Iptables and Logins at boot-up

Janina Sajka janina at rednote.net
Sun Oct 10 20:06:08 UTC 2004

Hi, John:

Well, maybe I shouldn't have used the word "upgrade," because you can no
longer directly upgrade an RH8 system. You need to reinstall.

But, that doesn't need to mean you lose your users and your data. How
much you can preserve depends on how you've set up your partitions on
that installation. If your /home; is a separate partition, you're in
pretty good shape. You simply make sure you don't reformat /home when
you reinstall and all your user data stays intact.

The other thing I always do is to copy my /etc somehwere safe--perhaps
to something like:

cp -a /etc /home/bk/psyche/

The reason for this is that you can then more quickly restore your
configurations after reinstalling. For instance, I take the tail end of
/etc/passwd, /etc/shadow, and /etc/group and literally copy them to the
end of the new files of the same name that the new installation creates.
That way, I keep all my users. In fact, they never even know the
system's been upgraded.

To your more global question--Red Hat became Fedora after Red Hat 9.
Fedora is now at Fedora 2, and we're a few months away from Fedora 3.
While I have not done it myself because I don't use braille as my
interface, I understand that you certainly can install using brltty. In
fact, I believe Dave Mielke has made some accomodations in the Fedora
installation scripts that make the job of installing easier.Meanwhile,
if you use the four iso images from the Speakup Modified Fedora
Distribution as your source for an installation, you'll get the most
recent upgrades to Fedora 2 in the process. Otherwise, you'll just need
to handle that part after the installation--though it has now become
significantly easier to do this part with tools like yum (the Yellow-Dog
Update Manager) at your disposal.

John J. Boyer writes:
> Janina,
> What's the latest version of Redhat, and how do I upgrade 
> without 
> wiping out my present accounts and data? Can I upgrade from Redhat 8.0 
> using BRLTTY, including kernel replacement?
> I feel like i'm asking all the dumb questions, but maybe others will 
> benefit from the answers as well. It is certai`nly faster and less 
> frustrating to ask than to search through reams of documentation.
> John
> On Sun, 10 Oct 2004, Janina Sajka wrote:
> > Andor Demarteau writes:
> > > On Sat, 9 Oct 2004, John J. Boyer wrote:
> > > 
> > >  > Thanks to all who helped with the ssh problem. There were two gotchas.
> > >  > Iptables was blocking all connections, and password authentication was
> > >  > turned off. Now I want to use the target machine to receive mail and for
> > >  > backup. When I boot the target machine, iptables is on and I have to log
> > >  > in as root to turn it off. How can I set iptables to be off at boot time?
> > >  > Or, better, to accept ssh and scp only from the source machine?
> > > well if you can login already as root, you probably can login as any user.
> > > 
> > > Find the line in your rule-set that allows ssh-access (port 22).
> > > add to this line the -s or --source flag with the ip-address of the
> > > souce-box.
> > > providing the output-chaing allows all outgping traffic, that's all.
> > > 
> > > Disableing iptables may not be a good idea security-wise.
> > > 
> > > 
> > >  > Two user accounts receive mail continuously. I would like to have them
> > 
> > >  > automatically logged on at boot time. Is this possible? How?
> > 
> > John, you're reinventing the wheel here, and your coming up with a
> > square. That's not the proper means toward this end. You don't want
> > those users always logged on. You actually want them to receive their
> > mail without always entering a password.
> > 
> > Look at the ssh man page and put together an appropriate
> > .ssh/authorized_keys file. That will take care of that.
> > 
> > The more correct resolution is:
> > 
> > 1.)	Upgrade as per my last message.
> > 
> > 2.)	Configure your machine to receive mail (on port 25)
> > 
> > 3.)	Configure TLS authentication
> > 
> > 4.)	Have your users use TLS to get and send mail.
> > 
> > This way, they'll be able to access the mail server from anywhere--even
> > half way around the world in a hotel room.
> > 
> > What you're talking about is a quick work around that has implications
> > you just haven't considered sufficiently. Some of those are being
> > pointed out in other messages.
> > 
> > _______________________________________________
> > Blinux-list mailing list
> > Blinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/blinux-list
> > 
> -- 
> John J. Boyer; Executive Director, Chief Software Developer
> Computers to Help People, Inc.
> http://www.chpi.org
> 825 East Johnson; Madison, WI 53703
> _______________________________________________
> Blinux-list mailing list
> Blinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/blinux-list

				Janina Sajka, Chair
				Accessibility Workgroup
				Free Standards Group (FSG)

janina at freestandards.org	Phone: +1 202.494.7040

More information about the Blinux-list mailing list