SSH Remote Access Authentication Tips

October 10th, 2008 | Tags: , , , ,
advertisement

My friend was try to setup Linux SSH public key authentication without password and he’s keep getting password prompt. I will not going to go through how to setup SSH public key authentication here and I just would like to share few troubleshoot tips in order to fix the similar problem here:

1. Checking /var/log/messages file
Basically SSH hints are written to “/var/log/messages” file, you should be able to see any error messages here. For an example “Authentication refused: bad ownership or
modes for directory /root cannot set to 775“. Perhaps you’re require to change /root folder permission to make it work (may apply to other /home folder as well).
Type #chmod 755 /root or #chmod 700 /root can solve authentication problem.

2. Permissions
Please make sure you have correct file and folder permission as suggested below.
Read the rest of this entry »

Possibly Related Posts:


Posted in Open Source, Tips | No Comments »

Your Password is Disclose

October 9th, 2008 | Tags: , , , , , , , ,
advertisement

I was try one of the microblogging software with my friend for the past few days and we are noticed one of the features that automatically send notices to Twitter stored a plain text password in MySQL database. That’s mean if you’re using the similar web services, your Twitter password is actually disclose.

Remember if you’re using Meebo, Facebook, Friendster, Myspace or any other community site that require enter your email address and password, I think your password is
disclose. Said for an example Meebo, you can have single account register on Meebo that keep multiple IM account. I’m sure you already save your password in the database(no matter plain text or not, your password is disclosed). If you enter Gmail, Yahoo or MSN email address and password in Facebook looking for your friends in the contact list who use the same services, I think your password is disclose too. Perhap they claimed they won’t keep your password.

How about those ‘policy’ that protected privacy? What are they try to do with your email data. Sorry I don’t know.

Read the rest of this entry »

Possibly Related Posts:


Posted in Tips | 2 Comments »

Ask Google Engineer a Questions

September 25th, 2008 | Tags: , ,
advertisement

Are you interested to know more about Google? You have a change to ask Google engineer now.

Google Moderator is a small application initially created for submitting and voting on the questions for Google’s tech talks.

“At Google, we host a large number of “tech talks”. These talks cover a wide rage of Computer Science topics like research in machine learning and methods for ranking images based on text queries. I’ve enjoyed attending these tech talks, but as the number of attendees has grown over time, the question-and-answer part of the talks hasn’t been able to scale,” explains Taliver Heath.

Personally I have raised 2 questions to ‘any Google engineer’ and I hope I will get their reply soon plus your support.

My questions are:

“Does Google allow work from home(oversea) permanently?”

“Is there any final decision setup any new office(DC) in Malaysia?”

Read the rest of this entry »

Possibly Related Posts:


Posted in Tips | 2 Comments »

Fedora 10 Artwork

September 23rd, 2008 | Tags: , , , ,
advertisement

Fedora 10 is just around the corner, there is an election in the Fedora voting system for members of the art group to vote on the default theme for Fedora 10.

Key Milestones

2008-05-13 Fedora 9 Release
Fedora 10 Planning & Development Begins
2008-07-22 Fedora 10 Alpha freeze
2008-08-05 Fedora 10 Alpha release
2008-09-11 Fedora 10 Beta freeze
Fedora 10 Feature Freeze–Planning & Development Ends
Fedora 10 String freeze
2008-09-23 Fedora 10 Beta release
Allow Fedora 10 pre-branch
2008-10-14 Fedora 10 Translation deadline
2008-10-21 Final Development freeze
2008-10-28 Fedora 10 Preview Release
2008-11-18 Fedora 10 final release (GA)

The candidates are:

Gears

InvinXble

Neon

Ananconda

The vote will be open for 36 hours only so please get your vote in ASAP. The vote will close at 1 AM UTC Sep 24 (9 PM EDT Sept 23).

Read the rest of this entry »

Possibly Related Posts:


Posted in Open Source | 1 Comment »

Set a Good Password Policy On SuSE Linux

September 19th, 2008 | Tags: , , , , ,
advertisement

Sometimes setting a good password policy is not easy and you may receive many complaint from end user especially non-IT related users. Normally they like password = password = abc123 as easy as possible.

Personally I don’t like pam_cracklib and I would preferred pam_passwdqc.

The pam_passwdqc module is a simple password strength checking module for PAM. In addition to checking regular passwords, it offers support for passphrases and can provide randomly generated ones.
The pam_passwdqc module provides functionality for only one PAM management group: password changing. In terms of the module-type parameter, this is the ”password” feature.

Here you go: SuSE Linux Password Policy.

Operating System: SLES 9
Required RPM: pam-modules, pwdutils, openssh and coreutils

/etc/pam.d/passwd
auth     required   pam_unix2.so     nullok
account  required   pam_unix2.so
account  required   pam_tally.so     per_user deny=5 no_magic_root reset
password required   pam_passwdqc.so  retry=5 ask_oldauthtok check_oldauthtok
  min=disabled,8,8,8,8 max=25
password required   pam_pwcheck.so   use_first_pass use_authtok
password required   pam_unix2.so     use_first_pass use_authtok
session  required   pam_unix2.so

/etc/pam.d/sshd

auth     required   pam_listfile.so  item=user sense=deny file=/etc/login.deny
auth     required   pam_tally.so     onerr=fail no_magic_root
auth     required   pam_unix2.so
auth     required   pam_nologin.so
auth     required   pam_env.so
account  required   pam_unix2.so
account  required   pam_nologin.so
account  required   pam_tally.so     deny=5 no_magic_root reset
password required   pam_passwdqc.so  retry=5 ask_oldauthtok check_oldauthtok
  min=disabled,8,8,8,8 max=25
password required   pam_pwcheck.so   use_first_pass use_authtok
password required   pam_unix2.so     use_first_pass use_authtok
session  required   pam_unix2.so     none
session  required   pam_limits.so

/etc/pam.d/login

auth     requisite  pam_unix2.so     nullok
auth     required   pam_securetty.so
auth     required   pam_nologin.so
auth     required   pam_env.so
auth     required   pam_mail.so
auth     required   pam_tally.so     onerr=fail no_magic_root
account  required   pam_unix2.so
account  required   pam_tally.so     deny=5 no_magic_root reset
password required   pam_passwdqc.so  retry=5 ask_oldauthtok check_oldauthtok
  min=disabled,8,8,8,8 max=25
password required   pam_pwcheck.so   use_first_pass use_authtok
password required   pam_unix2.so     use_first_pass use_authtok
session  required   pam_unix2.so     none
session  required   pam_limits.so

/etc/pam.d/su

auth     sufficient pam_rootok.so
auth     required   pam_unix2.so     nullok
account  required   pam_unix2.so
account  required   pam_tally.so deny=5 no_magic_root reset
password required   pam_passwdqc.so retry=5 ask_oldauthtok check_oldauthtok
  min=disabled,8,8,8,8 max=25
password required   pam_pwcheck.so  nullok
password required   pam_unix2.so    nullok use_first_pass use_authtok
session  required   pam_unix2.so    debug

Read the rest of this entry »

Possibly Related Posts:


Posted in How's To, Open Source, Tips | No Comments »

« Previous Entries