<<O>>  Difference Topic GeneralConfigurationRecipes (r1.13 - 24 Feb 2016 - MarcosASeco)

META TOPICPARENT WebHome
-- MarcosASeco - 21 Jul 2008
Line: 72 to 72

openssl pkcs12 -export -in name-cert.pem -inkey private-key.pem -out name-cert.p12

openssl pkcs12 -clcerts -nokeys -in cert.p12 -out hostcert.pem

Changed:
<
<
openssl pkcs12 -nocerts -in cert.p12 -out hostkey.pem
>
>
openssl pkcs12 -nocerts -in cert.p12 -out hostkey_crypt.pem (for encrypted key)
openssl pkcs12 -nocerts -nodes -in cert.p12 -out hostkey.pem (passwordless key)

from http://www.bo.infn.it/alice/introgrd/certmgr/node2.html

 <<O>>  Difference Topic GeneralConfigurationRecipes (r1.12 - 20 Jan 2014 - MarcosASeco)

META TOPICPARENT WebHome
-- MarcosASeco - 21 Jul 2008
Line: 71 to 71

Conversion from pem to pkcs12 and back

openssl pkcs12 -export -in name-cert.pem -inkey private-key.pem -out name-cert.p12
Changed:
<
<
openssl pkcs12 -clcerts -nokeys -in cert.p12 -out usercert.pem
openssl pkcs12 -nocerts -in cert.p12 -out userkey.pem
>
>
openssl pkcs12 -clcerts -nokeys -in cert.p12 -out hostcert.pem
openssl pkcs12 -nocerts -in cert.p12 -out hostkey.pem

from http://www.bo.infn.it/alice/introgrd/certmgr/node2.html

 <<O>>  Difference Topic GeneralConfigurationRecipes (r1.11 - 22 Feb 2013 - MarcosASeco)

META TOPICPARENT WebHome
-- MarcosASeco - 21 Jul 2008
Line: 59 to 59

openssl rsa -in server.key.cryp -out server.key
Added:
>
>
If we want to add the password again:

   openssl rsa -des3 -in server.key.decryp -out server.key

SSL certificates HOWTO

http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO
 <<O>>  Difference Topic GeneralConfigurationRecipes (r1.10 - 09 Jun 2010 - VictorManuelFernandezAlbor)

META TOPICPARENT WebHome
-- MarcosASeco - 21 Jul 2008
Line: 76 to 76

NAT configuration

Appart from the iptables configuration we have to check that the entry net.ipv4.ip_forward is set to 1 in /etc/sysctl.conf. If not set it up and restart the network
Added:
>
>

 <<O>>  Difference Topic GeneralConfigurationRecipes (r1.9 - 15 Aug 2009 - MarcosASeco)

META TOPICPARENT WebHome
-- MarcosASeco - 21 Jul 2008
Line: 62 to 62

SSL certificates HOWTO

http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO
Added:
>
>

Conversion from pem to pkcs12 and back

openssl pkcs12 -export -in name-cert.pem -inkey private-key.pem -out name-cert.p12

openssl pkcs12 -clcerts -nokeys -in cert.p12 -out usercert.pem
openssl pkcs12 -nocerts -in cert.p12 -out userkey.pem

from http://www.bo.infn.it/alice/introgrd/certmgr/node2.html


SMTP commands

http://www.freesoft.org/CIE/RFC/821/15.htm
 <<O>>  Difference Topic GeneralConfigurationRecipes (r1.8 - 07 Aug 2009 - MarcosASeco)

META TOPICPARENT WebHome
-- MarcosASeco - 21 Jul 2008
Line: 65 to 65

SMTP commands

http://www.freesoft.org/CIE/RFC/821/15.htm
Added:
>
>

NAT configuration

Appart from the iptables configuration we have to check that the entry net.ipv4.ip_forward is set to 1 in /etc/sysctl.conf. If not set it up and restart the network
 <<O>>  Difference Topic GeneralConfigurationRecipes (r1.7 - 18 May 2009 - MarcosASeco)

META TOPICPARENT WebHome
-- MarcosASeco - 21 Jul 2008
Line: 65 to 65

SMTP commands

http://www.freesoft.org/CIE/RFC/821/15.htm
Deleted:
<
<
PruebaDeInforme?
 <<O>>  Difference Topic GeneralConfigurationRecipes (r1.6 - 18 May 2009 - MarcosASeco)

META TOPICPARENT WebHome
-- MarcosASeco - 21 Jul 2008
Line: 65 to 65

SMTP commands

http://www.freesoft.org/CIE/RFC/821/15.htm
Added:
>
>
PruebaDeInforme?
 <<O>>  Difference Topic GeneralConfigurationRecipes (r1.5 - 08 Jan 2009 - MarcosASeco)

META TOPICPARENT WebHome
-- MarcosASeco - 21 Jul 2008
Line: 62 to 62

SSL certificates HOWTO

http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO
Added:
>
>

SMTP commands

http://www.freesoft.org/CIE/RFC/821/15.htm
 <<O>>  Difference Topic GeneralConfigurationRecipes (r1.4 - 13 Oct 2008 - MarcosASeco)

META TOPICPARENT WebHome
-- MarcosASeco - 21 Jul 2008
Line: 59 to 59

openssl rsa -in server.key.cryp -out server.key
Added:
>
>

SSL certificates HOWTO

http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO
 <<O>>  Difference Topic GeneralConfigurationRecipes (r1.3 - 28 Aug 2008 - MarcosASeco)

META TOPICPARENT WebHome
Deleted:
<
<

-- MarcosASeco - 21 Jul 2008

"Illegal users from these:" sshd

Line: 54 to 53

define(`SMART_HOST', smtp:smtp.usc.es)
Added:
>
>

How to remove the password from a certificate

   openssl rsa -in server.key.cryp -out server.key
 <<O>>  Difference Topic GeneralConfigurationRecipes (r1.2 - 21 Aug 2008 - MarcosASeco)

META TOPICPARENT WebHome
Deleted:
<
<

-- MarcosASeco - 21 Jul 2008

"Illegal users from these:" sshd

Line: 46 to 45

http://www2.list.logwatch.org:81/pipermail/logwatch/2006-July/001223.html
http://www2.list.logwatch.org:81/pipermail/logwatch/2006-July/001226.html
Added:
>
>

'Machine does not send mails' sendmail

The problem is that the mx records are not properly configured returning rojo3.usc.es instead of rojo2.usc.es which is an alias for smtp.usc.es In sendmail the solution is to add the following two lines at the end of sendmail.mc:

   define(`RELAY_HOST', smtp:smtp.usc.es)
   define(`SMART_HOST', smtp:smtp.usc.es)
 <<O>>  Difference Topic GeneralConfigurationRecipes (r1.1 - 21 Jul 2008 - MarcosASeco)
Line: 1 to 1
Added:
>
>
META TOPICPARENT WebHome

-- MarcosASeco - 21 Jul 2008

"Illegal users from these:" sshd

Solution obtained from http://www.aspdeveloper.net/tiki-index.php?page=LinuxLogWatchSSHPostponedAuth:

In LogWatch you may see some "errors" such as:

 --------------------- SSHD Begin ------------------------ 


Illegal users from these:
   root/publickey: 2 Time(s)

Postponed authentication:
   root/publickey:
      ::ffff:###.###.###.###: 2 Time(s)

Users logging in through sshd:
   root:
      somehost.example.com (###.###.###.###): 2 times

 ---------------------- SSHD End ------------------------- 

I found a few discussions online about this error, the references are below if you are interested in reading more.

This thread basically says to patch your sshd configuration for logwatch - the thread doesn't clearly say where this file is to patch - It's /etc/log.d/scripts/services/sshd

You can edit this file, search for Postponed - the first occurance is:

$ThisLine =~ m/Postponed keyboard-interactive for [^ ]+ from [^ ]+/) or
change this to:
$ThisLine =~ m/Postponed (keyboard-interactive|publickey) for [^ ]+ from [^ ]+/) or

If you're wondering this is simply a regular expression saying it can EITHER say keyboard-interactive OR publickey for this line to be ignored..

http://www2.list.logwatch.org:81/pipermail/logwatch/2006-July/001223.html
http://www2.list.logwatch.org:81/pipermail/logwatch/2006-July/001226.html

Revision r1.1 - 21 Jul 2008 - 10:40 - MarcosASeco
Revision r1.13 - 24 Feb 2016 - 11:17 - MarcosASeco