SSH Remote Access Authentication Tips
My friend was try to setup Linux SSH public key authentication without password and he’s keep getting password prompt. I will not going to go through how to setup SSH public key authentication here and I just would like to share few troubleshoot tips in order to fix the similar problem here:
1. Checking /var/log/messages file
Basically SSH hints are written to “/var/log/messages” file, you should be able to see any error messages here. For an example “Authentication refused: bad ownership or
modes for directory /root cannot set to 775“. Perhaps you’re require to change /root folder permission to make it work (may apply to other /home folder as well).
Type #chmod 755 /root or #chmod 700 /root can solve authentication problem.
2. Permissions
Please make sure you have correct file and folder permission as suggested below.
Read more
Possibly Related Posts:
- Boot gOS from USB Drive Experience
- Argument list too long
- RSS Feed Submissions
- Geo Positions
- Interesting about Google Suggest
Fedora 10 Artwork
Fedora 10 is just around the corner, there is an election in the Fedora voting system for members of the art group to vote on the default theme for Fedora 10.
Key Milestones
| 2008-05-13 | Fedora 9 Release |
| Fedora 10 Planning & Development Begins | |
| 2008-07-22 | Fedora 10 Alpha freeze |
| 2008-08-05 | Fedora 10 Alpha release |
| 2008-09-11 | Fedora 10 Beta freeze |
| Fedora 10 Feature Freeze–Planning & Development Ends | |
| Fedora 10 String freeze | |
| 2008-09-23 | Fedora 10 Beta release |
| Allow Fedora 10 pre-branch | |
| 2008-10-14 | Fedora 10 Translation deadline |
| 2008-10-21 | Final Development freeze |
| 2008-10-28 | Fedora 10 Preview Release |
| 2008-11-18 | Fedora 10 final release (GA) |
The candidates are:
The vote will be open for 36 hours only so please get your vote in ASAP. The vote will close at 1 AM UTC Sep 24 (9 PM EDT Sept 23).
Possibly Related Posts:
- Boot gOS from USB Drive Experience
- Argument list too long
- Setup a Linux Highly Availability NFS servers
- How to find empty folders on Linux
- How to create full right permission on Samba share
Set a Good Password Policy On SuSE Linux
Sometimes setting a good password policy is not easy and you may receive many complaint from end user especially non-IT related users. Normally they like password = password = abc123 as easy as possible.
Personally I don’t like pam_cracklib and I would preferred pam_passwdqc.
The pam_passwdqc module is a simple password strength checking module for PAM. In addition to checking regular passwords, it offers support for passphrases and can provide randomly generated ones.
The pam_passwdqc module provides functionality for only one PAM management group: password changing. In terms of the module-type parameter, this is the ”password” feature.
Here you go: SuSE Linux Password Policy.
Operating System: SLES 9
Required RPM: pam-modules, pwdutils, openssh and coreutils
/etc/pam.d/passwd auth required pam_unix2.so nullok account required pam_unix2.so account required pam_tally.so per_user deny=5 no_magic_root reset password required pam_passwdqc.so retry=5 ask_oldauthtok check_oldauthtok min=disabled,8,8,8,8 max=25 password required pam_pwcheck.so use_first_pass use_authtok password required pam_unix2.so use_first_pass use_authtok session required pam_unix2.so
/etc/pam.d/sshd
auth required pam_listfile.so item=user sense=deny file=/etc/login.deny auth required pam_tally.so onerr=fail no_magic_root auth required pam_unix2.so auth required pam_nologin.so auth required pam_env.so account required pam_unix2.so account required pam_nologin.so account required pam_tally.so deny=5 no_magic_root reset password required pam_passwdqc.so retry=5 ask_oldauthtok check_oldauthtok min=disabled,8,8,8,8 max=25 password required pam_pwcheck.so use_first_pass use_authtok password required pam_unix2.so use_first_pass use_authtok session required pam_unix2.so none session required pam_limits.so
/etc/pam.d/login
auth requisite pam_unix2.so nullok auth required pam_securetty.so auth required pam_nologin.so auth required pam_env.so auth required pam_mail.so auth required pam_tally.so onerr=fail no_magic_root account required pam_unix2.so account required pam_tally.so deny=5 no_magic_root reset password required pam_passwdqc.so retry=5 ask_oldauthtok check_oldauthtok min=disabled,8,8,8,8 max=25 password required pam_pwcheck.so use_first_pass use_authtok password required pam_unix2.so use_first_pass use_authtok session required pam_unix2.so none session required pam_limits.so
/etc/pam.d/su
auth sufficient pam_rootok.so auth required pam_unix2.so nullok account required pam_unix2.so account required pam_tally.so deny=5 no_magic_root reset password required pam_passwdqc.so retry=5 ask_oldauthtok check_oldauthtok min=disabled,8,8,8,8 max=25 password required pam_pwcheck.so nullok password required pam_unix2.so nullok use_first_pass use_authtok session required pam_unix2.so debug
Possibly Related Posts:
- Boot gOS from USB Drive Experience
- Argument list too long
- RSS Feed Submissions
- Geo Positions
- Interesting about Google Suggest
How To Check Which Port Is Listern or Open on Linux
For some security reason you may configure SSH or any other protocol using different kind of port number on Linux server. Sometimes it’s important to know which ports are actually listern or open to the system network, it may open for network instruction or hacking.
Basically there are few methods to see which ports are open on Linux.
Option 1:
Check /etc/services file
planetmy:/ # cat /etc/services | grep xxx (xxx = port number)
If the command return no output mean no port configure to listen on the particular port number. For port SSH/22, you should be able to see:
ssh 22/tcp # SSH Remote Login Protocol
ssh 22/udp # SSH Remote Login Protocol
Option 2:
Use netstat command - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
planetmy:/ # netstat -nan | grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 7110/sshd
If the command output return ‘LISTEN’, mean the particular port is open or listen on network.
Option 3:
use lsof command - list open files
planetmy:/ # lsof -i -n -P|grep 631
cupsd 17934 lp 0u IPv4 56540196 TCP *:631 (LISTEN)
cupsd 17934 lp 2u IPv4 56540197 UDP *:631
Read more
Possibly Related Posts:
- Boot gOS from USB Drive Experience
- Argument list too long
- RSS Feed Submissions
- Geo Positions
- Interesting about Google Suggest
How To Force User Change Password At Next Login on Linux
My previous post talked about How To Show Linux User Password Expires. I would like to share “How to force user change password at next login on Linux“.
Option 1:
passwd command - change user password
Use the following syntax:
passwd -e
- -e Force the user to change password at next login
Setting password expire for user test
planetmy:~ # passwd -e test
planetmy:~ # chage -l test
Minimum: 0
Maximum: 90
Warning: 7
Inactive: -1
Last Change: Unknown, password is forced to change at next login
Password Expires: Never
Password Inactive: Never
Account Expires: Sep 11, 2008
Login as user ‘test’
login as: test
Using keyboard-interactive authentication.
Password:
Using keyboard-interactive authentication.
Password change requested. Choose a new password.
Old Password:
Using keyboard-interactive authentication.
New Password:
Using keyboard-interactive authentication.
Reenter New Password:
Last login: Thu Sep 11 10:13:22 2008 from 192.168.1.102
test@planetmy:/>
Note: This is apply to SuSE Linux 9 and 10 but NOT Red Hat Linux.
Possibly Related Posts:
- Boot gOS from USB Drive Experience
- Argument list too long
- RSS Feed Submissions
- Geo Positions
- Interesting about Google Suggest