Solaris 11 ssh on machine with multiple Ethernet ports
I have a server with 6 Ethernet ports. 4 are the the motherboard based 1 GBE ports and 2 are 10 GBE ports on NICs.
I have set these all up with static IP addresses and use the standard /etc/nsswitch.files. My IP addresses are
and so on till
I can ssh in as a user on any of the ports from net1 through net5. I can also telnet and rlogin through those interfaces.
However when I try and ssh in on net0 (192.168.1.82) there is this really long wait till the password prompt, and then I get a permission denied message.
This seems to fail on both sides. So if I log into my server (thorugh one of the interfaces that does allow a login and then try to go to some other machine on our network on the 192.168.1. subnet the exact same thing happens - it fails)
I can ping just fine on the 192.168.1. subnet, plus of course it is actively rejecting a password so I'm not sure if this is a hardware issue.
I did a netstat -an and saw that ntp was listening on 4 UDP ports for each interface. Is this insecure because they are UDP ports and I don't see them in a listen state, is that because they are just a client.
Thank you.
*.ntp Idle... (2 Replies)
Greetings!
I just managed to install Solaris 10 on a Sparc based machine. However, there might be a problem with the way ssh is configured.
I CAN ssh from the machine into another on the network (same subnet, as root), but then the newly installed machine CANNOT seem to accept incoming ssh... (2 Replies)
Hi!
I have two solaris 10 machines(say 10.1.1.1,10.1.1.2). i have installed rsync on 10.1.1.2,
10.1.1.1:::
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
-bash-3.00$ ssh 10.1.1.2 "echo $PATH"
Password:... (4 Replies)
Hi,
I am unable to login into my terminal hosting Solaris 10 and get the below error message
"Server refused to allocate pty
ld.so.1: sh: fatal: libc.so.1: open failed: No such file or directory "
Is there anyways i can get into my machine and what kind of changes are required to be... (7 Replies)
Got a strange problem.
I have 4 Solaris servers all configured the same, Solaris 10 x86 update 10.
When I try to ssh from one Solaris 10 server to another server ssh hangs.
I have an identical server and when I try this everything works fine.
The weird thing is if I am root on the server... (1 Reply)
I want to SSH to 192.168.1.15 Server from my machine, my ip was 192.168.1.99
Source Destination was UP, with IP 192.168.1.15.
This is LAN Network there are 30 Machine's Connected to the network and working fine, I'm Playing around the local machine's because I need to apply the same rules in... (2 Replies)
Dear Concern,
I want to block all ports of a particular node (ip: 172.16.10.141) through iptables. My nodes ip addresses are as below:172.16.10.137
172.16.10.138
Please advise us. (0 Replies)
Hello Everyone,
Quick question, any short and fast way to locate and map the physical Ethernet ports on the physical server ?
Server with expansion box has around 12 ethernet ports (fibre and ethernet)
what is the quickest way to map or find out en0 represents which physical port ?
... (1 Reply)
Hi folks,
I am fairly a beginner when it comes to Solaris OS administration, but part of my job somehow has scope to provide L1-level of OS administration over a few solaris servers.
Now, we have a requirement to limit the number of simultaneous ssh logins/sessions to the server, sort of... (0 Replies)
Discussion started by: engrcha
0 Replies
LEARN ABOUT DEBIAN
shorewall-exclusion
SHOREWALL-EXCLUSION(5) [FIXME: manual] SHOREWALL-EXCLUSION(5)NAME
exclusion - Exclude a set of hosts from a definition in a shorewall configuration file.
SYNOPSIS
!address-or-range[,address-or-range]...
!zone-name[,zone-name]...
DESCRIPTION
The first form of exclusion is used when you wish to exclude one or more addresses from a definition. An exclaimation point is followed by
a comma-separated list of addresses. The addresses may be single host addresses (e.g., 192.168.1.4) or they may be network addresses in
CIDR format (e.g., 192.168.1.0/24). If your kernel and iptables include iprange support, you may also specify ranges of ip addresses of the
form lowaddress-highaddress
No embedded whitespace is allowed.
Exclusion can appear after a list of addresses and/or address ranges. In that case, the final list of address is formed by taking the first
list and then removing the addresses defined in the exclusion.
Beginning in Shorewall 4.4.13, the second form of exclusion is allowed after all and any in the SOURCE and DEST columns of
/etc/shorewall/rules. It allows you to omit arbitrary zones from the list generated by those key words.
Warning
If you omit a sub-zone and there is an explicit or explicit CONTINUE policy, a connection to/from that zone can still be matched by the
rule generated for a parent zone.
For example:
/etc/shorewall/zones:
#ZONE TYPE
z1 ip
z2:z1 ip
...
/etc/shorewall/policy:
#SOURCE DEST POLICY
z1 net CONTINUE
z2 net REJECT
/etc/shorewall/rules:
#ACTION SOURCE DEST PROTO DEST
# PORT(S)
ACCEPT all!z2 net tcp 22
In this case, SSH connections from z2 to net will be accepted by the generated z1 to net ACCEPT rule.
In most contexts, ipset names can be used as an address-or-range. Beginning with Shorewall 4.4.14, ipset lists enclosed in +[...] may also
be included (see shorewall-ipsets[1] (5)). The semantics of these lists when used in an exclusion are as follows:
o !+[set1,set2,...setN] produces a packet match if the packet does not match at least one of the sets. In other words, it is like NOT
match set1 OR NOT match set2 ... OR NOT match setN.
o +[!set1,!set2,...!setN] produces a packet match if the packet does not match any of the sets. In other words, it is like NOT match set1
AND NOT match set2 ... AND NOT match setN.
EXAMPLES
Example 1 - All IPv4 addresses except 192.168.3.4
!192.168.3.4
Example 2 - All IPv4 addresses except the network 192.168.1.0/24 and the host 10.2.3.4
!192.168.1.0/24,10.1.3.4
Example 3 - All IPv4 addresses except the range 192.168.1.3-192.168.1.12 and the network 10.0.0.0/8
!192.168.1.3-192.168.1.12,10.0.0.0/8
Example 4 - The network 192.168.1.0/24 except hosts 192.168.1.3 and 192.168.1.9
192.168.1.0/24!192.168.1.3,192.168.1.9
Example 5 - All parent zones except loc
any!loc
FILES
/etc/shorewall/hosts
/etc/shorewall/masq
/etc/shorewall/rules
/etc/shorewall/tcrules
SEE ALSO shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5),
shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
shorewall-tunnels(5), shorewall-zones(5)NOTES
1. shorewall-ipsets
http://www.shorewall.net/manpages/shorewall-ipsets.html
[FIXME: source] 06/28/2012 SHOREWALL-EXCLUSION(5)