search for: idealab

Hello, what is the right way to disable XFree86 and wdm listening ports tcp 6000 and tcp 1024. I read in man XFree86 about the -nolisten tcp option and tried to set in /usr/X11R6/lib/X11/xdm :0 local /usr/X11R6/bin/X -nolisten tcp but it was not successful. What is the right way to close the ports without use of IPFW? Your help would be appreciated. Thank?s Wolfgang

...swap, but the question was never answered. Is there a good reason not to do this? The only one I can think of is that we'll need to make ssh-agent setuid as mlock requires root priveleges. -Jason -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.2 (GNU/Linux) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE5/qAwswXMWWtptckRAhCqAJ91Ei23/vxP1SHmI44dHmEPIPI3FACgkujG oODCsCvCCgYCYO7ZS71ThBc= =g0GJ -----END PGP SIGNATURE-----

What has to be installed on a host for it to do X11Forwarding in SSH? My (FreeBSD) workstation at home is behind NAT. From home, I can SSH to a FreeBSD firewall at work, and from there I can get to other hosts around the internal network there, some of which run X clients. Does X have to be installed *on the firewall* for me to forward X11 connections from the X clients back to my workstation

...> --------------------------- > If the Revolution comes to grief, it will be because you and those you > lead have become alarmed at your own brutality. --John Gardner > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.4 (FreeBSD) > Comment: See https://private.idealab.com/public/jason/jason.gpg > > iD8DBQE6lICTswXMWWtptckRAhqFAJ4rBjhw5S/pt/rMB2zh7rrFR7HHBwCeNRB0 > JpLCTVj3M3MaDfenF/F1NS8= > =P1RP > -----END PGP SIGNATURE----- -- Troy Carter tcarter at princeton.edu

...ht produce the above? -Jason --------------------------- If the Revolution comes to grief, it will be because you and those you lead have become alarmed at your own brutality. --John Gardner -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE6Nx7lswXMWWtptckRAhhWAKDzrgE3ohuQSS/McZEpImeR5wc7qwCePdyG nRQfu/hFk8NMg3UUQo/o7XM= =pi9H -----END PGP SIGNATURE-----

Looking at openSSH INSTALL: To generate a host key, run "make host-key". Alternately you can do so manually using the following commands: ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N "" ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N "" But when I try latter, I get: (gdb) n 1 0x35a6 in save_private_key_ssh2 ( filename=0xb2d2c

I was building OpenSSH on a Solaris 2.6 machine and found a small problem using scp after it was built. The scp command coming from a remote machine to the OpenSSH machine results in an error message of "sh: scp: not found". The start-up script for sshd sets PATH to include /usr/local/bin where scp resides. I also tried adding an "export PATH" in case that was the problem, but

...estart the machine.I've tried doing the same thing four to five times but each time it froze after i created the bridge.What's happening??? Do I need to upgrade the kernel with any other patch or am I missing something very obvious. Expecting your reply. Thanks & Regards, S.Rajaraman iDeaLab India Pvt Ltd

...re's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE8vLyAswXMWWtptckRAtv4AJ0WMTp+b0fxqwS/gZ7+u65fclUGrgCglDwr 1wGesZfuEXqeBungL55/OTY= =imvZ -----END PGP SIGNATURE-----

I'd like to know why /usr/local/(include|lib) is added to the (include|library) path. I'd _especially_ like to know why it's added before user-specified library directories such as OpenSSL. If I specify --with-openssl=/foo/openssl, I want to actually _use_ the version of openssl in /foo/openssl, not some version that may have been installed in /usr/local. This really makes no

[My apologies if this question is deemed inappropriate for this list.] Using OpenSSH, is it possible for a program/script to copy files with known filenames from a remote server (running sshd), without allowing (interactive) ssh access to that server? I.e. ``ssh server ls'' or ``ssh server'' should not be possible (for security reasons), but ``scp server:file .'' should.

All-- But it's not as simple as forwarding the password-based authentication. Regardless of what method was used to SSH from system one (user's) to system two (SF), the user then started up *a second* SSH session to go from two (SF) to three (Apache). There is no effective way for any authentication information from the first session to be passed to the second, in my mind. Remember

On 9 Jul 2004 at 13:11, Daniel Brown wrote: > On the other hand, I've run across a sysadmin who always enables his > toor accounts -- and changes its shell to bash. As a result, not only > is there an alternate root account (good in case 'root' trampled on by > accident or purpose), but you can get root bash as a login shell while > leaving the real root to its normal

We are trying to upgrade from SSH1 to OpenSSH/SSH2. I see that configuration support for "cipher NONE" was removed in OpenSSH. Is there an alternative for this ? We need to move big files (>100Mb) between machines on the Internet. In the past we had used NFS or ftp but want to block those services at one or both ends. Moving them with SSH 1 scp takes quite a bit of CPU effort for

Hello all! I'm looking for a solution to the following problem - I need to be able to use OpenSSH from root on one system to perform work on several dozen other systems using some automation. The restrictions that have to be met to keep the business happy are that no cleartext passwords or unencrypted private keys can be stored on disk. Since this is within an automated environment, there

Does anyone know of a way to rate limit ssh connections from an IP address ? We are starting to see more and more brute force attempts to guess simple passwords "/usr/sbin/inetd -wWl -C 10" is nice for slowing down attempts to services launched via inetd. Is there an equiv method for doing this to sshd? Running from inetd has some issues supposedly. ---Mike

I'm working with a FreeBSD user -- a teacher -- who's running KDE on a system on which she neither has nor wants root privileges. She wants to be able to mount and unmount floppies and ZIP cartridges from within KDE, using the standard KwikDisk utility (which, by the way, generates mount and unmount command that don't conform to FreeBSD syntax; however, it appears possible to fix this

How 'bout PAM? /usr/ports/security/pam_ldap. If you have machines that can't do PAM, perhaps NIS is the way to go (assuming, of course, you're behind a firewall). You can store login information in LDAP like you want, then use a home-grown script to extract the information to a NIS map. Or, if you have a Solaris 8 machine lying around, you can cut out the middle step and use

The included patch adds a new option to the ssh client: -d fd Read the password from file descriptor fd. If you use 0 for fd, the passphrase will be read from stdin. This is basically the same as GPG:s parameter --passphrase-fd. Flames about why this is a bad idea goes into /dev/null. I really need to do this. There are lots of ugly Expect-hacks out there, but I want a more clean

All-- su cannot be run without trusting the shell. The shell cannot be trusted without trusting any instructions the shell uses, from library calls to rc scripts. Hell, the instructions the shell uses can't even be trusted, since they're all living in userspace memory. By contrast, SSHD is generally a root owned, highly secure environment with no unpriveledged userspace