I managed to lock myself out on AWS marketplace centos 6.3 server. It seems to be a permission issue (SELinux) and needs some reconfiguration. I was going to mount the root drive of the problematic instance on another running instance, but when attaching it i receive the message: 'Marketplace codes may not be attached as a secondary device'. Is there any way out? thanks
I'am wondering what the consequences in linux can be when we assign non default home directory to the users. So, use e.g. /encrypted-home/user instead of /home (that is, btw, also the reason why i am asking) I've already noticed that X-server doesn't function properly and additional configuration is required (i.e. cannot connect to X server). What else could be a potential source of issues? Is changing default home dir a good practice?
thanks
i have a very simple question. I used Yast to configure openldap. It worked. Then I had to change the certificates for SSL/TSL support. I did this trough Yast. However, I gave the path towards the wrong files and as a results, I can't start ldap server anymore. Could someone tell me how i can change the paths to these certificates. Which config files do i need to change? I looked in etc/openldap/slapd.conf, /etc/openldap/ldap.conf, etc/ldap.conf, but it seems i can't find it anywhere.
We are working with opensuse 12.2 thank you!
I have this discussion at work regarding our ftp server running via vsftpd. Initially, we have opted to serve ftpes instead of sftp because this seemed the most flexible and straightforward solution for our server to have secure file transmission.
Afterwards, our ftp server seems to be a source of issues for our end users. Half of the time, users complain about not working ftp connections. I must say, i tested our FTP trough different infrastructures (=in the field, at random times at random places) and indeed, sometimes behind some configurations (=no idea how they are configured, because the 'field' testing), i recieve errors. Some of the are: Error: Failed to retrieve directory listing (filezilla)
Furthermore, behind my basic home configuration, everything seems to be running fine.
I (think I) did all the basic configuration checks (passive mode?, firewall for all ports?, ...) and can't seem to find the source.
Being a bunch of techies at our small office, yet knowing nothing about infrastructure, some start suggesting that ftps protocol could be the source of issues. ("No, i only knew sftp so far" "Ftps is not widespread").
I, however, strongly doubt this hypothesis, since reading around on the www, asking questions on serverfault, everyone seems to deny this.
So, as I would like to avoid reconfiguring, since this involves messing around in our SSH service, our virtual user setup and ftp service, i would need some advice on
1) what could be potentially the general cause?
2) do you have some general tips?
3) would you mind having a look at my configuration file?
----- General Settings -----
write_enable=YES
dirmessage_enable=YES
nopriv_user=ftpsecure
ftpd_banner="Welcome to XXXX FTP!"
hide_ids=YES
hide_file=.*
max_per_ip=10
max_clients=10
local_enable=YES
local_umask=022
chroot_local_user=YES
secure_chroot_dir=/usr/share/empty
userlist_enable=NO
userlist_deny=YES
userlist_file=/etc/vsftp_deny_users
guest_enable=YES
guest_username=ftpvirtual
virtual_use_local_privs=YES
user_sub_token=$USER
local_root=/srv/ftp/ftpvirtual/$USER
anonymous_enable=NO
syslog_enable=NO
xferlog_enable=YES
xferlog_file=/var/log/vsftpd_xfer.log
connect_from_port_20=YES
pam_service_name=vsftpd
listen=YES
listen_port=21
pasv_enable=YES
pasv_min_port=30000
pasv_max_port=30030
pasv_address=foo
ssl_enable=YES
rsa_cert_file=/etc/vsftpd.pem
rsa_private_key_file=/etc/vsftpd.pem
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
ssl_ciphers=HIGH
anon_mkdir_write_enable=NO
anon_root=/srv/ftp
anon_upload_enable=NO
idle_session_timeout=900
log_ftp_protocol=NO
dsa_cert_file=/etc/vsftpd.pem
Thanks
so right now i'am trying to configure vsftpd server for FTP(e)S. It seems i am encountering issues with different clients. Secure FTPD works fine for me. Filezilla not.
The output from Filezilla
tatus: Connecting to foo:21...
Status: Connection established, waiting for welcome message...
Trace: CFtpControlSocket::OnReceive()
Response: 220 "Welcome to FTP!"
Trace: CFtpControlSocket::SendNextCommand()
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 Proceed with negotiation.
Status: Initializing TLS...
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnSend()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::Failure(-12, 53)
Trace: GnuTLS alert 40: Handshake failed
Error: GnuTLS error -12: A TLS fatal alert has been received.
Paste from vsftpd:
# Could be whatever you like, or 990 if you want to use the now-deprecated ftps port.
listen_port=21
# Limit passive ports to this range to assis firewalling
pasv_min_port=30000
pasv_max_port=30003
#May be needed to help packets through some NAT/firewall setups. The address
# is the external ip of the machine, assuming it is a static one.
pasv_address= "foo" ---> we NAT everything so this has the EXTERNAL IP
# Set to ssl_enable=YES if you want to enable SSL
ssl_enable=YES
anon_mkdir_write_enable=NO
anon_root=/srv/ftp
anon_upload_enable=NO
idle_session_timeout=900
log_ftp_protocol=YES
pasv_enable=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=YES
# Path to the certificate and key files (which should be the same file)
rsa_cert_file=/etc/vsftpd2.pem
rsa_private_key_file=/etc/vsftpd2.pem
# No ssl for bad boys
#allow_anon_ssl=NO
# All local logins (i.e. non-anonymous) are forced to use ssl.
force_local_data_ssl=NO
#force_local_logins_ssl=YES
#dsa_cert_file=/etc/vsftpd.pem
require_ssl_reuse=NO
So question is: what goes wrong here? BTW: I am furthermore not completely sure what the difference is between ftps and ftpEs
Thank you
right now, i would like to encrypt data tranmission over ftp. I considered sftp and fpts. After reading the www, I concluded there is a general tendency to favor sftp over ftps (eg. http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c14329/FTPS-vs-SFTP-What-to-Choose.htm). Two main arguments:
- sftp is more advance/secure
- sftp is easier to configure one server side
However, our ftp-server will be used by customers, so there is some flexibility requirement involved here.
As the server is configured right now:
- FTP enables log in only with virtual users
- SSHD has been configured to only accept Private-Public key authentication
SFTP uses SSH and requires for these virtual users to have their private key. However, this conflicts with our flexibility requirement, as we don't want to saddle up the customers with the installation of a PP.
I must say, I have not tested this virtual user and SSH approach troughly, so I am not sure wether it is even compatible with virtual users.
So, given our flexibility requirement and the assumption that virtual users will work over SSH, which of the following solutions should I favor?
- Enable password authentication within SSHD for the virtual users
- Opting for ftps (which seems to be labeled as "deprecated" by vsftpd)
thanks
i'm trying to make ssh work wit pp keys. However after have followed several howto's, I still have issues with the login. Server is opensuse 12.1, client is mac. This is the verbose output:
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.1.139 [192.168.1.139] port 22.
debug1: Connection established.
debug1: identity file /Users/me/.ssh/id_rsa type 1
debug1: identity file /Users/me/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8
debug1: match: OpenSSH_5.8 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.1.139' is known and matches the RSA host key.
debug1: Found key in /Users/me/.ssh/known_hosts:7
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/me/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:
Anyone an idea where to seek? thanks
I have Suse Linux 12.1 and i am trying to mount a single RAID 1 disk, to explore the files in it. However when mounting it:
# mount /dev/sdc1 /mnt/test
mount: unknown filesystem type 'linux_raid_member'
I started reading around and many advised to just force the filessystem type
# mount -t ext4 /dev/sdc1 /mnt/test
mount: /dev/sdc1 already mounted or /mnt/test busy
when trying
umount /dev/sdc1
umount: /dev/sdc1: not mounted
Could someone provide some advise?
I am running my machines insed an ESXI server and it is a virtual disk. However this should not play, as this disks are not used by any other machines
thaknks!