There is this strange thing I am seeing.
when ever i try to ssh into a machine with root user, I get logged in as "airoot" but the same does not happen for any other user.
[root#ftc-unem32-22s27 onestopsolution]# ssh root#10.33.22.1
Last login: Tue Jun 3 08:19:17 2014 from 10.32.22.27
[airoot#node0fs ~]#
This happens for root user but for another user say User1234 it doesn't
[root#ftc-unem32-22s27 onestopsolution]# ssh User1234#10.33.22.1
User1234#10.33.22.1's password:
Last login: Tue Jun 3 08:19:09 2014 from 10.32.22.27
[User1234#node0fs ~]$
Related
I have a program called Radius which authenticates user login. It is running on CentOS server
The logs are in /var/log/radius.log
They are as follow
Mon Jul 24 22:17:08 2017 : Auth: Login incorrect: [faaiz.aleem] (from client PTCL-VPN port 28 cli 116.213.34.97) DeviceIP: 192.168.30.101
Mon Jul 24 23:32:41 2017 : Auth: Login OK: [muhammad.razzaq] (from client PTCL-VPN port 29 cli 45.116.233.62) DeviceIP: 192.168.30.101
Tue Jul 25 03:06:08 2017 : Auth: Login OK: [sadiq.akhter] (from client devices port 1 cli 192.168.141.1) DeviceIP: 1.8.3.11
Tue Jul 25 03:07:54 2017 : Auth: Login OK: [sadiq.akhter] (from client devices port 1 cli 10.88.33.2) DeviceIP: 1.6.16.1
Tue Jul 25 09:44:39 2017 : Auth: Login incorrect: [shariq.iqbal] (from client devices port 1 cli 10.10.10.173) DeviceIP: 1.6.10.11
Now I want to sort them out for each user for e.g sadiq.akhter against last login made by them. Please suggest a good bash script or Linux command to do so. I shall be thankful to you.
a quick solution to get only lines with a defined user (and write to a file):
grep "USERNAME" /var/log/radius.log > log_for_user.log
the last line you get from grep should be the last login record.
you can use tac to print your log file in reverse order and use "grep -m1 .." to get only one (the last) match.
returns the last line with USERNAME inside your log:
tac /var/log/radius.log | grep -m1 "USERNAME"
So in a shell script it can look like this, returns you all recent entries to all users:
#!/bin/bash
for i in `cat USERLIST`
do
tac LOGFILE | grep -m1 $i
done
where USERLIST is a file lists all usernames, separated by newline and LOGFILE is your radius logfile.
I have generated public and private key pair for git in windows and it is working fine in windows. And I tried to use the same key pair in linux in virtual box by copying the .ssh folder to ~/.ssh folder of linux.
Now when I try to perform git commands like clone, fetch in linux it is asking for password. I haven't specified any password for this. How to resolve this?
Thanks in advance.
Here is my : ls -la ~/.ssh
user#g3gdev-user:~$ ls -la ~/.ssh
total 28
drwxrwxrwx 2 user user 4096 Jun 21 11:07 .
drwxr-xr-x 43 user user 4096 Jun 23 10:59 ..
-rwxr-xr-x 1 root root 1464 Jun 21 11:05 git_key.ppk
-rw------- 1 user user 1464 Jun 21 11:05 git_new_key.ppk
-rwx------ 1 user user 1675 Jun 21 11:05 id_rsa
-rw------- 1 user user 400 Jun 21 11:05 id_rsa.pub
-rwxrwxrwx 1 user user 415 Jun 21 11:05 known_hosts
May be you have to open the generated key in puttyGen, and then go to Conversion, then Export to openSSH. Use this openSSH for your linux systems. There is a small difference between openssh and ssh.
I have added the following to the file /etc/sudoers using the visudo command:
nick ALL=(ALL:ALL) ALL
But when I log in as nick and attempt something like mkdir .ssh I get:
mkdir: cannot create directory ‘.ssh’: Permission denied
Likewise, I cannot save files I have edited.
Running ls -la from the home directory gives me:
drwxr-xr-x 5 nick nick 4096 Apr 7 19:07 .
drwxr-xr-x 3 root root 4096 Apr 7 17:32 ..
-rw-r--r-- 1 nick nick 220 Aug 31 2015 .bash_logout
-rw-r--r-- 1 nick nick 3771 Aug 31 2015 .bashrc
drwx------ 2 nick nick 4096 Apr 7 18:29 .cache
drwxr-xr-x 2 root root 4096 Apr 7 19:07 .nano
-rw-r--r-- 1 nick nick 675 Aug 31 2015 .profile
Which if I'm not mistaken is showing that I have no write access to anything. (Correct me if I'm wrong. I'm only passingly familiar with UNIX permissions.)
Why can't this user do anything despite being given full permissions in sudoers?
UPDATE:
This problem fixed itself. I do not know what the problem was but it was no longer a problem when I logged on a couple days later.
For the record, I was attempting to configure a fresh DigitalOcean server running Ubuntu 15.10 x64. My local computer is a MacBook running El Capitan.
My guess is that the remote server restarted or somehow otherwise incorporated the change automatically in the interim. I had already tried running sudo reboot producing no results, so I'm still not sure how this could be.
I was also experiencing some local WiFi connection dropping at the time but as my SSH connection seemed to be operational I'm not sure if this could be related.
I'm also not an expert to Linux, but to me it seems like you have to use sudo mkdir .ssh instead of mkdir .ssh. You allowed your user to behave like root(who has rights to write to directory), but for doing that you have to use sudo command.
Here is the simple explanation of how it works(with pictures): https://www.garron.me/en/linux/visudo-command-sudoers-file-sudo-default-editor.html
Here is the serious documentation: https://help.ubuntu.com/community/Sudoers
First, what I'm trying to do is to jail (chroot) the user in a specfic directory for sftp access. I found a great tutorial that made the job, you can find it here : http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/. You should read it first (it's very short) to understand the rest.
With the example in the link, I've no problem to create sftpusers group, guestuser user and lock it to the /sftp/guestuser/incoming directory. Here is how it's done :
groupadd sftpusers
useradd -g sftpusers -d /incoming -s /sbin/nologin guestuser
passwd guestuser
chown guestuser:sftpusers /sftp/guestuser/incoming
service ssh restart
What I've tried to do after is to lock another user (we call it "test") from the same group in /sftp/test. So I've created user like this :
useradd -g sftpusers -d / -s /sbin/nologin test
You see, instead /incoming as directory, I've just put "/", then I've changed rights to /sftp/test and restart ssh. But connection fails and give me this error : Write failed: Broken pipe
I thought it was due to the wrong path "/", so I decided to delete user and re-create it with an /incoming directory :
userdel test
useradd -g sftpusers -d /incoming -s /sbin/nologin test
passwd test
chown test:sftpusers /sftp/test/incoming
service ssh restart
But even after, the test user seems to be compromise for ever, because I have the same error when I try to connect through sftp : Write failed: Broken pipe Couldn't read packet: Connection reset by peer
EDIT :
Here is the log file for sshd :
Jan 24 12:46:20 ns sshd[13786]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Jan 24 12:46:23 ns sshd[13786]: Accepted password for test from xxx.xxx.xxx.xxx port 37838 ssh2
Jan 24 12:46:23 ns sshd[13786]: pam_unix(sshd:session): session opened for user test by (uid=0)
Jan 24 12:46:24 ns sshd[13949]: fatal: bad ownership or modes for chroot directory "/sftp/test"
Jan 24 12:46:24 ns sshd[13786]: pam_unix(sshd:session): session closed for user test
Jan 24 12:48:17 ns sshd[14103]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Jan 24 12:48:19 ns sshd[14103]: Invalid user brad from xxx.xxx.xxx.xxx
Jan 24 12:48:19 ns sshd[14103]: input_userauth_request: invalid user brad [preauth]
Jan 24 12:48:19 ns sshd[14103]: pam_unix(sshd:auth): check pass; user unknown
Jan 24 12:48:19 ns sshd[14103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx
Jan 24 12:48:22 ns sshd[14103]: Failed password for invalid user brad from xxx.xxx.xxx.xxx port 42756 ssh2
Jan 24 12:48:22 ns sshd[14103]: Received disconnect from xxx.xxx.xxx.xxx: 11: Bye Bye [preauth]
Check the debug log for sshd. You'll likely find it complain about the home directory for user test not being secure.
The sshd is very strict about access to the user's credentials in $HOME/.ssh and will disconnect when it cannot access the directory, or when it detects permissions that would allow any other account to access it.
sshd[13949]: fatal: bad ownership or modes for chroot directory "/sftp/test"
Make sure that the owner of the directory is the only account that can modify any file in $HOME and below. Pay attention specifically to the group settings
I have a linux box:
Linux vuappserver 2.6.32-5-686 #1 SMP Mon Oct 3 04:15:24 UTC 2011 i686 GNU/Linux
I use SMB + windbind to join to and Active Directory
But right now I try to add a local user:
useradd test
but when I try to change the password I receive this error:
root#server:/home/vu# passwd test
Current Kerberos password:
passwd: Authentication token manipulation error
passwd: password unchanged
I checked the permissions of this files:
-rw-r--r-- 1 0 0 1350 Apr 5 23:17 /etc/passwd
-rw-r----- 1 0 42 941 Apr 5 23:17 /etc/shadow
Any ideas?
Thanks
by default pam_krb5.so set the "minimun_uid" to 1000 in /etc/pam.d/common-*
e.g.:
password [success=3 default=ignore] pam_krb5.so minimum_uid=1000
my user had uid=1001 and according to the default setup, kerberos took control (bad thing). In the other hand, the mapping for my AD users was in a higher range (/etc/samba/smb.conf):
idmap config * : range = 10000-40000
So, I adjusted the "minimun_uid" in /etc/pam.d/common-* to 10000, and now I'm happy :-)
If you're in a Windows domain, your authentication configuration (most probably /etc/pam.d/common-auth and /etc/pam.d/passwd) is pointing that to change a password, it must be synchronized with the domain (via Kerberos/LDAP).
You can instruct the passwd command to change a local account by specifying which accounts repository/authentication realm you would like to change:
passwd -r files account_name
Check the man page for passwd on the -r option.