similar to: Utility to scan for unpassworded SSH privkeys?

Hey all, Let's make an assumption: 1) I am a root user on a system. 2) I don't want said system being used as a jumping-off point if either a user account or the root account is compromised. Given an unencrypted private key, plus a known_hosts file, plus bash_history, it's a pretty easy avenue of attack once you're in the front door. And it's happened before*. Thus,

Okay, this one is driving me nuts. I have a fedora core 1 machine running asterisk from CVS. Built last week. I have a couple of snom phones with the latest firmware. Here's the issue, it's a wierd one. You start up the phones, they register, all is good. They show up in sip show peers like thus: danm/danm 65.125.237.91 D N 255.255.255.255 5060 OK (29 ms)

Hello all, I'm trying to set up a secure way to back up a system as root, with rsync (assume we don't want to kill the bandwidth and want a "snapshot" system for developers in a way that makes dump, tar, etc impractical. We've got an ssh key relationship set up and we can force the command to be rsync --daemon. The problem here is that while this is not only good for

Hey all, I found a pinout of powercom's Kingpro UPSes in their manual. http://www.powercom-ups.com/manuals/kingpro.pdf Page 11. Unfortunately, this doesn't give PROTOCOL details. Does anyone have a "first step" at how to decode that? (for example, how to gauge line speed, how to "snoop" the serial port under windows? (for which the only software exists right

One of our users recently had a powerfail while connected to our meetme gateway. (Asterisk 1.4.17 on debian 4.0) Through the course of it, asterisk never hung up. His system came back up, and started sending ICMP port unreachables, but the stream went on, flooding him with "silence" media stream packets (there was nobody else in the conference). Is asterisk aware of ICMP

Hello All, Dovecot 1.0.3 I am coming from UW IMAP, and I'm finding for some reason that mail is getting stored in a variety of places (which I believe, is because by default UW imap allowed access to the entire home directory). All files are mbox. My default delivery location is ~/.mail Thus: * At least a couple of my users have mail in ~/INBOX, as well as ~/INBOX.drafts (not many

When using a PRI, after the remote party hangs up, asterisk tries to spawn a call to the "h" extension. Is this normal behavior for a pri to try to call the "h" extension to try to clean things up? Call Comes In: -- Executing Dial("Zap/1-1", "SIP/16464436000@AST-237.65") in new stack -- Called 16464436000@AST-237.65 -- Accepting call from

Hey all, I've tried some very base configs with the powercom 2200, but I can't seem to get it to work. Has anyone dealt with these UPSes before, or know if they use the standard powercom drivers? I'd be more than happy to allow access to my test system so someone more knowledgeable can take a look (and am also willing to pay something for the solution of said problem.) -Dan

Guys, For what it's worth, after months of trying to troubleshoot issues with them, and after paying them around $2500 for setup and a down payment (it's unclear what of that will be refunded, if any) BroadVox -- http://www.broadvox.net/ -- decided to terminate our contract without any valid reason, and the only explanation they could cite was "it's because of the software

Well, in lieu of dropping us, Broadvox has transferred us to their lab switch (keeping our DID's in the process). Now they're complaining that asterisk is sending a Silence-Suppression OFF request of some sort. There's no way to turn this on in asterisk is there? (Yes, I know it will shoot call quality to shit. Otherwise, does anyone know if SER works with silence suppression?

Hey all, I'm in the process of writing some scripts which I want to be able to take actions on my local mailbox. (For example, to move a subset of messages to the trash over time, if unread for a week. To act on messages in my learn-spam folder and then delete them). What occured to me as being a Neat Idea is if Dovecot could honor ident (rfc1413) lookups, from trusted hosts (i.e.

According to the manpage: UseDNS Specifies whether sshd should look up the remote host name and check that the resolved host name for the remote IP address maps back to the very same IP address. The default is ``yes''. Thing is, while sshd *checks*, this doesn't actually control whether or not the client is allowed to connect, it seems at most to be an option that causes

Hey there all, I'm mentioning this as a "dev" issue because it's "Docs and Website", not as a general "usage" question. A few years back, I started a thread about RSA768 not being available in SSH client any more, because I had lost access to my APC power strips (which are on a NAT'd network, inside a data center, as a result). I argued that

All I apologize if this is slightly off topic, but I'm in the process of trying to get NUT working and I've discovered the need for a serial port probe that is native db9 - native db9 (the thought of hanging a probe plus two db9-db25 adapters plus a cable on a UPS bothers me greatly). I'm not looking for anything fancy, just a little gender changer with a buncha LEDs on it.

Hey all, $Dayjob currently uses MIT Kerberos. We also use Zimbra with Kerberos auth, but Zimbra's LDAP is only internal to itself. I see various things on the wiki that say "We need MIT Kerberos support cleaned up for a 4.0 release" https://wiki.samba.org/index.php/MIT_Build https://wiki.samba.org/index.php/Samba4/MIT_KDC And the "How to build a domain controller"

All, I'm using the Powercom driver from 2.2 (not the one recently mailed to thelist). Since it's a KIN2200AP, I'm using the driver settings right from the manpage. All the values look "sane" when I'm on-line, but note some of the odd values (<-- Here) when on battery: Also, does anyone know if this UPS supports logging of the "boost" or

On Fri, 29 Dec 2017, Daniel Kahn Gillmor wrote: > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: > > Why not make minimum key length a tunable, just as the other options are? > > Because the goal of building secure software is to make it easy to > answer the question "are you using it securely?" This is a nice summation of our approach. It's the

Hello, On Sat, Dec 30, 2017 at 12:16 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net > wrote: > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: > > > > Perhaps if you're dead-set on this being so dangerous, > > It's not the developers who are dead-set on weak-keyed RSA being > insecure, it's the cryptanalysts who have shown that to be the

On 30/12/17 09:46, Daniel Kahn Gillmor wrote > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: >> Why not make minimum key length a tunable, just as the other options >> are? > Because the goal of building secure software is to make it easy to > answer the question "are you using it securely?" > That answer is wrong.? The suggestion, which allowed

All, I occasionally manage some APC PDU devices. I manage them via a VPN, which enforces super-heavy crypto, and their access is restricted to only jumphosts and the VPN. Basically, the only time you need to log into these is when you go to reboot something that's down. Their web UI with SSL doesn't work with modern browsers. Their CPU is...tiny, and their SSHd implementation