I implemented a ssh conection from the outside to my intranet. This ssh requires a username and a password.
In terms of security what is more secure: require authentication (username and password) or having the public key of each user that connects to our intranet in the
authorized public key lists (in this case there is no need for username and password)?
In the second case there is no need of authentication and only the users wich have the public keys in the list are allowed to enter in my intranet.
This second solution is a good solution or that brings other security problems ?
"Keep your friends close, but your enemies closer."
"Do or do not. There is no try" - Yoda
Thanks for all the replies up to now!
> i don't know any service on port 1024
I should look closely at this port next time I meet it and detect the
owner of the process using that port. Thanks to advice!
> this is what i found about port 1987
> tr-rsrb-p1 1987/tcp #cisco RSRB Priority 1 port
> tr-rsrb-p1 1987/udp #cisco RSRB Priority 1 port
> maybe one of the cisco guys know what this service
> is exactly for.
Well, that would be great to know what hides behind this... Funny, I have
SuSE 6.3 with Firewall4.4 and I don't think that such ports should be
running nmap lately on my host revealed some open ports which I couldn't
1) port 1987 with service named something like "trsrb-p1" (don't
remember the name exactly, since the open port vanished after a while)
2) port 1024 with service "unknown"
What are those ports used for? Especially the first one with that strange
name I have never seen so far... I coudln't find any hints in
/etc/inetd.conf nor in /etc/services.
I just looked to netsaint and I like it :) I set it up a little,
first some PING and other network-based tests only.
Now I want to collect remote informations (i.e. load). The
onliest possibility are SSH connects. It's not practicable to
install some "sensors" or so remotly, at least not manually or as
deamon. I would like to ssh connect a single (!) script which
gaters the informations. I think such a script (perl or shell)
should exists, but I haven't found one. I have not found
informations how to collect such informations remotly in a secure
manner. Could somebody point me to some informations?
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.
I just wrote a shell script which looks like this:
I executed it as normal user and then the following happened: As you can
imagine, very many shells were started (i wasnt able to count them because
the system wasnt responding any more). And then the system started killing
system processes like X and smbd. I got the following output on console 10:
Apr 23 09:11:54 AlBundy kernel: VM: killing process kmail
Apr 23 09:12:52 AlBundy kernel: VM: killing process smbd
Apr 23 09:13:03 AlBundy kernel: VM: killing process smbd
Apr 23 09:13:05 AlBundy kernel: VM: killing process xconsole
Apr 23 09:13:13 AlBundy kernel: VM: killing process X
The system recovered itself by killing X. That worked because i started the
script from a shell in KDE. But if the script would be started within a
telnet session, it could be more dangerous.
I dont know if this is a security hole, but it might be.
SuSE 7.0 (kernel 2.2.18)
Lots of updates and patches installed
PII 350 MHz
320 MB RAM
BezRegMS (NRW, Germany)
Software developer (trainee)
PS.: This is my first mail to the mailing list. Sorry if its OT or
i have a single linux workstation and i want to learn kerberos. Is
it enough (and safe) to atleast know the basics ?
(Sridhar N) www:omicron.symonds.netpubkeys:omicron.symonds.net/pubkeys
C O G I T O E R G O S U M
Has anybody here read about the european cybercrime act? It distrubs me quite
much to not have seen anything on slashdot and in this list about it.
Do you no what impact this thing will have on our work?
It will make our work nearly impossible by making it illegal to use tools
like nmap, nessus, statan under ANY circumstances.
This thing will become a LAW within the next few weeks (probably months). It
has got that far that there is only one voting left to make it a law, and
there is nobody there who knows a thing about security and privacy and they
will harm ALL of us.
P.S.: The draft is located here http://stars.coe.int/doc/doc01/EDOC9031.htm
I was running in the following trouble. At first a systemdescription:
SuSE 7.1 Kernel 2.2.18 (not recompiled), squid 2.3STABLE4, Ethernet to
DSL-Modem using pppoed,
Network Devices: eth0 Intranet, eth1 - ppp0 Internet.
Everything works fine after startup the system and connecting to my provider
using the "Internet Dial-In" . Firewall and squid are comming up
boottime (controlled by rc.config) but the dialup itself is done manually
(using the icon down right in KDE2 after configuring ADSL with yast2).
My provider (Verizon) have no Proxy, but two DNS-Servers. All entries are
done properly after dialin (/etc/resolv.conf etc.).
So, when I disconnect, using this icon down right (or stopping the pppoe
service on commandline) and reconnecting I have no response from the internet
and I receive the following in my "/var/log/messages":
Apr 27 16:56:37 l7boston kernel: Packet log: input DENY ppp0 PROTO=17
18.104.22.168:53 22.214.171.124:1077 L=246 S=0x00 I=48363 F=0x4000 T=248
repeat interval is about 5 seconds.
Seems to be fine because my firewall works pretty good - too good.
So, I tried the following:
1. restarting squid -> everything works fine
2. When I cut the connection (without doing '1.') and edit my
"/etc/rc.config.d/firewall.rc.config" making the follwoing adjustment:
FW_SERVICES_EXTERNAL_UDP="1077" (the port rejected from firewall in the
messages file) and reconnect, everithing works fine.
3. restarting squid after doing '2.' results in the following message
Apr 27 16:56:37 l7boston kernel: Packet log: input DENY ppp0 PROTO=17
126.96.36.199:53 188.8.131.52:1078 L=246 S=0x00 I=48363 F=0x4000 T=248
Look at the port. At this time it is 1078.
When I try commandline tools like nslookup it works. I can change the browser
settings (netscape or konqueror) to direct internet connection and everything
Who knows a solution or is that a feature ?
best regards (oder auch viele Gruesse)
Peabody, MA 01960
Lets say u have one machine that is a log server for several others. Can
anyone recommend a good script / tool / whatever to parse the logfile and
extract relevant information out of it?
I have tried several allready, but id like to hear opinions of ppl who
allready used remote loggin for a while .. im pretty new to this.
Mit freundlichen Grüßen
Alexander Bien - Technical Assistant - SBU Services
Josef-Lammerting-Allee 14-18, 50933 Cologne - Germany
Tel.: +49 (0)172 7760569 - Fax: +49 (0)221 770 2815
mailto:firstname.lastname@example.org - http://www.pironet-ndh.com
Ok, I have just installed SuSE 6.4 and have been
updating it for the past 2 days. I have every new
programs/file/doc you can probably think of. Of course
I wouldn't have every new programing from the new
version of SuSE 7.1. I was wondering if it would be a
good idea to upgrade? (I want to upgrade kernels too,
that I will do in time).
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices