Moving ssh server off port 22

Similar Messages

• Move nfsd off port 2049?

  Does anyone know if it is possible to configure the nfsd to come up on
  a port other than 2049?
  I want to install an NFS proxy daemon on the standard port and then
  delegate to the real nfsd, running on a different port, as appropriate.

  PPS
  I think you have perhaps missed the point here. Yes - security is a concern - but not one I was addressing with this question. LittleSaint realized I might be concerned about security issues and I agree that simply moving off port 22 has little effect beyond "security by obscurity". That's why moving off port 22 was not my initial priority. Now I have in place what I consider to be reasonable security measures I thought moving away from port 22 would nevertheless still be helpful.
  In my experience it is not true that robot scanners commonly search for ports on which ssh is running. I regularly have log entries in my /var/log/ipfw.log for ports such as 80, 106, 443 and others, but since I don't have services running on these ports it doesn't seem to matter: the packets are blocked by ipfw and as far as I know nothing further happens. The difference with ssh is that someone could be legitimately trying to login. When I see 900 lines in /var/log/ipfw.log with non-existent user names then it is an irritation. I can use grep to check if they happen to hit on a valid user name, but I am currently thinking that if my ssh server was running on port 2**@ instead of 22 then probably I wouldn't see 900 lines in my log file.
  I have seen the effect of an nmap scan on my system to scan every single port - but only because my Systems Manager obligingly had a go -- I have not yet seen such a scan arrive from the wild.
  Point me in the direction of any further security measure I can take. At present I feel I have done everything sensible - but always open to new suggestions.

• Can't delete primary zone in DNS after moving the server

  Woe is me!
  Our MacMini was hosted at a Colo site and working fine. No firewall in front of the machine, so we turned on the server firewall and only allowed mail, web, ftp, and a couple of other services. This worked great using our external public DNS wired to our domain names and public fixed IP address. Later, we got VPN up a running (the trick was to create a second, local IP address for the ethernet port), but this also required us to turn on the server's DNS to create a split-brained DNS server.
  Everything was working swimmingly... and then we had a hard drive crash. Since we were thinking about moving the server onsite anyway (our POS system was accessed through the VPN, but it could be slow and made our tasting room dependent on Internet access in order to run the POS), we ordered Comcast business class internet with a fixed IP address.
  We updated the external public DNS to the new public fixed ip. Rather than plug the mini directly to the Comcast router (which is in pass-through mode), we elected to put a AirPort Extreme in front of it, mainly so we could get all of the POS computers on the same local network without using the mini as a DHCP/NAT router. We created a DHCP reservation on the Extreme so that the mini had a fixed local IP address. We port forwarded everything we wanted to expose to the Internet. Email started to work again. However, web services and VPN are nada.
  This being Snow Leopard Server and having spent literally hours debugging DNS issues when we first got the server, I knew it wouldn't be straightforward. And it hasn't been. Even changing the IP address of the server has been a chore.
  We ran "sudo changeip <old IP address> <new IP address>".
  Then we ran "sudo changeip -checkhostname" and received:
  "$ sudo changeip -checkhostname
  Primary address     = 10.0.8.2 <new static internal IP address>
  Current HostName    = <servername>.<domainname>.com
  The DNS hostname is not available, please repair DNS and re-run this tool.
  dirserv:success = "success""
  Oh no, the black pit of death.
  Even though I tried to modify the machine record in the local DNS to reflect the new internal static IP address, Nada.
  So, looking back on my previous research from Mr Hoffman and others, I stopped the DNS service, and I deleted the primary zone and reverse lookups in order to rebuild them from scratch. Except that no matter what I do, I can't delete the primary zone - it comes back like Dracula (even though the reverse zone and all of the zone records are gone). I tried rebuilding everything using the undeletable zone, but after a few services (saved each one separately), they would suddenly disappear.
  I am leery of messing with the DNS files on the server as I don't want to hose up Server Admin (my command line skills are rudimentary and slow). I have so much installed on the machine now that I am concerned about someone saying "reinstall".
  Help!
  Related to this is that it is not clear to me in web services which IP address you should use for the sites. The internal IP? The public IP? I thought Apache cared about the external IP address. And I think Apache is hosed at the moment due to my DNS troubles anyway.
  Thanks in advance!

  Morris Zwick wrote:
  And does anyone know which IP you enter for your sites in the web service? The public static IP or the internal private static IP?
  For the external DNS server I am sure you have already deduced that it should be the static IP issued you by Comcast and this will be forwarded by your router to your server.
  For your internal DNS server you could use either the internal LAN IP, or the external IP although the later might be affected by your firewall so this you will need to test.
  For the Web Server service in Server admin, if your only running a single website you could avoid the issue by just using the wildcard entry which will respond to any IP address, so this would be an empty host name and an IP address of *
  In fact you don't have to specify an IP address you could just use the hostname, so it will listen to traffic arriving at your server addressed to any IP address and as long as the URL that was requested includes the hostname you define for the site it will get responded to. So if as an example you have two websites you want to serve
  www.example.com
  site2.example.com
  then as long as both have the IP address for the site as an * (asterisk) then both should work as separate sites for traffic addressed to either the LAN or WAN IP address of the server.
  You will still need to use two IP addresses on the server to enable VPN, you could use a USB Ethernet adapter for the second one. Port forwarding for VPN is not as simple as other traffic as VPN requires traffic different to the standard IP and UDP packets. Routers that support 'VPN Passthrough' are specifically designed to accomodate this but I don't know if the AirPort Extreme does this. I have also found PPTP copes better with this sort of setup than L2TP although PPTP is generally regarded as less secure.

• Network error since moving Essbase server into new VLAN

  We just moved a Solaris zone containing an Essbase server into another VLAN and now I am seeing strange problems with network timeouts. When EAS runs "query database" commands in MAXL (when you click on a database, for example), it can hang for ten minutes and then timeout. If I run this locally on the server via essmsh:
  MAXL> query database <Db> get estimated size;
  I get, after ten minutes:
  ERROR - 1056213 - message from server [Network error [145]: Unable to connect to [chr7z037:1423]. The client timed out waiting to connect to Analytic Services Agent using TCP/IP. Check your network connections. Also make sure that server and port values are correct].
  THe server isn't down and I can connect to it via EAS and HSS.
  I am not sure what service is reporting this error - must be APS or HSS (which run on a seperate windows box)?
  Also EAS data previews are painfully slow and/or timeout with the same network error as above.
  The essbase server is in HSS mode.

  Hi Philip,
  As CL said ,even I had faced the similar issue. In our case , it was the concept of DMZ ( they were in 2 different DMZ's ) and not able to communicate and gave the error ( which you mentioned in your post).
  Try to open up the ports ( Try to telnet also to check)
  Sandeep Reddy Enti
  HCC
  http://hyperionconsultancy.com/

• Impossible to connect to an ssh server with Mysecureshell

  Hi,
  I have a SSH server (openssh) with MySecureShell and fail2ban installed.
  When I try to connect as an user whose shell is MySecureShell, I got "permission denied" (in terminal) or "critical error, impossible to connect" in filezilla. As soon as I replace /bin/MySecureShell by /bin/bash in /etc/passwd, I am able to connect. When I desactivate fail2ban, nothing changes. The problem is thus likely to come from MySecureShell.
  I append my /etc/ssh/sshd_config:
  # $OpenBSD: sshd_config,v 1.89 2013/02/06 00:20:42 dtucker Exp $
  # This is the sshd server system-wide configuration file. See
  # sshd_config(5) for more information.
  # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
  # The strategy used for options in the default sshd_config shipped with
  # OpenSSH is to specify options with their default value where
  # possible, but leave them commented. Uncommented options override the
  # default value.
  #Port 22
  #AddressFamily any
  #ListenAddress 0.0.0.0
  #ListenAddress ::
  # The default requires explicit activation of protocol 1
  #Protocol 2
  # HostKey for protocol version 1
  #HostKey /etc/ssh/ssh_host_key
  # HostKeys for protocol version 2
  #HostKey /etc/ssh/ssh_host_rsa_key
  #HostKey /etc/ssh/ssh_host_dsa_key
  #HostKey /etc/ssh/ssh_host_ecdsa_key
  # Lifetime and size of ephemeral version 1 server key
  #KeyRegenerationInterval 1h
  #ServerKeyBits 1024
  # Logging
  # obsoletes QuietMode and FascistLogging
  #SyslogFacility AUTH
  #LogLevel INFO
  # Authentication:
  #LoginGraceTime 2m
  PermitRootLogin no
  #StrictModes yes
  #MaxAuthTries 6
  #MaxSessions 10
  #RSAAuthentication yes
  #PubkeyAuthentication yes
  # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
  # but this is overridden so installations will only check .ssh/authorized_keys
  AuthorizedKeysFile .ssh/authorized_keys
  #AuthorizedPrincipalsFile none
  #AuthorizedKeysCommand none
  #AuthorizedKeysCommandUser nobody
  # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  #RhostsRSAAuthentication no
  # similar for protocol version 2
  #HostbasedAuthentication no
  # Change to yes if you don't trust ~/.ssh/known_hosts for
  # RhostsRSAAuthentication and HostbasedAuthentication
  #IgnoreUserKnownHosts no
  # Don't read the user's ~/.rhosts and ~/.shosts files
  #IgnoreRhosts yes
  # To disable tunneled clear text passwords, change to no here!
  #PasswordAuthentication yes
  #PermitEmptyPasswords no
  # Change to no to disable s/key passwords
  ChallengeResponseAuthentication no
  # Kerberos options
  #KerberosAuthentication no
  #KerberosOrLocalPasswd yes
  #KerberosTicketCleanup yes
  #KerberosGetAFSToken no
  # GSSAPI options
  #GSSAPIAuthentication no
  #GSSAPICleanupCredentials yes
  # Set this to 'yes' to enable PAM authentication, account processing,
  # and session processing. If this is enabled, PAM authentication will
  # be allowed through the ChallengeResponseAuthentication and
  # PasswordAuthentication. Depending on your PAM configuration,
  # PAM authentication via ChallengeResponseAuthentication may bypass
  # the setting of "PermitRootLogin without-password".
  # If you just want the PAM account and session checks to run without
  # PAM authentication, then enable this but set PasswordAuthentication
  # and ChallengeResponseAuthentication to 'no'.
  UsePAM yes
  #AllowAgentForwarding yes
  #AllowTcpForwarding yes
  #GatewayPorts no
  #X11Forwarding no
  #X11DisplayOffset 10
  #X11UseLocalhost yes
  PrintMotd no # pam does that
  #PrintLastLog yes
  #TCPKeepAlive yes
  #UseLogin no
  UsePrivilegeSeparation sandbox # Default for new installations.
  #PermitUserEnvironment no
  #Compression delayed
  #ClientAliveInterval 0
  #ClientAliveCountMax 3
  #UseDNS yes
  #PidFile /run/sshd.pid
  #MaxStartups 10:30:100
  #PermitTunnel no
  #ChrootDirectory none
  #VersionAddendum none
  # no default banner path
  #Banner none
  # override default of no subsystems
  Subsystem sftp /usr/lib/ssh/sftp-server
  # Example of overriding settings on a per-user basis
  #Match User anoncvs
  # X11Forwarding no
  # AllowTcpForwarding no
  # ForceCommand cvs server
  and my /etc/ssh/sftp_config:
  ## MySecureShell Configuration File ##
  #Default rules for everybody
  <Default>
  GlobalDownload 0 #total speed download for all clients
  # o -> bytes k -> kilo bytes m -> mega bytes
  GlobalUpload 0 #total speed download for all clients (0 for unlimited)
  Download 0 #limit speed download for each connection
  Upload 0 #unlimit speed upload for each connection
  StayAtHome true #limit client to his home
  VirtualChroot true #fake a chroot to the home account
  LimitConnection 10 #max connection for the server sftp
  LimitConnectionByUser 10 #max connection for the account
  LimitConnectionByIP 10 #max connection by ip for the account
  Home /home/$USER #overrite home of the user but if you want you can use
  # environment variable (ie: Home /home/$USER)
  IdleTimeOut 5m #(in second) deconnect client is idle too long time
  ResolveIP true #resolve ip to dns
  # IgnoreHidden true #treat all hidden files as if they don't exist
  # DirFakeUser true #Hide real file/directory owner (just change displayed permissions)
  # DirFakeGroup true #Hide real file/directory group (just change displayed permissions)
  # DirFakeMode 0400 #Hide real file/directory rights (just change displayed permissions)
  #Add execution right for directory if read right is set
  HideNoAccess true #Hide file/directory which user has no access
  # MaxOpenFilesForUser 20 #limit user to open x files on same time
  # MaxWriteFilesForUser 10 #limit user to x upload on same time
  # MaxReadFilesForUser 10 #limit user to x download on same time
  DefaultRights 0666 0777 #Set default rights for new file and new directory
  # MinimumRights 0400 0700 #Set minimum rights for files and dirs
  ShowLinksAsLinks false #show links as their destinations
  # ConnectionMaxLife 1d #limits connection lifetime to 1 day
  # Charset "ISO-8859-15" #set charset of computer
  </Default>
  #Rules only for group ftp
  #<Group ftp>
  # Download 25 k/s
  # LogFile /var/log/sftp-server_ftp.log #Change logfile
  # ExpireDate "2007-02-28 18:31:01"
  #</Group>
  #<Group sftp_administrator>
  # IsAdmin true #can admin the server
  # VirtualChroot false #you must disable chroot to have a full support of admin
  # StayAtHome true
  # IdleTimeOut 0
  #</Group>
  #<Group old_client>
  # SftpProtocol 3 #force protocol SFTP
  # DisableAccount true #disable account
  #</Group>
  #Rules only for group ftpnolimit
  #<Group ftpnolimit>
  # Download 0 #0 = unlimited
  # IdleTimeOut 0 #no timeout
  # DirFakeUser false #show real user on file/directory
  # DirFakeGroup false #show real group on file/directory
  # DirFakeMode 0 #show real rights on file/directory
  # MaxReadFilesForUser 0 #0 = unlimited but still have the restriction MaxOpenFilesForUser
  #</Group>
  #<IpRange 192.168.0.1-192.168.0.5>
  # ByPassGlobalDownload true #bypass GlobalDownload restriction
  # ByPassGlobalUpload true #bypass GlobalUpload restriction
  # Download 0
  # DisableAccount false #enable account
  # IdleTimeOut 0 #disable timeout
  # LimitConnectionByIP 0 #no limit
  #</IpRange>
  #<Group trusted_users>
  # Shell /bin/tcsh #give a shell access to TRUSTED clients !!!
  #</Group>
  #<VirtualHost *:22>
  # DirFakeUser false #show real user on file/directory
  # DirFakeGroup false #show real group on file/directory
  # DirFakeMode 0 #show real rights on file/directory
  # HideNoAccess false
  # IgnoreHidden false
  #</VirtualHost>
  #Include /etc/my_sftp_config_file #include this valid configuration file
  My installation is up to date.
  Please let me know if you need supplementary info.
  Last edited by Vincent D (2013-04-15 09:54:06)

  Vincent D wrote:
  Gat wrote:I'm getting the same error, but without using MySecureShell. The problem occurs with any script being placed in user's home directory and specified in /etc/passwd instead of /bin/bash. It's possible for a user to log in to bash and then run the script, so it doesn't seem to be a file permission problem.
  Do you also get the "permission denied"?
  My workaround is to purely remove MySecureShell, but this is not very safe.
  Yes I'm also getting a permission denied error. I guess this might be something we need to set in PAM config, but I wasn't able to find it.

• Proper way to Connect to Automatically Connect to SSH Server

  What is the proper way to automatically connect to an ssh server via applescript?
  I've tried a variety of different things, none of them seemed to have worked yet... I've searched Google for quite awhile, and was wondering if anyone could please shed some light.
  1. do shell script "ssh user@hostname"
  Error Msg: Pseudo-terminal will not be allocated because stdin in not a terminal
  2. do shell script "ssh -t -t user@hostname"
  Error Msg: None; However it doesn't allow me to put a password in
  3. do shell script "ssh user@hostname > /dev/null &"
  Error Msg: None; Same as above
  4. tell application "Terminal"
  do script "stty -echo"
  do script "ssh user@hostname"
  end tell
  Error Msg: None. Popups a terminal window for user to enter password
  I've been using password prompt box, for the user to enter a password and would like a way to pass it directly to ssh terminal running in the background.
  I've also though about using SSH RSA keypairs the only way to accomplish this (no login regquired) but would prefer to use user/password authentication rather than trusted RSA keypairs.

  I am trying to setup an automated port forward through ssh -L and run it in the background for someone who has no idea what ssh is..
  Then either Terminal.app or private keys are your option.
  Could you shed some light on why RSA private keys are more secure? Because can't they be used by any user on that machine?
  Not unless you set it up wrong.
  SSH keys require two matching pieces of information - a private key (normally stored in the .ssh directory in your home directory) and a matching public key stored in the authorized_keys file in the .ssh directory of the home directory of the account you're logging in as.
  These two pieces of data have to match and since they're in the home directories of the respective accounts, they are only accessible to the specific user and not everyone.
  Whereas password authentication requires it to typed in.
  And if it's wrong (e.g. a hacker guesses incorrectly) he can try again, and again, and again until he either gets bored (not likely since he's probably using an automated script anyway) or he gets lucky and gets in.
  People are notoriously bad at selecting passwords. All too often passwords are weak and can be broken via simple dictionary attacks (try combinations of common dictionary words) or social engineering techniques. Public keys cannot be broken in such way (or, at least, the brute force attack is estimated to take the average hacker several years to break through).
  There are also trojan keylogger applications (more common on Windows, of course) - these have the ability to record every keystroke made on the system, which makes it easy to capture someone's password any time they type it.

• Ssh server with keys for authentication?

  Anyone have a link to doco or tutorial that covers how to setup an ssh server running on your Mac (latest version OSX) such that:
  * assumption - port forward ssh port on your home gateway to your Mac
  * keys established (for better security) - i.e. need to have the key available on your external PC when wanting to ssh back to home
  * custom ssh port
  * only access ssh requires for logon from predefined external IP addresses (or perhaps this is something you'll setup on your home internet gateway/router along with port forwarding)

  hi kbwrecker,
  as i know, sharepoint will as well follow the diagram that you posted before, additional article
  https://technet.microsoft.com/en-us/library/cc262350(v=office.15).aspx#plansaml
  i checked with our ADFS engineer, the certificate is to sign the token, so, it should not have any relation directly to each of the realm.
  i am not quite sure on how this ADFS and token signing, will work that deep, as from sharepoint side, we may need only the certificate that is valid, and update them to our environment, to make it work.
  for more details regarding this issue, you may try to open a thread as well in the ADFS thread for this.
  based on the additional article, your design may able to work, but we encourage you to seek more deep answer in ADFS forum thread
  https://technet.microsoft.com/en-us/windowsserver/dd448613.aspx
  Regards,
  Aries
  Microsoft Online Community Support
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Can not connect to a remote SSH server with my mac

  Ok have tried 4 different applications, fetch , captain ftp, terminal, etc.
  I am trying and connect to a friends ssh server to upload some file logs. I have the correct login/password, have tried both protocol 1 and 2. Port 22 is correct. I keep getting the error message
  User logging error - captain ftp
  SFTP connection to ..... could not be opened becasue the connection to the SFTP server could not be established or was lost - Fetch
  sshexchangeidentification: Connection closed by remote host - Ternminal
  We have tested it using Telnet and other programs on a PC and all is well.
  When i try and connect he receives the message
  Refused connect from cpe-"ip address"(ip address)
  policy: HostKey/etc/ssh/sshhost_rsakey
  Do i have a setting somewhere i am missing.

  1st, is the server behind a home router? Has port 22 been "Port Forwarded" from the internet side to the server's side of the router?
  2nd, from a Terminal session use the command:
  ssh -v -v -v [email protected]
  The -v -v -v triplets will give you a wealth of ssh connection information. If you read through this carefully you may find the root cause of your problems (assuming the 1st step above doesn't yield results).
  Another thing to consider, is that ssh will not make a connection to an account that it does not consider to be reasonably secure. This means that the home directory of the account and specific key subdirectories must have proper ownership and permissions, or ssh will not connect. The specific ownership and permissions needed and the files and directories checked are spelled out in the ssh man page
  man ssh

• TS3276 cannot receive or send mail, server off line "ssl off" how do I turn ssl on?

  Cannot receive or send mail.  Server off line  "ssl off " . how do I turn on ssl?

  Hello there, gillaf.
  To turn adjust your SSL settings the following Knowledge Base article will be of assistance:
  Mac OS X Mail: About Secure Email Communications (SSL)
  http://support.apple.com/kb/TA25586
  Setting up Mail for SSL
  Important: These steps require Mac OS X 10.1.3 or later.
  1. Open the Mail application.
  2. Choose Preferences from the Mail application menu.
  3. Click Accounts.
  4. Select an account name, and click Edit.
  5. Click the Account Options tab.
  6. Click the Use SSL checkbox to enable this option.
  Selecting the checkbox will auto-populate the default port numbers. If there is a non-default port number already present, it will not change. You can manually enter a number if your ISP gave you a different port number. Be sure you enter the correct port for your mail server here when selecting SSL, even if it auto-populates a default number.
  Note: If SSL is accidentally set up when it should not be, or is configured using the incorrect port for your mail server, an alert box with a message similar to this may appear:
  "Fetch Error: Couldn't connect to a POP host name mail.apple.com."
  Thanks for reaching out to Apple Support Communities.
  Cheers,
  Pedro.

• The server returned the error: The connection to the server on port 143 timed out.

  Hello,
  I recently got a MacBook Pro which cam ewith Mavericks. I have entered the email addresses I use the most, they are a combination of Gmail and personal ones that are set up with two different hosting companies. After a random amount of time which may be 5 minutes after opening Mail up to 8 or 9 hours the mailboxes start giving the error 'The server returned the error: The connection to the server xxxx.xxxx on port 143 timed out.' where xxxx.xxxx is the IMAP incoming mail server, the port is 993 for the Gmail accounts. Once it happens for one the others soon follow. The same accounts on my Mac Pro still work correctly at the same time. Anyone have any ideas?
  Edit: I have run the Connection Doctor and while it can connect to each of the SMTP servers it cannot connect to any of the IMAP ones.  A restart of Mail will cure this temporarily.

  Mobileme has moved to moved iCloud:
  http://www.apple.com/icloud/setup/
  Note, if you have Mac OS X 10.6.8 or earlier, read this tip before updating to 10.7:
  https://discussions.apple.com/docs/DOC-6271
  And this tip about changes to iCloud from Mobileme:
  https://discussions.apple.com/docs/DOC-2551

• Moving OSX server to a different Mac. Suggestions requested.

  We are moving our server software from a G4 to a G5. Is there a preferred procedure to do this and retain preferences/users and groups/passwords, etc ...?
  I've seen the following mentioned:
  - Copying 'old' server drive with CCC or SuperDuper, and restoring it to the 'new' one.
  - Exporting the Users and Groups (understanding that passwords will be lost).
  Does the OSX Server install DVD let you use Migration Assistant like the regular OSX software?
  TIA

  I haven't used the DVD but I have used CarbonCopy cloner to clone an OS X server drive & move it to another machine. The IP address has to be the same or you won't be able to login. If the ethernet ports are different your IP won't be active.

• Fails to connect to SSH Server

  Hi
  I have a IDM-7.1 installation which should connect to a solaris 8 resource running an old ssh server (1.2.31) and when I run a Test Configuration on this resource I get this error message:
  Test connection failed for resource(s):
  Solaris: Could not connect to my.hostname:22: Can't connect to a server with version SSH-1.5-1.2.31
  I guess it is because IDM's ssh client will only talk to SSH2 servers, is there any way of getting it to connect or must I upgrade the SSH server first?
  Regards
  Thomas

  Thomas,
  Upgrading to SSH2 will allow you to integrate fully. Pre-SSH2 versions is not supported by the Solaris adapter.
  The com.waveset.adapter.SolarisResourceAdapter (in other terms the solaris adapter) extends the SVIDResourceAdapter which implements ScriptedConnection. ScriptedConnection leverages Appgates ssh2 package. More information about the ssh2 package can be found : http://www.appgate.com/products/80_MindTerm/80_API_Documentation/com/mindbright/ssh2/package-summary.html
  Now, the good news is that there is an ssh1 package available so by writing your own addition to the standard code you should be able to leverage the ssh1 package part of the com.mindbright packages.
  So if you are forced to integrate using SSH1.5 - write some additional code to do it, else upgrade the SSH daemon to an SSH2 compatible daemon. The latter is to my opinion good decision anyway.
  Anyway, thats my 2 cents..
  /Anders

• Can't sent mail. connection to server on port 25 timed out.

  Can't send mail. Connection to the server on port 25 timed out. I keep getting this error when sending mail. I can receive mail but just can't send.
  When I connect directly to the cable modem, thus removing the Airport from the set up, the mail sends fine. I recently updated the Airport with firmware update 5.7 and I'm wondering if there are some settings on the airport that may be affecting this? Any ideas on what I'm missing? I'm baffled.
  I am using a 17" Powerbook running OS 10.3.9 and connecting wirelessly to an Airport Extreme. I'm using Apple Mail as my email software, but I have also tried to send through Entourage with no luck. I am using an email account and SMTP server provided by my ISP. I also have an old iMac running 10.3.5 that is wired directly to the Airport. I have an email account set up on the iMac and can't send from there either.

  I tried changing the MTU on the iMac which is wired directly to the airport.(I have an old iMac running 10.3.5 and a Powerbook G4- the G4 connects wirelessly to the airport) I changed it to 1492 but didn't still wasn't able to send mail. I feel like I'm stabbing in the dark with this, is there a way to determine what the packet size should be?
  MTU will vary with connection type. Cable and non-PPPoE, can use up to 1500, whereas PPPoE connections (WinPoet, RASPPPOE, Enternet, etc.) can only use up to 1492. For secure VPN connections (i.e., IPSec) use a MTU value less than 1500.
  The best value for MTU is that value just before the packets get fragmented. To test, use the Ping utility.
  OS X: ping -D -s 1472 www.dslreports.com
  WinXP: ping -f -l 1472 www.dslreports.com
  Reduce 1472 by 10 until you no longer get the “packet needs to be fragmented” error message. Then increase by 1 until you are 1 less from getting the same error message. Add 28 more to this (since your ping packet size, not including IP/ICMP header is 28 bytes). This will be your MaxMTU. (Note: If you can ping thru at 1472, stop, you’re done! Add 28 and your MaxMTU is 1500.)
  Some typical MTU values:
  1500: The biggest sized IP packet that can normally traverse the Internet without getting fragmented. Typical MTU for non PPPoE, non VPN connections.
  1492: The MaxMTU recommended for Internet PPPoE implementations.
  1472: The maximum ping data payload before fragmentation errors are received on non-PPPoE, non-VPN connections.
  1464: The maximum ping data payload before fragmentation errors are received when using PPPoE connected machine.
  1460: TCP Data size (MSS) when MTU is 1500 and not using PPPoE.
  1452: TCP Data size (MSS) when MTU is 1492 and using PPPoE.
  1400: MaxMTU for PPTP Tunneling VPN (Win2K/WinXP).
  576: Typically recommended as the MTU for dialup type applications...leaving 536 bytes of TCP data.

• No Http server on port 8080 with 10g Express Edition ( TNS-12631 error)

  I downloaded the Oracle 10g Express Edition for Microsoft Windows and tried to install the software on 3 pcs.
  2 pc works but mine is not working.
  All works well during installation but when I want to connect to the home web page, it displays error (http://127.0.0.1:8080/apex)
  It isnormal because I have no process running under 8080 port.
  But I don't know why there is not an http server on port 8080.
  netstat -a :
  Connexions actives
  Proto Adresse locale Adresse distante Etat
  TCP LABOLLC:epmap LABOLLC.castel.fr:0 LISTENING
  TCP LABOLLC:microsoft-ds LABOLLC.castel.fr:0 LISTENING
  TCP LABOLLC:1521 LABOLLC.castel.fr:0 LISTENING
  TCP LABOLLC:42510 LABOLLC.castel.fr:0 LISTENING
  TCP LABOLLC:1051 LABOLLC.castel.fr:0 LISTENING
  TCP LABOLLC:1255 LABOLLC.castel.fr:0 LISTENING
  TCP LABOLLC:1291 localhost:1292 ESTABLISHED
  TCP LABOLLC:1292 localhost:1291 ESTABLISHED
  TCP LABOLLC:netbios-ssn LABOLLC.castel.fr:0 LISTENING
  TCP LABOLLC:1338 messagerie.castel.fr:1026 ESTABLISHED
  TCP LABOLLC:1342 messagerie.castel.fr:1390 ESTABLISHED
  TCP LABOLLC:1355 messagerie.castel.fr:1026 ESTABLISHED
  TCP LABOLLC:1359 messagerie.castel.fr:1390 ESTABLISHED
  TCP LABOLLC:1472 messagerie.castel.fr:epmap TIME_WAIT
  TCP LABOLLC:1473 messagerie.castel.fr:1026 TIME_WAIT
  UDP LABOLLC:microsoft-ds *:*
  UDP LABOLLC:isakmp *:*
  UDP LABOLLC:1027 *:*
  UDP LABOLLC:1339 *:*
  UDP LABOLLC:1340 *:*
  UDP LABOLLC:1356 *:*
  UDP LABOLLC:1357 *:*
  UDP LABOLLC:1427 *:*
  UDP LABOLLC:4500 *:*
  UDP LABOLLC:ntp *:*
  UDP LABOLLC:1028 *:*
  UDP LABOLLC:1062 *:*
  UDP LABOLLC:1900 *:*
  UDP LABOLLC:ntp *:*
  UDP LABOLLC:netbios-ns *:*
  UDP LABOLLC:netbios-dgm *:*
  UDP LABOLLC:1900 *:*
  UDP LABOLLC:42508 *:*
  The file sqlnet.log contains the following comments :
  Fatal NI connect error 12631, connecting to:
  (DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))
  VERSION INFORMATION:
       TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
       Oracle Bequeath NT Protocol Adapter for 32-bit Windows: Version 10.2.0.1.0 - Production
  Time: 08-MARS -2007 16:28:39
  Tracing not turned on.
  Tns error struct:
  ns main err code: 12631
  TNS-12631: Echec de recherche de nom
  ns secondary err code: 0
  nt main err code: 0
  nt secondary err code: 0
  nt OS err code: 0
  I don't know what to do !!
  Help

  Yes i Check all that.
  For example, I have Tomcat installed on my PC and I can launch it easily.
  So that means that port 8080 is completly free.
  No I haven't http service as you can see with netstat results.
  Lokk at the log sqlnet.log, I have following :
  Fatal NI connect error 12631, connecting to:
  (DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))
  VERSION INFORMATION:
       TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
       Oracle Bequeath NT Protocol Adapter for 32-bit Windows: Version 10.2.0.1.0 - Production
  Time: 09-MARS -2007 14:46:35
  Tracing not turned on.
  Tns error struct:
  ns main err code: 12631
  TNS-12631: Echec de recherche de nom
  ns secondary err code: 0
  nt main err code: 0
  nt secondary err code: 0
  nt OS err code: 0
  Thanks

• ICal stuck "moving to server account", how to resolve this?

  I just got an iPhone and finally am syncing with iCloud, but now my calendars are stuck "moving to server". I have tried many resolutions found on support threads but none are working. I have tried logging out of iCloud, restarting computer, force quitting iCal...when I try to log out of iCloud and Delete on my Mac, System Preferences fails and quits on me. I can't uncheck the Calendars and Reminders box because it's greyed out and spinning. i'm on OS 10.8.5

  Same issue...and not happy about switching to Mac!