similar to: ssh and X11Forwarding

Hello, what is the right way to disable XFree86 and wdm listening ports tcp 6000 and tcp 1024. I read in man XFree86 about the -nolisten tcp option and tried to set in /usr/X11R6/lib/X11/xdm :0 local /usr/X11R6/bin/X -nolisten tcp but it was not successful. What is the right way to close the ports without use of IPFW? Your help would be appreciated. Thank?s Wolfgang

I am running 2.1.1p4 on RedHat Linux and several Solaris boxes. I have X11Forwarding set to yes in .ssh/ssh_config, as well as all of the sshd_config files. Works just fine between machines inside my firewall, but I can't forward X11 clients from outside the firewall. We have a PIX doing NAT. Any idea what I'm missing?

I have just installed openssh-1.2.2p1-1 on two of my machines and I have one problem. I have X11Forwarding yes in my /etc/ssh/sshd_config but when I try to ssh to that machine I get this when i try to start rxvt: [pucko at b202 pucko]$ rxvt X11 connection rejected because of wrong authentication. X connection to b202.ryd.student.liu.se:11.0 broken (explicit kill or server shutdown). [pucko

Hi! Several people noticed problems with openssh Version 1.2.2 through 1.2.3 related to X11 forwarding under Linux. For example: Magnus Holmberg <pucko at lysator.liu.se> wrote: > I have just installed openssh-1.2.2p1-1 > on two of my machines and I have one problem. > > I have > X11Forwarding yes > in my /etc/ssh/sshd_config > > but when I try to ssh to that

On 13/10/2017 15:29, Michael Felt wrote: > This verifies it is xauth related: > > debug3: sending debug message: No xauth program; cannot forward with > spoofing. > > so, added an extra debug - and this is what I see: > > debug1: session_input_channel_req: session 0 req x11-req > debug3: setup_x11fwd: xauth_location == /usr/X11R6/bin/xauth > debug3: sending debug

On 13/10/2017 08:03, Damien Miller wrote: > On Thu, 12 Oct 2017, Michael Felt wrote: > >> On 08/10/2017 23:32, Michael Felt wrote: >>> On 04/10/2017 11:07, Michael Felt wrote: >>>> I do not often use X11 - but when I do I prefer to enable >>>> X11forwarding, and when finished - turn it off. This is preferable, >>>> imho, to having

Greetings, I'm running OpenSSH_2.5.2p2, and OpenSSL-0.9.6a, on BSD/OS 4.0. Following the FAQ, I added the following line to my sshd_config in order to enable X11 forwarding: X11Forwarding yes Now openssh is disconnecting my sessions immediately after authentication and login with the following error messages: "error: socket: Protocol not supported" "Disconnecting: Command

On 9 Jul 2004 at 13:11, Daniel Brown wrote: > On the other hand, I've run across a sysadmin who always enables his > toor accounts -- and changes its shell to bash. As a result, not only > is there an alternate root account (good in case 'root' trampled on by > accident or purpose), but you can get root bash as a login shell while > leaving the real root to its normal

On 08/10/2017 23:32, Michael Felt wrote: > On 04/10/2017 11:07, Michael Felt wrote: >> I do not often use X11 - but when I do I prefer to enable >> X11forwarding, and when finished - turn it off. This is preferable, >> imho, to having "clear" X11 processing when local - and otherwise >> impossible when working remote. >> >> Working with

I do not often use X11 - but when I do I prefer to enable X11forwarding, and when finished - turn it off. This is preferable, imho, to having "clear" X11 processing when local - and otherwise impossible when working remote. Working with openssh-7.5p2 I cannot figure out what (extra) I need to do with sshd_config to get it working. I know that there is a security-fix starting with

Does anyone know of a way to rate limit ssh connections from an IP address ? We are starting to see more and more brute force attempts to guess simple passwords "/usr/sbin/inetd -wWl -C 10" is nice for slowing down attempts to services launched via inetd. Is there an equiv method for doing this to sshd? Running from inetd has some issues supposedly. ---Mike

I'm working with a FreeBSD user -- a teacher -- who's running KDE on a system on which she neither has nor wants root privileges. She wants to be able to mount and unmount floppies and ZIP cartridges from within KDE, using the standard KwikDisk utility (which, by the way, generates mount and unmount command that don't conform to FreeBSD syntax; however, it appears possible to fix this

How 'bout PAM? /usr/ports/security/pam_ldap. If you have machines that can't do PAM, perhaps NIS is the way to go (assuming, of course, you're behind a firewall). You can store login information in LDAP like you want, then use a home-grown script to extract the information to a NIS map. Or, if you have a Solaris 8 machine lying around, you can cut out the middle step and use

Hello, What do you recommend for keeping track of user activities? For preserving bash histories I followed these recommendations: http://www.defcon1.org/secure-command.html They include using 'chflags sappnd .bash_history', enabling process accounting, and the like. My goal is to "watch the watchers," i.e. watch for abuse of power by SOC people with the ability to view

Hi list Several people have physical access to my FreeBSD box and I have the feeling that somebody try to get access with boot -s options . Can I log activity after boot -s option (change user password, install software and etc.). I use boot -s and change user password, but after reboot i can't find this atcivity in log files. The BSD box is shutdown and run again many time at day. Best

I'm constructing a Web server which may require restricted areas of the site to be used from public places where a password might be sniffed. The damage that could be done by taking snapshots of the content from one session with a spy program is minimal. What the owner of the server does NOT want, though, is to allow unauthorized parties to gain unfettered access by stealing the password via

Is anyone successfully using some sort of hardware crypto solution to combat the overhead of SSL in http transactions? I'd love to hear anything good or bad about this. -Bill -- -=| Bill Swingle - <unfurl@(dub.net|freebsd.org)> -=| Every message PGP signed -=| PGP Fingerprint: C1E3 49D1 EFC9 3EE0 EA6E 6414 5200 1C95 8E09 0223 -=| "Computers are useless. They can only give you

Hello, I recently did a 'make world' to update my base system due to the realpath bug. After that finished, I noticed that I still had the following statically compiled binaries laying around that did not get updated during a 'make world'. I track 4-STABLE. /usr/bin/miniperl /sbin/mount_kernfs /sbin/mount_devfs /sbin/modunload /sbin/modload /sbin/ft /stand/boot_crunch /stand/find

Hi, I'm pondering building my own SSL accelerator out of a multi-CPU FreeBSD system and a crypto accelerator. What's the recommended hardware crypto accelerator card these days? Thanks, ==ml -- Michael Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org Today's chance of throwing it all away to start a goat farm: 49.1% http://www.BlackHelicopters.org/~mwlucas/

Howdy list, Sorry if this is a frequently discussed topic, or an off-topic question, but I couldn't find much info about my question by performing quick searches in the archives, and my question is pretty tightly related to security... Background: =========== I have a number of FreeBSD machines. Most are 4.x, but a few are 5.x (mainly the testing/devel machines). I also have a single Red