similar to: missing graphics with SNAT

Hi I'm new to tinc vpn and I am currently exploring a use-case we have, of creating a secure mesh over which our own services may run. This may be a basic question, I wasn't able to find a satisfying answer. What is the significance of port 655 with regards to tinc? Lets consider a 4 node setup: We have nodes: [protected] : protected behind a private network in the cloud [bastion]:

Dear Mailing List We are using a ControlMaster with a short ControlPersist to access the bastion host which then gives access to customer hosts. Our Information Security Manager would like to disallow the ControlMaster. His attack scenario is an admin workstation with a compromised root account. An attacker can then use the ControlMaster to trivially get shell access on the bastion host

How I can specify my logoff script in smb.conf? thx... -- Andre Luis Fogagnoli Bastion Security Systems http://www.bastion.com.br tel://+5511.5049.0100 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url :

https://bugzilla.mindrot.org/show_bug.cgi?id=3095 Bug ID: 3095 Summary: SSH CA-signed key fails when port forwarding Product: Portable OpenSSH Version: 7.4p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at

https://bugs.freedesktop.org/show_bug.cgi?id=76605 Priority: medium Bug ID: 76605 Assignee: nouveau at lists.freedesktop.org Summary: Screen corruption and crashes in bastion on NVS-140M (G86) Severity: normal Classification: Unclassified OS: Linux (All) Reporter: matthias at blankertz.org

Ok, so my situation : Connecting to internal machines via a bastion server in AWS. Because I'm raising and tearing down the infrastructure a lot at this stage with Terraform, the IP addresses change. For the management subnet, I have a private DNS zone defined, and a public zone with a record for the bastion server. What I wanted ; to just be able to define a config entry thus : ---

All-- I'm attempting to implement something I've wanted for a while...a stdio link to a TCP port forward, at least for SSH2, but preferably for either protocol. There's certainly no technical reason this can't be done, but the vagaries of terminal / file descriptor handling are posing something of a challenge. Does anyone have any suggestions for "correct"

Thanks, very informative! I was able to generate this digraph and I'm pleased with it since it appears that all my servers behind bastion are directly connected, but nodes outside are not and are routed via bastion http://imgur.com/zEojkMw Here is the digraph itself, if the above link is not accessible: digraph { bastion [label = "bastion", color = "green"];

https://bugzilla.mindrot.org/show_bug.cgi?id=3610 Bug ID: 3610 Summary: Using ControlPath and the -J option Product: Portable OpenSSH Version: 8.9p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

On Wed, Jun 21, 2017 at 04:57:23PM -0700, Nirmal Thacker wrote: > What is the significance of port 655 with regards to tinc? This port is officially reserved for tinc. It is also below number 1024, which means that on most operating systems, only a priviliged user can listen on that port, and prevents regular users from starting tinc on port 655. However, you don't have to use port 655,

Hello, This is not really a shorewall problem. But just wanted to check if this problem rang a bell with any of you. I have a linux router with slackware 9.1, and kernel 2.4.27 Everyting works ok except for access to web sites that use akamai from behind the router. >From the router machine itself I can access those sites without problems. But machines behind nat, take forever to access

Clients: Some sites just show the top area not the full page. Some sites cant be reached at all. I think it 90% may be the MTU/MSS problem. But I already have set the shorewall.conf CLAMPMSS=1400 or CLAMPMSS=Yes, but it doest make things good. I would be mad. Anybody helps me would so appreciated! If you want know more info. to diag my problem, I would be please to.

This patch adds a config file option 'PAMService' that sets the PAM service sshd will use. It should leave the current behavior unchanged if PAMService is not set in the config file (i.e. use __progname for the service or SSHD_PAM_SERVICE if it's set at compile time). The patch is against the current portability release in CVS. Why would you want something like this? I have a machine

Hi all, I noticed a bit of an odd issue with maintaining `known_hosts` when the target machine is behind a bastion using `ProxyJump` or `ProxyCommand` with host key clashes. Client for me right now is OpenSSH_9.3p1 on Gentoo Linux/AMD64. I'm a member of a team, and most of us use Ubuntu (yes, I'm a rebel). Another team who actually maintain this fleet often access the same machines

I see that there''s a thread from September asking a very similar question ("Official puppetlabs position on cron vs puppet as a service?"). I want to ask what should I take into account when making this decision? Just some background: - All my servers are Red Hat or CentOS - We have about 5 servers managed by Puppet now. The goal is to have ~50 servers. These are generally

This pre-recorded message is being sent in response to your recent email to Firewalls-Book-Info. Building Internet Firewalls, Second Edition =========================================== by Elizabeth D. Zwicky, Simon Cooper, and D. Brent Chapman Published by O'Reilly & Associates 2nd Edition June 2000 894 Pages ISBN 1-56592-871-7 List price $49.95 Available through the Internet at a

Hello, Since the ipmasq package has been dropped from debian I decided to migrate to shorewall. My setup is pretty simple: [DSL Modem] -eth0- [shorwall/gateway] -eth1- [local network] ipmasq required that I set the MTU on eth0 to 1492. Migrating to shorewall went well, but a small number of web sites would load slow or not at all. Setting the MTU on eth0 to 1492 and setting CLAMPMSS=Yes

At work I'm used to tools like eTrust Access Control (aka SEOS). eTrust takes away the ability to manage the eTrust config from root and puts it in the hands of "security admin". So there's a good separation of duties; security admin control the security ruleset, but are limited by the OS permissions (so even if they granted themselves permission to modify /etc/shadow, the

> Currently, i have nodes with PMTUDiscovery =yes and ClampMSS = yes. Hello, these features were introduced in 1.0.13 correct ?? I also understand that the two settings are by default "yes" if not explictly set to "no" in the config file. what may happen if I have a network with mixed versions from 1.0.11 and 1.0.13, where the older daemons do not implement that feature

Hi, Thank for all your reply, here the details of the product : https://www.wallix.com/en/access-manager/ ? Customizable admin portal: Fully customize the design of your administrative portal. Determine how it classifies files, and how files are transferred between workstations and targeted Windows sources. Plus, quickly communicate with different target Bastions via the encrypted https