Disable Non-Root Connections to WindowServer via SSH

Similar Messages

• Website paths showing root level log in via ssh and not the specific spot?

  Hello, I have three sites on 10.5 server. Most of it in house use but when logging in or mounting for example archive.ota.com via terminal it brings you to the root level / of my server. The webfolder is set on my raid array for example /Volumes/website1/archive where I would hope it would bring you as home directory? The specific user set up has that as the home directory but still mounts higher up? Is this a permissions thing? Home directory maybe? Not sure what I am missing. I am rusty on this I admit. Thanks

  I was having the same issue with Eclipse. If I launched an xterm and then ran eclipse it worked fine but as a published application, it would die after showing the Eclipse splash screen for a second. Adding the ampersand to the end of the launch command fixed it. Strange.
  Thanks for following up your post with the fix. I don't think backgrounding the process from the SGD launcher would have ever occurred to me.

• Opening Multiple DB Connections to MySQL via SSH Tunneling

  I'm connecting to a MySQL database through SSH.  Specifically I'm using PuTTY to establish a connection, and then tunnel the port through 3306.  Then I'm creating an ODBC Data source to my local 3306 port and using that datasource to open the connection in LabVIEW.
  I'm looking to run queries in parallel, and to do that, I believe I need to open up multiple connections.  Has anyone tried this before? Is there anyother way to do this?

  Hi Jonathan,
  I wasn't able to find too many resources on using multiple connections to a MySQL through SSH.  
  I was able to find this:
  http://digital.ni.com/public.nsf/allkb/C49602A79827DDBE86256CE9005757D5
  that might give you some more information.
  I would try to open up multiple connections if the database supports it and try it that way.
  If you have any troulbe with that route, feel free to let us know.
  Sincerely,
  Bogdan Buricea
  Applications Engineering
  National Instruments
  Bogdan Buricea
  Applications Engineer
  National Instruments

• Unable to direct connect to 6509 via SSH

  I have a 6509 with s72033_rp-ADVIPSERVICESK9_WAN-M 12.2(33)SKJ5. I can SSH into the device via another switch, however I am unable to directly SSH to the device. Has anyone run into this issue? could the IOS be the cause of this?

  Hey Chris,
  Have you tried pinging the device from your machine?
  Regards,
  RS.

• Can't connect with gftp via ssh

  Hello,
  I installed openssh on a computer and configured my accsess to it...
  I can access it with scp,ssh,sftp from command line with no problem by entering my passphrase and everything runs smoothly...
  I want to be able to use gftp to access the files in it, it's a bit more comftarble for me then the command line.
  when I try to connect I give gftp the Host, port user and in pass I tried both the user's password and the passphrase and each time I get this reply :
  "There was an error initializing a SSH connection with the remote server. The error message from the remote server follows:
  ssh_askpass: exec(/usr/lib/ssh/ssh-askpass): No such file or directory"
  does anyone knows how to solve this problem?
  Thank you,
  Grey

  Pinging is fine. How would I check the firewalls?
  I also noticed this message in the system log:
  /usr/libexec/sshd-keygen-wrapper: getnameinfo() only supports IPv4/IPv6. Connection from address family: 5

• How to logout remote server via SSH

  I have a server running flux, I just want to log it out (it auto-logs back in, no GDM screen). How do I do this if I'm connected to it via SSH? Again, I want to log out the server as though I would do ctrl+alt+backspace locally, but through SSH.
  TIA

  I just realised how you start your session by auto login, so my above answer was pretty useless. The way I manage my server with an occasional gui session is to just use gdm and start/stop the daemon as needed via ssh then switch to a vnc  or xdmcp session.

• Connecting to sf302-80p via ssh-prevent prompt for password

  Hi there.
  I'm wondering if anyone knows to set up the switch so that when I'm connecting via SSH, the switch doesn't prompt for a username if I supply one in the initial connect request?
  For example, we usually connect by typing something like the following at a command prompt:
  ssh [email protected]
  Then the switch would prompt for a password.
  I've tried this on the Cisco SF302 but it still prompts for a username, and then the password.
  Thanks for reading this post!

  After doing some research, here's the solution to our problem.  Others may have resolved in a different way, but this seems to work for us.
  What we noticed is the following:
  1.  popular ssh libraries like phpseclib were failing on this switch because of the limited ssh implementation.
  2.  php's ssh2_auth_none function returns TRUE on this switch. 
  What does this mean? 
  It seems that the ssh protocol has an authentication method called  "none". This is insecure, and is usually disabled on most switches. The ssh2_auth_none() function attempts to connect without any authentication and if it fails, it returns a list of the authentication methods that the server accepts.  In the case of the SF300.. it DOES NOT FAIL and returns nothing for the authentication methods.
  3. Known CLI and SSH Limitations
  Although they weren't able to give us a solution, CISCO tech support did explicitly state that the small business class switches have a  limited CLI and a pared down version of SSH as well so you cannot treat  it as you an enterprise level switch that has a full blown ssh  implementation.
  In case it helps, here's a little snippet of code that shows how to connect to these types of devices:
  <?php
            $username = 'myusername';
            $password = 'mypassword';
            $connection = ssh2_connect('123.123.123.123', 22);
            //$authentication_methods = ssh2_auth_none($connection, 'user');
            $stdio_stream = ssh2_shell($connection);
            fwrite($stdio_stream,$username."\n");
            sleep(1);
            fwrite($stdio_stream,$password."\n");
            sleep(1);
            echo "Results: " . stream_get_contents($stdio_stream); 
            echo 'sending show bonjour command:
           fwrite($stdio_stream, "show bonjour".PHP_EOL); //you can use \n instead of PHP_EOL but PHP_EOL is recommended.
           sleep(1);
           echo "
  Results: " . stream_get_contents($stdio_stream); 
  ?>
  Hope this helps anyone who's attempting to connect to these types of devices programmatically.

• Accessing Disabled Accounts via ssh

  We have user accounts on our OS X Tiger Server where the user has installed a public key into their ~/.ssh/authorized_keys file.
  The problem:
  If I uncheck "access account" in Workgroup Manager for one of those users, they can still login to the server via ssh, authenticating with their private key.
  So, how can I truly disable access to an account that has a key pair installed for ssh?
    Mac OS X (10.4.5)  

  Have you tried using WGM to change their login shell to "none"?

• Unable to make a transparent connection from non root user

  Hi
  I am trying to make a transparent connection from a non-root user and I am having permission denied when trying to generate ssh keys, as per below:
  $ ssh-keygen -t rsa
  Generating public/private rsa key pair.
  Enter file in which to save the key (/global/xnode/taprap/.ssh/id_rsa):
  Enter passphrase (empty for no passphrase):
  Enter same passphrase again:
  open /global/xnode/taprap/.ssh/id_rsa failed: Permission denied.
  Saving the key failed: /global/xnode/taprap/.ssh/id_rsa.
  Its working fine as root user, but not for any other user.
  Please can you help
  FR

  Hi
  for /global/xnode/taprap I have:
  drwxrwxrwx 35 taprap other 59904 Sep 30 10:35 taprap
  and for the .ssh
  ls -al .ssh
  total 122
  drwx------ 2 105 other 512 Jan 27 2009 .
  drwxrwxrwx 35 taprap other 59904 Sep 30 10:45 ..
  -rw-r--r-- 1 105 other 440 May 3 2010 known_hosts
  ls -al /.ssh/id_rsa
  -rw------- 1 root root 883 Mar 15 2011 /.ssh/id_rsa

• Error connecting from Mac to Linux via SSH (Permission denied (publickey...

  Hello together,
  I have a perfectly working setup with my XP machine, Putty and my Suse Linux server that allow for remote login via SSH. I use Public Key authentication.
  However, when I try to login from my Mac, all I get from the Mac side is a
  "Permission denied (publickey,keyboard-interactive)."
  And I can't establish the connection. On the server in 'messages' I get:
  "sshd{6046}: Accepted publickey for {userName} from {myHomeIP} port 38335 ssh2"
  What could be wrong here?
  I would like to use the same keys on my PC and my Mac so I just copied the key files into the .ssh directory on the Mac, did a chmod 600 on them and then tried to remote log-on with the follwoing from the terminal:
  "ssh -l {userName} {host} -i {keyFile}"
  My questions are:
  1) How am I sure that the Mac uses the right key files? (or uses them at all)
  2) How come my server says "accept publickey" and no connection is established?
  3) Do you have any other idea on how I might get this to work? What I need is a method to copy files (not via FTP) to my server and let the process run without supervision / user interaction.
  Thanks a lot for all your help!
  Cheers
  Message was edited by: Sebastian_R (some typos)

  If you copied your files from Windows, I would check to make sure your lines are <LF> terminated. I have not played with Putty so I do not know the way it line terminates its ssh key files, but Windows has a long tradition of using <CR><LF> to terminate its lines.
  cat -v ~/.ssh/id_rsa # or whatever your file names are
  If there are <CR> characters in the file, they will show up as ^M
  Next get more diagnostic information from ssh using an *ssh -v -v -v*
  If you know how to tell Putty to do the same thing, do it from Putty as well.
  Now compare the debug output from the working vs the non-working ssh commands. The differences will tell you a lot.
  If you look at *man ssh* and search for permissions it will tell you what files need restrictive permissions. You can get a permissions denied error if your home directory allows Group or Other write access. The $HOME/.ssh directory needs to be set so ONLY the Owner is allowed to access it. And some of the files in $HOME/.ssh require specific permissions. The ssh man page details this.

• Can't log in as root via ssh, secure.log says it has expired

  Hi,
  I've followed the guides to enable the root account via Directory Utility but I can't log in via ssh. In secure.log I get:
  Apr 26 09:09:56 snowy sshd[1797]: in pamsmauthenticate(): Failed to determine Kerberos principal name.
  Apr 26 09:10:00 snowy sshd[1794]: error: PAM: user account has expired for root from <xxxx hostname removed for privacy> via 10.0.0.1
  I've tried enabling/disabling the root account, changing its password.. I've made sure the root account is enabled in sshd_config and that it has a valid shell in /etc/shells.
  If anyone can tell me how to fix this I'd be very grateful.
  Thanks,
  Mark

  Nevermind I figured it out, needed to enable ssh for 'Administrators' group in Sharing -> Remote access

• Connection hange while trying to connect via ssh.

  Hi all,
  I have this problem and i fixed it, just wanted to understand the logic behiend it.
  I tried to login to a machine via ssh.
  After providing the username and password, the connection hang until you press CTRL -C.
  I checked DNS configuration, and some other stuff.
  The problem was a NFS entry in the vfstab that was unreachable.
  When i removed it, the connection went smoothlly.
  My question is, why that entry caused that problem ?
  Thanks!

  At login, the shell runs 'quota -v' to display any over-quota conditions that might exist.
  If the NFS mount was not mounted with "noquta", then it will send an RPC request to the server. If the server is down, that request will take 60 seconds to time out. If you have multiple mounts to the server, they might run sequentially.
  The login should complete after a minute or so, but most users won't wait that long.
  Darren

• ORA Connect via SSH Tunnel on Windows failed! LINUX works ...

  Hello again,
  i tried to establish a Oracle Client Connection via SSH Tunnel on WinXP Pro.
  1. Opened SSH-Tunnel Connection with plink (putty)
  TUNNEL: 10.5.1.111:1521 => localhost:1521
  (plink works fine with telnet, MySQL Client and other stuff)
  2. Connected with Oracle Client on Tunnel END => Localhost, Port 1521
  3. WIth ORA8i i got: Paket Error, With ORA10g i get: TNS: no listener
  plink works fine, so i dont think the problem is located there.
  i tried, tnsnames.ora, easyconnect and TNS-Less. So i guess, its not related to the connection method.
  i tried the same on LINUX ... ssh tunnel and sqlplus connect ... IT WORKS !
  Does Oracle need an aditional Port?
  Does it have Problems with WIN2UNIX Connections? (ORA DB is on UNIX)
  tnx

  Hi,
  Hum..., I guess this not work!
  Looking for this schema below, you need put the 1521 port
  If you desire, access the www.ssh.com site and download other ssh program
             Secure Connection
     +---->-------[SSH]-------->-----+
     |                               |
     |                               |
     ^                               |
     |       Insecure Connection     v
  CLIENTE--->--------------------> ORACLE
  ssh2 -l oracle -L 1521:192.148.1.251:1521 200.10.11.12
                      |          |                |
                      |          |                |
                 A  LOCAL        |                |
                 B       INTERNAL IP ORACLE       |
                 C                       EXTERNAL IP (GATEWAY)
                                                       C                             B
        | Firewall| . . . . .|INTERNET| . . . . . . |Firewall| . . . . . . . . . . |ORACLE|
        | Gateway |                                 |Gateway |                 192.148.1.251:1521
             .                                     200.10.11.12                                  
       A     .
     |Oracle Client|
     (TNSNAMES.ORA)
       <SERVICO> =
         (DESCRIPTION =
           (ADDRESS_LIST =                     
             (ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.1)(PORT = 1521))
           (CONNECT_DATA =
             (SID = <ORCL>)
         )Cheers

• I can not connect via SSH to a MacBook (the internal home network)

  Hi all! There is an internal home network of three computers and Wi-Fi router. On the router and the computers with Win7 via SSH I go (with a MacBook) without problems, but on a MacBook with any other computer can not enter via SSH. What could be wrong?

  ssh -v -v -v [email protected]
  Do this once for a working system,
  And once for a broken system.
  Compare the output and see what is says where the broken system changes radically from the working system.
  Also on the destination system look in the /var/log/secure.log file for sshd entries to see if the destination system is rejecting your connection and for what reason.
  It is possible on the destination system to get even more information by changing the /etc/sshd_config file entry
  #LogLevel INFO
  to
  LogLevel DEBUG3
  then issue the command
  sudo kill -HUP  `/var/run/sshd.pid`  # reload sshd configuration parameters

• How to make none root user to connect to TCP Port  (web ports)

  how to make none root user (any user)
  to connect to TCP Port 80 or port 81 or any port less than 1024
  cause i have web server i want to run and stop service with none root userand on port 80 and port 81
  can you help me and give me steps

  I believe Solaris 9 also has RBAC control. If so then all you need to do is present the uid with the PRIV_NET_PRIVADDR privilege. See the privielegs(5) manpage for more information on the subject.
  This privilege will allow the userid to bind to ports < 1024. You can give a user this privilege either by using usermod (you will probably need the auth_attr(4) manpage as well) after which you need to login again. Or you can try using ppriv to modify the privileges on the users shell.