Remote command execution via ssh on ips sensor...

Similar Messages

• Remote File Sharing via SSH-How to Set This Up the Easy Way

  So, I have been trying to gain access to my office iMac from my MacbookPro at home via the "interwebs" but keep getting the same issue...can not connect. I have read umpteen forums and threads. All give similar advice or are too technical to follow. I thought we made it work yesterday by installing Macfusion. That works just fine if the Mac is on. It will not wake a sleeping Mac. Here is my settup.
  Home (MBP running 10.6)
  Network (Timecapsule)
  Office (27in iMac running 10.6).
  I do have a static IP for the router.
  Here is what I want to do. Access my "sleeping" iMac from a different network via Connect Server for File Sharing. I have all the appropriate file sharing buttons checked. I can access TC using the static IP but that's as far as it goes.
  Is there a simple "Mac way" of doing this?
  Sincerely,
  Jim.
  Ps. I am happy to invest in a trusted third-party software that will "ping" the network to wake my Mac unlike Macfusion which connects only to a running Mac.

  Also check in System Preferences -> Energy Saver -> Wake for network access is ticked

• PHP-Remote Code Execution

  Hi Experts,
  My IPS has been reporting "PHP-Remote Code Execution" attack on one of our webserver for a while now. Each time the attackers IP address keeps changing. I created an object-group and access-list to deny the object-group on my firewall and i keep adding the attacker's IPs to the group, however i keep recieving new "PHP-Remote Code Execution" attacks. My IPS is in promiscous mode and i have auto signature update enabled.
  IPS has reported "packet denied by global correlation in some case. Like i said, IPS is in promiscous mode. Signature: 2271/0 and CVE-2012-1823
  Apart from making sure the webservers have the right security patches, What else should i be doing?. Do not want to miss anything out?

  cactus wrote:mhakali. I applaud your attention to security.
  However, it is generally not well received to post the same thing in multiple categories..
  Yes. Please do not cross-post: http://bbs.archlinux.org/viewtopic.php?p=205922
  Use the above  thread for discussion.
  Locking.

• Cannot start NodeManager Remotly (Via SSH Commands)

  Hi all,
  we are going to start the node manager of one of the cluster servers via SSH command.
  But it is not starting. We can start it directly by log in to that server and run startNodemanager.sh script.
  What is the issue?
  Thanks,
  Nir

  Hi are you able to start Node manager using following WLST Command :
  startNodeManager(verbos='true',NodeManagerHome='$WL_HOME/common/nodemanager',ListenPort='<PortNo>',ListenAddress='<HostName')
  And also can check NodeManager Log files for errors .
  Regards
  Edited by: TheKop88 on Jun 5, 2013 6:13 PM

• Exec command via SSH in existing X-Session

  Hello,
  i want to start the media player app via SSH in an existing X-Session (real display) on the ssh target (ssh user = x-session user, all same machine). I do not mean X-forwarding! After the app is started, i want to disconnect the ssh connection and all should be still running. Any ideas?
  Greetings,
  Sebastian

  The difference:
  #remote display
  ssh user@host DISPLAY=:0 some_command
  # although you might assume it get's passed through ssh, it does not and is displayed on the remote machine
  ssh -X user@host DISPLAY=:0 some_command
  # local display
  DISPLAY=:0 ssh -X user@host some_command
  Also have a look at the man pages of disown and nohup to learn how to remove the program from your running shell, so you can close the ssh connection.
  By the way: export only means, that the variable is exported to the shell. If I run "export TERMINAL=xterm", then until I close the shell, I can for example "echo $TERMINAL" to read "xterm". The shell is always on the host you are connected to. I assume there is a way to bind a remote X server to a DISPLAY (say :100), so you could DISPLAY=:100 to automatically show it on the remote host (or your local host, depending on what machine you sit in front of). I only assume because there is always a way, but I have never tested it or really thought about it.

• Remote login via ssh and public keys

  I'm not exactly a UNIX expert, but I need to be able to remote login to my PowerBook. The problem with enabling ssh is that as soon as I'm on campus, all kinds of nefarious hosts try brute force attempts to crack my password. I've heard that public/private key logins are the answer, and I've managed to get the public key in the right place on my PowerBook (the private key resides on my iPhone, from which I'll be logging in). But I have two questions:
  1) How do I disable logins via user/password?
  2) When I use my private key, I'm asked to enter the password for the key -- ssh isn't properly storing that password. I've checked permissions, but how can I get ssh to store that password, as it should?

  1) In Sharing > Remote Login, do I still need an account listed to be able to use ssh logins with a public key? I ask because currently (i.e. password authentication enabled), when no accounts are listed, login via public key doesn't work. In other words, an account has to be listed for public key logins to work.
  Yes you still need an account name to login to that computer. However you don't need to specify an account in the sharing preferences. You can lock down the security further by limiting which user accounts can login via ssh.
  by default if you don't specify a username when you login it will use the username of the device your logging in from. So to use an alternative login name you would use
  ssh [email protected]
  whereas john can be anyname or your choosing.
  Put another way: if turn off password authentication for ssh in sshd_config, how should Sharing > Remote Login be configured?
  If you turn off password authentication you still need to allow your user account to login via ssh in the sharing preferences or you can allow all.
  2) According to that MacOS X Hints article:
  "Leopard has now a built-in support for SSH authentication with public keys.
  OSX has been able to use ssh public key authentication since day 1 of the beta release of osx. It is not new to leopared it has been around for years.
  Just open Terminal and ssh to your public-key-enabled server. A Keychain window appears, proposing you to enter the pass phrase, and then remembering it in your keychain. "
  I have not used this functionality as I don't use any passwords for ssh logins.
  They're talking about the password associated with the key. But on second thought, that password is being saved on the client, not the server, right?
  I am sure this is the case.

• Is it possible to run a remote app via ssh?

  If I ssh from my Macbook Pro to my iMac, I can run the xclock command like this:
  ssh -X imac
  /usr/X11/bin/xclock
  Is it possible to do something similar with a .app application?  If I ssh in and use the "open" command to open the calculator, it opens on the Mac, but I can't see it from my Macbook:
  open -a Calculator.app

  The closest thing to that is Screen Sharing.

• How to enable fast user switching remotely via SSH?

  There is a Mac which at the moment doesn't allow fast user switching. I have admin account on this Mac. Currently, another user is logged in, so I can access the Mac only via SSH. I don't want to destroy the session of that user otherwise the user can loose important data.
  Can I enable fast user switching by accessing the Mac via SSH?

  Try this:
  defaults write /Library/Preferences/.GlobalPreferences MultipleSessionEnabled -bool YES

• How to logout remote server via SSH

  I have a server running flux, I just want to log it out (it auto-logs back in, no GDM screen). How do I do this if I'm connected to it via SSH? Again, I want to log out the server as though I would do ctrl+alt+backspace locally, but through SSH.
  TIA

  I just realised how you start your session by auto login, so my above answer was pretty useless. The way I manage my server with an occasional gui session is to just use gdm and start/stop the daemon as needed via ssh then switch to a vnc  or xdmcp session.

• Using launchctl via SSH

  Hello everyone. Here's my situation:
  I'm running Leopard Server 10.5.8.
  Recently I made a plist file to put in my users's ~/Library/LaunchAgents folder. It runs an applescript at regular intervals throughout the day. Occasionally I need to stop and relaunch it, which I do using launchctl load ~/Library/LaunchAgents/nameofplist. (or unload, respectively.) This works fine when I'm logged in to the computer using my user's account, which is an admin account. BUT I want to do it via SSH instead. My user's account does not have access to SSH (for a good reason), so I use a special network user account for that. I SSH login remotely via Terminal, and then I type login username using my username and password. Then when I try the launchctl load command, I get this error:
  launch_msg(): Socket is not connected
  Does anyone know how I can get launchctl to work over SSH?

  LittleSaint wrote:
  Why would applescript be the problem? As long as it was compiled as a script and not an application, it should work just fine from a shell.
  Not all shells are equal. An ssh-only connection does not have access to the Aqua user interface.
  In Snow Leopard, the behavior seems to be different than before. It tries harder to find an Aqua session to run against. Before, I could just ssh from the Terminal and verify that my command line applications would or would not work. Now, even if I ssh from another account, if my original account is still logged in, I can still launch applications. I have to logout of my original account, login to a new account, ssh back to the original account and then try
  [jdaniel@pele:506] ~/Desktop $ osascript testit.scpt
  testit.scpt: execution error: An error of type -10810 has occurred. (-10810)
  in order to get the desired failure.
  Also, you have to actually access something in Aqua before it fails. The above error just comes from activating Address Book. If I take that out and just do 'set thename to "Hello"' it works fine. Of course, I don't know what you can do in AppleScript without telling some Aqua application to do it.

• Bug between JRockit and X11 forwarding via ssh

  I have encountered what appears to be a bug in the interaction of JRockit with X11 ssh forwarding.
  When running any Java GUI application on a remote machine using X11 forwarding via ssh, a variety of problems occur. For example:
  --- cut here ---
  % mitrion-ide
  The program '' received an X Window System error.
  This probably reflects a bug in the program.
  The error was 'BadAtom (invalid Atom parameter)'.
    (Details: serial 189 error_code 5 request_code 20 minor_code 0)
    (Note to programmers: normally, X errors are reported asynchronously;
     that is, you will receive the error a while after causing it.
     To debug your program, run it with the --sync command line
     option to change this behavior. You can then get a meaningful
     backtrace from your debugger if you break on the gdk_x_error() function.)
  --- cut here ---That's the good case. When running the rmmlite application (available at https://rmml.dev.java.net/servlets/ProjectDocumentList?folderID=437&expandFolder=437&folderID=438 ), I experience what appears to be a near-lockup of my local workstation.
  Neither of these problems occur if I set my DISPLAY to not use ssh X11 forwarding. Likewise, non-Java applications work just fine with ssh X11 forwarding. Therefore the problem seems to be limited to the Java + ssh X11 forwarding combination.
  I have a suitable workaround (i.e. setting the DISPLAY variable to avoid ssh X11 forwarding), but I thought this was worth bringing to BEA's attention. I'd also be curious to know if others have run into similar difficulties.
  Here are the configuration details:
  Remote X11 client (where applications are hosted)
  =================================================
  % java -version
  java version "1.4.2_12"
  Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_12-b03)
  BEA JRockit(R) (build R27.1.0-109-73164-1.4.2_12-20061129-1418-linux-ia32, compiled mode)
  % uname -a
  Linux earthling 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:54:53 EST 2006 i686 athlon i386 GNU/Linux
  % rpm -qa | grep openssh-server
  openssh-server-3.9p1-8.RHEL4.12
  This is a vanilla RedHat Linux RHEL 4 Update 3 system, with all other versions of Java removed.
  Local workstation (i.e. X11 server)
  ===================================
  % uname -a
  FreeBSD somewhere.sgi.com 6.2-RELEASE FreeBSD 6.2-RELEASE #5: Mon Jan 15 08:41:01 CST 2007 [email protected]:/usr/obj/usr/src/sys/somewhere i386
  % ssh -v
  OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004
  % pkg_info -Ix xorg-server
  xorg-server-6.9.0_3 X.Org X server and related programs
  Thank you,
  Brent Casavant

  Brent,
  it would be nice to know if this problem is specific to the JRockit JDK or
  if you also can reproduce it using the corresponding Sun JDK 1.4.2. Please
  do also try with a later version such as latest JRockit JDK 5.0.
  Thanks
  /Robert
  <Brent Casavant> wrote in message news:[email protected]...
  I have encountered what appears to be a bug in the interaction of JRockit
  with X11 ssh forwarding.
  When running any Java GUI application on a remote machine using X11
  forwarding via ssh, a variety of problems occur. For example:
  --- cut here ---
  % mitrion-ide
  The program '' received an X Window System error.
  This probably reflects a bug in the program.
  The error was 'BadAtom (invalid Atom parameter)'.
    (Details: serial 189 error_code 5 request_code 20 minor_code 0)
    (Note to programmers: normally, X errors are reported asynchronously;
     that is, you will receive the error a while after causing it.
     To debug your program, run it with the --sync command line
     option to change this behavior. You can then get a meaningful
     backtrace from your debugger if you break on the gdk_x_error() function.)
  --- cut here ---That's the good case. When running the rmmlite application (available at
  https://rmml.dev.java.net/servlets/ProjectDocumentList?folderID=437&expandFolder=437&folderID=438 )
  , I experience what appears to be a near-lockup of my local workstation.
  Neither of these problems occur if I set my DISPLAY to not use ssh X11
  forwarding. Likewise, non-Java applications work just fine with ssh X11
  forwarding. Therefore the problem seems to be limited to the Java + ssh X11
  forwarding combination.
  I have a suitable workaround (i.e. setting the DISPLAY variable to avoid ssh
  X11 forwarding), but I thought this was worth bringing to BEA's attention.
  I'd also be curious to know if others have run into similar difficulties.
  Here are the configuration details:
  Remote X11 client (where applications are hosted)
  =================================================
  % java -version
  java version "1.4.2_12"
  Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_12-b03)
  BEA JRockit(R) (build R27.1.0-109-73164-1.4.2_12-20061129-1418-linux-ia32,
  compiled mode)
  % uname -a
  Linux earthling 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:54:53 EST 2006 i686
  athlon i386 GNU/Linux
  % rpm -qa | grep openssh-server
  openssh-server-3.9p1-8.RHEL4.12
  This is a vanilla RedHat Linux RHEL 4 Update 3 system, with all other
  versions of Java removed.
  Local workstation (i.e. X11 server)
  ===================================
  % uname -a
  FreeBSD somewhere.sgi.com 6.2-RELEASE FreeBSD 6.2-RELEASE #5: Mon Jan 15
  08:41:01 CST 2007
  [email protected]:/usr/obj/usr/src/sys/somewhere i386
  % ssh -v
  OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004
  % pkg_info -Ix xorg-server
  xorg-server-6.9.0_3 X.Org X server and related programs
  Thank you,
  Brent Casavant

• Remove a proxy setting via ssh or ARD?

  Is it possible to delete a proxy config from the command line? I have looked at scutil, networksetup, ifconfig, ipconfig, systemsetup and scselet command, some of which will SHOW me a proxy config which is helpful, but I need to remove the proxy settings altogether.
  Im going to be removing our proxy server this year (no more proxy), and will need to remove all proxy settings from all my Mac systems. Id like to script it somehow, or at least be able to do it remotely via ssh or ARD.

  I dont think it works in Leopard. For example, when I type the related command:
  "sudo networksetup -getwebproxy Ethernet"
  I get the following answer:
  Enabled: No
  Server:
  Port: 0
  Authenticated Proxy Enabled: 0
  (even though the proxy is configured and working and can be tested. Thus, networksetup doesnt have a clue about the proxy server configs in the Network system prefs pane.)
  The "scutil --proxy" command does show me my current proxy configurations (similar to what the Network pres pane shows), but the command doesnt allow me to disable or delete them. Example:
  <dictionary> {
  ExceptionsList : <array> {
  0 : *.local
  1 : 169.254/16
  ProxyAutoConfigURLString : http://wpad/proxy.pac
  FTPPassive : 1
  ProxyAutoConfigEnable : 1
  HTTPEnable : 0
  (I get the same response regardless if I type
  "networksetup -setwebproxystate "Ethernet" off"
  or
  "networksetup -setwebproxystate "Ethernet" on"

• Remote photoshop scripting over SSH

  I'm trying to get AppleScript scripts to execute on a remote rendering server over SSH (using the osascript command line utility). However, whenever I try to do most anything, I get various Photoshop and/or AppleScript errors that I never get when trying to run the exact same scripts locally. Ultimately, I'm trying to execute a JavaScript file passing JSON arguments from Applescript, called over SSH. Please forgive the verbosity introduced by the simple initial example.
  Server: OS X 10.8.5
  Photoshop: CC 2014
  I see the same type of errors whether I SSH into a server and do the following manually in a shell after logging in, or feed a command to SSH to execute directly (e.g., ssh user@host 'osascript /path/to/script.scpt'). Starting from a basic example, I tried running the following AppleScript snippet. I tried entering it into osascript by hand via stdin, as well as writing it out to a file and calling it remotely. Both resulted in no new file being created, but a success message.
  tell application "Adobe Photoshop CC 2014"
       make new document
  end tell
  No matter how I try to run this remotely, I get the response "document Untitled" from osascript, and Photoshop pops up an error dialog: "Could not complete your request because of a program error."
  More specific to what I'm trying to do, I've got the following code:
  tell application "Adobe Photoshop CC 2014"
       with timeout of 30 seconds
            do javascript("/path/to/local/file.js") with arguments ({"{\"json\": \"document\", ...}"})
       end timeout
  end tell
  When I try to run this locally, I never have a problem. But when I run it over ssh (again, either from the command line or by passing the command directly to ssh), I always get the following:
  script error: Expected end of line but found identifier. (-2741)
  In addition to osascript stopping with that error, Photoshop also pops up the same error dialog: "Could not complete your request because of a program error."
  Anyone have any suggestions or thoughts with regard to how I can get all this working?
  Thanks,
  Brian

  I was able to work around this constraint using a daemon on the local host. However, it would be nice if I could do away with this bit of server code....
  Thanks,
  Brian

• Neighbors Mac mini (10.3.9) was exploited via SSH

  My neighbor called me a couple of weeks ago to say she couldn't log in to her mini. It wouldn't accept her password. I fixed it but last weekend the same thing happened again. I fixed it but decided to look around. I found a couple of perl files in her home folder, a few tgz files, and some software for running a shoutcast server. I knew right away someone had gained access to her machine. All because when I set her mini up, I turned Remote connectivity via SSH on. I checked her bash history file and found that someone had downloaded those files using the curl command from some Romanian sites. The files were definitely cracker related, although I don't remember exactly what the names were. I think one of them was spoofer or something like that.
  I'm going to send an email to Apple on this in hopes that they add a security patch to 10.3.9.
  I have since reinstalled OS X and NOT turned on Remote Connectivity.

  Hi Dale,
     Are you saying that you think that Apple enables the finger daemon by default? I don't believe that to be the case. On Tiger, the /System/Library/LaunchDaemons/finger.plist file that ships with the system contains the following line:
  <key>Disabled</key>
  On Panther, the /etc/xinetd.d/finger file that ships with Panther contains the line:
  disable = yes
  Thus, on both systems, the fingerd daemon doesn't respond to finger requests from external systems. I tested that and the only thing that finger returns is the name of the remote system in square brackets.
     Also, the script kiddy attack to which I referred is nowhere near that sophisticated. I haven't actually read the script but the list of users it tries appears to always be the same. I agree with you that it might be possible to gain knowledge about the usernames on many systems, especially those running fingerd. However, excepting for finger and maybe LDAP, the methods for doing that would likely be different for different systems. This script goes for quantity instead of quality so it doesn't spend enough time on any one system to do any probing.
     As Michael says, Mac OS X ships with all services turned off, including fingerd. I don't think that Apple's firewall tool is of any use because it's "all-or-nothing". Opening a port to the world or blocking it is no different from turn the corresponding service on or off. However, I've never seen a GUI tool that did much better so I don't see that as a ding against Apple.
     I've read too many of your extremely knowledgeable posts to think that you rant arbitrarily. Of course people with such excellent reputations are allotted 5 random rants per calendar year here so you're allowed. If you post the details about the problems you're having, perhaps we could help. You should be able to solve almost any issues about services with a solid firewall.
  Gary
  ~~~~
     Am I ranting? I hope so. My ranting gets raves.

• Warning: Neighbors Mac mini (10.3.9) was exploited via SSH

  My neighbor called me a couple of weeks ago to say she couldn't log in to her mini. It wouldn't accept her password. I fixed it but last weekend the same thing happened again. I fixed it but decided to look around. I found a couple of perl files in her home folder, a few tgz files, and some software for running a shoutcast server. I knew right away someone had gained access to her machine. All because when I set her mini up, I turned Remote connectivity via SSH on. I checked her bash history file and found that someone had downloaded those files using the curl command from some Romanian sites. The files were definitely cracker related, although I don't remember exactly what the names were. I think one of them was spoofer or something like that.
  I'm going to send an email to Apple on this in hopes that they add a security patch to 10.3.9.
  I have since reinstalled OS X and NOT turned on Remote Connectivity.

  how strong of a password she used, etc.
  More than likely she did something to compromise the
  system.
  FWIW, in another posting, he mentioned that the password was the same as the username, and that it wasn't very strong...
  charlie