Militantly FREE software support.
Militantly FREE software support.
NavigationUser loginSpam?See spam posts on this site? If so, please don't reply to the spam! Instead, just report the URL to the webmaster. |
bootsplash or usplashI am running debian etch.Previously in sarge I used to run bootsplash with hiccups for progress bars.I tried usplash in etch. I got gui only during shutdown not during boot.I will be thankful if somebody, who used both, can throw somelight on selecting among these two. Bookmark/Search this post with: 
|
• Debian Weekly News - Essential reading for any Debian fan. • Documentation - Debian's own authoritative documentation, including installation docs. • FAQ - Got questions about Debian GNU/Linux? • From Windows to Debian - Tips for converting from Windows to Debian GNU/Linux • Package of the Day. • Security - Security information and alerts! • Bug System - Bug tracking and instructions on reporting bugs. • CD Images - Where/how to get Debian GNU/Linux CD images. • Mailing List Subscription - Dozens of Debian-specific support mailing lists! • Mailing List Archives - Searchable archives of Debian's mailing lists. • Free Software Guidelines - Learn Debian's idea of what "free" software really is. • Package Listings - A very valuable tool: searchable, integrated with bug reports. • Apt-Get Sources - Sources for *.debs which are not official Debian packages. • Backports - Unofficial new software packages that have been "back-ported" to work with the Debian stable/official release. • Developer's Corner - Info about the people behind Debian, policies, and how to package *.deb files.
bootsplash or usplash
On Tue, 2007-02-27 at 10:58 -0800, L.V.Gandhi wrote:
> I am running debian etch.
> Previously in sarge I used to run bootsplash with hiccups for progress
> bars.
> I tried usplash in etch. I got gui only during shutdown not during
> boot.
> I will be thankful if somebody, who used both, can throw somelight on
> selecting among these two.
A couple of manual steps need to be taken to get usplash to work in
debian, see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=397954
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=383327
There's also another userspace splashscreen called splashy, but only in
unstable.
--
Cheers,
Sven Arvidsson
http://www.whiz.se
PGP Key ID 760BDD22
ssh
Hi All:
Is anyone aware of a friendly openssh (including
server) that installs on Debian etch and allows
interactive connections secured by pubkeys?
I installed ssh and openssh-server from debian. OK
using password, though I met problems in configuring
for pubkeys (ssd_config comes with "UsePAM yes"
"PermitRootLogin yes" #AuthorizedKeysFile %h/
.ssh/authorized_keys" (does %h refer to every user?).
Tired with trial-and-error I hope to find an easir
groung elsewhere.
Not anyone is a professional administrator, though
many of us have to get the OS running. A bit more
comments of the config file would help.
Thanks
francesco pietra
____________________________________________________________________________________
Be a PS3 game guru.
Get your game face on with the latest PS3 news and previews at Yahoo! Games.
http://videogames.yahoo.com/platform?platform=120121
--
ssh
The standard ssh for etch is all you need.
man ssh-keygen will show you how to create a public key
You should probably look through the documentation in
/usr/share/doc/openssh-client.
Cheers
James
On 28/02/07, Francesco Pietra wrote:
> Hi All:
> Is anyone aware of a friendly openssh (including
> server) that installs on Debian etch and allows
> interactive connections secured by pubkeys?
>
> I installed ssh and openssh-server from debian. OK
> using password, though I met problems in configuring
> for pubkeys (ssd_config comes with "UsePAM yes"
> "PermitRootLogin yes" #AuthorizedKeysFile %h/
> .ssh/authorized_keys" (does %h refer to every user?).
> Tired with trial-and-error I hope to find an easir
> groung elsewhere.
>
> Not anyone is a professional administrator, though
> many of us have to get the OS running. A bit more
> comments of the config file would help.
>
> Thanks
>
> francesco pietra
>
>
>
> ____________________________________________________________________________________
> Be a PS3 game guru.
> Get your game face on with the latest PS3 news and previews at Yahoo! Games.
> http://videogames.yahoo.com/platform?platform=120121
>
>
> --
ssh
Francesco Pietra wrote:
> Hi All:
> Is anyone aware of a friendly openssh (including
> server) that installs on Debian etch and allows
> interactive connections secured by pubkeys?
>
> I installed ssh and openssh-server from debian. OK
> using password, though I met problems in configuring
> for pubkeys (ssd_config comes with "UsePAM yes"
> "PermitRootLogin yes" #AuthorizedKeysFile %h/
> .ssh/authorized_keys" (does %h refer to every user?).
> Tired with trial-and-error I hope to find an easir
> groung elsewhere.
>
> Not anyone is a professional administrator, though
> many of us have to get the OS running. A bit more
> comments of the config file would help.
>
> Thanks
>
> francesco pietra
>
>
>
> ____________________________________________________________________________________
> Be a PS3 game guru.
> Get your game face on with the latest PS3 news and previews at Yahoo! Games.
> http://videogames.yahoo.com/platform?platform=120121
>
>
>
I think what you are looking for is :
PubkeyAuthentication yes
then put your public key on the remote machine in
~/.ssh/authorized_keys . also make sure that file is chmod'd to 600
hth
jeff
--
ssh
On 2/27/07, jeffd wrote:
> Francesco Pietra wrote:
> > Hi All:
> > Is anyone aware of a friendly openssh (including
> > server) that installs on Debian etch and allows
> > interactive connections secured by pubkeys?
> >
> > I installed ssh and openssh-server from debian. OK
> > using password, though I met problems in configuring
> > for pubkeys (ssd_config comes with "UsePAM yes"
> > "PermitRootLogin yes" #AuthorizedKeysFile %h/
> > .ssh/authorized_keys" (does %h refer to every user?).
> > Tired with trial-and-error I hope to find an easir
> > groung elsewhere.
> >
> > Not anyone is a professional administrator, though
> > many of us have to get the OS running. A bit more
> > comments of the config file would help.
> >
> > Thanks
> >
> > francesco pietra
> >
> >
> >
> > ____________________________________________________________________________________
> > Be a PS3 game guru.
> > Get your game face on with the latest PS3 news and previews at Yahoo! Games.
> > http://videogames.yahoo.com/platform?platform=120121
> >
> >
> >
> I think what you are looking for is :
> PubkeyAuthentication yes
>
> then put your public key on the remote machine in
> ~/.ssh/authorized_keys . also make sure that file is chmod'd to 600
Some time ago i wrote this,
http://linux.go2linux.org/node/16
--
Guillermo Garron
"Linux IS user friendly... It's just selective about who its friends are."
(Using FC6, CentOS4.4 and Ubuntu 6.06)
http://feeds.feedburner.com/go2linux
http://www.go2linux.org
--
ssh
On Tue, Feb 27, 2007 at 04:59:14PM -0800, jeffd wrote:
> >
> I think what you are looking for is :
> PubkeyAuthentication yes
>
Don't forget to also set "ChallengeResponseAuthentication no" in the
sshd_config.
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
ssh
On 2/28/07, Francesco Pietra wrote:
> Hi Guillermo:
>
> I must have done something wrong because I already
> tried unsuccessfully what you suggest.
Sorry I made something wrong, i have just updated my page
http://linux.go2linux.org/node/16
but the problem was that when you execute the command,
ssh-keygen -t rsa, you need to leave the passphrase empty, or it will
not work, please try again, I have just tried on two PCs i have with
the same root/pass user/pass combinations on both and worked.
regards,
Guillermo.
>
> I must say that on the two machines (Athlon i386,
> where the graphical interface in my HOME) and
> multi-dual-opteron (where the QM program in my HOME)
> both at the same router and with the need to have
> access to internet from the i386, I am both root and
> user with the same username and passwords. May be that
> confusing the system?
>
> If I change username with "chfn" what about the many
> env variables?
>
> Thanks
> francesco
>
> --- Guillermo Garron
> wrote:
>
> > On 2/27/07, jeffd wrote:
> > > Francesco Pietra wrote:
> > > > Hi All:
> > > > Is anyone aware of a friendly openssh (including
> > > > server) that installs on Debian etch and allows
> > > > interactive connections secured by pubkeys?
> > > >
> > > > I installed ssh and openssh-server from debian.
> > OK
> > > > using password, though I met problems in
> > configuring
> > > > for pubkeys (ssd_config comes with "UsePAM yes"
> > > > "PermitRootLogin yes" #AuthorizedKeysFile %h/
> > > > .ssh/authorized_keys" (does %h refer to every
> > user?).
> > > > Tired with trial-and-error I hope to find an
> > easir
> > > > groung elsewhere.
> > > >
> > > > Not anyone is a professional administrator,
> > though
> > > > many of us have to get the OS running. A bit
> > more
> > > > comments of the config file would help.
> > > >
> > > > Thanks
> > > >
> > > > francesco pietra
> > > >
> > > >
> > > >
> > > >
> >
> ____________________________________________________________________________________
> > > > Be a PS3 game guru.
> > > > Get your game face on with the latest PS3 news
> > and previews at Yahoo! Games.
> > > >
> > http://videogames.yahoo.com/platform?platform=120121
> > > >
> > > >
> > > >
> > > I think what you are looking for is :
> > > PubkeyAuthentication yes
> > >
> > > then put your public key on the remote machine in
> > > ~/.ssh/authorized_keys . also make sure that file
> > is chmod'd to 600
> >
> > Some time ago i wrote this,
> >
> > http://linux.go2linux.org/node/16
> >
> >
> > --
> > Guillermo Garron
> > "Linux IS user friendly... It's just selective about
> > who its friends are."
> > (Using FC6, CentOS4.4 and Ubuntu 6.06)
> > http://feeds.feedburner.com/go2linux
> > http://www.go2linux.org
> >
> >
> > --
> > To UNSUBSCRIBE, email to
> >
> > with a subject of "unsubscribe". Trouble? Contact
> >
> >
> >
>
>
>
>
> ____________________________________________________________________________________
> Any questions? Get answers on any topic at www.Answers.yahoo.com. Try it now.
>
--
Guillermo Garron
"Linux IS user friendly... It's just selective about who its friends are."
(Using FC6, CentOS4.4 and Ubuntu 6.06)
http://feeds.feedburner.com/go2linux
http://www.go2linux.org
--
ssh
On Wed, Feb 28, 2007 at 07:58:20AM -0400, Guillermo Garron wrote:
>
> but the problem was that when you execute the command,
> ssh-keygen -t rsa, you need to leave the passphrase empty, or it will
> not work, please try again, I have just tried on two PCs i have with
> the same root/pass user/pass combinations on both and worked.
>
Maybe I missed something, but are you talking about generating host keys
or user keys?
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
ssh
On 2/28/07, Roberto C. Sanchez <roberto@connexer.com> wrote:
On Wed, Feb 28, 2007 at 07:58:20AM -0400, Guillermo Garron wrote:>> but the problem was that when you execute the command,> ssh-keygen -t rsa, you need to leave the passphrase empty, or it will> not work, please try again, I have just tried on two PCs i have with
> the same root/pass user/pass combinations on both and worked.>Maybe I missed something, but are you talking about generating host keysor user keys?Regards,-Roberto--Roberto C. Sanchez
http://people.connexer.com/~robertohttp://www.connexer.com-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFF5Y/I1snWssAFC08RAm4aAJ9CHnJRVXpb5pfUfJ5vjT7aE4qE5ACfehF1V3Wejten44Wmry5uvQN5qiY==uAaT-----END PGP SIGNATURE-----Hi!Usually I do not change anything in ssh configuration. All I do is this:
On source machine: user1@host1:~$ ssh-keygen -t dsa<use empty passphrase>user1@host1:~$ cat ~/.ssh/id_dsa.pubOn destination machine: user2@host2:~$ vi ~/.ssh/authorized_keys
<paste the content of user1@host1's id_dsa.pub and save the file>Now you should be able to do:
user1@host1:~$ ssh user2@host2 without needing to type any password. Hope this helps.Cheers
ssh
On Wed, Feb 28, 2007 at 03:42:48PM +0100, Giacomo Montagner wrote:
>
>
> Hi!
> Usually I do not change anything in ssh configuration. All I do is this:
>
> On source machine:
>
> user1@host1:~$ ssh-keygen -t dsa
>
>
> user1@host1:~$ cat ~/.ssh/id_dsa.pub
>
> On destination machine:
> user2@host2:~$ vi ~/.ssh/authorized_keys
>
>
> Now you should be able to do:
> user1@host1:~$ ssh user2@host2
>
> without needing to type any password.
>
> Hope this helps.
>
Ahh. That's what I was afraid of. Having ssh keys without a passphrase
is convenient, but very insecure. You are better off without the keys.
For the longest time I did not understand that, then some kind soul on
this list pointed to ssh-agent and keychain. Very minor inconvenience
(enter the passphrase once when you login), and *much* more secure.
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
ssh
On Wed, 2007-02-28 at 09:55 -0500, Roberto C. Sanchez wrote:
> Ahh. That's what I was afraid of. Having ssh keys without a passphrase
> is convenient, but very insecure. You are better off without the keys.
> For the longest time I did not understand that, then some kind soul on
> this list pointed to ssh-agent and keychain. Very minor inconvenience
> (enter the passphrase once when you login), and *much* more secure.
Another great package is libpam-ssh, unlocking your ssh keys at login
time, meaning you will only need to type a password once.
--
Cheers,
Sven Arvidsson
http://www.whiz.se
PGP Key ID 760BDD22
ssh
On Wed, Feb 28, 2007 at 05:35:42PM +0100, Sven Arvidsson wrote:
>
> Another great package is libpam-ssh, unlocking your ssh keys at login
> time, meaning you will only need to type a password once.
>
Cool. I did not know about that one.
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
ssh
On Wed, 2007-02-28 at 11:55 -0500, Roberto C. Sanchez wrote:
> Cool. I did not know about that one.
Another little known cool feature for GNOME and Seahorse users is
libpam-keyring. Seahorse saves passwords for SSH keys in the keyring and
libpam-keyring unlocks it after login.
Seahorse and the GNOME keyring can hold passwords for a lot of things
(GPG, NetworkManager...) so it's quite convenient.
--
Cheers,
Sven Arvidsson
http://www.whiz.se
PGP Key ID 760BDD22
ssh
On Wed, Feb 28, 2007 at 05:35:42PM +0100, Sven Arvidsson wrote:
> On Wed, 2007-02-28 at 09:55 -0500, Roberto C. Sanchez wrote:
> > Ahh. That's what I was afraid of. Having ssh keys without a passphrase
> > is convenient, but very insecure. You are better off without the keys.
> > For the longest time I did not understand that, then some kind soul on
> > this list pointed to ssh-agent and keychain. Very minor inconvenience
> > (enter the passphrase once when you login), and *much* more secure.
>
> Another great package is libpam-ssh, unlocking your ssh keys at login
> time, meaning you will only need to type a password once.
because I'm too lazy to research it, why is this any better than a
passwordless key? If someone is using your login then your ssh keys
are unlocked.
A
ssh
On Wed, Feb 28, 2007 at 10:43:23AM -0800, Andrew Sackville-West wrote:
> On Wed, Feb 28, 2007 at 05:35:42PM +0100, Sven Arvidsson wrote:
> >
> > Another great package is libpam-ssh, unlocking your ssh keys at login
> > time, meaning you will only need to type a password once.
>
> because I'm too lazy to research it, why is this any better than a
> passwordless key? If someone is using your login then your ssh keys
> are unlocked.
>
I think because this defends against outside attack. If you let someone
use your login (even if your keys have a passphrase) and you have them
loaded into ssh-agent, then you have the same problem.
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
ssh
On 2007-02-28T10:43:23-0800, Andrew Sackville-West wrote:
> On Wed, Feb 28, 2007 at 05:35:42PM +0100, Sven Arvidsson wrote:
> >
> > Another great package is libpam-ssh, unlocking your ssh keys at login
> > time, meaning you will only need to type a password once.
>
> because I'm too lazy to research it, why is this any better than a
> passwordless key? If someone is using your login then your ssh keys
> are unlocked.
If your private key does not have a password, then all an attacker needs
is a copy of the key (and public key). The premises of ssh-agent is
that your password, once entered, is kept in "secure" memory, so the
attacker needs to either intercept your password when you enter it
before it is sent to ssh-agent, or compromise ssh-agent and still get a
copy of your private key. In the former case the window of opportunity
is only when you login and the latter while your ssh-agent is running
(i.e. when you are logged in).
There are a couple of gotchas when switching to libpam-ssh namely that
pam does not seem to recursively resolve @include directives, so you
need something like this:
common-auth:
auth sufficient pam_ssh.so keyfiles=id_dsa
auth sufficient pam_unix.so try_first_pass nullok_secure
common-session:
session optional pam_ssh.so
session required pam_unix.so
in this case I removed my user password from /etc/shadow and use the
private key to authenticate on. root has a password in /etc/shadow.
And make sure that your X session does not start another ssh-agent (I
had a .gnomerc that did that).
/Allan
--
ssh
On 2/28/07, Roberto C. Sanchez wrote:
> On Wed, Feb 28, 2007 at 03:42:48PM +0100, Giacomo Montagner wrote:
> >
> >
> > Hi!
> > Usually I do not change anything in ssh configuration. All I do is this:
> >
> > On source machine:
> >
> > user1@host1:~$ ssh-keygen -t dsa
> >
> >
> > user1@host1:~$ cat ~/.ssh/id_dsa.pub
> >
> > On destination machine:
> > user2@host2:~$ vi ~/.ssh/authorized_keys
> >
> >
> > Now you should be able to do:
> > user1@host1:~$ ssh user2@host2
> >
> > without needing to type any password.
> >
> > Hope this helps.
> >
> Ahh. That's what I was afraid of. Having ssh keys without a passphrase
> is convenient, but very insecure. You are better off without the keys.
> For the longest time I did not understand that, then some kind soul on
> this list pointed to ssh-agent and keychain. Very minor inconvenience
> (enter the passphrase once when you login), and *much* more secure.
I use this method, (without passphrase) to be able to run script (with
cronjob) from one machine into other, if I put a passphrase that is
not going to work, am I right?
Anyway to get my key, a "hacker" will need access to my PC right? if
both PCs are secured there should be no chance to get my keys stolen.
--
Guillermo Garron
"Linux IS user friendly... It's just selective about who its friends are."
(Using FC6, CentOS4.4 and Ubuntu 6.06)
http://feeds.feedburner.com/go2linux
http://www.go2linux.org
--
ssh
On Wed, 2007-02-28 at 17:29 -0400, Guillermo Garron wrote:
> I use this method, (without passphrase) to be able to run script (with
> cronjob) from one machine into other, if I put a passphrase that is
> not going to work, am I right?
>
> Anyway to get my key, a "hacker" will need access to my PC right? if
> both PCs are secured there should be no chance to get my keys stolen.
There are actually ways of minimising the damage, should the key fall in
wrong hands. You can on the server specify from what hosts a certain key
can connect from, and what commands can be run.
See the section authorized_keys file format from the sshd man page.
http://www.debian-administration.org/articles/152 (see comments)
--
Cheers,
Sven Arvidsson
http://www.whiz.se
PGP Key ID 760BDD22
ssh
On 2/28/07, Sven Arvidsson wrote:
> On Wed, 2007-02-28 at 17:29 -0400, Guillermo Garron wrote:
> > I use this method, (without passphrase) to be able to run script (with
> > cronjob) from one machine into other, if I put a passphrase that is
> > not going to work, am I right?
> >
> > Anyway to get my key, a "hacker" will need access to my PC right? if
> > both PCs are secured there should be no chance to get my keys stolen.
>
> There are actually ways of minimising the damage, should the key fall in
> wrong hands. You can on the server specify from what hosts a certain key
> can connect from, and what commands can be run.
>
> See the section authorized_keys file format from the sshd man page.
> http://www.debian-administration.org/articles/152 (see comments)
thank you..
--
Guillermo Garron
"Linux IS user friendly... It's just selective about who its friends are."
(Using FC6, CentOS4.4 and Ubuntu 6.06)
http://feeds.feedburner.com/go2linux
http://www.go2linux.org
--
ssh
On Wed, Feb 28, 2007 at 05:29:11PM -0400, Guillermo Garron wrote:
>
> I use this method, (without passphrase) to be able to run script (with
> cronjob) from one machine into other, if I put a passphrase that is
> not going to work, am I right?
>
This is not correct. With keychain, you can set it up to hold the ssh
keys in memory after you log out until the next time you log in. The
idea is that if an attacker cracks your account and then logs in, the
keys will be cleared. Of course, this will also happen when you log in
again and so you will need to enter your passphrase each time you log
in. But this is the same situation as when you use plain ssh-agent.
> Anyway to get my key, a "hacker" will need access to my PC right? if
> both PCs are secured there should be no chance to get my keys stolen.
I thikn that "no chance" is a bit strong. You never know what might
happen. Besides, that's why you want defense in depth.
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
ssh
On 2007-02-28 17:17:27 -0500, Roberto C. Sanchez wrote:
> On Wed, Feb 28, 2007 at 05:29:11PM -0400, Guillermo Garron wrote:
> > I use this method, (without passphrase) to be able to run script (with
> > cronjob) from one machine into other, if I put a passphrase that is
> > not going to work, am I right?
For specific scripts, it is probably better to use specific keys with
some restrictions, e.g. by forcing the command name.
> This is not correct. With keychain, you can set it up to hold the ssh
> keys in memory after you log out until the next time you log in. The
> idea is that if an attacker cracks your account and then logs in, the
> keys will be cleared. Of course, this will also happen when you log in
> again and so you will need to enter your passphrase each time you log
> in. But this is the same situation as when you use plain ssh-agent.
With ssh-agent, I can type my passphrase only once (when I use ssh
for the first time after the first login), until I quit all my shell
sessions.
--
Vincent Lefèvre - Web:
100% accessible validated (X)HTML - Blog:
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
--
ssh
On Thu, Mar 01, 2007 at 02:18:40PM +0100, Vincent Lefevre wrote:
> On 2007-02-28 17:17:27 -0500, Roberto C. Sanchez wrote:
>
> > This is not correct. With keychain, you can set it up to hold the ssh
> > keys in memory after you log out until the next time you log in. The
> > idea is that if an attacker cracks your account and then logs in, the
> > keys will be cleared. Of course, this will also happen when you log in
> > again and so you will need to enter your passphrase each time you log
> > in. But this is the same situation as when you use plain ssh-agent.
>
> With ssh-agent, I can type my passphrase only once (when I use ssh
> for the first time after the first login), until I quit all my shell
> sessions.
>
Right, but with keychain they persist even after you log out. This is
nice because then your keys *can* have a passphrase and you can still
use them for unattended things like cron jobs. Of course, if the
machine suts down, you need to log back in and enter the passphrase
again.
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
ssh
On 2007-03-01 09:28:47 -0500, Roberto C. Sanchez wrote:
> Right, but with keychain they persist even after you log out. This is
> nice because then your keys *can* have a passphrase and you can still
> use them for unattended things like cron jobs. Of course, if the
> machine suts down, you need to log back in and enter the passphrase
> again.
Not requiring passphrases for things like cron jobs (and only these
ones) is nicer, still works if the machine is rebooted and probably
more secure as all the passphrases for generic SSH can be forgotten.
--
Vincent Lefèvre - Web:
100% accessible validated (X)HTML - Blog:
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
--
ssh
On 2/28/07, Francesco Pietra wrote:
> Yes, I have generated both rsa and dsa in my home.
> Though, the problem is how to identify the two machine
> behind a router and firewall. They appear from outside
> as having the same IP. I don't know if there is access
> at private IPs, if any. Themn I used "inet addr" with
> partial success. fos "slogin". The hostnames do not
> allow connecting.
> Cheers
> francesco
I do not know if it is your intention, but you are replaying only to
me and not to the list, and could be good to have the list involved on
this.
Ok, I am not understanding you well, I will try to make a graph and
please tell me if that is what you have.
Home PC <---------------->router<-----Internet--------->router<------->office PC
10.1.1.1 10.1.1.2 4.2.2.2
166.114.10.10 10.1.1.2 10.1.1.1
the IPs i am using are just examples, but if I understand you well ,
you seems to have the same IP on you Home PC and at your office PC
right? is this schema in order? please confirm.
best regards,
--- Please avoid top posting.
Guillermo Garron
"Linux IS user friendly... It's just selective about who its friends are."
(Using FC6, CentOS4.4 and Ubuntu 6.06)
http://feeds.feedburner.com/go2linux
http://www.go2linux.org
> --- Guillermo Garron
> wrote:
>
> > On 2/28/07, Francesco Pietra
> > wrote:
> > > Hi Guillermo:
> > >
> > > I must have done something wrong because I already
> > > tried unsuccessfully what you suggest.
> > Sorry I made something wrong, i have just updated my
> > page
> > http://linux.go2linux.org/node/16
> >
> > but the problem was that when you execute the
> > command,
> > ssh-keygen -t rsa, you need to leave the passphrase
> > empty, or it will
> > not work, please try again, I have just tried on two
> > PCs i have with
> > the same root/pass user/pass combinations on both
> > and worked.
> >
> > regards,
> > Guillermo.
> >
> >
> > >
> > > I must say that on the two machines (Athlon i386,
> > > where the graphical interface in my HOME) and
> > > multi-dual-opteron (where the QM program in my
> > HOME)
> > > both at the same router and with the need to have
> > > access to internet from the i386, I am both root
> > and
> > > user with the same username and passwords. May be
> > that
> > > confusing the system?
> > >
> > > If I change username with "chfn" what about the
> > many
> > > env variables?
> > >
> > > Thanks
> > > francesco
> > >
> > > --- Guillermo Garron
> > > wrote:
> > >
> > > > On 2/27/07, jeffd wrote:
> > > > > Francesco Pietra wrote:
> > > > > > Hi All:
> > > > > > Is anyone aware of a friendly openssh
> > (including
> > > > > > server) that installs on Debian etch and
> > allows
> > > > > > interactive connections secured by pubkeys?
> > > > > >
> > > > > > I installed ssh and openssh-server from
> > debian.
> > > > OK
> > > > > > using password, though I met problems in
> > > > configuring
> > > > > > for pubkeys (ssd_config comes with "UsePAM
> > yes"
> > > > > > "PermitRootLogin yes" #AuthorizedKeysFile
> > %h/
> > > > > > .ssh/authorized_keys" (does %h refer to
> > every
> > > > user?).
> > > > > > Tired with trial-and-error I hope to find an
> > > > easir
> > > > > > groung elsewhere.
> > > > > >
> > > > > > Not anyone is a professional administrator,
> > > > though
> > > > > > many of us have to get the OS running. A bit
> > > > more
> > > > > > comments of the config file would help.
> > > > > >
> > > > > > Thanks
> > > > > >
> > > > > > francesco pietra
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > >
> > >
> >
> ____________________________________________________________________________________
> > > > > > Be a PS3 game guru.
> > > > > > Get your game face on with the latest PS3
> > news
> > > > and previews at Yahoo! Games.
> > > > > >
> > > >
> > http://videogames.yahoo.com/platform?platform=120121
> > > > > >
> > > > > >
> > > > > >
> > > > > I think what you are looking for is :
> > > > > PubkeyAuthentication yes
> > > > >
> > > > > then put your public key on the remote
> > machine in
> > > > > ~/.ssh/authorized_keys . also make sure that
> > file
> > > > is chmod'd to 600
> > > >
> > > > Some time ago i wrote this,
> > > >
> > > > http://linux.go2linux.org/node/16
> > > >
> > > >
> > > > --
> > > > Guillermo Garron
> > > > "Linux IS user friendly... It's just selective
> > about
> > > > who its friends are."
> > > > (Using FC6, CentOS4.4 and Ubuntu 6.06)
> > > > http://feeds.feedburner.com/go2linux
> > > > http://www.go2linux.org
> > > >
> > > >
> > > > --
> > > > To UNSUBSCRIBE, email to
> > > >
> > > > with a subject of "unsubscribe". Trouble?
> > Contact
> > > >
> > > >
> > > >
> > >
> > >
> > >
> > >
> > >
> >
> ____________________________________________________________________________________
> > > Any questions? Get answers on any topic at
> > www.Answers.yahoo.com. Try it now.
> > >
> >
> >
> > --
> > Guillermo Garron
> > "Linux IS user friendly... It's just selective about
> > who its friends are."
> > (Using FC6, CentOS4.4 and Ubuntu 6.06)
> > http://feeds.feedburner.com/go2linux
> > http://www.go2linux.org
> >
>
>
>
>
> ____________________________________________________________________________________
> Do you Yahoo!?
> Everyone is raving about the all-new Yahoo! Mail beta.
> http://new.mail.yahoo.com
>
--
Guillermo Garron
"Linux IS user friendly... It's just selective about who its friends are."
(Using FC6, CentOS4.4 and Ubuntu 6.06)
http://feeds.feedburner.com/go2linux
http://www.go2linux.org
--
ssh
Hi Guillermo:
No, I have the two machines (deb32 and deb64 are their
hostnames) attached to the same router. The router is
in front of me, the two machines behind the wall. The
router (Xyxel Prestige 66H, ADSL 2+ 4 Port Gateway) is
connected to ADSL, which line is separated by the
teleph line by a filter.
That means that the two machines face a firewall
barrier, to which I can't renounce because the two
machine have to play together for jobs that may last
many days uninterruptly. And I need access, during the
job, to internet from deb32.
Obviously, the two machines have an apparent identical
ID under such conditions, and I don't know if their
inernal private addresses exist and how they can be
accessed and exploited.
I found that the two machines - under the above
conditions - differ for the "inet addr" (as it can be
derived by the root commanf "ifconfig"). Which differ
by one digit and can change from login to login,
though probably it depends on which machine gets
connected first to internet, which can be regulated so
that each machine has always the same inet addr.
Therefore the "inet addr" That seems to be exploiable
for "slogin" from one machine to another one (the
hostnames are not, as they are not defined on
/etc/hosts, and cannot be defined because of the
dynamic - and behind router - ID discussed). Probably
I am discovering hot water, though I have not
completed the connection because not all keys are yet
in place. Probably one has to connect from deb32 to
deb64 as root, under the above conditions.
What I suspect, is that there is a proved protocol for
getting to work INTERACTIVELY for long periods two
machines under the above described conditions. This is
why I hope to get suggestions. I must say that I
alraedy got very useful suggestions from the debian
science list, though the task is not completed yet.
Regards
francesco
--- Guillermo Garron
wrote:
> Ok, I am not understanding you well, I will try to
> make a graph and
> please tell me if that is what you have.
>
> Home PC
>
<---------------->router<-----Internet--------->router<------->office
> PC
> 10.1.1.1 10.1.1.2 4.2.2.2
> 166.114.10.10 10.1.1.2 10.1.1.1
>
> the IPs i am using are just examples, but if I
> understand you well ,
> you seems to have the same IP on you Home PC and at
> your office PC
> right? is this schema in order? please confirm.
>
> best regards,
>
> --- Please avoid top posting.
>
> Guillermo Garron
> "Linux IS user friendly... It's just selective about
> who its friends are."
> (Using FC6, CentOS4.4 and Ubuntu 6.06)
> http://feeds.feedburner.com/go2linux
> http://www.go2linux.org
>
>
>
____________________________________________________________________________________
Never Miss an Email
Stay connected with Yahoo! Mail on your mobile. Get started!
http://mobile.yahoo.com/services?promote=mail
--
ssh
On 3/1/07, Francesco Pietra wrote:
> Hi Guillermo:
> No, I have the two machines (deb32 and deb64 are their
> hostnames) attached to the same router. The router is
> in front of me, the two machines behind the wall. The
> router (Xyxel Prestige 66H, ADSL 2+ 4 Port Gateway) is
> connected to ADSL, which line is separated by the
> teleph line by a filter.
>
> That means that the two machines face a firewall
> barrier, to which I can't renounce because the two
> machine have to play together for jobs that may last
> many days uninterruptly. And I need access, during the
> job, to internet from deb32.
>
> Obviously, the two machines have an apparent identical
> ID under such conditions, and I don't know if their
> inernal private addresses exist and how they can be
> accessed and exploited.
>
> I found that the two machines - under the above
> conditions - differ for the "inet addr" (as it can be
> derived by the root commanf "ifconfig"). Which differ
> by one digit and can change from login to login,
> though probably it depends on which machine gets
> connected first to internet, which can be regulated so
> that each machine has always the same inet addr.
>
> Therefore the "inet addr" That seems to be exploiable
> for "slogin" from one machine to another one (the
> hostnames are not, as they are not defined on
> /etc/hosts, and cannot be defined because of the
> dynamic - and behind router - ID discussed). Probably
> I am discovering hot water, though I have not
> completed the connection because not all keys are yet
> in place. Probably one has to connect from deb32 to
> deb64 as root, under the above conditions.
>
> What I suspect, is that there is a proved protocol for
> getting to work INTERACTIVELY for long periods two
> machines under the above described conditions. This is
> why I hope to get suggestions. I must say that I
> alraedy got very useful suggestions from the debian
> science list, though the task is not completed yet.
It could be nice that if you send a query to two different lists, you
can post the good answers from one to the other.
On the other issue I really do not understand why the things are not
working for you, i tried twice the method i described and works
perfectly.
sorry.
--
Guillermo Garron
"Linux IS user friendly... It's just selective about who its friends are."
(Using FC6, CentOS4.4 and Ubuntu 6.06)
http://feeds.feedburner.com/go2linux
http://www.go2linux.org
--