Skip to topic | Skip to bottom
Home
LCGatUSC
LCGatUSC.GeneralConfigurationRecipesr1.13 - 24 Feb 2016 - 11:17 - MarcosASecotopic end

Start of topic | Skip to actions
-- MarcosASeco - 21 Jul 2008

"Illegal users from these:" sshd

Solution obtained from http://www.aspdeveloper.net/tiki-index.php?page=LinuxLogWatchSSHPostponedAuth:

In LogWatch you may see some "errors" such as:

 --------------------- SSHD Begin ------------------------ 


Illegal users from these:
   root/publickey: 2 Time(s)

Postponed authentication:
   root/publickey:
      ::ffff:###.###.###.###: 2 Time(s)

Users logging in through sshd:
   root:
      somehost.example.com (###.###.###.###): 2 times

 ---------------------- SSHD End ------------------------- 

I found a few discussions online about this error, the references are below if you are interested in reading more.

This thread basically says to patch your sshd configuration for logwatch - the thread doesn't clearly say where this file is to patch - It's /etc/log.d/scripts/services/sshd

You can edit this file, search for Postponed - the first occurance is:

$ThisLine =~ m/Postponed keyboard-interactive for [^ ]+ from [^ ]+/) or
change this to:
$ThisLine =~ m/Postponed (keyboard-interactive|publickey) for [^ ]+ from [^ ]+/) or

If you're wondering this is simply a regular expression saying it can EITHER say keyboard-interactive OR publickey for this line to be ignored..

http://www2.list.logwatch.org:81/pipermail/logwatch/2006-July/001223.html
http://www2.list.logwatch.org:81/pipermail/logwatch/2006-July/001226.html

'Machine does not send mails' sendmail

The problem is that the mx records are not properly configured returning rojo3.usc.es instead of rojo2.usc.es which is an alias for smtp.usc.es In sendmail the solution is to add the following two lines at the end of sendmail.mc:

   define(`RELAY_HOST', smtp:smtp.usc.es)
   define(`SMART_HOST', smtp:smtp.usc.es)

How to remove the password from a certificate

   openssl rsa -in server.key.cryp -out server.key

If we want to add the password again:

   openssl rsa -des3 -in server.key.decryp -out server.key

SSL certificates HOWTO

http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO

Conversion from pem to pkcs12 and back

openssl pkcs12 -export -in name-cert.pem -inkey private-key.pem -out name-cert.p12

openssl pkcs12 -clcerts -nokeys -in cert.p12 -out hostcert.pem
openssl pkcs12 -nocerts -in cert.p12 -out hostkey_crypt.pem (for encrypted key)
openssl pkcs12 -nocerts -nodes -in cert.p12 -out hostkey.pem (passwordless key)

from http://www.bo.infn.it/alice/introgrd/certmgr/node2.html

SMTP commands

http://www.freesoft.org/CIE/RFC/821/15.htm

NAT configuration

Appart from the iptables configuration we have to check that the entry net.ipv4.ip_forward is set to 1 in /etc/sysctl.conf. If not set it up and restart the network


to top


You are here: LCGatUSC > GeneralConfigurationRecipes

to top

Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding this material Send feedback