From vbavbalist at gmail.com Fri Jan 9 12:54:10 2009 From: vbavbalist at gmail.com (a bv) Date: Fri, 9 Jan 2009 14:54:10 +0200 Subject: About routing Message-ID: <525320ef0901090454n15a3a0d8y7bfa796085f5f2c4@mail.gmail.com> Hi, Im new to the list and want to ask where are the routing information is stored - when i setup rhel 5.2 using the setup program and make the ip configuration of the interface -add a route on the fly using route add bla bla (and will this records will be deleted when rebooted the system?) -and any other possibilities/information about routing releated. I know that making a /etc/sysconfig/network-scripts/route-eth0 configuration file and restarting the network service is mentioned in the web , im afraid of losing the information of the current routing cause im reaching the servers shell from those routes which the server is on an other place /building which i can not go easily. Regards From jdf.lists at gmail.com Fri Jan 9 21:19:27 2009 From: jdf.lists at gmail.com (Joshua Daniel Franklin) Date: Fri, 9 Jan 2009 13:19:27 -0800 Subject: About routing In-Reply-To: <525320ef0901090454n15a3a0d8y7bfa796085f5f2c4@mail.gmail.com> References: <525320ef0901090454n15a3a0d8y7bfa796085f5f2c4@mail.gmail.com> Message-ID: <67437bc40901091319r406babcep94fa0a7808d7e57b@mail.gmail.com> On Fri, Jan 9, 2009 at 4:54 AM, a bv wrote: > -add a route on the fly using route add bla bla (and will this records > will be deleted when rebooted the system?) Yes. You need to add it at reboot in a generic way (such as /etc/rc.local ) or the "Red Hat way" with /etc/sysconfig/network-scripts/route-interface http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/en-US/RHEL510/Deployment_Guide/s1-networkscripts-static-routes.html By the way, if you like to know the "Red Hat way" for things here is a handy way of searching: http://google.com/search?q="static route" inurl:enterprise/RHEL-5-manual/ filetype:html From vbavbalist at gmail.com Thu Jan 15 08:44:53 2009 From: vbavbalist at gmail.com (a bv) Date: Thu, 15 Jan 2009 10:44:53 +0200 Subject: About routing In-Reply-To: <67437bc40901091319r406babcep94fa0a7808d7e57b@mail.gmail.com> References: <525320ef0901090454n15a3a0d8y7bfa796085f5f2c4@mail.gmail.com> <67437bc40901091319r406babcep94fa0a7808d7e57b@mail.gmail.com> Message-ID: <525320ef0901150044r123019e4w9993898dda565d8e@mail.gmail.com> thanks for answer but first i would like to try on a vmware. And what about the default gw? At the examples i cant see any default gw entry on the route-eth0 etc sample texts. Regards 2009/1/9 Joshua Daniel Franklin : > On Fri, Jan 9, 2009 at 4:54 AM, a bv wrote: >> -add a route on the fly using route add bla bla (and will this records >> will be deleted when rebooted the system?) > > Yes. You need to add it at reboot in a generic way (such as /etc/rc.local ) > or the "Red Hat way" with > /etc/sysconfig/network-scripts/route-interface > > http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/en-US/RHEL510/Deployment_Guide/s1-networkscripts-static-routes.html > > By the way, if you like to know the "Red Hat way" for things here is a > handy way of searching: > > http://google.com/search?q="static route" > inurl:enterprise/RHEL-5-manual/ filetype:html > > -- > redhat-sysadmin-list mailing list > redhat-sysadmin-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list > From jdf.lists at gmail.com Thu Jan 15 16:25:35 2009 From: jdf.lists at gmail.com (Joshua Daniel Franklin) Date: Thu, 15 Jan 2009 08:25:35 -0800 Subject: About routing In-Reply-To: <525320ef0901150044r123019e4w9993898dda565d8e@mail.gmail.com> References: <525320ef0901090454n15a3a0d8y7bfa796085f5f2c4@mail.gmail.com> <67437bc40901091319r406babcep94fa0a7808d7e57b@mail.gmail.com> <525320ef0901150044r123019e4w9993898dda565d8e@mail.gmail.com> Message-ID: <67437bc40901150825n6df6c153jd3b8872da31d63d2@mail.gmail.com> On Thu, Jan 15, 2009 at 12:44 AM, a bv wrote: > thanks for answer but first i would like to try on a vmware. And what > about the default gw? At the examples i cant see any default gw entry > on the route-eth0 etc sample texts. Huh? I guess ask on a VMWare forum then. Here's a quote about default gateway and routes from http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/en-US/RHEL510/Deployment_Guide/s1-networkscripts-static-routes.html "The following is a sample route-eth0 file using the IP command arguments format. The default gateway is 192.168.0.1, interface eth0. The two static routes are for the 10.10.10.0/24 and 172.16.1.0/24 networks: default 192.168.0.1 dev eth0 10.10.10.0/24 via 192.168.0.1 dev eth0 172.16.1.0/24 via 192.168.0.1 dev eth0 " Good luck, Joshua From jwang at dataseekonline.com Thu Jan 15 23:45:06 2009 From: jwang at dataseekonline.com (John Wang) Date: Thu, 15 Jan 2009 17:45:06 -0600 Subject: About routing In-Reply-To: <525320ef0901150044r123019e4w9993898dda565d8e@mail.gmail.com> Message-ID: Hello It's customary to simply put the line: GATEWAY=10.10.10.254 Into the /etc/sysconfig/network file. You'll see that the scripts in /etc/sysconfig/network-scripts would source the /etc/sysconfig/network file and then perform the appropriate actions based on the variable GATEWAY. You'll also notice that the scripts have references to a variable GATEWAYDEV which indicates you could just specify which network interface to use to get out instead of the default router specifically. You'll also notice that twi if the scripts there reference the file /etc/sysconfig/static-routes if it exists so you can place static routes in such a file in the following format: any net 10.10.11.0/24 gw 10.10.10.254 There's nothing fancy to any of this, it's just script work. Regards, John On 1/15/09 2:44 AM, "a bv" wrote: > thanks for answer but first i would like to try on a vmware. And what > about the default gw? At the examples i cant see any default gw entry > on the route-eth0 etc sample texts. > > Regards > > 2009/1/9 Joshua Daniel Franklin : >> On Fri, Jan 9, 2009 at 4:54 AM, a bv wrote: >>> -add a route on the fly using route add bla bla (and will this records >>> will be deleted when rebooted the system?) >> >> Yes. You need to add it at reboot in a generic way (such as /etc/rc.local ) >> or the "Red Hat way" with >> /etc/sysconfig/network-scripts/route-interface >> >> http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/en-US/RHEL510/Dep >> loyment_Guide/s1-networkscripts-static-routes.html >> >> By the way, if you like to know the "Red Hat way" for things here is a >> handy way of searching: >> >> http://google.com/search?q="static route" >> inurl:enterprise/RHEL-5-manual/ filetype:html >> >> -- >> redhat-sysadmin-list mailing list >> redhat-sysadmin-list at redhat.com >> https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list >> > > -- > redhat-sysadmin-list mailing list > redhat-sysadmin-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list From kim.desmaele at bayercropscience.com Thu Jan 22 10:22:07 2009 From: kim.desmaele at bayercropscience.com (kim.desmaele at bayercropscience.com) Date: Thu, 22 Jan 2009 11:22:07 +0100 Subject: sshd & permissions on home directories Message-ID: Hi all, I'm have a few users on my systems here, who're using RSA authentication keys with an empy passphrase when connecting from a remote unix or linux box. Apparently, ssh refuses this authentication if the users home directory's permissions are not set to 0755 or less. The users would prefer to set the permissions 0775 on their home directories, but when doing so sshd requests the user password in any way... Any idea how to avoid this or a workaround? grts, Kim DS. ________________________________________________________________________ The information contained in this e-mail is for the exclusive use of the intended recipient(s) and may be confidential, proprietary, and/or legally privileged. Inadvertent disclosure of this message does not constitute a waiver of any privilege. If you receive this message in error, please do not directly or indirectly use, print, copy, forward, or disclose any part of this message. Please also delete this e-mail and all copies and notify the sender. Thank you. For alternate languages please go to http://bayerdisclaimer.bayerweb.com ________________________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex at fav.or.it Thu Jan 22 11:00:19 2009 From: alex at fav.or.it (Alex Forrow) Date: Thu, 22 Jan 2009 11:00:19 +0000 Subject: sshd & permissions on home directories In-Reply-To: References: Message-ID: <497851C3.3060803@fav.or.it> Hi Kim, Have you seen the 'StrictModes' option in sshd_config? From 'man sshd_config': StrictModes Specifies whether sshd(8) should check file modes and ownership of the user?s files and home directory before accepting login. This is normally desirable because novices sometimes accidentally leave their directory or files world-writable. The default is ?yes?. Obviously wouldn't be ideal to disable, but would allow your users using RSA to login. Hope this helps, Alex kim.desmaele at bayercropscience.com wrote: > > Hi all, > > I'm have a few users on my systems here, who're using RSA authentication > keys with an empy passphrase when connecting from a remote unix or linux > box. > Apparently, ssh refuses this authentication if the users home > directory's permissions are not set to 0755 or less. > > The users would prefer to set the permissions 0775 on their home > directories, but when doing so sshd requests the user password in any > way... > > Any idea how to avoid this or a workaround? > > grts, > Kim DS. > > ------------------------------------------------------------------------ > > /The information contained in this e-mail is for the exclusive use of > the intended recipient(s) and may be confidential, proprietary, and/or > legally privileged. Inadvertent disclosure of this message does not > constitute a waiver of any privilege. If you receive this message in > error, please do not directly or indirectly use, print, copy, forward, > or disclose any part of this message. Please also delete this e-mail > and all copies and notify the sender. Thank you. / > > /For alternate languages please go to //http://bayerdisclaimer.bayerweb.com/ > > ------------------------------------------------------------------------ > > > ------------------------------------------------------------------------ > > -- > redhat-sysadmin-list mailing list > redhat-sysadmin-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list From sbathe at gmail.com Thu Jan 22 11:03:03 2009 From: sbathe at gmail.com (Saurabh Bathe) Date: Thu, 22 Jan 2009 16:33:03 +0530 Subject: sshd & permissions on home directories In-Reply-To: References: Message-ID: 2009/1/22 > > Hi all, > > I'm have a few users on my systems here, who're using RSA authentication keys with an empy passphrase when connecting from a remote unix or linux box. > Apparently, ssh refuses this authentication if the users home directory's permissions are not set to 0755 or less. Yes, SSH likes secure directories. If any file/directory upto $HOME/.ssh/authorised_keys is writeable except for the user, SSHD is bound to complain. No way out of it. > > The users would prefer to set the permissions 0775 on their home directories, but when doing so sshd requests the user password in any way... > > Any idea how to avoid this or a workaround? There are other more secure and elegant ways of sharing files than having the user home directory group writeable. You can have $HOME 0755 and maybe some other directory inside it writeable by the groups. --- Thanks Saurabh Bathe +91 9422785635 From sbathe at gmail.com Fri Jan 23 04:20:37 2009 From: sbathe at gmail.com (Saurabh Bathe) Date: Fri, 23 Jan 2009 09:50:37 +0530 Subject: sshd & permissions on home directories In-Reply-To: <497851C3.3060803@fav.or.it> References: <497851C3.3060803@fav.or.it> Message-ID: On Thu, Jan 22, 2009 at 4:30 PM, Alex Forrow wrote: > Hi Kim, > > Have you seen the 'StrictModes' option in sshd_config? Wow, I also did not know this. Not that I may use it ever, but its good to know :) -- --- Thanks Saurabh Bathe +91 9422785635 From Michael.Kidwell at hqda.army.mil Fri Jan 23 11:44:56 2009 From: Michael.Kidwell at hqda.army.mil (Kidwell, Michael Mr NISO/APPTIS) Date: Fri, 23 Jan 2009 06:44:56 -0500 Subject: sshd & permissions on home directories (UNCLASSIFIED) In-Reply-To: References: <497851C3.3060803@fav.or.it> Message-ID: Classification: UNCLASSIFIED Caveats: NONE I don't know whether you've received an answer yet, but I know that on solaris, there is a .ssh directory in the user's home directory and it holds the "key" files as well as known_hosts and it has permissions like 600. Maybe that would work for you. -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Saurabh Bathe Sent: Thursday, January 22, 2009 11:21 PM To: redhat-sysadmin-list at redhat.com Subject: Re: sshd & permissions on home directories On Thu, Jan 22, 2009 at 4:30 PM, Alex Forrow wrote: > Hi Kim, > > Have you seen the 'StrictModes' option in sshd_config? Wow, I also did not know this. Not that I may use it ever, but its good to know :) -- --- Thanks Saurabh Bathe +91 9422785635 -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list Classification: UNCLASSIFIED Caveats: NONE