- WLUG - wlug.mailman3.com

RE: [Wlug] pubkey authentication in openssh
by Minkov, Ross 27 Feb '06

27 Feb '06

You are right... I think it was too late when I wrote that... LOL -Ross -----Original Message----- From: wlug-bounces(a)mail.wlug.org [mailto:wlug-bounces@mail.wlug.org] On Behalf Of Theo Van Dinter Sent: Thursday, February 23, 2006 12:47 PM To: Worcester Linux Users Group Subject: Re: [Wlug] pubkey authentication in openssh On Thu, Feb 23, 2006 at 12:58:19AM -0500, Minkov, Ross wrote: > > There's no per-user config to specify what authentication methods are > > allowed. It's a global setting. > > You can specify per user ssh config settings in $USER/.ssh/conifg file. > The user's configuration file overwrites the system-wide configuration > file (/etc/ssh/ssh_config) settings for that user. For the client side, yes, you can do that. However, there is nothing like that for the server side which is what has been discussed so far. -- Randomly Generated Tagline: "So, the long and short of it--if you have one sysadmin, you have a "system administrator." If you have two sysadmins, you have two "system administrators." If you have two thousand sysadmins, you're at LISA." - Trey Harris <Pine.LNX.4.30.0105091748220.27344-100000(a)shells.valinux.com>

1 0

RE: [Wlug] pubkey authentication in openssh
by Minkov, Ross 23 Feb '06

23 Feb '06

> You can put a "*" in the password field of the user and then it's a > locked account, but pubkey will still work. Yes, this works, I use it all the time. Just a note that the "*" needs to go in the /etc/shadow file, not in /etc/passwd. > There's no per-user config to specify what authentication methods are > allowed. It's a global setting. You can specify per user ssh config settings in $USER/.ssh/conifg file. The user's configuration file overwrites the system-wide configuration file (/etc/ssh/ssh_config) settings for that user. Make sure that $USER/.ssh/conifg is owned by $USER and perms are set to 600. For example you can add "PasswordAuthentication no" to $USER/.ssh/conifg and disable password auth for $USER, while leaving "PasswordAuthentication yes" (this is the default) in the system-wide configuration file (/etc/ssh/ssh_config). -Ross -----Original Message----- From: wlug-bounces(a)mail.wlug.org [mailto:wlug-bounces@mail.wlug.org] On Behalf Of Theo Van Dinter Sent: Friday, February 17, 2006 5:24 PM To: Worcester Linux Users Group Subject: Re: [Wlug] pubkey authentication in openssh On Fri, Feb 17, 2006 at 05:15:55PM -0500, Eric Stein wrote: > automated account: public key login only (no password authentication > allowed - yeah, I know I can just set the password to something really > big and hope nobody guesses, but the point of pub/priv key auth is > higher security) You can put a "*" in the password field of the user and then it's a locked account, but pubkey will still work. There's no per-user config to specify what authentication methods are allowed. It's a global setting. -- Randomly Generated Tagline: "Abnegation is un-American. We're going to drive the vehicle we want, wear what we want, consume as much as necessary, worship whomever we choose, and show as much cleavage as possible in beer commercials." - http://www.fool.com/News/Foth/2003/foth030203.htm?source=EDNWFH

2 1

Progress and success
by Marie I MacDonald 23 Feb '06

23 Feb '06

Greetings all, I thought I'd write and update you on my newbie experience with Linux et. al. To refresh your memory, my old laptop died just as I had been given a new Linux box and just before the Spring semester had started. I really was feeling stressed. But here are some high points of the past month: * Novell distro installed (and reinstalled (twice!) after a glitch) and updated without a hitch. * Evolution is now my email client of choice for two reasons: I couldn't figure out how to install Thunderbird and I wanted to sync my Palm to something. * I'm successfully popping all my Gmail and myrealbox accounts (13 total). I've never seen my filters run so fast (for junk and legit mail). * Palm Zire 21 now works beautifully with Evolution. I keep it simple and don't need more than the personal calendar. * Open Office installed and updated. I'm using 2.0.1.3 and have begun using Impress to create a presentation for school. * I have taken advantage of the desktop functions, using five work spaces and putting buttons on the tool bars. I love how smoothly my desktop works and allows me new workspaces. * Novell client for Linux working beautifully to connect me to the server upstairs (thanks Bob!) * I've been playing around with the GIMP image editor and in my opinion it is as robust as Photoshop (which I know very well). * I have successfully completed all the Novell Linux Desktop 9 Learning Center modules. The training was good and I would recommend it for new users. * I am successfully running Music Player and copying my CDs to the network. I can now burn a CD/DVD. Here are my observations/complaints: * While I've used both YaST and Red Carpet to install programs, I'd like to see something developed to click and run installation programs, much like the .exe files most are used to. Coming from that environment into a Linux environment, this is critical. If you want to make Linux more attractive for desktop users, software installation has to be easier. The average office user *ME* does not know how to work with code and such to install programs. * I'm still trying to find video capture and editing software. Any recommendations? * Now I also need software to create a business plan. Any recommendations? * I would love to listen to radio station web streams. I live in the boonies and get no radio reception. I do have RealPlayer on this but so far it hasn't worked for grabbing a radio web stream. I miss my Boston radio stations. Well, that's all I can think of for now. Oh, I did meet a wonderful teenager from Worcester who is very knowledgeable about Linux. His name is Stephen and I just wanted to send a shout out to him. I urged him to joint WLUG--he's a gem. Finally, I appreciate everyone here for all the marvelous advice, encouragement and patience. I consider it an honor to be part of your group. Thanks for letting me in! All my best, Marie

3 2

Meeting followup
by Mike 19 Feb '06

19 Feb '06

For the curious, here is a not-so-complete list of links that were mentioned this evening: Ubuntu's upcoming Dapper Drake: https://wiki.ubuntu.com/DapperDrake https://launchpad.net/distros/ubuntu/dapper/+specs OpenWRT: http://openwrt.org/ http://wiki.openwrt.org/OpenWrtDocs/Hardware/Asus/WL500G SSH Public Key encryption: http://www.onlamp.com/pub/a/onlamp/excerpt/ssh_8/ Dropbear SSH: http://matt.ucc.asn.au/dropbear/dropbear.html Gentoo Linux - Satire poster http://funroll-loops.org/gentoo.jpg I'll let Andy send out the rest :) Cheers, Mike

2 1

Specify which nic gets named eth0
by Mike Leo 18 Feb '06

18 Feb '06

I have a RHAS4 2.6 kernel install with 6 NIC's. How do i tell it which nic I want to be labeled eth0? specifically, i have 2 nics built into the mobo, and 2 dual port addon cards. I want eth0 to be nic1 on the mobo, and eth1 to be nic2 on the mobo. By default it is assigning those nics to eth4 and eth5. thanks in advance... mike

7 10

pubkey authentication in openssh
by Eric Stein 17 Feb '06

17 Feb '06

Does anyone know a way to force pubkey authentication for only certain users but allow password for others? Eric

4 4

MySQL replication question
by Bill Mills-Curran 17 Feb '06

17 Feb '06

Does anyone have experience with MySQL's replication capabilities? I'm running versions 4.1.8 and 4.1.14 servers on linux and windows, and I have a very remote site where I'd like to support replication. The data changes very slowly, but the link has 300 ms (ping) latency and has a small (but noticeable) amount of down time. Does it work well enough to be considered reliable for critical applications? TIA, Bill

2 1

Reminder: Upcoming WLUG meeting THURSDAY 7:00 PM
by Andy Stewart 14 Feb '06

14 Feb '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HI Everybody, Its that time again! The next WLUG meeting will be on Thursday, February 16th at 7:00 PM in the Access Grid Room at WPI in Worcester, MA USA. Directions can be found on the WLUG website. At this meeting, yours truly will give a presentation about getting Linux running on the MikroTik Routerboard 532. I had decided that I wanted to build a silent firewall, no moving parts, running GPL'd software. I used buildroot and Busybox from the embedded Linux world, the Linux kernel (with patches), and the SuSE Firewall scripts, to make a working firewall. The firewall has been up for 13.5 days straight with no discernable problems. It passed a recent screening by nessus. Linux firewall 2.4.30 #12 Sun Jan 22 20:31:58 EST 2006 mips unknown 21:56:47 up 13 days, 12:46, load average: 0.00, 0.00, 0.00 I'll bring the box to the meeting and use it in a live demo. I'll have some slides on my laptop as well, which I'll post on the WLUG website afterwards. I also have some items for raffle: 1 Linux Journal magazine from March 2006 (they sent me 2...) Cross Platform GUI Programming with wxWidgets Bruce Perens' Open Source Series Prentice Hall ISBN 0-13-147381-6 Linux Patch Management Bruce Perens' Open Source Series Prentice Hall ISBN 0-13-236675-4 Once the meeting concludes, we'll go to the Tech Pizza restaurant nearby. Oh, BTW, Linux world is coming up in Boston during the first week of April. I've received a couple of emails from the Linux world folks. Does anybody have any interest in representing WLUG at this event? I'd like to go, but it depends on whether or not I can get the time off from work. Are people planning to go, because I think we can get a group discount of some kind. I'll print the emails and bring them to the meeting so we can discuss it. I'll post the info to the list afterwards. See ya later, Andy - -- Andy Stewart, Founder Worcester Linux Users' Group Worcester, MA, USA http://www.wlug.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFD8UgRHl0iXDssISsRAgsgAJ9EJLRPyzVvlu+bJAws9R9wlNEUiQCfd/Fc jIhKGn60OhKNLjD2ethRGAE= =KKDx -----END PGP SIGNATURE-----

1 0

Anyone with Verizon fios?
by Bill Mills-Curran 06 Feb '06

06 Feb '06

Anyone using Verizon FiOS? The service looks interesting, but they require their own router. I'm wondering if that prevents all incoming connections, like ssh? Also, the rates they quote on the web page refers to a "bundle discount", but they don't say what a bundle is. Bill

3 2

Rescuing Data From a Hard Drive
by Michael Zarozinski 02 Feb '06

02 Feb '06

Hi All, I've got a bit of a problem... we have a linux server that contained 2 hard drives. The one with the boot information died - LUCKILY the data we NEED was on the hard drive that lived. My question is... how can I recover the data I need? I've been able to boot to the shell using the install disk and can see the data I need but that shell doesn't provide access to the network card so I can copy the data off. I tried a fresh install on a new HD but when I attatch the 2nd HD (with the data I need) I can't see it. Forgive me, I come from the windows world where just plugging in the old HD would allow me to pull the data off. Any ideas/help/etc is greatly appreciated! Michael Z

5 4