QoS: Locally sourced SSH/Telnet/...
Doing some packet sniffing at the moment. I noticed that SSH/Telnet packets that are returning from Cisco Catalyst 3750 switches and Cisco 2800 routers are being marked with CS6. I was aware about Control Plane protocols that mark traffic with CS6/CS7, like IP Routing Protocols, STP, NHRP and others. Haven't heard anything about SSH/Telnet though. Those belong to Management Plane. Have googled for hours to find any Cisco document with the full list of protocols and how those are being marked (CS6/CS7) if sourced locally. Found nothing.
Anyone to spill the bins?
Much appreciate
Thanks for your input... Although it haven't made it clear
Here's my config
C3750#sh run all | inc ip.ssh|ip.telnet
ip ssh time-out 120
ip ssh authentication-retries 5
ip ssh break-string ~break
ip ssh dh min size 1024
C3750(config)#ip ssh dscp ?
<0-63> ip dscp value (default value 0 )
Looks odd to me. As I said, Wireshark displays all returning SSH frames (that is, originated on switch) with 802.1p = 6 and DSCP = CS6. The output above states the default value has to be 0, and I don't have any commands that rewrite the default behaviour.
I have QoS enabled on the switch (mls qos) with relevant maps created. I do not have any QoS policies for the locally originated traffic in place (i.e. ip policy globall command).
Strange
Similar Messages
-
ASA ssh,telnet.jar smart tunnels problems
Hi
From my asa I'm trying to gain access to some servers Linux (no local firewalls on them) from the clientless session using the ssh,telnet jar plugin.
The plugin starts and shows the login prompt and then I enter the correct user name and passwords and then I'm left with a black square.
Any suggestions for debugging?
ASA runnig 9.1, the problem is to both Linux boxes and a IOS router.On testing the above even further, I seem to have an issue...
With the following configuration loaded...
aaa-server TLS-ACS5 protocol tacacs+
aaa-server TLS-ACS5 (inside) host 10.0.20.200
key passme123
aaa authentication ssh console TLS-ACS5 LOCAL
aaa authentication telnet console TLS-ACS5 LOCAL
aaa authentication ssh console TLS-ACS5 LOCAL
aaa authentication telnet console TLS-ACS5 LOCAL
aaa authentication enable console TLS-ACS5 LOCAL
With the PIX in communication with the ACS the above works well, with me successfully logging in with credentials added to the ACS.
On testing this further I have taken the link down between the PIX and the ACS (to recreate a failure scenario). I can still login using the internal (LOCAL) username & password. This seems to work fine, however if I try to access the exec-privilege mode (i.e. enable) the PIX does not except the enable password added to the configuration moreover it prefers the same password used for creating the initial user.
username admin-user password adminpass123 encrypted
enable password enablepass123 encrypted
For example; with the above lines in the running configuration of the PIX , I can login into PIX using admin-user and enter the password adminpass123. However, if I try and then go onto access exec-privilege mode (i.e. enable) the PIX does not except the password "enablepass123" put does except "adminpass123"... this is even with "aaa authentication enable console TLS-ACS5 LOCAL" added to the running configuration.
Has anyone else seen this issue on a PIX/FW. Am I missing something from my configuration? Does anyone know of a workaround to this issue or is it just something I have to live with? -
Local Sourcing FIELD IN SRM 700 CONTRACT
Hello all
in SRM 700 - what is the use of this field Local Sourcing CHECK BOX in the item data ?.
MuthuHi jay
so CCTR contract ca be distributed backend and BUYER have control to local sos in Extended classic.
so this CCTR CONTRACT CAN BE USED FOR backend source of supply as well as ECS.
mUTHU -
Rescue CD/distribution that enables ssh/telnet on boot?
Hi all,
I am looking for a distribution/live cd that enables ssh/telnet (or something similar) on boot. The reason I need this: I am trying to get data from a broken all-in-one PC (only the monitor appears broken), and do not have access to a monitor.
I have searched google for this, and it looks like this particular livecd may not exist, and that I may have to create my own livecd (something I have never done before...).
I figured I'd ask here first, in case anyone knew of such a livecd.
ThanksWonderWoofy wrote:
I never said you were rude, but I am giving you a viable solution. It is not like you are going to have to do this over and over again, you simply need access to your headless machine (hopefully just once anyway).
I did exactly what I am proposing to you when I installed Arch on my headless server. So I know it can be done, and it is probably one of the simplest of solutions... by that I mean you could be moving data off your drive by now.
Insert Archiso and press power button
...give it some time to boot...
# passwd <desired password>
# systemctl start sshd
PROFIT!
I tried this earlier, but it did not seem to work. I'll move the PC downstairs and hook it up straight to the router instead of my current usage of powerline ethernet (seems harder to find the IP with nmap), and try the arch iso again.
The good news is that I know it boots from the CD, from looking at the various lights and listening to the hdd/drive sounds. xD -
Ip local source spoof attack on ips
Hi Guys,
we have ip local source spooof attack on our cisco ips the signature id on ips is 1104..what will be the proper metigation for this attack...
Regards
SherHi Prapanch,
the ips logs for the attack is following..i used packet dispaly command on my senson but couldnt find any any mac address ...
participants:
attacker:
addr: 127.0.0.1 locality=OUT
target:
addr: 108.122.0.0 locality=OUT
os: idSource=unknown type=unknown relevance=relevant
actions:
denyPacketRequestedNotPerformed: true
riskRatingValue: 100 targetValueRating=medium attackRelevanceRating=relevant
threatRatingValue: 100
protocol: IP protocol 0
Regards
Sher -
CiscoWorks:Archieve configurations of routers/switches with only ssh/telnet
Hi,
I want to do the archieve configurations of couple of routers/switches with only ssh/telnet and rest thousands of devices will be via snmp.
Currently I am backing up the configurations of thoudands of routers/switches via snmp, as snmp is configured on them, but couple of routers/switches are external and snmp is not configured on them so I want to get their configuration via ssh/telnet only.
Please advise me that is it possible to do the archieve configurations of routers/switches with only ssh/telnet?
I am using the
LMS: 1.2.0
RME: 4.3.0
CS: 3.3.0
CM: 5.2.1
DFM: 3.2.0
ThanksThe config archive protocol order applies to all devices universally. Since you are using TFTP for most of your devices, I recommend you leave TFTP at the top of the protocol order list. Add TELNET and SSH below TFTP. The external devices will be attempted with SNMP/TFTP, but those operations will fail. RME will then fall back to TELNET then to SSH. It will eventually fetch the configuration successfully.
-
Ssh, telnet, ftp & tftp services stop working
I have a new SunV245 running Solaris 9 that when I start the server up everything works good, but after 8-12 hours the network type services quit working (ssh, telnet, ftp, & tftp) however I can still ping the interfaces so the network is there. I reboot and everything starts working again. Has anyone seen this before? Is there some kind of power save option that could be shutting the inetd type services down?
Cat and Maximo,
> Let me try to get that straight. Your BM does static NAT for your
> mailserver (and other boxes), and suddenly UDP and ICMP from these
> natted servers through the BM still works, but TCP doesn't?
Yes. That's what it looks like.
> Can you still do TCP *to* the BM from the natted devices when that
> happens? As you say your proxy continues to work, it sounds as if TCP in
> general on the server continues to work, but does it also work from the
> mailserver?
Everyone browsing via BM proxy continues with no interuption.
The mail server can telnet to any other server on the internal LAN but
nothing past BM. DNS continues working for the mail server too.
> If really nothing changed, this might be a (succesful) DOS attack of
> some sort. I wonder if a LAN trace could reveal anything of interest.
Do you mean port scan the BM server?
I know that "nothing has changed" is a loaded statement. The only thing
(that I know of) that has changed relatively recently is the addition of
the Squid server. It has been running behind the BM server for about 3
weeks. Recently I added a filter exception allowing the Squid server to
access higher ports (dyn/tcp).
But, as I noted before, I think removing ipflt should eliminate any
doubts there. Is there some way Squid could be corrupting something there?
The problem was compounded this morning (saturday). I came in today so I
would have the network essentially to myself. But, to my surprise,
everything was ok.
Cat, You're right. This server is no spring chicken. It is an IBM
Netfinity 3000. Its probably 3 or 4 years old (maybe more). I will think
about this as a hardware problem but I just wish the thing would die
altogether and get it over with. :o)
Thanks,
Brian -
I just configured my ASA so I can remote access via SSH but I can't seem to get it to work. I have my ASA (10.0.10.1) with my wireleess router (192.168.0.1) connected via the WAN port. I should be able to access the ASA from my laptop (192.168.0.105) correct?
Here is my current config:
ASA Version 8.0(3)6
hostname Firewall
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 10.0.10.1 255.255.255.240
interface Vlan2
nameif outside
security-level 0
ip address 24.234.XXX.XXX 255.255.XXX.XXX
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 8.8.4.4
pager lines 24
logging enable
logging asdm warnings
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp deny any outside
asdm image disk0:/asdm-603.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 24.234.118.193 1
route inside 192.168.0.0 255.255.255.0 10.0.1.10 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 192.168.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh 192.168.0.0 255.255.255.0 inside
ssh timeout 15
console timeout 0
dhcpd address 10.0.10.2-10.0.10.12 inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
ntp server 64.147.116.229 source outside prefer
username woodjl1650 password slFkVmxAtfauhVaf encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
message-length maximum client auto
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
service-policy global_policy global
prompt hostname context
Cryptochecksum:2f1bd939ffb4683ec5c0b4265bd32951
: endI think you missunderstood me
To me it seems you have the following setup
- - 10.0.10.0/24 - - 192.168.0.0/24
And you are telling on the ASA that the network 192.168.0.0/24 is located behind the IP address 10.0.10.1 which to my understanding would be the interface IP address of the Router towards the ASA.
Now what I mean with the NAT is that I think your router is possibly doing a Dynamic NAT or Dynamic PAT between network 192.168.0.0/24 and 10.0.10.0/24 and therefore the router would block the PING.
What makes me think the router is doing NAT is because the PING doesnt work AND the fact that almost every basic router will by default do NAT between its LAN and WAN interfaces.
But again, I dont know how the router is configured but I dont see any problem on the ASA preventing from PINGing the network behind the router
You can add "icmp permit any inside" if you want but not sure if it will help in this case.
- Jouni -
Setting VTY lines for SSH % Telnet only
Hello,
First off I apologize if this is the wrong section to post in or if there has already been a thread made for this particular problem however I've yet to find a solution that works.
I am configuring a 1841 router running IOS Version 12.4(15)T1
I am trying to set the vty lines to accept only telnet and ssh connections.
I am using these commands:
R1(config)# line vty 0 15
R1(config-line)# password ciscovtypass
R1(config-line)# login local
R1(config-line)#transport input telnet ssh
When I enter the "transport input telnet ssh" , I receive the error "Invalid input detected at '^' marker" and points to the word ssh. I can successfully use "transport input telnet" and "transport input ssh" by themselves, however when I try to set them both on the same line is when i get the error. And setting them both one after another overwrites the previous. Any help would be much appreciated, thanks.The suggestion from Leo would certainly allow both telnet and SSH. But it also allows some other protocols (they are not common in today's networking environment - but the original question was quite specific that they want to allow only 2 protocols and not all protocols). So let us look for answers that may help Michael.
My first thought was to wonder if SSH has been fully enabled and whether this might be a factor in the problem. Michael indicates that transport input ssh works ok and that seems to indicate that enabling SSH is not the issue. But I would still feel better if Michael would post the output of show ip ssh
I wonder if there is an order dependency in which one of the protocols must be entered first. I suggest trying this
line vty 0 15
transport input telnet ?
and
transport input ssh ?
and see if one of them indicates that the other protocol is an option.
HTH
Rick -
Local net ssh failure Tiger (PHP MYSQL Apache Dreamweaver)
I can't be sure, but I think this problem started with the latest security update. I'm 80% done with my first web application using PHP and Mysql in dreamweaver when I began getting an unknown error from dreamweaver when attempting to connect to my DB on my testing server. After 2 days of debugging and re-installing apps I finally wiped the testing server (G4 400 Cube memory topped out 120GB HD, down to the metal) reinstalled Tiger, fully patched, edited the httpd.conf file to enable php 4.4.1. Installed Mysql 4.1 (which was the last general distribution with a packaged install) and the server works fine, so I created myself as a user in mysql @localhost & @localmachinename to replicate root user. Navicat was up and running in no time, so I re-populated my server from my backup. Then I jumped over to my design workstation (G5 2Ghz Dual, 2GB Ram, 250GB HD) only to find navicat can't login to the mysql server because ssh wont connect to the G4. After much testing I discovered ALL of my macs will attach only to external addresses. My linux box, external linux boxes, even windows boxes emulating ssh will attach internally or extenally, the macs won't talk to anything in the local network 10.0.x What the ****! My project is now past due and I'm stuck because I can no longer ssh from any macs to internal machines mac or otherwise. PLEASE HELP!!! is there an SSH pakage so I can re-install? I couldn't find a mac ssh package on apple or ssh.org, Will that even make a difference? Can I uninstall the security update? Can anyone suggest a workaround?
My network
*10.0.1.2 Ganymede (Mandrivia 10 server and Gateway)
*10.0.1.6 Artemis (G5 10.4.7) Web/Video
*10.0.1.10 Miletus (G4 10.4.7) Web Testing
*10.0.1.5 Venus (G4 10.4.7) Photo editing
*10.0.1.4 Hero (G3 ibook 10.4.7) office work
*10.0.1.7 Hermes (iMac 10.4.7) iLife
*10.0.1.3 Apollo (Wintendo XP) Web Testing/The Sims
Here are several ssh logs.
mac to mac (FAIL)
Artemis:~ phil$ ssh -vv 10.0.1.10
OpenSSH_4.2p1, OpenSSL 0.9.7i 14 Oct 2005
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.0.1.10 [10.0.1.10] port 22.
debug1: Connection established.
debug1: identity file /Users/phil/.ssh/identity type -1
debug1: identity file /Users/phil/.ssh/id_rsa type -1
debug1: identity file /Users/phil/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.2
debug1: match: OpenSSH_4.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2
debug2: fd 3 setting O_NONBLOCK
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: An invalid name was supplied
A parameter was malformed
Validation error
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: An invalid name was supplied
A parameter was malformed
Validation error
debug1: SSH2MSGKEXINIT sent
debug1: SSH2MSGKEXINIT received
debug2: kexparsekexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-g roup1-sha1
debug2: kexparsekexinit: ssh-rsa,ssh-dss
debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
debug2: kexparsekexinit: none,[email protected],zlib
debug2: kexparsekexinit: none,[email protected],zlib
debug2: kexparsekexinit:
debug2: kexparsekexinit:
debug2: kexparsekexinit: firstkexfollows 0
debug2: kexparsekexinit: reserved 0
debug2: kexparsekexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-g roup1-sha1
debug2: kexparsekexinit: ssh-rsa,ssh-dss
debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
debug2: kexparsekexinit: none,[email protected]
debug2: kexparsekexinit: none,[email protected]
debug2: kexparsekexinit:
debug2: kexparsekexinit:
debug2: kexparsekexinit: firstkexfollows 0
debug2: kexparsekexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2MSG_KEX_DH_GEXREQUEST(1024<1024<8192) sent
debug1: expecting SSH2MSG_KEX_DH_GEXGROUP
Write failed: Broken pipe
Artemis:~ phil$
Mac to linux internal (FAIL)
Artemis:~ phil$ ssh -vv 10.0.1.2
OpenSSH_4.2p1, OpenSSL 0.9.7i 14 Oct 2005
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.0.1.2 [10.0.1.2] port 22.
debug1: Connection established.
debug1: identity file /Users/phil/.ssh/identity type -1
debug1: identity file /Users/phil/.ssh/id_rsa type -1
debug1: identity file /Users/phil/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2
debug2: fd 3 setting O_NONBLOCK
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: An invalid name was supplied
A parameter was malformed
Validation error
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: An invalid name was supplied
A parameter was malformed
Validation error
debug1: SSH2MSGKEXINIT sent
debug1: SSH2MSGKEXINIT received
debug2: kexparsekexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-g roup1-sha1
debug2: kexparsekexinit: ssh-rsa,ssh-dss
debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
debug2: kexparsekexinit: none,[email protected],zlib
debug2: kexparsekexinit: none,[email protected],zlib
debug2: kexparsekexinit:
debug2: kexparsekexinit:
debug2: kexparsekexinit: firstkexfollows 0
debug2: kexparsekexinit: reserved 0
debug2: kexparsekexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-g roup1-sha1
debug2: kexparsekexinit: ssh-rsa,ssh-dss
debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
debug2: kexparsekexinit: none,[email protected]
debug2: kexparsekexinit: none,[email protected]
debug2: kexparsekexinit:
debug2: kexparsekexinit:
debug2: kexparsekexinit: firstkexfollows 0
debug2: kexparsekexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2MSG_KEX_DH_GEXREQUEST(1024<1024<8192) sent
debug1: expecting SSH2MSG_KEX_DH_GEXGROUP
Write failed: Broken pipe
mac to linux external (Success)
Artemis:~ phil$ ssh -vv 69.253.x.x
OpenSSH_4.2p1, OpenSSL 0.9.7i 14 Oct 2005
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 69.253.x.x [69.253.x.x] port 22.
debug1: Connection established.
debug1: identity file /Users/phil/.ssh/identity type -1
debug1: identity file /Users/phil/.ssh/id_rsa type -1
debug1: identity file /Users/phil/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2
debug2: fd 3 setting O_NONBLOCK
debug1: Miscellaneous failure
No credentials cache found
debug1: Miscellaneous failure
No credentials cache found
debug1: SSH2MSGKEXINIT sent
debug1: SSH2MSGKEXINIT received
debug2: kexparsekexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-g roup1-sha1
debug2: kexparsekexinit: ssh-rsa,ssh-dss
debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
debug2: kexparsekexinit: none,[email protected],zlib
debug2: kexparsekexinit: none,[email protected],zlib
debug2: kexparsekexinit:
debug2: kexparsekexinit:
debug2: kexparsekexinit: firstkexfollows 0
debug2: kexparsekexinit: reserved 0
debug2: kexparsekexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-g roup1-sha1
debug2: kexparsekexinit: ssh-rsa,ssh-dss
debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
debug2: kexparsekexinit: none,[email protected]
debug2: kexparsekexinit: none,[email protected]
debug2: kexparsekexinit:
debug2: kexparsekexinit:
debug2: kexparsekexinit: firstkexfollows 0
debug2: kexparsekexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2MSG_KEX_DH_GEXREQUEST(1024<1024<8192) sent
debug1: expecting SSH2MSG_KEX_DH_GEXGROUP
debug2: dhgenkey: priv key bits set: 130/256
debug2: bits set: 514/1024
debug1: SSH2MSG_KEX_DH_GEXINIT sent
debug1: expecting SSH2MSG_KEX_DH_GEXREPLY
debug1: Host '69.253.239.85' is known and matches the RSA host key.
debug1: Found key in /Users/phil/.ssh/known_hosts:3
debug2: bits set: 516/1024
debug1: sshrsaverify: signature correct
debug2: kexderivekeys
debug2: set_newkeys: mode 1
debug1: SSH2MSGNEWKEYS sent
debug1: expecting SSH2MSGNEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2MSGNEWKEYS received
debug1: SSH2MSG_SERVICEREQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2MSG_SERVICEACCEPT received
debug2: key: /Users/phil/.ssh/identity (0x0)
debug2: key: /Users/phil/.ssh/id_rsa (0x0)
debug2: key: /Users/phil/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/phil/.ssh/identity
debug1: Trying private key: /Users/phil/.ssh/id_rsa
debug1: Trying private key: /Users/phil/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
[email protected]'s password:
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: clientsession2setup: id 0
debug2: channel 0: request pty-req confirm 0
debug2: channel 0: request shell confirm 0
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072
Last login: Tue Aug 15 12:56:42 2006 from artemis.ganymedia.net
[phil@ganymede ~]$
G5 Dual 2G Mac OS X (10.4.7)Mac comes with a fully functioning Apache web server with all the scripting languages (except VB). You need to enable them in the configuration file.
You need some light weight UNIX administration skills to do this. Use the system restore disk to set the password for the root account.
Open a terminal screen from the Utilities folder in Applications. Type "su", press return, then enter the root password you set using the system restore disk.
Make a backup copy of the Apache configuration file with the following command (type this in with no mistakes and press the return key).
cp /etc/httpd/httpd.conf /etc/httpd/httpd.conf.copy
Enter the following to open the Apache configuration (type this in with no mistakes and hit the return key).
/Applications/TextEdit.app/Contents/MacOS/TextEdit /etc/httpd/httpd.conf &
Locate and remove the # comment symbol from the following lines and save the file in /etc/httpd/httpd.conf.
#LoadModule php4_module libexec/httpd/libphp4.so
#AddModule mod_php4.c
Exit the TextEdit application and quit out of the terminal application.
Put the following web page into a file named greetings.php inside the folder Library/WebServer/Documents.
<html>
<head>
<title>Experiment</title>
</head>
<?php
echo "Greetings";
?>
</body>
</html>
Once you have made these changes, you can reboot to activate the changes.
Put the following into your browser to test the configuration.
http://localhost/greetings.php
You should see "Greetings" on a web page titled "Experiment".
MySQL is a separate server that you need to download and configure to complete your web server.
I hope this helps.
Best regards - Greg -
Setting the local/source port in SIP responses
Oracle/Weblogic SIP server picks up 'random' local or source port when sending SIP responses. This is a problem for
one of our load balancer. Can we make it use '5060' or some 'constant' port number instead of 'random' behavior ?
Any help would be appreciated.
Thanks,
Krishna VYes..
SIP Server network channels provide a SourcePorts attribute that you can use to configure one or more static ports that a server uses for originating UDP packets.
Snippet from config.xml
<network-access-point>
<name>sip</name>
<protocol>sip</protocol>
<listen-port>5060</listen-port>
<public-port>5060</public-port>
<custom-properties>SourcePorts=5060</custom-properties>
</network-access-point> -
Hi ,
I installed OEL4.6 (32 bit) on two servers with all the important packages to install the Oracle 10g. I configured the Host1 as 192.168.1.101 and Host2 as 192.168.1.102. I have configure the NICs and can verify with 'ifconfig'. I have entries for both servers in the /etc/hosts file. I can ping the Host1 from Host2 and vice-versa.
I checked and started the sshd with 'service sshd start' with status OK. While installing the OS I did not opt for firewall. I am not able to login to any of the server using ssh. Neither from Host1 to Host2 nor from Putty (SSH Client). Ping is only working.
Please help me to resolve the issue.
Thanks
NaveedHi Guys,
I checked and ssh port is open. I started the vnc on this server but it is not working from vnc client. For local console of Host1 I am able to login from Host1 by it self through ssh. But not from Putty or any other ssh client. From the same Putty I am able to login to other server in same subnet.
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
740/tcp open netcp
1521/tcp open oracle
4444/tcp open krb524
5801/tcp open vnc-http-1
5901/tcp open vnc-1
and I also did service iptables status.
[root@host1 oracle]# service iptables status
Firewall is stopped.
[root@host1 oracle]# service iptables stop
[root@hsot1 oracle]# service iptables start
[root@host1 oracle]# service iptables status
Firewall is stopped.
__Naveed -
[Feature Request] Wap321 SSH/Telnet Support
Dear Cisco Developers,
we are facing a problem with your design choice of not to support Telnet/SSH on the Wap321. We bought this Product because it was one of the only Access Points with SSH and Telnet Support.
We need the SSH Support for a script that changes the WPA-psk key of the interface wlan0 on more then 20AP's every Week. Everything was good until we got hold of a new charge which came with firmware version 1.0.1.10.
Changelog:
"Due to security concerns, Telnet and SSH access options are removed in firmware version 1.0.1.10."
So I talked with the German Cisco Small Business Support and he said he will investigate and try to get it to the Second Support tier. Well it never came to that, he called us two days later and said that is was a BUG to Support SSH and Telnet on the WAP321 and it was never designed to be a Feature.
So i guess we have following options:
1.Bring back the SSH Support for the Wap321 in the next Firmware update
2.Provide Firmware version 1.0.0.3
3.Give me a Workaround for my task
So any help would be appreciated and i hope we are not the only ones that would like to see a comeback of this feature.
In hope for comments
Best wish
Fabian Schwarz
(PTA-Support)
PS: Support Ticket was
624972937No Sir I do not.
According to the response from L2:
SSH is only enabled for customer to use it on switches.
Developers normally do not allow SSH (enable or protect with password) for end
user on any Wireless device. Management is done by web interface.
In this particular case SSH was enabled only due to some bugs which were
monitored during first release so it is not meant to be for end user.
Because of particular security risks, SSH is for troubleshooting by developers.
Currently there is no chance that they would issue any official firmware for this as
well as there is a little chance they would create special firmware for just a few
customers.
I am sorry for any inconvenience that this has caused.
Eric Moyers
If you like you can roll the mouse over my picture and get my actual email address and contact me directly. -
Remote DBX with local source in dbxtool / sol studio
Hi,
I'm trying to debug a process on a remote host (prod machine, say) from a machine containing the source/objects (dev machine). When the dbx stops at a breakpoint and tried to load the source, however, it seems to be the remote dbx which tries to open the files, which are only located (for security reasons) on the dev host. Is it possible to make dbxtool open the files from the local host (ie the one the GUI is running on)? (Solaris 10 running on dev and prod).
I've also tried solaris studio, which does show the disassembled code but doesn't link to the src in the project.
Any idea if this is possible?
Thanks,
Ken.The protocol between dbx and dbxtool/IDE is binary.
A textual protocol, like gdb's MI, usurps the actual user cmdline channel
which is why with gdb you get either a gdb cmdline or GUI interaction
and the cmdline interaction (i.e. history, completion) suffers.
Debugging code compiled with Sun/Oracle compilers with gdb won't
work very well.
If you have a support contract you could ask for an enhancement fix
where dbx doesn't switch to assembly mode if it doesn't find the actual source file,
but I dunno what other things might not work. I do know things work in the other
direction. That is, if you open a source file in dbxtool on the dev machine
and place a breakpoint it will take. Note that the required fix would be
in dbx not the GUI's
One, admittedly horrid, hack that comes to mind is to fool dbx on the prod machine
with empty source files so it thinks they are there and doesn't switch to assembly
mode. -
Does Firefox 4 not allow you to append script tags with external/local sources?
Hello,
I am trying to use JSONP to append a <script> tag with an external source (and local)... The page I am trying to append is a valid JSON file, and the script worked fine in Firefox 3, and still works fine in Safari 5 and Internet Explorer 8... So it leads me to believe that Firefox 4 has closed the security hole that allowed me to do this.
The code I am using is:
$.jsonp({
url: "http://localhost/All.json",
callback: "callback",
success: function(data) {
alert("Success");
complete: function(xOptions, textStatus) {
alert("Complete");
error: function(xOptions, textStatus) {
// This will be called in case of error no matter the callback name
});When debugging with Firebug it says this inbetween the <script> and </script> tags:
Failed to load source for: http://localhost/All.json?_1300977243502=
Maybe you are looking for
-
Passing View accessor parameter using a bean.
Hi i am working on LOV's I am passing parameter value as mentioned by this article Decompiling ADF Binaries: Initializing the bind variables used for an LOV query I tried this.. when i am testing using application module tester, it is working fine...
-
Any way to print an email without the header/contact image?
Friend of mine doesn't have a printer and he sent me an important email to print out for him. However it prints the [Address Book] contact image as well - not only does this waste ink, but I don't want the goofy contact image I have of him printed on
-
I'm a new iPad owner and would like to set the default view for myself to show only Apps for the iPad when I launch the the App Store app. Showing apps for iPhone seems a waste of real estate for me and time spent searching for a particular app since
-
AMule known.met.new No such file or directory
Today I've seen that Kad doesn't have nodes and this message: 2012-02-06 20:33:07: Connected to Kad (ok) 2012-02-06 20:33:35: Error: Impossible to get permissions for file '/home/user/.aMule/known.met.new' (error 2: No such file or directory) Efectiv
-
Lighting: Daylight or Cool White CFL? 5000K or 6507K iMac White Point?
Hi. When using the iMac (late 2009) in a small room. I can't find any 5000K bulb just the regular CFLs. Is it more ergonomic to use the daylight or the cool white CFL (bluish white vs. brownish or yellowish white) overhead light (room's volume is 29s