Correct SSH Directory permissions
- Feb
- 27
- Posted by TKH Specialist
- Posted in ssh, System Administration
If you are trying to setup Public-Key Authentication and see this error in the logs: Authentication refused: bad ownership or modes for directory Your problem is related to permissions and/or ownership. The following commands on the user account you are trying to setup should fix the problem: chmod go-w ~/ chmod 700 ~/.ssh chmod 600 […]
read moreKerberizing RHEL Server
- Jun
- 13
- Posted by TKH Specialist
- Posted in RedHat 6, RedHat 7, System Administration
Notes from Plone… yum install krb5-workstation pam_krb5 -y # if krb5.conf is present we should get a fresh copy mv /etc/krb5.conf /etc/krb5.conf.bak yum reinstall krb5-libs -y sed -ie ‘s/example.com/FQDN/g’ /etc/krb5.conf sed -ie ‘s/EXAMPLE.COM/FQDN/g’ /etc/krb5.conf fqdn=`hostname –fqdn`; echo ” ank -randkey host/$fqdn@FQDN ktadd -k /etc/krb5.keytab host/$fqdn@FQDN “; — OR — kadmin netid/admin@FQDN addprinc -randkey host/$fqdn ktadd […]
read moreDenyhosts Assists
- Apr
- 10
- Posted by TKH Specialist
- Posted in Security, System Administration
Every so often a legitimate user will get blocked by deny hosts. When this happens you can re-enable their access with these 8 simple steps (UPDATE: or use the faster version, see below): Stop DenyHosts # service denyhosts stop Remove the IP address from /etc/hosts.deny Edit /var/lib/denyhosts/hosts and remove the lines containing the IP address. […]
read moreSSH – weak ciphers and mac algorithms
- Jun
- 25
- Posted by TKH Specialist
- Posted in System Administration, Tools
A security scan turned up two SSH vulnerabilities: SSH Server CBC Mode Ciphers Enabled SSH Weak MAC Algorithms Enabled To correct this problem I changed the /etc/sshd_config file to: # default is aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, # aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, # aes256-cbc,arcfour # you can removed the cbc ciphers by adding the line Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour # default is hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 # […]
read moreRecent Comments
- Stefan on Flush This!
- Timestamping your Bash History | Matt's Entropy on Remember when you issued that command…?
- Matt Smith on Remember when you issued that command…?
- Ruan on Putting ‘lsof’ to use
- Dylan F. Marquis on External Mapping of LDAP attributes in CAS