search for: ssh_host

...t;man in the middle" attack. If some > intermediate malicious machine is able to intercept your traffic, it can <snip> Just as a side note, here: when we rebuild a machine - say, when we were doing CentOS 5 to 6, or when we build a new machine for someone, 6->7, we *remove /etc/ssh/ssh_host*, and rsync in the *old* /etc/ssh/ssh_host* from backup. Not doing this does have a tendency to freak out the users.... mark

...y located. You can check the location of the ssh-keysign binary by running strings on the ssh executable and grep'ing for ssh-keysign. I expect that it will be /usr/local/libexec/ssh-keysign. Make sure that it is setuid root. You can then run strings on the ssh-keysign executable and grep for ssh_host ed25519 to confirm the expected location for the host key. Make sure that the key can be found in the expected location, and that the public key is world-readable, but that the private key is readable only by root. Note, if you do not see a reference to ssh_host_ed25519 in the above strings output...

Hi, I would like to compare a backup dir with a directory list in --compare-dest= but I don't know how to specify this list. If a have only one dir it's ok, but if I have 2 or more dir I have an error ? Here is my script: #!/bin/bash SSH_USER= SSH_HOST= TOBCK=/ EXCLUDES=/root/bckscript/ns200176/excludes LOG=/root/bckscript/ns200176/rsync_$(date +'%Y-%m-%d_%H.%M.S').log mount /dev/sda1 /mnt/bckhd01 BACKUPDIR=/mnt/bckhd01/ns200176/$(date +'%A') COMPAREDIR="" LIST=$(ls /mnt/bckhd01/ns200176/) for i in $LIST; do CO...

...15, at 12:27 PM, Robert Nichols >> <rnicholsNOSPAM at comcast.net> >> wrote: >> > >> > On 02/09/2015 11:14 AM, James B. Byrne wrote: >> >> So, I decided to run restorecon -v to >> >> >> ... >> >> restorecon reset /etc/ssh/ssh_host_rsa_key_4096 context >> >> unconfined_u:object_r:sshd_key_t:s0->unconfined_u:object_r:etc_t:s0 >> > > Why are you putting your SSH key in /etc/ ? > > With SELinux its normally better to go with the flow. find out which > directories have the desired label and kee...

.../2.0, OpenSSL 0.9.7c 30 Sep 2003 tyr fd1026 63 ps -aef | grep ssh root 4924 1 0 17:53:10 ? 0:00 /usr/local/sbin/sshd -f /usr/local/etc/ssh/sshd_config -p 22 tyr fd1026 64 alias ssh ssh -q -F /usr/local/etc/ssh/ssh_config tyr fd1026 65 cd /usr/local/etc/ssh tyr ssh 66 grep ssh_host *config sshd_config:HostKey /etc/ssh/ssh_host_key sshd_config:HostKey /etc/ssh/ssh_host_rsa_key sshd_config:HostKey /etc/ssh/ssh_host_dsa_key tyr ssh 67 grep ssh_known *config ssh_config:GlobalKnownHostsFile2 /usr/local/etc/ssh/ssh_known_hosts2 sshd_config:# /usr/local/etc/ssh/ssh_known_hosts...

...order. .El .Sh EXAMPLES -Print the host key for machine -.Pa hostname : +.Pp +Print the +.Pa rsa1 +host key for machine +.Pa host1 +and the +.Pa dsa +host key for machine +.Pa host2 : .Bd -literal -ssh-keyscan hostname +ssh-keyscan host1 -t dsa host2 .Ed .Pp Find all hosts from the file .Pa ssh_hosts which have new or different keys from those in the sorted file -.Pa ssh_known_hosts : +.Pa ssh_known_hosts2 : .Bd -literal -$ ssh-keyscan -f ssh_hosts | sort -u - ssh_known_hosts | \e\ - diff ssh_known_hosts - +$ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e\ + sort -u - ssh_known_hosts2 | diff ssh_...

...x /new/etc/fstab, ESP if you use UUID. I *strongly* prefer LABEL= > Then, any webserver stuff if the old was running it. > If this system is using Linux RAID, > > rsync -HPavx /old/etc/md.conf /etc/ > > If yuo want to, copy the original SSH keys: > > rsync -HPavzx /etc/ssh/ssh_host* /new/etc/ssh > > Don't forget /boot/grub/device.map, and for C6, /new/boot/grub/grub.conf > is right, or for C7, /new/boot/grub2/grub.conf is good. > > NOTE this will work for identical machines. Otherwise, BEFORE you rotate > ou may need to run "mkinitrd" for the l...

Current Installation: CentOS 7.1503 with SerNet Samba 4 ver. 4.1.17 configured as Active Directory Domain Controller. Current Installation: HP Workstation with dual Xeon quadcore cpu's and 4 x SATA hard drives NOT configured in RAID array. New Installation: CentOS 7.1503 minimal install New Installation: SuperMicro with single Xeon quadcore cpu and 4 x SATA hard drives configured in two pairs

I have older systems out there that work fine, just for what ever reason would be great to upgrade from a C5 -> C7 (due to no longer supported) or C6 > C7 (for updated packages). Sounds like the upgrade tool is not quite an option... I was thinking... What would be wrong with any "easy" script that did the following: 1) Removed all packages with the --justdb option. 2) Import

...s not desired but ssh should use a specific socket (in below patch is fd 3 and 4) for same thing.. For example a reverse ssh connection where sshd connects back to ssh(which is executed by a a script that binds to the port then execute ssh: on sshd side: $ nc -w 60 -c '/usr/sbin/sshd -i' ssh_host 12345 on ssh side: #!/usr/bin/perl use Socket qw(:all); our $bind_port = 12345; our $bind_addr = "0"; $^F = 5; socket(my $sfd, AF_INET, SOCK_STREAM, 6) || die "socket: $!"; bind($sfd, sockaddr_in($bind_port, inet_aton $bind_addr)) || die "bind: $!"; listen($sfd,SOMAX...

Respecting cloning vm guests, I see in /etc/ssh the following: ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_key ssh_host_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub Is there a simple script somewhere to regenerate all the server host keys for the new guest after cloning? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne ma...

Respecting cloning vm guests, I see in /etc/ssh the following: ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_key ssh_host_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub Is there a simple script somewhere to regenerate all the server host keys for the new guest after cloning? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne ma...

Hi, I found a behaviour of rsync I cannot explain. 1) rsync -vaS --delete-after --include-from=/etc/rsync.inc --exclude-from=/etc/rsync.ex / server:/ 2) rsync -vaS --relative --delete-after --include-from=/etc/rsync.inc --exclude-from=/etc/rsync.ex / server:/ I sync most of one server to another as a fallback server. I had the relative option first (dont know anymore why), then

...lt;sourceserver>:/. /new/ (exclude anything else you want) 4. Copy /etc/fstab, /etc/sysconfig/network, /etc/sysconfig/network-scripts/ifcfg-e*, /boot/grub/device.map, and /etc/exports, if any, to /boot/new and /new/etc/ 5. Deal with /new/etc/udev.d/rules/70-persistant-net.rules 6. copy /etc/ssh/ssh_host* /new/etc/ssh/ 7. IF THE NEW HARDWARE IS DIFFERENT THAN THE OLD, make a new initrd. mount --bind /dev /new/dev mount --bind /sys /new/sys mount --bind /proc /new/proc mount --bind /boot/new /new/boot chroot /new cd /lib/modules VER=$(ls -rt1 | tail -1) echo $VER mkinitrd X $VER mv X /boot/initrd-...

.../ -type f -exec cp /dev/null {} \; Fix /new/etc/fstab, ESP if you use UUID. I *strongly* prefer LABEL= Then, any webserver stuff if the old was running it. If this system is using Linux RAID, rsync -HPavx /old/etc/md.conf /etc/ If yuo want to, copy the original SSH keys: rsync -HPavzx /etc/ssh/ssh_host* /new/etc/ssh Don't forget /boot/grub/device.map, and for C6, /new/boot/grub/grub.conf is right, or for C7, /new/boot/grub2/grub.conf is good. NOTE this will work for identical machines. Otherwise, BEFORE you rotate ou may need to run "mkinitrd" for the latest kernel if the hardware...

Hello all... I have a remote machine running C6. I desire to update it to C7. Not possible to be on-site. Can I copy the Everything ISO for C7 to the machine, mount -o loop C7.Everything.iso /media/cdrom then do a "yum upgrade" ? Will that work? The server is using software raid. Thanks Jerry

On Wed, 18 May 2016 09:30:54 +0100 James Hogarth wrote: > And of course as will be pointed out by many the only right answer is yum > update anyway given cherry picking updates is not supported. The objective is not to cherry pick updates, but rather to install a second system with packages that match the first system. After fine-tuning the installed packages and stripping out the

...s ssh, aix ssh. > >>>> > >>>> the "key changed from known_hosts" error happens if your client had > >>> previously connected with the same "user at hostname" on a previous > >>> installation of the server OS with a different ssh_host_key > >>>> > >>>> > >>>> you need to provide a lot more information if you expect a more > > specific > >>> answer from anyone, like what version of CentOS did you install, what > >>> client software you're using to conn...

...ew/ (exclude anything else you want) > 4. Copy /etc/fstab, /etc/sysconfig/network, > /etc/sysconfig/network-scripts/ifcfg-e*, /boot/grub/device.map, and > /etc/exports, if any, to /boot/new and /new/etc/ > 5. Deal with /new/etc/udev.d/rules/70-persistant-net.rules > 6. copy /etc/ssh/ssh_host* /new/etc/ssh/ > 7. IF THE NEW HARDWARE IS DIFFERENT THAN THE OLD, make a new initrd. > mount --bind /dev /new/dev > mount --bind /sys /new/sys > mount --bind /proc /new/proc > mount --bind /boot/new /new/boot > chroot /new > cd /lib/modules > > VER=$(ls -rt1 | tail -1) &...

On 15/12/15 11:10 AM, m.roth at 5-cent.us wrote: > Traiano Welcome wrote: >> On Tue, Dec 15, 2015 at 6:36 PM, Digimer <lists at alteeve.ca> wrote: >>> On 15/12/15 10:17 AM, Traiano Welcome wrote: >>>> >>>> Is it possible to upgrade from CentOS 6.7 to CentOS 7? > <snip> >>> Given how radically the OS changed, I would strongly advice