SSH and 10.4.6

Similar Messages

• ASA 5505 + ASA 5540 static VPN, ssh and rdp problems

  Greetings!
  I've recentely set up a VPN between Cisco ASA 5540(8.4) ana 5505(8.3).
  Everything works fine, but there is a small problem that is really annoying me.
  From the inside network behind ASA 5505 I connect via rdp or ssh to a host inside ASA 5540.
  Then I minimize ssh and rdp windows and don't use it for ten minutes. But I still use VPN for downloading some files.
  Then I open ssh window - the session is inactive, open rdp window - I see a black screen (for 10-15 seconds, and then it shows RDP)
  There are no timeouts on ssh or rdp hosts configured, via GRE tunnel it works perfectly without any hangs.
  What can I do to get rid of this problem?
  Thanks in advance.

  Dear Fedor,
  You could try adding the following commands to your configuration (on both ASAs) in order to increase the timeout values of the specific TCP sessions:
  access-l rdp_ssh permit tcp 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0 eq 22
  access-l rdp_ssh permit tcp 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0 eq 3389
  class-map TCP_TIMEOUT
        match access-list rdp_ssh
  policy-map global_policy
       class TCP_TIMEOUT
            set connection timeout idle 0:30:00
            set connection timeout half 0:30:00
  * Please make sure you define the specific RDP and SSH ports in the ACL and avoid the use of "permit ip any any".
  Let me know.
  Portu.
  Please rate any post you find useful.

• Problem with ssh and bash-completion

  I and a co-worker are having a weird problem with ssh and bash-completion. We have a local config in .ssh/config with hosts we connect everyday. An example:
  host foo
  hostname foo.org
  user foobar
  host foobar
  hostname foobar.org
  user foobar
  When we try to type
  ssh foo<tab><tab>b<tab>
  the console just freeze and we can't type anything, everything we type is ignored, but after about 30 seconds the host is completed.
  This works a some time ago, so some upgrade make this happen. Anyone can reproduce this?

  quigybo wrote:
  Actually thinking about it, rather than using the semi-dodgy fix posted on the bug tracker, we can just test if the daemon is running since we are not on MacOS X. It is cleaner and 250 ms quicker.
  --- bash_completion.orig 2010-09-14 05:33:22.000000000 +0930
  +++ bash_completion 2010-09-14 05:45:04.000000000 +0930
  @@ -1316,10 +1316,12 @@
  # contains ";", it may mistify the result. But on Gentoo (at least),
  # -k isn't available (even if mentioned in the manpage), so...
  if type avahi-browse >&/dev/null; then
  - COMPREPLY=( "${COMPREPLY[@]}" $( \
  - compgen -P "$prefix$user" -S "$suffix" -W \
  - "$( avahi-browse -cpr _workstation._tcp 2>/dev/null | \
  - awk -F';' '/^=/ { print $7 }' | sort -u )" -- "$cur" ) )
  + if [ -n "$(pidof avahi-daemon)" ]; then
  + COMPREPLY=( "${COMPREPLY[@]}" $( \
  + compgen -P "$prefix$user" -S "$suffix" -W \
  + "$( avahi-browse -cpr _workstation._tcp 2>/dev/null | \
  + awk -F';' '/^=/ { print $7 }' | sort -u )" -- "$cur" ) )
  + fi
  fi
  # Add results of normal hostname completion, unless
  This is the same test as was used in bash-completion 1.1.
  Thanks  quigybo, I use your patch, the issue is gone
  Why does so many packages depends on Avahi? Maybe make it optdepends is
  enough?
  my laptop $ pacman -Qi avahi
  Required By : gnome-disk-utility gnome-vfs libcups mpd sane

• Lion server on Mac mini server stop responding to ssh and VNC (other services like mail, ical works well)

  Lion server on Mac mini server stop responding to ssh and VNC (other services like mail, ical works well)
  Version is Lion server 10.7.4
  When I attach a monitor to it, I saw all the buttons and menus stopped responding too. I can only push and hold the power button on the box to shutdown.
  It only started happening recently.
  Anyone has any clue?
  Thanks for the help in advance!!!

  Found that the second hard drive is broken. I have to go to the apple store to have it replaced.
  I had to press the power button to turn the server off for several times, then the broken hard drive went disappeared. After that, I had to disable the Spotlight. Then the server went back to work normally.
  Now I made a CCC copy of the primary hard drive, and would like to have the server run on the external raid disk (connected through thunderbolt). Does anyone have previous experience with it? Any expectable drawback or issue with this setup?

• Sgd + ldap auth + ssh and numeric usernames

  Hi there, sorry if there is a well known answer to my problem, bu tI have not found it.
  anyway, We have a problem where our customer wants to use purelly numeric usernames to logg in to secure global desktop
  From the point of secure global desktop we don't have any problems with this, the problem happens later on with the ssh to solaris (which is set up with ldap authentication) in that I have not been able to get purely numerical logins to work with solaris pam_ldap. Now some of you think that this is not an SGD problem, and that is true, but I was wondering if SGD could help me solve this.
  My question is simple, can SGD use a "different" username taken from ldap after it has logged in the user instead of the username tha tthe user provided.
  ex.
  the user loggs in to SGD with the username 173651
  when starting the application , instead of logging in to the application server (via ssh) with username 173651 it should take an other field from ldap that holds the solaris username.
  thanks for any answers and hints.

  Sorry, but you missunderstood my question a bit :-)
  What you suggest is a way for the users to type in an other username after logged in to Secure Global desktop, tha tis now what we want
  We want this to be done automaticly for us.
  First we have changed a bit how the login procedure works, when the user surfs to the SGD server they will not be presented with any choices, they wil be presented with a single login screen, when they have logged in SGD will automaticly start our application.
  the problem we have is that we want to use only digits as the login name in SGD, but unforutunally Solaris have some problems with using digits alone in usernames (and especially usernames longer then 8 characters)
  so I was hoping that SGD could read from LDAP (we are using LDAP user store, not UNIX) another value that it would use to login to the app server thorugh SSH
  for example, when logging in to SGD it loggs in towards the LDAP uid field, but when it starts the application SGD reads some other property from LDAP and sends that to ssh. Solaris is then also authenticating towards SSH and uses the second property to authenticate.
  If this cannot be done in Secure global Desktop, I think we will look at using a third party authenticator that can do what we want (hopefully OpenSSO can do this)

• Port forwarding, NAT, SSH and Transmission.

  A couple of days ago I decided to setup the Transmission daemon, along with automatization for my downloads. Recently, however, to put a layer of security around my laptop, I set up a wireless router I had lying around that is now connected with a wire to my laptop. The reason for this is that I have no idea how iptables work yet, and until then I decided this will suffice for the moment. One of the problems though (yes, problems seems to come in twenty-fold where my luck is concerned), is that when I rewire my laptop directly to the internet, without the router, NetworkManager or Archlinux doesn't reset the ip address, which for some reason jumps to 192.168.1.122, which it never uses otherwise. I haven't yet tried reinstalling networkmanager, but when I did turn it off, dhcpdcd assigned the same address... The problem here being that it shouldn't assign a LAN-address, I'm directly connected to the internet. Sidenote here though; my internet connection is just a plug in the wall, the operators here (I live on a kind of campus), probably only use a network-switch to relay the traffic to the socket.
  That's that, my wired network doesn't work directly, only via the wireless router, wired or wireless. Because of this, I have to use port-forwarding for SSH (to test if the port forwarding works), and the Transmission daemon with an rcmp port of 9091., which was my intention in the first place. I have no idea if logging into my.ip.address.here:9091 in a browser would work, I just used localhost:9091.
  Now for the results:
  $ nmap -sT xx.xxx.xx.xx
  Starting Nmap 5.21 ( http://nmap.org ) at 2010-06-14 19:42 CEST
  Nmap scan report for xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  Host is up (0.038s latency).
  Not shown: 996 closed ports
  PORT STATE SERVICE
  22/tcp filtered ssh
  53/tcp open domain
  80/tcp open http
  9091/tcp filtered unknown
  Here it shows that the ports are actually not closed, but they're not exactly opened either, from what I gathered from the internet.
  SSH shows the true problem:
  $ ssh neal@xxxxxxxx
  ssh: connect to host xxxxxxxx port 22: Connection timed out
  SSH-ing to 192.168.0.102 (my internal ip) works, as does to localhost, same for Transmission webGUI. Before I used port-forwarding ssh would correctly say that it couldn't get traffic from the router.
  My router is a cheap solution to another problem I had, but it should work like any router. It's a Sitecom WL-607. I disabled login authentication for the moment. Also, there is no filtering going on in the firewall. Like I said earlier, I don't get iptables, so that's not being used. The hosts file allows all and denies nothing.
  TLDR version; I'm using port-forwarding on my Sitecom WL-607, but all ports except http and the 53 port are being blocked.
  Is there something I'm missing here?
  Thanks in advance,
  Neal van Veen.

  by default, all routers assign there clients an ip address from there internal pool of addresses, your wireless router is assigning you that address and then NAT's the connection with the WAN side, but even after directly plugging in to the wall socket you still dont get a new ip address, use dhcpcd <mydev> in terminal to reresh dhcp lease. if not then your campus/location/etc may also be using NAT on there own side.
  as for the ports, iptables doesnt block any traffic by default, it allows everything. if there is filtering, it is from your wireless router.
  on the above ssh and nmap scans, did u use your lan ip, or your public ip.

• Mounting samba share starts avahi, ssh and sftp at client

  The problem is at the client. When i mount a samba share (with # mount), avahi is started, which starts ssh and sftp. This is wrong on many levels.
  Not sure how long this has been going on, someone else already asked this on stackexchange on 11.2.15, but didn't get any answers.
  Journal output immediatly after mounting (hostname, ip etc. removed):
  Mär 18 01:35:51 hostname dbus[434]: [system] Activating via systemd: service name='org.freedesktop.Avahi' unit='dbus-org.freedesktop.Avahi.service'
  Mär 18 01:35:51 hostname systemd[1]: Cannot add dependency job for unit boot.automount, ignoring: Unit boot.automount is masked.
  Mär 18 01:35:51 hostname systemd[1]: Listening on Avahi mDNS/DNS-SD Stack Activation Socket.
  Mär 18 01:35:51 hostname systemd[1]: Starting Avahi mDNS/DNS-SD Stack Activation Socket.
  Mär 18 01:35:51 hostname systemd[1]: Starting Avahi mDNS/DNS-SD Stack...
  Mär 18 01:35:51 hostname avahi-daemon[2583]: Found user 'avahi' (UID 84) and group 'avahi' (GID 84).
  Mär 18 01:35:51 hostname avahi-daemon[2583]: Successfully dropped root privileges.
  Mär 18 01:35:51 hostname avahi-daemon[2583]: avahi-daemon 0.6.31 starting up.
  Mär 18 01:35:51 hostname avahi-daemon[2583]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
  Mär 18 01:35:51 hostname dbus[434]: [system] Successfully activated service 'org.freedesktop.Avahi'
  Mär 18 01:35:51 hostname systemd[1]: Started Avahi mDNS/DNS-SD Stack.
  Mär 18 01:35:51 hostname avahi-daemon[2583]: Successfully called chroot().
  Mär 18 01:35:51 hostname avahi-daemon[2583]: Successfully dropped remaining capabilities.
  Mär 18 01:35:51 hostname avahi-daemon[2583]: Loading service file /services/sftp-ssh.service.
  Mär 18 01:35:51 hostname avahi-daemon[2583]: Loading service file /services/ssh.service.
  Mär 18 01:35:51 hostname avahi-daemon[2583]: Joining mDNS multicast group on interface enp1234.IPv4 with address myip.
  Mär 18 01:35:51 hostname avahi-daemon[2583]: New relevant interface enp1234.IPv4 for mDNS.
  Mär 18 01:35:51 hostname avahi-daemon[2583]: Network interface enumeration completed.
  Mär 18 01:35:51 hostname avahi-daemon[2583]: Registering new address record for myip on enp1234.IPv4.
  Mär 18 01:35:51 hostname avahi-daemon[2583]: Registering HINFO record with values 'X86_64'/'LINUX'.
  Mär 18 01:35:52 hostname avahi-daemon[2583]: Server startup complete. Host name is hostname.local. Local service cookie is 123.
  Mär 18 01:35:53 hostname avahi-daemon[2583]: Service "hostname" (/services/ssh.service) successfully established.
  Mär 18 01:35:53 hostname avahi-daemon[2583]: Service "hostname" (/services/sftp-ssh.service) successfully established.

  Thanks for your answer.
  snakeroot wrote:Are you sure it is actually starting ssh and ssftp or is it just having avahi advertise them as existing?
  I'm not sure if anything is started, the term "Service ssh successfully established" sounds like the ssh serrver is started to me, but it might just be strange wording. What does "advertise as existing" mean?
  From the snippet you quoted, it looks like the latter. Unless you have alread started socket activation for ssh or sftp, whether via systemd *.socket or inetd, I'm not sure it would actually be started.
  I didn't enable anything manually.
  I think you can rm/mv the sftp-ssh.service and ssh.service files /etc/avahi/services/ and prevent those services from being advertised.
  OK thanks for the hint. Nontheless i would rather stop avahi from starting than configuring it.
  Begin rant...
  I'm a bit annoyed that avahi is starting without my permission. Seems like systemd is getting a bit overzealous with starting services. Interestingly this was one of the big problems with upstart, and was supposed to be solved with systemd. I still like systemd.

• Native SSH and SFTP in LabVIEW

  At the risk of re-opening a can of worms, is there any consideration for adding native SSH and SFTP support for LabVIEW?
  Using PuTTy/plink is cumbersome and not cross-platform.
  Calling a .NET (or any other) external assembly is cumbersome and not cross-platform.
  Labwerx SSH has a terrible licensing model (not to mention the additional cost).
  It is 2015, and SSH/SFTP is ubiquitous and not going away. These protocols should be natively supported in LabVIEW.
  I have seen this idea on the exchange (http://forums.ni.com/t5/LabVIEW-Idea-Exchange/Native-SSH-and-SFTP-Support/idi-p/1141529), but there hasn't been any movement in 5 years. I would appreciate any news from NI here, even in the negative. If LabVIEW isn't going to support SSH anytime soon, it would be better to find out now.
  Solved!
  Go to Solution.

  I doubt it is likely to happen any time soon - the LabSSH toolkit is pretty reasonably priced when you compare it to how long it would take you to implement the functionality yourself and there is nothing to stop you from implementing it yourself using the TCP/IP functions which are in LabVIEW. You can of course use the command-line interface to something like WinSCP / PuTTy as well.
  I did also find a wrapper that someone had made for an Open Source .NET SSH library called Renci
  I downloaded a copy from this thread: http://forums.ni.com/t5/LabVIEW/Plink-PuTTY-works-30-of-the-time-using-System-Exec-vi/td-p/3002261
  There is also another implementation of the wrapper here: https://decibel.ni.com/content/docs/DOC-41388
  Certified LabVIEW Architect, Certified TestStand Developer
  NI Days (and A&DF): 2010, 2011, 2013, 2014
  NI Week: 2012, 2014
  Knowledgeable in all things Giant Tetris and WebSockets

• Secured server with SSH and VPN?

  Hi,
  Have an Archbox at home and when I'm traveling I would like to connect to my Archlinux box at home to grab files and such things.
  Using ADSL with a static IP and a D-Link router.
  If I create a portfowarding rule of port 443 to my Archlinux box and user it to connect with SSH and VPN is that secured enought?
  I have family photos and stuff on the server that I don't want to be hacked or spread. Not a high target for hackers but for scriptkiddies!
  So, will a portforwarding rule and a use of SSH daemon and a VPN Server software make me secure all the way, the VPN and SSH is encrypted right?
  Any suggestions of a good VPN application?
  Server daemon for the "archserver" and clients for my laptop with dualboot, vista and archlinux.

  Yeah, SSH or OpenVPN should be perfectly fine.
  However, why port 443? If someone is scanning a large range of IP-addresses for commonly open ports to find active servers, they will most likely scan port 21, 22, 25, 80, 110, 443, etc. as these ports usually run the most interesting services.
  Since it has no impact on the usability, choose a high port, between 10000-65000, which is not commonly used. That way your system will not be identified as active by a simple portscan searching for active servers.
  You don't have to be worried about attacks targeted directly against you, if you don't have anything interesting on your system, a cracker wouldn't spend time on manually breaking into your system. Just mask yourself from worms etc. by using uncommon ports. Using SSH or OpenVPN will handle encryption, which ensures data integrity, even when you're connected to an unencrypted hotspot somewhere in the world on your vacation
  If you setup OpenVPN, you'll also have the possibility of routing all your Internet traffic throught your home system, which can be very handy in terms of surfing and checking mail from unencrypted hotspots around the world.

• How do I configure Kwallet to manage SSH and GPG keys? [SOLVED]

  I'm using a select few KDE programs (not the DE) such as Kontact (and with that KMail, Korganizer, Kaddressbook...) and Kwallet. I've got a GPG and an SSH key which I need in Git to sign commits and push. I'd like to have Kwallet manage ALL of these passwords/passphrases, (e-mail, SSH, GPG) and only be prompted for a password to unlock my wallet once per session - or better yet, have the wallet unlocked by logging in (like the keychain in OS X). I'm currently using SLiM (systemd, slim.service) as the login manager. I had a glance at this tutorial for inspiration but to no success...
  This is my ~/.xinitrc:
  #!/bin/sh
  if [ -d /etc/X11/xinit/xinitrc.d ]; then
  for f in /etc/X11/xinit/xinitrc.d/*; do
  [ -x "$f" ] && . "$f"
  done
  unset f
  fi
  # Hide mouse cursor when idle
  unclutter -idle 4 &
  # Background image
  hsetroot -fill $HOME/img/08.jpg &
  # Window manager
  xmonad
  This is my ~/.zprofile (failed attempt, fake GPG-key name)
  #!/bin/sh
  # Load keychain to handle ssh and gpg keys
  export SSH_ASKPASS=/usr/bin/ksshaskpass
  eval `keychain --eval id_rsa 1234ABCD`
  $HOME/.keychain/`hostname`-sh
  $HOME/.keychain/`hostname`-sh-gpg
  This is my ~/.gnupg/gpg.conf (commented lines not included)
  no-greeting
  require-cross-certification
  charset utf-8
  keyserver hkp://keys.gnupg.net
  Last edited by totte (2012-10-25 10:49:52)

  No success so far, really, need more ideas.
  Neither of /etc/kde/env/{gpg,ssh}-agent-startup.sh seem to be run by anything automatically on my system upon boot and logging in. I tried going back to the beginning and I got GPG working alright, when signing a commit I was automatically authenticated. SSH however still prompts me by CLI to enter my passphrase when I try to git-push or ssh into a server. I set an empty password for the wallet to have it "unlocked by logging in". I thought setting "export SSH_ASKPASS='/usr/bin/ksshaskpass'" in ~/.zprofile would have it prompt for the password in some manner of Qt window related to Kwallet, but apparently it doesn't. In top both ssh-agent and gpg-agent are displayed as running - but if I run gpg-agent in Konsole I get the output "gpg-agent: no gpg-agent running in this session", ssh-agent on the other hand outputs "SSH_AUTH_SOCK=/tmp/ssh-noaDS3C4AP8M/agent.1830; export SSH_AUTH_SOCK;
  SSH_AGENT_PID=1831; export SSH_AGENT_PID;
  echo Agent pid 1831;".
  Here's my ~/.zprofile, ~/.xinitrc, ~/.gnupg/gpg.conf, ~/.gnupg/gpg-agent.conf and ~/.zshrc (probably irrelevant but included anyway):
  ~/.zprofile
  export EDITOR='vim'
  export GIT_EDITOR='vim -fg'
  export GPG_TTY=$(tty)
  export GREP_COLOR='1;34'
  export GREP_OPTIONS='--color=auto'
  export LANG='en_GB.UTF-8'
  export PAGER='less'
  export PINENTRY='/usr/bin/pinentry-kwallet'
  export SSH_ASKPASS='/usr/bin/ksshaskpass'
  export VISUAL='vim'
  ~/.xinitrc
  #!/bin/sh
  if [ -d /etc/X11/xinit/xinitrc.d ]; then
  for f in /etc/X11/xinit/xinitrc.d/*; do
  [ -x "$f" ] && . "$f"
  done
  unset f
  fi
  # Kwallet
  kwalletd &
  # Keychain (SSH & GPG)
  eval `keychain --eval id_rsa 1234ABCD` &
  # Hide mouse cursor when idle
  unclutter -idle 4 &
  # Background image
  hsetroot -fill $HOME/img/08.jpg &
  # Akonadi
  akonadictl start &
  # Music Player Daemon
  mpd &
  # Window manager
  xmonad
  ~/.gnupg/gpg.conf
  no-greeting
  require-cross-certification
  charset utf-8
  keyserver hkp://keys.gnupg.net
  use-agent
  ~/.gnupg/gpg-agent.conf
  pinentry-program /usr/bin/pinentry-kwallet
  no-grab
  ~/.zshrc (probably irrelevant)
  # PATH
  # System executables
  PATH0="/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin"
  # My executables
  PATH1="$HOME/bin"
  export PATH="$PATH0:$PATH1"
  # COLOURS
  autoload colors; colors;
  eval "`dircolors -b ~/.dircolorsrc`"
  # GENERAL
  HISTFILE=$HOME/.zsh_history
  HISTSIZE=10000
  SAVEHIST=10000
  setopt append_history
  setopt extended_history
  setopt hist_expire_dups_first
  setopt hist_ignore_dups
  setopt hist_ignore_space
  setopt hist_verify
  setopt inc_append_history
  setopt share_history
  setopt prompt_subst
  setopt correctall
  setopt auto_menu
  setopt complete_in_word
  setopt always_to_end
  setopt extendedglob
  # ALIASES
  alias rezsh='. ~/.zshrc'
  alias _='sudo '
  alias l='ls -lh --color'
  alias la='ls -lAh --color'
  alias -- -='cd -'
  alias ..='cd ..'
  alias df='df -h'
  alias g='git'
  alias tmux='tmux attach'
  alias cp='cp -v'
  alias mv='mv -v'
  alias rm='rm -v'
  alias rmdir='rmdir -v'
  alias d='dirs -v'
  bu(){cp -v $1 ${1}.backup}
  cmds(){history | awk '{print $2}' | sort | uniq -c | sort -rn | head}
  md(){mkdir -p $1; cd $1}
  # OS-specific aliases
  if [[ $(uname) == "Darwin" ]]; then
  # Mac OS X
  alias pkgs='port search' # Search
  alias pkgi='sudo port install' # Install
  alias pkgu='sudo port selfupdate && sudo port upgrade outdated' # Update & Upgrade
  alias pkgr='sudo port uninstall --follow-dependencies' # Remove package and unused dependencies
  alias pkgl='port installed' # List installed packages
  alias python='/usr/local/bin/python3'
  alias pip='pip-3.2'
  alias pips='pip-3.2 search'
  alias pipi='pip-3.2 install'
  alias pipu='pip-3.2 install -U'
  alias pipr='pip-3.2 uninstall'
  alias pipl='pip-3.2 freeze'
  alias v='mvim'
  elif [[ $(uname) == "Linux" ]]; then
  alias pips='pip search'
  alias pipi='pip install'
  alias pipu='pip install -U'
  alias pipr='pip uninstall'
  alias pipl='pip freeze'
  alias v='vim'
  case $(lsb_release -d | cut -f2 | cut -d " " -f1) in
  (Arch) # Arch Linux
  alias equa='alsamixer -D equal'
  alias pkgs='pacman -Ss' # Search
  alias pkgi='sudo pacman -S' # Install
  alias pkgu='sudo pacman -Syu' # Update & Upgrade
  alias pkgr='sudo pacman -Rns' # Remove package, configuration backups and unused dependencies
  alias pkgl='pacman -Q' # List installed packages
  alias pkgd='whoneeds' # List packages depending on specified package
  alias poweroff='sudo systemctl poweroff'
  alias reboot='sudo systemctl reboot'
  alias nw='wicd-curses'
  (Debian|Ubuntu) # Debian and Ubuntu
  alias pkgs='aptitude search' # Search
  alias pkgi='sudo aptitude install' # Install
  alias pkgu='sudo aptitude update && sudo aptitude upgrade' # Update & Upgrade
  alias pkgr='sudo aptitude purge' # Remove package, configuration files and unused dependencies
  alias pkgl='aptitude search -F "%p" "~i"' # List installed packages
  alias reboot='sudo shutdown -r now'
  alias shutdown='sudo shutdown -h now'
  esac
  fi
  # Host-specific aliases
  if [[ ${HOST:r} == "betre" ]]; then
  alias poff='sudo /sbin/write-magic 0xdeadbeef && sudo /sbin/reboot'
  fi
  # TAB COMPLETION
  autoload compinit
  compinit
  # Case-insensitive (all),partial-word and then substring completion
  zstyle ':completion:*' matcher-list 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=*' 'l:|=* r:|=*'
  zstyle ':completion:*:*:*:*:*' menu select
  zstyle ':completion:*:cd:*' tag-order local-directories directory-stack path-directories
  cdpath=(.)
  # Use /etc/hosts and known_hosts for hostname completion
  [ -r /etc/ssh/ssh_known_hosts ] && _global_ssh_hosts=(${${${${(f)"$(</etc/ssh/ssh_known_hosts)"}:#[\|]*}%%\ *}%%,*}) || _ssh_hosts=()
  [ -r ~/.ssh/known_hosts ] && _ssh_hosts=(${${${${(f)"$(<$HOME/.ssh/known_hosts)"}:#[\|]*}%%\ *}%%,*}) || _ssh_hosts=()
  [ -r /etc/hosts ] && : ${(A)_etc_hosts:=${(s: :)${(ps:\t:)${${(f)~~"$(</etc/hosts)"}%%\#*}##[:blank:]#[^[:blank:]]#}}} || _etc_hosts=()
  hosts=(
  "$_global_ssh_hosts[@]"
  "$_ssh_hosts[@]"
  "$_etc_hosts[@]"
  `hostname`
  localhost
  zstyle ':completion:*:hosts' hosts $hosts
  # KEYBINDINGS
  bindkey '^[[A' history-beginning-search-backward
  bindkey '^[[B' history-beginning-search-forward
  bindkey "^[[H" beginning-of-line
  bindkey "^[[1~" beginning-of-line
  bindkey "^[OH" beginning-of-line
  bindkey "^[[F" end-of-line
  bindkey "^[[4~" end-of-line
  bindkey "^[OF" end-of-line
  # Make the delete key (or Fn + Delete on the Mac) work instead of outputting a ~
  bindkey '^?' backward-delete-char
  bindkey "^[[3~" delete-char
  bindkey "^[3;5~" delete-char
  bindkey "\e[3~" delete-char
  # TITLES
  tmux_title="%16<..<%~%<<"
  term_tab_title="%m"
  term_title="Terminal"
  function title(){
  if [[ "$TERM" == screen* ]]; then
  print -Pn "\ek$tmux_title:q\e\\"
  elif [[ $TERM == rxvt* ]] || [[ "$TERM_PROGRAM" == "iTerm.app" ]]; then
  print -Pn "\e]2;$term_title:q\a"
  print -Pn "\e]1;$term_tab_title:q\a"
  fi
  function title_precmd(){
  title $tmux_title $term_tab_title $term_title
  function title_preexec(){
  emulate -L zsh
  setopt extended_glob
  local tmux_title=${1[(wr)^(*=*|sudo|ssh|-*)]}
  title $tmux_title $term_tab_title $term_title
  # ZSH VCS_INFO MODULE
  autoload -Uz vcs_info
  #zstyle ':vcs_info:*+*:*' debug true
  zstyle ':vcs_info:*' enable git
  zstyle ':vcs_info:git*' formats '%fon $(rou)%b%f%c%u%m'
  zstyle ':vcs_info:git*' actionformats '%fon $(rou)%b%f:$(rou)%a%f%c%u%m'
  zstyle ':vcs_info:git*:*' stagedstr ' (staged)'
  zstyle ':vcs_info:git*:*' unstagedstr ' (unstaged)'
  zstyle ':vcs_info:git*:*' get-revision true
  zstyle ':vcs_info:git*:*' check-for-changes true
  zstyle ':vcs_info:git*+set-message:*' hooks git-stash git-untracked
  # Display count of stashed changes
  function +vi-git-stash(){
  local -a stashes
  if [[ -s ${hook_com[base]}/.git/refs/stash ]] ; then
  stashes=$(git stash list 2>/dev/null | wc -l)
  if [[ $stashes > 1 ]] ; then
  hook_com[misc]+=" (${stashes} stashes)"
  else
  hook_com[misc]+=" (${stashes} stash)"
  fi
  fi
  # Display message if untracked files are present
  function +vi-git-untracked(){
  if [[ $(git rev-parse --is-inside-work-tree 2> /dev/null) == 'true' ]] && \
  git status --porcelain | grep '??' &> /dev/null ; then
  hook_com[unstaged]+=" (untracked files present)"
  fi
  function prompt_precmd(){
  vcs_info
  # PROMPT
  # Root or user?
  function rou(){
  if [[ $UID -eq 0 ]] ; then
  echo "%{$fg[magenta]%}"
  else
  echo "%{$fg[blue]%}"
  fi
  # Display ± if we're in a git repository and » at all other times
  function prompt_character(){
  git branch >/dev/null 2>/dev/null && echo '%{$fg[white]%}±%{$reset_color%}' && return
  echo '%{$fg[white]%}»%{$reset_color%}'
  # Set the prompt
  function set_prompt(){
  PROMPT="$(rou)%n %{$reset_color%}at $(rou)%m %{$reset_color%}in $(rou)%~ ${vcs_info_msg_0_}
  %{$reset_color%}$(prompt_character) "
  # HOOKS
  autoload -U add-zsh-hook
  add-zsh-hook preexec title_preexec
  add-zsh-hook precmd title_precmd
  add-zsh-hook precmd prompt_precmd
  add-zsh-hook precmd set_prompt

• Runcluvfy nodecon fails eventhough ssh and scp doesnt ask for password

  Hi all,
  this is my first attempt to oracle RAC . I configured the ssh gen as shown in documentation without using passphrase
  I tested ssh and scp and it do not ask me password .
  xt33db006[oracle:grid10p]/opt/home/oracle$ ssh xt33db007 date
  Thu Apr 24 12:15:13 PDT 2008
  xt33db007[oracle:grid10p]/opt/home/oracle$ ssh xt33db006 date
  Thu Apr 24 12:15:43 PDT 2008
  but when I try to do
  runcluvfy.sh comp nodecon -n xt33db006,xt33db007 -verbose
  Verifying node connectivity
  ERROR:
  User equivalence unavailable on all the nodes.
  Verification cannot proceed.
  do I need to put these 2 hostname in hosts.equiv file ? not sure what I am missing here
  I will appreciate any pointer .
  thanks
  -Prasad

  xt33db006[oracle:grid10p]/opt/home/oracle$ runcluvfy.sh stage -pre crsinst -n xt33db006,xt33db007 -verbose
  Performing pre-checks for cluster services setup
  Checking node reachability...
  Check: Node reachability from node "xt33db006"
  Destination Node Reachable?
  xt33db006 yes
  xt33db007 yes
  Result: Node reachability check passed from node "xt33db006".
  Checking user equivalence...
  Check: User equivalence for user "oracle"
  Node Name Comment
  xt33db007 failed
  xt33db006 failed
  Result: User equivalence check failed for user "oracle".
  ERROR:
  User equivalence unavailable on all the nodes.
  Verification cannot proceed.
  Pre-check for cluster services setup was unsuccessful on all the nodes.

• Slow SSH and VNC

  Hi!
  I'm visiting my family at the moment, and tried to call home to my desktop from my laptop that I brought with me. I've tried to use both VNC and SSH, and both are extremely slow. I'm sitting on a 24/2 mbps-line at the moment, while my desktop is connected to a 10/10 mbps-line. VNC is just too slow be usable, and sometimes it freezes for a long time. SSH also feels very sluggish, and when I tried to copy a file with sshfs I got a speed of around 20 Kb/s. At first I though there was something wrong with the connection, but then I started apache on my desktop and downloaded a file over http, and the speed was stable around 900 Kb/s as it should be. A traceroute shows that the trafic goes directly from my familys ISP to my ISP, and ping shows times around 20 ms. So I can't understand why SSH and VNC is so slow, and I don't even know where to begin troubleshooting. If anyone have any suggestions on what might be wrong I would be very grateful.
  Both of my computers run Arch64, and my desktop is connected via cable to a router while my laptop uses wireless (Intel 4965), also to a router. The routers are pretty much identical, both being Asus WL-500G Premium with DD-WRT firmware. The necessary ports are of course open, and I use port 2200 for SSH and 5900 for VNC.

  Could be one of the isps doing QoS on anything not http based traffic. Comcast sometimes _appears_ at least to be slowing down some of my non-http traffic for instance...
  Could be packet loss.
  Could be a busy neighborhood loop on a cable network (if that is what one end is..).
  Could be.. just about anything...
  Run iperf on both ends or something, and see what it says..
  Look at tcpdump output (or wireshark).
  poke around. try some stuff.
  *shrugs*

• SSH and REMOTE X......Not X Forwarding

  I've setup several web servers at home for myself, a website, and WordPress on both virtual and real hardware to learn more about servers.
  They have varied from just installing Apache on a Ubuntu desktop to installing my website and Wordpress on a lamp server without X.
  I quickly learned the benefits of a server without X and a GUI, so I set a goal to setup and configure a lamp server without installing a GUI......and I finally accomplished it!!
  Now I'll be the first to admit that I'm still more comfortable in a GUI environment compared to the command line. However, I have no problem using the command line when needed, and am comfortable navigating the file system and editing config files using nano, while still learning and trying to remember commands!!!
  My question is where to get more info on how to access my current server without X installed, via SSH and remote X from my Arch desktop to use GUI apps.
  I already use the "connect to remote SSH server" to remotely manipulate the file system over my local network using Nautilus.
  If Nautilus will work via remote X, then all GUI apps in theory will work. I'm just having problems actually figuring out how to it!!!
  I've read that, "By default, this feature is disabled (for security reasons)". So I need to
  startx -listen_tcp
  But to do that, I need to:
  If this server is no longer running, remove /tmp/.X0-lock and start again.
  But when the X server is not running, the tmp file referred to is not there!!
  Any ideas on how to "toggle" this function on and off easily?
  Security risks?
  I would also appreciate any additional refrence material on remote X.
  Last edited by jeff story (2009-10-11 19:42:15)

  mcover,
  First, I'd like to ask you something. Did I really say something so wrong that you have to be a rude f#&ker in your reply and try to belittle me for not knowing as much about how Linux works as you?? Did I unknowingly insult you in some way? Sorry if I did.
  mcover said:
  What you want to do is, run a bunch of GUI apps remotely on your server (let's call it machine B) and forward their X output to your machine (machine A). That certainly defeats the purpose of a server, but heck.. it's all possible.
  OK, based on that statement, either you aren't getting what I'm wanting to do, or perhaps you can explain why you feel that way.
  No, I don't want to run GUI apps on my server and forward X.....Thats exactly what I don't want to do.
  Quote mcover:
  That certainly defeats the purpose of a server
  When I'm NOT going to install anything additional on my server to do what I want, and ask for security considerations?
  Wow....
  Quote mcover:
  But the remote-SSH feature of Nautilus is in no way remote X or X-Forwarding.
  So lets see.....server has no X installed, no Nautilus installed, and I use Nautilus (remotely from the OS and file system I'm manipulating)
  Nautilus front end (GUI) can't display without X .....
  ....hmmm, Sorry if i'm not being clear enough for you. Did I screw up on some Linux terminology or something???? Please elaborate...
  Quote mcover:
  But I do suggest you get comfortable with the command line
  Oh, you obviously missed this paragraph I wrote in the original post then:
  Now I'll be the first to admit that I'm still more comfortable in a GUI environment compared to the command line. However, I have no problem using the command line when needed, and am comfortable navigating the file system and editing config files using nano, while still learning and trying to remember commands!!!
  Quote mcover:
  Then you'd have to look into VNC or NX.
  As I said, I don't want to add anything (packages) to my server, so VNC works without X installed?
  So thanks for your reply, but no thanks, I'll wait until either someone who understands what I am asking replies, or I'll just do more research on this subject on my own.
  BTW: This is the first time I have ever lashed out at someone on a public forum.....but then again, you kinda deserve it don't you.
  Last edited by jeff story (2009-10-11 23:56:19)

• JDev 11.1.1.4.0 Support for SSH and SFTP

  Using JDeveloper 11.1.1.4.0
  I've tried researching Oracle docs, but find nothing on Secure FTP (SFTP). Does Oracle ADF have built-in SSH and SFTP Java libraries? If not, has anyone had success with the Java libraries from SourceForge or is there something better out there?
  Thanks,
  Troy

  There is no build in ftp or ssh library in jdev. I used http://commons.apache.org/net/ in one of my project.
  Timo

• Enabling SSH and disabling Telnet

  I am trying to enable SSH on a 3560G switch so I can disable Telnet.
  Some have mentioned to do an "sh ssh" to see if I have ssh on the switch. It doesn't show. I also have done "transport input ssh" and ssh isn't a valid input method.
  So I decided to upgrade the IOS on the switch. I am now at 12.2(52) SE.
  But I still cannot configure SSH. I get the same results as mentioned above.
  Since this is the latest version of IOS can I not assume that it contains SSH? Or do I need to download a different version of IOS that specifically has SSH in it?
  Thanks for your help

  Yup, you need a K9/CRYPTO image, e.g:
  c3560-ipservicesk9-mz.122-52.SE.bin
  You can use the feature nagivator to search for images with 'Secure Shell' support:
  www.cisco.com/go/fn
  It can be either .tar or .bin does not matter. The .tar image includes the web-gui files (alongwith the .bin IOS image) and does not affect the SSH capability.
  Regards
  Farrukh

• Log ssh and telnet connections

  Hi guys,
  if you want to log all ssh and telnet connections to your system, what entry do you put in /etc/syslog.conf file?
  Thank you

  Google is your friend:
  http://www.unix.com/solaris/128310-logging-incoming-connections-solaris-10-a.html