PDA

View Full Version : The server is back up!



dragos240
August 21st, 2009, 01:21 PM
Feel free to drop by and leave a message via ssh. You can use vi, echo, or nano.

Server: 24.34.53.70
Port: 22 ( I might change )
Guest user: ubuntuforums
Password: ubuntu

I have upgraded to the latest kernel, and also I have limited each user to 40 applications. So fork bombing won't work. Also any seggestions would be appreciated. :popcorn:

hessiess
August 21st, 2009, 01:27 PM
If you are going to alow random people to log into your server, then you rilly should chroot the environment and limit the commands people can use to just `vi echo and nano', for example `df, ifconfig, lspci, svn...' can all be used currently.

dragos240
August 21st, 2009, 01:32 PM
If you are going to alow random people to log into your server, then you rilly should chroot the environment and limit the commands people can use to just `vi echo and nano', for example `df, ifconfig, lspci, svn...' can all be used currently.

Hmm..... could that be configured in:
/etc/security/limits.conf?

hessiess
August 21st, 2009, 01:50 PM
Hmm..... could that be configured in:
/etc/security/limits.conf?

not sure, but there is information about setting up a chrooted ssh server here: http://www.howtoforge.com/chrooted_ssh_howto_debian.

Also, gcc and g++ are available, so your server could be exploited for compiling software.

dragos240
August 21st, 2009, 01:53 PM
But..... I don't use debian, for this server. I use arch!

hessiess
August 21st, 2009, 02:04 PM
But..... I don't use debian, for this server. I use arch!
there is a page on the arch wiki: http://wiki.archlinux.org/index.php/Openssh-chroot

dragos240
August 21st, 2009, 02:09 PM
Sadly that package does not exist anymore.

hessiess
August 21st, 2009, 02:15 PM
Sadly that package does not exist anymore.

Thats annoying, if the package does not exist, someone should take the wiki page down. have you asked about it on the Arch forum?

dragos240
August 21st, 2009, 02:18 PM
Will do.

lukjad
August 21st, 2009, 02:19 PM
Pity, but I am on Windows right now :(

Bachstelze
August 21st, 2009, 02:22 PM
Pity, but I am on Windows right now :(

So am I. Do you not know about putty?

dragos240
August 21st, 2009, 02:24 PM
Pity, but I am on Windows right now :(

That is a pitty...... that you don't know about putty........

EDIT: Hymn, you beat me!

BbUiDgZ
August 21st, 2009, 03:16 PM
That is a pitty...... that you don't know about putty........

EDIT: Hymn, you beat me!

sshsecureshellclient is better imo
http://www.filewatcher.com/m/SSHSecureShellClient-3.2.9.exe.5517312.0.0.html

Mighty_Joe
August 21st, 2009, 03:32 PM
sshsecureshellclient is better imo
http://www.filewatcher.com/m/SSHSecureShellClient-3.2.9.exe.5517312.0.0.html

Is that being maintained any more? I used to use it but my impression is that SSH Communications Security Corp. pretty much abandoned it in 2003 to concentrate on their cash cows. I recall it had some pretty restrictive license terms too.
Personally, I use Cygwin (http://www.cygwin.com/) and OpenSSH.

.Maleficus.
August 21st, 2009, 03:41 PM
Remember, I have a log.
*shat bricks*

Well, at least it wouldn't let me cd into the "harley" folder.

..but it would let me cd into "/". And run "lspci". I'd either take down your login info from the OP or hurry up getting the chroot setup. Remember, not everyone who browses the forums is a member.


Edit: Phew, and ubuntuforums isn't in /etc/sudoers. That's good too (I figured you probably wouldn't do that but I had to check ;)).

TuckLive
August 21st, 2009, 03:46 PM
I left a message under /home/ubuntuforums/TuckLive :lolflag:

dragos240
August 21st, 2009, 03:51 PM
*shat bricks*

Well, at least it wouldn't let me cd into the "harley" folder.

..but it would let me cd into "/". And run "lspci". I'd either take down your login info from the OP or hurry up getting the chroot setup. Remember, not everyone who browses the forums is a member.

Wait, so if you wanted to, you could get my password? Well.... anyways I am trying.

dragos240
August 21st, 2009, 03:58 PM
Also I will be shutting down the sshd server for a little while to get the chroot working.

JohnFH
August 21st, 2009, 03:58 PM
I can't login. Is it still running?

I can ping it but ssh is not accepting the details you gave.

chris200x9
August 21st, 2009, 04:05 PM
lolololol I scp'd you ASCII porn lolololol

.Maleficus.
August 21st, 2009, 04:05 PM
Wait, so if you wanted to, you could get my password? Well.... anyways I am trying.
Could I get your password? No, I'm not that skilled. Does that mean somebody else here couldn't? Nope, doesn't mean that either.

I think this was already linked to (http://www.howtoforge.com/chroot_ssh_sftp_debian_etch) but I'd take a read through that and set it up that way. There's nothing Debian specific so if you just follow the steps carefully you should be fine.

dragos240
August 21st, 2009, 04:14 PM
I can't login. Is it still running?

I can ping it but ssh is not accepting the details you gave.

No it isn't. I am working on chroot.

dragos240
August 21st, 2009, 04:35 PM
Could I get your password? No, I'm not that skilled. Does that mean somebody else here couldn't? Nope, doesn't mean that either.

I think this was already linked to (http://www.howtoforge.com/chroot_ssh_sftp_debian_etch) but I'd take a read through that and set it up that way. There's nothing Debian specific so if you just follow the steps carefully you should be fine.

I can't do that either, as the chroot patch for openssh is now nonexitant, there are no downloads for it on the sourceforge page. :(

v8YKxgHe
August 21st, 2009, 04:50 PM
In later/recent versions of SSH, there is a 'ChrootDirectory' option you can use in your SSHd config file (/etc/ssh/sshd_config). There is no need to patch SSH.

See manpage for 'sshd_config'.

hessiess
August 21st, 2009, 05:08 PM
Wait, so if you wanted to, you could get my password? Well.... anyways I am trying.

Wouldn't be possible, the passwords are stored in /etc/shadow, which can only be viewed by root, and even if you could read it, it wouldn't help as the passwords are hashed, unless a bad has algorithm is used the only way to get the password would be a brute force attack, which would be imposable in a reasonable time frame if the password is sufficiently long and random.

Regenweald
August 21st, 2009, 05:46 PM
By the time this thread is of age, dragos240 you are going to be a damn good server admin. I'll set up one of my own one of these days, BSD though :)

dragos240
August 21st, 2009, 05:48 PM
By the time this thread is of age, dragos240 you are going to be a damn good server admin. I'll set up one of my own one of these days, BSD though :)

Right now, not so much. Look at my post "Incorrect permission(s) blues :("

schauerlich
August 21st, 2009, 06:06 PM
Right now, not so much. Look at my post "Incorrect permission(s) blues :("

Is it up yet?

(twss)

Regenweald
August 21st, 2009, 06:11 PM
Right now, not so much. Look at my post "Incorrect permission(s) blues :("

Whatever man :) the fun is in the learning....you'll get there

dragos240
August 21st, 2009, 06:29 PM
Is it up yet?

(twss)

The cake (title) is a lie.