SSH failures - auto-block by ip?

I know there are several ways to auto-block IPs of failed SSH dictionary attckers on Linux, are there any such scripts or apps for Xserve?
I've looked at several of the Linux scripts, and most of them are specific to the distribution they are written for. I'm not a programmer, not even a shell scripter, so building custom stuff is a bit beyond me.
Any help would be greatly appreciated, since my server is going live on Monday (in a datacenter which has caused me script-kiddie trouble in the past, but it's my only option currently) and I want to be as protected as possible.
Turning off SSH is really not an option, since I'm going to be doing all server administration from my home, and I'll have minimal site access.
Thanks,
-Gregg

Another thought I had was simply remapping SSH to
port 9922 and removing it from port 22 - effectively
"hiding" it from the dictionary attacks and script
kiddies.
Which doesn't protect you from weak passports. I'd disable all but pubkey auth method in sshd_config.
Changing the default ssh port in tiger is quite tricky beacause ssh is launched by launchd. Launchd is listening for connections on the port defined by the pair i) SockServiceName in sshd.plist and ii) the corresponding port value for ssh in /etc/services. These values have to be changed to your port of choice and I suggest to maintain the ascending sorted list and place the changed lines at the end.
-Ralph

Similar Messages

  • ORA-00349: failure obtaining block size for '+Z'  in Oracle XE

    Hello,
    I am attempting to move the online redo log files to a new flash recovery area location created on network drive "Z" ( Oracle Database 10g Express Edition Release 10.2.0.1.0).
    When I run @?/sqlplus/admin/movelogs; in SQL*Plus as a local sysdba, I get the following errors:
    ERROR at line 1:
    ORA-00349: failure obtaining block size for '+Z'
    ORA-06512: at line 14
    Please let me know how to go about resolving this issue.
    Thank you.
    See below for detail:
    Connected.
    SQL> @?/sqlplus/admin/movelogs;
    SQL> Rem
    SQL> Rem $Header: movelogs.sql 19-jan-2006.00:23:11 banand Exp $
    SQL> Rem
    SQL> Rem movelogs.sql
    SQL> Rem
    SQL> Rem Copyright (c) 2006, Oracle. All rights reserved.
    SQL> Rem
    SQL> Rem NAME
    SQL> Rem movelogs.sql - move online logs to new Flash Recovery Area
    SQL> Rem
    SQL> Rem DESCRIPTION
    SQL> Rem This script can be used to move online logs from old online
    log
    SQL> Rem location to Flash Recovery Area. It assumes that the database
    SQL> Rem instance is started with new Flash Recovery Area location.
    SQL> Rem
    SQL> Rem NOTES
    SQL> Rem For use to rename online logs after moving Flash Recovery
    Area.
    SQL> Rem The script can be executed using following command
    SQL> Rem sqlplus '/ as sysdba' @movelogs.sql
    SQL> Rem
    SQL> Rem MODIFIED (MM/DD/YY)
    SQL> Rem banand 01/19/06 - Created
    SQL> Rem
    SQL>
    SQL> SET ECHO ON
    SQL> SET FEEDBACK 1
    SQL> SET NUMWIDTH 10
    SQL> SET LINESIZE 80
    SQL> SET TRIMSPOOL ON
    SQL> SET TAB OFF
    SQL> SET PAGESIZE 100
    SQL> declare
    2 cursor rlc is
    3 select group# grp, thread# thr, bytes/1024 bytes_k
    4 from v$log
    5 order by 1;
    6 stmt varchar2(2048);
    7 swtstmt varchar2(1024) := 'alter system switch logfile';
    8 ckpstmt varchar2(1024) := 'alter system checkpoint global';
    9 begin
    10 for rlcRec in rlc loop
    11 stmt := 'alter database add logfile thread ' ||
    12 rlcRec.thr || ' size ' ||
    13 rlcRec.bytes_k || 'K';
    14 execute immediate stmt;
    15 begin
    16 stmt := 'alter database drop logfile group ' || rlcRec.grp;
    17 execute immediate stmt;
    18 exception
    19 when others then
    20 execute immediate swtstmt;
    21 execute immediate ckpstmt;
    22 execute immediate stmt;
    23 end;
    24 execute immediate swtstmt;
    25 end loop;
    26 end;
    27 /
    declare
    ERROR at line 1:
    ORA-00349: failure obtaining block size for '+Z'
    ORA-06512: at line 14
    Can someone point me in the right direction as to what I may be doing wrong here - Thank you!

    888442 wrote:
    I am trying to drop and recreate ONLINE redo logs on my STANDB DATABASE (11.1.0.7)., but i am getting the below error.
    On primary, we have done the changes., ie we added new logfile with bigger size and 3 members. When trying to do the same on Standby we are getting this error.
    Our database is in Active DG Read only mode and the oracle version is 11.1.0.7.
    I have deffered the log apply and cancelled the managed recovery, and dg is in manual mode.
    SQL> alter database Add LOGFILE GROUP 4 ('+DT_DG1','+DT_DG2','+DT_DG3') SIZE 1024M;
    alter database Add LOGFILE GROUP 4 ('+DT_DG1','+DT_DG2','+DT_DG3') SIZE 1024M
    ERROR at line 1:
    ORA-00349: failure obtaining block size for '+DT_DG1'First why you are dropping & recreating online redo log files on standby.
    On standby only standby redo log files will be used. Not sure what you are trying to do.
    here is example how to create online redo log files, Check that diskgroup is mounted and have sufficient space to create.
    sys@ORCL> select member from v$logfile;
    MEMBER
    C:\ORACLE\ORADATA\ORCL\REDO03.LOG
    C:\ORACLE\ORADATA\ORCL\REDO02.LOG
    C:\ORACLE\ORADATA\ORCL\REDO01.LOG
    sys@ORCL> alter database add logfile group 4 (
      2     'C:\ORACLE\ORADATA\ORCL\redo_g01a.log',
      3     'C:\ORACLE\ORADATA\ORCL\redo_g01b.log',
      4     'C:\ORACLE\ORADATA\ORCL\redo_g01c.log') size 10m;
    Database altered.
    sys@ORCL> select member from v$logfile;
    MEMBER
    C:\ORACLE\ORADATA\ORCL\REDO03.LOG
    C:\ORACLE\ORADATA\ORCL\REDO02.LOG
    C:\ORACLE\ORADATA\ORCL\REDO01.LOG
    C:\ORACLE\ORADATA\ORCL\REDO_G01A.LOG
    C:\ORACLE\ORADATA\ORCL\REDO_G01B.LOG
    C:\ORACLE\ORADATA\ORCL\REDO_G01C.LOG
    6 rows selected.
    sys@ORCL>
    Your profile:-
    888442      
         Newbie
    Handle:      888442
    Status Level:      Newbie
    Registered:      Sep 29, 2011
    Total Posts:      12
    Total Questions:      8 (7 unresolved)
    Close the threads if answered, Keep the forum clean.

  • ORA-00349: failure obtaining block size

    I am trying to drop and recreate ONLINE redo logs on my STANDB DATABASE (11.1.0.7)., but i am getting the below error.
    On primary, we have done the changes., ie we added new logfile with bigger size and 3 members. When trying to do the same on Standby we are getting this error.
    Our database is in Active DG Read only mode and the oracle version is 11.1.0.7.
    I have deffered the log apply and cancelled the managed recovery, and dg is in manual mode.
    SQL> alter database Add LOGFILE GROUP 1 ('+DT_DG1','+DT_DG2','+DT_DG3') SIZE 1024M;
    alter database Add LOGFILE GROUP 1 ('+DT_DG1','+DT_DG2','+DT_DG3') SIZE 1024M
    ERROR at line 1:
    ORA-00349: failure obtaining block size for '+DT_DG1'

    888442 wrote:
    I am trying to drop and recreate ONLINE redo logs on my STANDB DATABASE (11.1.0.7)., but i am getting the below error.
    On primary, we have done the changes., ie we added new logfile with bigger size and 3 members. When trying to do the same on Standby we are getting this error.
    Our database is in Active DG Read only mode and the oracle version is 11.1.0.7.
    I have deffered the log apply and cancelled the managed recovery, and dg is in manual mode.
    SQL> alter database Add LOGFILE GROUP 4 ('+DT_DG1','+DT_DG2','+DT_DG3') SIZE 1024M;
    alter database Add LOGFILE GROUP 4 ('+DT_DG1','+DT_DG2','+DT_DG3') SIZE 1024M
    ERROR at line 1:
    ORA-00349: failure obtaining block size for '+DT_DG1'First why you are dropping & recreating online redo log files on standby.
    On standby only standby redo log files will be used. Not sure what you are trying to do.
    here is example how to create online redo log files, Check that diskgroup is mounted and have sufficient space to create.
    sys@ORCL> select member from v$logfile;
    MEMBER
    C:\ORACLE\ORADATA\ORCL\REDO03.LOG
    C:\ORACLE\ORADATA\ORCL\REDO02.LOG
    C:\ORACLE\ORADATA\ORCL\REDO01.LOG
    sys@ORCL> alter database add logfile group 4 (
      2     'C:\ORACLE\ORADATA\ORCL\redo_g01a.log',
      3     'C:\ORACLE\ORADATA\ORCL\redo_g01b.log',
      4     'C:\ORACLE\ORADATA\ORCL\redo_g01c.log') size 10m;
    Database altered.
    sys@ORCL> select member from v$logfile;
    MEMBER
    C:\ORACLE\ORADATA\ORCL\REDO03.LOG
    C:\ORACLE\ORADATA\ORCL\REDO02.LOG
    C:\ORACLE\ORADATA\ORCL\REDO01.LOG
    C:\ORACLE\ORADATA\ORCL\REDO_G01A.LOG
    C:\ORACLE\ORADATA\ORCL\REDO_G01B.LOG
    C:\ORACLE\ORADATA\ORCL\REDO_G01C.LOG
    6 rows selected.
    sys@ORCL>
    Your profile:-
    888442      
         Newbie
    Handle:      888442
    Status Level:      Newbie
    Registered:      Sep 29, 2011
    Total Posts:      12
    Total Questions:      8 (7 unresolved)
    Close the threads if answered, Keep the forum clean.

  • Local net ssh failure Tiger (PHP MYSQL Apache Dreamweaver)

    I can't be sure, but I think this problem started with the latest security update. I'm 80% done with my first web application using PHP and Mysql in dreamweaver when I began getting an unknown error from dreamweaver when attempting to connect to my DB on my testing server. After 2 days of debugging and re-installing apps I finally wiped the testing server (G4 400 Cube memory topped out 120GB HD, down to the metal) reinstalled Tiger, fully patched, edited the httpd.conf file to enable php 4.4.1. Installed Mysql 4.1 (which was the last general distribution with a packaged install) and the server works fine, so I created myself as a user in mysql @localhost & @localmachinename to replicate root user. Navicat was up and running in no time, so I re-populated my server from my backup. Then I jumped over to my design workstation (G5 2Ghz Dual, 2GB Ram, 250GB HD) only to find navicat can't login to the mysql server because ssh wont connect to the G4. After much testing I discovered ALL of my macs will attach only to external addresses. My linux box, external linux boxes, even windows boxes emulating ssh will attach internally or extenally, the macs won't talk to anything in the local network 10.0.x What the ****! My project is now past due and I'm stuck because I can no longer ssh from any macs to internal machines mac or otherwise. PLEASE HELP!!! is there an SSH pakage so I can re-install? I couldn't find a mac ssh package on apple or ssh.org, Will that even make a difference? Can I uninstall the security update? Can anyone suggest a workaround?
    My network
    *10.0.1.2 Ganymede (Mandrivia 10 server and Gateway)
    *10.0.1.6 Artemis (G5 10.4.7) Web/Video
    *10.0.1.10 Miletus (G4 10.4.7) Web Testing
    *10.0.1.5 Venus (G4 10.4.7) Photo editing
    *10.0.1.4 Hero (G3 ibook 10.4.7) office work
    *10.0.1.7 Hermes (iMac 10.4.7) iLife
    *10.0.1.3 Apollo (Wintendo XP) Web Testing/The Sims
    Here are several ssh logs.
    mac to mac (FAIL)
    Artemis:~ phil$ ssh -vv 10.0.1.10
    OpenSSH_4.2p1, OpenSSL 0.9.7i 14 Oct 2005
    debug1: Reading configuration data /etc/ssh_config
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to 10.0.1.10 [10.0.1.10] port 22.
    debug1: Connection established.
    debug1: identity file /Users/phil/.ssh/identity type -1
    debug1: identity file /Users/phil/.ssh/id_rsa type -1
    debug1: identity file /Users/phil/.ssh/id_dsa type -1
    debug1: Remote protocol version 1.99, remote software version OpenSSH_4.2
    debug1: match: OpenSSH_4.2 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.2
    debug2: fd 3 setting O_NONBLOCK
    debug1: An invalid name was supplied
    Cannot determine realm for numeric host address
    debug1: An invalid name was supplied
    A parameter was malformed
    Validation error
    debug1: An invalid name was supplied
    Cannot determine realm for numeric host address
    debug1: An invalid name was supplied
    A parameter was malformed
    Validation error
    debug1: SSH2MSGKEXINIT sent
    debug1: SSH2MSGKEXINIT received
    debug2: kexparsekexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-g roup1-sha1
    debug2: kexparsekexinit: ssh-rsa,ssh-dss
    debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
    debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
    debug2: kexparsekexinit: none,[email protected],zlib
    debug2: kexparsekexinit: none,[email protected],zlib
    debug2: kexparsekexinit:
    debug2: kexparsekexinit:
    debug2: kexparsekexinit: firstkexfollows 0
    debug2: kexparsekexinit: reserved 0
    debug2: kexparsekexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-g roup1-sha1
    debug2: kexparsekexinit: ssh-rsa,ssh-dss
    debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
    debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
    debug2: kexparsekexinit: none,[email protected]
    debug2: kexparsekexinit: none,[email protected]
    debug2: kexparsekexinit:
    debug2: kexparsekexinit:
    debug2: kexparsekexinit: firstkexfollows 0
    debug2: kexparsekexinit: reserved 0
    debug2: mac_init: found hmac-md5
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug2: mac_init: found hmac-md5
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2MSG_KEX_DH_GEXREQUEST(1024<1024<8192) sent
    debug1: expecting SSH2MSG_KEX_DH_GEXGROUP
    Write failed: Broken pipe
    Artemis:~ phil$
    Mac to linux internal (FAIL)
    Artemis:~ phil$ ssh -vv 10.0.1.2
    OpenSSH_4.2p1, OpenSSL 0.9.7i 14 Oct 2005
    debug1: Reading configuration data /etc/ssh_config
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to 10.0.1.2 [10.0.1.2] port 22.
    debug1: Connection established.
    debug1: identity file /Users/phil/.ssh/identity type -1
    debug1: identity file /Users/phil/.ssh/id_rsa type -1
    debug1: identity file /Users/phil/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
    debug1: match: OpenSSH_4.3 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.2
    debug2: fd 3 setting O_NONBLOCK
    debug1: An invalid name was supplied
    Cannot determine realm for numeric host address
    debug1: An invalid name was supplied
    A parameter was malformed
    Validation error
    debug1: An invalid name was supplied
    Cannot determine realm for numeric host address
    debug1: An invalid name was supplied
    A parameter was malformed
    Validation error
    debug1: SSH2MSGKEXINIT sent
    debug1: SSH2MSGKEXINIT received
    debug2: kexparsekexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-g roup1-sha1
    debug2: kexparsekexinit: ssh-rsa,ssh-dss
    debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
    debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
    debug2: kexparsekexinit: none,[email protected],zlib
    debug2: kexparsekexinit: none,[email protected],zlib
    debug2: kexparsekexinit:
    debug2: kexparsekexinit:
    debug2: kexparsekexinit: firstkexfollows 0
    debug2: kexparsekexinit: reserved 0
    debug2: kexparsekexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-g roup1-sha1
    debug2: kexparsekexinit: ssh-rsa,ssh-dss
    debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
    debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
    debug2: kexparsekexinit: none,[email protected]
    debug2: kexparsekexinit: none,[email protected]
    debug2: kexparsekexinit:
    debug2: kexparsekexinit:
    debug2: kexparsekexinit: firstkexfollows 0
    debug2: kexparsekexinit: reserved 0
    debug2: mac_init: found hmac-md5
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug2: mac_init: found hmac-md5
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2MSG_KEX_DH_GEXREQUEST(1024<1024<8192) sent
    debug1: expecting SSH2MSG_KEX_DH_GEXGROUP
    Write failed: Broken pipe
    mac to linux external (Success)
    Artemis:~ phil$ ssh -vv 69.253.x.x
    OpenSSH_4.2p1, OpenSSL 0.9.7i 14 Oct 2005
    debug1: Reading configuration data /etc/ssh_config
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to 69.253.x.x [69.253.x.x] port 22.
    debug1: Connection established.
    debug1: identity file /Users/phil/.ssh/identity type -1
    debug1: identity file /Users/phil/.ssh/id_rsa type -1
    debug1: identity file /Users/phil/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
    debug1: match: OpenSSH_4.3 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.2
    debug2: fd 3 setting O_NONBLOCK
    debug1: Miscellaneous failure
    No credentials cache found
    debug1: Miscellaneous failure
    No credentials cache found
    debug1: SSH2MSGKEXINIT sent
    debug1: SSH2MSGKEXINIT received
    debug2: kexparsekexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-g roup1-sha1
    debug2: kexparsekexinit: ssh-rsa,ssh-dss
    debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
    debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
    debug2: kexparsekexinit: none,[email protected],zlib
    debug2: kexparsekexinit: none,[email protected],zlib
    debug2: kexparsekexinit:
    debug2: kexparsekexinit:
    debug2: kexparsekexinit: firstkexfollows 0
    debug2: kexparsekexinit: reserved 0
    debug2: kexparsekexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-g roup1-sha1
    debug2: kexparsekexinit: ssh-rsa,ssh-dss
    debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
    debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
    debug2: kexparsekexinit: none,[email protected]
    debug2: kexparsekexinit: none,[email protected]
    debug2: kexparsekexinit:
    debug2: kexparsekexinit:
    debug2: kexparsekexinit: firstkexfollows 0
    debug2: kexparsekexinit: reserved 0
    debug2: mac_init: found hmac-md5
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug2: mac_init: found hmac-md5
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2MSG_KEX_DH_GEXREQUEST(1024<1024<8192) sent
    debug1: expecting SSH2MSG_KEX_DH_GEXGROUP
    debug2: dhgenkey: priv key bits set: 130/256
    debug2: bits set: 514/1024
    debug1: SSH2MSG_KEX_DH_GEXINIT sent
    debug1: expecting SSH2MSG_KEX_DH_GEXREPLY
    debug1: Host '69.253.239.85' is known and matches the RSA host key.
    debug1: Found key in /Users/phil/.ssh/known_hosts:3
    debug2: bits set: 516/1024
    debug1: sshrsaverify: signature correct
    debug2: kexderivekeys
    debug2: set_newkeys: mode 1
    debug1: SSH2MSGNEWKEYS sent
    debug1: expecting SSH2MSGNEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2MSGNEWKEYS received
    debug1: SSH2MSG_SERVICEREQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2MSG_SERVICEACCEPT received
    debug2: key: /Users/phil/.ssh/identity (0x0)
    debug2: key: /Users/phil/.ssh/id_rsa (0x0)
    debug2: key: /Users/phil/.ssh/id_dsa (0x0)
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Trying private key: /Users/phil/.ssh/identity
    debug1: Trying private key: /Users/phil/.ssh/id_rsa
    debug1: Trying private key: /Users/phil/.ssh/id_dsa
    debug2: we did not send a packet, disable method
    debug1: Next authentication method: keyboard-interactive
    debug2: userauth_kbdint
    debug2: we sent a keyboard-interactive packet, wait for reply
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug2: we did not send a packet, disable method
    debug1: Next authentication method: password
    [email protected]'s password:
    debug2: we sent a password packet, wait for reply
    debug1: Authentication succeeded (password).
    debug1: channel 0: new [client-session]
    debug2: channel 0: send open
    debug1: Entering interactive session.
    debug2: callback start
    debug2: clientsession2setup: id 0
    debug2: channel 0: request pty-req confirm 0
    debug2: channel 0: request shell confirm 0
    debug2: fd 3 setting TCP_NODELAY
    debug2: callback done
    debug2: channel 0: open confirm rwindow 0 rmax 32768
    debug2: channel 0: rcvd adjust 131072
    Last login: Tue Aug 15 12:56:42 2006 from artemis.ganymedia.net
    [phil@ganymede ~]$
    G5 Dual 2G   Mac OS X (10.4.7)  

    Mac comes with a fully functioning Apache web server with all the scripting languages (except VB). You need to enable them in the configuration file.
    You need some light weight UNIX administration skills to do this. Use the system restore disk to set the password for the root account.
    Open a terminal screen from the Utilities folder in Applications. Type "su", press return, then enter the root password you set using the system restore disk.
    Make a backup copy of the Apache configuration file with the following command (type this in with no mistakes and press the return key).
    cp /etc/httpd/httpd.conf /etc/httpd/httpd.conf.copy
    Enter the following to open the Apache configuration (type this in with no mistakes and hit the return key).
    /Applications/TextEdit.app/Contents/MacOS/TextEdit /etc/httpd/httpd.conf &
    Locate and remove the # comment symbol from the following lines and save the file in /etc/httpd/httpd.conf.
    #LoadModule php4_module libexec/httpd/libphp4.so
    #AddModule mod_php4.c
    Exit the TextEdit application and quit out of the terminal application.
    Put the following web page into a file named greetings.php inside the folder Library/WebServer/Documents.
    <html>
    <head>
    <title>Experiment</title>
    </head>
    <?php
    echo "Greetings";
    ?>
    </body>
    </html>
    Once you have made these changes, you can reboot to activate the changes.
    Put the following into your browser to test the configuration.
    http://localhost/greetings.php
    You should see "Greetings" on a web page titled "Experiment".
    MySQL is a separate server that you need to download and configure to complete your web server.
    I hope this helps.
    Best regards - Greg

  • SSH - Failure to connect, does not prompt for password,

    I have been using SSH on this iMac with 10.5.4 for over a year, upgraded to Leopard when it came out, never a problem with SSH, but now for no apparent reason, SSH fails when trying to connect through VPN into work.
    I can still connect to other systems on the internet that are not through the VPN.
    I don't suspect this to be a VPN issue because no other employees are having this problem with the VPN, using Mac, Windows or Linux. I can connect vi putty on my windows from the same network... below is my config.
    Here is what I'm getting:
    I connect as- ssh me@hostname and it returns "Permission denied (publickey)." It makes to attempt to prompt me for a password. I do not use a key on this system so it should prompt me for a password. I changed nothing on the system to cause ssh to break, But it's possible that a apple security update caused something to break.
    I have added the following to my ~/.ssh/config file
    PasswordAuthentication yes
    My /etc/ssh_config file is as follows:
    cat /etc/ssh_config
    # $OpenBSD: ssh_config,v 1.22 2006/05/29 12:56:33 dtucker Exp $
    # This is the ssh client system-wide configuration file. See
    # ssh_config(5) for more information. This file provides defaults for
    # users, and the values can be changed in per-user configuration files
    # or on the command line.
    # Configuration data is parsed as follows:
    # 1. command line options
    # 2. user-specific file
    # 3. system-wide file
    # Any configuration value is only changed the first time it is set.
    # Thus, host-specific definitions should be at the beginning of the
    # configuration file, and defaults at the end.
    # Site-wide defaults for some commonly used options. For a comprehensive
    # list of available options, their meanings and defaults, please see the
    # ssh_config(5) man page.
    # Host *
    # ForwardAgent no
    # ForwardX11 no
    # RhostsRSAAuthentication no
    # RSAAuthentication yes
    PasswordAuthentication yes
    # HostbasedAuthentication no
    # GSSAPIAuthentication no
    # GSSAPIDelegateCredentials no
    # GSSAPIKeyExchange no
    # GSSAPITrustDNS no
    # BatchMode no
    # CheckHostIP yes
    # AddressFamily any
    # ConnectTimeout 0
    # StrictHostKeyChecking ask
    # IdentityFile ~/.ssh/identity
    # IdentityFile ~/.ssh/id_rsa
    # IdentityFile ~/.ssh/id_dsa
    # Port 22
    # Protocol 2,1
    # Cipher 3des
    # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
    # EscapeChar ~
    # Tunnel no
    # TunnelDevice any:any
    PermitLocalCommand yes
    My /etc/sshd_config is:
    cat /etc/sshd_config
    # $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $
    # This is the sshd server system-wide configuration file. See
    # sshd_config(5) for more information.
    # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented. Uncommented options change a
    # default value.
    #Port 22
    #Protocol 2,1
    Protocol 2
    #AddressFamily any
    #ListenAddress 0.0.0.0
    #ListenAddress ::
    # HostKey for protocol version 1
    #HostKey /etc/sshhostkey
    # HostKeys for protocol version 2
    #HostKey /etc/sshhost_rsakey
    #HostKey /etc/sshhost_dsakey
    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 1h
    #ServerKeyBits 768
    # Logging
    # obsoletes QuietMode and FascistLogging
    SyslogFacility AUTHPRIV
    #LogLevel INFO
    # Authentication:
    #LoginGraceTime 2m
    #PermitRootLogin yes
    PermitRootLogin no
    #StrictModes yes
    #MaxAuthTries 6
    #RSAAuthentication yes
    #PubkeyAuthentication yes
    #AuthorizedKeysFile .ssh/authorized_keys
    # For this to work you will also need host keys in /etc/sshknownhosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes
    # To disable tunneled clear text passwords, change to no here!
    #PasswordAuthentication yes
    #PermitEmptyPasswords no
    # SACL options
    #SACLSupport yes
    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes
    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    #KerberosGetAFSToken no
    # GSSAPI options
    #GSSAPIStrictAcceptorCheck yes
    #GSSAPIKeyExchange yes
    # GSSAPI options
    #GSSAPIAuthentication yes
    #GSSAPICleanupCredentials yes
    # Set this to 'yes' to enable PAM authentication, account processing,
    # and session processing. If this is enabled, PAM authentication will
    # be allowed through the ChallengeResponseAuthentication mechanism.
    # Depending on your PAM configuration, this may bypass the setting of
    # PasswordAuthentication, PermitEmptyPasswords, and
    # "PermitRootLogin without-password". If you just want the PAM account and
    # session checks to run without PAM authentication, then enable this but set
    # ChallengeResponseAuthentication=no
    #UsePAM yes
    #AllowTcpForwarding yes
    #GatewayPorts no
    #X11Forwarding no
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PrintMotd yes
    #PrintLastLog yes
    #TCPKeepAlive yes
    #UseLogin no
    #UsePrivilegeSeparation yes
    #PermitUserEnvironment no
    #Compression delayed
    #ClientAliveInterval 0
    #ClientAliveCountMax 3
    #UseDNS yes
    #PidFile /var/run/sshd.pid
    #MaxStartups 10
    #PermitTunnel no
    # no default banner path
    #Banner /some/path
    # override default of no subsystems
    Subsystem sftp /usr/libexec/sftp-server
    # Example of overriding settings on a per-user basis
    #Match User anoncvs
    # X11Forwarding no
    # AllowTcpForwarding no
    # ForceCommand cvs server

    Also I forgot to mention, I have nulled out the known_hosts file to eliminate any conflicts there, I have verified .ssh is 700 and files config and known_hosts are 600
    output using ssh -v
    debug1: Reading configuration data /Users/<me>/.ssh/config
    debug1: Reading configuration data /etc/ssh_config
    debug1: Connecting to pshx4105a [216.255.177.213] port 22.
    debug1: Connection established.
    debug1: identity file /Users/<me>/.ssh/identity type -1
    debug1: identity file /Users/<me>/.ssh/id_rsa type -1
    debug1: identity file /Users/<me>/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.5p1 FreeBSD-20061110
    debug1: match: OpenSSH_4.5p1 FreeBSD-20061110 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.7
    debug1: SSH2MSGKEXINIT sent
    debug1: SSH2MSGKEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2MSG_KEX_DH_GEXREQUEST(1024<1024<8192) sent
    debug1: expecting SSH2MSG_KEX_DH_GEXGROUP
    debug1: SSH2MSG_KEX_DH_GEXINIT sent
    debug1: expecting SSH2MSG_KEX_DH_GEXREPLY
    debug1: Host 'pshx4105a' is known and matches the DSA host key.
    debug1: Found key in /Users/<me>/.ssh/known_hosts:3
    debug1: sshdssverify: signature correct
    debug1: SSH2MSGNEWKEYS sent
    debug1: expecting SSH2MSGNEWKEYS
    debug1: SSH2MSGNEWKEYS received
    debug1: SSH2MSG_SERVICEREQUEST sent
    debug1: SSH2MSG_SERVICEACCEPT received
    debug1: Authentications that can continue: publickey
    debug1: Next authentication method: publickey
    debug1: Trying private key: /Users/<me>/.ssh/identity
    debug1: Trying private key: /Users/<me>/.ssh/id_rsa
    debug1: Trying private key: /Users/<me>/.ssh/id_dsa
    debug1: No more authentication methods to try.

  • Vendor Master auto Block

    Hello All,
    Can you tell me if there is any Standard Work Flow(config) for the Vendor Master.
    Basically I want to block a vendor if there are changes to any vendor master field(defined by me) and route it for the approval.
    What are other options to track changes in Vendor Master sensitive fields.
    Thank you in advance

    Hi
    For blocking a vendor manually XK05 is used .
    Moreover creation and maintainance of vendor master should be maintained by the power user and inturn will be controlled by the auth process.
    Im not sure whether SAP provides option for the automatic blocking of the vendor if its master data is changed .
    Revert with ur valuable comments
    reg
    Raja

  • F110 Debit Balance Check auto block account

    Hi:
    on F110 , I run debit balance check and execute the and put block.
    Is this really block vendor account or not? I go to FK05 but it not put the block there.
    pls advise.

    Hi Mandy,
    BTE 1820 is used for debit balance check in F110. But after executing it won't put any block in vendor account but it does so in run time when you execute proposal.
    At the stage of proposal, it will analyze as per the logic that you have specified in the BTE and will propose you the payment list.  If you run again the second time, it will analyze afresh based on entries posted in the system at that point of time..so it won't put any permanent block on any Vendor. It is for the scheme of entries posted at that point of time when you are running proposal.
    Hope it helps..
    Regards,
    Kavita

  • Auto emails auto blocked

    Hello everyone:
    I am wondering if anyone has any advice. What I am having
    problems with is I have set up a page where accounts can log in.
    Each account has an account number and then their email address is
    stored in our database. First time log-ins click on a "new
    registration" link, enter their account number and their email
    address and a link to set their password is emailed to them.
    However, with so many different spam filters out there many of the
    automated emails are completely blocked and our customers never get
    an email to set their password. We use the same system if an
    account forgets their password. They click "forgot password" and
    enter their account and email.
    Can anyone point me in the right direction of a resource or
    offer advice to make our log-in system less troublesome? I really
    appreciate it.

    I have the same problem. The only thing I can think of is to
    contact the isp that are blocking my emails and prove to them I am
    not spam and to take me off their spam lsit.

  • Reasons for Hard Drive failure (bad blocks)

    I've had my MacPro looked at by an Authorised Apple Service Provider because it's been crashing and the screen is corrupting.
    They have told me that they have scanned the hard drive and it's showing some bad blocks.
    They have said in this scenario I should bin the hard drive and buy a new one, install the OS and start again.
    My questions are these:
    1. I thought Hard Drives by default always have some bad blocks and that there is extra space allocated on the partition to deal with this.
    2. Should the hard drive be binned and buy a new one - the argument being that a 1TB drive which is the capacity of mine is very cheap to replace - only about £50.00 currently.
    3. Are these bad blacks really the cause of the crashing on my computer and the monitor display corrupting?

    2. Should the hard drive be binned and buy a new one - the argument being that a 1TB drive which is the capacity of mine is very cheap to replace - only about £50.00 currently.
    You should not spend more than a moment struggling with this drive using only Recovery_HD or other primitive tools.
    You should get Mac OS X running and get your computer in business immediately, and if it takes a new drive to do that, you should get at least one new drive right away and install Mac OS X on it.
    Then at whatever pace is appropriate, you can work with the old drive and whatever tools you need to a) salvage your files if you do noir have adequate backups, and b) re-write all the blocks to see whether it is capable of having all good blocks again. Under full Mac OS X, you can do this in the background while other work continues.

  • Auto-block expired batch

    Hi SAP Masters,
    Is there any way to block those expired batch automatically from the MM point of view? Any standard t-code can do so or any ABAP enhancement is required?
    Thank you in advance.
    Regards,
    Edwin

    Jeyakanthan A wrote:>
    > >
    Edwin Fu Kee Fung wrote:
    > > Hi SAP Masters,
    > >
    > > Is there any way to block those expired batch automatically from the MM point of view? Any standard t-code can do so or any ABAP enhancement is required?
    > >
    > > Thank you in advance.
    > >
    > > Regards,
    > > Edwin
    >
    > If material is batch activated with shelf life after expirty,system will automatically put stock in quality for further descision.
    really?
    I dont think so.
    for this you need an inspection type for recurring inspection.
    QA07 then controls what will happen to the expired batch.
    and QA07 can of course be scheduled to run every night in batch.

  • ASA - SSH failure

    Hello All,
    another sily issue, I configure an ASA so i could access it through ssh. Everything is configured as described in the cisco user guide but surprisingly enough, it does not work...
    I tried ssh v1 and 2, I zeroized the key and regenerated a new one but it still does not work. Connectivity seems to be fine as I get the ssh prompt.
    Any idea?
    Regards,
    Thibault.

    Thibault, you don't have AAA enable, try adding this commands so you will be authenticated with local database:
    aaa authentication enable console LOCAL
    aaa authentication serial console LOCAL
    aaa authentication http console LOCAL
    aaa authentication ssh console LOCAL
    aaa authentication telnet console LOCAL
    aaa authorization command LOCAL
    aaa local authentication attempts max-fail 5
    Hope this help.
    Regards,

  • Web links auto-blocked?

    Dear fellow Apple Users,
    I've noticed since I updated to Snow Leopard my Mail program now turns every hyperlink/URL from an e-mail address to a "blockedhttp" thus not allowing me to click the link. I now have to copy and paste the link, which is a bit annoying considering a few months ago, that wasn't the case. Why is Mail doing this and how can I prevent it?
    Some previous respondents have told me it's a setting issue, I know not of any setting that this would fall under. Thank you!
    Tomes

    I have OS X 10.5.8 and have the same annoying problem with having to copy/paste http links to my browser instead of simply clicking them in the e-mail. Someone please post the fix... thanks!

  • Firewall is blocking SSH when it shouldn't be

    I had a [problem with SSH|http://discussions.apple.com/thread.jspa?threadID=1990417&tstart=0] on my iMac not long ago where SSH was being blocked by the Leopard firewall, even though it is configured to allow it through. I have the firewall configured as "Set access for specific services and applications" and "Remote Login (SSH)" appears on the list automatically since Remote Login is enabled on the Sharing tab of System Prefs.
    The first time I had the problem I solved the problem by turning off the Leopard firewall ("allow all incoming") and then turning it back on again (in "specific services" mode). I thought it was just a one time glitch being the first time I'd ever tried getting SSH to work. After that it worked great until restarting my iMac yesterday when the firewall started blocking SSH again. Once again, turning off the firewall and then turning it back on again resolved the problem.
    Any ideas? Anyone had similar problems?

    Most routers thesedays even consumer routers have a stateful packet inspection firewall and also NAT.
    With NAT unless you specifically open ports from the router to your mac then the outside world cannot access any of the services on your mac.
    If you want to use SSH from the outside world then you would have to portforward tcp port 22 from the router to your mac. But this is not a problem if you use a strong password eg not a dictionary word or name or better still you can turn off password authentication in your ssh configuration and use public key access only.
    So if you have not opened up ports on the router then your application firewall is only preventing access from other computers on your local network.
    Call me paranoid, but I don't know anything about how solid the router firewall is, whereas I have much more confidence in the OS X firewall.
    If you are savvy enough to know about and how to use SSH then it should be really easy for you to find out how good your router's firewall is. Understanding a router's web interface is far less demanding than learning how to use SSH.
    In most cases you simply put the router's IP address into your web browser and you can see all of its services.
    But something you should be aware of it is not really incoming connections you should be concerned about. It is outgoing connections that require more control.
    For example if you were socially engineered by a website or elsewhere and they convinced you to install a trojan or spyware on your mac then your Mac's Application firewall would not stop these processes dialing out.
    Little Snitch from obdev is an application aware firewall that controls your outgoing connections and is far more useful than the mac's application firewall on a desktop computer behind a router.
    Apart from that, I'd really like to understand what's going on!
    Did you try nerowolfe's suggestion of creating a test user account and login in as that user and see if the problem is still there?

  • Material transfer from SAP R/3 to SAP Business One is blocked

    Hello experts,
    Please I need your help for the following scenario:
    Our client has B1iSN and SAP R/3 in the headquarter company and B1if and SAP B1 in the subsidiary. The material transfer from SAP R/3 to SAP Business One failed and the following message is diplayed:
    Result message :
    com.sap.b1i.xcellerator.XcelleratorException: XCE001 Nested exception: com.sap.b1i.bizprocessor.BizProcException: BPE001 Nested exception: com.sap.b1i.xcellerator.XcelleratorException: XCE001 Nested exception: com.sap.b1i.xcellerator.XcelleratorException: XCE001 Nested exception: java.lang.RuntimeException: DI Error: (-2028) No matching records found (ODBC -2028)
    The Material database transfer is blocked due to message in status
    failure which block all other messages.
    We tried to restart the server (Business One and B1iSN) but it didnu2019t solve the issue.
    Any idea please? Thank you.

    Hi Nadia,
    did you check the WRITE-POLICY settings of your scenario?
    when reading the displayed DI Error message, it looks like B1iSN is trying to update an B1 item which does not exists.
    Please open SAP B1iSN Tools -> Development Tools -> Graphical scenario Design and select your Bizpackage, BizStep and BIUMETA.
    Open the WRITE-POLICY symbol and check the entries:
    Insert on Exist = error or fallback2U
    Update on Miss = fallback2I
    The Update Policy should stay to value regular.
    To activate changes of the WRITE-POLICY please deactivate, modify and reactivate your Business Process instance.
    If a WRITE-POLICY change has no effect, please check your data mapping (BIU) and especially the parameter <QueryParams>, which mustn't be filled for "insert/Add" operations into B1.
    Best regards
    Bastian

  • Putting a Suto Payment block in Vendor line item

    Hi,
    we have a requirement where we want to auto block(payment block) a Vendor Line item whenever we hit a specific GL account in his posting.
    How we can do this in SAP.. I tried using substitution but cudn't move further.
    Plz suggest.
    Thanx in advance

    Hi
    I can able to create a substitution and I can able to populate payment block in the document. 
    Pls. follow the below:
    1.  Create a rule under complete document as BSEG-BUKRS = "Your company Code" AND BSEG-HKONT = "Your GL Account against which the vendor will be posted"
    2.  Now come to substitution and create a new step.
    3.  In substitution populate the rule and check
    4.  Then give constant value BSEG-ZLSPR = "A" (Blocking for payment)
    5.  Then activate it (don't forget to do this)
    6.  post the document and you can find block in the vendor account with the gl given in the rule mentioned above.
    Hope this helps.  If you need more or screenshot give me a mail in [email protected]
    If the above was useful, assign points.
    Thanks
    Rago

Maybe you are looking for

  • How to reset my Ipad if I can't disable Find my Iphone?

         I forgot my restrictions passcode, so I went to try and reset it on my computer. However, Itunes says that I need to disable Find My Iphone on my Ipad. So I go to the settings, and I find the Icloud tab, but the restrictions prevent me from open

  • Highlight in Adobe Reader X not working after update to 10.1.1

    Hello We have an application aimed at assisting people with reading difficulties. For that purpose we have written an Adobe Reader plugin which makes our application able to read text from PDF documents. While it reads it also highlights the words it

  • Deleted attachments are not removed from Content Server

    We have setup Content Server to store business documents and create attachments in documents in CO. Both types are stored ok and can be opened without any problems. After deleting them though, they disappear from the Attachment List but when looking

  • InDesign CS6 quits unexpectedly

    I can't open InDesign today, it quits unexpectedly every time. Yesterday I did some updating of my OS system, might that be the reason?

  • Attached Template no link into page

    This is regard to an attached Template. I have the page with a .dwt attach . I clicked : modify/templates/open attached templates. I checked the template every is in place and updated. After I upload the files and check. I notice the changes are not