|
|
Sponsored Content
Top Forums
Shell Programming and Scripting
ssh fails from one server only with expecting SSH2_MSG_KEXDH_REPLY message
Post 303042874 by mohtashims on Thursday 9th of January 2020 04:32:51 AM
01-09-2020
|
|
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
I'm trying to run a set of commands on a remote machine using ssh in a shell script. One of the commands is unzip. But when the execution reaches this command, the script fails with an error that unzip is not found. Below is the code and the error snippet.
sourceDir=$1 ; filename=$3 ; destDir=$2... (4 Replies)
Discussion started by: farahzaiba
4 Replies
2. Shell Programming and Scripting
I want to capture actual error message in case the commands I use in my shell script fails.
For eg:
ls -l abc.txt 2>>errorlog.txt
In this case I understand the error message is written to the errorlog.txt and I assume its bacause the return code from the command ls -l abc might return 2 if... (3 Replies)
Discussion started by: prathima
3 Replies
3. Shell Programming and Scripting
I'm trying to write a script using expect. I'd like the script to execute several commands when the ssh succeeds and i want it to exit if the ssh fails. Does this require to define a time out for the ssh command so that if the prompt is back before this defined time the next commands are executed??... (2 Replies)
Discussion started by: Hossam_Nox
2 Replies
4. Ubuntu
Unable to set ssh passwordless authentication
I am unable to ssh with passwordless authentication from Windows client onto UBuntu server. The ssh version on UBuntu is OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e , while SSH on Windows Client is OpenSSH_5.1p1, OpenSSL 0.9.8k. I turned on ssh... (5 Replies)
Discussion started by: tkota
5 Replies
5. Solaris
I am trying to create a live image of solaris 11.1.
I have used #pkg image-update to upgrade from 11 to 11.1 already. (since only 11.1 can make images of 11.1 due to using new grub)
then from within 11.1 I used pkg install install distribution-constructor
to get latest usbcopy that should be... (1 Reply)
Discussion started by: taltamir
1 Replies
6. Shell Programming and Scripting
The below while loop is in ksh on a SunOs server: SPARC-Enterprise 5.10
The ksh version is: Version M-11/16/88i
The intention of the below while loop is to read through a list of file names in files.txt and
delete each file from a server, one at a time. The delete works, the problem is that if... (6 Replies)
Discussion started by: LES2013
6 Replies
7. Shell Programming and Scripting
Hi,
I am triggering a windows exe file using the below command.
ssh user@remoteserver command.exe -option1:xx /option2:yy
This command is working fine from windows command prompt. When I am triggering the same command from ssh I get the error message cant load
Any ideas to deal with... (2 Replies)
Discussion started by: ahmedwaseem2000
2 Replies
8. IP Networking
Hello :
I want to make a netfilter conntrack module for myself. So I copy all the source code about netfilter conntrack from kernel source tree to my external directory. It can be insmod after compiled. Then I add some members to the struct nf_conn, and it 's compiled successfully. However, it... (1 Reply)
Discussion started by: 915086731
1 Replies
9. Shell Programming and Scripting
I have a constraint to follow organization policy. So i do not have much liberty.
ssh -i /opt/nonprod user1@hostone -t bash works while ssh -i /opt/nonprod -t bash user1@hostone fails
How can I get this to work when I am enforced to put -t bash before the user@hostname ?
Will share debug... (3 Replies)
Discussion started by: mohtashims
3 Replies
10. Shell Programming and Scripting
I have two users on dest_host server viz wlsadm & wasadm.
From src_host server with root user I m able to passwordless login to wlsadm@dest_host however, the same fails for wasadm@dest_host
Below is the debug for both first the working ssh and then the non-working ssh.
Works:
... (6 Replies)
Discussion started by: mohtashims
6 Replies
LEARN ABOUT DEBIAN
pam_abl.conf
PAM_ABL.CONF(5) Linux-PAM Manual PAM_ABL.CONF(5) NAME
pam_abl.conf - Configuration file for pam_abl PAM module. SYNOPSIS
Configuration file for both the pam_abl(8) PAM module, and the pam_abl(1) command line tool. DESCRIPTION
Syntax word ::= /[^s|/*]+/ name ::= word | '*' username ::= name servicename ::= name userservice ::= username | username '/' servicename namelist ::= userservice | userservice '|' namelist userspec ::= namelist | '!' namelist multiplier ::= 's' | 'm' | 'h' | 'd' number ::= /d+/ period ::= number | number multiplier trigger ::= number '/' period triglist ::= trigger | trigger ',' triglist userclause ::= userspec ':' triglist rule ::= userclause | userclause /s+/ rule Rule syntax Each rule consists of a number of space separated user clauses. A user clause specifies the user (and service) names to match and a set of triggers. A simple example would be *:10/1h which means block any user () if they are responsible for ten or more failed authentication attempts in the last hour. In place of the which matches any user a list of usernames can be supplied like this root|dba|admin:10/1h which means block the users root, dba and admin if they are responsible for ten or more failed authentication attempts in the last hour. You can also specify a service name to match against like this root/sshd|dba/*:3/1d which means block the users root for service 'sshd and dba for any service if they are responsible for three or more failed authentication attempts in the last day'. Finally you can specify multiple triggers like this root:10/1h,20/1d which means 'block the user root if they are responsible for ten or more failed attempts in the last hour or twenty or more failed attempts in the last day. Multiple rules can be provided separated by spaces like this *:10/1h root:5/1h,10/1d in which case all rules that match a particular user and service will be checked. The user or host will be blocked if any of the rule triggers matches. The sense of the user matching can be inverted by placing a ! in front of the rule so that !root:20/1d is a rule which would match for all users apart from root. It is important to treat root as a special case in the user_rule otherwise excessive attempts to authenticate as root will result in the root account being locked out even for valid holders of root credentials. The config file can contain any arguments that would be supplied via PAM config. In the config file arguments are placed on separate lines. Comments may be included after a # and line continuation is possible by placing a back slash at the end of the line to be continued. Here is a sample /etc/security/pam_abl.conf: # /etc/security/pam_abl.conf debug host_db=/var/lib/abl/hosts.db host_purge=2d host_rule=*:10/1h,30/1d user_db=/var/lib/abl/users.db user_purge=2d user_rule=!root:10/1h,30/1d All of the standard PAM arguments (debug, expose_account, no_warn, try_first_pass, use_first_pass, use_mapped_pass) are accepted; with the exception of debug and no_warn these are ignored. The arguments that are specific to the PAM module are as follows: host_db, user_db Specify the name of the databases that will be used to log failed authentication attempts. The host database is used to log the hostname responsible for a failed auth and the user database is used to log the requested username. If host_db or user_db is omitted the corresponding auto blacklisting will be disabled. host_purge, user_purge Specify the length of time for which failed attempts should be kept in the databases. For rules to work correctly this must be at least as long as the longest period specified in a corresponding rule. You may wish to retain information about failed attempts for longer than this so that the pam_abl command line tool can report information over a longer period of time. The format for this item is a number with an optional multiplier suffix, s, m, h or d which correspond with seconds, minutes, hours and days. To specify seven days for example one would use 7d. Note that in normal operation pam_abl will only purge the logged data for a particular host or user if it happens to be updating it, i.e. if that host or user makes another failed attempt. To purge all old entries the pam_abl command line tool should be used. host_rule, user_rule These are the rules which determine the circumstances under which accounts are auto-blacklisted. The host_rule is used to block access to hosts that are responsible for excessive authentication failures and the user_rule is used to disable accounts for which there have been excessive authentication failures. The rule syntax is described in full below. host_clr_cmd, host_blk_cmd, user_clr_cmd, user_blk_cmd These specify commands that will run during a check when an item switches state since its last check. host_clr_cmd and user_clr_cmd will run if the host or user is currently allowed access. host_blk_cmd and user_blk_cmd are run if the host or user is currentlybeing blocked by their respective rules. If no command is specified, no action is taken. Within the commands, you can specify substitutions with %h, %u and %s, which will be replace with the host name, user name and service currently being checked. If there isn't enough information to fulfill the requested substitutions (eg. running the pam_abl tool without specifying all the necessary fields), the command will simply not run. EXAMPLE
# /etc/security/pam_abl.conf debug host_db=/var/lib/abl/hosts.db host_purge=2d host_rule=*:10/1h,30/1d host_blk_cmd=iptables -I INPUT -s %h -j DROP user_db=/var/lib/abl/users.db user_purge=2d user_rule=!root:10/1h,30/1d user_clr_cmd=logger This is a pointless command! user: %u host: %h service: %s SEE ALSO
pam_abl.conf(5), pam_abl(1) AUTHORS
Andy Armstrong <andy@hexten.net> Chris Tasma <pam-abl@deksai.com> GNU
01/13/2010 PAM_ABL.CONF(5)