similar to: Utility to scan for unpassworded SSH privkeys?

Displaying 20 results from an estimated 1000 matches similar to: "Utility to scan for unpassworded SSH privkeys?"

2013 May 24
5
Utility to scan for unpassworded SSH privkeys?
Hey all, Let's make an assumption: 1) I am a root user on a system. 2) I don't want said system being used as a jumping-off point if either a user account or the root account is compromised. Given an unencrypted private key, plus a known_hosts file, plus bash_history, it's a pretty easy avenue of attack once you're in the front door. And it's happened before*. Thus,
2004 Aug 10
2
SNOM 200 and Asterisk Woes
Okay, this one is driving me nuts. I have a fedora core 1 machine running asterisk from CVS. Built last week. I have a couple of snom phones with the latest firmware. Here's the issue, it's a wierd one. You start up the phones, they register, all is good. They show up in sip show peers like thus: danm/danm 65.125.237.91 D N 255.255.255.255 5060 OK (29 ms)
2008 May 07
2
Forcing a transfer to be one-way from the daemon side?
Hello all, I'm trying to set up a secure way to back up a system as root, with rsync (assume we don't want to kill the bandwidth and want a "snapshot" system for developers in a way that makes dump, tar, etc impractical. We've got an ssh key relationship set up and we can force the command to be rsync --daemon. The problem here is that while this is not only good for
2006 Dec 21
2
Specs for Powercom Kingpro UPSes!
Hey all, I found a pinout of powercom's Kingpro UPSes in their manual. http://www.powercom-ups.com/manuals/kingpro.pdf Page 11. Unfortunately, this doesn't give PROTOCOL details. Does anyone have a "first step" at how to decode that? (for example, how to gauge line speed, how to "snoop" the serial port under windows? (for which the only software exists right
2009 Oct 08
1
Drop Call on ICMP Port Unreachable?
One of our users recently had a powerfail while connected to our meetme gateway. (Asterisk 1.4.17 on debian 4.0) Through the course of it, asterisk never hung up. His system came back up, and started sending ICMP port unreachables, but the stream went on, flooding him with "silence" media stream packets (there was nobody else in the conference). Is asterisk aware of ICMP
2007 Oct 10
2
Homedir Access without exposing whole Homedir.
Hello All, Dovecot 1.0.3 I am coming from UW IMAP, and I'm finding for some reason that mail is getting stored in a variety of places (which I believe, is because by default UW imap allowed access to the entire home directory). All files are mbox. My default delivery location is ~/.mail Thus: * At least a couple of my users have mail in ~/INBOX, as well as ~/INBOX.drafts (not many
2004 Sep 01
1
Odd PRI Behavior
When using a PRI, after the remote party hangs up, asterisk tries to spawn a call to the "h" extension. Is this normal behavior for a pri to try to call the "h" extension to try to clean things up? Call Comes In: -- Executing Dial("Zap/1-1", "SIP/16464436000@AST-237.65") in new stack -- Called 16464436000@AST-237.65 -- Accepting call from
2006 Jun 07
1
Config for powercom 2200
Hey all, I've tried some very base configs with the powercom 2200, but I can't seem to get it to work. Has anyone dealt with these UPSes before, or know if they use the standard powercom drivers? I'd be more than happy to allow access to my test system so someone more knowledgeable can take a look (and am also willing to pay something for the solution of said problem.) -Dan
2004 Aug 17
1
BroadVOX
Guys, For what it's worth, after months of trying to troubleshoot issues with them, and after paying them around $2500 for setup and a down payment (it's unclear what of that will be refunded, if any) BroadVox -- http://www.broadvox.net/ -- decided to terminate our contract without any valid reason, and the only explanation they could cite was "it's because of the software
2004 Aug 19
1
More on Broadvox
Well, in lieu of dropping us, Broadvox has transferred us to their lab switch (keeping our DID's in the process). Now they're complaining that asterisk is sending a Silence-Suppression OFF request of some sort. There's no way to turn this on in asterisk is there? (Yes, I know it will shoot call quality to shit. Otherwise, does anyone know if SER works with silence suppression?
2013 May 23
2
Passwordless auth?
Hey all, I'm in the process of writing some scripts which I want to be able to take actions on my local mailbox. (For example, to move a subset of messages to the trash over time, if unread for a week. To act on messages in my learn-spam folder and then delete them). What occured to me as being a Neat Idea is if Dovecot could honor ident (rfc1413) lookups, from trusted hosts (i.e.
2010 Aug 21
2
What's the point of UseDNS?
According to the manpage: UseDNS Specifies whether sshd should look up the remote host name and check that the resolved host name for the remote IP address maps back to the very same IP address. The default is ``yes''. Thing is, while sshd *checks*, this doesn't actually control whether or not the client is allowed to connect, it seems at most to be an option that causes
2023 Mar 30
0
Legacy Options
Hey there all, I'm mentioning this as a "dev" issue because it's "Docs and Website", not as a general "usage" question. A few years back, I started a thread about RSA768 not being available in SSH client any more, because I had lost access to my APC power strips (which are on a NAT'd network, inside a data center, as a result). I argued that
2007 Jun 04
1
Where to buy a db9 serial port probe
All I apologize if this is slightly off topic, but I'm in the process of trying to get NUT working and I've discovered the need for a serial port probe that is native db9 - native db9 (the thought of hanging a probe plus two db9-db25 adapters plus a cable on a UPS bothers me greatly). I'm not looking for anything fancy, just a little gender changer with a buncha LEDs on it.
2016 Aug 16
1
Possible to use MIT Kerberos yet?
Hey all, $Dayjob currently uses MIT Kerberos. We also use Zimbra with Kerberos auth, but Zimbra's LDAP is only internal to itself. I see various things on the wiki that say "We need MIT Kerberos support cleaned up for a 4.0 release" https://wiki.samba.org/index.php/MIT_Build https://wiki.samba.org/index.php/Samba4/MIT_KDC And the "How to build a domain controller"
2007 Dec 29
1
Odd Values For Powercoms
All, I'm using the Powercom driver from 2.2 (not the one recently mailed to thelist). Since it's a KIN2200AP, I'm using the driver settings right from the manpage. All the values look "sane" when I'm on-line, but note some of the odd values (<-- Here) when on battery: Also, does anyone know if this UPS supports logging of the "boost" or
2018 Jan 02
3
Legacy option for key length?
On Fri, 29 Dec 2017, Daniel Kahn Gillmor wrote: > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: > > Why not make minimum key length a tunable, just as the other options are? > > Because the goal of building secure software is to make it easy to > answer the question "are you using it securely?" This is a nice summation of our approach. It's the
2017 Dec 31
2
Legacy option for key length?
Hello, On Sat, Dec 30, 2017 at 12:16 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net > wrote: > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: > > > > Perhaps if you're dead-set on this being so dangerous, > > It's not the developers who are dead-set on weak-keyed RSA being > insecure, it's the cryptanalysts who have shown that to be the
2017 Dec 31
2
Legacy option for key length?
On 30/12/17 09:46, Daniel Kahn Gillmor wrote > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: >> Why not make minimum key length a tunable, just as the other options >> are? > Because the goal of building secure software is to make it easy to > answer the question "are you using it securely?" > That answer is wrong.? The suggestion, which allowed
2017 Dec 29
5
Legacy option for key length?
All, I occasionally manage some APC PDU devices. I manage them via a VPN, which enforces super-heavy crypto, and their access is restricted to only jumphosts and the VPN. Basically, the only time you need to log into these is when you go to reboot something that's down. Their web UI with SSL doesn't work with modern browsers. Their CPU is...tiny, and their SSHd implementation