similar to: CentOS-6 : DNS resolver for ssh chrooted accounts.

I run a sshd host solely to allow employees to tunnel secure connections to our internal hosts. Some of which do not support encrypted protocols. These connections are chroot'ed via the following in /etc/ssh/sshd_config Match Group !wheel,!xxxxxx,yyyyy AllowTcpForwarding yes ChrootDirectory /home/yyyyy X11Forwarding yes Where external users belong to group yyyyy (primary). We

On Mon, July 6, 2015 15:47, m.roth at 5-cent.us wrote: > James B. Byrne wrote: >> We have a requirement to allow ssh access to a server in order to >> provide a secure link to one of our legacy systems. I would like to >> chroot these accounts. >> >> I have this working except for one small detail, the user's prompt >> in >> the ssh session. Each

Well, I seem to have resolved most of this. In the end I had to create a separate logical link for the chrooted users' home directories that pointed back to their actual directory. It sounds confusing because it is. I first tried this in sshd_conf ChrootDirectory %h and in ~/%h I had created the following mount points: bin dev etc lib lib64 tmp usr Upon which I had hung mounts to

We have a requirement to allow ssh access to a server in order to provide a secure link to one of our legacy systems. I would like to chroot these accounts. I have this working except for one small detail, the user's prompt in the ssh session. Each user has their shell set to /bin/bash in /etc/passwd. However, instead of getting the prompt defined in their .bash_profiles we see this:

On Jan 17, 2017, at 1:37 AM, Darren Tucker <dtucker at zip.com.au> wrote: > On Tue, Jan 17, 2017 at 8:05 PM, Romain Vimont <rom at rom1v.com> wrote: > [..] >> So if I understand correctly, making "ssh -D" create a "full" SOCKS5 >> server, including UDP relay?, would require to add a new SSH request >> type (like "relay-udp")? >

Is there anything special in the way of configuration that is required to enable a CentOS box to act as the point of origin for an http request routed to it via a SOCKS ssh link? I have researched this matter and the recommended procedure is to open an SSH connection to the desired host passing the requisite switches so: ssh -f -n -D <port> user at host.domain.tld And then reconfigure

> Winton-- > > Excellent! Absolutely wonderful. > > I'm wondering which apps/encapsulators support 4A? This gets me > around > the DNS leakage problem quite nicely. > > Incidentally, we do need SOCKS5 support -- if for no other > reason, the > fact that there's *operating system* level support in OSX for SOCKS5 > redirection. So

CentOS-6.6 We have sshd chroot working, mostly, for a particular groupid. However, we have two things that remain u/s, no doubt due to some omission on my part. Basically, we would like our users to be able to tunnel their https over the ssh connection to this server and be able to do X11 forwarding as well. At the moment both work when the user connects without chroot and neither works if

I am testing a chrooted environment for sftp using the internal-sftp subsystem. Now that I seem to have SELinux mostly out of the way, when I do an 'ls -l' after the sftp login I see only numbers for the uids and gids. When I was using scponly I simply had a local version of /etc/passwd and /etc/group but these are evidently not used by the internal sftp subsystem. Is there a way to get

This mornings activity log shows this: . . . From 23.102.132.99 - 2 packets to tcp(3389) From 23.102.133.164 - 1 packet to tcp(3389) From 23.102.134.239 - 2 packets to tcp(3389) From 23.102.136.210 - 3 packets to tcp(3389) From 23.102.136.222 - 2 packets to tcp(3389) From 23.102.137.62 - 3 packets to tcp(3389) From 23.102.137.101 - 2 packets to tcp(3389) From

On Mon, November 24, 2014 16:28, Dave Johansen wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1086971 > I have been able to reproduce the above issue on my home network and at > work, but RedHat is claiming it is not a bug, so can some people on this > list give it a try and see if they can reproduce it? > Thanks, > Dave > > I see this behaviour frequently with X11

Le mardi 17 janvier 2017 ? 9:20 +1100, Darren Tucker a ?crit : > On Tue, Jan 17, 2017 at 1:30 AM, Romain Vimont <rom at rom1v.com> wrote: > [...] > > As a consequence, in particular, a SOCKS5 server started with "ssh -D" > > cannot proxify UDP packets. > > > > Are there deep reasons why OpenSSH does not implement them (security, or > >

Le mercredi 18 janvier 2017 ? 8:55 +1100, Darren Tucker a ?crit : > On Tue, Jan 17, 2017 at 07:42:50AM -0800, Ron Frederick wrote: Thank you for your answers. > [...] > > One thing that makes UDP over SOCKS more complicated for SSH is that > > SOCKS normally keeps the UDP packets it forwards as UDPl, just adding > > a small header to each packet. If you want to get the

We have recently converted our users from a Windows2000Advanced Server AD-DC to a Samba-4.3.11. AD-DC. For the most part this went very well, saving only for the degree of ignorance respecting things MicroSoft evidenced by myself. However, one of our users persistently reports difficulties with their roaming profile. Specifically, their Firefox profile. This did not occur before the change-over

On Mon, April 17, 2017 17:13, Warren Young wrote: > > Also, I???ll remind the list that one of the *prior* times the systemd > topic came up, I was the one reminding people that most of our jobs > summarize as ???Cope with change.??? > At some point 'coping with change' is discovered to consume a disproportionate amount of resources for the benefits obtained. In my sole

Previously, when I did this: >> samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca >> ALL -U administrator Then I saw this: >> Password for [BROCKLEY\administrator]: Now I see this: >> samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca >> ALL -U administrator >> Cannot do GSSAPI to an IP address >>

[root at smb4-1 ~ (master)]# samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca ALL -U administrator Password for [BROCKLEY\administrator]: Name=, Records=4, Children=0 SOA: serial=3, refresh=900, retry=600, expire=86400, minttl=3600, ns=SMB4-1.brockley.harte-lyne.ca., email=hostmaster.brockley.harte-lyne.ca. (flags=600000f0, serial=110, ttl=3600) NS:

I am down to reconciling these last few samba_server startup messages in smbd.log: Item 1. [2020/06/29 11:29:49.887167, 1] ../../source3/printing/printer_list.c:234(printer_list_get_last_refresh) Failed to fetch record! We do not use samba as a print server and no printers are defined for that host. How do we turn off this message? Item 2. [2020/06/29 11:29:49.900481, 1]

On Tue, June 2, 2020 11:13, Rowland penny wrote: > On 02/06/2020 16:03, James B. Byrne via samba wrote: >> Samba-4.11.8 on FreeBSd-12.1p5 >> >> How does one list all of the actual DNS records for Samba administered zones, >> forward and reverse? >> > Try: > > samba-tool dns query localhost brockley.harte-lyne.ca > brockley.harte-lyne.ca ALL -U

I have a linux server with 3 public IPs, and I use SSH tunnelling to connect to each of them. Let's call them: 1.1.1.1 (venet0:0), 1.1.1.2 (venet0:1), 1.1.1.3 (venet0:2). When I tunnel using 1.1.1.1, outgoing IP for the public is: 1.1.1.1. But when I tunnel using 1.1.1.2 or 1.1.1.3, the outgoing IP for the public is still 1.1.1.1. I've been googling for days, and tried relevant channels