I have device with openBSD 5.6 installed. OpenSSH is integrated to this OS. As I understand from this topic, to set up the PAM usage I have to do it at the build time. Is there any way to permanently enable PAM for this OS?
Also it might be a problem that even if I will enable it than sshd function has no UsePAM keyword.
One more issue is that I need to use JAAS as PAM. Does anybody know how to set it up? I didn't found any posts or documentation about it.
OpenBSD doesn't support PAM. The links contain information related to OpenSSH Portable (i.e. the version of OpenSSH used on Linux).
Related
I am setting up a CentOS 7 server as the migration target of my old CentOS 6 server.
With the state of system updates being so slow, I was thinking of using a more reactive or up-to-date repository for Apache httpd. This is out of security concerns (https://httpd.apache.org/security/vulnerabilities_24.html).
I came across SCL months ago but despite hours and hours of documentation reading and web browsing, I haven't yet found a way to have httpd24-http from SCL replace the standard httpd package, in the same way that mariadb packages are a drop-in replacement for mysql packages.
Is it possible to do without httpd from the default repository and instead have httpd24-httpd from SCL and how?
The thing that has me asking this question is that some packages (e.g. phpMyAdmin and roundcubemail) seem to not see the package from SCL and pull in httpd, which gets installed as a dependency.
I am still somehow confused as to whether Apache httpd (2.4.39 atm) from the SCL is a replacement or whether it's supposed to be installed alongside httpd (2.4.6 atm), in which case, I am wondering whether there is much use since both programs will try to bind to port 80 and port 443. I'm surely missing a few key points in understanding the SCL ecosystem, specifically concerning httpd or similar daemons.
EDIT
I finally understood that the SCL version is to be installed alongside the standard httpd. Also, the standard http receives security backports, which answers my initial need.
It should be possible to swap httpd from scl with the standard httpd
I've done the same with php versions.
scl enable httpd24 bash
https://www.softwarecollections.org/en/scls/rhscl/httpd24/
I'm asking myself the same question because I'd like to enable TLS 1.3 for centos 7, but besides the httpd, it will also need a manually installed version of openssl to make that possible at the moment.
I know this question has been asked before, but it was asked back in 2014. The proposed solution was running Microsoft's port of Redis. However, that port hasn't been touched since 2016.
OK... that answer is Good and Official but this one is the future.
Windows Linux Subsystem supports fork (the reason they say it is not recommended) and I was able to run the RQ tutorial on my Windows 10 laptop.
https://learn.microsoft.com/en-us/windows/wsl/install-win10
As far as I can tell, "Not Recommended" is the official answer:
https://redislabs.com/ebook/appendix-a/a-3-installing-on-windows/
Before we get into how to install Redis on Windows, I’d like to point
out that running Redis on Windows isn’t recommended, for a variety of
reasons. In this section we’ll cover these points:
Reasons why you shouldn’t be running Redis on Windows. How to
download, install, and run a precompiled Windows binary. How to
download and install Python for Windows. How to install the Redis
client library.
But even that ebook page (next page) points to the now archived MSFT Redis project.
I would go with running Redis in Docker
https://hub.docker.com/r/_/redis/
Is there a difference between using salt-proxy ssh and directly salt-ssh? I'm interested because according to documentation both aimed to run remote commands without agent installation on the end machine.
You cant simply do salt-ssh on a proxy minion, for which you would have to write your own custom ssh interface to the remote system, because your proxy minion may not support doing salt-ssh.
How to choose between using salt-ssh vs salt-proxy totally depends on the type of a minion system.
As stated in the saltstack documentation - https://docs.saltstack.com/en/latest/topics/ssh/index.html and
https://docs.saltstack.com/en/latest/topics/proxyminion/index.html
For salt-ssh to be used, the remote system must have python installed - one of the criteria. For example, controlling ubuntu from centos.
As stated in the salt-proxy doc,
Proxy minions are a developing Salt feature that enables controlling
devices that, for whatever reason, cannot run a standard salt-minion.
Examples include network gear that has an API but runs a proprietary
OS, devices with limited CPU or memory, or devices that could run a
minion, but for security reasons, will not.
I'm trying to test WS-MAN capabilities to manage multiple hypervisors (mainly ESXi and Hyper-V); in terms of Hyper-V, all samples I come across insist on first tuning the Hyper-V authentication to "basic"; does anyone know if this is a shortcoming in current OpenWSMAN implementation or by design it can't support other authentication mechanism OR please correct me if my understanding is wrong :-).
System Details:
Host OS: SL 6.1
OpenWSMAN: 2.2.0 (client version)
Thanks!
I found an explanation for above observation. On linux, OpenWSMAN uses OpenSSL for authentication connections, now OpenSSL on Linux supports "digest" and Windows machines does not. Windows supports Kerbos/GSSAPI which is not currently supported by OpenSSL.
Thanks!
I read an article here about dokan sshfs for windows. I want to ask if you know similar software (free or not) in order to access windows partitions from windows. Samba is a always an answer, however I am seeking for something more secure.
You can use the Dokan SSHFS client with the OpenSSH server for Windows, you can configure OpenSSH like you would on UNIX, then use the Dokan SSH client to connect remotely, just as you would do on UNIX with sshfs.
When you say Samba, so you mean SMB? Samba is the *NIX client/server for SMB.
SSHFS for accessing Windows partitions from Windows ? Did you by any chance mean Linux partitions from windows ?
If windows-windows, then sorry, no. sshfs is a Linux/Unix feature, and microsoft does all it can to NOT make it work on Windows (after all, that would allow to easily and securely migrate from Windows to Linux). On Windows, you use WebDAV to accomplish similar things, needless to say WebDAV is way more insecure than sshfs.
If you meant accessing remote Linux partitions from Windows, then I had the same problem before:
Dokan doesn't work, at least not on Vista x64. (epic bluescreen crash)
The java sshfs explorer on sourceforge doesn't work, either.
Microsoft's services for unix (including sshfs) are only available on Vista 'Ultimate', not on < Ultimate, like my Vista business for example.
There are some commercial solutions, but first, they are way overpriced, and second, I wouldn't trust them, since they don't offer evaluation.
My solution was to install VirtualBox on Windows, and install an Ubuntu guest on it, mounting the host's C drive. You need to set the VirtualBox network adapter to bridged mode to make sshfs work with virtualization. I'm sorry, but so far that's the only free solution that really works...
imdisk driver, see if http://www.ltr-data.se/opencode.html helps.
From the documentation
It is even possible to boot a machine
with NTFS partitions using a Unix
Live-CD and use the included devio
tool to let ImDisk on another computer
running Windows on the network mount
the NTFS partition on the machine you
booted with the Unix Live-CD. This way
you can recover information and even
run chkdsk on drives on machines where
Windows does not boot.
I've been using Win SSHFS for awhile, is this what you're looking for?
https://github.com/Foreveryone-cz/win-sshfs/
It runs on top of Dokany