Configure local ssh login

Similar Messages

• Configured local login on the console, but forgot to create a user...

  I saved the config, restarted and now I can't log in.  Is there any way to undo this change?   Should I just follow the normal password reset procedure (press the mode button, backup config, etc) and then create a login this way?
  I assume so, but I'm 50/50 on if I should just clear the whole thing out and start over since I'm not THAT far in.
  Thanks!

  I saved the config, restarted and now I can't log in.  Is there any
  way to undo this change?   Should I just follow the normal password
  reset procedure (press the mode button, backup config, etc) and then
  create a login this way?I assume so, but I'm 50/50 on if I should just clear the whole thing out and start over since I'm not THAT far in.Thanks
  Hi,
  First check out that you are able access the router via telnet or console,I mean if your are getting the username prompt.If you are getting the username prompt then try the local username which you have configured.If that isn't working then try for password recovery to make this router as if like new one.
  Check out the belowlinks on password recovery for different routers series
  http://www.cisco.com/en/US/products/hw/routers/ps259/products_password_recovery09186a0080094675.shtml
  http://www.cisco.com/en/US/products/hw/routers/ps274/products_password_recovery09186a0080094774.shtml
  http://www.cisco.com/en/US/products/hw/routers/ps221/products_password_recovery09186a0080094773.shtml
  and also check out the below link on how to configure local user database in routers
  http://www.petri.co.il/csc_how_to_configure_local_username_database_cisco_ios.htm
  Hope to help.
  If helpful do rate the vlauable post.
  Regards
  Ganesh.H

• Passwordless ssh login using kerberos in Directory Server 5.2

  Hello all,
  I am trying to do passwordless ssh login in directory server 5.2 . I have done everything on directory server and client such as enabling sasl/gssapi, configuring kdc, creating gssapi profile, identity mapping, configured client with that profile. ldapsearch with -o mech=gssapi works fine.
  But still i can't do password less ssh login. However, i can do passwordless login with the kerberos principal for local user but not for user which is in directory server.
  Any help will be greatly appreciated.

  Hello all,
  I am trying to do passwordless ssh login in directory server 5.2 . I have done everything on directory server and client such as enabling sasl/gssapi, configuring kdc, creating gssapi profile, identity mapping, configured client with that profile. ldapsearch with -o mech=gssapi works fine.
  But still i can't do password less ssh login. However, i can do passwordless login with the kerberos principal for local user but not for user which is in directory server.
  Any help will be greatly appreciated.

• 3750 sw is not sending SSH login failure SNMP trap

  Hi experts,
  I want to make my switch send trap when failed SSH login is detected. I found the "login Enhancement" feature and enabled the trap and logging for the failed attempt.
  3750# sh run | in login
  aaa authentication login default local
  login delay 1
  login on-failure
  3750# sh login
       A login delay of 1 seconds is applied.
       No Quiet-Mode access list has been configured.
       All failed login is logged and generate SNMP traps.
       Router NOT enabled to watch for login Attacks
  Then I enabled all the traps except the one for the syslog (because I don't want all the log messages are sent as SNMP traps...)
  (config)# snmp-server enable traps
  (config)# no snmp-server enable traps syslog
  (config)# snmp-server host 10.1.1.1 mysnmpkey
  Now when I try to login with incorrect password I do see the log but I don't receive the trap...
  Nov 23 12:39:27: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 10.1.1.1] [localport: 22] [Reason: Login Authentication Failed] at 12:39:27 EST Wed Nov 23 2011
  Of course when I enable the "syslog" trap I see something but that's more just for this log message
  Any idea why??
  My 3750-24TS-E is running
  Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
  Thanks!
  Difan

  Hey Smitesh thanks for the reply. However my switch doesn't support the aaa_server trap...
  #snmp-server enable traps ?
    auth-framework    Enable SNMP CISCO-AUTH-FRAMEWORK-MIB traps
    bgp               Enable BGP traps
  Mine is a 3750 switch. Is this command for routers?
  Thanks,
  Difan

• Problem with public key ssh login

  Weird problem just appeared. Home computer has two accounts (A and B). I allow ssh login to both accounts via public key login (ssh-keygen). Two remote computers with accounts A' and B' on one, and A" and B" on the other.
  I can ssh into the home computer account B from account B' on one computer. I can log into the home computer account B from account B" on the other computer. I cannot ssh into the home computer account A from either A' or A", but I could last week.
  Here is what the .ssh directories look like:
  Home computer, account A:
  total 8
  drwx------ 4 userA groupA 136 Jan 30 11:51:38 2006 .
  drwxrwxr-x 25 userA groupA 850 Nov 8 20:05:58 2006 ..
  -rw-r--r-- 1 userA groupA 1216 Jan 10 13:20:20 2006 authorized_keys2
  -rw-r--r-- 1 userA groupA 447 Sep 25 15:28:42 2006 known_hosts
  Home computer, account B:
  total 16
  drwx------ 5 userB groupB 170 Oct 2 09:52:02 2006 .
  drwxr-xr-x 23 userB groupB 782 Nov 9 08:26:03 2006 ..
  -rw------- 1 userB groupB 6148 May 19 17:54:58 2006 .DS_Store
  -rw-r--r-- 1 userB groupB 1228 Jan 10 13:24:15 2006 authorized_keys2
  -rw-r--r-- 1 userB groupB 242 Oct 2 09:52:02 2006 known_hosts
  Remote computer 1, account A':
  total 16
  drwx------ 6 userA' groupA' 204 Nov 9 09:55:12 2006 .
  drwxr-xr-x 29 userA' groupA' 986 Nov 9 09:41:21 2006 ..
  -rw-r--r-- 1 userA' groupA' 41 Mar 13 12:13:17 2006 config
  -rw------- 1 userA' groupA' 736 Nov 20 13:38:54 2005 id_dsa
  -rw-r--r-- 1 userA' groupA' 607 Nov 20 13:38:54 2005 id_dsa.pub
  -rw-r--r-- 1 userA' groupA' 246 Jan 10 09:41:27 2006 known_hosts
  Remote computer 1, account B':
  total 16
  drwx------ 5 userB' groupB' 170 Nov 9 08:23:04 2006 .
  drwxr-xr-x 18 userB' groupB' 612 Nov 9 09:52:11 2006 ..
  -rw------- 1 userB' groupB' 6148 Nov 9 08:23:04 2006 .DS_Store
  -rw------- 1 userB' groupB' 668 May 25 08:51:51 2006 id_dsa
  -rw-r--r-- 1 userB' groupB' 2481 Oct 30 09:00:57 2006 known_hosts
  Remote computer 2, account A":
  total 12
  drwx------ 5 userA" groupA" 170 Jan 25 10:59:54 2006 .
  drwxr-xr-x 20 userA" groupA" 680 Nov 9 08:19:30 2006 ..
  -rw------- 1 userA" groupA" 736 Jan 10 13:14:16 2006 id_dsa
  -rw-r--r-- 1 userA" groupA" 609 Jan 10 13:14:16 2006 id_dsa.pub
  -rw-r--r-- 1 userA" groupA" 3376 Oct 31 19:48:25 2006 known_hosts
  Remote computer 2, account B":
  total 12
  drwx------ 5 userB" groupB" 170 Jan 25 11:41:48 2006 .
  drwx------ 22 userB" groupB" 748 Nov 9 10:33:00 2006 ..
  -rw------- 1 userB" groupB" 736 Jan 10 13:11:50 2006 id_dsa
  -rw-r--r-- 1 userB" groupB" 615 Jan 10 13:11:50 2006 id_dsa.pub
  -rw-r--r-- 1 userB" groupB" 2947 Nov 7 10:18:27 2006 known_hosts
  I had copied the A' id_dsa.pub from remote computer 1 to the home computer account A authorized_keys2, then I copied the A" id_dsa.pub from remote computer 2 and had appended it to the home computer account A authorized_keys2. I had done a similar thing with accounts B', B", and B on their respective computers.
  All worked great for many months, until today, when ssh connections from A' or A" into A give me the dreaded
  Permission denied,gssapi-keyex,gssapi-with-mic) error message. Pretty certain that it was as recent as earlier this week I made the A'-->A ssh connection and all was well. Meanwhile, ssh connections from B' or B" into B still work fine.
  As near as I can tell, file ownerships and permissions look okay. While ssh'ed into B from B' I even did a
  cat /Users/userA/.ssh/authorized_keys2
  and then in another Terminal window, local to the remote computer, I did a
  cat /Users/userA/.ssh/id_dsa.pub
  In the terminal windows, each key wraps over about five-and-a-half lines, and I spotchecked like the last half-dozen characters, on each Terminal window line, of remote computer 1, account A' id_dsa.pub and the first pub key entry in authorized_keys2 in home computer account A. They all match.
  I even keep a clone backup of my hard drive, and the date/timestamp of /etc/sshd_config hasn't changed (although, I'm a bit mystified why it is dated as recently as it is -- Sep 29 2006 -- don't remember doing anything to it)
  So, I'm really confused, and not sure what to try or where to look next.
  2001 Quicksilver G4 (M8360LL/A)   Mac OS X (10.4.8)  

  Hi j.v.,
  Home computer, account A:
  total 8
  drwx------ 4 userA groupA 136 Jan 30 11:51:38 2006 .
  drwxrwxr-x 25 userA groupA 850 Nov 8 20:05:58 2006 ..
  The parent directory ".." of the directory ".ssh", i.e. home directory of account A, is group-writeble. SSH considers this as "insecure". You should make it writable only by the owner.
  A@Home$ cd (cd to the home directory)
  A@Home$ chmod g-w .
  HTH
  PowerMac G4   Mac OS X (10.4.7)  

• Unable to login network user from login windom. SSH login ok.

  I have a MacOS 10.6 client and ldap network users server by MacOS 10.4 Server. Trying to login via the login window I get "Logging in..." which tries forever (or until I reboot).
  * SSH login works fine with network users.
  * Local users can login.
  * Network access is allowed by all users (Preferences->Login)
  * Removing ~/Library/ from the network user doesn't work.
  Logging in via SSH while the login screen is hanging I get:
  [mikael@melba ~]$ ps -Umikael
  PID TTY TIME CMD
  330 ?? 0:00.03 /sbin/launchd
  480 ?? 0:00.02 /System/Library/CoreServices/CCacheServer.app/Contents
  693 ?? 0:00.00 /usr/sbin/sshd -i
  694 ttys000 0:00.12 -bash
  730 ttys000 0:00.00 ps -Umikael
  Any ideas?

  I cannot create the mobile account (real username replaced here with '<username>'). This is true whether I run the command as root or as the user in question (via ssh):
  root# /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobilea ccount -n <username>
  createmobileaccount built Jul 23 2009 22:14:42
  2009-10-05 15:54:41.906 createmobileaccount[41973:903] MCXCCacheMCXRecordAndGraph(): [localNode createRecordWithRecordType:(null) name:"<username>"] == 4100 (Unable to create record <username> in /Local/Default.)
  2009-10-05 15:54:41.908 createmobileaccount[41973:903] MCXCCreateMobileAccount(): Failed to create account. Error = 4100 (MCXCCacheMCXRecordAndGraph failed). Cleaning up mobile account record.
  2009-10-05 15:54:41.909 createmobileaccount[41973:903] MCXCDeleteAccount(): Trying to delete user id = 0
  * mobile account could not be created: 4100 (Unable to create record <username> in /Local/Default.)
  Directory services and DNS are set manually.
  Message was edited by: BerkeleyAstroBill

• PAM_CONV not working for SSH logins

  I have a problem implementing PAM_CONV for SSH logins on Solaris 9 with the latest OS patches. I am using my own PAM module.
  I am trying to utilize PAM_CONV from pam_sm_acct_mgmt.
  I am using the following definition in /etc/pam.conf :
  other account optional pam_gabi.so
  Here is how I use PAM_CONV from pam_sm_acct_mgmt :
  #include <security/pam_appl.h>
  #include <security/pam_modules.h>
  #include <syslog.h>
  void gabi_pam_free_msg (int num_msg,
  struct pam_message **msg);
  void gabi_pam_free_resp (int num_msg, struct pam_response *resp);
  int gabi_pam_conv (int (*conv_funp)(), int num_msg,
  char **messages,
  struct pam_response **resp);
  #define PAM_MSG(pamh, number, string)\
  (char *) __pam_get_i18n_msg(pamh, "pam_unix", 3, number,
  string)
  void gabi_pam_free_msg (int num_msg, struct pam_message *msg)
  if (msg && num_msg > 0) {
  while (num_msg--) {
  if (msg[num_msg].msg)
  free((void*)msg[num_msg].msg);
  free(msg);
  void gabi_pam_free_resp (int num_msg, struct pam_response *resp)
  int i;
  struct pam_response *r;
  for (i = 0, r = resp; i < num_msg && r; i++, r++) {
  if (r->resp) {
  free(r->resp);
  if (resp)
  free(resp);
  extern
  int pam_sm_acct_mgmt (pam_handle_t *pamh,
  int flags,
  int argc ,
  const char **argv)
  char message[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE];
  char *pmessage = &message[0];
  struct pam_response *ret_resp;
  struct pam_conv *pam_convp;
  int rv=0;
  syslog(LOG_WARNING, "pam_sm_acct_mgmt");
  memset(&message[0],0x00,PAM_MAX_MSG_SIZE);
  if (pam_get_item(pamh, PAM_CONV, (void*)&pam_convp) == PAM_SUCCESS) {
  syslog(LOG_WARNING, "pam_sm_acct_mgmt: PAM_CONV
  == PAM_SUCCESS");
  (void) snprintf(message[0],sizeof (message[0]),
  (const char *) PAM_MSG(pamh,
  1,"pam_sm_acct_mgmt : "));
  rv=gabi_pam_conv(pam_convp->conv, 1, &pmessage,
  &ret_resp);
  syslog(LOG_WARNING, "pam_sm_acct_mgmt:seos_pam_conv
  returned rv=%d",rv);
  else
  syslog(LOG_WARNING, "pam_sm_acct_mgmt: PAM_CONV !
  = PAM_SUCCESS");
  return PAM_IGNORE;
  int gabi_pam_conv (int (*conv_funp)(), int num_msg, char **messages,
  struct pam_response **resp)
  struct pam_message *msg;
  int retcode, i;
  struct pam_response *ret_resp = NULL;
  msg = (struct pam_message *)calloc(num_msg, sizeof(struct
  pam_message));
  if (msg == NULL)
  return PAM_BUF_ERR;
  for (i = 0; i < num_msg; i++) {
  char nl = 0;
  msg.msg = (char *)malloc(PAM_MAX_MSG_SIZE);
  if (resp && (i == num_msg - 1)) {
  msg[i].msg_style = PAM_PROMPT_ECHO_OFF;
  ret_resp = *resp;
  nl = '\0';
  else
  msg[i].msg_style = PAM_TEXT_INFO;
  snprintf(msg[i].msg, PAM_MAX_MSG_SIZE, "%s%c",
  messages[i], nl);
  retcode = conv_funp(num_msg, &msg, &ret_resp, NULL);
  syslog(LOG_WARNING, "seos_pam_conv: conv_funp returned
  retcode=PAM_SUCCESS=%c",
  ((retcode == PAM_SUCCESS) ? 'Y' : 'N'));
  gabi_pam_free_msg(num_msg, msg);
  if (resp)
  *resp = ret_resp;
  else
  gabi_pam_free_resp(num_msg, ret_resp);
  return retcode;
  I compile the source file like :
  cc -K pic -I. -c -o <obj_file> <src_file>
  cc -o pam_gabi.so -G -h pam_sample.so.1 -z text -z defs
  -Bsymbolic <obj_file> -lc -lpam -lnsl
  I copied pam_gabi.so to /usr/lib/security.
  From a remote machine I run :
  ssh -l <user_id> my_machine (<user_id> is a regular user)
  I expect to get prompted with "pam_sm_acct_mgmt :" after I put in the
  user password but I never see it and I am logged in successfully.
  If I try :
  rlogin -l <user_id> my_machine
  I do get the "pam_sm_acct_mgmt :" prompt after providing the user's
  password and login successfully.
  The syslog messages show that 'conv_funp' in gabi_pam_conv
  returned PAM_CONV_ERROR when called for the SSH login and
  returned PAM_SUCCESS when called for the rlogin.
  Kerberos is NOT installed on my Solaris 9 system.
  Can anyone please explain this behavior ?
  Thanks,
  Gabi

  After reading a little about this it looks like you have users enter user exec mode by default and after typing "enable" then entering the TACACS+ password you probably get denied.  If this is the case you are kind of left to your own devices.  I'll provide you some information and let you determine the best course.
  R1(config-line#) privilege level [0-15] 
  This line sets the privilege level of users that are logging in via SSH or other teleterminal services.
  Here is an excerpt from the documentation for tac_plus provided at http://www.shrubbery.net/tac_plus/
  CONFIGURING ENABLE PASSWORDS
  The default privilege level for an ordinary user on the NAS is usually
  1. When a user enables, she can reset this level to a value between 0
  and 15 by using the NAS "enable" command. If she doesn't specify a
  level, the default level she enables to is 15.
  You can enable via tacacs+ e.g. by configuring on the NAS:
          aaa authentication enable default tacacs+
  then whenever you attempt to enable, an authentication request is sent
  with the special username $enab<n>$ where <n> is the privilege level
  you are attempting to enable to.
  (Note: in order to be compatible with earlier versions of tacacs, when
  the requested enable level is 15, the daemon will also try the
  username $enable$ before trying username $enab15$).
  For example, with the above declaration, in order to enable on the
  NAS, you need a user declaration like this one, on the daemon:
  user = $enab15$ {
      login = cleartext "the enable password for level 15"
  Note: Be aware that this does have the side effect that you now have a
  user named $enab15$ who can then login to your NAS if she knows the
  enable password.
  Here is a similar declaration allowing users to enable to level 4:
  user = $enab4$ {
      login = des bsoF4OivQCY8Q

• SecureAFP and SecureVNC via SSH Login - Help?

  Hello, Just want to check that there are no security problems in the my future setup ideas.
  I have a MacMini and iMac at home, and also a MacBook Air/Pro (one of which I always have with me). I want to set up either the MacMini or iMac as a Server for all my files etc. My plan is to set up Remote SSH Login in the sharing panel so I can open a SSH Tunnel, and tunnel VNC and AFP through it (I'm not sure if I need to also set up Screen Sharing and File Sharing in the Preference Pane?)
  Once this is set up I should (if I'm not wrong) be able to open up terminal.app and type in "SSH [email protected]:[Port number (depending on the Mac I want to connect to, be it the MacMini or iMac as I use port forwarding)]", once that is done I will need to type my normal login password (is this send in clear text or not - does anyone know??). Hopefully a SSH tunnel will then be up and running. When it is, can I just go to Finder>Connect to Server>"afp://myhostname.dyndns.com" or "vnc://myhostname.dyndns.com" and then these services will be sent through the SSH tunnel, or will they not?
  Is this a good set up or not? Would I be better with using FTP/(S)FTP (although that is Read-only, if what I have read is correct)? Or use Transmit (a FTP/(S)FTP Client) Or would I just be better using Back-To-My-Mac from MobileMe? Is there any GUI for setting up a SSH tunnel, which can save info for multiple Servers? What set-up do you guys use?
  Very sorry for the Long post, but I hope I can have your experienced help on this.
  Thanks in Advance - Adam J.

  Thanks both of you for your detailed help, I'm guessing it doesn't matter if your put 10548 or 22548 etc as long as you map it to the right port (548) on the mac (when typing the "-L....:localhost:...." commend) and within Finder itself.
  Correct. The choice of 10548, 22548, 12345, etc... is up to you as long as you use a valid port number and do not pick a port that is associated with a service you depend on (most of those are low numbered ports, but if you are concerned, you can do Google server on "Known Port Numbers"
  In Finder do I just type "localhost" or the name of the computer on my network?
  In Finder -> Go -> Connect to Server, you type vnc://localhost:publicportnumber. This is the 10548, or 22548, or 12345, whatever port number you choose. The :port_number is how you tell the software making the network connection which non-standard (customized) port number you wish to use.
  You are specifying localhost, because you have created a tunnel that goes from your local host port number 10548 (or 22548, or 12345, ...) to the remote port 548 on your server Mac. As with any kind of tunnel you have to enter it on one end, and when you emerge you are at the other end. So the point of entry is on your localhost, at port 10548, hence afp://localhost:10548.
  Just out of a matter of interest obviously the "-p" command tells terminal what port, but what does the "-L" command do,
  The terminal is NOT the command line. The terminal is just a bit of software that passes your keyboard input to a pseudo serial port which is being read by your shell (typically 'bash'), that parses your input and looks for a command that matches the first token, and then starts a subprocess to run that command and passing the rest of the command line to that command for it to parse.
  so the -p is tell the ssh command to make its initial connection to that port.
  The -L 10548:localhost:548 tells ssh that on the localhost it should open and listen on port 10548 for any connection requests, and to pass anything and everything across the tunnel to port 548 on the other side of the ssh connection. Each -L option establishes a separate port pair to listen and forward network requests between.
  does it also matter if they are capitals or not (e.g. could "-p" be "-P").
  ABSOLUTELY! The Unix environment is VERY MUCH Case Sensitive.
  See "man ssh" and pay attention to the fact that some options are lowercaser and some are upper case. Using the wrong case will either not work, or you will get some behavior you did not expect.
  When setting up the alias where are they then stored - or does it just remember them, so when you type "sshmacmini" it will auto fire up a SSH tunnel to the MacMini and then ask for a password? Is there anyway to then delete these alias or reset them?
  Do you mean a bash shell command alias, as in
  alias sshmacmini='ssh -p 22001 -L 22548:localhost:548 -L 22590:localhost:5900 [email protected]'
  If you mean one of those, then it should be stored in your shell initialization file. For bash (the default Mac OS X comamnd line shell), the typical place would be
  $HOME/.bash_profile
  However, if you already have a .profile, then use that. Bash looks for and uses the first initialization file it finds, in the following order. If you have multiple, one the first found will be used:
  .bash_profile
  .bash_login
  .profile
  If you mean some other kind of alias, please clarify.
  When you use NNNNN and KKKKK they are obviously two different port numbers to port forward to port 22 on the two different Macs?
  If by NNNNN and KKKKK you mean establishing your router's port forwarding so that Public Internet port NNNNN is forwarded to Mac 'A's port 22 and Public Internet port KKKKK is forwarded to Mac 'B's port 22, then yes. This is a bit of router port forwarding magic. In my example I used 22001 and 22002 as my NNNNN and KKKKK values.
  Thanks you again, ever so much for the help! And again very sorry for all the questions - I hope to pick up and learn a bit of Command Line as I'm a total beginner just very good with GUIs.
  A lot of the command line stuff is generic 'bash' shell, so go to your local bookstore and browse some books on 'bash'.
  Personally for learning about how Unix glues things together via the shell, I am still partial to the Kernighan and Pike "Unix Programming Environment" Copyright 1984. The first half of that book will teach you many of the underlying Unix principals. Just keep in mind that it was written 27 years ago when Unix could run on a PDP-11 with less than a megabyte (NOT Gigabye) of memory. However the basic principals are still there. Plus Kernighan is an excellent writer and has his name on many of the early Unix books and programs (such as the 'k' in awk is for Kernighan, the original typesetting program roff and nroff used to format all the man pages, the K&R "C" manual, etc...).

• [SOLVED] Non-interactive SSH login and shell startup files

  I have a problem getting git-annex connecting to my arch box because of
  PATH not being correctly set. When diagnosing this problem I noticed that
  ~/.bashrc seems to be ignored for non-interactive SSH logins. More specifically,
  ssh myhost env
  Shows that when connecting to my other computer running gentoo, or to a
  separate server (probably running some flavor of Debian, I am not sure),
  environment variables defined in ~/.bashrc are present, but when connecting
  to my arch box, they are not. All three computers have identical ~/.bashrc
  files and ~/.bash_profile is set to read ~/.bashrc, and in all cases the file is
  sourced for an interactive login (i.e., 'ssh myhost' followed by 'env'). I tried to
  search through the various bash files in /etc, but didn't find anything related.
  Is there some bash or SSH setting that controls this behavior?
  Solution:
  I looked into this a bit more and found BASH_ENV which can be used to point to
  a file which is sourced for non-interactive shells. So I set
  BASH_ENV=~/.bashrc
  in /etc/environment, and now ~/.bashrc is sourced even for non-interactive
  shells and thus my PATH is correctly set. What I still don't know is why
  arch behaves differently in this respect, but I guess that will remain a mystery.
  Last edited by Nuteater (2012-07-27 18:59:30)

  try creating a .login file and put exec bash in there.
  Not _super_ familiar with csh, but I *think* csh loads .login only on login shells (as apposed to always loading .cshrc).
  Barring that, the following should work.
  if (! $?prompt) goto cshrc_end
  exec bash
  cshrc_end:

• Restrict maximum number of SSH logins of a user

  Hi all,
  Does anyone know how to restrict the number of SSH logins of a certain user in Solaris 10? It seems that OpenSSH server doesn't allow to do it.
  I know that it's possible in Linux by using PAM.
  Can you help me on that?
  Thanks in advance.
  BR,
  Roberto

  Users have a profile. example :
  CREATE PROFILE DEFAULT LIMIT
            SESSIONS_PER_USER UNLIMITED
            CPU_PER_SESSION UNLIMITED
            CPU_PER_CALL UNLIMITED
            CONNECT_TIME UNLIMITED
            IDLE_TIME UNLIMITED
            LOGICAL_READS_PER_SESSION UNLIMITED
            LOGICAL_READS_PER_CALL UNLIMITED
            COMPOSITE_LIMIT UNLIMITED
            PRIVATE_SGA UNLIMITED
            FAILED_LOGIN_ATTEMPTS UNLIMITED
            PASSWORD_LIFE_TIME UNLIMITED
            PASSWORD_REUSE_TIME UNLIMITED
            PASSWORD_REUSE_MAX UNLIMITED
            PASSWORD_LOCK_TIME UNLIMITED
            PASSWORD_GRACE_TIME UNLIMITED
            PASSWORD_VERIFY_FUNCTION NULL;
  SESSIONS_PER_USER is the one you are looking for. You can find more here:
  Select * FROM SYS.DBA_PROFILES WHERE PROFILE = :Name

• How to disable reverse DNS lookup on SSH login

  How do I disable reverse DNS lookup on SSH login in Solaris 9? I'm using the version bundled with Solaris 9.
  OpenSSH documentation says that I should set UseDNS to no but the option doesnt work in the bundled version of SSH server.
  I do not want to upgrade the bundled version of SSH server. Your help will be greatly appreciated.

  Ah nevermind. I think it was some command I ran changing english.lproj that did this so i am starting over.

• Configure Local Machine is grayed out in Server Monitor

  I'm trying to configure one of our Intel Xserves for use with Lithium for monitoring via the LOM port. When I go to Server Monitor the Configure Local Machine menu item is grayed out.
  All the units have the same hardware config and are working so I'm not sure what is going on.
  Where should I begin do you think?
  Thanks.

  I hadn't thought of that so it's not a dumb question. The version of the OS is 10.5.8 and Server Monitor is 1.7, which is the same as the other servers.

• How to configure local account to use local software update service?

  ok folks here is the question. i have OD setup and i configured network users to get updates from my software update and it works just fine. the one thing i cant figure out is how can i configure local machine accounts to get updates from that same server.
  any help would be appreciated.

  Hi VMF
  OK I understand what you are saying. In which case why dont you apply the managed preference at machine level?
  Failing that create an account on the server which is the same as your local admin account. Ideally all the local admin accounts should have the same name and password and the name should be different to the server admin account. One or both of these suggestions should work. HTH

• Client context error message while configuring for social login and personalization

  Hi,
  I am getting the below exception while configuring for social login and personalization.
  27.12.2012 11:21:25.463 *ERROR* [127.0.0.1 [1356587485463] GET /etc/cloudservices/facebookconnect/sample_fb.login.html/callback/connect HTTP/1.1] com.day.cq.wcm.core.impl.designer.DesignerImpl No design at /etc/design/cloudservices. Using default.
  27.12.2012 11:21:46.549 *ERROR* [127.0.0.1 [1356587485463] GET /etc/cloudservices/facebookconnect/sample_fb.login.html/callback/connect HTTP/1.1] com.adobe.granite.auth.oauth.impl.oauth2.Oauth2Helper Problems while creating connection.
  27.12.2012 11:21:46.549 *WARN* [127.0.0.1 [1356587485463] GET /etc/cloudservices/facebookconnect/sample_fb.login.html/callback/connect HTTP/1.1] com.adobe.granite.auth.oauth.impl.oauth2.Oauth2Helper token was null or not in UNAUTHORIZED state:1
  27.12.2012 11:21:46.549 *ERROR* [127.0.0.1 [1356587485463] GET /etc/cloudservices/facebookconnect/sample_fb.login.html/callback/connect HTTP/1.1] com.adobe.granite.auth.oauth.impl.servlet.OAuthProfileImportServlet requestAccessToken: could not retrieve user
  27.12.2012 11:21:46.549 *ERROR* [127.0.0.1 [1356587506549] GET /etc/cloudservices/facebookconnect/sample_fb.login.html HTTP/1.1] com.day.cq.wcm.core.impl.designer.DesignerImpl No design at /etc/design/cloudservices. Using default.
  27.12.2012 11:21:48.455 *ERROR* [127.0.0.1 [1356587508455] GET /etc/clientcontext/default/contextstores/profiledata/loader.json HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Uncaught SlingException org.apache.sling.api.SlingException: An exception occurred processing JSP page /libs/cq/personalization/components/profileloader/command/load/load.json.jsp at line 41
  at org.apache.sling.scripting.jsp.jasper.servlet.JspServletWrapper.handleJspExceptionInterna l(JspServletWrapper.java:574)
  at org.apache.sling.scripting.jsp.jasper.servlet.JspServletWrapper.handleJspException(JspSer vletWrapper.java:499)
  at org.apache.sling.scripting.jsp.jasper.servlet.JspServletWrapper.service(JspServletWrapper .java:451)
  at org.apache.sling.scripting.jsp.JspServletWrapperAdapter.service(JspServletWrapperAdapter. java:59)
  Thanks,
  Shankar .A

  Hi Shankar,
  Any luck with this issue. I am also seeing the same issue
  Thanks
  Pushparajan

• How to Configure Local J2ee Egine with Dev server ECC.

  Hi,
  working with ESS/MSS enhancements. I just imported DC from NWDI and create the application in NWDS.
  But unfortunately I don't have access to Dev J2ee Engine to deploy and check my applications. I installed developer work place in my local machine.
  Now have to test the applications which are related with ECC (like updating DB and fetching detailed from DB). for that I need to configure local J2ee Engine with Dev ECC.
  Could you explain step by step details how can I do this or send me docs to venky0905 at g
  Regards
  Venkat.
  Edited by: Juan Reyes on Apr 14, 2009 9:16 AM
  Edited by: Venkat D on Apr 15, 2009 1:47 AM

  Hi,
  When I am trying to create and set to Jco RFC Provider in visual admin,
  For creating I am giving the parameters of Dev ECC gaveway host & Service details and Direct application parameters.
  When setting to Jco RFC Provider I am just trying to Connect to VPN as I need to connect Dev ECC. once I connect to VPN My local J2ee is shutting down as well visual admin also disconnecting.
  I am not understood what's the connection wit Local J2ee Engine and VPN connection. Is there any netwrok connections I need to perform Or what else I can do to resolve this issue?
  Can you please any once suggest on this at earliest.
  Regards
  Venkat