OESF | ELSI | pdaXrom | OpenZaurus | Zaurus Themes | Community Links | Ibiblio

IPB

Welcome Guest ( Log In | Register )

5 Pages V  « < 3 4 5  
Reply to this topicStart new topic
> Best Way To Transfer Files To The Z Over A Netwok
Da_Blitz
post Mar 16 2007, 02:53 AM
Post #61





Group: Members
Posts: 1,565
Joined: 7-April 05
From: Sydney, Australia
Member No.: 6,806



QUOTE
don't see anything related to accepting or dropping a request.


firewall?
Go to the top of the page
 
+Quote Post
Capn_Fish
post Mar 16 2007, 03:58 AM
Post #62





Group: Members
Posts: 2,350
Joined: 30-July 06
Member No.: 10,575



Considering I haven't set up a firewall, I don't think so. It worked last time (same setup) without tweaking any firewall options.
Go to the top of the page
 
+Quote Post
Capn_Fish
post Mar 31 2007, 03:32 PM
Post #63





Group: Members
Posts: 2,350
Joined: 30-July 06
Member No.: 10,575



Well, I just tried it again (after reflashing numerous times in between), and it worked. I also changed the location of the authorized_keys folder on the server to /root/.ssh/, so that may have helped.
Go to the top of the page
 
+Quote Post
desertrat
post Mar 31 2007, 06:19 PM
Post #64





Group: Members
Posts: 742
Joined: 15-October 05
From: Gulag, Siberia
Member No.: 8,322



QUOTE(Capn_Fish @ Mar 31 2007, 11:32 PM)
I also changed the location of the authorized_keys folder on the server to /root/.ssh/, so that may have helped.

If you are logging in as root on the server then yes I think it would have helped. May I ask where was it before you moved it?
Go to the top of the page
 
+Quote Post
Capn_Fish
post Mar 31 2007, 06:24 PM
Post #65





Group: Members
Posts: 2,350
Joined: 30-July 06
Member No.: 10,575



QUOTE(desertrat @ Mar 31 2007, 09:19 PM)
QUOTE(Capn_Fish @ Mar 31 2007, 11:32 PM)
I also changed the location of the authorized_keys folder on the server to /root/.ssh/, so that may have helped.

If you are logging in as root on the server then yes I think it would have helped. May I ask where was it before you moved it?
*


It was in my normal user's home dir (/home/USERNAME/.ssh/).
Go to the top of the page
 
+Quote Post
Da_Blitz
post Mar 31 2007, 07:14 PM
Post #66





Group: Members
Posts: 1,565
Joined: 7-April 05
From: Sydney, Australia
Member No.: 6,806



wait you werent trying to ssh in as root@z with your authorised keys in you $HOME/.ssh/authorised keys were you?

putting your key in the authorised keys file in your home dir only allows you to log in as that user
Go to the top of the page
 
+Quote Post
Capn_Fish
post Apr 1 2007, 06:11 AM
Post #67





Group: Members
Posts: 2,350
Joined: 30-July 06
Member No.: 10,575



QUOTE(Da_Blitz @ Mar 31 2007, 10:14 PM)
wait you werent trying to ssh in as root@z with your authorised keys in you $HOME/.ssh/authorised keys were you?

putting your key in the authorised keys file in your home dir only allows you to log in as that user
*

I guess I figured that out the hard way...
Go to the top of the page
 
+Quote Post
Da_Blitz
post Apr 1 2007, 05:35 PM
Post #68





Group: Members
Posts: 1,565
Joined: 7-April 05
From: Sydney, Australia
Member No.: 6,806



dant worry, i do that every second week when i log into a machine that i havent uploaded my ,ssh/config file to (and the usernames are diffrent)
Go to the top of the page
 
+Quote Post
Capn_Fish
post Apr 6 2007, 07:12 PM
Post #69





Group: Members
Posts: 2,350
Joined: 30-July 06
Member No.: 10,575



Everything is working really well, but I now want more security, meaning I want to set up a firewall/port knocking on my server, starting with the firewall. Are there any good tutorials for this, or can somebody provide one?

Thanks.
Go to the top of the page
 
+Quote Post
speculatrix
post Apr 7 2007, 12:35 AM
Post #70





Group: Admin
Posts: 3,281
Joined: 29-July 04
From: Cambridge, England
Member No.: 4,149



QUOTE(Capn_Fish @ Apr 7 2007, 04:12 AM)
Everything is working really well, but I now want more security, meaning I want to set up a firewall/port knocking on my server, starting with the firewall. Are there any good tutorials for this, or can somebody provide one?

Thanks.
*




if possible use iptables to permit ssh only from IPs you trust all the time and use port knocking if you login from other places - see my website for port knocking.

general advice is to use 2048 bit ssh keys ("ssh-keygen -t rsa -b 2048"), ensure sshd_config on the machine doesn't allow root ("PermitRoot no" or something), disable plain text/interactive logins to force pre-shared keys only.

ensure .ssh directories and files therein have no group/other access.


cacko has stateful inspection modules too, so search the forum for iptables for useful scripts.
Go to the top of the page
 
+Quote Post
Capn_Fish
post Apr 7 2007, 07:41 AM
Post #71





Group: Members
Posts: 2,350
Joined: 30-July 06
Member No.: 10,575



QUOTE(speculatrix @ Apr 7 2007, 03:35 AM)
QUOTE(Capn_Fish @ Apr 7 2007, 04:12 AM)
Everything is working really well, but I now want more security, meaning I want to set up a firewall/port knocking on my server, starting with the firewall. Are there any good tutorials for this, or can somebody provide one?

Thanks.
*




if possible use iptables to permit ssh only from IPs you trust all the time and use port knocking if you login from other places - see my website for port knocking.

general advice is to use 2048 bit ssh keys ("ssh-keygen -t rsa -b 2048"), ensure sshd_config on the machine doesn't allow root ("PermitRoot no" or something), disable plain text/interactive logins to force pre-shared keys only.

ensure .ssh directories and files therein have no group/other access.


cacko has stateful inspection modules too, so search the forum for iptables for useful scripts.
*


I had ruled out the whole only accepting from certain ip addresses, as they change on me occasionally, but I CAN set static IP addresses.

And about the IPTables thing...I believe I need a total n00b guide, as I have NO clue how to use it. Do you know of any good guides? Or is it easy enough for you to just write one up here?

Thanks for your help.
Go to the top of the page
 
+Quote Post
speculatrix
post Apr 7 2007, 01:51 PM
Post #72





Group: Admin
Posts: 3,281
Joined: 29-July 04
From: Cambridge, England
Member No.: 4,149



QUOTE(Capn_Fish @ Apr 7 2007, 04:41 PM)
And about the IPTables thing...I believe I need a total n00b guide, as I have NO clue how to use it. Do you know of any good guides? Or is it easy enough for you to just write one up here?

Thanks for your help.
*


well, there are many many tutorials and basic examples of firewall scripts using iptables, so I would say "JGI" or just google it.
Go to the top of the page
 
+Quote Post
Capn_Fish
post Apr 7 2007, 02:14 PM
Post #73





Group: Members
Posts: 2,350
Joined: 30-July 06
Member No.: 10,575



QUOTE(speculatrix @ Apr 7 2007, 04:51 PM)
QUOTE(Capn_Fish @ Apr 7 2007, 04:41 PM)
And about the IPTables thing...I believe I need a total n00b guide, as I have NO clue how to use it. Do you know of any good guides? Or is it easy enough for you to just write one up here?

Thanks for your help.
*


well, there are many many tutorials and basic examples of firewall scripts using iptables, so I would say "JGI" or just google it.
*


I've looked some, but they seem confusing. I'm truly a n00b in this area, so any pointers would be much appreciated.
Go to the top of the page
 
+Quote Post
desertrat
post Apr 7 2007, 08:15 PM
Post #74





Group: Members
Posts: 742
Joined: 15-October 05
From: Gulag, Siberia
Member No.: 8,322



QUOTE(Capn_Fish @ Apr 7 2007, 10:14 PM)
I've looked some, but they seem confusing. I'm truly a n00b in this area, so any pointers would be much appreciated.

Shorewall is a very good, easy[1] to setup firewall builder. It has extensive, well written documents.
http://www.shorewall.net

[1] although the latest versions seems to be getting a bit more complicated because of the all the new features being added.
Go to the top of the page
 
+Quote Post
speculatrix
post Apr 8 2007, 10:57 AM
Post #75





Group: Admin
Posts: 3,281
Joined: 29-July 04
From: Cambridge, England
Member No.: 4,149



the netfilter site, home to iptables, is pretty good.
the snag is there's so much documentation, it's knowing where to start, so try here:
http://www.netfilter.org/documentation/ind...mentation-howto

the main page of docs is here:
http://www.netfilter.org/documentation/ind...mentation-howto

just search the page for "English"!

The key thing with the filter is to stop inbound and forwarded traffic, but you can allow IP packets related to existing connections; this is easy with TCP but for UDP the network stack needs to observe activity and remember its own "state"

thus the minimal firewall for the Zaurus would be

iptables -A FORWARD -j DROP
iptables -A OUTPUT -j ACCEPT
iptables -A INPUT -m state --state established,related -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -j REJECT


this basically says we don't forward, we allow everything OUT, and we only allow existing connection and new ssh IN. The command "iptables -A" means append a rule, the FORWARD, OUTPUT and INPUT say to which filter we append, the rest is guessable.

HTH
Paul
Go to the top of the page
 
+Quote Post

5 Pages V  « < 3 4 5
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 25th November 2014 - 05:44 PM