 10:52:24,293 fail2ban.jail : INFO Jail 'ssh-iptables' started 2012-10-04 10:52:24,297 fail2ban.jail : INFO Jail 'fail2ban' started When I issue: sudo service fail2ban restart fail2ban emails me to say ssh has restarted, but I receive no such email about my phpmyadmin jail. Repeated failed logins to phpMyAdmin does not cause an email to be sent. Have I missed some critical setup? Is my filter's regular expression wrong? Update: added changes from default installation Starting with a clean fail2ban installation: cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local Change email address to my own, action to: action = %(action_mwl)s Append the following to jail.local [phpmyadmin] enabled = true port = http,https filter = phpmyadmin action = sendmail-whois[name=HTTP] logpath = /var/log/phpmyadmin_auth.log maxretry = 4 Add the following to /etc/fail2ban/filter.d/phpmyadmin.conf # phpmyadmin configuration file # # Author: Michael Robinson # [Definition] # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "<HOST>" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P<host>\S+) # Values: TEXT # # Count all bans in the logfile failregex = phpMyadmin login failed with username: .*; ip: <HOST>; # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # # Ignore our own bans, to keep our counts exact. # In your config, name your jail 'fail2ban', or change this line! ignoreregex = Restart fail2ban sudo service fail2ban restart PS: I like eggs

    Read the article

  • Custom fail2ban Filter for phpMyadmin bruteforce attempts

    - by Michael Robinson
    In my quest to block excessive failed phpMyAdmin login attempts with fail2ban, I've created a script that logs said failed attempts to a file: /var/log/phpmyadmin_auth.log Custom log The format of the /var/log/phpmyadmin_auth.log file is: phpMyadmin login failed with username: root; ip: 192.168.1.50; url: http://somedomain.com/phpmyadmin/index.php phpMyadmin login failed with username: ; ip: 192.168.1.50; url: http://192.168.1.48/phpmyadmin/index.php Custom filter [Definition] # Count all bans in the logfile failregex = phpMyadmin login failed with username: .*; ip: <HOST>; phpMyAdmin jail [phpmyadmin] enabled = true port = http,https filter = phpmyadmin action = sendmail-whois[name=HTTP] logpath = /var/log/phpmyadmin_auth.log maxretry = 6 The fail2ban log contains: 2012-10-04 10:52:22,756 fail2ban.server : INFO Stopping all jails 2012-10-04 10:52:23,091 fail2ban.jail : INFO Jail 'ssh-iptables' stopped 2012-10-04 10:52:23,866 fail2ban.jail : INFO Jail 'fail2ban' stopped 2012-10-04 10:52:23,994 fail2ban.jail : INFO Jail 'ssh' stopped 2012-10-04 10:52:23,994 fail2ban.server : INFO Exiting Fail2ban 2012-10-04 10:52:24,253 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6 2012-10-04 10:52:24,253 fail2ban.jail : INFO Creating new jail 'ssh' 2012-10-04 10:52:24,253 fail2ban.jail : INFO Jail 'ssh' uses poller 2012-10-04 10:52:24,260 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2012-10-04 10:52:24,260 fail2ban.filter : INFO Set maxRetry = 6 2012-10-04 10:52:24,261 fail2ban.filter : INFO Set findtime = 600 2012-10-04 10:52:24,261 fail2ban.actions: INFO Set banTime = 600 2012-10-04 10:52:24,279 fail2ban.jail : INFO Creating new jail 'ssh-iptables' 2012-10-04 10:52:24,279 fail2ban.jail : INFO Jail 'ssh-iptables' uses poller 2012-10-04 10:52:24,279 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2012-10-04 10:52:24,280 fail2ban.filter : INFO Set maxRetry = 5 2012-10-04 10:52:24,280 fail2ban.filter : INFO Set findtime = 600 2012-10-04 10:52:24,280 fail2ban.actions: INFO Set banTime = 600 2012-10-04 10:52:24,287 fail2ban.jail : INFO Creating new jail 'fail2ban' 2012-10-04 10:52:24,287 fail2ban.jail : INFO Jail 'fail2ban' uses poller 2012-10-04 10:52:24,287 fail2ban.filter : INFO Added logfile = /var/log/fail2ban.log 2012-10-04 10:52:24,287 fail2ban.filter : INFO Set maxRetry = 3 2012-10-04 10:52:24,288 fail2ban.filter : INFO Set findtime = 604800 2012-10-04 10:52:24,288 fail2ban.actions: INFO Set banTime = 604800 2012-10-04 10:52:24,292 fail2ban.jail : INFO Jail 'ssh' started 2012-10-04 10:52:24,293 fail2ban.jail : INFO Jail 'ssh-iptables' started 2012-10-04 10:52:24,297 fail2ban.jail : INFO Jail 'fail2ban' started When I issue: sudo service fail2ban restart fail2ban emails me to say ssh has restarted, but I receive no such email about my phpmyadmin jail. Repeated failed logins to phpMyAdmin does not cause an email to be sent. Have I missed some critical setup? Is my filter's regular expression wrong? Update: added changes from default installation Starting with a clean fail2ban installation: cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local Change email address to my own, action to: action = %(action_mwl)s Append the following to jail.local [phpmyadmin] enabled = true port = http,https filter = phpmyadmin action = sendmail-whois[name=HTTP] logpath = /var/log/phpmyadmin_auth.log maxretry = 4 Add the following to /etc/fail2ban/filter.d/phpmyadmin.conf # phpmyadmin configuration file # # Author: Michael Robinson # [Definition] # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "<HOST>" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P<host>\S+) # Values: TEXT # # Count all bans in the logfile failregex = phpMyadmin login failed with username: .*; ip: <HOST>; # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # # Ignore our own bans, to keep our counts exact. # In your config, name your jail 'fail2ban', or change this line! ignoreregex = Restart fail2ban sudo service fail2ban restart PS: I like eggs

    Read the article

  • Websites down EC2 inaccessible via SSH CPU utilisation 100% last few hours - what should I do?

    - by fuzzybee
    I have multiple websites hosted on 1 single EC2 instance. 1 website "abc" were down for a few hours, sometimes threw database connection error and sometimes just took too long to respond. 1 website "def" were incredibly slow but still up and running the rest of the websites had the same symptoms has "abc" I can afford 15 min or less down time for "def". Should I then (in AWS console) reboot my instance or create an AMI image from my instance and launch it and associate my elastic IP to the new instance or "launch more like this" Background on what may have happened to my ec2 The last time I made changes for 21 hours ago. A cronjob to create snapshots ran around 19 hours ago and it has been running for a long time. Google Analytics shows traffic to my websites such as kidlander.sg has been nothing exceptional. Is there any other actions I should take or better options I could have? (I have already contacted AWS support but their turnaround is 12 hours so I appreciate all the help I could get) Update I got everything back up and running and CPU utilisation back to normal, around 30%. There is 1 difference between "def" and "abc" as well as my other websites "def"'s database is hosted on RDS "abc"'s database is hosted on an EC2 instance (different from my web server instance) configured by myself Nevertheless, I checked the EC2 instance I'm using as MySQL server yesterday and it was absolutely fine during the incident low CPU ultilisation I could log in using linux command line

    Read the article

  • How to fix Apache from crashing with PHP+Curl on an SSH request?

    - by Jason Cohen
    My Apache process segfaults whenever I call curl_exec() from PHP with an "https://" URL. If I use http instead of https as the URL transport, it works perfectly, so I know curl and the other curl options are correct. I can use curl from the command-line on that server using the https version of the URL and it works perfectly, so I know the remote server is responding correctly, the cert isn't expired, etc.. My server is: Linux 2.6.32-21-server #32-Ubuntu SMP Fri Apr 16 09:17:34 UTC 2010 x86_64 GNU/Linux My Apache version is: Server version: Apache/2.2.14 (Ubuntu) Server built: Apr 13 2010 20:21:26 My PHP version is: PHP 5.3.2-1ubuntu4.2 with Suhosin-Patch (cli) (built: May 13 2010 20:03:45) Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies My PHP curl module info is: cURL support => enabled cURL Information => 7.19.7 Age => 3 Features AsynchDNS => No Debug => No GSS-Negotiate => Yes IDN => Yes IPv6 => Yes Largefile => Yes NTLM => Yes SPNEGO => No SSL => Yes SSPI => No krb4 => No libz => Yes CharConv => No Protocols => tftp, ftp, telnet, dict, ldap, ldaps, http, file, https, ftps Host => x86_64-pc-linux-gnu SSL Version => OpenSSL/0.9.8k ZLib Version => 1.2.3.3

    Read the article

  • Install KVM based Windows 2008 remotely over SSH on a headless, no graphics Ubuntu 10.04 server?

    - by taazaa
    Hi, I have a Dell server at a remote data center with Ubuntu 10.04 as the host. It is a minimal install with the necessary virtulization packages. There is no X and the machine is headless. I have the win2008 DVD in the machine and want to remotely install it. I tried: virt-install --connect qemu:///system -n vmwin2k8 -r 1024 --disk path=server2k8.qcow2,size=50 --cdrom /dev/sr0 --vnc --noautoconsole --os-type windows --os-variant win2k8 The qcow2 image get created However I don't understand how to connect to see the install via VNC. This is my first time doing it so it may be trivial or may not be possible. Remotely I have a Win 7 machine with Putty and RealVNC viewer. Where is the graphic output of VNC going? Do I have to have VNC server running on the host or some other machine and then connect to it from my VNC client? Please let me know or point me to the right direction. I have been searching the web for several days to figure out how this is suppose to work. Thanks!

    Read the article

  • Cisco VPN Client Behind ASA 5505

    - by fdf33
    I'm trying to get connected to another ASA via Cisco VPN Client. I am behind an ASA 5505 myself and I am tryihng to VPN to a 5510. I get the message: Secure VPN Connection terminated locally by the Client. Reason 412: The remote peer is no longer responding. I can connect to the other ASA if I use a normal cheap Linksys. Here's the version of my ASA: Result of the command: "sh ver" Cisco Adaptive Security Appliance Software Version 8.4(1) Any help would be great. Thanks running-config : Saved : Written by enable_15 at 23:12:32.378 UTC Fri Jul 1 2011 ! ASA Version 8.4(1) ! hostname aaaasa domain-name aaa.local enable password xxxxxxxxxxxxxxx encrypted passwd xxxxxxxxxxxxxxxxxxxx encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.254 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address xxx.xxx.xxx.xxx 255.255.254.0 ! interface Vlan5 no nameif security-level 50 ip address 172.16.0.254 255.255.255.0 ! interface Vlan500 no nameif security-level 100 ip address 10.10.10.1 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! boot system disk0:/asa841-k8.bin ftp mode passive dns domain-lookup inside dns domain-lookup outside dns server-group DefaultDNS name-server 4.2.2.2 domain-name aaa.local same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network obj_any subnet 0.0.0.0 0.0.0.0 object network A_93.97.168.1 host 93.97.168.1 object network rdp host 192.168.1.2 object network NETWORK_OBJ_192.168.1.0_24 subnet 192.168.1.0 255.255.255.0 access-list 101 extended permit tcp any host 192.168.1.2 eq 3389 access-list 101 extended permit icmp any any echo-reply access-list 101 extended permit icmp any any source-quench access-list 101 extended permit icmp any any time-exceeded access-list 101 extended permit icmp any any unreachable access-list 102 extended permit ip any any pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1492 ip local pool VPNPool 192.168.2.200-192.168.2.210 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-641.bin no asdm history enable arp timeout 14400 ! object network rdp nat (inside,outside) static interface service tcp 3389 3389 ! nat (inside,outside) after-auto source dynamic any interface access-group 101 in interface outside access-group 102 out interface outside ! router ospf 1 network 192.168.1.0 255.255.255.0 area 0 log-adj-changes ! route outside 0.0.0.0 0.0.0.0 93.97.168.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=ciscoasa proxy-ldc-issuer crl configure crypto ca certificate chain ASDM_TrustPoint0 certificate 8877d64d 30820248 308201b1 a0030201 02020488 77d64d30 0d06092a 864886f7 0d010105 05003036 3111300f 06035504 03130863 6973636f 61736131 21301f06 092a8648 86f70d01 09021612 63697363 6f617361 2e6e6a64 2e6c6f63 616c301e 170d3131 30353231 30383533 34325a17 0d323130 35313830 38353334 325a3036 3111300f 06035504 03130863 6973636f 61736131 21301f06 092a8648 86f70d01 09021612 63697363 6f617361 2e6e6a64 2e6c6f63 616c3081 9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100ea 1aa95141 480e616c efee6816 a96d6511 313b6776 cd3dd57b cd84b4d2 5e108aee 7c980086 4d92e2eb b6c7bf66 4585af0a ccbf153a db9270be c6f5c67b db9dd8d1 2f78d033 3348b056 df4be0da 70e08953 53adf294 9db6c020 597d250f bf448b43 b90179c8 ff0b15d8 744632d9 31c1945f 0b11e258 b4c1d224 692efff4 7b2f5102 03010001 a3633061 300f0603 551d1301 01ff0405 30030101 ff300e06 03551d0f 0101ff04 04030201 86301f06 03551d23 04183016 8014493c 19db183a ab1af9e9 b1e44ad4 2a408b3c 89d1301d 0603551d 0e041604 14493c19 db183aab 1af9e9b1 e44ad42a 408b3c89 d1300d06 092a8648 86f70d01 01050500 03818100 1dd1760a fdd15941 4803fb9a cd6f44a7 2e275854 a1c0fbe1 d19f2cc9 182d43ef a547f854 8df96d15 3ea79c62 cf3fcb1c 5820360b c607dbfc 4de8bb16 19f727e9 b928a085 665816d8 138e4a35 ed610950 7910dd4a 0b1a9dd9 0e26f1c8 b78bc0cc cbf19eb2 4c4c3931 45199ea5 249e3266 661e44fd 7a00d376 dcfc6e4e d43f10b8 quit crypto isakmp nat-traversal 30 crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 enable outside client-services port 443 crypto ikev2 remote-access trustpoint ASDM_TrustPoint0 telnet timeout 5 ssh 192.168.1.0 255.255.255.0 inside ssh timeout 5 console timeout 0 dhcpd auto_config outside ! dhcpd address 192.168.1.5-192.168.1.36 inside dhcpd dns 4.2.2.2 interface inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics host number-of-rate 3 threat-detection statistics port threat-detection statistics protocol threat-detection statistics access-list threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 ntp server 82.219.4.31 source outside prefer ssl trust-point ASDM_TrustPoint0 outside webvpn enable outside anyconnect image disk0:/anyconnect-win-2.4.1012-k9.pkg 1 anyconnect profiles AnyConnectVPN_client_profile disk0:/AnyConnectVPN_client_profile.xml anyconnect profiles SSLAnyConnectVPN_client_profile disk0:/SSLAnyConnectVPN_client_profile.xml anyconnect enable tunnel-group-list enable group-policy GroupPolicy_AnyConnectVPN internal group-policy GroupPolicy_AnyConnectVPN attributes wins-server none dns-server value 4.2.2.2 vpn-tunnel-protocol ikev2 ssl-client ssl-clientless default-domain value aaa.local webvpn url-list none anyconnect profiles value AnyConnectVPN_client_profile type user group-policy GroupPolicy_SSLAnyConnectVPN internal group-policy GroupPolicy_SSLAnyConnectVPN attributes wins-server none dns-server value 4.2.2.2 vpn-tunnel-protocol ikev2 ssl-client default-domain value aaa.local webvpn anyconnect profiles value SSLAnyConnectVPN_client_profile type user username testuser password xxxxxxxxxxxxxxxxx encrypted privilege 0 username testuser attributes vpn-group-policy GroupPolicy_AnyConnectVPN tunnel-group SSLPOL type remote-access tunnel-group SSLPOL general-attributes default-group-policy GroupPolicy_AnyConnectVPN tunnel-group SSLAnyConnectVPN type remote-access tunnel-group SSLAnyConnectVPN general-attributes address-pool VPNPool default-group-policy GroupPolicy_SSLAnyConnectVPN tunnel-group SSLAnyConnectVPN webvpn-attributes group-alias SSLAnyConnectVPN enable ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect esmtp inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect sip inspect skinny inspect sqlnet inspect sunrpc inspect tftp inspect xdmcp ! service-policy global_policy global prompt hostname context call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email [email protected] destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:94a65341aa27d3929d5e92a32ba22120 : end

    Read the article

  • Need help with executing and deleting remote bash script via a local bash script

    - by kenja
    I am trying to create a bash script that will scp a script to a remote server, ssh (using an ssh key that is already installed) to the remote server, execute the uploaded script, and then delete the remote script when it is finished. I'm not clear how to run an ssh session inside a bash script. Here are the commands I use to do it from the command line: scp my_script.sh [email protected]:/usr/home/user/ ssh [email protected] >sh my_script.sh >rm myscript.sh >exit How do I script the ssh portion of my command list? Thanks!

    Read the article

  • No Wi-Fi after system reboot

    - by ILya
    Something strange is happening... I've installed a Wi-Fi card into my Ubuntu Server 11.04 machine. To configure it I do the following: sudo vi /etc/network/interfaces add: iface wlan0 inet dhcp wpa-driver wext wpa-ssid "Sweet Home" wpa-ap-scan 1 wpa-proto WPA wpa-pairwise TKIP wpa-group TKIP wpa-key-mgmt WPA-PSK wpa-psk <A KEY> auto wlan0 then: $ sudo /etc/init.d/networking restart * Running /etc/init.d/networking restart is deprecated because it may not enable again some interfaces * Reconfiguring network interfaces... ssh stop/waiting ssh start/running, process 1522 ssh stop/waiting ssh start/running, process 1590 And my machine successfully gets an ip to my wireless adapter. But after reboot it doesn't get any ip in wireless network. To fix it I run /etc/init.d/networking restart again and all is fine again - it gets an ip. I understand that I simply should add it to my startup scripts to make it work properly, but maybe there is a better way to configure it?

    Read the article

  • PAM_LDAP error trying to bind ?

    - by billyduc
    I have this error when I ssh to my LDAP client using the login name on the LDAP server my LDAP client's running Ubuntu 9.10 Karmic my LDAP server is Fedora Core 4 and running Fedora Directory Server ssh [email protected] cat /var/log/auth.log //on the client Dec 18 10:24:17 ubuntu-ltsp sshd[4527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=billyhost.local user=billyduc Dec 18 10:24:17 ubuntu-ltsp sshd[4527]: pam_ldap: error trying to bind as user "uid=billyduc,dc=mydomain,dc=com" (Invalid credentials) Dec 18 10:24:18 ubuntu-ltsp sshd[4527]: Failed password for billyduc from 192.168.5.121 port 51449 ssh2 Here's my /etc/pam.d/sshd cat /etc/pam.d/sshd auth [success=1 default=ignore] pam_unix.so auth required pam_ldap.so use_first_pass auth required pam_permit.so account sufficient pam_permit.so I also edit my /etc/ssh/sshd_config in both client and Server PasswordAuthentication yes So I think something wrong with the password when the ssh server do checking

    Read the article

  • Port forwarding (portmap) works only locally

    - by Tag Wint
    There are four hosts hostA winXP hostB Win2003 hostC Linux RHEL hostD Linux RHEL hostA cannot connect to C and D directly, but B can hostA connects to hostB using VPN hostB and hostC belong to the same subnet1 hostD is in subnet2 From hostA I need to connect to hostC and hostD by SSH. Now I can do it as follows: 1.connecting from hostA to hostB by RDP logon and there: 2.start putty client. I'd like to omit step 1 and connect from A to C and D directly On hostB I have admin acoount and configure port forwarding as follows: netsh interface portproxy add v4tov4 listenport=N1 connectaddress=hostC_IP connectport=N2 netsh interface portproxy add v4tov4 listenport=N3 connectaddress=hostD_IP connectport=N2 netsh interface portproxy show all: Listen on IPv4: Connect to IPv4: Address Port Address Port --------------- ---------- --------------- ---------- * N1 hostC_IP N2 * N3 hostD_IP N2 Now from hostB I can connect to either C and D: ssh localhost:N1 ssh localhost:N3 from hostA ssh hostB:N1 works too, but ssh hostB:N3 DON'T I guess the reason might be different subnets, still have no idea how to fix it. What should I do?

    Read the article

  • Proxy via Telnet

    - by Vreality2007
    I know telnet is insecure and all, but I'm stuck using it because ssh is blocked. I know how to setup ssh to bind the connection to a local port, is there a way to do this with telnet? For example, if I am using an ssh connection, I would bind it to port 999 like this: ssh -D 999 [email protected] -N -C I've tried using the -b command in linux, but to no avail. Is this even possible? This is what I've tried: telnet host.com -b 999 I'm sorry if the answer is obvious, but I've done a lot of research and testing and I can't seem to figure this out. NOTE: I plan on telling the admin if I can find a way to get this to work, this is based off of simple curiosity and not malicious intent. If I can't bind a telnet port, is there a way to tunnel an ssh connection through telnet?

    Read the article

  • Create a VPN with Python

    - by user213060
    I want to make a device "tunnel box" that you plug an input ethernet line, and an output ethernet line, and all the traffic that goes through it gets modified in a special way. This is similar to how a firewall, IDS, VPN, or similar boxes are connected inline in a network. I think you can just assume that I am writing a custom VPN in Python for the purpose of this question: LAN computer <--\ LAN computer <---> [LAN switch] <--> ["tunnel box"] <--> [internet modem] <--> LAN computer <--/ My question is, what is a good way to program this "tunnel box" from python? My application needs to see TCP flows at the network layer, not as individual ethernet frames. Non-TCP/IP traffic such as ICPM and other types should just be passed through. Example Twisted-like Code for my "tunnel box" tunnel appliance: from my_code import special_data_conversion_function class StreamInterceptor(twisted.Protocol): def dataReceived(self,data): data=special_data_conversion_function(data) self.outbound_connection.send(data) My initial guesses: TUN/TAP with twisted.pair.tuntap.py - Problem: This seems to only work at the ethernet frame level, not like my example? Socks proxy - Problem: Not transparent as in my diagram. Programs have to be specifically setup for it. Thanks!

    Read the article

  • stylesheet_link_tag producing absolute links instead of relative

    - by mathee
    I set up facebooker to tunnel my Ruby on Rails application. The issue is that I would like to test locally. That is, I don't want to have to start a tunnel every time I want to see my changes. Right now, when I start the application using ruby script/server (not calling rake facebooker:tunnel:background_start beforehand), links created by helpers (e.g., stylesheet_link_tag, javascript_include_tag, image_tag) are prepended with my tunnlr address: http://web1.tunnlr.com:myPort/. (For example, a CSS link looks like this in the page source: http://web1.tunnlr.com:myPort//stylesheets/appName.css?1234567890.) I don't want that functionality; I can't see my CSS or JavaScript changes without having to start the tunnel first. I want the links to be relative, not absolute. So, stylesheet_link_tag should produce /stylesheets/appName.css?1234567890. Does anyone know why it's doing that in the first place and how to fix it? Thanks in advance.

    Read the article

  • Need help configuing juju on Windows 8

    - by Claude Tyler McAdams
    I am trying to get Juju working on Windows 8 but I am running in to some errors when trying to get juju to see my ssh keys: C:\Users\username> juju bootstrap error: error parsing environment "azure": read C:\Users\user\SkyDrive\Documents\Azure\ssh\: The handle is invalid. I've added a public key I generated with putty to the directory above called azure My environments.yaml file has this in it: authorized-keys-path: C:\Users\user\SkyDrive\Documents\Azure\ssh\ Any ideas?

    Read the article

  • Parsing error when bootstrapping on Windows

    - by Claude Tyler McAdams
    I am trying to get Juju working on Windows 8 but I am running in to some errors when trying to get juju to see my ssh keys: C:\Users\username> juju bootstrap error: error parsing environment "azure": read C:\Users\user\SkyDrive\Documents\Azure\ssh\: The handle is invalid. I've added a public key I generated with putty to the directory above called azure My environments.yaml file has this in it: authorized-keys-path: C:\Users\user\SkyDrive\Documents\Azure\ssh\ Any ideas?

    Read the article

  • mosh-like port forwarding

    - by Marc Merlin
    This is on linux, connecting to linux servers: I love mosh, but it doesn't support port forwarding, and likely won't for a while since it's been almost a year now and it hasn't happened yet. port forwarding over ssh is great, but because my laptop moves between networks several times a day, my ssh sessions die, and so do the port forwards. I could script/hack something to detect hung ssh and reconnect to get my port forwards back, but before I do this, is there another way to do long lasting port forwards when your source IP changes several times daily (because you go on different networks)? I'm thinking an ssh over UDP would do the trick but of course ssh is over TCP.

    Read the article

  • Disable ALTQ for internal network traffic

    - by javanix
    I currently have a FreeBSD 8.2 media server set up on my LAN that I use to stream my music from. I also have an SSH login that I use to do file transfers to and from this server remotely. I would like to set up ALTQ (and have gotten this working) to limit my outgoing bandwidth from the server for SSH traffic. However, configuring ALTQ this way is also limiting my internal traffic (and thus interfering with my music streaming) since I am only using a single network interface. Can anyone show me how I would use PF and ALTQ to limit outgoing WAN traffic while allowing all internal LAN traffic to go through unhindered? ext_if="eth0" int_if="eth0" altq on eth0 cbq bandwidth 1Mb queue { std, ssh } queue std bandwidth 80% cbq(default) queue ssh bandwidth 20% cbq(ecn) pass out on eth0 proto tcp to port 22 queue ssh eth0 is my LAN interface, my total WAN bandwidth on my cable connection is 1Mb/s, and my internal network is 10/100.

    Read the article

  • How do I fix a "Could not resolve hostname" Error in juju status?

    - by czajkowski
    I have my nodes in ready and one node in allocated to root stage , now when i bootstrap it gives success but when i do juju status it gives an error as below : juju bootstrap 2012-08-15 21:32:34,449 INFO Bootstrapping environment 'maas' (origin: distro type: maas)... 2012-08-15 21:32:34,636 INFO juju environment previously bootstrapped. 2012-08-15 21:32:34,637 INFO 'bootstrap' command finished successfully juju status 2012-08-15 21:33:17,833 INFO Connecting to environment... 2012-08-15 21:33:23,013 ERROR Invalid host for SSH forwarding: ssh: Could not resolve hostname node-000c29d63ebb.local: Name or service not known 2012-08-15 21:33:53,166 ERROR Invalid host for SSH forwarding: ssh: Could not resolve hostname node-000c29d63ebb.local: Name or service not known

    Read the article

  • Need help translating rate limiting iptables rules to Puppet format

    - by geoffroy
    I use Puppet Iptables module to manage Iptables rules on my machine. I'd like to implement to rate limit failed SSH connections as described here : Hundreds of failed ssh logins iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 5 --name SSH --rsource -j DROP iptables -A INPUT -p tcp --dport 22 -m recent --set --name SSH --rsource -j ACCEPT Is it possible to translate it to Puppet syntax, such as firewall { '015 drop 5 failed attemps to connect to SSH in a minute ': proto => 'tcp', port => 22, action => 'drop', // what are the other paramters ? } Any help welcome. Best regards Geoffroy

    Read the article

  • My VPS was wiped, can I still access it?

    - by Lucas806
    Someone gained access into my Ubuntu VPS via SSH, they entered rm -Rf / which wiped it and now I can't access it via SSH or SFTP. On SFTP I get the the following error: Error: Connection timed out Error: Could not connect to server And then on SSH, I try to connect to my VPS IP on Port 22, it doesn't come up with anything for ages (it should come up asking for a username) and then a op-up appears saying: Network Error: Connection timed out. Is it possible to fix this, if so, how?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 87 88 89 90 91 92 93 94 95 96 97 98  | Next Page >