Secured server with SSH and VPN?

Similar Messages

• Problem with ssh and bash-completion

  I and a co-worker are having a weird problem with ssh and bash-completion. We have a local config in .ssh/config with hosts we connect everyday. An example:
  host foo
  hostname foo.org
  user foobar
  host foobar
  hostname foobar.org
  user foobar
  When we try to type
  ssh foo<tab><tab>b<tab>
  the console just freeze and we can't type anything, everything we type is ignored, but after about 30 seconds the host is completed.
  This works a some time ago, so some upgrade make this happen. Anyone can reproduce this?

  quigybo wrote:
  Actually thinking about it, rather than using the semi-dodgy fix posted on the bug tracker, we can just test if the daemon is running since we are not on MacOS X. It is cleaner and 250 ms quicker.
  --- bash_completion.orig 2010-09-14 05:33:22.000000000 +0930
  +++ bash_completion 2010-09-14 05:45:04.000000000 +0930
  @@ -1316,10 +1316,12 @@
  # contains ";", it may mistify the result. But on Gentoo (at least),
  # -k isn't available (even if mentioned in the manpage), so...
  if type avahi-browse >&/dev/null; then
  - COMPREPLY=( "${COMPREPLY[@]}" $( \
  - compgen -P "$prefix$user" -S "$suffix" -W \
  - "$( avahi-browse -cpr _workstation._tcp 2>/dev/null | \
  - awk -F';' '/^=/ { print $7 }' | sort -u )" -- "$cur" ) )
  + if [ -n "$(pidof avahi-daemon)" ]; then
  + COMPREPLY=( "${COMPREPLY[@]}" $( \
  + compgen -P "$prefix$user" -S "$suffix" -W \
  + "$( avahi-browse -cpr _workstation._tcp 2>/dev/null | \
  + awk -F';' '/^=/ { print $7 }' | sort -u )" -- "$cur" ) )
  + fi
  fi
  # Add results of normal hostname completion, unless
  This is the same test as was used in bash-completion 1.1.
  Thanks  quigybo, I use your patch, the issue is gone
  Why does so many packages depends on Avahi? Maybe make it optdepends is
  enough?
  my laptop $ pacman -Qi avahi
  Required By : gnome-disk-utility gnome-vfs libcups mpd sane

• One server with DAM and more CQ instances

  Hi all,
  do you know if is possible to have one server with DAM and 3 server (Author/Publish) with CQ5 (CRX)? Is possible connect these three servers to one DAM? We have CQ5.5... Thank you for information.

  First, I assume you are calling it a "server" but you really mean two separate servers for each of 1 - 4 (one author instance, and one publish instance).  Is that correct?
  For #3, you called it a "testing" server.  What are you testing?  Code?  If so, you'll want to have a testing instance that matches each instance you have.  Your "website" instances should have a testing server that matches the production environment.  The "intranet" and "other apps" ones should as well.  You wouldn't want to test all of those things on one instance, then separate them out in production.  A production environment that does not match the testing environment is a recipe for disaster.  I also wouldn't try to "migrate" content (DAM assets included) like you do code.  Preload test environments with test content that closely mirror production, but you don't necessarilly need to be exact.  This is especially true of heavy DAM assets.  Just load a subset of videos/images/etc. on testing environments.  It's not necessary to sync this with production.
  Since #1 and #4 are both in the DMZ, I would use the same instance for both of these scenarios.  Do you have a compelling reason to completely separate them?  If you combine them, they share a DAM and the problem is solved.
  For #2, how are you planning to integrate a non-DMZ instance with the others in the DMZ?  This strikes me as a problem.

• Kindly Is the Linksys E4200 Dual Band Router compatible with DHCP and VPN ?

  Kindly 
  Is the Linksys E4200 Dual Band Router compatible with DHCP and VPN?
  Thanks,

  Linksys/Cisco E4200 are compatible with DHCP. Second, these Wireless-N routers are only capable of enabling the VPN traffic to pass through the device.  You will need a VPN router and software to create the actual network to connect with your VPN client.

• OS X 10.4/5 Server with PC and Mac Clients - Advice Appreciated

  I have inherited a OS X 10.4 server and a user base of about 15 fulltime PC users, 10 fulltime Mac users, 10 printers.
  This thread will likely contain a LOT of questions as time goes on.
  1. Should I set the PCs to Workgroup or Domain? As I have so many users I would prefer a domain setup but am not sure how that works with the OSX server.
  2. Is it worth it to upgrade to 10.5? As the processor is a G5 I cannot go to Snow Leopard.
  Thanks!

  1: Domain definitely. Run Open Directory. Keep in mind you WILL NOT be able to support and run Group Policy extensions for the Windows Machines. I highly suggest you run Parallels or VMWare (if this is on a Mac Pro or XServe Intel machine) and run Windows Server 2008 or Small Business Server 2008 to manage the Windows Machines.
  If you do not have a Mac Pro or XServe, or cannot afford to upgrade to a Mac Pro, then I would build a server class PC to run Windows Server or Small Business Server 2008. You can then lock down your Windows machines, run Exchange for collaboration (including push e-mail to iPhones, Windows Mobile and Blackberry devices), provide group policy and run WSUS to update your windows machines automatically.
  Trying to patch the windows machines will be a royal pain in the butt without using Windows Software Update Services (part of Windows Server). You will also want an enterprise grade security solution that runs off of Windows Server, such as Trend Micro's Worry Free Business Security 6.1, to content filter, provide anti-virus and anti-malware security and spam filtering. You can use a web based console to check on virus scans, provide security lockdowns etc. There is NO enterprise grade security system that runs the web console off of Mac OS X Server at this time. There are plenty of clients (Trend Micro, Internet Security Barrier, Sophus etc), but no way to control the anti-virus clients on the Windows machines from the Mac server.
  You can use your current mail, or if you go with Small Business Server you can run Exchange which is way more capable that the very limited mail capability in OSX Server 10.411. I ran 10.4 server until two months ago at my work, where we upgraded to 10.6.
  Group Policy, which is similar to Workgroup Manager Server Preferences, will allow you to lock down and secure your windows machines. You can lock the screen, send software updates, provide firewall preferences etc. This requires Windows Server.
  10.5 is totally worth the upgrade. It adds RADIUS support (you can secure and lock down your VPN connections with XAUTH and your wifi access points to require a username and password, rather than just a password), it provides MUCH improved Software Update Services (10.4 Software Update Server is severely limited; it also cannot upgrade 10.5 or 10.6 clients. 10.5 SUS can update 10.4, 10.5 and 10.6 clients).
  If you upgrade to OSX Server 10.5 you want to do a full bootable backup of the boot drive to an external Firewire drive. You can use CarbonCopyCloner or SuperDuper! to accomplish this. You can then attempt an upgrade, and if it screws up you can then restore the machine and plan to do a clean install and migrate your settings from the 10.4 install.

• How to access web server with SSH client

  I need to access my web server via SSH. I do not have clue how to go about. I have transmit for ftp but looks like I cannot use SSH with Tranmit.
  I guess I need to know:
  - What ssh client to I need to get?
  - If not detailed instruction provided How do I go about? I know I need the port # and my ip address and I have both of those but not sure what else I am to do.
  TIA for the help!

  Open up Terminal. It's in the Utilities folder.ssh -p <port#> <ipaddress> or, if you need to log on with a different user namessh -p <port#> <username>@<ipaddress>

• Configuring a proxy server with username and passw...

  Dear All,
  There is one thing which I have found in all the Nokia phones I have had until now which I find very disappointing:
  A proxy server can be set BUT a username and password for it cannot.
  In the case of trying to connect to the Internet outside a corporate network normally a proxy connection with username and password has to be entered.
  I can enter the proxy server on my Nokia phone but there is no place to enter a username and password in order to authenticate in front of the proxy server.
  Does Nokia think about adding this functionality, which, if I may say, has been in Windows Mobile since quite some time.
  If not for all phones, at least for the E series which are intended to be used in secure business networks.
  In the current situation I can use the corporate Wi-Fi to check my Exchange email which is great, but when I need to access something outside the corporate network I have to use the 3G network.
  So two question arise from the above:
  1. Will Nokia at some point implement Proxy Server Authentication? (Or maybe I'm not able to find it)
  2. Is there any application which allows Proxy Server Authentication to be used when connecting to the Internet?
  Thank you in advance for your help!
  Mitko 
  Nokia 650, Nokia 3510i, Nokia 3650, Nokia 6680, Nokia N73, Nokia E51, Nokia 5800 XM, HTC Desire, HTC Trophy, Nokia Lumia 820

  Hi,
  You can do:
  username:password@proxyservername
  Andy

• Want to connect to client's server with ARD, and run ARD on the server.

  Hi, I have Apple Remote Desktop and use it to monitor, update and service clients servers. I also have client's buy ARD to use internally to access, update and maintain computers on the network.
  When I try to access/sign-in to a server with ARD, when it's running ARD, it will not connect.
  What is the proper way to ARD into a server and still be able to run ARD on the server to connect with and work on other computers on the local network?
  Thanks in advance.

  On the client server install of ARD, open ARD, select preferences, select security tab, and make sure "allow control of this computer when ARD is running" is selected.

• Can I install oracle VM server with lvm and md raid?

  Hello,
  I am trying to install oracle vm server 2.1.2 on a server with md raid and I would like to use lvm on it. It seems to me that the installer md raid support is not working and lvm support is missing.
  Can you help me?
  Thanks in advance for any reply.
  Mario Giammarco

  Hi,
  now i understand...
  hm - if the install does let you create a raid ( mdraid ) -> you can try to setup the system preconfigured by anaconda...
  the lines would be like following:
  part swap size 8000 asprimary --ondisk cciss/c0d0
  part swap size 8000 asprimary --ondisk cciss/c0d1
  part /boot fstype ext3 size 200 asprimary ondisk cciss/c0d0
  part / fstype ext3 size 14750 asprimary ondisk cciss/c0d0
  part /appl fstype ext3 size 30000 asprimary ondisk cciss/c0d1
  part raid.01 size 1000 grow --ondisk cciss/c0d0
  part raid.02 size 1000 grow --ondisk cciss/c0d1
  raid /disk/disk1 level 0 device=md0 --fstype ext3 raid.01 raid.02
  -> check out the your anaconda file: #/root/anaconda*
  -> -> modify the part lines and setup a anaconda installer...
  ( would also a better idea - if you like to install standarized systems )
  let me know - if you need assistance with anaconda...

• Help setting up static ip for minecraft server with TC and PC

  Hey guys,
  I have a dell xps laptop and a son that is hooked on minecraft. I have promised him that I would let him set up a server so he and his buddies can play together. I would really appreciate some assistance on doing this on my time capsual. I have been searching for the solution but could only find references to doing this with a Mac, not a PC.
  Could anyone point in the right direction? I afraid I am in a little over my head. Thanks in advance!!
  Zippy

  >Does that mean that the range on the IPV4 local network page should  be modified to exclude the IP address that I want to use for the static  IP....
  e.g. change the range from 1-255 to 1-200 and then use an  IP of XXX.XXX.X.201 for instance
  That's right.
  You want to reserve static IP addresses in a range that does not overlap with the range that is allocated for generic DHCP clients. For example, you can define the DHCP pool to be 50~149, and reserved IP addresses to be 2~49 (for servers).

• Migrating Non ASM, Non RMAN to New Server with ASM and RMAN - Possible?

  We currently have a database ( Oracle 10g R1 ) on a Sun Solaris server that is NOT using ASM or RMAN. The database is about 300GB. We are getting a new server and we want to install Oracle 10g R2 with ASM and RMAN and migrate the database.
  I have seen the documentation on migrating non ASM to an ASM server but the methods all use RMAN. Is it possible to migrate to an ASM database without using RMAN? Would datapump import/export work if I created a new database on the new server with all the same tablespaces? Or, do I have to bite the bullet, install RMAN on the old server and do the backup?
  Thanks.

  If you're not using RMAN that doesn't mean you can't use it to perform a single backup, rman is contained in every oracle RDBMS installation version 10G or higher.
  this is only a sample of how to do it
  RMAN> CONFIGURE CHANNEL DEVICE TYPE DISK FORMAT '<file_system_path>/%U.DBF';
  --first we allocate the channel default channel.
  RMAN>RUN
  ALLOCATE CHANNEL DEFAULTCHANNEL TYPE DISK;
  SHUTDOWN IMMEDIATE;
  STARTUP MOUNT;
  BACKUP DATABASE;
  SHUTDOWN
  }then once you have it, you can do what you want.
  It should also be possible to manually restore the database from the original datafiles but it's better to follow the solution involving RMAN.
  Bye Alessandro

• Create tagging in server with hme and qfe is possible?

  Hellow. I want to create a tagging-interface in a server with solaris 9. This server only has hme and qfe interfaces...
  Is this possible? or the tagging interfaces only can be in bge, ce...?
  Where can I see docs about this?
  Thanks,
  Iñaki

  The Solaris 10 IP services guide (Configuring VLANS) indicates that VLANs are supported on ce, bge, xge and e1000g. I wouldn't think that Solaris 9 would be any different.

• Compile and debug to a remote server with ssh access

  How can i compile and debug from my Mac to a remote server that has ssh access only?

  Besides Microsof's Remote Desktop Connection
  <http://www.microsoft.com/mac/products/remote-desktop/default.mspx>
  Applications -> Remote Desktop Connection
  Computer:  windows.pc.address
  -OR-
  Computer:  windows.pc.address/console
  There is also CoRD (Microsoft RDC Screen Sharing)
  <http://www.macupdate.com/info.php/id/22770/cord>

• How do I bind to directory server with SSL and authentication?

  I'm running Lion Server 10.7.3, Open Directory master. In Open Directory/Settings/LDAP, I've checked the box to Enable SSL and selected a (self-signed) certificate. In Policies/Binding, I've checked the box to Enable Authenticated Directory Binding.
  Testing with a client computer on which Snow Leopard has been freshly installed and fully updated, I went to System Prefs/Accounts to bind to the new directory server. The good news is, the binding was successful, and when the client initiates an AFP connection with the server, it uses Kerberos, creating a ticket as expected. (Which doesn't work with Lion clients, alas, but that's a seperate matter.)
  Here are the problems:
  1) It looks like the binding did not use SSL. By which I mean that when I opened Directory Utility and examined the LDAPv3 entry, the SSL checkbox was not checked. (If I then check the box, everything looks fine until I restart the client, after which I have a red dot. So I'm guessing that checking the box does nothing until after restart, and that it breaks the binding.)
  2) I was never prompted to authenticate for the directory binding.
  So I get that literally I'm *enabling* SSL and Authenticated Directory Binding, but it seems like the defaults are to bind without SSL or authentication, and there's no obvious-to-me way to force the binding to use those things. How do I do that?
  What I'd really like to do is *require* SSL and Authenticated Directory Binding. I want this because my belief (correct me if I'm wrong) is that if authentication is required to bind to the server, no one will be able to bind to my server without my permission, and that SSL offers a more secure connection to my server than not-SSL. How do I require these things, or do I not really want to?
  Thank you.

  You cannot connect to databases via Muse at the moment. Please refer: http://forums.adobe.com/message/5090145#5090145
  Cheers,
  Vikas

• What IOS do I need for SSH and VPN

  Greetings,
  I am not a Cisco expert but can muddle my way thru configurations. I have inherited my position from someone else who setup our VPN infrastructure long ago. Problem is that we have added a new location and I have been asked to add it to our VPN. I found a spare 2610 in the equipment closet with IOS Version 12.2(24) which is a higher version than some of the other working VPN routers in the field. I am basically using the other VPN router configs as a template but when I issue the command "crypto", it does not recognize it. Nor does it recognize the command "ip ssh". So the questions are, do I have to get an updated IOS? If this IOS is ok, do I need an add-on VPN pack? If yes to either one, how do I get it? - Thanks.
  Don

  So if I do a "show ver" on the router I am having trouble with, I see:
  IOS (tm) C2600 Software (C2600-IO3-M), Version 12.2(24), RELEASE SOFTWARE (fc1)
  On one of the working VPN routers I see:
  IOS (tm) C2600 Software (C2600-IK9O3S3-M), Version 12.2(15)T14, RELEASE SOFTWARE (fc4)
  So I see the K9 in the IOS version of the working router. Thanks for that part of the puzzle.
  Now my question is, how do I get that IOS?
  Don