Weboide's questions

Is there an option similar to no-user-rc that I can use in sshd_config?

I want to prevent from executing the ~/.ssh/rc file for everybody (whether logging in using a password or key).

Using Openssh 5.3p1.

With Apache2, or iptables, is there a way to refuse visitors if their IP has no reverse DNS, or does not resolve at all?

I have a website targeted to a specific population who has valid reverse DNS. Some spammers and hackers who do not have a reverse DNS come and try to spam/hack my site.

They get refused/denied by my spam blocker but I still want to prevent them to access my website.

Using Linux and Openssh:

A user can connect using ssh to a server on which his key is in the authorized_keys list. His public key is preceded by command="command..." which forces execution of a specific command (non-shell):

command="/path/to/somescript...",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc ssh-rsa AAAff...................

• Is there a way that the user can bypass this command?
• What about sftp? Does sftp work when using a forced command (which is not a shell)?

On a linux server running OpenSSH,

How can I disable sftp access (the sftp subsystem) for a specific user/group?

The user should only be able to access a shell but have no sftp access.

Edit:

The purpose is to give users a ssh key which can only be used to execute one specific command (using the command="..." option in authorized_keys). And they shouldn't be allowed to use sftp. Is it already taken care of when using the command="..." option?

I would like to allow some users to read/write Bazaar repositories on a server using ssh.

I read about using bzr_ssh_path_limiter (with restricted ssh keys) which is a nice tool and seems to do the work. I've also seen that it is possible to use sftp for bazaar.

• Is bazaar ("bzr serve") secure enough that the client cannot execute any shell commands?
• Should I use sftp? Can I restrict access to a folder? and disallow shell commands?

On a Linux machine, there is hosts.allow and hosts.deny to either allow or deny certain hosts to access services running on the machine.

The question is, what exactly is taking care of allowing or refusing those connections? Is there a daemon doing this, or is it the kernel, something else?

I want my website to support both non-SSL and SSL access. What I had to do is copy the non-SSL config and change the port to 443 and add the SSL stuff. Not ideal to administrate!

Is there a way to merge those two configuration?

Here's my current config:

<VirtualHost *:80>
        ServerName www.site.tld
        ServerAlias site.tld

        suPHP_UserGroup site site
        DocumentRoot /path/to/site/www
        <Directory /path/to/site/www>
                AllowOverride All
                Order allow,deny
                allow from all
                Options -MultiViews
        </Directory>

        ExpiresActive On
        ExpiresByType image/gif "access plus 7 days"
        ExpiresByType image/jpeg "access plus 7 days"
        ExpiresByType image/png "access plus 7 days"
        ExpiresByType image/x-icon "access plus 7 days"
        ExpiresByType image/ico "access plus 7 days"
        ExpiresByType text/css "access plus 2 days"
</VirtualHost>

<VirtualHost *:443>
        ServerName www.site.tld
        ServerAlias site.tld

        suPHP_UserGroup site site
        DocumentRoot /path/to/site/www
        <Directory /path/to/site/www>
                AllowOverride All
                Order allow,deny
                allow from all
                Options -MultiViews
        </Directory>

        SSLEngine On
        SSLCertificateFile /etc/ssl/private/site.crt

        ExpiresActive On
        ExpiresByType image/gif "access plus 7 days"
        ExpiresByType image/jpeg "access plus 7 days"
        ExpiresByType image/png "access plus 7 days"
        ExpiresByType image/x-icon "access plus 7 days"
        ExpiresByType image/ico "access plus 7 days"
        ExpiresByType text/css "access plus 2 days"

</VirtualHost>

Running Ubuntu Server Karmic Koala.

I want to backup my certificates and I see that there are lot of symlinks in /etc/ssl/private and I'm not sure why they are here. Does anyone have an idea?

I am running Ubuntu Server Jaunty 9.10 and LAMP.

listing, (I renamed my certs to cert*.crt for privacy):

lrwxrwxrwx 1 root root        9 2010-02-13 16:06 275e5f53 -> cert1.crt
lrwxrwxrwx 1 root root       10 2010-02-12 17:14 2f12eb79 -> cert2.crt
lrwxrwxrwx 1 root root       13 2010-02-12 17:52 3ab06078 -> cert3.crt
lrwxrwxrwx 1 root root       13 2010-02-12 17:52 7d9a024e -> cert3.crt
lrwxrwxrwx 1 root root       13 2010-02-12 14:44 9ed650a1 -> cert3.crt
-rw------- 1 root root     1555 2010-02-13 16:05 cert4.crt
-rw------- 1 root root     1539 2010-02-13 16:05 cert5.crt
lrwxrwxrwx 1 root root        9 2010-02-13 16:05 bd408027 -> cert5.crt
lrwxrwxrwx 1 root root       11 2010-02-15 22:55 ca9258bf -> cert6.crt
-rw------- 1 root root     1535 2010-02-12 17:52 cert3.crt
-rw------- 1 root root     1531 2010-02-12 15:02 cert3.crt.backup
lrwxrwxrwx 1 root root       16 2010-02-13 16:05 d41ee854 -> cert4.crt
lrwxrwxrwx 1 root root       10 2010-02-13 16:06 f44c16b3 -> cert7.crt
-rw------- 1 root root     1539 2010-02-13 16:06 cert1.crt
-rw------- 1 root root     1522 2010-02-12 17:14 cert2.crt
-rw------- 1 root root     1539 2010-02-13 16:06 cert7.crt
-rw------- 1 root root     1547 2010-02-15 22:55 cert6.crt

How does storage works with the ubuntu enterprise cloud?

If I have two disks (on separate machines) with free space 10gb and 20gb, can I have a VM running with 30gb of disk space?

Upon any ssh login/connection (anybody logging in through ssh), is there a way to have a script executed? Using OpenSSH server.

The script should not be modifiable by any of the users, -- of course --, so this should be a system-wide script.

Thanks!

I intend to do some virtualization with either of the two technologies: Ubuntu Enterprise Cloud and VMWare.

I would like to know the advantages (e.g. main features missing in the other one, long-run, financial advantages, support...) of using the Ubuntu Enterprise cloud compared to VMWare.

Thank you.

I need to connect some servers wirelessly and would like to know what other technologies (than Wifi) exist to get an idea of the possibilities.

It would nice to know the pros/cons, limitations.

Thanks

Update:

This is for servers within the same building but different floor/rooms. I'm seeking something with low latency (ethernet-like probably), how is latency with the technologies you all listed?

I have a script which creates a virtual machine and gives me back an IP address. Then I would like to do something like this:

waitforssh 192.168.2.38 && ssh 192.168.2.38

And it will wait for the machine to be up and ssh to be responding, then ssh into it.

waitforssh is the command I need to find.

Would nmap, netcat, fping or ping do the job? I tried netcat but it gives up in just a couple of seconds if the host is unreachable.

It needs to handle the fact that the machine itself is booting and might take some time to respond to network packets.

I got LVM2 installed on Ubuntu Lucid. I have a volume group on /dev/fluid with free space (150Gb). I need to know if LVM is installed and working properly.

How can I test that LVM is working properly?

Thanks

Edit:

I am probably looking for a way to read/write a file in a test volume.

Here's my volume group info, in case it helps:

  --- Volume group ---
  VG Name               fluid
  System ID             
  Format                lvm2
  Metadata Areas        2
  Metadata Sequence No  9
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                1
  Open LV               0
  Max PV                0
  Cur PV                2
  Act PV                2
  VG Size               151,09 GiB
  PE Size               4,00 MiB
  Total PE              38679
  Alloc PE / Size       4864 / 19,00 GiB
  Free  PE / Size       33815 / 132,09 GiB