When you encounter error message of "SSH: Agent Admitted Failure To Sign..." with your new ssh key, just simply log off current session and re-login again.
Another way to fix this issue within the current session is to type # ssh-add, then the new key will be added to ssh-agent.
REFERENCE:
http://www.cyberciti.biz/faq/unix-appleosx-linux-bsd-agent-admitted-failuretosignusingkey/
Tuesday, October 30, 2012
ssh port-forwarding in the background
$ ssh -fNL 2222:localhost:2222 pride
REFERENCE :
Lucas, M. W. SSH Mastery: OpenSSH, Tunnels and Keys
REFERENCE :
Lucas, M. W. SSH Mastery: OpenSSH, Tunnels and Keys
Monday, October 29, 2012
chmod -R 700 ~/.ssh for authorized_keys
permission of 700 may be required for correct setup of ssh key authorization!
Sunday, October 28, 2012
chroot sftp & batch it!
1) edit /etc/ssh/sshd_config:
REFERENCES:
http://www.howtoforge.com/chrooted-ssh-sftp-tutorial-debian-lenny
Match User backup
ChrootDirectory /var/backup
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
2) # kill -HUP `cat /var/run/sshd.pid`
3) create the new user, generate key, and set permissions:
# mkdir -p /home/backup/.ssh
# useradd backup
# ssh-keygen -t dsa
# cp id_dsa.pub /home/backup/.ssh/authorized_keys
# mkdir -p /var/backup/dir1
# chown root:wheel /var/backup
# chmod 755 /var/backup
# chown backup /var/backup/dir1
3) edit a batch file, sftp_batch for sftp:
cd dir1
put myfile
4) then, fireup sftp client for batch processing now!
# sftp -b sftp_batch backup@localhost
REFERENCES:
http://www.howtoforge.com/chrooted-ssh-sftp-tutorial-debian-lenny
Saturday, September 15, 2012
syslog to a remote central log host
# vi /etc/syslog.conf
*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none @loghost
auth,daemon,syslog,user.info;authpriv,kern.debug @loghost
=> save then reboot!
*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none @loghost
auth,daemon,syslog,user.info;authpriv,kern.debug @loghost
=> save then reboot!
Wednesday, August 29, 2012
Setting up ftpd
1) edit /etc/rc.conf as below then reboot, or:
ftpd_flags="-DllUSA" # for non-inetd use: ftpd_flags="-D"
2) manually fire up your ftpd:
# /usr/libexec/ftpd -DllUSA
3) edit files as below for setting up details of ftpd, such as welcome message, hostname, denied users, and site-wide nologin. Remember that ftp user shell should be set to /sbin/nologin.
/etc/ftpchroot (important!!)
/etc/shells
/etc/ftpwelcome
/etc/myname
/etc/ftpusers
/etc/nologin
REFERENCES:
http://www.tongatapu.net.to/nix/OpenBSD/ftpServer.htm
http://www.twbsd.org/cht/book/ch15.htm
Monday, August 27, 2012
access logging with pf
1) edit /etc/pf.conf, then run #pfctl -f /etc/pf.conf. Of course you also have to determine $ and <> variables first.
# Ignore IGMP log
# You can add this line if many IGMP packets bothering you.
pass in on $int_if proto igmp all allow-opts
# Port mapping
pass in log on $ext_if proto tcp from <access_list> to $ext_ip port 22 rdr-to $inside_server_ip port 22
2) view pf log as follows.
# tcpdump -n -e -ttt -r /var/log/pflog
# Ignore IGMP log
# You can add this line if many IGMP packets bothering you.
pass in on $int_if proto igmp all allow-opts
# Port mapping
pass in log on $ext_if proto tcp from <access_list> to $ext_ip port 22 rdr-to $inside_server_ip port 22
2) view pf log as follows.
# tcpdump -n -e -ttt -r /var/log/pflog
Subscribe to:
Posts (Atom)