search for: bastion

...a secure mesh over which our own services may run. This may be a basic question, I wasn't able to find a satisfying answer. What is the significance of port 655 with regards to tinc? Lets consider a 4 node setup: We have nodes: [protected] : protected behind a private network in the cloud [bastion]: also runs in the cloud, has an interface into the private network but also has a public ip. accepts connections on port 655 [outside-1]: a laptop behind a home router [outside-2]: similar to outside-1 I found that when I ran tinc (v1.1pre14) among these 4 nodes and dumped a graph at [bastion], t...

Thanks, very informative! I was able to generate this digraph and I'm pleased with it since it appears that all my servers behind bastion are directly connected, but nodes outside are not and are routed via bastion http://imgur.com/zEojkMw Here is the digraph itself, if the above link is not accessible: digraph { bastion [label = "bastion", color = "green"]; consulServer1 [label = "consulServer1", c...

...nux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: mathieu.pousse at cloud-iam.com Hi there, I'm wondering if `ssh` does properly support the `-J` option to jump through a bastion and the `ControlMaster` settings to reuse an existing connection. When I try to sequentially access two hosts with the same internal ip (10.0.1.2) that are behind a different bastion (bastion-1 and bastion-2), ssh is wrongly re-using the socket because it is "bound" to private ip (10.0.1...

...perating systems, only a priviliged user can listen on that port, and prevents regular users from starting tinc on port 655. However, you don't have to use port 655, you can configure tinc to run on any port(s) you like. > [protected] : protected behind a private network in the cloud > [bastion]: also runs in the cloud, has an interface into the private > network but also has a public ip. accepts connections on port 655 > [outside-1]: a laptop behind a home router > [outside-2]: similar to outside-1 > > I found that when I ran tinc (v1.1pre14) among these 4 nodes and dumpe...

...ct : https://www.wallix.com/en/access-manager/ ? Customizable admin portal: Fully customize the design of your administrative portal. Determine how it classifies files, and how files are transferred between workstations and targeted Windows sources. Plus, quickly communicate with different target Bastions via the encrypted https channel. ? Authentication: In addition to traditional ?directory? authentications, ACCESS MANAGER supports SAML 2.0 and integrates with all infrastructures that utilize identity federation mechanisms. ? Multi-tenant architecture & scalability: Ensure that your organiz...

Hi, Thank you for your reply Ch?re mort d?tails About wallix https://www.wallix.com/en/ Cdt Ilyass KAOUAM SysAdmin Le dim. 2 d?c. 2018 ? 18:44, Gordon Messmer <gordon.messmer at gmail.com> a ?crit : > On 12/1/18 3:00 PM, Ilyass Kaouam wrote: > > Please can you give me an equivalent off Wallix but open source? > > > I didn't find a detailed description of what

https://bugs.freedesktop.org/show_bug.cgi?id=76605 Priority: medium Bug ID: 76605 Assignee: nouveau at lists.freedesktop.org Summary: Screen corruption and crashes in bastion on NVS-140M (G86) Severity: normal Classification: Unclassified OS: Linux (All) Reporter: matthias at blankertz.org Hardware: x86-64 (AMD64) Status: NEW Version: 10.1 Component: Drivers/DRI/nouveau...

Hi all, I noticed a bit of an odd issue with maintaining `known_hosts` when the target machine is behind a bastion using `ProxyJump` or `ProxyCommand` with host key clashes. Client for me right now is OpenSSH_9.3p1 on Gentoo Linux/AMD64. I'm a member of a team, and most of us use Ubuntu (yes, I'm a rebel). Another team who actually maintain this fleet often access the same machines via Windows 10...

Dear Mailing List We are using a ControlMaster with a short ControlPersist to access the bastion host which then gives access to customer hosts. Our Information Security Manager would like to disallow the ControlMaster. His attack scenario is an admin workstation with a compromised root account. An attacker can then use the ControlMaster to trivially get shell access on the bastion host wi...

...signee: unassigned-bugs at mindrot.org Reporter: krubot.ops at gmail.com I'm setting up some servers for a new system and decided to do things a little bit differently. I'm running into an issue that I just can't seem to get past though. My desired configuration is having one bastion server and N other servers that can be accessed via the bastion only?a pretty typical configuration. The difference from what I normally do is that I would like to use signed SSH keys for authentication. This is pretty straight-forward for a single server but is throwing a wrench when using a bast...

...Why Proxying? How Proxying Works Proxy Server Terminology Proxying Without a Proxy Server Using SOCKS for Proxying Using the TIS Internet Firewall Toolkit for Proxying Using Microsoft Proxy Server What If You Can't Proxy? Chapter 10: Bastion Hosts General Principles Special Kinds of Bastion Hosts Choosing a Machine Choosing a Physical Location Locating Bastion Hosts on the Network Selecting Services Provided by a Bastion Host Disabling User Accounts on Bastion Hosts Buildi...

Hi, Please can you give me an equivalent off Wallix but open source? Thanks Ilyass KAOUAM SysAdmin

On 12/1/18 3:00 PM, Ilyass Kaouam wrote: > Please can you give me an equivalent off Wallix but open source? I didn't find a detailed description of what "Wallix" provides during a cursory search.? You might get better responses by providing more detail about what you're looking for.

On 12/2/18 11:34 AM, Ilyass Kaouam wrote: > Thank you for your reply > Ch?re mort d?tails About wallix > https://www.wallix.com/en/ The problem here is that all of the details of what the product *does* seems to require requesting a demo or watching videos, and at that point I think you're asking too much of the community.? If you describe what you are trying to do, we can try to

Am 04.12.2018 um 09:21 schrieb Ilyass Kaouam: > . And of corse log activity users > > For me, In resume I want : > 1. One acces point to all my servers > 2. log activity user (login with active directory) > > Regard's Look at FreeIPA and KeyCloak. Maybe those tools do most of what you like to get. In addition configure the auditd service which comes by default with

How I can specify my logoff script in smb.conf? thx... -- Andre Luis Fogagnoli Bastion Security Systems http://www.bastion.com.br tel://+5511.5049.0100 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/sam...

Ciao Luca, Luca Filipozzi <lfilipoz at emyr.net> writes: >> [ ... ] > Neat. I do something similar: in order to circumvent obnoxious airport / > coffee shop firewalls that block non-HTTPS traffic, I configured haproxy > to offer 'SSH over HTTPS'. haproxy terminates the HTTPS connection > (which is SNI-aware) while sshd on the target machine terminates the >

Ok, so my situation : Connecting to internal machines via a bastion server in AWS. Because I'm raising and tearing down the infrastructure a lot at this stage with Terraform, the IP addresses change. For the management subnet, I have a private DNS zone defined, and a public zone with a record for the bastion server. What I wanted ; to just be able to defin...

Hi, NOTE: I''m not subscribed to the shorewall list, please cc me on your replies. I have a basic 2 interface system. The firewall (bastion host) has a: 1. eth0 - public address 2. eth1 - 192.168.1.0/24 subnet I''m using SNAT to allow the hosts on the internal network to get access to the web. It''s all working ok except for a few missing graphics on some web sites (ie. www.yahoo.com.au) while connecting from the inte...

...s: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: gomez404 at gmail.com When using CanonicalizeHostname, the ForwardAgent directive doesn't seem to work under Match canonical. e.g. ----- Host bastion ProxyJump none Match canonical ProxyJump bastion ForwardAgent yes Host * ForwardAgent no CanonicalizeHostname always CanonicalDomains mydomain.co.uk CanonicalizeMaxDots 0 CanonicalizeFallbackLocal yes ---- When I connect to foo.mydomain.co.uk through the jumphost...